Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GMER says rootkit all over the its log file


  • This topic is locked This topic is locked
6 replies to this topic

#1 motojon

motojon

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 22 August 2016 - 08:32 AM

Can you take a look at these logs please and let me know if I should just burn this computer? Thanks

 

GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-08-22 07:12:46
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002d ST1000LM024_HN-M101MBB rev.2BA30001 931.51GB
Running: gmer.exe; Driver: C:\Users\Freedom\AppData\Local\Temp\agndipod.sys


---- Threads - GMER 2.2 ----

Thread   C:\WINDOWS\system32\csrss.exe [7812:8120]                                                                                                    fffffc6505056c20

---- Services - GMER 2.2 ----

Service  C:\WINDOWS\system32\svchost.exe (*** hidden *** )                                                                                            [AUTO] CDPUserSvc_165d429                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\svchost.exe (*** hidden *** )                                                                                            [MANUAL] MessagingService_165d429                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\svchost.exe (*** hidden *** )                                                                                            [AUTO] OneSyncSvc_165d429                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\svchost.exe (*** hidden *** )                                                                                            [MANUAL] PimIndexMaintenanceSvc_165d429                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           <-- ROOTKIT !!!
Service  C:\WINDOWS\System32\TabSvc.dll (*** hidden *** )                                                                                             [MANUAL] TabletInputService                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       <-- ROOTKIT !!!
Service  C:\WINDOWS\System32\svchost.exe (*** hidden *** )                                                                                            [MANUAL] UnistoreSvc_165d429                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\svchost.exe (*** hidden *** )                                                                                            [MANUAL] UserDataSvc_165d429                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\svchost.exe (*** hidden *** )                                                                                            [MANUAL] WpnUserService_165d429                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   <-- ROOTKIT !!!

---- Registry - GMER 2.2 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OfficeODC                                                             ????????????????????????????\System Volume Information\*.{7cc467ef-6865-4831-853f-2a4817fd1bca}ALT??????????????????????????\System Volume Information\*.{7cc467ef-6865-4831-853f-2a4817fd1bca}DB?????????T??????`?R?`??%ProgramData%\Microsoft\Windows\WER\* /s??????L????????A????%windir%\softwaredistribution\*.* /s????? ^?????????????????C:\ProgramData\Microsoft\Network\Downloader\*????????&??????????????????????????????C:\Windows\system32\MSDtc\MSDTC.LOG?C:\Windows\system32\MSDtc\trace\dtctrace.log????????????????????? ????????????????????????????0????????????????????????????????E????$AllVolumes$\System Volume Information\FVE.{9ef82dfa-1239-4a30-83e6-3b3e9b8fed08}?????????????????????????????????????????????e?????$AllVolumes$\System Volume Information\FVE2.{9ef82dfa-1239-4a30-83e6-3b3e9b8fed08}??????? ??????????????????$AllVolumes$\System Volume Information\FVE2.{9ef82dfa-1239-4a30-83e6-3b3e9b8fed08}.*????????????????????????$UserProfile$\AppData\Local\Packages\Microsoft.Office.Desktop_8wekyb3d8bbwe\LocalCache\
Reg      HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\CMN15B90_30_07DD_26^FB8732505DD619BCA4AEEB9486AB9F5A@Timestamp           0x68 0xB3 0x9E 0x01 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{1FB324BA-A3B7-46EA-B386-8D179D7DBC10}\Connection@Name  isatap.{D977E2BE-97F3-4D37-856D-976923F5662A}
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{7CD88E3B-4E57-4A0C-85BB-C5771553E9B1}\Connection@Name  isatap.fios-router.home
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed                                                            1820628453
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime                                                                         2792
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime                                                                       2785
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime                                                                  13431
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppTime                                                                    1105
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppStartTimestamp                                                          3205
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeHiberFileTime                                                              600
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeRestoreImageStartTimestamp                                                 3662
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeIoTime                                                                     257
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressTime                                                             339
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeKernelSwitchTimestamp                                                      4311
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp                                                 4334
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp                                                        12222
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TimeStampCounterAtSwitchTime                                                     4324
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState                                                     13417
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberHiberFileTime                                                               6919
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberInitTime                                                                    85
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberSharedBufferTime                                                            3
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalHibernateTime                                                               17059
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeHiberFileTime                                                        6867
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeInitTime                                                             59
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime                                                                 828
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelAnimationTime                                                              158
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesProcessed                                                             536036
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesWritten                                                               0xC5 0xC4 0x02 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesProcessed                                                               31408
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesWritten                                                                 0xB7 0x42 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeReadRate                                                                   110
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressRate                                                             46
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberChecksumTime                                                                122
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberChecksumIoTime                                                              28
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelChecksumTime                                                               160
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelChecksumIoTime                                                             34
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeIoCpuTime                                                            1107
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberIoCpuTime                                                                   208
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp                                                          0x8F 0x9D 0x15 0x05 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HybridBootAnimationTime                                                          7941
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_165d429                                                                                    
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_165d429@Type                                                                               224
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_165d429@Start                                                                              2
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_165d429@ErrorControl                                                                       1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_165d429@ImagePath                                                                          C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_165d429@DisplayName                                                                        CDPUserSvc_165d429
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_165d429@FailureActions                                                                     0x80 0x51 0x01 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_165d429@Description                                                                        @%SystemRoot%\system32\cdpusersvc.dll,-101
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_165d429\Security                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_165d429\Security@Security                                                                  0x01 0x00 0x14 0x80 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_165d429                                                                                    
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{1FB324BA-A3B7-46EA-B386-8D179D7DBC10}@InterfaceName                       isatap.{D977E2BE-97F3-4D37-856D-976923F5662A}
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{1FB324BA-A3B7-46EA-B386-8D179D7DBC10}@ReusableType                        0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{1FB324BA-A3B7-46EA-B386-8D179D7DBC10}@DefunctTimestamp                    0x9B 0xC4 0xB7 0x57 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{7CD88E3B-4E57-4A0C-85BB-C5771553E9B1}@InterfaceName                       isatap.fios-router.home
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{7CD88E3B-4E57-4A0C-85BB-C5771553E9B1}@ReusableType                        0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{7CD88E3B-4E57-4A0C-85BB-C5771553E9B1}@DefunctTimestamp                    0x3B 0xC4 0xB7 0x57 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\48-5d-36-49-4c-1f@UPnPState                                             1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\48-5d-36-49-4c-1f@AddressCreationTimestamp                              0x5F 0x4F 0xC8 0x0D ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\48-5d-36-49-4c-1f@NatDetectionTimestamp                                 0x5F 0x4F 0xC8 0x0D ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\48-5d-36-49-4c-1f@ClientLocalPort                                       50122
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\48-5d-36-49-4c-1f@TeredoAddress                                         2001:0:5ef5:79fd:4bb:3c35:b84c:e158
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\48-5d-36-49-4c-1f@UPnPExternalPort                                      0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_165d429                                                                              
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_165d429@Type                                                                         224
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_165d429@Start                                                                        3
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_165d429@ErrorControl                                                                 0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_165d429@ImagePath                                                                    C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_165d429@DisplayName                                                                  MessagingService_165d429
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_165d429@FailureActions                                                               0x80 0x51 0x01 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_165d429@Description                                                                  @%SystemRoot%\system32\MessagingService.dll,-101
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_165d429\Security                                                                     
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_165d429\Security@Security                                                            0x01 0x00 0x14 0x80 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_165d429\TriggerInfo                                                                  
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_165d429\TriggerInfo\0                                                                
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_165d429\TriggerInfo\0@Type                                                           7
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_165d429\TriggerInfo\0@Action                                                         1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_165d429\TriggerInfo\0@Guid                                                           0x16 0x28 0x7A 0x2D ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_165d429\TriggerInfo\0@Data0                                                          0x75 0x18 0xBC 0xA3 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_165d429\TriggerInfo\0@DataType0                                                      1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_165d429                                                                              
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_165d429                                                                                    
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_165d429@Type                                                                               224
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_165d429@Start                                                                              2
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_165d429@ErrorControl                                                                       0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_165d429@ImagePath                                                                          C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_165d429@DisplayName                                                                        Sync Host_165d429
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_165d429@FailureActions                                                                     0x80 0x51 0x01 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_165d429@Description                                                                        @%SystemRoot%\system32\APHostRes.dll,-10001
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_165d429\Security                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_165d429\Security@Security                                                                  0x01 0x00 0x04 0x80 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_165d429                                                                                    
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_165d429                                                                        
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_165d429@Type                                                                   224
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_165d429@Start                                                                  3
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_165d429@ErrorControl                                                           0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_165d429@ImagePath                                                              C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_165d429@DisplayName                                                            Contact Data_165d429
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_165d429@FailureActions                                                         0x80 0x51 0x01 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_165d429@Description                                                            @%SystemRoot%\system32\UserDataAccessRes.dll,-15000
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_165d429\Security                                                               
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_165d429\Security@Security                                                      0x01 0x00 0x04 0x80 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_165d429                                                                        
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                              1057
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                                             252
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SRTSP@Start                                                                                           1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SRTSP                                                                                                 
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS                                                                         665
Reg      HKLM\SYSTEM\CurrentControlSet\Services\TabletInputService@Start                                                                              3
Reg      HKLM\SYSTEM\CurrentControlSet\Services\TabletInputService                                                                                    
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpNameServer                                                                       77.234.40.79
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{25ae3e45-cdc3-40ee-b322-7ae91aabe528}@LeaseObtainedTime                  1471661208
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{25ae3e45-cdc3-40ee-b322-7ae91aabe528}@T1                                 1471704408
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{25ae3e45-cdc3-40ee-b322-7ae91aabe528}@T2                                 1471736808
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{25ae3e45-cdc3-40ee-b322-7ae91aabe528}@LeaseTerminatesTime                1471747608
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d977e2be-97f3-4d37-856d-976923f5662a}@DhcpIPAddress                      100.100.224.29
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d977e2be-97f3-4d37-856d-976923f5662a}@DhcpSubnetMask                     255.255.240.0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d977e2be-97f3-4d37-856d-976923f5662a}@DhcpServer                         100.100.239.254
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d977e2be-97f3-4d37-856d-976923f5662a}@LeaseObtainedTime                  1471661211
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d977e2be-97f3-4d37-856d-976923f5662a}@T1                                 1487429211
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d977e2be-97f3-4d37-856d-976923f5662a}@T2                                 1499255211
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d977e2be-97f3-4d37-856d-976923f5662a}@LeaseTerminatesTime                1503197211
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d977e2be-97f3-4d37-856d-976923f5662a}@DhcpNameServer                     77.234.40.79
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d977e2be-97f3-4d37-856d-976923f5662a}@DhcpSubnetMaskOpt                  255.255.240.0?
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_165d429                                                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_165d429@Type                                                                              224
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_165d429@Start                                                                             3
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_165d429@ErrorControl                                                                      0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_165d429@ImagePath                                                                         C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_165d429@DisplayName                                                                       User Data Storage_165d429
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_165d429@FailureActions                                                                    0x80 0x51 0x01 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_165d429@Description                                                                       @%SystemRoot%\system32\UserDataAccessRes.dll,-10002
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_165d429\Security                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_165d429\Security@Security                                                                 0x01 0x00 0x04 0x80 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_165d429                                                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_165d429                                                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_165d429@Type                                                                              224
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_165d429@Start                                                                             3
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_165d429@ErrorControl                                                                      0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_165d429@ImagePath                                                                         C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_165d429@DisplayName                                                                       User Data Access_165d429
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_165d429@FailureActions                                                                    0x80 0x51 0x01 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_165d429@Description                                                                       @%SystemRoot%\system32\UserDataAccessRes.dll,-14000
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_165d429\Security                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_165d429\Security@Security                                                                 0x01 0x00 0x04 0x80 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_165d429                                                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated                                                          0x96 0xA2 0x5D 0xE3 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh                                                               0x96 0x0A 0x22 0x45 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow                                                                0x96 0x3A 0x99 0x81 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_165d429                                                                                
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_165d429@Type                                                                           224
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_165d429@Start                                                                          3
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_165d429@ErrorControl                                                                   0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_165d429@ImagePath                                                                      C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_165d429@DisplayName                                                                    Windows Push Notifications User Service_165d429
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_165d429@FailureActions                                                                 0x80 0x51 0x01 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_165d429@Description                                                                    @%SystemRoot%\system32\WpnUserService.dll,-2
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_165d429\Security                                                                       
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_165d429\Security@Security                                                              0x01 0x00 0x04 0x80 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_165d429                                                                                
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw                                                                                           0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask                                                                                       0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw                                                                                           0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask                                                                                       0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@Rw                                                                                           0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@RwMask                                                                                       0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\3@Rw                                                                                           0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\3@RwMask                                                                                       0x64 0x62 0x03 0x00 ...
Reg      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@308046B0AF4A39CB                                                          0xBA 0x45 0x77 0x4A ...
Reg      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{8B187E4E-8838-4FD4-B145-53AE643B2DDE}@LastAccessedTime                     0xC0 0x39 0x4A 0x5B ...
Reg      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{8B187E4E-8838-4FD4-B145-53AE643B2DDE}@LaunchCount                          10
Reg      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{B8BF55DE-5304-4D6C-A02E-4D5E5F73A45D}@LastAccessedTime                     0x00 0xCC 0x29 0x07 ...
Reg      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{B8BF55DE-5304-4D6C-A02E-4D5E5F73A45D}@LaunchCount                          28

---- EOF - GMER 2.2 ----
 

 

 



BC AdBot (Login to Remove)

 


