Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help with virus infection


  • This topic is locked This topic is locked
20 replies to this topic

#1 phunkey

phunkey

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 25 September 2014 - 10:37 AM

I've just been victim of a serious virus which appears to infect Microsoft's own defenses before disabling mbam as it takes a greater and greater control.
 
and system files are first to go. It's been atleast a week since first indications ie. loss of flash and no copy/paste till now.

Does anyone have any suggestions? I Should ve posted several days ago but I've tried everything myself. I've tried so many virus tools and managed to get Kaspersky installed but it does nothing. . . .  as another file disappears!

This also concides with a drive duplicate via Seagate soft and I've just realised I haven't formatted old reserved file though I have disconnected old drive briefly as it was too small for purpose.
 
One last observation was that my drives were taking up positions 3 & 4 on SATA List if that makes any difference!
 
Can anyone help pls cos I haven't a clue. Tried sfc /scannow and usual culprits but am missing something.

Edit: Moved topic from Windows 7 to the more appropriate forum.~ Animal

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:57 AM

Posted 25 September 2014 - 01:40 PM

Hello phunky, run these next and see what the logs show.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 phunkey

phunkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 26 September 2014 - 03:23 AM

Thanks so much for all your help boopme. As an unqualified and inveterate tinkler I'm faniliar with most of these tools but have no clear strategy or experience of how to use them properly . Below is the readout as requested. Confirm FF closed. And TDSS results to follow.

 

 

MiniToolBox by Farbar  Version: 21-07-2014

Ran by Cybad4d4 (administrator) on 26-09-2014 at 09:31:05

Running from "C:\Users\Cybad4d4\Repairs"

Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.

No Proxy Server is set.

 

========================= FF Proxy Settings: ==============================

 

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

 

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

 

There are 15472 more lines starting with "127.0.0.1"

 

========================= IP Configuration: ================================

 

The following command was not found: int ip dump.

 

Windows IP Configuration

 

   Host Name . . . . . . . . . . . . : DESKTOP

   Primary Dns Suffix  . . . . . . . :

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

   DNS Suffix Search List. . . . . . : lan

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : lan

   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

   Physical Address. . . . . . . . . : 50-E5-49-C8-2A-71

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::e115:bf63:8e5a:1529%11(Preferred)

   IPv4 Address. . . . . . . . . . . : 192.168.1.67(Preferred)

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : 26 September 2014 09:11:15

   Lease Expires . . . . . . . . . . : 27 September 2014 09:11:15

   Default Gateway . . . . . . . . . : 192.168.1.254

   DHCP Server . . . . . . . . . . . : 192.168.1.254

   DHCPv6 IAID . . . . . . . . . . . : 240182601

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-5D-47-88-50-E5-49-C8-2A-71

   DNS Servers . . . . . . . . . . . : fe80::9e97:26ff:fe9d:91d6%11

                                       192.168.1.254

   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:289f:1df8:3f57:febc

 

(Preferred)

   Link-local IPv6 Address . . . . . : fe80::289f:1df8:3f57:febc%14(Preferred)

   Default Gateway . . . . . . . . . : ::

   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.lan:

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : lan

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

Server:  UnKnown

Address:  127.0.0.1

 

Ping request could not find host google.com. Please check the name and try

 

again.

Server:  UnKnown

Address:  127.0.0.1

 

Ping request could not find host yahoo.com. Please check the name and try again.

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

11...50 e5 49 c8 2a 71 ......Realtek PCIe GBE Family Controller

  1...........................Software Loopback Interface 1

14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3

===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.67     10

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

      192.168.1.0    255.255.255.0         On-link      192.168.1.67    266

     192.168.1.67  255.255.255.255         On-link      192.168.1.67    266

    192.168.1.255  255.255.255.255         On-link      192.168.1.67    266

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link      192.168.1.67    266

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

  255.255.255.255  255.255.255.255         On-link      192.168.1.67    266

===========================================================================

Persistent Routes:

  None

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination      Gateway

14     58 ::/0                     On-link

  1    306 ::1/128                  On-link

14     58 2001::/32                On-link

14    306 2001:0:9d38:6ab8:289f:1df8:3f57:febc/128

                                    On-link

11    266 fe80::/64                On-link

14    306 fe80::/64                On-link

14    306 fe80::289f:1df8:3f57:febc/128

                                    On-link

11    266 fe80::e115:bf63:8e5a:1529/128

                                    On-link

  1    306 ff00::/8                 On-link

14    306 ff00::/8                 On-link

11    266 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

========================= Winsock entries =====================================

 

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)

Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:

==================

Error: (09/26/2014 09:12:40 AM) (Source: PostgreSQL) (User: )

Description: pg_ctl: another server might be running; trying to start server

 

anyway

 

Error: (09/26/2014 09:12:13 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60

WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage >

990x80041003

Error: (09/26/2014 09:08:51 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60

 

WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage >

 

990x80041003

 

Error: (09/25/2014 07:28:25 PM) (Source: PostgreSQL) (User: )

Description: pg_ctl: another server might be running; trying to start server

anyway

Error: (09/25/2014 07:28:05 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60

 

WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage >

 

990x80041003

 

Error: (09/25/2014 05:53:14 PM) (Source: PostgreSQL) (User: )

Description: pg_ctl: another server might be running; trying to start server

anyway

Error: (09/25/2014 05:52:53 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60

 

WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage >

 

990x80041003

 

Error: (09/25/2014 05:47:30 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine

RegSetValueExW(0x00000348,(null),0,REG_BINARY,00000000019EEF90.72).  hr =

0x80070005, Access is denied.

.

 

Error: (09/25/2014 05:47:30 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine

RegSetValueExW(0x00000294,(null),0,REG_BINARY,000000000D1CDD60.72).  hr =

0x80070005, Access is denied.

.

 

Operation:

   BackupShutdown Event

 

Context:

   Execution Context: Writer

   Writer

 

Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

   Writer Name: System Writer

  

 

Writer Instance ID: {2aee00e4-e5aa-45fd-8961-2bbe4e52772d}

 

Error: (09/25/2014 05:47:30 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine

RegSetValueExW(0x00001178,(null),0,REG_BINARY,000000000E23E250.72).  hr =

0x80070005, Access is denied.

.

 

Operation:

   BackupShutdown Event

 

Context:

   Execution Context: Writer

   Writer

 

Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}

   Writer Name: MSSearch Service

Writer

   Writer Instance ID: {e521019a-84e5-47cb-8316-9d879ce8c0fd}

 

System errors:

=============

Error: (09/26/2014 09:20:02 AM) (Source: Microsoft-Windows-WindowsUpdateClient)

(User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following

 

update with error 0x80070643: Microsoft .NET Framework 4.5.1 for Windows 7 x64-

 

based Systems (KB2858725).

 

Error: (09/26/2014 09:17:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient)

 

(User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following

update with error 0x80070643: Security Update for Microsoft Visual C++ 2010

Redistributable Package (KB2467173).

Error: (09/26/2014 09:15:10 AM) (Source: DCOM) (User: )

Description: {06622D85-6856-4460-8DE1-A81921B41C4B}

 

Error: (09/26/2014 09:14:17 AM) (Source: Service Control Manager) (User: )

Description: The Google Update Service (gupdate) service failed to start due to

the following error:

%%1053

 

Error: (09/26/2014 09:14:17 AM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the

Google Update Service (gupdate) service to connect.

Error: (09/26/2014 09:13:26 AM) (Source: Service Control Manager) (User: )

Description: The Peer Networking Grouping service depends on the Peer Name

 

Resolution Protocol service which failed to start because of the following

 

error:

%%-2140993535

Error: (09/26/2014 09:13:26 AM) (Source: Service Control Manager) (User: )

Description: The Peer Name Resolution Protocol service terminated with the

 

following error:

%%-2140993535

Error: (09/26/2014 09:13:26 AM) (Source: Service Control Manager) (User: )

Description: The Peer Networking Grouping service depends on the Peer Name

 

Resolution Protocol service which failed to start because of the following

 

error:

%%-2140993535

Error: (09/26/2014 09:13:26 AM) (Source: Service Control Manager) (User: )

Description: The Peer Name Resolution Protocol service terminated with the

 

following error:

%%-2140993535

Error: (09/26/2014 09:13:26 AM) (Source: PNRPSvc) (User: )

Description: 0x80630801

 

Microsoft Office Sessions:

=========================

Error: (09/26/2014 09:12:40 AM) (Source: PostgreSQL)(User: )

Description: pg_ctl: another server might be running; trying to start server

 

anyway

 

Error: (09/26/2014 09:12:13 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60

WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage >

990x80041003

Error: (09/26/2014 09:08:51 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60

 

WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage >

 

990x80041003

 

Error: (09/25/2014 07:28:25 PM) (Source: PostgreSQL)(User: )

Description: pg_ctl: another server might be running; trying to start server

anyway

Error: (09/25/2014 07:28:05 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60

 

WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage >

 

990x80041003

 

Error: (09/25/2014 05:53:14 PM) (Source: PostgreSQL)(User: )

Description: pg_ctl: another server might be running; trying to start server

anyway

Error: (09/25/2014 05:52:53 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60

 

WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage >

 

990x80041003

 

Error: (09/25/2014 05:47:30 PM) (Source: VSS)(User: )

Description: RegSetValueExW(0x00000348,(null),0,REG_BINARY,00000000019EEF90.72)

0x80070005, Access is denied.

Error: (09/25/2014 05:47:30 PM) (Source: VSS)(User: )

Description: RegSetValueExW(0x00000294,(null),0,REG_BINARY,000000000D1CDD60.72)

 

0x80070005, Access is denied.

 

Operation:

   BackupShutdown Event

 

Context:

   Execution Context: Writer

   Writer

 

Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

   Writer Name: System Writer

  

 

Writer Instance ID: {2aee00e4-e5aa-45fd-8961-2bbe4e52772d}

 

Error: (09/25/2014 05:47:30 PM) (Source: VSS)(User: )

Description: RegSetValueExW(0x00001178,(null),0,REG_BINARY,000000000E23E250.72)

0x80070005, Access is denied.

 

Operation:

   BackupShutdown Event

Context:

   Execution Context: Writer

   Writer

Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}

   Writer Name: MSSearch Service

 

Writer

   Writer Instance ID: {e521019a-84e5-47cb-8316-9d879ce8c0fd}

 

CodeIntegrity Errors:

===================================

  Date: 2014-09-07 07:35:50.474

  Description: Windows is unable to verify the image integrity of the file

\Device\HarddiskVolume7\Repairs\PortMon\PORTMSYS.SYS because file hash could not

be found on the system. A recent hardware or software change might have

installed a file that is signed incorrectly or damaged, or that might be

malicious software from an unknown source.

  Date: 2014-09-07 07:35:50.424

  Description: Windows is unable to verify the image integrity of the file

 

\Device\HarddiskVolume7\Repairs\PortMon\PORTMSYS.SYS because file hash could not

 

be found on the system. A recent hardware or software change might have

 

installed a file that is signed incorrectly or damaged, or that might be

 

malicious software from an unknown source.

 

  Date: 2014-09-06 14:30:57.755

  Description: Windows is unable to verify the image integrity of the file

\Device\HarddiskVolume7\Repairs\PortMon\PORTMSYS.SYS because file hash could not

be found on the system. A recent hardware or software change might have

installed a file that is signed incorrectly or damaged, or that might be

malicious software from an unknown source.

  Date: 2014-09-06 14:30:57.711

  Description: Windows is unable to verify the image integrity of the file

 

\Device\HarddiskVolume7\Repairs\PortMon\PORTMSYS.SYS because file hash could not

 

be found on the system. A recent hardware or software change might have

 

installed a file that is signed incorrectly or damaged, or that might be

 

malicious software from an unknown source.

 

  Date: 2014-09-06 14:30:42.278

  Description: Windows is unable to verify the image integrity of the file

\Device\HarddiskVolume7\Repairs\PortMon\PORTMSYS.SYS because file hash could not

be found on the system. A recent hardware or software change might have

installed a file that is signed incorrectly or damaged, or that might be

malicious software from an unknown source.

  Date: 2014-09-06 14:30:42.234

  Description: Windows is unable to verify the image integrity of the file

 

\Device\HarddiskVolume7\Repairs\PortMon\PORTMSYS.SYS because file hash could not

 

be found on the system. A recent hardware or software change might have

 

installed a file that is signed incorrectly or damaged, or that might be

 

malicious software from an unknown source.

 

  Date: 2014-09-06 14:30:37.599

  Description: Windows is unable to verify the image integrity of the file

\Device\HarddiskVolume7\Repairs\PortMon\PORTMSYS.SYS because file hash could not

be found on the system. A recent hardware or software change might have

installed a file that is signed incorrectly or damaged, or that might be

malicious software from an unknown source.

  Date: 2014-09-06 14:30:37.554

  Description: Windows is unable to verify the image integrity of the file

 

\Device\HarddiskVolume7\Repairs\PortMon\PORTMSYS.SYS because file hash could not

 

be found on the system. A recent hardware or software change might have

 

installed a file that is signed incorrectly or damaged, or that might be

 

malicious software from an unknown source.

 

 

=========================== Installed Programs ============================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.33870 - BitTorrent Inc.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000})

 

(Version: 9.20.00.0 - Igor Pavlov)

Active@ KillDisk 9.0 (HKLM\...\{81B939C1-0219-42B6-A352-D5E43F2BDFAE}_is1)

(Version: 9.0 - LSoft Technologies Inc)

ActivePerl 5.16.3 Build 1604 (64-bit) (HKLM\...\{A7915697-1675-433D-AD07-

 

759E8550582F}) (Version: 5.16.1604 - ActiveState)

AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro

Devices, Inc.) Hidden

AMD Accelerated Video Transcoding (Version: 13.30.100.40811 - Advanced Micro

 

Devices, Inc.) Hidden

AMD APP SDK 2.9 (HKLM\...\{B192EDAC-25C7-408D-99A0-A23455F50E27}) (Version:

2.9.233.167 - Advanced Micro Devices, Inc.)

AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices,

 

Inc.) Hidden

AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.)

Hidden

Anoncoin (HKCU\...\Anoncoin) (Version: 0.8.5.6 - Anoncoin project)

AxCrypt 1.7.3156.0 (HKLM\...\{8B49CDB9-824C-44D6-A5D3-D0235D3030B8}) (Version:

1.7.3156.0 - Axantum Software AB)

Bitcoin Core (64-bit) (HKCU\...\Bitcoin Core (64-bit)) (Version: 0.9.2 - Bitcoin

 

Core project)

BitMinter Client (HKCU\...\BitMinter Client) (Version:  - BitMinter.com)

Boolberry version v0.2.0.37(ceecfdf) (HKLM\...\{24C4D076-F481-4E53-AC1D-

 

1DF31397E2E2}_is1) (Version: v0.2.0.37(ceecfdf) - Boolberry Team)

Buffalo RAMDISK Utility (HKLM\...\Buffalo BFRD4G) (Version:  - )

Catalyst Control Center Graphics Previews Common (x32 Version:

 

2014.0811.2303.39561 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2014.0811.2303.39561 -

Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Standard (x32 Version: 2014.0811.2302.39561 - Advanced Micro

 

Devices, Inc.) Hidden

CCC Help Chinese Traditional (x32 Version: 2014.0811.2302.39561 - Advanced Micro

Devices, Inc.) Hidden

CCC Help Czech (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices,

 

Inc.) Hidden

CCC Help Danish (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices,

Inc.) Hidden

CCC Help Dutch (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices,

 

Inc.) Hidden

CCC Help English (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices,

Inc.) Hidden

CCC Help Finnish (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices,

 

Inc.) Hidden

CCC Help French (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices,

Inc.) Hidden

CCC Help German (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices,

 

Inc.) Hidden

CCC Help Greek (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices,

Inc.) Hidden

CCC Help Hungarian (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices,

 

Inc.) Hidden

CCC Help Italian (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices,

Inc.) Hidden

CCC Help Japanese (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices,

 

Inc.) Hidden

CCC Help Korean (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices,

Inc.) Hidden

CCC Help Norwegian (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices,

 

Inc.) Hidden

CCC Help Polish (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices,

Inc.) Hidden

CCC Help Portuguese (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices,

 

Inc.) Hidden

CCC Help Russian (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices,

Inc.) Hidden

CCC Help Spanish (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices,

 

Inc.) Hidden

CCC Help Swedish (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices,

Inc.) Hidden

CCC Help Thai (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.)