#2 motojon

motojon
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 22 August 2016 - 08:34 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by Freedom (administrator) on DESKTOP-3BKBK04 (22-08-2016 09:26:08)
Running from C:\Users\Freedom\Desktop
Loaded Profiles: Freedom (Available Profiles: Freedom)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.7.1.32\ns.exe
() C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.7.1.32\ns.exe
(Dashlane, Inc.) C:\Users\Freedom\AppData\Roaming\Dashlane\Dashlane.exe
() C:\Users\Freedom\AppData\Roaming\Dashlane\DashlanePlugin.exe
(AVAST Software) C:\Program Files\AVAST Software\SecureLine\SecureLine.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2016-07-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954296 2015-12-11] (Synaptics Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-21-2167888695-3813404238-3268483981-1001\...\Run: [Dashlane] => C:\Users\Freedom\AppData\Roaming\Dashlane\Dashlane.exe [228224 2016-08-12] (Dashlane, Inc.)
HKU\S-1-5-21-2167888695-3813404238-3268483981-1001\...\Run: [DashlanePlugin] => C:\Users\Freedom\AppData\Roaming\Dashlane\DashlanePlugin.exe [286080 2016-08-12] ()
HKU\S-1-5-21-2167888695-3813404238-3268483981-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5770192 2016-08-04] (SecureMix LLC)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Norton Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Norton Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Norton Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk [2016-08-22]
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\avast! SecureLine.lnk [2016-07-13]
ShortcutTarget: avast! SecureLine.lnk -> C:\Program Files\AVAST Software\SecureLine\SecureLine.exe (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{25ae3e45-cdc3-40ee-b322-7ae91aabe528}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2167888695-3813404238-3268483981-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-08-03] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Norton Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-08-03] (Microsoft Corporation)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Freedom\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2016-08-12] (Dashlane, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-03] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-08-03] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-03] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Norton Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Freedom\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2016-08-12] (Dashlane, Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Freedom\AppData\Roaming\Mozilla\Firefox\Profiles\1axucj7i.default
FF DefaultSearchEngine.US: Google
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-08-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-08-03] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: BetterPrivacy - C:\Users\Freedom\AppData\Roaming\Mozilla\Firefox\Profiles\1axucj7i.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-08-19]
FF Extension: Dashlane - C:\Users\Freedom\AppData\Roaming\Mozilla\Firefox\Profiles\1axucj7i.default\Extensions\jetpack-extension@dashlane.com.xpi [2016-08-12]
FF Extension: Smart HTTPS - C:\Users\Freedom\AppData\Roaming\Mozilla\Firefox\Profiles\1axucj7i.default\Extensions\jid0-oFwt2ZcakHhkFl7Kp4lJn@jetpack.xpi [2016-08-22]
FF Extension: Clean Links - C:\Users\Freedom\AppData\Roaming\Mozilla\Firefox\Profiles\1axucj7i.default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2016-08-22]
FF Extension: NoScript - C:\Users\Freedom\AppData\Roaming\Mozilla\Firefox\Profiles\1axucj7i.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-19]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon [2016-08-18]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-22]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-22]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2950856 2016-07-25] (Microsoft Corporation)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4351440 2016-08-04] (SecureMix LLC)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [374360 2016-05-27] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NS; C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.7.1.32\NS.exe [289080 2016-08-16] (Symantec Corporation)
U2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2016-07-12] (Realtek Semiconductor)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [445240 2015-05-12] ()
S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255096 2015-12-11] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S4 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswTap; C:\Windows\System32\drivers\aswTap.sys [44640 2014-09-05] (The OpenVPN Project)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\Norton Security\NortonData\22.7.0.76\Definitions\BASHDefs\20160810.001\BHDrvx64.sys [1832176 2016-08-10] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1607010.020\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-04-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-04-27] (Symantec Corporation)
R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (SecureMix LLC)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\Norton Security\NortonData\22.7.0.76\Definitions\IPSDefs\20160819.001\IDSvia64.sys [876760 2016-08-18] (Symantec Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
U3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2016-07-16] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2016-07-12] (Realtek                                            )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51320 2015-12-11] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1607010.020\SRTSP64.SYS [773360 2016-08-09] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1607010.020\SRTSPX64.SYS [48888 2016-06-01] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1607010.020\SYMEFASI64.SYS [1627352 2016-06-01] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\1607010.020\SymELAM.sys [24192 2016-06-01] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-08-18] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1607010.020\Ironx64.SYS [291056 2016-06-01] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1607010.020\SYMNETS.SYS [567536 2016-06-01] (Symantec Corporation)
R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [40008 2015-06-25] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2016-02-17] (HP)
S3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation)
U3 agndipod; C:\Users\Freedom\AppData\Local\Temp\agndipod.sys [56584 2016-08-18] (GMER) [File not signed]
U0 aswVmm; no ImagePath
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160818.017\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160818.017\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-22 09:19 - 2016-08-22 09:26 - 00016082 _____ C:\Users\Freedom\Desktop\FRST.txt
2016-08-22 09:19 - 2016-08-22 09:25 - 00027371 _____ C:\Users\Freedom\Desktop\Addition.txt
2016-08-22 09:18 - 2016-08-22 09:19 - 02396672 _____ (Farbar) C:\Users\Freedom\Desktop\FRST64.exe
2016-08-22 09:16 - 2016-08-22 09:16 - 00000000 ____D C:\Users\Freedom\AppData\Local\GlassWire
2016-08-22 09:15 - 2016-08-22 09:15 - 30566696 _____ (SecureMix LLC) C:\Users\Freedom\Desktop\GlassWireSetup.exe
2016-08-22 09:15 - 2016-08-22 09:15 - 00001974 _____ C:\Users\Public\Desktop\GlassWire.lnk
2016-08-22 09:15 - 2016-08-22 09:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2016-08-22 09:15 - 2016-08-22 09:15 - 00000000 ____D C:\ProgramData\GlassWire
2016-08-22 09:15 - 2016-08-22 09:15 - 00000000 ____D C:\Program Files (x86)\GlassWire
2016-08-22 09:15 - 2015-05-29 00:30 - 00008392 _____ C:\WINDOWS\system32\Drivers\gwdrv.cat
2016-08-22 09:15 - 2015-05-29 00:15 - 00033152 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys
2016-08-22 08:31 - 2016-08-22 08:31 - 00000000 ____D C:\Users\Freedom\Desktop\kavremvr
2016-08-22 08:21 - 2016-08-22 08:21 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-22 08:21 - 2016-08-22 08:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-22 08:21 - 2016-08-22 08:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-22 08:21 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-22 08:21 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-22 08:20 - 2016-08-22 08:21 - 22851472 _____ (Malwarebytes ) C:\Users\Freedom\Desktop\mbam-setup-bc.1878-2.2.1.1043.exe
2016-08-22 07:38 - 2016-08-22 07:38 - 00000140 _____ C:\WINDOWS\ntbtlog.txt
2016-08-22 07:33 - 2016-08-22 07:33 - 00000000 ____D C:\NPE
2016-08-22 07:29 - 2016-08-22 08:42 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2016-08-22 07:27 - 2016-08-22 09:20 - 00000000 ____D C:\Users\Freedom\Desktop\bleep
2016-08-22 07:23 - 2016-08-22 07:23 - 00003418 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-08-19 19:21 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-18 20:19 - 2016-08-22 09:01 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-08-18 19:38 - 2016-08-22 07:23 - 00002597 _____ C:\Users\Public\Desktop\Norton Security.lnk
2016-08-18 19:38 - 2016-08-18 19:38 - 00101112 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2016-08-18 19:38 - 2016-08-18 19:38 - 00008270 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2016-08-18 19:37 - 2016-08-22 07:23 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2016-08-18 19:35 - 2016-08-18 19:35 - 01090152 _____ (Symantec Corporation) C:\Users\Freedom\Desktop\NortonNSDownloader.exe
2016-08-18 19:35 - 2016-08-18 19:35 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-08-18 19:09 - 2016-08-22 07:49 - 00007680 _____ C:\Users\Freedom\AppData\Local\Resmon.ResmonCfg
2016-08-18 19:00 - 2016-08-18 19:00 - 00000180 _____ C:\Users\Freedom\Documents\codes for me.txt
2016-08-18 16:22 - 2016-08-18 16:22 - 00074709 _____ C:\Users\Freedom\Desktop\lp.csv
2016-08-18 16:19 - 2016-08-18 16:19 - 00001841 _____ C:\Users\Freedom\Desktop\Dashlane.lnk
2016-08-18 16:19 - 2016-08-18 16:19 - 00000000 ____D C:\Users\Freedom\AppData\LocalLow\Dashlane
2016-08-18 16:18 - 2016-08-18 16:19 - 00000000 ____D C:\Users\Freedom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2016-08-18 16:18 - 2016-08-18 16:19 - 00000000 ____D C:\Users\Freedom\AppData\Roaming\Dashlane
2016-08-18 16:18 - 2016-08-18 16:19 - 00000000 ____D C:\Program Files (x86)\Dashlane
2016-08-18 15:46 - 2016-08-18 16:24 - 00004194 _____ C:\WINDOWS\System32\Tasks\Open URL by RoboForm
2016-08-18 15:45 - 2016-08-18 16:24 - 00000000 ____D C:\Program Files (x86)\Siber Systems
2016-08-18 13:08 - 2016-08-18 19:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-08-18 12:10 - 2016-08-18 12:10 - 13166304 _____ (Microsoft Corporation) C:\Users\Freedom\Desktop\Silverlight_x64.exe
2016-08-18 09:43 - 2016-08-18 09:43 - 00000046 _____ C:\WINDOWS\wininit.ini
2016-08-18 09:39 - 2016-08-18 09:39 - 00000000 _____ C:\WINDOWS\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2016-08-18 06:01 - 2016-08-18 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-08-18 06:00 - 2016-08-18 12:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-08-18 06:00 - 2016-08-18 12:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-08-18 05:46 - 2016-08-18 09:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2016-08-18 05:45 - 2016-08-18 09:44 - 00000000 ____D C:\Users\Freedom\AppData\Local\Comodo
2016-08-18 05:45 - 2016-08-18 09:40 - 00000000 ____D C:\ProgramData\Comodo
2016-08-18 05:44 - 2016-08-18 05:44 - 173597920 _____ (COMODO) C:\Users\Freedom\Downloads\cispremium_installer_6100_08.exe
2016-08-18 04:59 - 2016-08-18 22:57 - 00002236 _____ C:\Users\Freedom\Desktop\Tweaking.com - Windows Repair.lnk
2016-08-18 04:59 - 2016-08-18 04:59 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-DESKTOP-3BKBK04-Windows-10-Home-(64-bit).dat
2016-08-18 04:58 - 2016-08-18 04:58 - 00000000 ____D C:\Users\Freedom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-08-18 04:58 - 2016-08-18 04:58 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-08-18 04:57 - 2016-08-18 04:59 - 00189166 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2016-08-18 04:57 - 2016-08-18 04:57 - 29014040 _____ (Tweaking.com) C:\Users\Freedom\Desktop\tweaking.com_windows_repair_aio_setup.exe
2016-08-18 04:48 - 2016-08-19 22:27 - 00003660 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-08-18 04:48 - 2016-08-18 04:48 - 00000000 ____D C:\WINDOWS\ERUNT
2016-08-18 04:22 - 2016-08-20 16:21 - 00004172 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{73AD9079-44E1-4834-99A9-012658662028}
2016-08-18 04:22 - 2010-03-08 06:10 - 00013824 _____ (Kephyr) C:\WINDOWS\system32\ffnd.exe
2016-08-18 04:11 - 2016-08-18 04:12 - 02687418 _____ (Kephyr) C:\Users\Freedom\Downloads\freefixersetup.exe
2016-08-18 03:32 - 2016-08-18 03:32 - 07093624 _____ (VS Revo Group ) C:\Users\Freedom\Downloads\revosetup.exe
2016-08-18 03:32 - 2016-08-18 03:32 - 00001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2016-08-18 03:32 - 2016-08-18 03:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-08-18 03:32 - 2016-08-18 03:32 - 00000000 ____D C:\Program Files\VS Revo Group
2016-08-18 01:26 - 2016-08-18 01:26 - 34636056 _____ (Adlice Software ) C:\Users\Freedom\Downloads\setup.exe
2016-08-10 06:31 - 2016-08-10 06:31 - 00000000 ____D C:\WINDOWS\Panther
2016-08-10 01:35 - 2016-08-10 01:35 - 00987728 _____ (Google Inc.) C:\Users\Freedom\Downloads\ChromeSetup.exe
2016-08-09 14:29 - 2016-08-02 04:58 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-09 14:29 - 2016-08-02 04:53 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-09 14:29 - 2016-08-02 04:52 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-09 14:29 - 2016-08-02 04:48 - 22219328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-09 14:29 - 2016-08-02 04:48 - 00241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-08-09 14:29 - 2016-08-02 04:44 - 00151232 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-09 14:29 - 2016-08-02 04:44 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-08-09 14:29 - 2016-08-02 04:23 - 22572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-09 14:29 - 2016-08-02 04:21 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-08-09 14:29 - 2016-08-02 04:21 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-08-09 14:29 - 2016-08-02 04:20 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-08-09 14:29 - 2016-08-02 04:20 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-08-09 14:29 - 2016-08-02 04:15 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-08-09 14:29 - 2016-08-02 04:15 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-08-09 14:29 - 2016-08-02 04:14 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-08-09 14:29 - 2016-08-02 04:13 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-09 14:29 - 2016-08-02 04:12 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-08-09 14:29 - 2016-08-02 04:11 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-08-09 14:29 - 2016-08-02 04:11 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-08-09 14:29 - 2016-08-02 04:10 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-08-09 14:29 - 2016-08-02 04:09 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-08-09 14:29 - 2016-08-02 04:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-09 14:29 - 2016-08-02 04:07 - 09125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-08-09 14:29 - 2016-08-02 04:03 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-08-09 14:29 - 2016-08-02 04:00 - 05511168 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-08-09 14:29 - 2016-08-02 03:59 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-09 14:29 - 2016-08-02 03:58 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-09 14:29 - 2016-08-02 03:57 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-09 14:29 - 2016-08-02 03:56 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-08-09 14:29 - 2016-08-02 03:56 - 01785856 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-09 14:29 - 2016-08-02 03:56 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-08-09 14:29 - 2016-08-02 03:55 - 03617280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-09 14:29 - 2016-08-02 03:55 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-09 14:29 - 2016-08-02 03:52 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-08-09 14:29 - 2016-08-02 00:56 - 02251440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-09 14:29 - 2016-08-02 00:51 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-09 14:29 - 2016-08-02 00:47 - 00079536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-08-09 14:29 - 2016-08-02 00:39 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-08-09 14:29 - 2016-08-02 00:37 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-08-09 14:29 - 2016-08-02 00:37 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-08-09 14:29 - 2016-08-02 00:36 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-08-09 14:29 - 2016-08-02 00:33 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-08-09 14:29 - 2016-08-02 00:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-08-09 14:29 - 2016-08-02 00:28 - 19423232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-09 14:29 - 2016-08-02 00:27 - 07623168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-08-09 14:29 - 2016-08-02 00:26 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-09 14:29 - 2016-08-02 00:26 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-08-09 14:29 - 2016-08-02 00:25 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-08-09 14:29 - 2016-08-02 00:25 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-09 14:29 - 2016-08-02 00:23 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-08-09 14:29 - 2016-08-02 00:16 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-09 14:29 - 2016-08-02 00:13 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-09 14:29 - 2016-08-02 00:13 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-08-09 14:29 - 2016-08-02 00:12 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-08-09 14:29 - 2016-08-02 00:09 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-08-04 00:28 - 2016-08-04 00:28 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-08-04 00:25 - 2016-08-04 04:32 - 00000000 ____D C:\Users\Freedom\AppData\Local\ConnectedDevicesPlatform
2016-08-04 00:25 - 2016-08-04 00:25 - 00000020 ___SH C:\Users\Freedom\ntuser.ini
2016-08-03 11:25 - 2016-08-03 11:25 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-03 11:25 - 2016-08-03 11:25 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-08-03 11:25 - 2016-08-03 11:25 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-08-03 11:25 - 2016-08-03 11:25 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-08-03 11:25 - 2016-08-03 11:25 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-08-03 11:25 - 2016-08-03 11:25 - 01265424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-08-03 11:25 - 2016-08-03 11:25 - 01260384 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-08-03 11:25 - 2016-08-03 11:25 - 00843104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-08-03 11:25 - 2016-08-03 11:25 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-08-03 11:25 - 2016-08-03 11:25 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-03 11:25 - 2016-08-03 11:25 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-03 11:25 - 2016-08-03 11:25 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-08-03 11:25 - 2016-08-03 11:25 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-08-03 11:25 - 2016-08-03 11:25 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-03 11:25 - 2016-08-03 11:25 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-08-03 11:24 - 2016-08-03 11:24 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-08-03 11:24 - 2016-08-03 07:30 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-08-03 07:55 - 2016-08-03 07:55 - 00000000 ____D C:\ProgramData\USOShared
2016-08-03 07:54 - 2016-08-03 07:54 - 00000000 _SHDL C:\Users\Default\My Documents
2016-08-03 07:54 - 2016-08-03 07:54 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-08-03 07:54 - 2016-08-03 07:54 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-08-03 07:54 - 2016-08-03 07:54 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-08-03 07:54 - 2016-08-03 07:54 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-08-03 07:54 - 2016-08-03 07:54 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-08-03 07:54 - 2016-08-03 07:54 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-08-03 07:52 - 2016-08-03 07:54 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-08-03 07:52 - 2016-08-03 07:54 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-08-03 07:49 - 2016-08-22 08:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-03 07:49 - 2016-08-03 07:49 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-08-03 07:49 - 2016-08-03 07:49 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-08-03 07:48 - 2016-08-03 07:49 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-08-03 07:48 - 2016-08-03 07:49 - 00003044 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-08-03 07:48 - 2016-08-03 07:49 - 00002926 _____ C:\WINDOWS\System32\Tasks\avast! SL Update
2016-08-03 07:48 - 2016-08-03 07:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2016-08-03 07:42 - 2016-08-03 07:42 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-08-03 07:39 - 2016-08-03 07:42 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-08-03 07:37 - 2016-08-04 04:40 - 00000000 ____D C:\Users\Freedom
2016-08-03 07:37 - 2016-08-03 07:37 - 00000000 _SHDL C:\Users\Freedom\My Documents
2016-08-03 07:37 - 2016-08-03 07:37 - 00000000 _SHDL C:\Users\Freedom\Documents\My Videos
2016-08-03 07:37 - 2016-08-03 07:37 - 00000000 _SHDL C:\Users\Freedom\Documents\My Pictures
2016-08-03 07:37 - 2016-08-03 07:37 - 00000000 _SHDL C:\Users\Freedom\Documents\My Music
2016-08-03 07:34 - 2016-08-09 18:55 - 00007418 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2016-08-03 07:34 - 2016-08-03 07:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-08-03 07:33 - 2016-08-22 08:37 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-08-03 07:33 - 2016-08-09 18:55 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-08-03 07:33 - 2016-08-03 07:42 - 00000000 ____D C:\Program Files\Intel
2016-08-03 07:33 - 2016-08-03 07:33 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-08-03 07:33 - 2016-08-03 07:33 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-08-03 07:33 - 2016-08-03 07:33 - 00000000 ____D C:\Program Files\Realtek
2016-08-03 07:33 - 2016-08-03 07:33 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2016-08-03 07:33 - 2016-07-16 07:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-08-03 07:33 - 2016-05-27 15:50 - 00104584 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2016-08-03 07:33 - 2016-05-27 15:50 - 00100488 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-08-03 07:32 - 2016-08-03 07:32 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-08-03 07:32 - 2016-08-03 07:32 - 00000000 ____D C:\Program Files\Synaptics
2016-08-03 07:32 - 2016-08-03 07:32 - 00000000 _____ C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-08-03 07:32 - 2016-08-03 07:32 - 00000000 _____ C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-08-03 07:30 - 2016-08-22 07:23 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-08-03 07:30 - 2016-08-09 14:33 - 00333856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-03 06:40 - 2016-08-03 06:40 - 06377481 _____ C:\Users\Freedom\Desktop\kavremvr.zip
2016-08-03 01:18 - 2016-08-03 01:18 - 153527056 _____ (Microsoft Corporation) C:\Users\Freedom\Desktop\msert.exe
2016-08-02 04:22 - 2016-08-22 07:57 - 00000000 ____D C:\ProgramData\SecTaskMan

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-22 09:26 - 2016-03-28 09:40 - 00000000 ____D C:\FRST
2016-08-22 09:04 - 2016-07-13 19:41 - 00000000 ____D C:\Users\Freedom\Desktop\gmer
2016-08-22 09:03 - 2016-04-19 04:32 - 00000270 _____ C:\DelFix.txt
2016-08-22 08:43 - 2016-02-19 16:12 - 01819826 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-22 08:38 - 2016-04-08 13:10 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-22 08:37 - 2016-02-19 13:39 - 00000000 __SHD C:\Users\Freedom\IntelGraphicsProfiles
2016-08-22 08:36 - 2016-07-16 02:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2016-08-22 08:06 - 2016-04-17 12:23 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-22 07:37 - 2016-04-15 11:30 - 00000000 ____D C:\Users\Freedom\AppData\Local\NPE
2016-08-22 07:33 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2016-08-22 07:23 - 2016-04-15 09:48 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSx64
2016-08-19 22:59 - 2016-04-21 00:42 - 00000000 ____D C:\Users\Freedom\AppData\Local\CrashDumps
2016-08-19 21:38 - 2016-04-20 09:17 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-08-19 19:21 - 2016-07-13 00:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-19 19:11 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-19 01:17 - 2016-04-15 15:32 - 00000000 ____D C:\Users\Freedom\Desktop\pics
2016-08-19 01:16 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-18 23:35 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2016-08-18 22:36 - 2016-07-13 00:22 - 00000000 ____D C:\Program Files\AVAST Software
2016-08-18 21:51 - 2016-04-20 23:34 - 00000000 ____D C:\ProgramData\AVAST Software
2016-08-18 21:40 - 2016-04-17 12:23 - 00000000 ____D C:\Users\Freedom\AppData\Local\Google
2016-08-18 21:39 - 2016-03-28 10:01 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-08-18 21:35 - 2016-07-03 18:51 - 00000000 ____D C:\Users\Freedom\AppData\Roaming\AVAST Software
2016-08-18 20:29 - 2016-03-28 10:01 - 00033120 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-08-18 20:16 - 2016-03-28 10:01 - 00056734 _____ C:\WINDOWS\ZAM.krnl.trace
2016-08-18 19:43 - 2016-06-19 07:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-18 19:39 - 2016-07-16 02:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-08-18 19:39 - 2016-04-15 09:47 - 00000000 ____D C:\ProgramData\Norton
2016-08-18 19:38 - 2016-04-15 09:48 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-08-18 19:37 - 2016-04-15 09:48 - 00000000 ____D C:\Program Files (x86)\Norton Security
2016-08-18 12:23 - 2015-10-30 03:24 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_959
2016-08-18 09:41 - 2016-07-13 19:39 - 00714408 _____ (Sysinternals - www.sysinternals.com) C:\Users\Freedom\Desktop\autoruns.exe
2016-08-18 03:36 - 2016-04-21 15:12 - 00000000 ____D C:\Program Files (x86)\Privacyware
2016-08-18 03:35 - 2016-07-06 11:50 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-18 02:15 - 2016-04-16 00:59 - 00000000 ____D C:\Users\Freedom\AppData\Local\ElevatedDiagnostics
2016-08-18 01:28 - 2016-07-12 17:23 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-08-18 00:37 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\WindowsApps
2016-08-18 00:09 - 2016-04-19 02:18 - 00000000 ____D C:\ProgramData\HitmanPro
2016-08-10 10:48 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-10 00:26 - 2016-04-08 12:21 - 00002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-08-09 22:18 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache
2016-08-09 18:57 - 2016-07-12 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2016-08-09 18:56 - 2016-07-12 19:23 - 01292424 _____ (Ruiware) C:\Users\Freedom\Downloads\wpsetup.exe
2016-08-09 18:56 - 2016-07-12 19:23 - 00000000 ____D C:\ProgramData\InstallMate
2016-08-09 16:23 - 2016-02-19 16:24 - 00000000 ___RD C:\Users\Public\AccountPictures
2016-08-09 14:32 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-09 14:32 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-08-09 14:32 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-08-09 14:32 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-08-09 14:32 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-08-09 14:32 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-08-09 14:32 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-09 14:32 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-08-09 14:31 - 2016-02-19 14:20 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-09 14:29 - 2016-02-19 14:20 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-09 12:57 - 2016-06-23 14:23 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-04 04:32 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-08-04 01:00 - 2016-02-19 16:24 - 00000000 ____D C:\Users\Freedom\AppData\Local\Packages
2016-08-04 00:29 - 2016-02-19 16:26 - 00002418 _____ C:\Users\Freedom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-04 00:29 - 2016-02-19 16:26 - 00000000 ___RD C:\Users\Freedom\OneDrive
2016-08-03 11:29 - 2016-07-16 07:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-08-03 07:55 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-08-03 07:52 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-08-03 07:52 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Registration
2016-08-03 07:52 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-08-03 07:48 - 2016-07-16 07:47 - 00000000 ___RD C:\Users\Public\Libraries
2016-08-03 07:42 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-03 07:42 - 2016-06-19 07:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-08-03 07:42 - 2016-04-08 12:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-08-03 07:42 - 2015-10-30 02:28 - 00000000 ____D C:\Users\Default.migrated
2016-08-03 07:40 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-08-03 07:40 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-08-03 07:40 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-03 07:40 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-08-03 07:40 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-08-03 07:40 - 2016-04-20 23:19 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2016-08-03 07:39 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-08-03 07:37 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-08-03 07:34 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-08-03 07:34 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-08-03 06:13 - 2016-07-13 01:15 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-03 06:07 - 2016-06-19 07:43 - 00000000 ____D C:\ProgramData\Oracle
2016-08-03 06:06 - 2016-06-19 07:43 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-08-03 06:06 - 2016-06-19 07:43 - 00000000 ____D C:\Users\Freedom\.oracle_jre_usage
2016-08-03 06:06 - 2016-06-19 07:43 - 00000000 ____D C:\Program Files (x86)\Java
2016-08-03 01:16 - 2016-04-08 12:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-08-02 03:21 - 2016-07-12 17:19 - 34622920 _____ (Adlice Software ) C:\Users\Freedom\Desktop\setup.exe
2016-08-02 00:34 - 2016-03-28 02:02 - 00000146 _____ C:\WINDOWS\ODBC.INI
2016-07-27 15:25 - 2016-03-27 13:47 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2016-08-22 07:30 - 2016-08-22 07:30 - 21737496 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-08-18 19:09 - 2016-08-22 07:49 - 0007680 _____ () C:\Users\Freedom\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-18 02:14

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by Freedom (22-08-2016 09:26:28)
Running from C:\Users\Freedom\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-03 11:55:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2167888695-3813404238-3268483981-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2167888695-3813404238-3268483981-503 - Limited - Disabled)
Freedom (S-1-5-21-2167888695-3813404238-3268483981-1001 - Administrator - Enabled) => C:\Users\Freedom
Guest (S-1-5-21-2167888695-3813404238-3268483981-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.244.0 - AVAST Software)
Dashlane (HKU\S-1-5-21-2167888695-3813404238-3268483981-1001\...\Dashlane) (Version: 4.5.2.16147 - Dashlane SAS)
GlassWire 1.2 (remove only) (HKLM-x32\...\GlassWire 1.2) (Version: 1.2.73 - SecureMix LLC)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
HP Control Zone (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.107 - Synaptics Incorporated)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.2.8.25 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.5.26.37 - HP)
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{A501AF33-9AEA-4703-BC2F-D4B86458899D}) (Version: 17.1.1531.1764 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.7070.2033 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Mozilla Firefox 48.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 48.0.1 (x64 en-US)) (Version: 48.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.1.6073 - Mozilla)
Norton Security (HKLM-x32\...\NS) (Version: 22.7.1.32 - Symantec Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7030.1021 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7030.1021 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7030.1021 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.0 - VS Revo Group, Ltd.)
Security Task Manager 2.1g (HKLM-x32\...\Security Task Manager) (Version: 2.1g - Neuber Software)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.9 - Tweaking.com)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2167888695-3813404238-3268483981-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Freedom\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {35115DF4-0B42-418F-B9E6-49442554B843} - System32\Tasks\Norton Security\Norton Autofix => C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {3B7EEFAE-AFBA-4E72-8EE8-BE78E51197C8} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2015-05-12] (AVAST Software)
Task: {3B90AEE0-CDF3-4BA2-949F-9EE4920B77E2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {4B38036C-86F7-4C84-BDBB-D09B19D71452} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-25] (Microsoft Corporation)
Task: {4C87DEB0-EEA3-45D9-9E9E-AA869C546D78} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMJMNMMJIMLJLJPMMMCNGMMJJMMJCNLMOMNJLJCNOJKMLJPMCNNMGMNMJMJMJJIMLMMJKMKMMJJNJICMIMCNGMCNNMPMFMOMOMCNKMOMCNOMLMMMGMMMFMPMCNPMCNOMLMMMGMMMCNNMJNPICMPMFMFMOMMMNMJNHICMOMPMKJCJMIJNBJCMJLNIKJKJLJAJCJJNKJCMJNNICMJNDJCMKJBJJNMJCMPMFM (the data entry has 39 more characters).
Task: {5E5B5698-E674-4BC8-8EB7-1BCF6A4CB0DB} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {5F887376-7AAB-4DBA-9DAD-AE0E4BF51FE2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated)
Task: {6932790C-D030-4363-898B-DFFE98056116} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.7.1.32\WSCStub.exe [2016-08-16] (Symantec Corporation)
Task: {8E7F6632-B49C-452D-8C52-F168FE196633} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {B84F36C9-8216-4BE9-86DA-6B95A44C048A} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {DF13C087-EEF8-480E-94C1-9F70154F56B8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-08-03] (Microsoft Corporation)
Task: {E08E58D5-2FAE-4734-92FB-3A93C57C51A6} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-08-16] (Symantec Corporation)
Task: {E58319A5-4B94-44D2-80C2-55CBDD59D9DE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-25] (Microsoft Corporation)
Task: {E769E9B2-1911-4DC2-8679-398684486769} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {EBA95FC8-9AAD-4C50-AF2C-9AD6F638C521} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 07:42 - 2016-07-16 07:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-13 12:33 - 2015-05-12 16:11 - 00445240 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
2016-07-16 07:42 - 2016-07-16 07:42 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-07-16 07:42 - 2016-07-16 07:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-07-16 07:42 - 2016-07-16 07:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2016-07-16 07:42 - 2016-07-16 07:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-08-09 14:29 - 2016-08-02 04:15 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-08-09 14:29 - 2016-08-02 04:01 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-08-09 14:29 - 2016-08-02 03:53 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-08-09 14:29 - 2016-08-02 03:53 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-08-09 14:29 - 2016-08-02 03:54 - 01033728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-08-09 14:29 - 2016-08-02 03:54 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-08-09 14:29 - 2016-08-02 03:56 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-08-18 16:19 - 2016-08-12 12:22 - 00286080 _____ () C:\Users\Freedom\AppData\Roaming\Dashlane\DashlanePlugin.exe
2016-08-18 16:19 - 2016-08-12 12:19 - 00347520 _____ () C:\Users\Freedom\AppData\Roaming\Dashlane\4.5.2.16147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.4.5.2.16147.dll
2016-08-18 16:19 - 2016-08-12 12:19 - 00436096 _____ () C:\Users\Freedom\AppData\Roaming\Dashlane\4.5.2.16147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.4.5.2.16147.dll
2016-08-18 16:19 - 2016-08-12 12:19 - 00469376 _____ () C:\Users\Freedom\AppData\Roaming\Dashlane\4.5.2.16147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.4.5.2.16147.dll
2016-08-18 16:19 - 2016-08-12 12:19 - 63125376 _____ () C:\Users\Freedom\AppData\Roaming\Dashlane\4.5.2.16147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.4.5.2.16147.dll
2016-08-18 16:19 - 2016-08-12 12:19 - 00292736 _____ () C:\Users\Freedom\AppData\Roaming\Dashlane\4.5.2.16147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.4.5.2.16147.dll
2016-08-18 16:19 - 2016-08-12 12:19 - 06256000 _____ () C:\Users\Freedom\AppData\Roaming\Dashlane\4.5.2.16147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.4.5.2.16147.dll
2016-08-18 16:19 - 2016-08-12 12:19 - 07353728 _____ () C:\Users\Freedom\AppData\Roaming\Dashlane\4.5.2.16147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.4.5.2.16147.dll
2016-08-18 16:19 - 2016-08-12 12:19 - 13617536 _____ () C:\Users\Freedom\AppData\Roaming\Dashlane\4.5.2.16147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.4.5.2.16147.dll
2016-08-18 16:19 - 2016-08-12 12:19 - 02284928 _____ () C:\Users\Freedom\AppData\Roaming\Dashlane\4.5.2.16147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.4.5.2.16147.dll
2016-08-18 16:19 - 2016-08-12 12:19 - 00342912 _____ () C:\Users\Freedom\AppData\Roaming\Dashlane\4.5.2.16147\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.4.5.2.16147.dll
2016-07-13 12:33 - 2015-05-12 16:11 - 38561984 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2016-08-18 23:01 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2167888695-3813404238-3268483981-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass FF RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKU\S-1-5-21-2167888695-3813404238-3268483981-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{35796449-2249-4A67-A632-A284252DE2EB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{184CE23D-9FD3-4271-AB44-258347CC3006}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E107B818-A1AB-47A5-921B-E17B8F125A83}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4CD9FC42-7E72-4CEC-A281-E6B14673F241}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{60439392-82DF-4EF2-8E40-2F46C2E22E6B}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/22/2016 09:16:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (08/22/2016 09:16:49 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{08d7cc3b-7e39-4127-a491-f94c6f5657c2} - 00000000000001F8,0x0053c008,00000206FDE0A010,0,00000206FDE0B040,4096,[0]).  hr = 0x80070079, The semaphore timeout period has expired.
.