 

Hidden

CCC Help Turkish (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices,

Inc.) Hidden

ccc-utility64 (Version: 2014.0811.2303.39561 - Advanced Micro Devices, Inc.)

 

Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)

Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 33.1.0.0 - COMODO)

COMODO Internet Security (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6})

(Version: 7.0.55655.4142 - COMODO Security Solutions Inc.)

ConEmu 140723.x64 (HKLM\...\{BE4AFA91-F4EC-4EE5-B93E-3421392320D9}) (Version:

 

11.140.7230 - ConEmu-Maximus5)

CPUID CPU-Z OC 1.70 (HKLM\...\CPUID CPU-Z OC_is1) (Version: 1.70 - CPUID, Inc.)

Dogecoin Core (64-bit) (HKCU\...\Dogecoin Core (64-bit)) (Version: 1.8.0 -

 

Dogecoin project)

EarthCoin (HKCU\...\EarthCoin) (Version: 1.3.0.0 - EarthCoin project)

Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1)

 

(Version: 9.0 - Emsisoft GmbH)

Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version:

6.0.2620 - The Eraser Project)

Fastcoin (HKCU\...\Fastcoin) (Version: 8.5.3 - Fastcoin project)

FedoraCoin (HKCU\...\FedoraCoin) (Version: 0.6.0.0 - FedoraCoin project)

GAuth Authenticator (HKCU\...\gauthauthenticator-

 

78ef3156e1ca5b74c14beac161614be7) (Version: 0.8.2 - Gerard Braad)

Geeks3D FurMark 1.13.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1)

(Version:  - Geeks3D)

Gigaset QuickSync (HKLM\...\{b49e8cfb-f094-4467-925a-97c23972cb50}) (Version:

 

8.3.0868.3 - Gigaset Communications GmbH)

GoldCoin (GLD) (HKCU\...\GoldCoin (GLD)) (Version: 00.07.01.07 - GoldCoin (GLD))

HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)

Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF})

(Version: 7.0.670 - Oracle)

Litecoin (HKCU\...\Litecoin) (Version: 0.8.7.2 - Litecoin project)

Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-

 

Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}

- 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation)

 

Hidden

Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00})

 

(Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411 (HKLM\...\{D93AC9C8-

B6CF-391E-BD2F-48AF4727476C}) (Version: 9.0.30411 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...

 

\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft

 

Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...

\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft

Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...

 

\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft

 

Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...

\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft

Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version:

 

11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version:

11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727

 

- Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610

- Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version:

 

12.0.21005 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005

- Microsoft Corporation) Hidden

MultiMiner version 3.5.1 (HKCU\...\{A59A265F-E97D-4A84-8E78-E8C59EB861CE}_is1)

 

(Version: 3.5.1 - Nate Woolls)

MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)

Nautiluscoin Core (64-bit) (HKCU\...\Nautiluscoin Core (64-bit)) (Version: 1.1.0

 

- Nautiluscoin Core project)

Orbitcoin 1.0.0 (HKCU\...\Orbitcoin 1.0.0) (Version:  - )

Qt (HKCU\...\Qt) (Version: 1.0.1 - Digia Plc)

Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )

Titcoin (HKCU\...\Titcoin) (Version: 1.0.0 - Titcoin project)

Types (HKLM\...\Types) (Version: 2.1.6 - E. Strunnikov)

Vertcoin (HKCU\...\Vertcoin) (Version: 0.8.7.3 - Vertcoin project)

WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )

Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (01/27/2014

 

2.10.00) (HKLM\...\A360E2EA788FFC586113AFE1F2AABF01EBE7A248) (Version:

 

01/27/2014 2.10.00 - FTDI)

Windows Driver Package - FTDI CDM Driver Package - VCP Driver (01/27/2014

2.10.00) (HKLM\...\42F5D8399C4B7EB9005D88E9045ABB1A715CD59A) (Version:

01/27/2014 2.10.00 - FTDI)

Windows Driver Package - Silicon Laboratories (silabenm) Ports  (03/19/2014

 

6.7.0.0) (HKLM\...\B97004A400E30DCF940971EFA7A0C13C6B0A4B66) (Version:

 

03/19/2014 6.7.0.0 - Silicon Laboratories)

Worldcoin (HKCU\...\Worldcoin) (Version: 0.8.6.2 - Worldcoin project)

WPS Office (9.1.0.4746) (HKCU\...\WPS Office) (Version: 9.1.0.4746 - Kingsoft

 

Corp.)

 

========================= Memory info: ===================================

 

Percentage of memory in use: 23%

Total physical RAM: 11741.24 MB

Available physical RAM: 8925.86 MB

Total Pagefile: 23480.66 MB

Available Pagefile: 19657.4 MB

Total Virtual: 4095.88 MB

Available Virtual: 3971.27 MB

 

========================= Partitions: =====================================

 

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:729.02 GB) NTFS

2 Drive d: (Mining) (Fixed) (Total:321.76 GB) (Free:118.5 GB) NTFS

3 Drive g: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

4 Drive h: (Back up) (Fixed) (Total:368.01 GB) (Free:96.74 GB) NTFS

5 Drive i: (Spare) (Fixed) (Total:97.66 GB) (Free:97.53 GB) NTFS

6 Drive k: (BFRD-DRIVE) (Fixed) (Total:0.5 GB) (Free:0.3 GB) FAT32

7 Drive o: (Rescatux) (Removable) (Total:3.73 GB) (Free:1.19 GB) FAT32

 

========================= Users: ========================================

 

User accounts for \\DESKTOP

 

Administrator            Cybad4d4                 Guest                   

 

**** End of log ****


Edited by phunkey, 26 September 2014 - 03:43 AM.


#4 phunkey

phunkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 26 September 2014 - 03:53 AM

I actually used tdsskiller a couple of days ago without problem. I will run it again but expect same result. I've also changed my administartor & pw & installed Commodo security after switching off all ms protection. As mentioned I read about a similar infection that used windows defender to disable mbam etc. Main probs are that I cannot install anything & many (alt-currency) tools no longer work/can't connect to QT.   have actually disappeared this a.m.!

 

I'll run tdsskiler and forward copy of report anyway:



#5 phunkey

phunkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 26 September 2014 - 03:56 AM