Operation:
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (08/22/2016 09:16:01 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/22/2016 08:56:45 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (08/22/2016 08:38:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-3BKBK04)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/22/2016 08:35:44 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/22/2016 08:22:15 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/22/2016 08:06:03 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (08/22/2016 08:05:43 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (08/22/2016 08:05:22 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {5303c562-c2b7-4e5a-b963-c8752a647afa}


System errors:
=============
Error: (08/22/2016 09:21:33 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1083wisvcUnavailable{3185A766-B338-11E4-A71E-12E3F512A338}

Error: (08/22/2016 09:21:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Insider Service service failed to start due to the following error:
%%1083 = The executable program that this service is configured to run in does not implement the service.

Error: (08/22/2016 09:16:49 AM) (Source: volsnap) (EventID: 67) (User: )
Description: The shadow copy of volume C: being created failed to install.

Error: (08/22/2016 09:13:08 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1083wisvcUnavailable{3185A766-B338-11E4-A71E-12E3F512A338}

Error: (08/22/2016 09:13:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Insider Service service failed to start due to the following error:
%%1083 = The executable program that this service is configured to run in does not implement the service.

Error: (08/22/2016 09:13:08 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1083wisvcUnavailable{3185A766-B338-11E4-A71E-12E3F512A338}

Error: (08/22/2016 09:13:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Insider Service service failed to start due to the following error:
%%1083 = The executable program that this service is configured to run in does not implement the service.

Error: (08/22/2016 09:13:08 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1083wisvcUnavailable{3185A766-B338-11E4-A71E-12E3F512A338}

Error: (08/22/2016 09:13:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Insider Service service failed to start due to the following error:
%%1083 = The executable program that this service is configured to run in does not implement the service.

Error: (08/22/2016 09:13:08 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1083wisvcUnavailable{3185A766-B338-11E4-A71E-12E3F512A338}


CodeIntegrity:
===================================
  Date: 2016-08-18 12:08:11.354
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-18 12:08:11.352
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-18 12:08:11.348
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-18 12:08:11.342
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-18 12:08:11.338
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-18 10:51:27.558
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-18 10:51:27.556
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-18 10:51:26.579
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-18 10:51:26.575
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-18 10:50:04.523
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4510U CPU @ 2.00GHz
Percentage of memory in use: 26%
Total physical RAM: 8122.15 MB
Available physical RAM: 5976.16 MB
Total Virtual: 8634.15 MB
Available Virtual: 6700.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.16 GB) (Free:896.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================



#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:08 PM

Posted 23 August 2016 - 10:45 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

tdss.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 motojon

motojon
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 24 August 2016 - 01:04 AM

Thanks so much for helping. TDSSkiller showed no threats. Here's log file

 

01:59:31.0803 0x0818  TDSS rootkit removing tool 3.1.0.11 Aug  5 2016 12:13:31
01:59:31.0803 0x0818  UEFI system
01:59:37.0625 0x0818  ============================================================
01:59:37.0625 0x0818  Current date / time: 2016/08/24 01:59:37.0625
01:59:37.0625 0x0818  SystemInfo:
01:59:37.0625 0x0818  
01:59:37.0625 0x0818  OS Version: 10.0.14393 ServicePack: 0.0
01:59:37.0625 0x0818  Product type: Workstation
01:59:37.0625 0x0818  ComputerName: DELLY
01:59:37.0625 0x0818  UserName: dde
01:59:37.0625 0x0818  Windows directory: C:\WINDOWS
01:59:37.0625 0x0818  System windows directory: C:\WINDOWS
01:59:37.0625 0x0818  Running under WOW64
01:59:37.0625 0x0818  Processor architecture: Intel x64
01:59:37.0625 0x0818  Number of processors: 4
01:59:37.0625 0x0818  Page size: 0x1000
01:59:37.0625 0x0818  Boot type: Normal boot
01:59:37.0625 0x0818  CodeIntegrityOptions = 0x00000001
01:59:37.0625 0x0818  ============================================================
01:59:39.0462 0x0818  KLMD registered as C:\WINDOWS\system32\drivers\33432632.sys
01:59:39.0462 0x0818  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.0, osProperties = 0x19
01:59:43.0818 0x0818  System UUID: {2A01C782-4A85-A005-221D-5E1071A6707F}
01:59:51.0050 0x0818  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:59:51.0067 0x0818  ============================================================
01:59:51.0067 0x0818  \Device\Harddisk0\DR0:
01:59:51.0068 0x0818  GPT partitions:
01:59:51.0069 0x0818  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {46C1D3C3-7860-4B34-BA0F-C7D0360C91D1}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xE1000
01:59:51.0069 0x0818  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {6ED90D5B-E483-4DCD-BCF7-CF5317EE6429}, Name: EFI system partition, StartLBA 0xE1800, BlocksNum 0x32000
01:59:51.0069 0x0818  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {EC07A413-B20A-4C99-A563-C37F5893EFCB}, Name: Microsoft reserved partition, StartLBA 0x113800, BlocksNum 0x8000
01:59:51.0069 0x0818  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {B0D0D421-202F-4547-94A2-D6C0646633D2}, Name: Basic data partition, StartLBA 0x11B800, BlocksNum 0x745EB000
01:59:51.0069 0x0818  MBR partitions:
01:59:51.0069 0x0818  ============================================================
01:59:51.0109 0x0818  C: <-> \Device\Harddisk0\DR0\Partition4
01:59:51.0109 0x0818  ============================================================
01:59:51.0109 0x0818  Initialize success
01:59:51.0109 0x0818  ============================================================
02:00:22.0966 0x0df0  ============================================================
02:00:22.0966 0x0df0  Scan started
02:00:22.0966 0x0df0  Mode: Manual; SigCheck; TDLFS;
02:00:22.0966 0x0df0  ============================================================
02:00:22.0966 0x0df0  KSN ping started
02:00:23.0091 0x0df0  KSN ping finished: true
02:00:27.0857 0x0df0  ================ Scan system memory ========================
02:00:27.0857 0x0df0  System memory - ok
02:00:27.0857 0x0df0  ================ Scan services =============================
02:00:28.0107 0x0df0  [ A7901875F89D011C38CF52C98ACF5B29, 782141AB1DD7ACDE6EA08B5BAFDE8BADD05B81D38C18E097D6D9C46102056EB1 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
02:00:28.0310 0x0df0  1394ohci - ok
02:00:28.0342 0x0df0  [ EE1CCC54F75C24727A218F98FC5349DA, 0B0D26640BFA0F551B7087027E572D0BF2C5EAF50A4187C5A7D839180B7FF589 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
02:00:28.0389 0x0df0  3ware - ok
02:00:28.0436 0x0df0  [ 73C73E1AA0D4D727A04AAAB120B7F56A, 5D311F11022994410DF5C67914D38B1F0D813EFD181EA234750286A272D67A1A ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
02:00:28.0467 0x0df0  ACPI - ok
02:00:28.0467 0x0df0  [ 0935496EF9624B46B935CB35ECE1F205, A22A2A29195505A65E8626D60B00C86C23E0CABC1EB8345EA5ED523516CC21C0 ] AcpiDev         C:\WINDOWS\System32\drivers\AcpiDev.sys
02:00:28.0514 0x0df0  AcpiDev - ok
02:00:28.0514 0x0df0  [ D6794C31F4077B71433988787BAA926E, F16365C2F195AAE94D4740E6C3DF4C0CECEC6393CAD65425DCCD28CDBA6EC51A ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
02:00:28.0529 0x0df0  acpiex - ok
02:00:28.0545 0x0df0  [ FE5F656D6B35089DA39112E74EC6A85A, 5D81EE63998232A5B36DE47FE15B9D04D5BD02234CA133A2462AECA8C60A22ED ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
02:00:28.0561 0x0df0  acpipagr - ok
02:00:28.0607 0x0df0  [ 2F242941E4DFF69B883D77A16F039557, 45C388365317C720654A659A9326B2BC0E9D84929C704654985597D5D620101C ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
02:00:28.0670 0x0df0  AcpiPmi - ok
02:00:28.0686 0x0df0  [ C247E35A21682DA8D0DC3AF9F025FCC5, 455415EE3166B3043AD8A4DD50B688DB74242267FB555642441251EFA823E971 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
02:00:28.0732 0x0df0  acpitime - ok
02:00:28.0842 0x0df0  [ 68E7DEA59FDEF410BAF29FDB5B7A6EEF, B808FCF0C30B465A1330E47947B84FC722A3B4C46260E261C54B1EED725A288F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
02:00:28.0873 0x0df0  AdobeARMservice - ok
02:00:29.0014 0x0df0  [ 32B31B696CB8E8F380831DFEB80A67E4, 8C8F6E16F2FB3E8F10569261B7712BBC931A2924B6C27D561E7F828041C4F3E6 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
02:00:29.0061 0x0df0  AdobeFlashPlayerUpdateSvc - ok
02:00:29.0201 0x0df0  [ 49B9DB97AFC85DCCBDACDAB2E90085B7, 2A6C2A09F74EA15044F442CCFB54A0F24F105ADB915E5C78F02F59652DC29152 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
02:00:29.0264 0x0df0  ADP80XX - ok
02:00:29.0295 0x0df0  [ 983266DA83FFF73DBDDD3730A4712228, 433A2731DAC687C52FB7E23093B8E11D92CCCF4C35B493D73AC30C6A4A6D2A6C ] AFD             C:\WINDOWS\system32\drivers\afd.sys
02:00:29.0311 0x0df0  AFD - ok
02:00:29.0373 0x0df0  [ E44DB3F7225EC3E119560738B3619972, 32946FBC2BD74072F22E48D769A034183F6C3728FCCC3CF0DD561602511E39B2 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
02:00:29.0467 0x0df0  ahcache - ok
02:00:29.0514 0x0df0  [ D0905D4A945D01D4B28DB9E1BD5985F7, CF389CBCD3B99D1BAE34A42F723F1005C32213A394F691978076D3DF1727715C ] AJRouter        C:\WINDOWS\System32\AJRouter.dll
02:00:29.0576 0x0df0  AJRouter - ok
02:00:29.0623 0x0df0  [ 8FD51B3B35707A66080D7C8CB05E792D, FE52F3DC280D208FDDC75F6E3294B8D601E0D86F9BD3DB1ACC8FC296AC74C23B ] ALG             C:\WINDOWS\System32\alg.exe
02:00:29.0670 0x0df0  ALG - ok
02:00:29.0686 0x0df0  [ DF21E05E41E5AC3F13F304D91457649A, 7F48F2AD1DBE89A261113C76D7C23AD7D87D5599BCC31F8A558A8A10B81BF521 ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
02:00:29.0764 0x0df0  AmdK8 - ok
02:00:29.0795 0x0df0  [ 45D0AA4BB90B821DF92E8F19ABED0C5E, EA87A6E98DB3C5A88A844C04C6934E870B7004E783AA5211722115382A211B90 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
02:00:29.0858 0x0df0  AmdPPM - ok
02:00:29.0873 0x0df0  [ 74FFBC43B4B899C9A8CA06A892F2CE73, 8D599363C7F3D373F1859BAA4D06DD0F40BE78B56BE52B74DE6EA6EF99452004 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
02:00:29.0904 0x0df0  amdsata - ok
02:00:29.0920 0x0df0  [ AAB0F1D8D7E54761ABAB13AF161F1680, CF847990EFFA2828F5B1DB1A68F08A6C2C918E9612EDFFCF95C36BCABBBEA272 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
02:00:29.0951 0x0df0  amdsbs - ok
02:00:29.0951 0x0df0  [ F91BAAC4237C40352A807000F3B716F9, F7EFA08E5067C3D419C9D21EDB880BA08883A80DDF35F8B42EC3AB293FE5E03E ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
02:00:29.0983 0x0df0  amdxata - ok
02:00:29.0998 0x0df0  [ BC121C099C6C659126AD2102AFDFF8CF, 42B5EE293BDD7ADCE48173A01B30D8452564B9DA225EAF25E9292FE77C0FCF3E ] AppID           C:\WINDOWS\system32\drivers\appid.sys
02:00:30.0045 0x0df0  AppID - ok
02:00:30.0108 0x0df0  [ 74A24CF946279111D7F203B36569EC02, FD67D36804744B4FE3E20BA891852575E6C2DA6515643B2F4B4210118B0FCCDA ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
02:00:30.0201 0x0df0  AppIDSvc - ok
02:00:30.0217 0x0df0  [ 008E4CCA7A4B33042276061E0A5B8244, DAD980540B564EFA06760435AF1B3213056E6DE8B2A55DF98E7D871625D4B080 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
02:00:30.0279 0x0df0  Appinfo - ok
02:00:30.0404 0x0df0  [ 3B3774C868868257533EC7E715BB6D53, 4AF1DADCEDBD80BE6EDEC696DF59E65B51D31E33F4C84413CA03C7BD959FF4E5 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:00:30.0436 0x0df0  Apple Mobile Device Service - ok
02:00:30.0483 0x0df0  [ 68190E2BADF23BD782344970E5B5DE9E, 95D30EC12C7FDF5822CED8BC2F17669A6687A2FB262B4F0D15C8DCFF4E9AB33D ] applockerfltr   C:\WINDOWS\system32\drivers\applockerfltr.sys
02:00:30.0545 0x0df0  applockerfltr - ok
02:00:30.0623 0x0df0  [ 41BF82B41BD24BAC9D9890DAC3212007, 0644BEE740244188B3D39F875D313B560D288B7FC33064E352C2A5F09073E361 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
02:00:30.0701 0x0df0  AppReadiness - ok
02:00:30.0811 0x0df0  [ 757646A22C2E9BC21E6A50842FE79139, 6AEBD3486F79C55154D677204D0CCB8179DAFC90941A743D277B44C1EED9DB12 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
02:00:31.0029 0x0df0  AppXSvc - ok
02:00:31.0061 0x0df0  [ E6AB1F0B4C3D4E0D2A88332D76FECD03, 0D3003EB979DA4546DCDD055011E24F13E34F683F02C9801CAC564D1809F11D2 ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
02:00:31.0123 0x0df0  arcsas - ok
02:00:31.0170 0x0df0  [ E4ABC023E251D2BB6B98C9FCAF5CF16D, 2A94320A3EF16E641B693BF6EABABB57C891B914B00F73ACD7ADB8CA5089EC40 ] aswTap          C:\WINDOWS\System32\drivers\aswTap.sys
02:00:31.0186 0x0df0  aswTap - ok
02:00:31.0186 0x0df0  [ 61C5A480C43E7E8E49C42869F49D0D3E, E610F0E4315ABA1D90AD4A1D7A68ABA2ACBB7FCA89E9D1798470365D52592D55 ] AsyncMac        C:\WINDOWS\System32\drivers\asyncmac.sys
02:00:31.0233 0x0df0  AsyncMac - ok
02:00:31.0233 0x0df0  [ A10F989A812B57B9695F6C305907C9C6, E2B292610079AA1A10696138DE8130905A8A834B75A8DED7EBF8B6732B77A0F4 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
02:00:31.0248 0x0df0  atapi - ok
02:00:31.0326 0x0df0  [ 5D637DF654D6386487876ADF5AF301B3, 7B53356237369D892F5BBEA9C967B20DCA40FA2B6B3C5AF7A4304FFD00DF1BFC ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
02:00:31.0420 0x0df0  AudioEndpointBuilder - ok
02:00:31.0498 0x0df0  [ 57CEE51D9D84870F93D404302705A054, 14364B9798E9FE3F8A42109D749804795FA507C1A7D535DC17876ECCD47644E9 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
02:00:31.0623 0x0df0  Audiosrv - ok
02:00:31.0623 0x0df0  [ 6D90FDA2DC364B8EA1420F2F81585CC3, 10E6F23A213CFE49BE04BB7D366ADD4028D61D7114FEC67C30B5467DF6B36D4F ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
02:00:31.0654 0x0df0  AxInstSV - ok
02:00:31.0701 0x0df0  [ 61BAC67048CA5C1D08C48FCC8012B613, 71B2A466FC38DA1029B471FBD2541D8FE359751A7B212AE0F420DB3645916450 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
02:00:31.0733 0x0df0  b06bdrv - ok
02:00:31.0780 0x0df0  [ 68F72B05EBC6D1779C0D60A147C7CA0B, AA1C857BEE34865C6B901157FC22570D4CF45D950708BAD7AA333F120F2B474C ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
02:00:31.0858 0x0df0  BasicDisplay - ok
02:00:31.0873 0x0df0  [ 23156E7EDAF613D839E2839746B168D3, CAEF8F9C7D3A338BD747AC9D5BFBE730D77B911E87BCF532EBB75E1F80916AFA ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
02:00:31.0920 0x0df0  BasicRender - ok
02:00:31.0951 0x0df0  [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn           C:\WINDOWS\System32\drivers\bcmfn.sys
02:00:31.0998 0x0df0  bcmfn - ok
02:00:32.0030 0x0df0  [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
02:00:32.0061 0x0df0  bcmfn2 - ok
02:00:32.0155 0x0df0  [ D4EFDA0D56429018281F8F3188E6F86C, 020B861338BAF8E2A861CA1D2D22640CCD39BA84F18260F9862F7E3AC5014985 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
02:00:32.0248 0x0df0  BDESVC - ok
02:00:32.0295 0x0df0  [ 0A508274355745EEF01C6BE3198D02C4, E2DB08AEE2368FA95FDB357BB31EA4EBF31679C3E72E109DB3D7CD1B5F7B828E ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
02:00:32.0326 0x0df0  Beep - ok
02:00:32.0436 0x0df0  [ 5125CBB61AC81168366BEB290399CB8E, B2A3095D45E2114DE2BD0E5A3AE20B3CE95EE517A35B9E1EAD05E231F38DBDCF ] BFE             C:\WINDOWS\System32\bfe.dll
02:00:32.0530 0x0df0  BFE - ok
02:00:32.0764 0x0df0  [ 4E8EF55692BDCB8BA97888877CD034AC, 050C73032D77D57E3B79D1BFB3F2D7F2E9CED1188F53576223FE10149D86AB6C ] BHDrvx64        C:\Program Files (x86)\Norton Security\Norton Security\NortonData\22.7.0.76\Definitions\BASHDefs\20160810.001\BHDrvx64.sys
02:00:32.0858 0x0df0  BHDrvx64 - ok
02:00:32.0967 0x0df0  [ D99CD8421A546B5AC727CD947C61DC83, E5DD081CB7D8FB6891277D4DEB34B003C04EEF236462E2FCAE35D131F580C10D ] BITS            C:\WINDOWS\System32\qmgr.dll
02:00:33.0076 0x0df0  BITS - ok
02:00:33.0248 0x0df0  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
02:00:33.0295 0x0df0  Bonjour Service - ok
02:00:33.0326 0x0df0  [ EEBFAEB4702E1049ECD44B10485E6C0C, 8F4D31E36717101B6172D7346E86EBC77B9CDAA5CC14AA1379661C16A7FF05E2 ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
02:00:33.0436 0x0df0  bowser - ok
02:00:33.0530 0x0df0  [ 78C35DD7CF780428650B1EE9B0F8D41E, C5A3111383CD9813A4ED33E244E20E2E0607CDEFC5BF00A760F63DAD019EE90E ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
02:00:33.0623 0x0df0  BrokerInfrastructure - ok
02:00:33.0702 0x0df0  Browser - ok
02:00:33.0733 0x0df0  [ 722036C26D2C4E50EC2A2EC5FD678846, 999468038AE01F0FF6881F4B2A2CB67BC636641188E95F10729E08ADBC3CB3DE ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
02:00:33.0811 0x0df0  BthAvrcpTg - ok
02:00:33.0842 0x0df0  [ FF218FBB511B733F8A6829FB17CA972D, 05BB1C3BFE189549E78A02C5C0C0C832C248680668D821F92FE7B6B39DC111A0 ] BthEnum         C:\WINDOWS\System32\drivers\BthEnum.sys
02:00:33.0905 0x0df0  BthEnum - ok
02:00:33.0920 0x0df0  [ C2E31BE025D46D189E38DD1EDF07837A, 656528DCAAAF485EC57EE5C3021E96736634DE3B9C39CBCD2728E055ABD4C0A5 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
02:00:33.0967 0x0df0  BthHFEnum - ok
02:00:33.0983 0x0df0  [ F7CD605FC0B0B22F3F6F247595E3A655, 1CD9140DE5415DDBEACD8667E63E5C95FD64D693B56302A0474E693E578BEAB0 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
02:00:33.0998 0x0df0  bthhfhid - ok
02:00:34.0045 0x0df0  [ B157D72BDA6A6DD6E9DC6BF338CD0CF8, B2AC26AE214151E5AD93DED78256BC0295DBF0133C854E7DEE4CD776D9C9A349 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
02:00:34.0077 0x0df0  BthHFSrv - ok
02:00:34.0123 0x0df0  [ 8EDA0733FF6266C2FB26BCE0B4AA8B15, F60BE5630EE714B718233933DC6101130DF672A01F99C7389D0708BC00E8D5DF ] BthLEEnum       C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys
02:00:34.0155 0x0df0  BthLEEnum - ok
02:00:34.0170 0x0df0  [ 535DC41A33630AE4C262406F9E981C03, 599332589AA28D04189E19B87A4AE6FEEB60B40A7BC6E3B11240DA363A981C29 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
02:00:34.0202 0x0df0  BTHMODEM - ok
02:00:34.0248 0x0df0  [ D2A121586B660311B09964D2A6DDF864, 539953D953D40014366918BB38FADD3F21417EF8ADA532E1ABD1824949B952D4 ] BthPan          C:\WINDOWS\System32\drivers\bthpan.sys
02:00:34.0264 0x0df0  BthPan - ok
02:00:34.0389 0x0df0  [ E465D7F6F3E4CA9F0E5FB6FD346F2F3D, 8F01051202903E8E16A6AE42B3F5F900C4D0B021311AE44225E8D11BE48DB129 ] BTHPORT         C:\WINDOWS\system32\DRIVERS\BTHport.sys
02:00:34.0436 0x0df0  BTHPORT - ok
02:00:34.0467 0x0df0  [ 96932F631F5CB9F5D1C8F99A71568EF3, 5E4C8955A2EE9DC76B4EBC383653EB753D76D6B017E1A5DD553AC16094D7F12A ] bthserv         C:\WINDOWS\system32\bthserv.dll
02:00:34.0499 0x0df0  bthserv - ok
02:00:34.0514 0x0df0  [ 7E844E3B520CA7873674D36286BC380F, 8B2A079B59625754D4CDFC486FC606B036B063DB382F6449A0CB69C5675F7A8A ] BTHUSB          C:\WINDOWS\system32\DRIVERS\BTHUSB.sys
02:00:34.0545 0x0df0  BTHUSB - ok
02:00:34.0577 0x0df0  [ 23F9EF739F685E07482116425E7879AA, 0EBDF96A49A319C0BCF6F51FB6C8C392C017E1738B950C19C91FF43E14D73143 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
02:00:34.0639 0x0df0  buttonconverter - ok
02:00:34.0655 0x0df0  [ 4C61113687EB66035A70A55EE9B7DB4A, 3339821A3853B90F3B468470493A813053D82014E2677E726C16E19AABE2A440 ] CapImg          C:\WINDOWS\System32\drivers\capimg.sys
02:00:34.0717 0x0df0  CapImg - ok
02:00:34.0799 0x0df0  [ 03427B8FF618BE50EB5027B4E549C0D8, 3C3815FE3C847B992E794B1BB0FDB87B8D18AEC95BA9E916591CF43EB8169D15 ] ccSet_NS        C:\WINDOWS\system32\drivers\NSx64\1607010.020\ccSetx64.sys
02:00:34.0846 0x0df0  ccSet_NS - ok
02:00:34.0861 0x0df0  [ F8FB51B9EF6372610E9B31A1D86B62FC, 7461584A8B39AC549AD7BAFFA509D4CD81EEE542808BC8EFC285863A0AE6432D ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
02:00:34.0908 0x0df0  cdfs - ok
02:00:34.0955 0x0df0  [ 7AD576CF28F1E7AEFC3D6E8279DF84F6, 1F7E26F9354B543881E940F5183086AC00684CDC0AB7A797E1F0AB21C4AD8716 ] CDPSvc          C:\WINDOWS\System32\CDPSvc.dll
02:00:35.0080 0x0df0  CDPSvc - ok
02:00:35.0111 0x0df0  [ 0415CA08674F64D63329CB51D4004685, 12F3AB9A263F2E131F4969E6CED2AE6DD7AF06C10AF02923256FF4C9E34698BF ] CDPUserSvc      C:\WINDOWS\System32\CDPUserSvc.dll
02:00:35.0221 0x0df0  CDPUserSvc - ok
02:00:35.0268 0x0df0  [ 613D0137C269187FA298A157E3D14A18, 84BC268525F14BB27202CE242BF94D9E83BC91B50A0335908574F31B29A2F04D ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
02:00:35.0299 0x0df0  cdrom - ok
02:00:35.0330 0x0df0  [ 9450FA11E9DE6715FCB71A519A8FF90B, B7E341C6E4CE967FCDD0D17A497C07E8A1C6B0AACE8A6E8E5D6C21EF73F13E16 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
02:00:35.0361 0x0df0  CertPropSvc - ok
02:00:35.0393 0x0df0  [ 0AED948DA8D5F08B3D6F12E4E2089736, 95E538E81DDBC83492C5F3820C82C78F050B4D74ACF12D7970EC84F93581AE29 ] cht4iscsi       C:\WINDOWS\system32\drivers\cht4sx64.sys
02:00:35.0408 0x0df0  cht4iscsi - ok
02:00:35.0533 0x0df0  [ 0002A0FDE087C1657AB31CE73077539C, 4DD6210B67E9633AB3240371590869DC833A4C986C74FC12A5D4FFFFD361848A ] cht4vbd         C:\WINDOWS\System32\drivers\cht4vx64.sys
02:00:35.0658 0x0df0  cht4vbd - ok
02:00:35.0674 0x0df0  [ 6B4F90A287D75CCD78694F6790C911B2, 73D7C31E9F475FA3FD568FCA9A953F968729AA114F63C06F38BF5198DAD67BD8 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
02:00:35.0721 0x0df0  circlass - ok
02:00:35.0736 0x0df0  [ 09D0B94D3A06EFD1EB70189EC4B26DF7, 47E73C536C63F4C21E4ADBB122A152D3A291CF4EDD4CB4D07D09D14E1A9961F1 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
02:00:35.0783 0x0df0  CLFS - ok
02:00:36.0002 0x0df0  [ 7C0BE2F644314FEDD0C1447B3AA43AE7, E0D2B35132999D90D98882090CF04D57B5627B9E22BE8DF63AAB99D86C4B9ADA ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
02:00:36.0127 0x0df0  ClickToRunSvc - ok
02:00:36.0174 0x0df0  [ E133CFCBFABB3CB517BE9F42FEA5887C, DA699CDD5F3CC427354540C907BD24CCA7BAC3112C53918EB611CB4EEC7611DA ] ClipSVC         C:\WINDOWS\System32\ClipSVC.dll
02:00:36.0236 0x0df0  ClipSVC - ok
02:00:36.0268 0x0df0  [ EEC3A4A98AE1A337E3CD1483AD6F2E15, 764DA329984A95E092F5C15116DA34FA7FC27216C0862365D4BF10ADC97EC5C5 ] clreg           C:\WINDOWS\System32\drivers\registry.sys
02:00:36.0330 0x0df0  clreg - ok
02:00:36.0377 0x0df0  [ 429623E266EF067A44E8CF148E9DFB9B, A48AA85ACC52C7AD73DB2D6148B3F9FB5EAC33C8F8C5BB6D7D0A9D84B7C08E11 ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
02:00:36.0424 0x0df0  CmBatt - ok
02:00:36.0518 0x0df0  [ E09C3E2CD29727AAC0977E1A7CE0425E, 86BC9C4306861D104A0F87E9C6E3E7A972488C80DD399A983397FF0312292DA3 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
02:00:36.0565 0x0df0  CNG - ok
02:00:36.0580 0x0df0  [ 3DB10C59405931E2C72EFB82C1AF97D1, 100B5450A70988DB1C1F8A5FDBB3553AF1A0D47B42A5AC71460DB92E26010CE6 ] cnghwassist     C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
02:00:36.0612 0x0df0  cnghwassist - ok