09:52:48.0437 0x1200  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
09:52:51.0495 0x1200  ============================================================
09:52:51.0495 0x1200  Current date / time: 2014/09/26 09:52:51.0495
09:52:51.0495 0x1200  SystemInfo:
09:52:51.0495 0x1200  
09:52:51.0495 0x1200  OS Version: 6.1.7601 ServicePack: 1.0
09:52:51.0495 0x1200  Product type: Workstation
09:52:51.0495 0x1200  ComputerName: DESKTOP
09:52:51.0495 0x1200  UserName: Cybad4d4
09:52:51.0495 0x1200  Windows directory: C:\Windows
09:52:51.0495 0x1200  System windows directory: C:\Windows
09:52:51.0495 0x1200  Running under WOW64
09:52:51.0495 0x1200  Processor architecture: Intel x64
09:52:51.0495 0x1200  Number of processors: 6
09:52:51.0495 0x1200  Page size: 0x1000
09:52:51.0495 0x1200  Boot type: Normal boot
09:52:51.0495 0x1200  ============================================================
09:52:52.0758 0x1200  KLMD registered as C:\Windows\system32\drivers\36537660.sys
09:52:53.0648 0x1200  System UUID: {76F9AC44-CD28-DF7E-29FB-1AFAB397FC95}
09:52:54.0599 0x1200  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:52:57.0454 0x1200  Drive \Device\Harddisk3\DR3 - Size: 0x12A1E0DE00 ( 74.53 Gb ), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:52:57.0470 0x1200  Drive \Device\Harddisk1\DR1 - Size: 0xAEA8BD5E00 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:53:01.0775 0x1200  Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
09:53:01.0806 0x1200  Drive \Device\Harddisk4\DR4 - Size: 0xEF000000 ( 3.73 Gb ), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:53:01.0806 0x1200  ============================================================
09:53:01.0806 0x1200  \Device\Harddisk0\DR0:
09:53:01.0806 0x1200  MBR partitions:
09:53:01.0806 0x1200  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:53:01.0806 0x1200  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D4000
09:53:01.0806 0x1200  \Device\Harddisk3\DR3:
09:53:01.0838 0x1200  MBR partitions:
09:53:01.0838 0x1200  \Device\Harddisk1\DR1:
09:53:01.0838 0x1200  MBR partitions:
09:53:01.0838 0x1200  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x2425BFF6, BlocksNum 0x28384C53
09:53:01.0853 0x1200  \Device\Harddisk2\DR2:
09:53:01.0853 0x1200  MBR partitions:
09:53:01.0853 0x1200  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:53:01.0853 0x1200  \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x2E003000
09:53:01.0853 0x1200  \Device\Harddisk2\DR2\Partition3: MBR, Type 0x7, StartLBA 0x2E035800, BlocksNum 0xC34F800
09:53:01.0853 0x1200  \Device\Harddisk4\DR4:
09:53:01.0853 0x1200  MBR partitions:
09:53:01.0853 0x1200  \Device\Harddisk4\DR4\Partition1: MBR, Type 0xB, StartLBA 0x800, BlocksNum 0x777800
09:53:01.0853 0x1200  ============================================================
09:53:02.0072 0x1200  C: <-> \Device\Harddisk0\DR0\Partition2
09:53:02.0087 0x1200  D: <-> \Device\Harddisk1\DR1\Partition1
09:53:02.0103 0x1200  G: <-> \Device\Harddisk2\DR2\Partition1
09:53:02.0134 0x1200  I: <-> \Device\Harddisk2\DR2\Partition3
09:53:02.0165 0x1200  H: <-> \Device\Harddisk2\DR2\Partition2
09:53:02.0165 0x1200  ============================================================
09:53:02.0165 0x1200  Initialize success
09:53:02.0165 0x1200  ============================================================
09:53:33.0178 0x12e0  ============================================================
09:53:33.0178 0x12e0  Scan started
09:53:33.0178 0x12e0  Mode: Manual;
09:53:33.0178 0x12e0  ============================================================
09:53:33.0178 0x12e0  KSN ping started
09:53:35.0893 0x12e0  KSN ping finished: true
09:53:37.0780 0x12e0  ================ Scan system memory ========================
09:53:37.0780 0x12e0  System memory - ok
09:53:37.0780 0x12e0  ================ Scan services =============================
09:53:37.0952 0x12e0  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
09:53:37.0967 0x12e0  1394ohci - ok
09:53:38.0077 0x12e0  [ 73C035299E3044636104CA7A7634A6AC, ED1D4904E2D1D1C72ED9697297AE1B64860098BA2F6F63F7A1426413007DF138 ] a2acc           C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx64.sys
09:53:38.0092 0x12e0  a2acc - ok
09:53:38.0264 0x12e0  [ 3CD0CDBB5ECF2CABE3BE61BE82410D93, 2A3AB933E561AC546485000B65E6BD94A979327C719DA699856731AF668D17AF ] a2AntiMalware   C:\Program Files\Emsisoft Anti-Malware\a2service.exe
09:53:38.0435 0x12e0  a2AntiMalware - ok
09:53:38.0467 0x12e0  [ D27A8B7BB0E15DFBFC6B4E774EE17AD9, CBAD45B3FFFD30C34AF918009F699B65F89043D0799FC25D2472381912F86F93 ] A2DDA           C:\Program Files\Emsisoft Anti-Malware\a2ddax64.sys
09:53:38.0467 0x12e0  A2DDA - ok
09:53:38.0498 0x12e0  [ 05936579605018BD2BC528FF2C1AD95F, 763C2E76F9078F6A74D5BCCB4DD8A10C82AEB9C9F5A45C3706A587FA2D03E7D3 ] a2injectiondriver C:\Program Files\Emsisoft Anti-Malware\a2dix64.sys
09:53:38.0498 0x12e0  a2injectiondriver - ok
09:53:38.0513 0x12e0  [ B1AB7116D14667A2238DAEFE20B7F4D0, DC8A9093A6F759657C3354931A462FCCAF3533A907FB7152380EB2E9B4AD3BF8 ] a2util          C:\Program Files\Emsisoft Anti-Malware\a2util64.sys
09:53:38.0513 0x12e0  a2util - ok
09:53:38.0591 0x12e0  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
09:53:38.0591 0x12e0  ACPI - ok
09:53:38.0607 0x12e0  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
09:53:38.0607 0x12e0  AcpiPmi - ok
09:53:38.0747 0x12e0  [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:53:38.0888 0x12e0  AdobeFlashPlayerUpdateSvc - ok
09:53:38.0981 0x12e0  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
09:53:38.0997 0x12e0  adp94xx - ok
09:53:39.0013 0x12e0  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
09:53:39.0013 0x12e0  adpahci - ok
09:53:39.0044 0x12e0  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
09:53:39.0044 0x12e0  adpu320 - ok
09:53:39.0091 0x12e0  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:53:39.0091 0x12e0  AeLookupSvc - ok
09:53:39.0200 0x12e0  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
09:53:39.0215 0x12e0  AFD - ok
09:53:39.0231 0x12e0  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
09:53:39.0231 0x12e0  agp440 - ok
09:53:39.0278 0x12e0  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
09:53:39.0278 0x12e0  ALG - ok
09:53:39.0293 0x12e0  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:53:39.0293 0x12e0  aliide - ok
09:53:39.0387 0x12e0  [ E9269C2B132B1DF1EAFC0DD57B6F8A7D, AEE7E528E87237F8CBC749A6A84367E21183C1764328209D5A662CA6CB328317 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:53:39.0387 0x12e0  AMD External Events Utility - ok
09:53:39.0403 0x12e0  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
09:53:39.0403 0x12e0  amdide - ok
09:53:39.0465 0x12e0  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
09:53:39.0465 0x12e0  AmdK8 - ok
09:53:39.0871 0x12e0  [ 13566D265888EA814CFB3D64430F74F0, BA9C0105BE1ED9FB49B59CDA53AB5B69AAC34B91E33C46A2A5360DFC565A7940 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
09:53:40.0105 0x12e0  amdkmdag - ok
09:53:40.0229 0x12e0  [ 62B88833AB7B678E9790117ED01E096F, 01E7A8A504F558B065B4A3B01EA5DF0480B721CE2EFF37EA5C0C7BC934D7A229 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
09:53:40.0245 0x12e0  amdkmdap - ok
09:53:40.0307 0x12e0  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
09:53:40.0323 0x12e0  AmdPPM - ok
09:53:40.0417 0x12e0  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
09:53:40.0432 0x12e0  amdsata - ok
09:53:40.0448 0x12e0  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
09:53:40.0448 0x12e0  amdsbs - ok
09:53:40.0479 0x12e0  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
09:53:40.0479 0x12e0  amdxata - ok
09:53:40.0526 0x12e0  AODDriver4.2.0 - ok
09:53:40.0635 0x12e0  [ 59D01FA91962C9C1E9B4022B2D3B46DB, 3A111588538B77F010B5C900FB8425DDE55A08DBAC308CA7FB7BD9FCCCDEC69F ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
09:53:40.0651 0x12e0  AppHostSvc - ok
09:53:40.0729 0x12e0  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
09:53:40.0729 0x12e0  AppID - ok
09:53:40.0744 0x12e0  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
09:53:40.0744 0x12e0  AppIDSvc - ok
09:53:40.0807 0x12e0  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
09:53:40.0807 0x12e0  Appinfo - ok
09:53:40.0916 0x12e0  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
09:53:40.0916 0x12e0  arc - ok
09:53:40.0947 0x12e0  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
09:53:40.0947 0x12e0  arcsas - ok
09:53:41.0025 0x12e0  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:53:41.0025 0x12e0  AsyncMac - ok
09:53:41.0056 0x12e0  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
09:53:41.0056 0x12e0  atapi - ok
09:53:41.0134 0x12e0  [ 33497249626E7787AA5CEA99B226CCA6, EF6213B79F83334CD95E4A58A4FE64190AA3FEFF590E41C4BF302FC4A8F6D6D6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
09:53:41.0150 0x12e0  AtiHDAudioService - ok
09:53:41.0212 0x12e0  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:53:41.0228 0x12e0  AudioEndpointBuilder - ok
09:53:41.0243 0x12e0  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
09:53:41.0243 0x12e0  AudioSrv - ok
09:53:41.0321 0x12e0  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
09:53:41.0337 0x12e0  AxInstSV - ok
09:53:41.0415 0x12e0  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
09:53:41.0431 0x12e0  b06bdrv - ok
09:53:41.0509 0x12e0  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
09:53:41.0524 0x12e0  b57nd60a - ok
09:53:41.0587 0x12e0  [ 702B5E70B13B406E00F1B591F302053B, 3C51C32107C92E97972AF92253A4F4D7354ED03B5409CF2D82F01F92DF082147 ] bautpw64        C:\Windows\system32\drivers\bautpw64.sys
09:53:41.0587 0x12e0  bautpw64 - ok
09:53:41.0633 0x12e0  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
09:53:41.0633 0x12e0  BDESVC - ok
09:53:41.0711 0x12e0  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:53:41.0711 0x12e0  Beep - ok
09:53:41.0821 0x12e0  BFBackupUtilityService - ok
09:53:41.0821 0x12e0  BFBackupUtilityVSSService - ok
09:53:41.0977 0x12e0  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
09:53:41.0992 0x12e0  BFE - ok
09:53:42.0070 0x12e0  [ 3CC634F7BB138BF67BBCA49EC8513F35, 2CA8887A8B928246DF8AD0F2E2F8BCD49F6CC23D7260383E29D1912C6BE4164F ] BFRD4G          C:\Windows\system32\DRIVERS\BFRD4G.sys
09:53:42.0070 0x12e0  BFRD4G - ok
09:53:42.0101 0x12e0  [ 97F0BCC26F5364326F6410E88BF20142, 419826F63D002A468776E61FD24F9C4CF2F8833C537535804DC5C230B4197EE6 ] bftpdskc        C:\Windows\system32\drivers\bftpdskc64.sys
09:53:42.0101 0x12e0  bftpdskc - ok
09:53:42.0117 0x12e0  [ C064BD64CE639A657DF1CAAD9376E011, 19494CE2CFE111DCD4B7C48C4889DF95C74556DCD49F6F17B8AD2AB16F559854 ] bftpusbx        C:\Windows\system32\drivers\bftpusbx64.sys
09:53:42.0117 0x12e0  bftpusbx - ok
09:53:42.0164 0x12e0  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
09:53:42.0195 0x12e0  BITS - ok
09:53:42.0195 0x12e0  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
09:53:42.0195 0x12e0  blbdrive - ok
09:53:42.0257 0x12e0  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:53:42.0273 0x12e0  bowser - ok
09:53:42.0289 0x12e0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
09:53:42.0289 0x12e0  BrFiltLo - ok
09:53:42.0289 0x12e0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
09:53:42.0289 0x12e0  BrFiltUp - ok
09:53:42.0304 0x12e0  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
09:53:42.0304 0x12e0  BridgeMP - ok
09:53:42.0335 0x12e0  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
09:53:42.0335 0x12e0  Browser - ok
09:53:42.0351 0x12e0  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
09:53:42.0351 0x12e0  Brserid - ok
09:53:42.0351 0x12e0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
09:53:42.0367 0x12e0  BrSerWdm - ok
09:53:42.0367 0x12e0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
09:53:42.0367 0x12e0  BrUsbMdm - ok
09:53:42.0367 0x12e0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
09:53:42.0367 0x12e0  BrUsbSer - ok
09:53:42.0382 0x12e0  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
09:53:42.0382 0x12e0  BTHMODEM - ok
09:53:42.0445 0x12e0  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
09:53:42.0460 0x12e0  bthserv - ok
09:53:42.0491 0x12e0  [ C3F5756ACB375B53A6977B4CE8F3A47C, 1E51C566F63BE59F6DAE166FF3778D24A9603272A2E170E44B808721422F2C9C ] bufssvr         C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe
09:53:42.0585 0x12e0  bufssvr - ok
09:53:42.0679 0x12e0  [ B6EA7E4E23C43DB6E722E9D0B18FE3C3, C7AD98FB71E7A4017EE88D20DA835883E7CE6C48D914578D939DA0C6632F7CD9 ] cbfs4           C:\Windows\system32\drivers\cbfs4.sys
09:53:42.0694 0x12e0  cbfs4 - ok
09:53:42.0725 0x12e0  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:53:42.0741 0x12e0  cdfs - ok
09:53:42.0850 0x12e0  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:53:42.0866 0x12e0  cdrom - ok
09:53:42.0944 0x12e0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
09:53:42.0944 0x12e0  CertPropSvc - ok
09:53:42.0975 0x12e0  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
09:53:42.0975 0x12e0  circlass - ok
09:53:43.0037 0x12e0  [ FF60401F1C659CA2ED4BAE85D3FD14DA, 71EEA0078E1545A2F80B0020BE7113843B713DE1A5CC20D9810BD9F3889A4DB0 ] CISVC           C:\Windows\system32\CISVC.EXE
09:53:43.0037 0x12e0  CISVC - ok
09:53:43.0115 0x12e0  [ B794DCF38C965FA2F93C45A7C3D582C5, 0E483EAF835B85AA4B6F449F9BB68AF0A3EE4192D29CD72F4B812F1E4D9E9A7C ] cleanhlp        C:\Program Files\Emsisoft Anti-Malware\cleanhlp64.sys
09:53:43.0131 0x12e0  cleanhlp - ok
09:53:43.0209 0x12e0  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
09:53:43.0209 0x12e0  CLFS - ok
09:53:43.0256 0x12e0  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:53:43.0256 0x12e0  clr_optimization_v2.0.50727_32 - ok
09:53:43.0303 0x12e0  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:53:43.0318 0x12e0  clr_optimization_v2.0.50727_64 - ok
09:53:43.0412 0x12e0  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:53:43.0427 0x12e0  clr_optimization_v4.0.30319_32 - ok
09:53:43.0459 0x12e0  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:53:43.0459 0x12e0  clr_optimization_v4.0.30319_64 - ok
09:53:43.0459 0x12e0  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
09:53:43.0459 0x12e0  CmBatt - ok
09:53:43.0755 0x12e0  [ 5B33C08DE574DA58606B61CFCCD3F082, F88D7BD25D32C2A59AD602DBFED8CA061635B8FEF98CFF93715260B1925D1C4E ] CmdAgent        C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
09:53:43.0849 0x12e0  CmdAgent - ok
09:53:43.0895 0x12e0  [ 348A7FDDF0D7354ED6308AF96EEF4F54, CB3631315429E3187E77C5799EF7AABE68320D29370DE2992F644D07975BD7A6 ] cmderd          C:\Windows\system32\DRIVERS\cmderd.sys
09:53:43.0895 0x12e0  cmderd - ok
09:53:43.0927 0x12e0  [ 923659525ADAC632EA6F94570CCE1561, 375571DAC5A13160295E10EDE571B1A05500FD4136EAF4C48BD664D7D427E069 ] cmdGuard        C:\Windows\system32\DRIVERS\cmdguard.sys
09:53:43.0942 0x12e0  cmdGuard - ok
09:53:43.0989 0x12e0  [ 0AB6E8D34782E83AEECEEE76BC788957, 104482EA8C35BA983CCBDA05ECD6DDCF993D3F7216CEA97E6838A67CE75B47C7 ] cmdHlp          C:\Windows\system32\DRIVERS\cmdhlp.sys
09:53:43.0989 0x12e0  cmdHlp - ok
09:53:44.0005 0x12e0  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:53:44.0005 0x12e0  cmdide - ok
09:53:44.0067 0x12e0  [ E621EC50B1A85D875904CC0741F03D16, 644077BC4560DA3E8EEAD93170A0E1B7D67293338280A34315BED4A684D42EEB ] cmdvirth        C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
09:53:44.0098 0x12e0  cmdvirth - ok
09:53:44.0129 0x12e0  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
09:53:44.0129 0x12e0  CNG - ok
09:53:44.0145 0x12e0  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
09:53:44.0145 0x12e0  Compbatt - ok
09:53:44.0192 0x12e0  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
09:53:44.0192 0x12e0  CompositeBus - ok
09:53:44.0223 0x12e0  COMSysApp - ok
09:53:44.0363 0x12e0  cpuz135 - ok
09:53:44.0379 0x12e0  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
09:53:44.0379 0x12e0  crcdisk - ok
09:53:44.0457 0x12e0  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:53:44.0457 0x12e0  CryptSvc - ok
09:53:44.0566 0x12e0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:53:44.0582 0x12e0  DcomLaunch - ok
09:53:44.0644 0x12e0  [ 77C7FF0885D3A2C56A89D0DF5C1FCC2F, EF60E75EBF06865D9B95EE352BF9224225E35EA1DBE28F7A04EE0F7D401B98AC ] DCSLoader       C:\Windows\system32\spool\DRIVERS\x64\3\OKHSLDCS.EXE
09:53:44.0644 0x12e0  DCSLoader - ok
09:53:44.0753 0x12e0  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
09:53:44.0769 0x12e0  defragsvc - ok
09:53:44.0878 0x12e0  DesktopCentralServer - ok
09:53:44.0909 0x12e0  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:53:44.0925 0x12e0  DfsC - ok
09:53:45.0003 0x12e0  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
09:53:45.0019 0x12e0  Dhcp - ok