02:00:36.0705 0x0df0  [ 34C935AF2A414572B412B3556586D783, 912981B88B0796576ECCD5EBE0C4728EC02D5D6A96B039447DCBA59B2583F25E ] CompositeBus    C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
02:00:36.0752 0x0df0  CompositeBus - ok
02:00:36.0752 0x0df0  COMSysApp - ok
02:00:36.0784 0x0df0  [ 44EEEB2382F566999287E13F2067693C, 53A4A0C85EAD38030FF2078C67465E3710ECD03A08FF34E1E67B2E3E1CC70043 ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
02:00:36.0815 0x0df0  condrv - ok
02:00:36.0893 0x0df0  [ 9CE94A05A5BA6A92013CAD1B924B1EC2, 19ECE2C607BAE5DCE7ED4AB46722E63EF834B219716F3A90AF661C02B58088C4 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
02:00:36.0924 0x0df0  CoreMessagingRegistrar - ok
02:00:37.0034 0x0df0  [ 27A1B989FB65766AA8F7C67FF511840E, 0489859E352E14CF5DE072A6D2DCA4A66099AADA52CF8C2047B80A4166C9C031 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
02:00:37.0096 0x0df0  cphs - ok
02:00:37.0143 0x0df0  [ 5F06CAC4B09250CDDDD0180A08162924, A2EB0A57225E65FC264CFC9FAD858D8B54A015CDAE3DC904B1C4E9AAB40B1F06 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
02:00:37.0205 0x0df0  CryptSvc - ok
02:00:37.0252 0x0df0  [ 68B1E0DA1BB1680494227E88CE821E2F, DE9AFCE4CC28F3484180D6A63FBBDA5B89F208E056BD17870C074094159ED6AF ] dam             C:\WINDOWS\system32\drivers\dam.sys
02:00:37.0299 0x0df0  dam - ok
02:00:37.0330 0x0df0  [ A4700D1F78539C0ED32FA50E64F9C692, 5CB03B5F36307BA152245BAD29CB2AC703BBE8197ABC0338A7092ADEA1C3221A ] dc3d            C:\WINDOWS\System32\drivers\dc3d.sys
02:00:37.0346 0x0df0  dc3d - ok
02:00:37.0487 0x0df0  [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
02:00:37.0612 0x0df0  DcomLaunch - ok
02:00:37.0643 0x0df0  [ AE9F09F87755C18904656CB4F59F351D, B352A43B3B68B497D87B49C302AF3F37F36D56D49878AE3785C3D43597E5DC57 ] DcpSvc          C:\WINDOWS\system32\dcpsvc.dll
02:00:37.0705 0x0df0  DcpSvc - ok
02:00:37.0768 0x0df0  [ ABBD3EE724117242E28D31F19FBCFF03, 68EA91A969DD80A5DE28B0A8EAEB308837183713559C2C2FAEF991858C971393 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
02:00:37.0862 0x0df0  defragsvc - ok
02:00:37.0909 0x0df0  [ 2F5EB7375FC3D9DBB81BDFFE2BCCB9D0, 6D2C01CB29EA220C265D6B24C791D97482D05F1C9FF4C9816FAA3F3E05B42882 ] DellRbtn        C:\WINDOWS\System32\drivers\DellRbtn.sys
02:00:37.0940 0x0df0  DellRbtn - ok
02:00:38.0002 0x0df0  [ 78658EBDAD59E17ACC3569C8451F07B3, 629A014AF4E306C167B4D5C8DAFEE145472691CDCBBBB616D1435B67AA6FF20B ] DeviceAssociationService C:\WINDOWS\system32\das.dll
02:00:38.0096 0x0df0  DeviceAssociationService - ok
02:00:38.0112 0x0df0  [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
02:00:38.0205 0x0df0  DeviceInstall - ok
02:00:38.0252 0x0df0  [ CDF1B1B5C5951111791C236B2696C7F8, BF6C4BA545C8827B40DB69890DB4D2B2F9C583C5E3CFBDFD370B05891141458D ] DevQueryBroker  C:\WINDOWS\system32\DevQueryBroker.dll
02:00:38.0315 0x0df0  DevQueryBroker - ok
02:00:38.0362 0x0df0  [ 7EAFDEF51136E8F2452CEBD8D084F108, 88609DCB578D14BEBF7CF3C4D300FE2440BA0CF95189969247AB516059E9C284 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
02:00:38.0409 0x0df0  Dfsc - ok
02:00:38.0518 0x0df0  [ F0D4400BA0F08610D9A551B15BF10B76, 83EB8FB272FC2DD2CC0659C2FB90AD0DAE88A88AB3951E03BCD933A25B601E10 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
02:00:38.0596 0x0df0  Dhcp - ok
02:00:38.0643 0x0df0  [ CA7FEDDFCF61EF15A09C54DA2C07C49F, 346EF7709BA9E6BD48592B86FA46F9D956C847EF91F4980EEAD98269D0F0EF67 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
02:00:38.0690 0x0df0  diagnosticshub.standardcollector.service - ok
02:00:38.0831 0x0df0  [ 6079A6F6406C4FFB552F66384F25F919, 8B38645F1F4A8F72DF18373EDCD3828DDF8D4E2A406E42E654F21C0C1A5EB661 ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
02:00:39.0034 0x0df0  DiagTrack - ok
02:00:39.0065 0x0df0  [ 35B9D46560339A5A7F0CAC6ED702C817, F70480B01533B7029F90E2DE297E9E829660300DDE7A7D009B0AC2684E7691A7 ] disk            C:\WINDOWS\system32\drivers\disk.sys
02:00:39.0081 0x0df0  disk - ok
02:00:39.0112 0x0df0  [ 53757B27986CDC970725FAE35F45CA11, 3B332C2FBD502BAD959DDD65C86FEAFA78DFDDF6405F130F2F26A8AF9424E21B ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
02:00:39.0222 0x0df0  DmEnrollmentSvc - ok
02:00:39.0245 0x0df0  [ 815F45161A4571C2C44491564F3D5968, 32E7AE8414A178CE429C0CDFCF718E3C11C705FB3155EA5CA0EAD48AAE507B01 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
02:00:39.0303 0x0df0  dmvsc - ok
02:00:39.0334 0x0df0  [ 6E5EE6E420FECD64DE463C5F01CBFE71, F173C56895E80AA03D70CD78B3AB659C2EEAACFF43BE3B6EF3939D6F4AD4F62D ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
02:00:39.0413 0x0df0  dmwappushservice - ok
02:00:39.0459 0x0df0  [ 7F8A3ABF7750326E18CE953CCE262670, 5DBD159E8A455A42764FC73CF7DCAC849B5896848C5589B00BD36697804C0A3B ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
02:00:39.0491 0x0df0  Dnscache - ok
02:00:39.0522 0x0df0  [ 8F46B4C3F9BA19C26A26D0A11137B20B, BA0A66DBA98D77FD85A7CD2D4593F2B2A1A3B4D32BBECBCFFBEB5A54DCB0D8ED ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
02:00:39.0569 0x0df0  dot3svc - ok
02:00:39.0569 0x0df0  [ CA09EAEE92C6FDDC6B05057F11A0372D, 14DB5C186B69644AA93C445BF31CC9670204F95A47B77B6EACB19B4A316378AD ] DPS             C:\WINDOWS\system32\dps.dll
02:00:39.0631 0x0df0  DPS - ok
02:00:39.0663 0x0df0  [ AE6BD4C879A8C849E53947C92DF3B3A0, 8C29774CB2D30D901C54AAC0C8ACE709351EE40E5C8FB9951B2A18B4A03F28B7 ] drmkaud         C:\WINDOWS\system32\DRIVERS\drmkaud.sys
02:00:39.0678 0x0df0  drmkaud - ok
02:00:39.0725 0x0df0  [ 7433474BE77F065D2FA628671FE31A3E, 063ADDC68F48036749E6EC7B2F66284DB29F90F62E9468D16B4EF5A0FDC45E35 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
02:00:39.0772 0x0df0  DsmSvc - ok
02:00:39.0819 0x0df0  [ 5FCA45C24501DA7390065D3706A9FC3F, 093FD840F1502ECC6F05B9723CA523B3F15CF39A5D2B9106E1267739B3F2C52C ] DsSvc           C:\WINDOWS\System32\DsSvc.dll
02:00:39.0881 0x0df0  DsSvc - ok
02:00:40.0022 0x0df0  [ A90C76FB62526DEB5A5557A8839841AB, 939BDA8A4F73E834A319D45C97B0892B0A44886A9191BA20D1121622BAE413FA ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
02:00:40.0084 0x0df0  DXGKrnl - ok
02:00:40.0131 0x0df0  [ 9FCE4EF7D5E274F862D9A2526B5F4779, 81D42D5475C2801C8E0C233A0BA827569D8A70590017C91C665C8B232D9BFAA9 ] EapHost         C:\WINDOWS\System32\eapsvc.dll
02:00:40.0163 0x0df0  EapHost - ok
02:00:40.0319 0x0df0  [ 7EC6FC0266D74BD47ABB130A328B70EC, 3856790AF967AB03B1A89F97328DC4D5A6854ACDA6169681A9AFB03D7CF791F9 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
02:00:40.0413 0x0df0  ebdrv - ok
02:00:40.0538 0x0df0  [ E5C10FCFA331D2BA13B211D0454FEA38, 9363545317C655EED282BA1FE7C71B26E2C3599F35E42E7496F413961303A24D ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
02:00:40.0585 0x0df0  eeCtrl - ok
02:00:40.0616 0x0df0  [ FD0FC10A8CFD7AFEC58BBBE649BAA470, 9BDBD540FCF33FC01AB896D50A872E2FB5A007225FA003C528E6DCBDBEE19C25 ] EFS             C:\WINDOWS\System32\lsass.exe
02:00:40.0647 0x0df0  EFS - ok
02:00:40.0678 0x0df0  [ 8D74B8B5D6F7C5BC4C525BAF2B083FF1, DA5656F745B3911F96871887FDFDC40F4D9C820622A0AA27EFE4BA93662833CA ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
02:00:40.0710 0x0df0  EhStorClass - ok
02:00:40.0725 0x0df0  [ 4D49B99DCACA1FC782A94DB596246504, 878B27A128093640830AB4C78973E1D896CF3AA918FA24FAB1029F0C9D1CB98B ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
02:00:40.0756 0x0df0  EhStorTcgDrv - ok
02:00:40.0788 0x0df0  [ 80A7999DE02CE678B865832E1CE78CD6, 2576EBB6E4D630A906DE724F125099E52A962B5B68B9F9BCA849A7B29D8C8689 ] embeddedmode    C:\WINDOWS\System32\embeddedmodesvc.dll
02:00:40.0803 0x0df0  embeddedmode - ok
02:00:40.0819 0x0df0  [ B4264DEF962801CDB83C008DE30758D1, 57886688102BE727450BA45932044A5A389B5822A0C1C08C2AFFBA380F70C3F3 ] EntAppSvc       C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
02:00:40.0850 0x0df0  EntAppSvc - ok
02:00:40.0913 0x0df0  [ 2BD3F1059975CE90F8D968DADD790DFF, 9FD4FA7DB54B0E1E4A48863435F728220978A271D2A28BB3E9E112C1A59B1D4C ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
02:00:40.0960 0x0df0  EraserUtilRebootDrv - ok
02:00:40.0975 0x0df0  [ 77B60DEC7DCB4233E4A69D3F52E5DB24, 3A5C905E37A93899051497C90E5BA8E1D003B56C6906CADFD2F1CDF52052D248 ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
02:00:41.0038 0x0df0  ErrDev - ok
02:00:41.0131 0x0df0  [ 580A27392E20987D1F01B8355CDA4439, 86405FD625BF783CCA41A48A0EB7B90C2D7723A1539F43778F349420D29CC562 ] ESProtectionDriver C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
02:00:41.0194 0x0df0  ESProtectionDriver - ok
02:00:41.0272 0x0df0  [ F89083AB8B9F51C0031C1CBD0A9A7E35, 9EE973A25134960E62D1A6A1E34AD9B3F7690E71C1AD31A23FA2081A73438754 ] EventSystem     C:\WINDOWS\system32\es.dll
02:00:41.0350 0x0df0  EventSystem - ok
02:00:41.0444 0x0df0  EvtEng - ok
02:00:41.0491 0x0df0  [ FCD2C63754C2E739A8EEAD9BC63F9DDC, C57A72ABA4C0BD71F914B9C8FF965DCFF585A205498F19A4584A4BAF7674839D ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
02:00:41.0585 0x0df0  exfat - ok
02:00:41.0616 0x0df0  [ C077AA74EDDAF69985EB27597BCB342A, 8CE48D37E39A6DFA3C8E959CA92A49029100446DC40044EE009D55FB9CDE378A ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
02:00:41.0663 0x0df0  fastfat - ok
02:00:41.0663 0x0df0  [ 99598ECA5E41996E005D5B9D9FF1EFA2, 91345CD50EF02431B69093505C1C5F5DC6A1AA6BF192EE9392ED4D5626B60462 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
02:00:41.0725 0x0df0  fdc - ok
02:00:41.0756 0x0df0  [ EF0DD43A4CBAB367BCA1AFBDC9971E4F, 73E161C45D63FDDE71EE2438137913724DC513860539D1E7F6BD861F5D1B33F3 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
02:00:41.0835 0x0df0  fdPHost - ok
02:00:41.0835 0x0df0  [ 34DAC585994CD3B4E910DE11C584EF3D, A6C6A4CB5413EA61F1A54E2D3AD71A311CEA2C26218544D2D2D4A5CFEC52DE8C ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
02:00:41.0881 0x0df0  FDResPub - ok
02:00:41.0897 0x0df0  [ B68DA1FE3CA2311AFD38DD6905CA7F71, 4B395DFB1B47D2507CA4D9DC996A70D0A3BDB1A245CD6DA6C42B2A299AFCCF37 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
02:00:41.0944 0x0df0  fhsvc - ok
02:00:41.0975 0x0df0  [ F44F666B0EACC3181544FFCF8CA0FFC7, 83F771CF9DAE1C504B30731EEC55355EA1253174252DA2192ADF1D228B3735C3 ] FileCrypt       C:\WINDOWS\system32\drivers\filecrypt.sys
02:00:42.0038 0x0df0  FileCrypt - ok
02:00:42.0069 0x0df0  [ 78A210DDFDF2C9EC884631D2DAA573F0, 5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BD ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
02:00:42.0131 0x0df0  FileInfo - ok
02:00:42.0178 0x0df0  [ 1A97DB5E701A186989F3795223C3BE39, F7982220D4DF7E104955E63CACE352394E2577DEF49506EA126127F820EB62DF ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
02:00:42.0256 0x0df0  Filetrace - ok
02:00:42.0288 0x0df0  [ 46626665F0E5906E45619B4EFD6186B8, 37FDD3B8AD49FD29E54DA5567EA77F28A53498AE56348F7A2628E5E5549D638B ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
02:00:42.0366 0x0df0  flpydisk - ok
02:00:42.0429 0x0df0  [ FDA72ACA14D516D18C33AFCD0FD9260F, 6509612DEC82EA74614B5C9A7B432305A1A468C97B88BED9E141DF2929B621B1 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
02:00:42.0460 0x0df0  FltMgr - ok
02:00:42.0600 0x0df0  [ 289EFA0470B308F01BAF955DE81E0682, F88081AD427BD90B3085A07439D1BDBB4966A898D49B0ABEFF7829D68BE532A5 ] FontCache       C:\WINDOWS\system32\FntCache.dll
02:00:42.0710 0x0df0  FontCache - ok
02:00:42.0757 0x0df0  [ B6848AE7BF5BD5182075D948DF7588DC, 0245D35CA48451D0743347338EE2E8E8AB6C6FD8ABE0B91E7FE2830714D30BE0 ] FrameServer     C:\WINDOWS\system32\FrameServer.dll
02:00:42.0897 0x0df0  FrameServer - ok
02:00:42.0929 0x0df0  [ D152CCBFC8251670BF0AAFE00D6BC782, 9DE82D8FC4E1DAF8FF23EE08C0B7CB5051A9224E64544D262CFA4996A41B04E1 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
02:00:42.0960 0x0df0  FsDepends - ok
02:00:42.0991 0x0df0  [ 6D6BB5C7363CD35FA715E826F3D029EE, C214F791EB39E8B25CE57ED9D6C1D56EE1AF6021BCB380980BD42A6338A6C9F7 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:00:43.0022 0x0df0  Fs_Rec - ok
02:00:43.0069 0x0df0  [ B719EAA1EC93586955B013BD7DD61356, 0D0D94CF33322EEC0AD08835D0314E578F9687F361CD436A2073A4D2C0D56C86 ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
02:00:43.0163 0x0df0  fvevol - ok
02:00:43.0194 0x0df0  [ EF78034773CE506323655A868C949144, DF195BEEE6704FBCC6D2D9E1BF6723E52ED502A1459F495B7D18481E6A79B5BC ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
02:00:43.0257 0x0df0  gencounter - ok
02:00:43.0288 0x0df0  [ B55FEBC6A00DAA1FE074F020B6907516, 67071FBAC2ABA47AB71358A5F08E92E034A55343878F00137E90B3B1F7362976 ] genericusbfn    C:\WINDOWS\System32\drivers\genericusbfn.sys
02:00:43.0319 0x0df0  genericusbfn - ok
02:00:43.0835 0x0df0  [ 76AA3B646DF62AD5E4B828B825E70A22, FCDE0C674F35B43398F7C81DA7F35AF6A33AC92B43570C310A4BC414F39C7E73 ] GlassWire       C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
02:00:43.0975 0x0df0  GlassWire - ok
02:00:44.0022 0x0df0  [ DDD8A8CDDC7F13EF57D1DAAE71865936, 9D472A8689F72F24D40D5B94849690F53C67849FDF6162A94EF4FB330A3DA566 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
02:00:44.0054 0x0df0  GPIOClx0101 - ok
02:00:44.0132 0x0df0  [ C9316C91895057669386E620C89580E5, 5C7BF2C890E77AE3D401BB1F9F76B42D8A0ECD98118F17929FCD4097C768D90A ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
02:00:44.0194 0x0df0  gpsvc - ok
02:00:44.0210 0x0df0  [ 7ACD8F69B5D6EC97E6D2C006E19BED88, FC69214C9308EA64B88EF4C3C95800586DDBB44C8540846B79A161BAD8203B6E ] GpuEnergyDrv    C:\WINDOWS\system32\drivers\gpuenergydrv.sys
02:00:44.0257 0x0df0  GpuEnergyDrv - ok
02:00:44.0304 0x0df0  [ 77621A3DF170D246DC744CD0767BFAB3, 08BA4984D8B19337A34E4A2BBCE4AD681FDE09D02A6C421A16F5A717AA12CD84 ] gwdrv           C:\WINDOWS\system32\DRIVERS\gwdrv.sys
02:00:44.0335 0x0df0  gwdrv - ok
02:00:44.0366 0x0df0  [ 10E3515FE5DBA6656FA62C29342EC4A1, 2051F10F74ED712B1766EB61E87FADE25AB3D0970BABFD320600D1B0D6377F26 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
02:00:44.0429 0x0df0  HDAudBus - ok
02:00:44.0460 0x0df0  [ B90D284B97CD4CA9DE7430AAAD887A56, 2F14F985C39B7801ED64590979CF2114924E9547F5B11D2B37A74DBFFDD9E7C5 ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
02:00:44.0491 0x0df0  HidBatt - ok
02:00:44.0523 0x0df0  [ B2FE11643CC6ACDEE6C247DD36018FDB, 5796613C7DBF8B2A9E860E006FF1A245B6BE7D10E3F6685AD142B48E5C237B8C ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
02:00:44.0570 0x0df0  HidBth - ok
02:00:44.0585 0x0df0  [ D24355488A2D4D2323518EC1AC7A6D9E, ED2176A2093726087EDDA25B86E9CDD4BA35F4E748E3A6DE0B15C4C97646B5C7 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
02:00:44.0648 0x0df0  hidi2c - ok
02:00:44.0663 0x0df0  [ 0AF9ABBA4F3F55C6C803890D64BC3C29, D3DE6FA308F8E7CD4F16387F46AE4B2F7EC9BBA07BF87652B660A0D645710571 ] hidinterrupt    C:\WINDOWS\System32\drivers\hidinterrupt.sys
02:00:44.0710 0x0df0  hidinterrupt - ok
02:00:44.0726 0x0df0  [ CDBCF8E9AB06D88A1E1191D32F320C5D, F76963AB7CF2BAB3A220013879AECD3976BFD851CFB66B5A69A9EA2541048861 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
02:00:44.0773 0x0df0  HidIr - ok
02:00:44.0820 0x0df0  [ C900FE0DD6A1E2220084B8F1C427790C, 802194EBEDA1A50EDA300078B0888AAC1F17A42E67147B7B3B9C50AD8D4E5C89 ] hidserv         C:\WINDOWS\system32\hidserv.dll
02:00:44.0882 0x0df0  hidserv - ok
02:00:44.0898 0x0df0  [ 2B7002EEACFC2687788A34ADB204293D, 040B5FC43459E80AD56CEBB26EC7676F449310537ADCD3272C2064241E328834 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
02:00:44.0944 0x0df0  HidUsb - ok
02:00:44.0976 0x0df0  [ 44D54C8356588525D7AD0FDCFDDA0811, 46963ADBF14FA8A9B0E6564106ADEA49BBD4EBD9E43DF389CCD31F9B9BD080D9 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
02:00:45.0070 0x0df0  HomeGroupListener - ok
02:00:45.0116 0x0df0  [ 86161A89F16851728802590EC7C92608, 3A3B05BB4E115410D27063B30C0EF3F18295F542050F329F1E466C81A9E23A46 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
02:00:45.0194 0x0df0  HomeGroupProvider - ok
02:00:45.0210 0x0df0  [ F5CA18197B4646E04DB9EB2D6642CC4D, 5BA3342DDF1BCB67E4156169FE9A33E7BC2641C729E9F1A80C0E80953C6AB114 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
02:00:45.0241 0x0df0  HpSAMD - ok
02:00:45.0320 0x0df0  [ 65E358D604267CBAACB74A2598BBE22B, A645E48641D638A58789B7948FC3DD5072179C0919B546A6DB08094FA9321A30 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
02:00:45.0366 0x0df0  HTTP - ok
02:00:45.0413 0x0df0  [ 0C84C250F80EAEC2C9768464CC1A9626, 212E1003B78F9B98FEB084FD1FDB59B26A9DE4C9120F24D4361FBBF0F3C035E7 ] HvHost          C:\WINDOWS\System32\hvhostsvc.dll
02:00:45.0429 0x0df0  HvHost - ok
02:00:45.0460 0x0df0  [ 3756E15BB86689412775DF22A442FC46, AD9DF5B542B30C89F9904CB574E75BD2D18A31F67032F0E2453290E912FC5DE3 ] hvservice       C:\WINDOWS\system32\drivers\hvservice.sys
02:00:45.0491 0x0df0  hvservice - ok
02:00:45.0523 0x0df0  [ 771EDDA9830A3079F996F34D681FB6E5, F452AD656872A1C8B2D6DCE232CE01EBD456C46F4934A7601E78470F2A2CBF38 ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
02:00:45.0554 0x0df0  hwpolicy - ok
02:00:45.0570 0x0df0  [ 3B9F315E7FA72CC25228EB097DD9C694, B26F1E494428EF197A0C97645C05BB3CA093827A005D35C987F1D6778BC4E52C ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
02:00:45.0601 0x0df0  hyperkbd - ok
02:00:45.0632 0x0df0  [ B54B30992620C97230013A74461C8517, CAF09BDCDD6DE2A39CB8AE2C65E6F8FE12D8E93D84BBEF6C6A98F872BF54A4E3 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
02:00:45.0695 0x0df0  i8042prt - ok
02:00:45.0726 0x0df0  [ C6B8743B213F06AA60943D8366FE968F, 758954F70B810063914B243115B2C753B2BCE40190F95C30ACBA0BF04EBD5B33 ] iagpio          C:\WINDOWS\System32\drivers\iagpio.sys
02:00:45.0741 0x0df0  iagpio - ok
02:00:45.0757 0x0df0  [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c           C:\WINDOWS\System32\drivers\iai2c.sys
02:00:45.0788 0x0df0  iai2c - ok
02:00:45.0820 0x0df0  [ 5A0E850F8CD17791A3E6A3CF81D0CA28, 10A965A49D53360DD250E0758B6BB142872298A21C732EB026ACB93492C5C6CF ] iaLPSS2i_GPIO2  C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys
02:00:45.0835 0x0df0  iaLPSS2i_GPIO2 - ok
02:00:45.0851 0x0df0  [ 7508F1096803385D6376BFD0BD473AC4, 1F32EC23CDC94DCB9710E6663B5C3BD83568545DDC2C741CFC13550A4E4DD2BE ] iaLPSS2i_I2C    C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
02:00:45.0866 0x0df0  iaLPSS2i_I2C - ok
02:00:45.0882 0x0df0  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
02:00:45.0898 0x0df0  iaLPSSi_GPIO - ok
02:00:45.0898 0x0df0  [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
02:00:45.0913 0x0df0  iaLPSSi_I2C - ok
02:00:45.0960 0x0df0  [ 815499B59D675E42A70894118E7A6422, 2E30C726C8E53C1C6B4F113569287B2F85F0502C13067C8C93C82B3561C760F4 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
02:00:45.0991 0x0df0  iaStorA - ok
02:00:46.0023 0x0df0  [ 97E553D03219D3D51705C7235D9EAEBD, 5D4578C8804AF32D1DC0868E34D6538138DC15F9568CA7E21051B1C82C0D8D55 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
02:00:46.0054 0x0df0  iaStorAV - ok
02:00:46.0085 0x0df0  [ A55971BD810EBDEF1E83CE57F5AC091B, 43AAE856E0E1D1647DC8AF37E907DC8FB74C9C388E48A9F68D209AECAA1E54B6 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
02:00:46.0116 0x0df0  IAStorDataMgrSvc - ok
02:00:46.0179 0x0df0  [ 8350FE3BCDE3428BC040877BB7E9EAEB, 77F9456351CA640C6B7862907C0580627E761EC807B551976A95657EB4D6CC20 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
02:00:46.0210 0x0df0  iaStorV - ok
02:00:46.0257 0x0df0  [ 3BA03F7C7700DDF4C383DDE9252F5817, 3E90F69D0010E7764349D9AE865D577E431FEBC67DA554B400BC808DD286E203 ] ibbus           C:\WINDOWS\System32\drivers\ibbus.sys
02:00:46.0320 0x0df0  ibbus - ok
02:00:46.0413 0x0df0  [ 17CF9460BCF23BB4F96EAE3E160D7DB9, 68ABB485CBFCC22B9A5A5847557424937E5001086AB30EE5A717B18EDB81DE18 ] ibtusb          C:\WINDOWS\system32\DRIVERS\ibtusb.sys
02:00:46.0460 0x0df0  ibtusb - ok
02:00:46.0507 0x0df0  [ 937AC47F7356554DA05D9722C356EB55, 9EABC9F19B4E1193B669D2674967F5C6F03FAD348EDF0615E3F78554FF9A83CC ] icssvc          C:\WINDOWS\System32\tetheringservice.dll
02:00:46.0585 0x0df0  icssvc - ok
02:00:46.0773 0x0df0  [ DB2B8F970C2EA337C78C92B04C2E84D1, A5D2275AEA687A84BE2B6A355B11446F59A3DD549C4C6F0FCE337A9BF8C34049 ] IDSVia64        C:\Program Files (x86)\Norton Security\Norton Security\NortonData\22.7.0.76\Definitions\IPSDefs\20160823.002\IDSvia64.sys
02:00:46.0835 0x0df0  IDSVia64 - ok
02:00:47.0101 0x0df0  [ FD8EF027CCAF40D2BDAB61A108AD9E1B, 31F0EC276D5E8D1CAE5113581FC3E66F3E6A436BA42D44D5DB257AA343475587 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
02:00:47.0320 0x0df0  igfx - ok
02:00:47.0414 0x0df0  [ 93DCCA7A1C894B518D314C35FFEC2F2F, 7437E931CF1331C345F5C0542957850222BB02C59C233089273F14B8B3373CF4 ] igfxCUIService2.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
02:00:47.0461 0x0df0  igfxCUIService2.0.0.0 - ok
02:00:47.0523 0x0df0  [ F2934208C0E50C0B971A7981AB90BED2, B936BFBBD71E731CC2CDB8B47D262F2EF09726FF921C2DA0841910CA2401423D ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
02:00:47.0570 0x0df0  IKEEXT - ok
02:00:47.0586 0x0df0  [ 2A01C96DF5802D3434634E55C91232D8, A3ABEF36E2FD2CF5C371ADBF92566A09669A1D990ABE4677370F57F2EEAF8121 ] IndirectKmd     C:\WINDOWS\System32\drivers\IndirectKmd.sys
02:00:47.0617 0x0df0  IndirectKmd - ok
02:00:47.0804 0x0df0  [ 48AC5F706780BCC34811EA89A0727189, F76EC13A5A0FD24D9B63B7546FF749739022D1785357AD06E3FAA7F608E8C714 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
02:00:47.0914 0x0df0  IntcAzAudAddService - ok
02:00:47.0945 0x0df0  [ A38C7B403BBFD5B30F27C2D6B11AAF25, 25F0E31A9987B49224C8884F30AF85DE3B1181E20BC8C0401C0F85BAA481A7D1 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
02:00:47.0961 0x0df0  IntcDAud - ok
02:00:47.0976 0x0df0  [ 9F7E87F6595D065A8A200A291043045E, 6944F72F73EADC6C9B7691F2C1C6DF1898F22C88EFA78EC0BA8CB5FFD9CE057B ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
02:00:47.0992 0x0df0  intelide - ok
02:00:48.0007 0x0df0  [ A6BD2E20AE1BC5CB2776C87C28E4F4CA, BD8BE67CED9A4982D785CE9ECBEFE868C3A2E37DF7F9592B9F9049B807A1554B ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
02:00:48.0039 0x0df0  intelpep - ok
02:00:48.0054 0x0df0  [ 2A48DA39542636DB0FA3BA915385D1B3, 6CA0916F5F4B1E81AE6A6233276320599BFA7C129267177703E3BB6468FB4683 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
02:00:48.0101 0x0df0  intelppm - ok
02:00:48.0132 0x0df0  [ 4A922CAB4AB5F29F1BECC9D95B4B7F05, 7C1006799E26A0B4DF49373A4D0509748C602588CFB3C1CBB409E335F5DF9593 ] iorate          C:\WINDOWS\system32\drivers\iorate.sys
02:00:48.0148 0x0df0  iorate - ok
02:00:48.0164 0x0df0  [ FE85D0A86CA7A5A99CF8CD04DE7F80AE, 544C01FC01EE728EB5667158207E5F4418FE77A88BA318192A834722DB766F4E ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:00:48.0211 0x0df0  IpFilterDriver - ok
02:00:48.0336 0x0df0  [ 89548E57FD0A7BC703541C69C0286B13, 261698B302DF5B80C57FC4257E0A0AABC8DEFFED16D8CD142AD8E7CB51AF2007 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
02:00:48.0414 0x0df0  iphlpsvc - ok
02:00:48.0445 0x0df0  [ 450DBDD716C7911F83E05F78EE18BFA2, 43C0DA172F632131898F315A53DEDD1AE99FB0620AB32B3A5B99FEC498C9AAE5 ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
02:00:48.0461 0x0df0  IPMIDRV - ok
02:00:48.0476 0x0df0  [ F1DAECC3B3D6399875D4F10529D6A77C, 6533D2F858816BE6570C998510919FCA2904EC6EF806F61C1FD325E88133111B ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
02:00:48.0523 0x0df0  IPNAT - ok
02:00:48.0570 0x0df0  [ 2BFF13AC46A5850161317D0F924B5B42, B8A09F66435EC6582F8772515988503CC13DC200A370EBB8C3FE661F2EA688DA ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
02:00:48.0586 0x0df0  iPod Service - ok
02:00:48.0586 0x0df0  [ 7475A2903BB704B446AA6309E34D3362, C94643A1626A9716015EBA7041A1224098501EB7DAA704CBFCAD3DC6F3CFC6AF ] irda            C:\WINDOWS\system32\drivers\irda.sys
02:00:48.0617 0x0df0  irda - ok
02:00:48.0632 0x0df0  [ 9725E7F0C64CE9916A5CDABE8D6E13C3, 04AF9E48FEF208A2850DF28352E8FDCBF4018982C72C0F67EE12C048C4070116 ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
02:00:48.0648 0x0df0  IRENUM - ok
02:00:48.0679 0x0df0  [ 8C604213A2E73088BFFE6CD2E6F1AE53, B4C4FEE4D398A29F72EC27D5668071D7E68CD943FFFC38624DD5DF5BEBDF46D3 ] irmon           C:\WINDOWS\System32\irmon.dll
02:00:48.0742 0x0df0  irmon - ok
02:00:48.0757 0x0df0  [ 58040898883A96160D41739C80328BBF, 7F85C91C905811416E266A263DDEFCDCB0B45376AAE51B551AB636C16577DB9F ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
02:00:48.0773 0x0df0  isapnp - ok
02:00:48.0789 0x0df0  [ C9FD02D62E09337B67B0C61EC8CA38CC, DC77E935ECC8474BE9018F0937CB11C137073582B20A0EE107CE247FD9E1F9C1 ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
02:00:48.0836 0x0df0  iScsiPrt - ok
02:00:48.0882 0x0df0  [ 210808437570BDDEE71A43535E3A2D30, EF5DE6EE4FF58F44CDE4D4E7F298ABBC9086EC05CC3AE4903060DA878115AC1E ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
02:00:48.0914 0x0df0  kbdclass - ok
02:00:48.0929 0x0df0  [ 2D05785B0C58D90A34EA15032EADBBA9, 3E1238FF7F6ECA522761830FE7EA7587B704FCB3ECE8C6BF94CC17A640B678ED ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
02:00:48.0976 0x0df0  kbdhid - ok
02:00:48.0992 0x0df0  [ 813BA3EB2CE038F2A5382DDD75CAD60B, 99FA444027CAC247B54317730D54AB0C4C000AE076B97E47470FDA9834594312 ] kdnic           C:\WINDOWS\System32\drivers\kdnic.sys
02:00:49.0054 0x0df0  kdnic - ok
02:00:49.0070 0x0df0  [ FD0FC10A8CFD7AFEC58BBBE649BAA470, 9BDBD540FCF33FC01AB896D50A872E2FB5A007225FA003C528E6DCBDBEE19C25 ] KeyIso          C:\WINDOWS\system32\lsass.exe
02:00:49.0117 0x0df0  KeyIso - ok
02:00:49.0132 0x0df0  [ 9FA1B5D84F596F0664F0465F302044DC, 47B41D3D6119B5B20C83AF84D315C4AB40B5534D687736A8B67BD985A3B232C1 ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
02:00:49.0179 0x0df0  KSecDD - ok
02:00:49.0195 0x0df0  [ 3B342AD20A76FAEC4851A38774B99AB4, 5003427A1BA8AFA2273C623BCF1A9CC5D60654A346FE4A2FB43CDAD2732E8BB3 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
02:00:49.0226 0x0df0  KSecPkg - ok
02:00:49.0226 0x0df0  [ 4ED115CD1A1099705F56B5E0FFF97CC6, 9CC49DF2CD6AAAE405BA661D13EFC1E05111D1DE3D1E50C39C425AF1F075610B ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
02:00:49.0273 0x0df0  ksthunk - ok
02:00:49.0383 0x0df0  [ 8125BDF7ADC261F75EF0CAD92456E350, 184797AA1D58C4FF743BA60D48590B88B781EE7779205E45E0679DEC79F3E185 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
02:00:49.0445 0x0df0  KtmRm - ok
02:00:49.0492 0x0df0  [ 8CCAB08815B50AD78B823DB3F96C8604, 265E6D582EB7207B5CC577D61CB7BC3646F613047F168CD69BB776C37780EBF5 ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
02:00:49.0570 0x0df0  LanmanServer - ok
02:00:49.0633 0x0df0  [ 752FE77F22592016A5EBBF399EC12E14, 231CF3E069FF64A4E8C81D0799A73924D864585B25382EFF8D1707F87747AC9E ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
02:00:49.0695 0x0df0  LanmanWorkstation - ok
02:00:49.0742 0x0df0  [ F8EBAA1FE6D3BF84752931DE1BFA0E2A, 2F3C512712BA709BBBBD779D9E792DBE324876C402CDCEF0345B8B7ABE1D232A ] lfsvc           C:\WINDOWS\System32\lfsvc.dll
02:00:49.0836 0x0df0  lfsvc - ok
02:00:49.0867 0x0df0  [ F2E1302599E445F3E1A305123A92A8BC, 162D5C8045463931E8465544144F11567AA0F246AEAC3828A13284C283F01633 ] LicenseManager  C:\WINDOWS\system32\LicenseManagerSvc.dll
02:00:49.0907 0x0df0  LicenseManager - ok
02:00:49.0935 0x0df0  [ 5933A6673F00D8255C52957E40C2D601, 0AA1281F8B3F97E360592D1B35EE7D3D614F1AB46007F9884CFFB1C5E647575E ] lltdio          C:\WINDOWS\system32\drivers\lltdio.sys
02:00:49.0989 0x0df0  lltdio - ok
02:00:50.0021 0x0df0  [ 88A3C935725FA6EA1A228DCC26CF9C6F, 9B1F70644EEFA1EE7CE151A8A970430087339B7A6345F2E0252370929D4AFAC6 ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
02:00:50.0067 0x0df0  lltdsvc - ok
02:00:50.0102 0x0df0  [ 3F858E28AEE6545FA1B64134DFD5C2CE, FFD7B4FB0A7B61BC6B76A172134673842F2CF00E96FA3ED4A8273DC525B6BB92 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
02:00:50.0149 0x0df0  lmhosts - ok
02:00:50.0181 0x0df0  [ 8E1B0946948CCC0BC1FA3CB70374A795, 0B894C129A35E223FF9594725AC90916CBD597FAD2211A18FC2AE03EA8679597 ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
02:00:50.0228 0x0df0  LSI_SAS - ok
02:00:50.0259 0x0df0  [ 4F68163FC04C973500DC4DA0946917B0, DF060C29109EB3978CEDFE781999B0C4C1E8C0FDB133428058D8400C53315EEC ] LSI_SAS2i       C:\WINDOWS\system32\drivers\lsi_sas2i.sys
02:00:50.0321 0x0df0  LSI_SAS2i - ok
02:00:50.0368 0x0df0  [ E5AC5F2815938651CDCC27F425474673, 3AF0598982153C36A766506FA088F7B84333CC96FEBB050402547AFC613AF9F7 ] LSI_SAS3i       C:\WINDOWS\system32\drivers\lsi_sas3i.sys
02:00:50.0431 0x0df0  LSI_SAS3i - ok
02:00:50.0462 0x0df0  [ CCF6EC9FB9B8F18E05B4253E81013E48, EBE8D77FEE8B99BD8C29702404774D554673C96DF3FDF3DCEA9C99E22C2709FC ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
02:00:50.0477 0x0df0  LSI_SSS - ok
02:00:50.0571 0x0df0  [ 5570D03E2048AC7961BEF6FFEE3A2CA5, FD0232312D87015FA0B8062FA175A44410F8C1C9778145CCDD57BA1C23929C87 ] LSM             C:\WINDOWS\System32\lsm.dll
02:00:50.0649 0x0df0  LSM - ok
02:00:50.0665 0x0df0  [ C9579D32219E5B936AC3A48D470117EC, E61A77191B6BA25D29B1221FEBBE826BBC11F825C0E35A72B4CEFFF8B7FE59A8 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
02:00:50.0712 0x0df0  luafv - ok
02:00:50.0790 0x0df0  [ 3D1516114F5B1548864D043177F992A6, 3733D5D51EA0DBFB24C408F1C48F8367CEE005EFCEC2860975D5EE2B4445ECF4 ] lxeaCATSCustConnectService C:\WINDOWS\system32\spool\DRIVERS\x64\3\\lxeaserv.exe
02:00:50.0821 0x0df0  lxeaCATSCustConnectService - ok
02:00:50.0837 0x0df0  lxea_device - ok
02:00:50.0853 0x0df0  [ 6D4111E1852A9F0BFC07BB69F3141841, 9BFF4517F26F1E9DF4DA6633B542EAA20A698B9397D2ED73134E7AEF306FBB15 ] MapsBroker      C:\WINDOWS\System32\moshost.dll
02:00:50.0915 0x0df0  MapsBroker - ok
02:00:51.0009 0x0df0  [ DE111E937CB01E149FD749F67CDA7DD9, 1434FD87072FE4032D40E2B59DA301B0B35A301DAD4A6E7FE53BE8044BD2B465 ] MbaeSvc         C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
02:00:51.0040 0x0df0  MbaeSvc - ok
02:00:51.0071 0x0df0  [ 78BFF5425E044086E74E78650A359FBB, 294738C10F3ED933D4EC40EA0659372FCF19A3C6D45D356917438CA495F2CB45 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
02:00:51.0071 0x0df0  MBAMProtector - ok
02:00:51.0212 0x0df0  [ 9611577752E293259C7DCE19E9026362, 8CB5DFD63FA15603BB6FA6B501E09ED7F4DE0E8F68CB28B78CECAC3711BEFD24 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
02:00:51.0306 0x0df0  MBAMScheduler - ok
02:00:51.0384 0x0df0  [ F1A89A34388B5626F1548D393B23ECB1, EA00AC76C4C8C9340753B58A3313C9177A9B98F9F1BDE08F184CD0F53D0C186F ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
02:00:51.0415 0x0df0  MBAMService - ok
02:00:51.0478 0x0df0  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
02:00:51.0509 0x0df0  MBAMSwissArmy - ok
02:00:51.0540 0x0df0  [ 898415AC0B5F1D2A9A48ABCB68A6DC4B, E1FD9AE5E22E3E5A18288E66A6184E92A4B63A1274DCE147A7728BB09C6A225E ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
02:00:51.0556 0x0df0  MBAMWebAccessControl - ok
02:00:51.0587 0x0df0  [ C3CDCCF07486BD2616A7B82946E07AC0, 1EF95DAB2DA856BC7D7573B2EB2D9006DF337F827F0B56A161D0C97F45DB755E ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
02:00:51.0618 0x0df0  megasas - ok
02:00:51.0665 0x0df0  [ FADB2FE017E69EECE0E1BA78661C2E8C, BE99B49031D8B4B670B6F6B6E829E54406779CF6F1D8AFE8AB79A73E6764AB2F ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
02:00:51.0712 0x0df0  megasr - ok
02:00:51.0743 0x0df0  [ 6D1671CB2E5402F01D2F13ECF764CAA1, 4778630F602FE8F9B9112DC5BB7A179632000D10D80C28E93711404108FCC6E0 ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
02:00:51.0759 0x0df0  MEIx64 - ok
02:00:51.0806 0x0df0  [ 55A417C3E41F2A98666CF929EC19108E, A38C262B2863C87E4151525BF26D6AC16E7982D370E2C6998EB15C88C4BC8254 ] MessagingService C:\WINDOWS\System32\MessagingService.dll
02:00:51.0837 0x0df0  MessagingService - ok
02:00:51.0931 0x0df0  [ E66C388028FC6D4B837504BB350FF368, 517B03CC0F622EE7027923051696326472924F43513C1E6201FBB3F29D7F6DD1 ] mfehidk         C:\WINDOWS\system32\drivers\mfehidk.sys
02:00:51.0978 0x0df0  mfehidk - ok
02:00:51.0993 0x0df0  [ F2DF90B0DA5D80A7D0728D036886D129, A85AC435F5930E7A7FE873C1841AD43C8986A25443F81349B30C7B4C56A95D9B ] mferkdet        C:\WINDOWS\system32\drivers\mferkdet.sys
02:00:52.0009 0x0df0  mferkdet - ok
02:00:52.0118 0x0df0  [ FD60818B66B2E8A5415EA840E99A9D8F, 5D2F22909354534B821D958FBEF6A40EB4F642F53C7B509D00949096EF716F36 ] mlx4_bus        C:\WINDOWS\System32\drivers\mlx4_bus.sys
02:00:52.0181 0x0df0  mlx4_bus - ok
02:00:52.0212 0x0df0  [ 68F6977F1CFBAAC770D940A8C0326FA1, 90EE1E7DAC680EAA5AD50E9B0B9FD8FCE8DD6A02D5EF941B5AA5084CBD40BB80 ] MMCSS           C:\WINDOWS\system32\drivers\mmcss.sys
02:00:52.0228 0x0df0  MMCSS - ok
02:00:52.0259 0x0df0  [ D842ADDB5911945D51F61A0B1C8F36E3, 5EB93A1FD2D2D9FAB6121356E1AB18F2ADE9550D3033274AF7CA8F7FD51E59ED ] Modem           C:\WINDOWS\system32\drivers\modem.sys
02:00:52.0275 0x0df0  Modem - ok
02:00:52.0306 0x0df0  [ 9CCCB7FC3EDADEBA461D78615A6011A6, C120B58F25E8CCFD971EB78645C0682F367AD56DC15F2D8C1980CE75B04719DF ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
02:00:52.0353 0x0df0  monitor - ok
02:00:52.0384 0x0df0  [ 27A07B2FB2E3057DA8DAEA4F25D843C7, 09D2B39E6B9AAEC879E5871DD6BCFF2AEF0B894F3B44649665A685F8B3CA6F27 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
02:00:52.0415 0x0df0  mouclass - ok
02:00:52.0431 0x0df0  [ 7BD6E7F7C9001AB21B8362CFFEE80B25, C470C3363EEF3A60409A5934988BFB9B72AE7C2BB63CC2C2D006D7EB1C797F6A ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
02:00:52.0493 0x0df0  mouhid - ok
02:00:52.0509 0x0df0  [ F5BDAEE4B7D369D4C74668DCFBA3FF10, 100F39288E56AFE0D39D1CC235BDC9F3727C873CD3114E092DA7A08810BD3EB2 ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
02:00:52.0540 0x0df0  mountmgr - ok
02:00:52.0587 0x0df0  [ C7D9BCA1022DD34440076A261F6B6EA8, 526F5E7C3A393988D6C883EC92228C828BD501B4EE941B5888D96563DA123995 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
02:00:52.0618 0x0df0  MozillaMaintenance - ok
02:00:52.0634 0x0df0  [ 30844BD376F9D01E62C820BEF446F1F8, 910D672EDB544A20AEB4450B4D89830F46EDD28CE0021156176315C5D068A1B4 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
02:00:52.0681 0x0df0  mpsdrv - ok
02:00:52.0759 0x0df0  [ 779CFDB17EA07A6D26FEBBAC95B65772, 74D9542E8DCCD07396A45A45D2F500AA6F9DCC1DB785A6153EB3067E42F576A4 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
02:00:52.0821 0x0df0  MpsSvc - ok
02:00:52.0884 0x0df0  [ 50C2389CD04C5B8632E3DC2D733EF15D, 0F83A8A5F405BC6F401B5A75D45F6D07C61C0CA692D2A77C63E742622F5BF921 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
02:00:52.0962 0x0df0  MRxDAV - ok
02:00:53.0056 0x0df0  [ C9BB4E2FCAB693FEB00CF940060D94F4, DBE5DACBAB0CF803EBBDC414FD4D2A159B9062892DE923E22E56CBCDB80F13A7 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:00:53.0103 0x0df0  mrxsmb - ok
02:00:53.0118 0x0df0  [ 6C83C4A8278E48455DA13E554CEB45F1, 9389EF464F242861FCE8C22D2EB19E8574BF3E56C1A4FB064DE9E7480631E7F6 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
02:00:53.0150 0x0df0  mrxsmb20 - ok
02:00:53.0197 0x0df0  [ 74C9D21523DAE0C18F413C196DF0058A, 3DB4B8CA368D9DD82FAE2C2BC828A21142C8D29780A7C8667188C447519FF702 ] MsBridge        C:\WINDOWS\system32\drivers\bridge.sys
02:00:53.0243 0x0df0  MsBridge - ok
02:00:53.0275 0x0df0  [ 308F08347923DEEDE7BC03EC7D485841, 72DB45CA11FE635DF9F8273C38CBEFB8DF5362ADA0CBF6D2B1E570365DC700C0 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
02:00:53.0321 0x0df0  MSDTC - ok
02:00:53.0321 0x0df0  [ F01B849D9D4A8CEAF32D4FDBD0B83C92, D2473AC4C6E6C03DEF13EA73EC78FB878BDC95C047651BF79A16C9DEA82AD046 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
02:00:53.0369 0x0df0  Msfs - ok
02:00:53.0400 0x0df0  [ 22ECD8F5D1DFADF2011BBB1700CB871D, 8F9EFF51137394EFA5471B8A29C541710063B65806B075B4925A84D5B6BC3BBB ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
02:00:53.0431 0x0df0  msgpiowin32 - ok
02:00:53.0431 0x0df0  [ FD870F6968A145E4D2BA8A8842686B03, 34B8F601F3B5E42B4D0A41E2AF7DB4EB4E5B627DA8DA9A2A2D46B153AF23AEB1 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
02:00:53.0462 0x0df0  mshidkmdf - ok
02:00:53.0494 0x0df0  [ 30364757963A028CE5DF0FBAAC270173, C72588A6A52FF8E418A15D2C407A4DB7EA768585423720145F8253D5CA519DC2 ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
02:00:53.0540 0x0df0  mshidumdf - ok
02:00:53.0540 0x0df0  [ 6BB0FEDDAE7135FA37FFAFF4D9E0E876, B41A3C0FFDFC493D6325ED493445AFCED04EC9DFF2B38125616FC5419AD1ACC4 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
02:00:53.0572 0x0df0  msisadrv - ok
02:00:53.0587 0x0df0  [ 07E3E54734B14F43A4A95A849C0A0DE2, 314AA02EA84D267B32DBAEBEA6C1AC1A266DED1E8D35A17B41D1D2AC75E8049E ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
02:00:53.0650 0x0df0  MSiSCSI - ok
02:00:53.0665 0x0df0  msiserver - ok
02:00:53.0697 0x0df0  [ 13D614E6B51ECF36746C48CE829FA7F6, CAD63C0A4F7110093F84C58252C5803F14E3FC46584B79DA17EC86D49FEAEA64 ] MSKSSRV         C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys
02:00:53.0775 0x0df0  MSKSSRV - ok
02:00:53.0806 0x0df0  [ 642CDE46351D5D2D90311E77072AB46D, B2D3033E607BA2F6E6B9CFB1CBF154CD0CE910EA473C56343EC81B9B94044CCA ] MsLldp          C:\WINDOWS\system32\drivers\mslldp.sys
02:00:53.0900 0x0df0  MsLldp - ok
02:00:53.0915 0x0df0  [ F2302A5CE63CA7673200FAFCEEEDB6AF, B8C44FC2DC0332183DE325CDBF511101F3307225295EDD428CE575A8DE15C223 ] MSPCLOCK        C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys
02:00:53.0978 0x0df0  MSPCLOCK - ok
02:00:53.0994 0x0df0  [ 6114512EA26E835BA522C63635429DB5, 0F91CE41B4555316A79AEF3047C152D538CC9C7C329987C9FD0E3D961AFC87C8 ] MSPQM           C:\WINDOWS\system32\DRIVERS\MSPQM.sys
02:00:54.0025 0x0df0  MSPQM - ok
02:00:54.0056 0x0df0  [ AA538E16E644D00E3BA5349BBA9598EC, 64A68B06883FE7ED34E04AB119BA819753F1222923EDD4E802C35D402B89D075 ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
02:00:54.0087 0x0df0  MsRPC - ok
02:00:54.0119 0x0df0  [ 0543BEFD41EC4D25C7F7CF36409CEC7D, 631622CFEC49952C0470531B23FFFFF483DC0EFFEF7A97B1179A600392C05DDD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
02:00:54.0119 0x0df0  mssmbios - ok
02:00:54.0134 0x0df0  [ C1569E4DB8EFE3617847BF041A3C842F, 99ADE5E7F50E04CAEC737F7F90741CCA8EE628996BA5EB6C6BC62184884429B6 ] MSTEE           C:\WINDOWS\system32\DRIVERS\MSTEE.sys
02:00:54.0181 0x0df0  MSTEE - ok
02:00:54.0197 0x0df0  [ 130B16970154BA9876B09E5C4BAC63BE, BE3AF8FC5A26AB9C9DBA9C015C2E1FD3C4CD9CB423A2BBDABA91428BF8620553 ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
02:00:54.0228 0x0df0  MTConfig - ok
02:00:54.0244 0x0df0  [ 15D987C8F6CCD4AC94E070C5986762CB, 452FB0C48B86C7F8F53794CC2DDBF2B900B03A0383B2DE8F6A830F8CB0AFBAD8 ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
02:00:54.0259 0x0df0  Mup - ok
02:00:54.0275 0x0df0  [ 3D2C5B4995CA0751D32DEA0DE9FDFE44, A26958785FD9E05E2CA97078C9BB277CD44222BF5F7D9E8DC2F3F6AAAFFC6483 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
02:00:54.0306 0x0df0  mvumis - ok
02:00:54.0353 0x0df0  [ FE47C6A3FAF9C7A38F5D0E696096E683, 56457B783EAF782C9E6D28A1B05BBA39FEACA6892E5CA2629969BBAFCD1DF086 ] MYFAULT         C:\WINDOWS\system32\drivers\myfault.sys