09:53:45.0206 0x12e0  [ 05F99DFF3A8D705F9AA6B87224F7BEB1, DDE133A44A330A07A0EB961559C840BBFC9D9E0CCA27DE0B4284C76BCAD31EDE ] DirMngr         C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
09:53:45.0346 0x12e0  DirMngr - ok
09:53:45.0377 0x12e0  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
09:53:45.0377 0x12e0  discache - ok
09:53:45.0471 0x12e0  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
09:53:45.0471 0x12e0  Disk - ok
09:53:45.0549 0x12e0  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:53:45.0549 0x12e0  Dnscache - ok
09:53:45.0580 0x12e0  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:53:45.0580 0x12e0  dot3svc - ok
09:53:45.0643 0x12e0  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
09:53:45.0658 0x12e0  DPS - ok
09:53:45.0877 0x12e0  [ 803569711F5976AD4A1469A091617946, 9FCFAE663992126B43EF9C729172A27D0B10CA758251D687430361D3A08BB4E2 ] DragonUpdater   C:\Program Files\Comodo\Dragon\dragon_updater.exe
09:53:46.0033 0x12e0  DragonUpdater - ok
09:53:46.0079 0x12e0  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:53:46.0095 0x12e0  drmkaud - ok
09:53:46.0173 0x12e0  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:53:46.0189 0x12e0  DXGKrnl - ok
09:53:46.0235 0x12e0  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
09:53:46.0251 0x12e0  EapHost - ok
09:53:46.0376 0x12e0  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
09:53:46.0423 0x12e0  ebdrv - ok
09:53:46.0454 0x12e0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
09:53:46.0454 0x12e0  EFS - ok
09:53:46.0703 0x12e0  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:53:46.0719 0x12e0  ehRecvr - ok
09:53:46.0766 0x12e0  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
09:53:46.0781 0x12e0  ehSched - ok
09:53:46.0891 0x12e0  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
09:53:46.0906 0x12e0  elxstor - ok
09:53:46.0922 0x12e0  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:53:46.0922 0x12e0  ErrDev - ok
09:53:46.0984 0x12e0  [ DB6AEC32FAF5BD002D9ED6C38692D42B, 8BB85AE88E783B678B05D5937B7EE261BB6ECC9BF82CCB0D9A4009A1535F62B3 ] EtronHub3       C:\Windows\system32\Drivers\EtronHub3.sys
09:53:46.0984 0x12e0  EtronHub3 - ok
09:53:47.0047 0x12e0  [ 9CC2F24274741E12F9DF92125EA6D6D8, AC51B2A81A4D285E2E17880597B491EBBFEC533A5009B810E4AD0D9FC589EB22 ] EtronXHCI       C:\Windows\system32\Drivers\EtronXHCI.sys
09:53:47.0062 0x12e0  EtronXHCI - ok
09:53:47.0140 0x12e0  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
09:53:47.0140 0x12e0  EventSystem - ok
09:53:47.0171 0x12e0  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
09:53:47.0171 0x12e0  exfat - ok
09:53:47.0187 0x12e0  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:53:47.0187 0x12e0  fastfat - ok
09:53:47.0265 0x12e0  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
09:53:47.0281 0x12e0  Fax - ok
09:53:47.0296 0x12e0  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
09:53:47.0296 0x12e0  fdc - ok
09:53:47.0296 0x12e0  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
09:53:47.0296 0x12e0  fdPHost - ok
09:53:47.0312 0x12e0  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:53:47.0312 0x12e0  FDResPub - ok
09:53:47.0327 0x12e0  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:53:47.0327 0x12e0  FileInfo - ok
09:53:47.0327 0x12e0  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:53:47.0327 0x12e0  Filetrace - ok
09:53:47.0327 0x12e0  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
09:53:47.0327 0x12e0  flpydisk - ok
09:53:47.0359 0x12e0  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:53:47.0374 0x12e0  FltMgr - ok
09:53:47.0452 0x12e0  [ C06AF3D1E7CA6868A6A3064CE6907C4A, A1A357CF99291E1611A4380BF8866B5B594637C186B5FD1EFDF052D4EB69FAB9 ] fltsrv          C:\Windows\system32\DRIVERS\fltsrv.sys
09:53:47.0452 0x12e0  fltsrv - ok
09:53:47.0577 0x12e0  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
09:53:47.0593 0x12e0  FontCache - ok
09:53:47.0639 0x12e0  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:53:47.0764 0x12e0  FontCache3.0.0.0 - ok
09:53:47.0795 0x12e0  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
09:53:47.0795 0x12e0  FsDepends - ok
09:53:47.0827 0x12e0  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:53:47.0827 0x12e0  Fs_Rec - ok
09:53:47.0889 0x12e0  [ 0B0E36E669B47E256BE7BDB66D76CCCF, EE52E6EB6F4E41429687124246CF988CAFC4D7FF26EDAD5EAB762239E6DF8FBB ] FTDIBUS         C:\Windows\system32\drivers\ftdibus.sys
09:53:47.0889 0x12e0  FTDIBUS - ok
09:53:47.0951 0x12e0  [ D35D8310AA13DC851EC2319D1640A17B, 300E1D23C113C8A5BACC07552FA62E5F14257C8593D575A7FB4C5A879B850F5F ] FTSER2K         C:\Windows\system32\drivers\ftser2k.sys
09:53:47.0951 0x12e0  FTSER2K - ok
09:53:48.0045 0x12e0  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
09:53:48.0061 0x12e0  fvevol - ok
09:53:48.0076 0x12e0  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
09:53:48.0076 0x12e0  gagp30kx - ok
09:53:48.0123 0x12e0  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
09:53:48.0139 0x12e0  gpsvc - ok
09:53:48.0263 0x12e0  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Users\Cybad4d4\AppData\Local\Temp\GUM383F.tmp\GoogleUpdate.exe
09:53:48.0263 0x12e0  gupdate - ok
09:53:48.0295 0x12e0  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Users\Cybad4d4\AppData\Local\Temp\GUM383F.tmp\GoogleUpdate.exe
09:53:48.0295 0x12e0  gupdatem - ok
09:53:48.0295 0x12e0  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
09:53:48.0295 0x12e0  hcw85cir - ok
09:53:48.0373 0x12e0  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:53:48.0404 0x12e0  HdAudAddService - ok
09:53:48.0435 0x12e0  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
09:53:48.0451 0x12e0  HDAudBus - ok
09:53:48.0482 0x12e0  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
09:53:48.0482 0x12e0  HidBatt - ok
09:53:48.0497 0x12e0  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
09:53:48.0497 0x12e0  HidBth - ok
09:53:48.0513 0x12e0  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
09:53:48.0513 0x12e0  HidIr - ok
09:53:48.0529 0x12e0  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
09:53:48.0529 0x12e0  hidserv - ok
09:53:48.0591 0x12e0  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:53:48.0591 0x12e0  HidUsb - ok
09:53:48.0669 0x12e0  [ 846FCDB73941A5B8FC4299A234659713, A08AD3D82EF977C2CC095FDB39E50AEE2C30FA7FDCCA192F2174A979CCFD16AA ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
09:53:48.0685 0x12e0  HitmanProScheduler - ok
09:53:48.0731 0x12e0  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:53:48.0747 0x12e0  hkmsvc - ok
09:53:48.0778 0x12e0  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:53:48.0778 0x12e0  HomeGroupListener - ok
09:53:48.0809 0x12e0  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:53:48.0809 0x12e0  HomeGroupProvider - ok
09:53:48.0825 0x12e0  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
09:53:48.0825 0x12e0  HpSAMD - ok
09:53:48.0934 0x12e0  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:53:48.0950 0x12e0  HTTP - ok
09:53:49.0090 0x12e0  [ D7E0591E2BA1289C875A9D948377441E, 9FDBC10A4FBCE2E9521DF84E177A08530DF6FBF1F830B3D3788367DF8F8ED327 ] HWiNFO32        C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
09:53:49.0090 0x12e0  HWiNFO32 - ok
09:53:49.0106 0x12e0  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
09:53:49.0106 0x12e0  hwpolicy - ok
09:53:49.0137 0x12e0  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
09:53:49.0137 0x12e0  i8042prt - ok
09:53:49.0199 0x12e0  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
09:53:49.0215 0x12e0  iaStorV - ok
09:53:49.0277 0x12e0  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:53:49.0293 0x12e0  idsvc - ok
09:53:49.0340 0x12e0  IEEtwCollectorService - ok
09:53:49.0387 0x12e0  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
09:53:49.0402 0x12e0  iirsp - ok
09:53:49.0480 0x12e0  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
09:53:49.0496 0x12e0  IKEEXT - ok
09:53:49.0543 0x12e0  [ 8E8C4F5DE79216E56A2E61D573C4F9B3, 7634C33E64B2A40FF5C0B8A1B2CF024A945EF70DE49CACDF96B01A043DC9A7F4 ] inspect         C:\Windows\system32\DRIVERS\inspect.sys
09:53:49.0543 0x12e0  inspect - ok
09:53:49.0699 0x12e0  [ 4BBB5A55EEB5EC11B20FCBB4CBB49357, CAC46B546C56F03B7D843FAC44F9C66FFFE924ACB975B543545B7BEA705E2BAE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:53:49.0745 0x12e0  IntcAzAudAddService - ok
09:53:49.0777 0x12e0  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
09:53:49.0777 0x12e0  intelide - ok
09:53:49.0808 0x12e0  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
09:53:49.0823 0x12e0  intelppm - ok
09:53:49.0855 0x12e0  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:53:49.0870 0x12e0  IPBusEnum - ok
09:53:49.0886 0x12e0  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:53:49.0886 0x12e0  IpFilterDriver - ok
09:53:49.0917 0x12e0  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:53:49.0948 0x12e0  iphlpsvc - ok
09:53:49.0948 0x12e0  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
09:53:49.0948 0x12e0  IPMIDRV - ok
09:53:49.0979 0x12e0  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
09:53:49.0979 0x12e0  IPNAT - ok
09:53:50.0042 0x12e0  [ 11FE7637A49B67D9B1F895B2AD4D982F, D448DA9083044E0B2627042D9FA5DC65C74A34AB09FF627777634B254260F4FB ] iprip           C:\Windows\System32\iprip.dll
09:53:50.0042 0x12e0  iprip - ok
09:53:50.0057 0x12e0  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:53:50.0057 0x12e0  IRENUM - ok
09:53:50.0089 0x12e0  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:53:50.0104 0x12e0  isapnp - ok
09:53:50.0135 0x12e0  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
09:53:50.0151 0x12e0  iScsiPrt - ok
09:53:50.0167 0x12e0  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:53:50.0167 0x12e0  kbdclass - ok
09:53:50.0182 0x12e0  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
09:53:50.0182 0x12e0  kbdhid - ok
09:53:50.0213 0x12e0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
09:53:50.0213 0x12e0  KeyIso - ok
09:53:50.0229 0x12e0  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:53:50.0229 0x12e0  KSecDD - ok
09:53:50.0245 0x12e0  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
09:53:50.0245 0x12e0  KSecPkg - ok
09:53:50.0260 0x12e0  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
09:53:50.0260 0x12e0  ksthunk - ok
09:53:50.0307 0x12e0  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:53:50.0323 0x12e0  KtmRm - ok
09:53:50.0354 0x12e0  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
09:53:50.0369 0x12e0  LanmanServer - ok
09:53:50.0401 0x12e0  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:53:50.0401 0x12e0  LanmanWorkstation - ok
09:53:50.0510 0x12e0  [ 1D5C6790425CB6DBB1B3C2722C34E199, D8BCC31A443B77711A7CA468E754A73137C1CC47D6F3DA5BEE3735B654327B0C ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
09:53:50.0510 0x12e0  LBTServ - ok
09:53:50.0541 0x12e0  [ 5EA1731968F2FD0E950DDCE6D36C5134, 16C47AA60CB62F206DBF3B4FAF99FCA667E7193178D1B7ECB162FA87C008BAA3 ] LEqdUsb         C:\Windows\system32\DRIVERS\LEqdUsb.Sys
09:53:50.0541 0x12e0  LEqdUsb - ok
09:53:50.0619 0x12e0  [ 50AC0930F05DFB996F085B49E112E5C9, C5147E92656506981705AFCAA97B7BDAD0929FF39C1666E774BE1BD32FB08387 ] LHidEqd         C:\Windows\system32\DRIVERS\LHidEqd.Sys
09:53:50.0619 0x12e0  LHidEqd - ok
09:53:50.0666 0x12e0  [ 96EB043E2843B5A87A486D0BC6921094, 0B339A18B2F536F12B2C1B4FEDEB3A815DC7F8E7B082144EE084B3E6ED067FBC ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
09:53:50.0681 0x12e0  LHidFilt - ok
09:53:50.0791 0x12e0  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:53:50.0791 0x12e0  lltdio - ok
09:53:50.0822 0x12e0  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:53:50.0837 0x12e0  lltdsvc - ok
09:53:50.0837 0x12e0  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:53:50.0837 0x12e0  lmhosts - ok
09:53:50.0853 0x12e0  [ A5C1DA229B3B660BBF3BDC30ADBFBB61, B657092424C6BF418A6FA56353370C195D9CA67999B355E8EDD6AFCFD9FEF8E5 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
09:53:50.0853 0x12e0  LMouFilt - ok
09:53:50.0962 0x12e0  [ 5DCD36FC4A6ECBF6E7F9B3BF7E0D0F55, 265BDBC10CC256CB35F2BF5A9A25246D1859400087370A2B629783B9D3F7D0D4 ] LPDSVC          C:\Windows\system32\lpdsvc.dll
09:53:50.0962 0x12e0  LPDSVC - ok
09:53:51.0040 0x12e0  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
09:53:51.0040 0x12e0  LSI_FC - ok
09:53:51.0056 0x12e0  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
09:53:51.0071 0x12e0  LSI_SAS - ok
09:53:51.0118 0x12e0  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
09:53:51.0118 0x12e0  LSI_SAS2 - ok
09:53:51.0134 0x12e0  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
09:53:51.0149 0x12e0  LSI_SCSI - ok
09:53:51.0212 0x12e0  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
09:53:51.0227 0x12e0  luafv - ok
09:53:51.0305 0x12e0  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:53:51.0321 0x12e0  Mcx2Svc - ok
09:53:51.0399 0x12e0  [ 4B9C739EE403CE38DED9BE51145CA519, 47C6A95D22050482B1EC7291402811B86878B01D3B96855B08E016AD2B08BDAA ] MEDC Server Component - Notification Server C:\ManageEngine\DesktopCentral_Server\bin\dcnotificationserver.exe
09:53:51.0524 0x12e0  MEDC Server Component - Notification Server - ok
09:53:51.0602 0x12e0  [ EB4E26AD3A0E681C2FAABBACB0691A34, F2ACDF171E603203F422BA64BFE2644A8E125657C96DD626CFD323E9F87C88D1 ] MEDCServerComponent-Apache C:\ManageEngine\DesktopCentral_Server\apache\bin\dcserverhttpd.exe
09:53:51.0602 0x12e0  MEDCServerComponent-Apache - ok
09:53:51.0617 0x12e0  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
09:53:51.0617 0x12e0  megasas - ok
09:53:51.0695 0x12e0  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
09:53:51.0711 0x12e0  MegaSR - ok
09:53:51.0758 0x12e0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
09:53:51.0773 0x12e0  MMCSS - ok
09:53:51.0789 0x12e0  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
09:53:51.0789 0x12e0  Modem - ok
09:53:51.0851 0x12e0  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:53:51.0851 0x12e0  monitor - ok
09:53:51.0898 0x12e0  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:53:51.0898 0x12e0  mouclass - ok
09:53:51.0961 0x12e0  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:53:51.0961 0x12e0  mouhid - ok
09:53:51.0992 0x12e0  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
09:53:51.0992 0x12e0  mountmgr - ok
09:53:52.0117 0x12e0  [ 6439D1E559D08BD8A1465A8943357053, 0E300508C22D12FBA3BE566B722F574CBE1B4A1A305356B92B8EA8B86267071B ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
09:53:52.0132 0x12e0  MpFilter - ok
09:53:52.0148 0x12e0  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:53:52.0148 0x12e0  mpio - ok
09:53:52.0241 0x12e0  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:53:52.0241 0x12e0  mpsdrv - ok
09:53:52.0304 0x12e0  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:53:52.0319 0x12e0  MpsSvc - ok
09:53:52.0351 0x12e0  MREMP50 - ok
09:53:52.0429 0x12e0  MREMP50a64 - ok
09:53:52.0444 0x12e0  MREMPR5 - ok
09:53:52.0460 0x12e0  MRENDIS5 - ok
09:53:52.0475 0x12e0  MRESP50 - ok
09:53:52.0475 0x12e0  MRESP50a64 - ok
09:53:52.0522 0x12e0  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:53:52.0522 0x12e0  MRxDAV - ok
09:53:52.0553 0x12e0  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:53:52.0553 0x12e0  mrxsmb - ok
09:53:52.0585 0x12e0  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:53:52.0585 0x12e0  mrxsmb10 - ok
09:53:52.0585 0x12e0  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:53:52.0585 0x12e0  mrxsmb20 - ok
09:53:52.0616 0x12e0  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
09:53:52.0616 0x12e0  msahci - ok
09:53:52.0616 0x12e0  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:53:52.0616 0x12e0  msdsm - ok
09:53:52.0631 0x12e0  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
09:53:52.0647 0x12e0  MSDTC - ok
09:53:52.0678 0x12e0  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:53:52.0678 0x12e0  Msfs - ok
09:53:52.0694 0x12e0  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
09:53:52.0709 0x12e0  mshidkmdf - ok
09:53:52.0709 0x12e0  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:53:52.0709 0x12e0  msisadrv - ok
09:53:52.0787 0x12e0  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:53:52.0803 0x12e0  MSiSCSI - ok
09:53:52.0819 0x12e0  msiserver - ok
09:53:52.0897 0x12e0  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:53:52.0897 0x12e0  MSKSSRV - ok
09:53:53.0037 0x12e0  [ F0D5494D8B177C37E16966262F5D0F68, DD63427DFFD9DD2BEC8336F6AD1BEFE347012331631DC5FEC65E83B1EACDBC67 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
09:53:53.0053 0x12e0  MsMpSvc - ok
09:53:53.0068 0x12e0  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:53:53.0084 0x12e0  MSPCLOCK - ok
09:53:53.0084 0x12e0  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:53:53.0099 0x12e0  MSPQM - ok