02:00:54.0384 0x0df0  MYFAULT - ok
02:00:54.0431 0x0df0  [ 6A07E3D3274553DEE93A6278662002AF, 186801B6FE405C571FFFC94FF9562AB864780C1E239CC024BC325DB1697D989D ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
02:00:54.0462 0x0df0  MyWiFiDHCPDNS - ok
02:00:54.0556 0x0df0  [ DB31EBB04C871F422C36A0962DA7D38B, B1BC2344744F537FB2C7D07B415F860195B7795E185253F05C0817A3764FEC10 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
02:00:54.0681 0x0df0  NativeWifiP - ok
02:00:54.0728 0x0df0  NAVENG - ok
02:00:54.0759 0x0df0  NAVEX15 - ok
02:00:54.0790 0x0df0  [ C3D9870E680D9D843B18F4626C3858FE, 43596CAC9FB488F810FBA954C52BC4D13F7D32028C40ACFE33DFD7EE36A65C17 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
02:00:54.0853 0x0df0  NcaSvc - ok
02:00:54.0869 0x0df0  [ 04CE2C0F0759EACD886BA4B658B60D5D, E34D0976FC5936C8629800D826DB127072D1DFC3D350EFACA3AA1B8119551762 ] NcbService      C:\WINDOWS\System32\ncbservice.dll
02:00:54.0915 0x0df0  NcbService - ok
02:00:54.0915 0x0df0  [ E6094065008FE423377294050E7CEA2D, 86E200227256407530E2C28243DEFBC3CB6E9497644404D9AD79DA242286DF7B ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
02:00:54.0947 0x0df0  NcdAutoSetup - ok
02:00:54.0978 0x0df0  [ 629CB21AC49C8867E0F29DF1C16DB7B4, 20663E68C69D0A1A2FE99A0C2A9DEFABF49786A1DC8F7F4E1699458AF57D7E79 ] ndfltr          C:\WINDOWS\System32\drivers\ndfltr.sys
02:00:55.0009 0x0df0  ndfltr - ok
02:00:55.0103 0x0df0  [ 36DD2C614720EC2970CB5E870BA69D8D, 692BDA4201119E0561E17E7E1A72320DBECDE3F8E4E65FBEA1B2C1128E16508B ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
02:00:55.0150 0x0df0  NDIS - ok
02:00:55.0165 0x0df0  [ 6DD605338FAAF6BA17662AA874E0D162, 636607829F5D7C3B7A4683C0A2DD594360D72F2AA3F8710153BE32575AE34A15 ] NdisCap         C:\WINDOWS\system32\drivers\ndiscap.sys
02:00:55.0197 0x0df0  NdisCap - ok
02:00:55.0212 0x0df0  [ E34196F285F8B8879E1FF36C31F7179E, 77A4F24F995D4C0689C43F9956E08DCEC62517E4F8B1B9EAA1852B5293DB5B9A ] NdisImPlatform  C:\WINDOWS\system32\drivers\NdisImPlatform.sys
02:00:55.0244 0x0df0  NdisImPlatform - ok
02:00:55.0259 0x0df0  [ 1FAD2398673F30CEC616B89C46B7DCBA, 70302049E6AE2BC6B3A7A9DE54D3F940AD6A9771CC2EBCCEC65994E67A25ECB5 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:00:55.0275 0x0df0  NdisTapi - ok
02:00:55.0290 0x0df0  [ AEB8ECBE66CC46854066CB1F5623E179, 2F650A85A9DAE38887610C0B876621035616CEDB65D4BBBD7F1405616D218AAF ] Ndisuio         C:\WINDOWS\system32\drivers\ndisuio.sys
02:00:55.0322 0x0df0  Ndisuio - ok
02:00:55.0322 0x0df0  [ 7340104C2BF2F126714F7CDE85E63610, 45B64EC6F3A4C43F7D74806789067658C6EF0D44D36B841F4D26E1EBC95AF66C ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
02:00:55.0337 0x0df0  NdisVirtualBus - ok
02:00:55.0385 0x0df0  [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] NdisWan         C:\WINDOWS\System32\drivers\ndiswan.sys
02:00:55.0478 0x0df0  NdisWan - ok
02:00:55.0478 0x0df0  [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] ndiswanlegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:00:55.0510 0x0df0  ndiswanlegacy - ok
02:00:55.0525 0x0df0  [ 78A12E3DF035B5D054986949B19BE43C, AD9B34F89B9F27D473BD5FCE6694A40FCCB808B61ABEDD6F70F1AF6C7E73ABF8 ] ndproxy         C:\WINDOWS\system32\DRIVERS\NDProxy.sys
02:00:55.0557 0x0df0  ndproxy - ok
02:00:55.0588 0x0df0  [ 04C8859355C1DC9C0FA198D1894D71C2, E7C67E73009341B5D402470C686781B3C7BBE2531CE26665E08E711B990B1A77 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
02:00:55.0635 0x0df0  Ndu - ok
02:00:55.0666 0x0df0  [ 6C76780A01FC2B885BD6E957B5C36B02, DB7834F03A765F65C773E772D8051AFADB22CA4B5074180AA397857A0C47A068 ] NetAdapterCx    C:\WINDOWS\system32\drivers\NetAdapterCx.sys
02:00:55.0728 0x0df0  NetAdapterCx - ok
02:00:55.0744 0x0df0  [ 5D1513BD6430307C9DB86C6E351372ED, D2AB709CF7CFA5B857B084AFC821914A975B7DDDCE154229981F19448973BD6D ] NetBIOS         C:\WINDOWS\system32\drivers\netbios.sys
02:00:55.0791 0x0df0  NetBIOS - ok
02:00:55.0807 0x0df0  [ 6FEBB0A847FFD5F057B9AC8889F1B9A7, 558BCC64C59079E6569F61CCE1219A124B3313FC4E6CB5CBCC94124D202FF19D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
02:00:55.0869 0x0df0  NetBT - ok
02:00:55.0900 0x0df0  [ FD0FC10A8CFD7AFEC58BBBE649BAA470, 9BDBD540FCF33FC01AB896D50A872E2FB5A007225FA003C528E6DCBDBEE19C25 ] Netlogon        C:\WINDOWS\system32\lsass.exe
02:00:55.0916 0x0df0  Netlogon - ok
02:00:55.0979 0x0df0  [ D3BF2DA9216A4CF22A97820A50A67EFF, D00CBE0A7ECFB449D9B48967A01EE56141404EBE229893D5A1710781AD5F2551 ] Netman          C:\WINDOWS\System32\netman.dll
02:00:56.0051 0x0df0  Netman - ok
02:00:56.0130 0x0df0  [ F2645D51DD8AABC8BC72358409410437, 8CB97628923D6CEA6EFAD7E666BE92C154060BD108C28D46287A520A14B18ADA ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
02:00:56.0202 0x0df0  netprofm - ok
02:00:56.0218 0x0df0  [ 724EA060EF56BAB4DED8F731FA56279B, E07FFE11D7B5C94D6B56940C6423ACB85910F6E8789E788EC91EEEE1C02B247F ] NetSetupSvc     C:\WINDOWS\System32\NetSetupSvc.dll
02:00:56.0265 0x0df0  NetSetupSvc - ok
02:00:56.0421 0x0df0  [ 57B8053A3C2A01A2C2A2DB2577D653DB, BD748008FF334BB40502937F20F0B30A7096361BB56DBE4A8C4DD67066D5B660 ] NETwNb64        C:\WINDOWS\System32\drivers\Netwbw02.sys
02:00:56.0499 0x0df0  NETwNb64 - ok
02:00:56.0562 0x0df0  [ B996DE26A2E16053C9485F5905B05320, 30EB2CEB466A4F05A44F7CBFCDFD8CC3C27B5FCF1269C1B9410C48AB362D2A75 ] NgcCtnrSvc      C:\WINDOWS\System32\NgcCtnrSvc.dll
02:00:56.0656 0x0df0  NgcCtnrSvc - ok
02:00:56.0734 0x0df0  [ 2EC2F2E4C88BA9B72D1F6B92234BCD53, 4DC98EBE5A3B34ED654017F076F457970D3FBF749DC54A6533DAABDE85A7C4FE ] NgcSvc          C:\WINDOWS\system32\ngcsvc.dll
02:00:56.0843 0x0df0  NgcSvc - ok
02:00:56.0921 0x0df0  [ 0B5083278F195C26FE9E0140AEAEDCBE, B4D505963D5EBA14EC80E6D0BB8B862D96D1D1C3A57F4744AEBA3FF4BFB1997A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
02:00:57.0015 0x0df0  NlaSvc - ok
02:00:57.0031 0x0df0  [ 001CBD7A2CD45C4EB39C01C3C677EF73, F4AAF4D60DB1232921C7811A62287B55C7C098B7A1FF9A40D88AF58A5ABECBA2 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
02:00:57.0077 0x0df0  Npfs - ok
02:00:57.0077 0x0df0  [ 90F5DC9802AAA00CD0B6E2AD9E7FFADC, 71C0777829299DECA6ACD42F38802DBE3C29A42CFBD8A396F39DFA44D1F55B6C ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
02:00:57.0124 0x0df0  npsvctrig - ok
02:00:57.0218 0x0df0  [ 510589251AC1265DF9EFAF5EF2E4FA03, 6762059A8DCF0662625A944C6F3A798EE6B2AC01925A97D18EA9EFECA1CB8504 ] NS              C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.7.1.32\NS.exe
02:00:57.0265 0x0df0  NS - ok
02:00:57.0296 0x0df0  [ 1993C85962692EF7024501E7FE92D466, F5BCAA8308495EBF8BB061C2015E07C202A779668D171364D7E312975BC18B10 ] nsi             C:\WINDOWS\system32\nsisvc.dll
02:00:57.0343 0x0df0  nsi - ok
02:00:57.0390 0x0df0  [ 0C6218321A09A7B51BA7FFAFBA4CCB21, 330B3FA793A78410B28DFC8250BBF24442E3BB80434A7938BB96F02337614E0D ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
02:00:57.0437 0x0df0  nsiproxy - ok
02:00:57.0562 0x0df0  [ D1AF837A1555990602A51A3ED238EC80, 37F25AAC4431C665F014FF7EB2FBB395621581200CB5029D4C3F5040E9181F52 ] NTFS            C:\WINDOWS\system32\drivers\NTFS.sys
02:00:57.0624 0x0df0  NTFS - ok
02:00:57.0640 0x0df0  [ 6E6DD6F9DD2A034CF85E94047DBDB992, 63D0A0756F551B7668D1CBAB24B29FD462C706E8A81690BC248D6C92061FE215 ] Null            C:\WINDOWS\system32\drivers\Null.sys
02:00:57.0656 0x0df0  Null - ok
02:00:57.0687 0x0df0  [ D261DF41F0840F734856A2B4F5E072C7, 2E703556D0C919375D0B7770513456844B13362190643D5524663EC8546E0FF5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
02:00:57.0702 0x0df0  nvraid - ok
02:00:57.0734 0x0df0  [ 23B702B555EB0436B9DAA0BC63DA65CE, D454F80D9657CFEC852F022C12D7B2C1A2D7D247ECC591EDB07B9369DFD8C99E ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
02:00:57.0749 0x0df0  nvstor - ok
02:00:57.0827 0x0df0  [ 17997DC2441F7E29CDFC6458E0392764, 636CCE2DA1EF8195B33F8D6D5C8CC151D58EBF08DC9AD8ACCCE7ABD41A69639F ] OneSyncSvc      C:\WINDOWS\System32\APHostService.dll
02:00:57.0906 0x0df0  OneSyncSvc - ok
02:00:57.0999 0x0df0  [ BC54E40B7FD7F87BD6ABD02FF5B1C504, ADA469C8593B4A6F1FC8855FD0AD5B4845B98723F7FD80C38289110E14BF54F2 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:00:58.0015 0x0df0  ose - ok
02:00:58.0062 0x0df0  [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
02:00:58.0140 0x0df0  p2pimsvc - ok
02:00:58.0187 0x0df0  [ 2BBCED66D7AFC968BDBB0E4D8524DF0A, 762D916390F9DE69B3EA1D31244224F910645F8E5CEF4C505B76B215BFDFCD9A ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
02:00:58.0234 0x0df0  p2psvc - ok
02:00:58.0265 0x0df0  [ 6B81BF7853D161DB8AC62CD8B9C2DE6B, B2DC06D135FD2501217DDA7349556EB873309E02188D4C3901807BA24FAB30C7 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
02:00:58.0296 0x0df0  Parport - ok
02:00:58.0312 0x0df0  [ F9C32E5ECA5D29852A93C3888A4CC4B2, D52FFB5B85962D5C8FF8016627CBAE69472DDBA559261B6C7FD6DC4C677BB7C0 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
02:00:58.0327 0x0df0  partmgr - ok
02:00:58.0343 0x0df0  [ CE515B2C6E2EA50053A8862398646B38, C85D370E5250AFCF44796CE274B5A100C6829DC28BF1D4C6991EF61DE46FD10A ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
02:00:58.0375 0x0df0  PcaSvc - ok
02:00:58.0375 0x0df0  [ 55E45E0A89429AE9C62D728B9C4891C0, 729922C3488866C8D67F00E82C082F2E8E6F05180F4767AD30FC7E1FFE4946C5 ] pci             C:\WINDOWS\system32\drivers\pci.sys
02:00:58.0406 0x0df0  pci - ok
02:00:58.0406 0x0df0  [ 214DCC87E3898F738075D1341252A552, E721FBBC3510DDB848A8CAEA3B6031EE988F42252DBC3BF7BDB6ABD9A0D9FABD ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
02:00:58.0422 0x0df0  pciide - ok
02:00:58.0437 0x0df0  [ AED76A3333B3A31536E430020E0226FC, EC255B79B0908E3C142D92E35B79D90A3F2594BA012CA2B1B04A6A8745153430 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
02:00:58.0453 0x0df0  pcmcia - ok
02:00:58.0453 0x0df0  [ E63FB38B6E75B39467492FBAD2CD512A, DB406C92BA2460C833A49B98EB5BD58348E868F643A0123B0C9B5315FFC6A124 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
02:00:58.0468 0x0df0  pcw - ok
02:00:58.0468 0x0df0  [ 2CCD68D8A6BBFF2DE0EC54F086C5F3BC, D3D5A56F0C1BEBA9A05CE82F4BBD011E40A15358C00A668F9614F7E002A65A08 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
02:00:58.0484 0x0df0  pdc - ok
02:00:58.0531 0x0df0  [ 1509A77F840AA9E72CF8247D0CF2FBDE, 2D47AD4D8F5C2D871E603FB6D72D25EFD0E63FA3A542DAADAB9D82ED074C0E0B ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
02:00:58.0578 0x0df0  PEAUTH - ok
02:00:58.0593 0x0df0  [ 540116170E2135FCD5DDE77702166B67, CBEC51C2D47532F1781B3255040F303263420B204C2F8BB2B5D1EC342F57B285 ] percsas2i       C:\WINDOWS\system32\drivers\percsas2i.sys
02:00:58.0609 0x0df0  percsas2i - ok
02:00:58.0625 0x0df0  [ 8356F87553BF49C703CF382033815898, 245EB941566D848F134629690BF271B1CBEAB6440771D3D8D7AED3756835354E ] percsas3i       C:\WINDOWS\system32\drivers\percsas3i.sys
02:00:58.0640 0x0df0  percsas3i - ok
02:00:58.0703 0x0df0  [ CB5343FF52A702A9ACFAAE6BE972FE09, EAA5362D91D05D382DF4EBBAA3FD575456F23CAD531CC6F1270F8254892DBF02 ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
02:00:58.0734 0x0df0  PerfHost - ok
02:00:58.0812 0x0df0  [ CFA4868B2932396D47BCC8E7350907C1, C757910212982F54CF9B2CFFCB632D58E3A07E468A2DA42CDF97BFB6A05823DE ] PhoneSvc        C:\WINDOWS\System32\PhoneService.dll
02:00:58.0922 0x0df0  PhoneSvc - ok
02:00:58.0937 0x0df0  [ 06A31E2C90347128A1A25290568E152C, 7F0BC96C116A5C6B9796233CA975B1F6A73D554A533191F38295D60221E503C4 ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
02:00:58.0984 0x0df0  PimIndexMaintenanceSvc - ok
02:00:59.0093 0x0df0  [ F931F21E4287FE3ECCF09B54A232BBA2, CEB7AB3236E5F30214027092B7B695ED35F7A1E007DF4046797D1E4DFEF49EC8 ] pla             C:\WINDOWS\system32\pla.dll
02:00:59.0218 0x0df0  pla - ok
02:00:59.0281 0x0df0  [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
02:00:59.0359 0x0df0  PlugPlay - ok
02:00:59.0359 0x0df0  [ 56D7A89423325121C4A9BD5C326414F3, 649048C23D1973C3504E26B35362AC99DFE9BF31FFE73F45B43306A212AEA34C ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
02:00:59.0390 0x0df0  PNRPAutoReg - ok
02:00:59.0406 0x0df0  [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
02:00:59.0437 0x0df0  PNRPsvc - ok
02:00:59.0500 0x0df0  [ F70CAC34B455D05EAA04B2F8FB58E1CB, 295BFFB3DA03C5CE5462C11D3240024B68AC06E8DEA9062A739BE2CCEE19EB5D ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
02:00:59.0546 0x0df0  PolicyAgent - ok
02:00:59.0578 0x0df0  [ 60C8376B48BA96F07AEA536527433D44, EB988C119C3E71169B91ED2A744C71933DD35447DC4A8249E80EC24E9E7077D4 ] Power           C:\WINDOWS\system32\umpo.dll
02:00:59.0609 0x0df0  Power - ok
02:00:59.0656 0x0df0  [ 5645B9D9788CCA2C88B9534996ED2D6D, 4988942DF163DB5B9B1A08CE6B628D2C47C2E2EAA30AEAE4EFE21C8CF4C8DC5D ] PptpMiniport    C:\WINDOWS\System32\drivers\raspptp.sys
02:00:59.0677 0x0df0  PptpMiniport - ok
02:00:59.0862 0x0df0  [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
02:01:00.0033 0x0df0  PrintNotify - ok
02:01:00.0065 0x0df0  [ 372913E12677A8CBBBABDD8311894F9D, A5233D95A0D22D2A9DB214E7CB79A99D389B67189FF6A87D0AD4610A333A637F ] Processor       C:\WINDOWS\System32\drivers\processr.sys
02:01:00.0096 0x0df0  Processor - ok
02:01:00.0143 0x0df0  [ B2DC3BA675F95343D55EC989FE303561, C53FCA036358B0B11BBE5348074FA24831CF67C9FEE31A3DC9CF88B6178CFBC8 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
02:01:00.0221 0x0df0  ProfSvc - ok
02:01:00.0268 0x0df0  [ FC98407B85A31161851FDE245517574F, 2CCD706CF243934FCDA32B24CE0C385EA2E67F206E0306FA584496F583A20CD1 ] Psched          C:\WINDOWS\system32\drivers\pacer.sys
02:01:00.0299 0x0df0  Psched - ok
02:01:00.0330 0x0df0  [ 7A68710BAC9B6809314B86C0CB1CBC4A, C02D97993D1F6FE6EFBA5B1366B3A4FE8CE1136A95F3A2DA07BA59554C163501 ] QWAVE           C:\WINDOWS\system32\qwave.dll
02:01:00.0393 0x0df0  QWAVE - ok
02:01:00.0440 0x0df0  [ 819602BBBFDB0BD46DEA3715BF0DD452, D4007FF1E5296316B53436CA3598D6B1CF4F60AB77D5B02F3E595081EDD5D879 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
02:01:00.0487 0x0df0  QWAVEdrv - ok
02:01:00.0518 0x0df0  [ CDF47037A0939F56D11F699629C276AD, A63F2A3FE80FB8084E3870E907505694B79EE1D9E56E292C01D481FEFD2534B0 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:01:00.0549 0x0df0  RasAcd - ok
02:01:00.0580 0x0df0  [ 28C2EA278070EE12701D0EDF8CB0EC36, F10288C1C6835840026DB30285345EF892DE989F43C948E7F4760B8895FF675F ] RasAgileVpn     C:\WINDOWS\System32\drivers\AgileVpn.sys
02:01:00.0612 0x0df0  RasAgileVpn - ok
02:01:00.0658 0x0df0  [ 7B82197BF35CC3BE59AEF8B706AB8A16, AB0216164A548A48CD21F5F035E57E867584A96890B9887EC08F8DABDD89F990 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
02:01:00.0674 0x0df0  RasAuto - ok
02:01:00.0705 0x0df0  [ 17E565710172ED71B8531D8822E1C5D1, 0CA39ABD9E544DDAD9D9D7D1FC50444274C31E18F9BF73069051D9F62833698F ] Rasl2tp         C:\WINDOWS\System32\drivers\rasl2tp.sys
02:01:00.0737 0x0df0  Rasl2tp - ok
02:01:00.0752 0x0df0  [ DF0702D6A190452E1BFA52F36E58640A, 37B7B8220CDE965F1232D883CEEEDDDB309ABA0ACBE38486E69B9052D39187C4 ] RasMan          C:\WINDOWS\System32\rasmans.dll
02:01:00.0799 0x0df0  RasMan - ok
02:01:00.0893 0x0df0  [ 9387DF155233D45D4E010F4F2FB52A57, CABC25DA4E512809AED0085767BDD94BF3C1DA792BFF8A009B5465D9110E7060 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:01:00.0971 0x0df0  RasPppoe - ok
02:01:00.0987 0x0df0  [ F0F4EEDEEBEE7A4244FAFB96A16B5712, F64717E601BD5EB674003009507B8CDD6F69F00E8670D6895EC64786166A0E8D ] RasSstp         C:\WINDOWS\System32\drivers\rassstp.sys
02:01:01.0033 0x0df0  RasSstp - ok
02:01:01.0049 0x0df0  [ BBE0FC9C9E7C556DA6E6E6904739DF7E, E6F0C48371EEB92B796DA0AE49DA575AC0B4403146F75A1040DC2C1A44CAB0F6 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:01:01.0065 0x0df0  rdbss - ok
02:01:01.0096 0x0df0  [ 79A415E6FA915EFC00297DAB16EC2635, 47BB49F6D756214193D38A4AB182B541AAC180381C3111FF7F9B0AD4C44D8733 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
02:01:01.0127 0x0df0  rdpbus - ok
02:01:01.0158 0x0df0  [ 7135785C21CA79D270D11037C43D3F19, 654A3C65CF891ED8C82A740D10CF607FC7D709185E664DE03288CEB5B25F03A6 ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
02:01:01.0174 0x0df0  RDPDR - ok
02:01:01.0205 0x0df0  [ 97A61A3CB2B5CB4FC32B3224EF333448, E4F2E8BCEE3639BE57BBC8A8E67FDE42C3A5158F1204684B0ECD216F4AA044A3 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
02:01:01.0221 0x0df0  RdpVideoMiniport - ok
02:01:01.0221 0x0df0  [ 69BB204AE07EE84ECFAB1BF13C4BD04B, 1CA832CBF4AE4821EEA2A19F9519C2D1D00406B8CCE2A86FE3B33A5F293DB218 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
02:01:01.0252 0x0df0  rdyboost - ok
02:01:01.0393 0x0df0  [ 940D6F5A2B0A61EE4170DF84F6C95C20, F8EE846DC8015EDFE7CB5BEEDC977EAA9C586BAC2216DE69D8ECCBDBC7408649 ] ReFSv1          C:\WINDOWS\system32\drivers\ReFSv1.sys
02:01:01.0518 0x0df0  ReFSv1 - ok
02:01:01.0549 0x0df0  RegSrvc - ok
02:01:01.0612 0x0df0  [ FD2B3A645798A2EFB7FB61AC42AAA611, 8A121D361A73CA19AA87B1AD33B8020A99444BF4C8904944AD5913C5083859B8 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
02:01:01.0658 0x0df0  RemoteAccess - ok
02:01:01.0690 0x0df0  [ 3183B161B1F05333F6C325577FEF3596, D6A89B2A021377B6F371E5B9EFC36FF018822B28F0ED41F8CD2F00C5C8605707 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
02:01:01.0737 0x0df0  RemoteRegistry - ok
02:01:01.0768 0x0df0  [ 94DCF20DF6170B557AFD386E37C128BC, 70FB7C7A7D2BFA95EACEEE38B39E1DCA93DA63AE1898C4F54956B9413C60EB88 ] RetailDemo      C:\WINDOWS\system32\RDXService.dll
02:01:01.0830 0x0df0  RetailDemo - ok
02:01:01.0846 0x0df0  [ E82F3B1918C6A5FE6EB761CDF1E772AF, 0C993FCB7BFD6E01B70A1821E0DEAFA2CB241AF8C2E6D4CC120F59C1B5F6FF5F ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
02:01:01.0893 0x0df0  RFCOMM - ok
02:01:01.0908 0x0df0  [ 068220E1B417556F4226E6A3CA0A1C24, 381DD82EF6EAEE83B5B3FA123D04A4D1EEB3407737683C22BBA787C39DCAFFE3 ] RmSvc           C:\WINDOWS\System32\RMapi.dll
02:01:01.0940 0x0df0  RmSvc - ok
02:01:01.0971 0x0df0  [ 672724C8B21B7DC56646045DE4D5B860, 79986E80A92C949C543959F1E35647A9788DAB2892AC20B6DEA5C0BBC0CEDE9E ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
02:01:01.0987 0x0df0  RpcEptMapper - ok
02:01:02.0018 0x0df0  [ 109C1D609951E886D3643B15C1EDD1C2, 347D8E7C50EC7F96217C7421D9BC8A42C9DF50B94169CB58DCF857A63C33C2EA ] RpcLocator      C:\WINDOWS\system32\locator.exe
02:01:02.0065 0x0df0  RpcLocator - ok
02:01:02.0127 0x0df0  [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
02:01:02.0205 0x0df0  RpcSs - ok
02:01:02.0268 0x0df0  [ 5FF28F097C9699097B473F8FC7C1AA7D, 695560F1DBD85073F3D6CB1FF16F16504CA044EA62E940E463A16BBA8B86E2FA ] rspndr          C:\WINDOWS\system32\drivers\rspndr.sys
02:01:02.0330 0x0df0  rspndr - ok
02:01:02.0409 0x0df0  [ EFC1803A4EED1E15A698721D873931B9, 364CE1BBF5E375C341D03067DB3484C8E0652F8BE7C030867F8883F13910278A ] rt640x64        C:\WINDOWS\System32\drivers\rt640x64.sys
02:01:02.0518 0x0df0  rt640x64 - ok
02:01:02.0596 0x0df0  [ DBE1ADA144291F8E0F29ECC40AE14562, D85E5F698EFC6B2374FB330BE4C6828AA3E1A87D3F08BB855A790A5113D5ED5B ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
02:01:02.0643 0x0df0  RtkAudioService - ok
02:01:02.0674 0x0df0  [ 1C201F1FC03ADBD7A2DE4282F6536772, 69D7FF0AE44191F2E0292F841D3E97F29697EB978D92C523F3ED4EBE619E8B8A ] RTSUER          C:\WINDOWS\system32\Drivers\RtsUer.sys
02:01:02.0690 0x0df0  RTSUER - ok