09:53:53.0131 0x12e0  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:53:53.0146 0x12e0  MsRPC - ok
09:53:53.0162 0x12e0  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
09:53:53.0162 0x12e0  mssmbios - ok
09:53:53.0162 0x12e0  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:53:53.0162 0x12e0  MSTEE - ok
09:53:53.0177 0x12e0  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
09:53:53.0177 0x12e0  MTConfig - ok
09:53:53.0209 0x12e0  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
09:53:53.0209 0x12e0  Mup - ok
09:53:53.0271 0x12e0  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
09:53:53.0302 0x12e0  napagent - ok
09:53:53.0349 0x12e0  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:53:53.0365 0x12e0  NativeWifiP - ok
09:53:53.0474 0x12e0  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:53:53.0505 0x12e0  NDIS - ok
09:53:53.0521 0x12e0  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
09:53:53.0536 0x12e0  NdisCap - ok
09:53:53.0567 0x12e0  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:53:53.0567 0x12e0  NdisTapi - ok
09:53:53.0630 0x12e0  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:53:53.0645 0x12e0  Ndisuio - ok
09:53:53.0661 0x12e0  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:53:53.0661 0x12e0  NdisWan - ok
09:53:53.0677 0x12e0  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:53:53.0677 0x12e0  NDProxy - ok
09:53:53.0708 0x12e0  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:53:53.0708 0x12e0  NetBIOS - ok
09:53:53.0755 0x12e0  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
09:53:53.0755 0x12e0  NetBT - ok
09:53:53.0770 0x12e0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
09:53:53.0770 0x12e0  Netlogon - ok
09:53:53.0817 0x12e0  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
09:53:53.0833 0x12e0  Netman - ok
09:53:53.0942 0x12e0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:53:54.0035 0x12e0  NetMsmqActivator - ok
09:53:54.0067 0x12e0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:53:54.0082 0x12e0  NetPipeActivator - ok
09:53:54.0129 0x12e0  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
09:53:54.0145 0x12e0  netprofm - ok
09:53:54.0160 0x12e0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:53:54.0160 0x12e0  NetTcpActivator - ok
09:53:54.0160 0x12e0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:53:54.0160 0x12e0  NetTcpPortSharing - ok
09:53:54.0191 0x12e0  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
09:53:54.0191 0x12e0  nfrd960 - ok
09:53:54.0254 0x12e0  [ F9EEFFC65C68A45001D1349E652B8B6F, E5F223129416083A12A85D48C65B2C8D1BF1124110399938E144308C89F9241D ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:53:54.0254 0x12e0  NisDrv - ok
09:53:54.0285 0x12e0  [ 9690F420A99364C1E5C439914B0DE25C, 6C6E0B27C4255001FE5F1EAD911DE1A8BF922C405B0C8031A6BD253CEB1D02A6 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
09:53:54.0301 0x12e0  NisSrv - ok
09:53:54.0332 0x12e0  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:53:54.0332 0x12e0  NlaSvc - ok
09:53:54.0347 0x12e0  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:53:54.0347 0x12e0  Npfs - ok
09:53:54.0363 0x12e0  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
09:53:54.0363 0x12e0  nsi - ok
09:53:54.0379 0x12e0  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:53:54.0379 0x12e0  nsiproxy - ok
09:53:54.0441 0x12e0  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:53:54.0472 0x12e0  Ntfs - ok
09:53:54.0472 0x12e0  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
09:53:54.0488 0x12e0  Null - ok
09:53:54.0581 0x12e0  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:53:54.0597 0x12e0  nvraid - ok
09:53:54.0644 0x12e0  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:53:54.0659 0x12e0  nvstor - ok
09:53:54.0675 0x12e0  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:53:54.0691 0x12e0  nv_agp - ok
09:53:54.0706 0x12e0  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:53:54.0706 0x12e0  ohci1394 - ok
09:53:54.0784 0x12e0  [ 86AEE55550B6FBF4EBAFBCF084B2B00D, D49B22A12AA3E157DE09DFE727E693D6F35081C7718D6CFE3D333AC3909D834B ] OpLclSrv        C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe
09:53:54.0800 0x12e0  OpLclSrv - ok
09:53:54.0815 0x12e0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
09:53:54.0831 0x12e0  p2pimsvc - ok
09:53:54.0847 0x12e0  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
09:53:54.0847 0x12e0  p2psvc - ok
09:53:54.0862 0x12e0  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
09:53:54.0862 0x12e0  Parport - ok
09:53:54.0878 0x12e0  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:53:54.0878 0x12e0  partmgr - ok
09:53:54.0893 0x12e0  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:53:54.0893 0x12e0  PcaSvc - ok
09:53:54.0893 0x12e0  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
09:53:54.0909 0x12e0  pci - ok
09:53:54.0925 0x12e0  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
09:53:54.0925 0x12e0  pciide - ok
09:53:54.0940 0x12e0  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
09:53:54.0940 0x12e0  pcmcia - ok
09:53:54.0940 0x12e0  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
09:53:54.0940 0x12e0  pcw - ok
09:53:54.0971 0x12e0  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:53:54.0987 0x12e0  PEAUTH - ok
09:53:55.0049 0x12e0  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
09:53:55.0143 0x12e0  PerfHost - ok
09:53:55.0190 0x12e0  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
09:53:55.0205 0x12e0  pla - ok
09:53:55.0283 0x12e0  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:53:55.0299 0x12e0  PlugPlay - ok
09:53:55.0299 0x12e0  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
09:53:55.0315 0x12e0  PNRPAutoReg - ok
09:53:55.0315 0x12e0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
09:53:55.0330 0x12e0  PNRPsvc - ok
09:53:55.0361 0x12e0  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:53:55.0377 0x12e0  PolicyAgent - ok
09:53:55.0439 0x12e0  PORTMON - ok
09:53:55.0517 0x12e0  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
09:53:55.0533 0x12e0  Power - ok
09:53:55.0580 0x12e0  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:53:55.0595 0x12e0  PptpMiniport - ok
09:53:55.0611 0x12e0  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
09:53:55.0611 0x12e0  Processor - ok
09:53:55.0642 0x12e0  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
09:53:55.0642 0x12e0  ProfSvc - ok
09:53:55.0658 0x12e0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:53:55.0658 0x12e0  ProtectedStorage - ok
09:53:55.0720 0x12e0  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
09:53:55.0736 0x12e0  Psched - ok
09:53:55.0814 0x12e0  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
09:53:55.0829 0x12e0  ql2300 - ok
09:53:55.0845 0x12e0  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
09:53:55.0845 0x12e0  ql40xx - ok
09:53:55.0876 0x12e0  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
09:53:55.0876 0x12e0  QWAVE - ok
09:53:55.0876 0x12e0  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:53:55.0892 0x12e0  QWAVEdrv - ok
09:53:55.0892 0x12e0  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:53:55.0892 0x12e0  RasAcd - ok
09:53:55.0939 0x12e0  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
09:53:55.0939 0x12e0  RasAgileVpn - ok
09:53:55.0970 0x12e0  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
09:53:55.0985 0x12e0  RasAuto - ok
09:53:55.0985 0x12e0  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:53:56.0001 0x12e0  Rasl2tp - ok
09:53:56.0017 0x12e0  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
09:53:56.0017 0x12e0  RasMan - ok
09:53:56.0032 0x12e0  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:53:56.0032 0x12e0  RasPppoe - ok
09:53:56.0079 0x12e0  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:53:56.0079 0x12e0  RasSstp - ok
09:53:56.0110 0x12e0  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:53:56.0126 0x12e0  rdbss - ok
09:53:56.0141 0x12e0  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
09:53:56.0141 0x12e0  rdpbus - ok
09:53:56.0157 0x12e0  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:53:56.0157 0x12e0  RDPCDD - ok
09:53:56.0204 0x12e0  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:53:56.0204 0x12e0  RDPENCDD - ok
09:53:56.0251 0x12e0  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
09:53:56.0251 0x12e0  RDPREFMP - ok
09:53:56.0329 0x12e0  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:53:56.0344 0x12e0  RdpVideoMiniport - ok
09:53:56.0375 0x12e0  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:53:56.0375 0x12e0  RDPWD - ok
09:53:56.0407 0x12e0  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
09:53:56.0422 0x12e0  rdyboost - ok
09:53:56.0469 0x12e0  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:53:56.0485 0x12e0  RemoteAccess - ok
09:53:56.0500 0x12e0  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:53:56.0516 0x12e0  RemoteRegistry - ok
09:53:56.0563 0x12e0  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
09:53:56.0578 0x12e0  RpcEptMapper - ok
09:53:56.0594 0x12e0  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
09:53:56.0594 0x12e0  RpcLocator - ok
09:53:56.0609 0x12e0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
09:53:56.0625 0x12e0  RpcSs - ok
09:53:56.0641 0x12e0  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:53:56.0641 0x12e0  rspndr - ok
09:53:56.0781 0x12e0  [ AA9416767F7947C7B2E9AA202C5C0AAF, 8F3FF3C8CE0C3A224B994AAD6B2CFE6963B91F6A743916088EBC370FB8D38A4C ] RTCore64        D:\Program Files (x86)\MSI Afterburner\RTCore64.sys
09:53:56.0781 0x12e0  RTCore64 - ok
09:53:56.0859 0x12e0  [ 2E7D1CA91D62501713C9D6E6704395C6, 823D9D9CC0971732D9121B67C534E30A78C83869594E4CCA91FCC0BE743610EF ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
09:53:56.0875 0x12e0  RTHDMIAzAudService - ok
09:53:56.0953 0x12e0  [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A, AB2615EB7313C02F6311143B27A426042A16925480ECBA6880448BE9818E9A39 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
09:53:56.0968 0x12e0  RTL8167 - ok
09:53:57.0046 0x12e0  [ A48B769DEC76629BD1A021D33C257B17, 41DF6DD6B4ED616B53C9A0BBB4F4586FE446B27A4AC710410A461354337A53F1 ] RTL8187         C:\Windows\system32\DRIVERS\wg111v2.sys
09:53:57.0046 0x12e0  RTL8187 - ok
09:53:57.0062 0x12e0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
09:53:57.0062 0x12e0  SamSs - ok
09:53:57.0077 0x12e0  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:53:57.0077 0x12e0  sbp2port - ok
09:53:57.0093 0x12e0  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:53:57.0109 0x12e0  SCardSvr - ok
09:53:57.0109 0x12e0  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
09:53:57.0109 0x12e0  scfilter - ok
09:53:57.0140 0x12e0  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
09:53:57.0155 0x12e0  Schedule - ok
09:53:57.0171 0x12e0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:53:57.0171 0x12e0  SCPolicySvc - ok
09:53:57.0233 0x12e0  SDHookDriver - ok
09:53:57.0265 0x12e0  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:53:57.0265 0x12e0  SDRSVC - ok
09:53:57.0311 0x12e0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:53:57.0327 0x12e0  secdrv - ok
09:53:57.0343 0x12e0  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
09:53:57.0343 0x12e0  seclogon - ok
09:53:57.0358 0x12e0  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
09:53:57.0358 0x12e0  SENS - ok
09:53:57.0405 0x12e0  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
09:53:57.0421 0x12e0  SensrSvc - ok
09:53:57.0467 0x12e0  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
09:53:57.0467 0x12e0  Serenum - ok
09:53:57.0530 0x12e0  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
09:53:57.0545 0x12e0  Serial - ok
09:53:57.0561 0x12e0  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
09:53:57.0561 0x12e0  sermouse - ok
09:53:57.0608 0x12e0  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
09:53:57.0608 0x12e0  SessionEnv - ok
09:53:57.0608 0x12e0  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:53:57.0608 0x12e0  sffdisk - ok
09:53:57.0608 0x12e0  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:53:57.0608 0x12e0  sffp_mmc - ok
09:53:57.0623 0x12e0  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:53:57.0623 0x12e0  sffp_sd - ok
09:53:57.0623 0x12e0  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
09:53:57.0623 0x12e0  sfloppy - ok
09:53:57.0795 0x12e0  [ 170A79EC35C63C85E13CC21B73399D41, E78158771D8683C6BD7DF10F6E9F6A8B99B61CC1C3A94D217966240712219E92 ] SgtSch2Svc      C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
09:53:57.0826 0x12e0  SgtSch2Svc - ok
09:53:57.0842 0x12e0  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:53:57.0842 0x12e0  SharedAccess - ok
09:53:57.0857 0x12e0  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:53:57.0873 0x12e0  ShellHWDetection - ok
09:53:57.0904 0x12e0  [ 8C61B219882C9C9ECA09BEDB82B0DDB1, 711681040D9CD93D603F55AB8D62371F5D51917C14818F27859E23E2D60EB18F ] silabenm        C:\Windows\system32\DRIVERS\silabenm.sys
09:53:57.0904 0x12e0  silabenm - ok
09:53:57.0920 0x12e0  [ 2641655FAD6C1EA0F3677978E2BF28C1, E703CE74D09E901BF531589E181DCF95B9C63E09FE1B99E38DEA9EE47EE458BA ] silabser        C:\Windows\system32\DRIVERS\silabser.sys
09:53:57.0935 0x12e0  silabser - ok
09:53:57.0951 0x12e0  [ E9E830D540EDEDED650F906628468548, 9800160C6807B28A2A1E57810151473C96F1484F2EF75D3E378E8C96440CD4CE ] simptcp         C:\Windows\System32\tcpsvcs.exe
09:53:57.0951 0x12e0  simptcp - ok
09:53:57.0982 0x12e0  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
09:53:57.0998 0x12e0  SiSRaid2 - ok
09:53:58.0029 0x12e0  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
09:53:58.0045 0x12e0  SiSRaid4 - ok
09:53:58.0060 0x12e0  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:53:58.0076 0x12e0  Smb - ok
09:53:58.0138 0x12e0  [ E3E56CAF0472163871B922FC7CBC9654, 1D7208519DB904E1B27F8D5214CA219BD52AB8C1AB64F22F8959DC4E8955AD37 ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
09:53:58.0154 0x12e0  snapman - ok
09:53:58.0185 0x12e0  [ CA62AE004E98374BF7F082CD765EEA02, A53243F4B9D798802CD6673EA9D7DC245F26A2216172DAD53547B9BC4D5DBA77 ] SNMP            C:\Windows\System32\snmp.exe
09:53:58.0185 0x12e0  SNMP - ok
09:53:58.0216 0x12e0  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:53:58.0216 0x12e0  SNMPTRAP - ok
09:53:58.0247 0x12e0  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:53:58.0247 0x12e0  spldr - ok
09:53:58.0294 0x12e0  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
09:53:58.0310 0x12e0  Spooler - ok
09:53:58.0403 0x12e0  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
09:53:58.0450 0x12e0  sppsvc - ok
09:53:58.0466 0x12e0  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
09:53:58.0466 0x12e0  sppuinotify - ok
09:53:58.0497 0x12e0  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:53:58.0497 0x12e0  srv - ok
09:53:58.0528 0x12e0  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:53:58.0528 0x12e0  srv2 - ok
09:53:58.0544 0x12e0  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:53:58.0559 0x12e0  srvnet - ok
09:53:58.0559 0x12e0  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:53:58.0575 0x12e0  SSDPSRV - ok
09:53:58.0575 0x12e0  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:53:58.0575 0x12e0  SstpSvc - ok
09:53:58.0591 0x12e0  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
09:53:58.0591 0x12e0  stexstor - ok
09:53:58.0622 0x12e0  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
09:53:58.0637 0x12e0  stisvc - ok
09:53:58.0637 0x12e0  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
09:53:58.0637 0x12e0  swenum - ok
09:53:58.0653 0x12e0  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
09:53:58.0669 0x12e0  swprv - ok
09:53:58.0715 0x12e0  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
09:53:58.0747 0x12e0  SysMain - ok
09:53:58.0778 0x12e0  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:53:58.0778 0x12e0  TabletInputService - ok
09:53:58.0840 0x12e0  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:53:58.0871 0x12e0  TapiSrv - ok
09:53:58.0903 0x12e0  [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD, 58F14DAA0EA21EA2F2A1D3D62C88BD8E5A0E0EF498B7B8D367BEEADE6A46843C ] tapoas          C:\Windows\system32\DRIVERS\tapoas.sys
09:53:58.0903 0x12e0  tapoas - ok
09:53:58.0934 0x12e0  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
09:53:58.0934 0x12e0  TBS - ok
09:53:58.0934 0x12e0  TC2Service - ok
09:53:59.0059 0x12e0  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:53:59.0090 0x12e0  Tcpip - ok
09:53:59.0199 0x12e0  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
09:53:59.0230 0x12e0  TCPIP6 - ok
09:53:59.0261 0x12e0  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:53:59.0261 0x12e0  tcpipreg - ok
09:53:59.0277 0x12e0  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:53:59.0277 0x12e0  TDPIPE - ok
09:53:59.0402 0x12e0  [ AC28A6FCA485821499FF018695CEDE16, 8BA6086EB1831FDEDB9E195EA7D5F2FE2B0944E4E0B0CDB41CD06971F7DAC805 ] tdrpman         C:\Windows\system32\DRIVERS\tdrpman.sys
09:53:59.0433 0x12e0  tdrpman - ok
09:53:59.0449 0x12e0  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:53:59.0449 0x12e0  TDTCP - ok
09:53:59.0511 0x12e0  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:53:59.0511 0x12e0  tdx - ok
09:53:59.0511 0x12e0  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
09:53:59.0511 0x12e0  TermDD - ok
09:53:59.0542 0x12e0  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
09:53:59.0558 0x12e0  TermService - ok
09:53:59.0573 0x12e0  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
09:53:59.0573 0x12e0  Themes - ok
09:53:59.0605 0x12e0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
09:53:59.0605 0x12e0  THREADORDER - ok
09:53:59.0636 0x12e0  [ DE604462206F7D8C203F767F425FCA8D, 149FBF6367C45415B939A9B1A7A10DA7A5E19F28CE533BCBE2B20DA4B78F8645 ] tib             C:\Windows\system32\DRIVERS\tib.sys
09:53:59.0651 0x12e0  tib - ok
09:53:59.0667 0x12e0  [ 8C750FE6DE38AF13506B99EC2F519F79, 232D18416E9DE3A676C625280CF172ED180B5AF98C69E5B24CC780D480549E35 ] tib_mounter     C:\Windows\system32\DRIVERS\tib_mounter.sys
09:53:59.0667 0x12e0  tib_mounter - ok
09:53:59.0761 0x12e0  [ 8725CA7069BBEDC4FE05333D4B77F0F4, ADAED5C2FAC04DFF8A5B9413153F1194269F0CAE301C8257E77A1574DF9877F5 ] tpcexdccs       C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe
09:53:59.0885 0x12e0  tpcexdccs - ok
09:53:59.0917 0x12e0  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
09:53:59.0917 0x12e0  TrkWks - ok
09:53:59.0995 0x12e0  [ 6D95A713F03A9AE56E99D00E809F2F90, BAECF0B7C21DA3868555179D51084CE956D38C53CD9384831F5D25DF8E989971 ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
09:53:59.0995 0x12e0  TrueSight - ok
09:54:00.0057 0x12e0  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:54:00.0057 0x12e0  TrustedInstaller - ok
09:54:00.0104 0x12e0  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:54:00.0104 0x12e0  tssecsrv - ok
09:54:00.0182 0x12e0  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
09:54:00.0182 0x12e0  TsUsbFlt - ok
09:54:00.0260 0x12e0  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
09:54:00.0260 0x12e0  TsUsbGD - ok
09:54:00.0338 0x12e0  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:54:00.0353 0x12e0  tunnel - ok
09:54:00.0369 0x12e0  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
09:54:00.0369 0x12e0  uagp35 - ok
09:54:00.0400 0x12e0  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:54:00.0416 0x12e0  udfs - ok
09:54:00.0431 0x12e0  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:54:00.0447 0x12e0  UI0Detect - ok
09:54:00.0447 0x12e0  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:54:00.0447 0x12e0  uliagpkx - ok
09:54:00.0478 0x12e0  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
09:54:00.0478 0x12e0  umbus - ok
09:54:00.0478 0x12e0  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
09:54:00.0478 0x12e0  UmPass - ok
09:54:00.0509 0x12e0  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
09:54:00.0525 0x12e0  upnphost - ok
09:54:00.0541 0x12e0  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:54:00.0541 0x12e0  usbccgp - ok
09:54:00.0603 0x12e0  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:54:00.0603 0x12e0  usbcir - ok
09:54:00.0634 0x12e0  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
09:54:00.0634 0x12e0  usbehci - ok
09:54:00.0697 0x12e0  [ 5A4AC5D05A7C97C68596416C05D6F2B4, 1CDE5172B763D2D65379B9F3ABACC080AF676DB9354EC98A455E620C4CE3E18A ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
09:54:00.0712 0x12e0  usbfilter - ok
09:54:00.0775 0x12e0  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:54:00.0806 0x12e0  usbhub - ok
09:54:00.0868 0x12e0  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
09:54:00.0868 0x12e0  usbohci - ok
09:54:00.0899 0x12e0  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:54:00.0899 0x12e0  usbprint - ok
09:54:00.0931 0x12e0  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
09:54:00.0946 0x12e0  usbscan - ok
09:54:00.0962 0x12e0  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:54:00.0977 0x12e0  USBSTOR - ok
09:54:00.0993 0x12e0  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
09:54:00.0993 0x12e0  usbuhci - ok
09:54:01.0024 0x12e0  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
09:54:01.0024 0x12e0  UxSms - ok
09:54:01.0040 0x12e0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
09:54:01.0040 0x12e0  VaultSvc - ok
09:54:01.0055 0x12e0  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
09:54:01.0055 0x12e0  vdrvroot - ok
09:54:01.0102 0x12e0  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
09:54:01.0118 0x12e0  vds - ok
09:54:01.0118 0x12e0  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:54:01.0133 0x12e0  vga - ok
09:54:01.0133 0x12e0  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:54:01.0133 0x12e0  VgaSave - ok
09:54:01.0165 0x12e0  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
09:54:01.0165 0x12e0  vhdmp - ok
09:54:01.0180 0x12e0  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
09:54:01.0180 0x12e0  viaide - ok
09:54:01.0274 0x12e0  [ 35E8A18D1C558D5C2FF2FFED2FD396F6, 5516AC03964DD33CF239AB3FB1D41BAB7454DB35FB38C45907614C3DB8F23391 ] vididr          C:\Windows\system32\DRIVERS\vididr.sys
09:54:01.0289 0x12e0  vididr - ok
09:54:01.0352 0x12e0  [ 0DCD5C8F2E0B3650C4A29F6569C074FD, 8FB24D79ADE1541C5DD6241A3395EF2E6575A8376111294CD5C87ECA798EDCFD ] vidsflt         C:\Windows\system32\DRIVERS\vidsflt.sys
09:54:01.0367 0x12e0  vidsflt - ok
09:54:01.0367 0x12e0  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:54:01.0367 0x12e0  volmgr - ok
09:54:01.0399 0x12e0  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:54:01.0414 0x12e0  volmgrx - ok
09:54:01.0414 0x12e0  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:54:01.0430 0x12e0  volsnap - ok
09:54:01.0445 0x12e0  [ 0A896CED40823D46BCDCD3AD8D664C96, E68E4E441FBAA361445AE34C08FE625315EE0C0CAA3A0BF08A409546A20020E7 ] vpnpbus         C:\Windows\system32\DRIVERS\vpnpbus.sys
09:54:01.0445 0x12e0  vpnpbus - ok
09:54:01.0477 0x12e0  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
09:54:01.0477 0x12e0  vsmraid - ok
09:54:01.0586 0x12e0  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
09:54:01.0617 0x12e0  VSS - ok
09:54:01.0633 0x12e0  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
09:54:01.0633 0x12e0  vwifibus - ok
09:54:01.0726 0x12e0  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
09:54:01.0742 0x12e0  W32Time - ok
09:54:01.0882 0x12e0  [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
09:54:01.0898 0x12e0  W3SVC - ok
09:54:01.0913 0x12e0  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
09:54:01.0913 0x12e0  WacomPen - ok
09:54:01.0976 0x12e0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
09:54:01.0976 0x12e0  WANARP - ok
09:54:02.0007 0x12e0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:54:02.0007 0x12e0  Wanarpv6 - ok
09:54:02.0038 0x12e0  [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
09:54:02.0054 0x12e0  WAS - ok
09:54:02.0163 0x12e0  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
09:54:02.0194 0x12e0  WatAdminSvc - ok
09:54:02.0241 0x12e0  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
09:54:02.0272 0x12e0  wbengine - ok
09:54:02.0350 0x12e0  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
09:54:02.0350 0x12e0  WbioSrvc - ok
09:54:02.0366 0x12e0  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:54:02.0381 0x12e0  wcncsvc - ok
09:54:02.0397 0x12e0  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:54:02.0397 0x12e0  WcsPlugInService - ok
09:54:02.0413 0x12e0  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
09:54:02.0413 0x12e0  Wd - ok
09:54:02.0475 0x12e0  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:54:02.0491 0x12e0  Wdf01000 - ok
09:54:02.0553 0x12e0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:54:02.0569 0x12e0  WdiServiceHost - ok
09:54:02.0569 0x12e0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:54:02.0584 0x12e0  WdiSystemHost - ok
09:54:02.0600 0x12e0  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
09:54:02.0600 0x12e0  WebClient - ok
09:54:02.0631 0x12e0  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:54:02.0631 0x12e0  Wecsvc - ok
09:54:02.0662 0x12e0  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:54:02.0662 0x12e0  wercplsupport - ok
09:54:02.0740 0x12e0  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:54:02.0756 0x12e0  WerSvc - ok
09:54:02.0803 0x12e0  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
09:54:02.0803 0x12e0  WfpLwf - ok
09:54:02.0818 0x12e0  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
09:54:02.0818 0x12e0  WIMMount - ok
09:54:02.0849 0x12e0  WinDefend - ok
09:54:02.0865 0x12e0  WinHttpAutoProxySvc - ok
09:54:02.0912 0x12e0  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:54:02.0927 0x12e0  Winmgmt - ok
09:54:03.0021 0x12e0  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
09:54:03.0052 0x12e0  WinRM - ok
09:54:03.0130 0x12e0  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
09:54:03.0130 0x12e0  WinUSB - ok
09:54:03.0161 0x12e0  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:54:03.0177 0x12e0  Wlansvc - ok
09:54:03.0193 0x12e0  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
09:54:03.0193 0x12e0  WmiAcpi - ok
09:54:03.0255 0x12e0  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:54:03.0255 0x12e0  wmiApSrv - ok
09:54:03.0286 0x12e0  WMPNetworkSvc - ok
09:54:03.0317 0x12e0  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:54:03.0317 0x12e0  WPCSvc - ok
09:54:03.0349 0x12e0  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:54:03.0364 0x12e0  WPDBusEnum - ok
09:54:03.0380 0x12e0  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:54:03.0380 0x12e0  ws2ifsl - ok
09:54:03.0395 0x12e0  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
09:54:03.0411 0x12e0  wscsvc - ok
09:54:03.0411 0x12e0  WSearch - ok
09:54:03.0505 0x12e0  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
09:54:03.0551 0x12e0  wuauserv - ok
09:54:03.0567 0x12e0  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:54:03.0567 0x12e0  WudfPf - ok
09:54:03.0645 0x12e0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:54:03.0661 0x12e0  WUDFRd - ok
09:54:03.0676 0x12e0  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:54:03.0676 0x12e0  wudfsvc - ok
09:54:03.0707 0x12e0  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
09:54:03.0707 0x12e0  WwanSvc - ok
09:54:03.0739 0x12e0  ================ Scan global ===============================
09:54:03.0770 0x12e0  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
09:54:03.0817 0x12e0  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
09:54:03.0832 0x12e0  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
09:54:03.0879 0x12e0  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
09:54:03.0910 0x12e0  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
09:54:03.0926 0x12e0  [ Global ] - ok
09:54:03.0926 0x12e0  ================ Scan MBR ==================================
09:54:03.0941 0x12e0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:54:04.0113 0x12e0  \Device\Harddisk0\DR0 - ok
09:54:04.0129 0x12e0  [ D71B99B6FF96AEB15E1A83E27DB8EAAA ] \Device\Harddisk3\DR3
09:54:04.0425 0x12e0  \Device\Harddisk3\DR3 - ok
09:54:04.0425 0x12e0  [ 1A5963783E1C322688D1F2AF3F47332A ] \Device\Harddisk1\DR1
09:54:04.0456 0x12e0  \Device\Harddisk1\DR1 - ok
09:54:04.0456 0x12e0  [ EA923EB0EC0060F1451E9AD7B5762CFE ] \Device\Harddisk2\DR2
09:54:04.0487 0x12e0  \Device\Harddisk2\DR2 - ok
09:54:04.0487 0x12e0  [ 23B571400A29918F5392F6E85EEB756E ] \Device\Harddisk4\DR4
09:54:04.0503 0x12e0  \Device\Harddisk4\DR4 - ok
09:54:04.0503 0x12e0  ================ Scan VBR ==================================
09:54:04.0519 0x12e0  [ CB571C949DF2BF6E55306098DBFFD306 ] \Device\Harddisk0\DR0\Partition1
09:54:04.0565 0x12e0  \Device\Harddisk0\DR0\Partition1 - ok
09:54:04.0581 0x12e0  [ FBE62FB63E938C39FA775D917E221940 ] \Device\Harddisk0\DR0\Partition2
09:54:04.0628 0x12e0  \Device\Harddisk0\DR0\Partition2 - ok
09:54:04.0628 0x12e0  [ 35EA088CB8818C0D57F1E2763601576D ] \Device\Harddisk1\DR1\Partition1
09:54:04.0659 0x12e0  \Device\Harddisk1\DR1\Partition1 - ok
09:54:04.0675 0x12e0  [ 4DCA4032C1488F8EAD2EDDE82379F9DF ] \Device\Harddisk2\DR2\Partition1
09:54:04.0675 0x12e0  \Device\Harddisk2\DR2\Partition1 - ok
09:54:04.0675 0x12e0  [ BA0053060DE1536AEDD6682856328341 ] \Device\Harddisk2\DR2\Partition2
09:54:04.0675 0x12e0  \Device\Harddisk2\DR2\Partition2 - ok
09:54:04.0690 0x12e0  [ F48055BAF8FE5EC86091A2B2329CB9A6 ] \Device\Harddisk2\DR2\Partition3
09:54:04.0706 0x12e0  \Device\Harddisk2\DR2\Partition3 - ok
09:54:04.0721 0x12e0  [ 20D0CCB71086A62784A1274777F93B12 ] \Device\Harddisk4\DR4\Partition1
09:54:04.0721 0x12e0  \Device\Harddisk4\DR4\Partition1 - ok
09:54:04.0721 0x12e0  ================ Scan generic autorun ======================
09:54:04.0753 0x12e0  [ 949607BCB86EFD03313DB3D7DCBC7C02, 20332698466E585641797532A62B14FAC08ECCB99B7F334F4920A7AC651FD997 ] C:\Program Files\ITknowledge24\Windows Defender Status Manager\wdsmgr.exe
09:54:04.0846 0x12e0  wdsmgr - ok
09:54:04.0893 0x12e0  [ B13F88114EF1D2FF69C927FD019ECA96, F7D75DD0C388B20B223FF77C35D3380F2EBDCEB5708E839E4B5A8CBDCF57757C ] C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe
09:54:04.0987 0x12e0  tpcexTray - ok
09:54:05.0018 0x12e0  [ 7FD9ABA4542D330EBD69627246357619, 987FBA143EE2A19BF0085F680FCF48951BE7E6CAE49A7607F646FF25CA7D1A50 ] C:\Windows\system32\TC2Tray.exe
09:54:05.0033 0x12e0  TC2Tray - ok
09:54:05.0049 0x12e0  [ 9B91F3C50F532824145A4FF84C97236F, 5EB64BA20454DA2F1AB68C61C6F0B7951BF089EC50D52C5D2DA4AF7BE7E4231B ] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
09:54:05.0143 0x12e0  Seagate Scheduler2 Service - ok
09:54:05.0252 0x12e0  [ A6AAD37CDCAE75CB62D039E3A4D8F5E3, 4FF763B0D129175BA1B1E794BA313E6C63F7A89D377C786BF5E730AF2A1D95D1 ] C:\Program Files\Microsoft Security Client\msseces.exe
09:54:05.0267 0x12e0  MSC - ok
09:54:05.0314 0x12e0  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
09:54:05.0314 0x12e0  Logitech Download Assistant - ok
09:54:05.0439 0x12e0  [ D67C4C1BAE2B6236F21A115E8316D16C, 29E99052F7B4B66610861DCE71A397D8DBBB4B33C2CDF8292E46AAAAAE3ED6A3 ] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
09:54:05.0470 0x12e0  COMODO Internet Security - ok
09:54:05.0470 0x12e0  Classic Start Menu - ok
09:54:05.0517 0x12e0  [ 308F2EE28005510DE616409148CF077B, A2126CB185B0053086BDD6F0A16A503F6CA629AC677E4B7AE6D43C770061D087 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
09:54:05.0533 0x12e0  SunJavaUpdateSched - ok
09:54:05.0689 0x12e0  [ B1E67DF9DB09DF141F114151BBD9E4FF, DBCD9E378882C5463BFF049E3CD021F05EE799CB126A468182AF4CAF3D01906E ] C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
09:54:05.0876 0x12e0  emsisoft anti-malware - ok
09:54:05.0938 0x12e0  [ 613166769A21CC231605F88A147B27C2, A48EB76D8B49C309B58F8ABC0C19A81379EEC95896D301B8EE8CE8BDB0DE4019 ] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
09:54:06.0063 0x12e0  Dolby Home Theater v4 - ok
09:54:06.0063 0x12e0  ComodoFSChrome - ok
09:54:06.0094 0x12e0  [ 477176A64463F76BB115727A3EAD9459, D30E0EF37615D225B71792057D7C4414CFEE7C82E53C2366AC602D0BFBFA67CB ] C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe
09:54:06.0172 0x12e0  BuffaloTools - ok
09:54:06.0328 0x12e0  [ BA80FC91396D7E54E32BDEC1AECC87B0, F998197ED56AA637FC9048DE912E2BF2A8A790EA990CE368A8D4FB05C3FF00FA ] C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe
09:54:06.0484 0x12e0  Backup Utility TaskTray Tool - ok
09:54:06.0578 0x12e0  [ 753BBFD1C58412AAB02438C7275B3151, 671E9B134D8E4279222160D0641B76C586C338D2910F0488A21C1BC922FC87BA ] D:\Program Files (x86)\Boxcryptor\Boxcryptor.exe
09:54:06.0593 0x12e0  Boxcryptor.exe - ok
09:54:06.0593 0x12e0  Sidebar - ok
09:54:06.0671 0x12e0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:54:06.0687 0x12e0  mctadmin - ok
09:54:06.0687 0x12e0  Sidebar - ok
09:54:06.0703 0x12e0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:54:06.0703 0x12e0  mctadmin - ok
09:54:06.0703 0x12e0  Waiting for KSN requests completion. In queue: 93
09:54:07.0717 0x12e0  Waiting for KSN requests completion. In queue: 93
09:54:08.0731 0x12e0  Waiting for KSN requests completion. In queue: 93
09:54:09.0760 0x12e0  Win FW state via NFP2: disabled
09:54:12.0225 0x12e0  ============================================================
09:54:12.0225 0x12e0  Scan finished
09:54:12.0225 0x12e0  ============================================================
09:54:12.0241 0x13b8  Detected object count: 0
09:54:12.0241 0x13b8  Actual detected object count: 0



#6 phunkey

phunkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 26 September 2014 - 04:45 AM

ADWCleaner initial report:

 

# AdwCleaner v3.306 - Report created 23/09/2014 at 17:48:56
# Updated 15/08/2014 by Xplode
# Operating System :  Service Pack 1 (64 bits)
# Username : Cybad4d4 - GIGA
# Running from : K:\Repairs\adwcleaner_3.306.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Windows\System32\GroupPolicy\Machine\Registry.pol
File Found : C:\Windows\System32\roboot64.exe

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\OCS
Key Found : [x64] HKCU\Software\OCS
Key Found : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Value Found : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v

[ File : C:\Users\Cybad4d4\AppData\Roaming\Mozilla\Firefox\Profiles\9dk5hpsw.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [973 octets] - [23/09/2014 17:48:56]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1032 octets] ##########
 


Edited by phunkey, 26 September 2014 - 05:02 AM.


#7 phunkey

phunkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 26 September 2014 - 05:00 AM

Post cleaning report: I meseed this simple op up a couple of times hence R0-3 & S12-3. Anyway, I've provided firts and last output.

 

# AdwCleaner v3.310 - Report created 26/09/2014 at 10:51:39
# Updated 12/09/2014 by Xplode
# Operating System :  Service Pack 1 (64 bits)
# Username : Cybad4d4 - DESKTOP
# Running from : C:\Users\Cybad4d4\Repairs\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v

[ File : C:\Users\Cybad4d4\AppData\Roaming\Mozilla\Firefox\Profiles\9dk5hpsw.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1116 octets] - [23/09/2014 17:48:56]
AdwCleaner[R1].txt - [933 octets] - [26/09/2014 10:05:14]
AdwCleaner[R2].txt - [1014 octets] - [26/09/2014 10:34:41]
AdwCleaner[R3].txt - [1072 octets] - [26/09/2014 10:48:16]
AdwCleaner[S0].txt - [1151 octets] - [23/09/2014 17:52:14]
AdwCleaner[S1].txt - [995 octets] - [26/09/2014 10:15:10]
AdwCleaner[S2].txt - [995 octets] - [26/09/2014 10:51:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1054 octets] ##########
 


Edited by phunkey, 26 September 2014 - 05:05 AM.


#8 phunkey

phunkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 26 September 2014 - 05:35 AM

JRT Output appeared to show a constant stram of

Error: the system was unable to find specified key or keyfile. . . . . . . . .

But completed scan reads:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.1 (09.26.2014:1)
OS: Windows_NT x64
Ran by Cybad4d4 on 26/09/2014 at 11:17:50.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/09/2014 at 11:30:03.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#9 phunkey

phunkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 26 September 2014 - 09:35 AM

Stillwaiting for Eset scan - 3hrs and 136 "suspicious objects found". The Commodo security suite I somehow managed to install in place of windows security settings has AV switched off and taffic blocked except while I send this. I've also deleted all instances of passwords etc.

 

Anyone any ideas if thus was just a random attack or if they were looking for something?



#10 phunkey

phunkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 26 September 2014 - 11:44 AM

OK. After nearly 4hrs realised my computer had switched itself off. At first I thought I'd pulled a lead but perhaps the program finished. Either way I didn't get to see threats read out. When I restarted app it said something about previous scan being succeddful - I think and that this scan should be quicker. I also switched off compressed files to make first pass faster and will go back over them when I sort out my external - fingers crossed.

 

Anyway, hope to have a read-out for you soon!



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:57 AM

Posted 26 September 2014 - 12:13 PM

The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt"). You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start > Run dialog box from the Start Menu on the desktop.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 phunkey

phunkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 26 September 2014 - 02:38 PM

Al last - Eset scan results. Point worth noting, a lot of mining sofyware throws up false positives:

 

C:\Users\All Users\Comodo\Cis\Quarantine\data\{02D0A7EE-351D-4780-9044-0DA2A494752C}    a variant of Win64/BitCoinMiner.U potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{09108D67-777C-4564-874E-A953436BD1B5}    a variant of Win32/BitCoinMiner.BY potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{0D0DBE3C-66F3-4211-A8B5-F401C65C9D5D}    a variant of Win64/BitCoinMiner.U potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{0DECCC80-44D1-48C6-A026-A4E8B57771E3}    a variant of Win64/BitCoinMiner.U potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{0FDB185B-0B5F-49DD-BFD0-AF47B53F76DF}    a variant of Win32/BitCoinMiner.BY potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{11A2AD24-3AF7-434F-B475-4385CBC4E523}    a variant of Win64/BitCoinMiner.R potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{14A4BB42-2CE3-44A4-805F-DCD106E69E41}    a variant of Win32/BitCoinMiner.BY potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{1CFAED7A-53B6-43B9-BE1B-BCE175D60B71}    a variant of Win64/BitCoinMiner.U potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{25B93550-E814-4536-87BE-CEF3435D2446}    a variant of Win32/BitCoinMiner.BV potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{35C16554-7E88-4D5F-8710-9787291730C1}    a variant of Win32/BitCoinMiner.BY potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{4938948F-E42D-442F-BF3C-CB624C182653}    a variant of Win32/BitCoinMiner.BY potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{4A893C7D-A0C3-4AE2-992D-05A33D4069CD}    a variant of Win64/BitCoinMiner.U potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{55FFACC5-0B76-418D-9516-C6D08E16E850}    a variant of Win64/BitCoinMiner.U potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{7705CE15-715F-47C0-9581-DFD320CF37F5}    a variant of Win32/BitCoinMiner.BY potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{7D6423A9-172A-4C72-BCC2-A3F3F63BEEF8}    Win32/AdWare.1ClickDownload.AT application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{7E11A9BC-823E-462D-B274-B1047762561C}    a variant of Win64/BitCoinMiner.U potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{90910295-1B6D-4ADF-B188-F972CDC38099}    a variant of Win64/BitCoinMiner.U potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{97E2CB9F-5BC6-475A-8C93-C8CDEA30F1A8}    a variant of Win32/BitCoinMiner.BY potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{9B58C65C-5C91-4B34-9B90-5DB5CBC8BE2F}    a variant of Win64/BitCoinMiner.U potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{A557B3C0-338C-4650-8A3F-11C9051A902B}    a variant of Win32/BitCoinMiner.BY potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{AFFCB7BC-5EC7-464D-8AC9-00F1260E3FA9}    a variant of Win32/BitCoinMiner.BW potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{B041E87C-AF99-4292-B082-1F7FA0A59505}    a variant of Win64/BitCoinMiner.U potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{B35BFF1B-6DC4-40AE-9AD6-C13205EED2AA}    a variant of Win32/BitCoinMiner.BY potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{B6D3E721-52F6-4542-AEB0-3E87163FBDE0}    a variant of Win64/BitCoinMiner.U potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{BAE421D6-FC7F-4A0E-8A1E-B56EB66FFC48}    a variant of Win64/BitCoinMiner.U potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{BCDC75AC-4D10-4733-A8BE-6B481E439D6F}    a variant of Win64/BitCoinMiner.U potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{BE56F2F5-3285-46BD-9E87-D05951603251}    a variant of Win32/BitCoinMiner.BV potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{CEC5834E-5422-4E83-9F4F-FFA49FA642B6}    Win32/BitCoinMiner.F potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{D2E8F081-3069-4FD1-80B1-A4DA47A7B977}    Win32/MiningProxy.A potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{D8B86D7F-A007-4E46-BE6F-86B4EA8F057C}    a variant of Win64/BitCoinMiner.U potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{DB2D983B-CB96-4964-9833-8D37FA363831}    a variant of Win64/BitCoinMiner.U potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{F9F92840-8BA4-42A7-87A8-976D5B5B521C}    a variant of Win32/BitCoinMiner.BY potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{FDB8F4A2-0E33-431C-AFA8-D1EC002232D2}    a variant of Win32/BitCoinMiner.BY potentially unsafe application    
C:\Windows\SysWOW64\Bitcoin CPU Miner.scr    Win32/BitCoinMiner.BE potentially unsafe application    
D:\Mining\Support\bitcoin-rpcminer-20110227-win32scr\Bitcoin 4way Miner.scr    Win32/BitCoinMiner.BE potentially unsafe application    
D:\Mining\Support\bitcoin-rpcminer-20110227-win32scr\Bitcoin CPU Miner.scr    Win32/BitCoinMiner.BE potentially unsafe application    
D:\Mining\Support\bitcoin-rpcminer-20110227-win32scr\Bitcoin CUDA Miner.scr    Win32/BitCoinMiner.BE potentially unsafe application    
D:\Mining\Support\bitcoin-rpcminer-20110227-win32scr\Bitcoin OpenCL Miner.scr    Win32/BitCoinMiner.BE potentially unsafe application    
D:\Mining\titcoin-1.0.0-win\titcoin-1.0.0-win\For Beginners\titcoin-1.0.0-win32-setup.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Mining\titcoin-1.0.0-win\titcoin-1.0.0-win\For Experts\titcoin-qt.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Mining\titcoin-1.0.0-win\titcoin-1.0.0-win\For Experts\daemon\titcoind.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Mining\X13mod\X13mod\sgminer.exe    a variant of Win32/BitCoinMiner.BY potentially unsafe application    
D:\Mining\X15_AMD_06_30\sgminer.exe    a variant of Win32/BitCoinMiner.BY potentially unsafe application    
D:\Program Files (x86)\DigitalCoin 2.0\DigitalCoin 2.0\digitalcoin-qt.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Program Files (x86)\DRKCoin\daemon\darkcoind.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Program Files (x86)\Easy Miner\backup\bfgminer\bfgminer-3.10.0\bfgminer-rpc.exe    a variant of Win32/BitCoinMiner.AN potentially unsafe application    
D:\Program Files (x86)\Easy Miner\backup\cgminer\cgminer-3.12.3\cgminer.exe    a variant of Win32/BitCoinMiner.BY potentially unsafe application    
D:\Program Files (x86)\Easy Miner\bfgminer\bfgminer-rpc.exe    a variant of Win32/BitCoinMiner.AN potentially unsafe application    
D:\Program Files (x86)\Easy Miner\bfgminer\bfgminer.exe    a variant of Win32/BitCoinMiner.BW potentially unsafe application    
D:\Program Files (x86)\Easy Miner\cgminer\cgminer.exe    a variant of Win32/BitCoinMiner.BY potentially unsafe application    
D:\Program Files (x86)\Fastcoin\fastcoin-qt.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Program Files (x86)\Fastcoin\daemon\fastcoind.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Program Files (x86)\FedoraCoin\fedoracoin-qt.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Program Files (x86)\GCoin\GCoin-qt.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Program Files (x86)\Litecoin\litecoin-qt.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Program Files (x86)\Litecoin\daemon\litecoind.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Program Files (x86)\Magicoin-v1.0.2.0\magicoin-qt.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Program Files (x86)\sharkcoin-qt\sharkcoin-qt.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Program Files (x86)\Titcoin\titcoin-qt.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Program Files (x86)\Titcoin\daemon\titcoind.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Program Files (x86)\Vertcoin\vertcoin-qt.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Program Files (x86)\Vertcoin\daemon\vertcoind.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Program Files (x86)\Worldcoin\worldcoin-qt.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Program Files (x86)\Worldcoin\daemon\worldcoind.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Wallets\Wallets\Anoncoin\anoncoin-qt.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Wallets\Wallets\Anoncoin\daemon\anoncoind.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Wallets\Wallets\AsicCoin\AsicCoin\asiccoin-qt.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Wallets\Wallets\AsicCoin\AsicCoin\asiccoind.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Wallets\Wallets\Bytecoin\simplewallet.exe    a variant of Win64/BitCoinMiner.AK potentially unsafe application    
D:\Wallets\Wallets\darkcoin-0.10.12.32-win\32\darkcoin-qt.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Wallets\Wallets\darkcoin-0.10.12.32-win\32\daemon\darkcoind.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Wallets\Wallets\EarthCoin\earthcoin-qt.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Wallets\Wallets\EarthCoin\daemon\earthcoind.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Wallets\Wallets\Guldencoin120_Windows\Guldencoin120.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Wallets\Wallets\Miner'sCoin\minerscoin-qt.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Wallets\Wallets\Miner'sCoin\minerscoind.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Wallets\Wallets\Phoenixcoin\minerd.exe    a variant of Win64/BitCoinMiner.U potentially unsafe application    
D:\Wallets\Wallets\thelastcoin\thelastcoin-qt.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    
D:\Zeus\bfgminer-4-2-0-branch-zeusminer-windows\bfgminer-4-2-0-branch-zeusminer-windows\bfgminer-rpc.exe    a variant of Win32/BitCoinMiner.AN potentially unsafe application    
D:\Zeus\bfgminer-4-2-0-branch-zeusminer-windows\bfgminer-4-2-0-branch-zeusminer-windows\bfgminer.exe    a variant of Win32/BitCoinMiner.BW potentially unsafe application    
D:\Zeus\cgminer-3-1-1-zeus-x6-windows\cgminer-3-1-1-zeus-x6-windows\cgminer.exe    a variant of Win32/BitCoinMiner.BY potentially unsafe application    
D:\Zeus\cgminer-3-5-0-dualminer-windows\cgminer-3-5-0-dualminer-windows\cgminer.exe    a variant of Win32/BitCoinMiner.BY potentially unsafe application    
D:\Zeus\cgminer-4-3-5-zeus-windows\cgminer.exe    a variant of Win32/BitCoinMiner.BY potentially unsafe application    
D:\Zeus\cgminer_X6_series\cgminer_X6_series\windows\cgminer.exe    a variant of Win32/BitCoinMiner.BY potentially unsafe application    
D:\Zeus\sph-sgminer_x11mod\sph-sgminer_x11mod\sgminer.exe    a variant of Win32/BitCoinMiner.BY potentially unsafe application    
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir    a variant of Win64/Systweak.A potentially unwanted application    deleted - quarantined
C:\Miners\sgminer\sgminerDRKMYRLASTCANN\sgminer.exe    a variant of Win32/BitCoinMiner.BY potentially unsafe application    deleted - quarantined
C:\Program Files (x86)\Litecoin\litecoin-qt.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    deleted - quarantined
C:\Program Files (x86)\Litecoin\daemon\litecoind.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{02D0A7EE-351D-4780-9044-0DA2A494752C}    a variant of Win64/BitCoinMiner.U potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{09108D67-777C-4564-874E-A953436BD1B5}    a variant of Win32/BitCoinMiner.BY potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{0D0DBE3C-66F3-4211-A8B5-F401C65C9D5D}    a variant of Win64/BitCoinMiner.U potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{0DECCC80-44D1-48C6-A026-A4E8B57771E3}    a variant of Win64/BitCoinMiner.U potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{0FDB185B-0B5F-49DD-BFD0-AF47B53F76DF}    a variant of Win32/BitCoinMiner.BY potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{11A2AD24-3AF7-434F-B475-4385CBC4E523}    a variant of Win64/BitCoinMiner.R potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{14A4BB42-2CE3-44A4-805F-DCD106E69E41}    a variant of Win32/BitCoinMiner.BY potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{1CFAED7A-53B6-43B9-BE1B-BCE175D60B71}    a variant of Win64/BitCoinMiner.U potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{25B93550-E814-4536-87BE-CEF3435D2446}    a variant of Win32/BitCoinMiner.BV potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{35C16554-7E88-4D5F-8710-9787291730C1}    a variant of Win32/BitCoinMiner.BY potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{4938948F-E42D-442F-BF3C-CB624C182653}    a variant of Win32/BitCoinMiner.BY potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{4A893C7D-A0C3-4AE2-992D-05A33D4069CD}    a variant of Win64/BitCoinMiner.U potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{55FFACC5-0B76-418D-9516-C6D08E16E850}    a variant of Win64/BitCoinMiner.U potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{7705CE15-715F-47C0-9581-DFD320CF37F5}    a variant of Win32/BitCoinMiner.BY potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{7D6423A9-172A-4C72-BCC2-A3F3F63BEEF8}    Win32/AdWare.1ClickDownload.AT application    cleaned by deleting - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{7E11A9BC-823E-462D-B274-B1047762561C}    a variant of Win64/BitCoinMiner.U potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{90910295-1B6D-4ADF-B188-F972CDC38099}    a variant of Win64/BitCoinMiner.U potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{97E2CB9F-5BC6-475A-8C93-C8CDEA30F1A8}    a variant of Win32/BitCoinMiner.BY potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{9B58C65C-5C91-4B34-9B90-5DB5CBC8BE2F}    a variant of Win64/BitCoinMiner.U potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{A557B3C0-338C-4650-8A3F-11C9051A902B}    a variant of Win32/BitCoinMiner.BY potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{AFFCB7BC-5EC7-464D-8AC9-00F1260E3FA9}    a variant of Win32/BitCoinMiner.BW potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{B041E87C-AF99-4292-B082-1F7FA0A59505}    a variant of Win64/BitCoinMiner.U potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{B35BFF1B-6DC4-40AE-9AD6-C13205EED2AA}    a variant of Win32/BitCoinMiner.BY potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{B6D3E721-52F6-4542-AEB0-3E87163FBDE0}    a variant of Win64/BitCoinMiner.U potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{BAE421D6-FC7F-4A0E-8A1E-B56EB66FFC48}    a variant of Win64/BitCoinMiner.U potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{BCDC75AC-4D10-4733-A8BE-6B481E439D6F}    a variant of Win64/BitCoinMiner.U potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{BE56F2F5-3285-46BD-9E87-D05951603251}    a variant of Win32/BitCoinMiner.BV potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{CEC5834E-5422-4E83-9F4F-FFA49FA642B6}    Win32/BitCoinMiner.F potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{D2E8F081-3069-4FD1-80B1-A4DA47A7B977}    Win32/MiningProxy.A potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{D8B86D7F-A007-4E46-BE6F-86B4EA8F057C}    a variant of Win64/BitCoinMiner.U potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{DB2D983B-CB96-4964-9833-8D37FA363831}    a variant of Win64/BitCoinMiner.U potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{F9F92840-8BA4-42A7-87A8-976D5B5B521C}    a variant of Win32/BitCoinMiner.BY potentially unsafe application    deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{FDB8F4A2-0E33-431C-AFA8-D1EC002232D2}    a variant of Win32/BitCoinMiner.BY potentially unsafe application    deleted - quarantined
C:\Users\Cybad4d4\AppData\Local\MultiMiner\Miners\bfgminer\bfgminer-rpc.exe    a variant of Win32/BitCoinMiner.AN potentially unsafe application    deleted - quarantined
C:\Users\Cybad4d4\AppData\Local\MultiMiner\Miners\bfgminer\bfgminer.exe    a variant of Win32/BitCoinMiner.BW potentially unsafe application    deleted - quarantined
C:\Users\Cybad4d4\AppData\Local\MultiMiner\Miners\SPHSGMiner\sgminer.exe    a variant of Win32/BitCoinMiner.BY potentially unsafe application    deleted - quarantined
C:\Users\Cybad4d4\Downloads\litecoin-0.8.7.2-win32-setup.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    deleted - quarantined
C:\Wallets\Anoncoin\anoncoin-qt.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    deleted - quarantined
C:\Wallets\Anoncoin\daemon\anoncoind.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    deleted - quarantined
C:\Wallets\AsicCoin\AsicCoin\asiccoin-qt.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    deleted - quarantined
C:\Wallets\AsicCoin\AsicCoin\asiccoind.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    deleted - quarantined
C:\Wallets\Bytecoin\simplewallet.exe    a variant of Win64/BitCoinMiner.AK potentially unsafe application    deleted - quarantined
C:\Wallets\darkcoin-0.10.12.32-win\32\darkcoin-qt.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    deleted - quarantined
C:\Wallets\darkcoin-0.10.12.32-win\32\daemon\darkcoind.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    deleted - quarantined
C:\Wallets\EarthCoin\earthcoin-qt.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    deleted - quarantined
C:\Wallets\EarthCoin\daemon\earthcoind.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    deleted - quarantined
C:\Wallets\Guldencoin120_Windows\Guldencoin120.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    deleted - quarantined
C:\Wallets\Miner'sCoin\minerscoin-qt.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    deleted - quarantined
C:\Wallets\Miner'sCoin\minerscoind.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    deleted - quarantined
C:\Wallets\Phoenixcoin\minerd.exe    a variant of Win64/BitCoinMiner.U potentially unsafe application    deleted - quarantined
C:\Wallets\thelastcoin\thelastcoin-qt.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    deleted - quarantined
C:\Windows\System32\Bitcoin CPU Miner.scr    Win32/BitCoinMiner.BE potentially unsafe application    deleted - quarantined
D:\Downloads\litecoin-0.8.7.2-win32-setup.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    deleted - quarantined
D:\Mining\bfgminer-4.7.0-win64\bfgminer-4.7.0-win64\bfgminer-rpc.exe    a variant of Win64/BitCoinMiner.R potentially unsafe application    deleted - quarantined
D:\Mining\bfgminer-4.7.0-win64\bfgminer-4.7.0-win64\bfgminer.exe    a variant of Win64/BitCoinMiner.AC potentially unsafe application    deleted - quarantined
D:\Mining\cgminer-4.6.0-windows\cgminer-4.6.0-windows\cgminer.exe    a variant of Win32/BitCoinMiner.BY potentially unsafe application    deleted - quarantined
D:\Mining\CPU\15_AMD_06_30\X15_AMD_06_30\sgminer.exe    a variant of Win32/BitCoinMiner.BY potentially unsafe application    deleted - quarantined
D:\Mining\CPU\boolberry-easyminer-1.1\binaries\cpuminer\64bit\minerd.exe    a variant of Win64/BitCoinMiner.U potentially unsafe application    deleted - quarantined
D:\Mining\CPU\jhPrimeminer_RdBBeta3.3_x64-AVX\jhPrimeminer.exe    a variant of Win64/BitCoinMiner.H potentially unsafe application    deleted - quarantined
D:\Mining\EasyMiner\groestl\GroestlCPU64.exe    a variant of Win64/BitCoinMiner.U potentially unsafe application    deleted - quarantined
D:\Mining\EasyMiner\groestl\Groestl32\GroestlGPU\GroestlGPU.exe    a variant of Win32/BitCoinMiner.BY potentially unsafe application    deleted - quarantined
D:\Mining\EasyMiner\groestl\GroestlGPU\GroestlGPU.exe    a variant of Win32/BitCoinMiner.BY potentially unsafe application    deleted - quarantined
D:\Mining\EasyMiner\qubit\QubitCPU64.exe    a variant of Win64/BitCoinMiner.U potentially unsafe application    deleted - quarantined
D:\Mining\EasyMiner\qubit\Qubit32\QubitCPU32.exe    a variant of Win32/BitCoinMiner.BS potentially unsafe application    deleted - quarantined
D:\Mining\EasyMiner\qubit\Qubit32\QubitGPU\QubitGPU.exe    a variant of Win32/BitCoinMiner.BY potentially unsafe application    deleted - quarantined
D:\Mining\EasyMiner\qubit\QubitGPU\QubitGPU.exe    a variant of Win32/BitCoinMiner.BY potentially unsafe application    deleted - quarantined
D:\Mining\EasyMiner\scrypt\ScryptCPU64.exe    a variant of Win64/BitCoinMiner.U potentially unsafe application    deleted - quarantined
D:\Mining\EasyMiner\scrypt\Scrypt32\ScryptGPU\QubitGPU.exe    a variant of Win32/BitCoinMiner.BY potentially unsafe application    deleted - quarantined
D:\Mining\EasyMiner\scrypt\ScryptGPU\ScryptGPU.exe    a variant of Win32/BitCoinMiner.BY potentially unsafe application    deleted - quarantined
D:\Mining\EasyMiner\skein\SkeinCPU64.exe    a variant of Win64/BitCoinMiner.U potentially unsafe application    deleted - quarantined
D:\Mining\gcoinwindows\Windows\GCoin-qt.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application    deleted - quarantined
D:\Mining\GoldCoin\bfgminer-3.1.4-win64\bfgminer-3.1.4-win64\bfgminer.exe    a variant of Win64/BitCoinMiner.AC potentially unsafe application    deleted - quarantined
D:\Mining\GPU\EthanGPU\release\sgminer.exe    a variant of Win32/BitCoinMiner.BY potentially unsafe application    deleted - quarantined
D:\Mining\GPU\guiminer-scrypt_win32_binaries_v0.05\cudaminer\cudaminer.exe    a variant of Win32/BitCoinMiner.BV potentially unsafe application    deleted - quarantined
D:\Mining\monero-client-net-v0.39.0-rc.2-x64\cgminer-3.7.2\cgminer-4.5.0-windows\cgminer.exe    a variant of Win32/BitCoinMiner.BY potentially unsafe application    deleted - quarantined
D:\Mining\Program Files\QuazarCoin\simplewallet.exe    a variant of Win64/BitCoinMiner.AK potentially unsafe application    deleted - quarantined
D:\Mining\sgminer-5-0-beta-windows\sgminer-5-0-beta-windows\sgminer.exe    a variant of Win32/BitCoinMiner.BY potentially unsafe application    deleted - quarantined



#13 phunkey

phunkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 26 September 2014 - 02:48 PM

Nothing stands out for me. All appear to be mining programs and wallets. Some have alreasy been quaranteened by other security software.

 

Initial problem was inability to cut and paste at first in firefox then windows sevices started to fail and I'm wondering if it's a delayed consequence of a recent clone and switch to a larger C: Drive & fact I didn't clear up old drive and system reserved volumes. Inability to use/restore mbam could just be consequence of windows installer stopping as I'm having trouble installimg anything.

 

Anyway, thx for your help and I'll have a proper look at file tomorrow which is extensive but appears to conrain no serious threat?

 

Strange.


Edited by phunkey, 26 September 2014 - 02:51 PM.


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:57 AM

Posted 26 September 2014 - 03:04 PM

These are not necessarily harmless.
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge. Anything that runs on its own, searching your files, is not that safe.

I would recommend a deeper look for more serious malware.
Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 phunkey

phunkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 27 September 2014 - 01:21 AM

You're right, of course, boopme. I really took my eye off the ball. I only switched back to Windows a couple of months ago and there's such a smorgasboord of mining apps and stuff I was like a kid in a candy store.My miner runs off a Raspberry Pi but I stored my wallets on the windows machine along with all the mining software I've accumulated.

 

My Appdata file has now completely disappeared as have all my bookmarks and most of my wallets though I've got copies of them and a complete backup but don't want to renistall over infected system. I totally agree it's serious so I'm off to check out  guide as suggested.

 

Thanks again boopme!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users