02:01:02.0721 0x0df0  [ B5DAEE69BACA64D2BB004568E22D8756, C0072CF6B438ED756435A182D55AC55F3AD356ACBD483DE06A94893D3CA8CCC5 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
02:01:02.0768 0x0df0  s3cap - ok
02:01:02.0784 0x0df0  [ FD0FC10A8CFD7AFEC58BBBE649BAA470, 9BDBD540FCF33FC01AB896D50A872E2FB5A007225FA003C528E6DCBDBEE19C25 ] SamSs           C:\WINDOWS\system32\lsass.exe
02:01:02.0799 0x0df0  SamSs - ok
02:01:02.0831 0x0df0  [ 5E73FB63E2DBC75FE0C17DEB0010CE0E, 9DAC47486262397D03BC01F7438CAB62CF33BD7B5283F5B9548C770A3D6D0ADC ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
02:01:02.0831 0x0df0  sbp2port - ok
02:01:02.0878 0x0df0  [ 3CD0130FFDEAEACF0905B482F3934EA3, 1EC355B63135FD2563093EBB206741C0C4CCE0551A662F6DC86C875146A88B06 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
02:01:02.0909 0x0df0  SCardSvr - ok
02:01:02.0909 0x0df0  [ 9EE060D6560FFBFBDB2ED5D6ED192294, 14387B69CD26D12BE31A23251B6AA8EDFC4D6CDE4FA558F0950DE91D2DD03946 ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
02:01:02.0956 0x0df0  ScDeviceEnum - ok
02:01:02.0971 0x0df0  [ 3D9A82B03C92D1FEC42CB171D6F57778, DC027F02F5EB5F1D10DB6F405FB0C15D4D5C922445F5F3C916624113278AF072 ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
02:01:03.0018 0x0df0  scfilter - ok
02:01:03.0034 0x0df0  [ D4DB6B318A0A0C74A90260725A228C0B, 57BA2EF9D880488C785C806ABF9EE753A48E589129442D72F815CD6EFFA07B22 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
02:01:03.0096 0x0df0  Schedule - ok
02:01:03.0128 0x0df0  [ 9055ADDFBA4C8B914C914CE693B55C0A, DB213AC36E14D856B81D2AFE46815402537A2ABEEA15032A9FF436F953129441 ] scmbus          C:\WINDOWS\system32\drivers\scmbus.sys
02:01:03.0143 0x0df0  scmbus - ok
02:01:03.0159 0x0df0  [ B6F2363584E62960846F7C3F00124A4F, 252189FF9D623CF69BF415FF7C7FE74B0BBF756B632420578BFAFF6595616CF7 ] scmdisk0101     C:\WINDOWS\System32\drivers\scmdisk0101.sys
02:01:03.0206 0x0df0  scmdisk0101 - ok
02:01:03.0253 0x0df0  [ 9450FA11E9DE6715FCB71A519A8FF90B, B7E341C6E4CE967FCDD0D17A497C07E8A1C6B0AACE8A6E8E5D6C21EF73F13E16 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
02:01:03.0315 0x0df0  SCPolicySvc - ok
02:01:03.0346 0x0df0  [ FCBB8A17B4437B2CA8CC8DA8CB1D306E, 5FA762B1B6C8A45ED6F304A45B500038537ABD3DF6328F3C8E2BD43CBDEAB835 ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
02:01:03.0409 0x0df0  sdbus - ok
02:01:03.0440 0x0df0  [ F3714DBAA42C15F78FFCDFE4273214EB, 2D018970B92C5F0744FAE10A2FC298F3DCEA5C2EDEB760F4F0651337B9878ABF ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
02:01:03.0487 0x0df0  SDRSVC - ok
02:01:03.0518 0x0df0  [ 120DFCB71D6C502613A9E2D50E16850C, 2C294010AD1C9C380CD5221A37720544178B7358C8C8553AF44055E4CEE5DAF5 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
02:01:03.0550 0x0df0  sdstor - ok
02:01:03.0581 0x0df0  [ EFD644DD091E1D94555FC3BBC95EA66D, FBDDA6680BEC378CCF12A32D9186020E884DA15A1E789D1531B1E687FC7B54B1 ] seclogon        C:\WINDOWS\system32\seclogon.dll
02:01:03.0628 0x0df0  seclogon - ok
02:01:03.0721 0x0df0  [ EA160DB2589350DFF52C7ACCD7763187, 1EA4C33AE67EE0EC0748D892D402AD49832FE752F6864AF99AFCA52873D6F4A4 ] SecureLine      C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
02:01:03.0800 0x0df0  SecureLine - ok
02:01:03.0846 0x0df0  [ B605A44ACA1FCFF736235A4D7AEDA548, 48D8B5BC027CFE91AF7402C463327572181D4C1B1E2942F4D05792EED070B2DC ] SENS            C:\WINDOWS\System32\sens.dll
02:01:03.0909 0x0df0  SENS - ok
02:01:04.0081 0x0df0  [ 1CC993A041899B48D5DF4D3F4A4425FC, 8D138B3A92C0E181C865A37AD55EE2D55CC352ED9B60BF60BE0AC610F13F8FA1 ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
02:01:04.0206 0x0df0  SensorDataService - ok
02:01:04.0253 0x0df0  [ 7BFD114F0F308CE29AEB8F16056D0658, 0CD3B3C69DCB3EAD8F8EF5C633911DD4F2C1167DC6FE28107EE38713A35A1F5C ] SensorService   C:\WINDOWS\system32\SensorService.dll
02:01:04.0346 0x0df0  SensorService - ok
02:01:04.0378 0x0df0  [ E6F00415DADCEEC860E7AB42BFD19A65, 274CAF22F93D43B6DB6953730E3DF8DA94776B24EEE74B80AB4CD780BC1366A9 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
02:01:04.0456 0x0df0  SensrSvc - ok
02:01:04.0471 0x0df0  [ 401D706DDC0A7AF18C3DD228ADF74551, 27C0B38D7C2E3F6FF06201124E63483931F6071954B2B99EC0143C464238C0B7 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
02:01:04.0518 0x0df0  SerCx - ok
02:01:04.0565 0x0df0  [ 7084D11083F0CDCA8B5C76F9846ABF5D, F639920882B0E784D8CFAF0D4C0F0C411937B6831E5DD99B0ABFBFE06BA4742F ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
02:01:04.0596 0x0df0  SerCx2 - ok
02:01:04.0612 0x0df0  [ 3FF478A8ED32A83C36581425F6282B6C, 787646A17098EA7CF36064D0A950C1D470D4A280C8C5AC40023D566E53860EAE ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
02:01:04.0643 0x0df0  Serenum - ok
02:01:04.0659 0x0df0  [ 92509187AA171A80521528B36F753E1D, FE0DA272B8A155ECC161E99586C4AE7EE17B1C84BC330DA1566C83B8E03FA825 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
02:01:04.0690 0x0df0  Serial - ok
02:01:04.0706 0x0df0  [ 433D38FF6D08B993847EA2A10EB8CB52, 29BA75DB6D1AC761BBDFB5AC8874FC7D763E1CD10D290E369063B34CE951270F ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
02:01:04.0737 0x0df0  sermouse - ok
02:01:04.0846 0x0df0  [ D525D273BE5691BDACE72B07AB0D1E02, 9231BD2137E71B3D555CEBBA8811297F239FDA08BF573CA4741D03D76718B5B1 ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
02:01:04.0956 0x0df0  SessionEnv - ok
02:01:05.0003 0x0df0  [ 697D3EE0740AEAB62B66ABCA1C83D13B, FCF54A0071ED04AD3FC8551C67FE5FD49089DC0510F753052CAC5972A65C9E3D ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
02:01:05.0050 0x0df0  sfloppy - ok
02:01:05.0143 0x0df0  [ 3D0069B8F0C2FB1B0F13DBDB57593DAD, 4CEC91BC45A51C4E445D2DD8A13AC97719D5AAC1DBA8EA9166D2A354E7857378 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
02:01:05.0221 0x0df0  SharedAccess - ok
02:01:05.0284 0x0df0  [ 482E6BE8A07832E824080D352075ACA1, 4123A76C8E805AF4FE229C53E9C174095C0937913BA81A63FE9B45C44AA5B15F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
02:01:05.0425 0x0df0  ShellHWDetection - ok
02:01:05.0472 0x0df0  [ CF3BDF9EAD8D3EF671E9339B44B185BA, C17EC6D5B00F49D9C8B5B6C262A85F34ED71C58450659F006B3632AA84F68E23 ] shpamsvc        C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
02:01:05.0535 0x0df0  shpamsvc - ok
02:01:05.0550 0x0df0  [ A34CE1830E45DA98932295FDE4B7908A, FC553ECF4D64B4B10B7FDE5352707785517A18D487A80665BAFC7261E3F35CDC ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
02:01:05.0582 0x0df0  SiSRaid2 - ok
02:01:05.0597 0x0df0  [ A7B5C670770E908DA5FEF5BF1136E933, 8D3BB6FF65E631C34BE8EA766481B2FDB2E1E916A4FD67F86705A8975A136E6C ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
02:01:05.0628 0x0df0  SiSRaid4 - ok
02:01:05.0660 0x0df0  [ 3CF50AFD283566573E0412E5D512184A, 382825D5592F13088FB82A0452F9FAC917767A808B521F1BDACB78B70797FB5A ] smphost         C:\WINDOWS\System32\smphost.dll
02:01:05.0738 0x0df0  smphost - ok
02:01:05.0816 0x0df0  [ 0B217141AC1283655402CDB356577735, 6EFA4CA46CFC8B7156CE7E5CA89B7F7073E16D66C2FC13F4DB95FEB78CCF698F ] SmsRouter       C:\WINDOWS\system32\SmsRouterSvc.dll
02:01:05.0925 0x0df0  SmsRouter - ok
02:01:05.0972 0x0df0  [ 6F4CE07D420FB657B5936F71101ABD41, CEC52984C56E578E0FFE12BE1B8148335F788B7D1751F2D0E79B944A41113C20 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
02:01:06.0050 0x0df0  SNMPTRAP - ok
02:01:06.0097 0x0df0  [ 3DB9C2950439B61A038BF83E697C7A14, 6BF5EA5D4A251CB982F336840A60EF4241A3FC7442E7CD4D7C82199F5BF8D4D2 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
02:01:06.0160 0x0df0  spaceport - ok
02:01:06.0175 0x0df0  [ E03264C4C25B568F92ED1656AD541E64, D42942BFFBC7213D204FAF84F4FE015FC23A6ACB29B5E752834EDBC17A3AC20D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
02:01:06.0191 0x0df0  SpbCx - ok
02:01:06.0238 0x0df0  [ DA5A9752A702E86AFC10F06115A8AF4C, 1EBF973AAEE0D851934CFD99BF6FC3B33D6EF5EDE95F81450D2EA18117172FC9 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
02:01:06.0300 0x0df0  Spooler - ok
02:01:06.0535 0x0df0  [ D9B2C0D75F4463EE117F56D59D3CD670, 6E43BCF9388BCA58E2BDF64B71022334542727B0CDDE5F8DAF2AA8CFEA5F619F ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
02:01:06.0785 0x0df0  sppsvc - ok
02:01:06.0925 0x0df0  [ C78B63F99F9C40F6C9B06A43A25E77B0, C96437BD4E98997DEDD9C0DC2B5D02AF5A5F9F35A79E712244DDADD6E62374B9 ] SRTSP           C:\WINDOWS\System32\Drivers\NSx64\1607010.020\SRTSP64.SYS
02:01:07.0019 0x0df0  SRTSP - ok
02:01:07.0050 0x0df0  [ 27382B6CF36D08783212FCF8B3691649, 83ECFBE280BBA8A4073A34F1B36D57952543F1A9B31E13EF8A40D8A2F12C2F73 ] SRTSPX          C:\WINDOWS\system32\drivers\NSx64\1607010.020\SRTSPX64.SYS
02:01:07.0066 0x0df0  SRTSPX - ok
02:01:07.0175 0x0df0  [ DF7147DE10921DBAAE9F9EEF94590E10, 2222BA441227056DA17194648B3AF49655650F7BBA9E4A9ACEF519E392099C6D ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
02:01:07.0300 0x0df0  srv2 - ok
02:01:07.0316 0x0df0  [ 416D224AF7481A4179F018FB1F9A5B6B, 38159D7957A8091DFC5C32DCAC4DB07FDE14BBE4E75B4E61B4FBB332E3F9259D ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
02:01:07.0394 0x0df0  srvnet - ok
02:01:07.0441 0x0df0  [ 44758105AB3EA34E815D4B6CA1153311, 7F223A20D2538C123BAC6F75BE0E126876A116F09502FD980C05B8916E26E1B7 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
02:01:07.0535 0x0df0  SSDPSRV - ok
02:01:07.0582 0x0df0  [ B97C7EC07218A8002323718202BF5E77, 39D3254383E3F49FD3E2DFF8212F4B5744D8D5E0A6BB320516C5EE525AD211EB ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
02:01:07.0629 0x0df0  SstpSvc - ok
02:01:07.0800 0x0df0  [ DF762D30EF0EE10E569C507BE75EAA6B, C23BA05E778CF1A547E7D3FE2226E0E68917570C56D5E703E599CAF2FD10BD17 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
02:01:07.0988 0x0df0  StateRepository - ok
02:01:08.0019 0x0df0  [ 29D26E1347AE1BBD4201014E19880B2C, 9E2153AD96CE4F189EEE43BB02515532C619FB1CA02D8F6DEF517AC3347AAA14 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
02:01:08.0066 0x0df0  stexstor - ok
02:01:08.0238 0x0df0  [ 91CB95B35481155BFE29C217CD237F27, CA66957DF1441D991453BEF02D768D44E5D9A484BC23C8874E8A7AC20904CB06 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
02:01:08.0347 0x0df0  stisvc - ok
02:01:08.0395 0x0df0  [ 0FE3B9A9E40DE1029B0AC2368A3F765D, AB06795E456DB9CE4E5A91DD1C2638B4D474CE1C5DB4819D5EE17A337D74A231 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
02:01:08.0442 0x0df0  storahci - ok
02:01:08.0457 0x0df0  [ C5E0ACE4771F5575D9D5B457ABF3AD03, 365880BC5AC313F25C313EFB7758301F98D9B2BF4C5FC9499F98C2B7F8407D96 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
02:01:08.0489 0x0df0  storflt - ok
02:01:08.0504 0x0df0  [ C1CFB9C19BF1134D8B9A7CF89BEC0AD1, 60DDF10777B30F3F70E4D52AFEABE71C7B509D0F2E3829106ED42ED330F8BCF4 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
02:01:08.0551 0x0df0  stornvme - ok
02:01:08.0582 0x0df0  [ BEBF85EB4D90E6996047DA027D0ED26E, DF109CF0F07CDD1B9B702C2A076D4DD5366DAAD971CC9359AF0358E79981706F ] storqosflt      C:\WINDOWS\system32\drivers\storqosflt.sys
02:01:08.0660 0x0df0  storqosflt - ok
02:01:08.0723 0x0df0  [ EAB902EB8DCF9436354C7CF71A41C223, BB855A7C296AE60C025C7D488EB24BB7AB72FC716A12BE0BBE14B95DFCD290ED ] StorSvc         C:\WINDOWS\system32\storsvc.dll
02:01:08.0832 0x0df0  StorSvc - ok
02:01:08.0864 0x0df0  [ 8E73037A6F8938475692FFCC26EBF385, F78C5CD1A3CD17AA831EEC82426B14006B4DDBC9085A4814E04E8C37FD6B05F7 ] storufs         C:\WINDOWS\system32\drivers\storufs.sys
02:01:08.0895 0x0df0  storufs - ok
02:01:08.0942 0x0df0  [ 9D9DED47DA10E845EFF2DD57C94C809B, 520D0CE7A867051B80C8141E351FE5A5BCE3C99776093F234DB77D3407B1F104 ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
02:01:08.0973 0x0df0  storvsc - ok
02:01:09.0035 0x0df0  [ 224C92E442B1B8C20C274332F1ACF00D, CDE5DCFB7A21089464A6E2ABB29BBE08B184C3433C218756AA5902A8F67C0B2C ] svsvc           C:\WINDOWS\system32\svsvc.dll
02:01:09.0098 0x0df0  svsvc - ok
02:01:09.0114 0x0df0  [ 505E0C40B5D0ADDCBB414640F59BD2E0, DF4B5E65FE6FF2224F298A2A2FAC9B648C082DFF8463148633647580A9FAD34D ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
02:01:09.0160 0x0df0  swenum - ok
02:01:09.0207 0x0df0  [ 2EE27411B5904C63D723BEA391819F58, C88C11D460E90398E16011B8A2CED5EE5626084F24790EA6115532F8F70060C6 ] swprv           C:\WINDOWS\System32\swprv.dll
02:01:09.0254 0x0df0  swprv - ok
02:01:09.0490 0x0df0  [ 6ADFA39058484ADECCCF159627DC987E, FF8376D3441ABA6742773F83BF4DE46A0DB05FD9BA29902454E0E4C05ABC7E58 ] SymEFASI        C:\WINDOWS\system32\drivers\NSx64\1607010.020\SYMEFASI64.SYS
02:01:09.0537 0x0df0  SymEFASI - ok
02:01:09.0568 0x0df0  [ 1DE0CBF15AC67AE0E5B456ADEFB89493, C764815313BB4332279730AA02531A448A1D32F5B6D5689FF04549406A5B5212 ] SymELAM         C:\WINDOWS\system32\drivers\NSx64\1607010.020\SymELAM.sys
02:01:09.0584 0x0df0  SymELAM - ok
02:01:09.0615 0x0df0  [ F612740A892E8F9E789A85DD92B51150, 67F43FC6CE7A2238DA875657F2223787829316B410EB9A1481C4DF92258C7804 ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
02:01:09.0662 0x0df0  SymEvent - ok
02:01:09.0725 0x0df0  [ 9458A37D3A38597FBF62F97E05B3170A, 22724BBCC4426978B656F614B68FB1A80E0E14B56128122A29DAB33266C0E88C ] SymIRON         C:\WINDOWS\system32\drivers\NSx64\1607010.020\Ironx64.SYS
02:01:09.0772 0x0df0  SymIRON - ok
02:01:09.0818 0x0df0  [ 5A185256AE1689912B5EC53F69D53820, D692B735AF2764CE29C6182A5C496994AD3A9EF9D5FB600EE9CE8B664F39D0FA ] SymNetS         C:\WINDOWS\System32\Drivers\NSx64\1607010.020\SYMNETS.SYS
02:01:09.0865 0x0df0  SymNetS - ok
02:01:09.0912 0x0df0  [ D79DAF239126C945C17B19322A084025, 9EC5B0BF970A58F8C969AAE8987D8DEA99EBABDC6064572D204FAB1BDDD16CF7 ] SynRMIHID       C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys
02:01:09.0943 0x0df0  SynRMIHID - ok
02:01:09.0975 0x0df0  [ 32F46FB0F290D16DAA452B289C985795, 73F88AAAA6026DB4C27F1D054145216DCC3F1960946FB2A7A90518DD1D5737CB ] Synth3dVsc      C:\WINDOWS\System32\drivers\Synth3dVsc.sys
02:01:10.0037 0x0df0  Synth3dVsc - ok
02:01:10.0100 0x0df0  [ 7E278DCD635DABB2F39F7266AC9AAD32, D217E7FB62E2311C015F813111AB810DA2D5E8C54A10861968F96A464A0D45E0 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
02:01:10.0178 0x0df0  SynTP - ok
02:01:10.0225 0x0df0  [ A22517F0FA7291B5179190A41E9D3365, 7C36DF43FFCC7E6033C8C6C3B701C63DD93F899654DFA390AEEEF7B357D394BE ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
02:01:10.0256 0x0df0  SynTPEnhService - ok
02:01:10.0428 0x0df0  [ FED48B19D6F55D7A3AB498D85729D1BA, FA5E0E02BC2E2DE108C55991E3B063CC947072228B53539F42F922661510DE7C ] SysMain         C:\WINDOWS\system32\sysmain.dll
02:01:10.0584 0x0df0  SysMain - ok
02:01:10.0631 0x0df0  [ D9FEA79BF6AF136F8E656AE045C2FEC8, E6F08A93348E035185F0F1C6B6277E636F4F25D1136E3ACCA63488DAEEC7114B ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
02:01:10.0725 0x0df0  SystemEventsBroker - ok
02:01:10.0756 0x0df0  [ 86E7FD5C8DBEC1EB51C4368561402B75, 86EE61414CD5854E39E33F67BF5DA4377B569B3ED4D18882C470BC6784891DA1 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
02:01:10.0818 0x0df0  TabletInputService - ok
02:01:10.0834 0x0df0  [ 3929C8FC134AC672C4F3F85160956257, CD3195CA58BA6F55EA0DDA2BE6AB58280AD1CA488D7AAA1539DD05FB99374F36 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
02:01:10.0881 0x0df0  TapiSrv - ok
02:01:11.0037 0x0df0  [ 172B5A199F917B4BACB38F13BCAA11CB, 8491C9E284658920544F5EFED7125D50135C43360BD50B78F962578D9716C719 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
02:01:11.0147 0x0df0  Tcpip - ok
02:01:11.0225 0x0df0  [ 172B5A199F917B4BACB38F13BCAA11CB, 8491C9E284658920544F5EFED7125D50135C43360BD50B78F962578D9716C719 ] Tcpip6          C:\WINDOWS\system32\drivers\tcpip.sys
02:01:11.0303 0x0df0  Tcpip6 - ok
02:01:11.0334 0x0df0  [ 8DBB1BE20C36E6D19BCC89EEA00B953C, 8B97A7E53E1D77363AFF6A5AAEAD89EBAE28DCB8D82753C804FD7CD5646500AF ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
02:01:11.0397 0x0df0  tcpipreg - ok
02:01:11.0428 0x0df0  [ 9D2DD64A0B51C56285512DC9454340F6, ABB90CE6A55269F71AFB08E04969CF9A4EFD93F7A7189AF920EEE3E005214DDD ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
02:01:11.0459 0x0df0  tdx - ok
02:01:11.0475 0x0df0  [ 06130AFFECEB94525FC2352936576B70, 10EBE2C8FDC087D29E2FFB328F0F7905A5374AB8CC9FAE8699E7676DBC8CBF91 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
02:01:11.0506 0x0df0  terminpt - ok
02:01:11.0662 0x0df0  [ FB68E5F02316C42BE7282DA492351C6F, AC31D841FEA58B776127E138DB20F8D48E26FD8C00CE2FA9695EA14EBF159A0A ] TermService     C:\WINDOWS\System32\termsrv.dll
02:01:11.0772 0x0df0  TermService - ok
02:01:11.0818 0x0df0  [ 2AF438EC0D361A7BBB70E604A686602C, 4BE6A0461EB2CB94288614434A1CEC81C2ED46241721FD5BBD8ABE0680F7C804 ] Themes          C:\WINDOWS\system32\themeservice.dll
02:01:11.0897 0x0df0  Themes - ok
02:01:11.0943 0x0df0  [ 1482B8ED5CACA87992A882B853B83CEE, 613247F0E362A109090E8563D977DECC50C64D45D6962905FA84A2D59329045C ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
02:01:12.0022 0x0df0  TieringEngineService - ok
02:01:12.0068 0x0df0  [ 3B3C607C3C62DFBEF61938DA2CAB94DF, E5EEA7F45A7BBFDF6F0003CD77E39958C451DD1B4B401876B5619A3C20F5C370 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
02:01:12.0131 0x0df0  tiledatamodelsvc - ok
02:01:12.0147 0x0df0  [ C1F8CBE2D4843E0CCC3EFEA2EC60D4AB, 9D07527D982066922318C77AECE99280DE55034C375ACE145E827A6BEB5C3B70 ] TimeBrokerSvc   C:\WINDOWS\System32\TimeBrokerServer.dll
02:01:12.0162 0x0df0  TimeBrokerSvc - ok
02:01:12.0193 0x0df0  [ 798C8CB861EB09C5AFB77468E5449BBB, F6631E779159B99B097A59792D11713809CA493618B6A210A4BC905F16782094 ] TPM             C:\WINDOWS\System32\drivers\tpm.sys
02:01:12.0225 0x0df0  TPM - ok
02:01:12.0240 0x0df0  [ 3B91F35089240F6187AD681A5EC28BDE, 3D035CB73BC8E7831DCD0FB7D9DAD91CE51D3D0F9D9C8B866A0009BD508B6702 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
02:01:12.0303 0x0df0  TrkWks - ok
02:01:12.0413 0x0df0  [ AF343840E793BE63A9C646760BE8F2CD, 483FE55873A01DB7ACEC99B6823DAACC9EA7C67D36C6F12698113B31A7D5B8BE ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
02:01:12.0506 0x0df0  TrustedInstaller - ok
02:01:12.0553 0x0df0  [ A6F4025664C9D4BC2A9EDAB4092706D7, 89808A1679C0E716F86F06EE7701DCC289200894F0FA1F120DA2AC3A45FDB312 ] tsusbflt        C:\WINDOWS\system32\drivers\TsUsbFlt.sys
02:01:12.0647 0x0df0  tsusbflt - ok
02:01:12.0663 0x0df0  [ 37A96AD493E110C0BF1EE0AC0F9E7DBD, F2A6894A4AEE18DF2B92222CDB0801A13AEEB7212071F0431430788339B30E23 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
02:01:12.0709 0x0df0  TsUsbGD - ok
02:01:12.0772 0x0df0  [ 79E264287F17D56D768440B0270466DE, ABF9DC95C5E939B30BFD9BF9EDFDB3BD78A9DFCB055B945965303B6A60E6D7A7 ] tunnel          C:\WINDOWS\System32\drivers\tunnel.sys
02:01:12.0850 0x0df0  tunnel - ok
02:01:12.0897 0x0df0  [ 0F38FCE8C61CC14DE3718FAB5FFC0D3A, 527071956BDC0F2863DCDFEDD314DB5265A6AE525F810186F508E0D58A97D767 ] tzautoupdate    C:\WINDOWS\system32\tzautoupdate.dll
02:01:12.0959 0x0df0  tzautoupdate - ok
02:01:12.0991 0x0df0  [ AA65954F512BA097DD190790876DD991, C1BB2B8F54F064D01190327B5E7949EBBDA21D6FC6F94D9FCD20F685C2F855FA ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
02:01:13.0038 0x0df0  UASPStor - ok
02:01:13.0053 0x0df0  [ AB6268022C3A5B529075A39C33904DA6, 2717F1704640201F2681711543EA39A74C3E89C7DB232EC5DD89FD8AA6F07846 ] UcmCx0101       C:\WINDOWS\system32\Drivers\UcmCx.sys
02:01:13.0116 0x0df0  UcmCx0101 - ok
02:01:13.0131 0x0df0  [ 7ED2EDA43D21C7A5F589A7960E265C52, 7DB8A595236FBB8A264D7AB155201357212855050ABB5B1036EF32F1223FDCC2 ] UcmTcpciCx0101  C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
02:01:13.0163 0x0df0  UcmTcpciCx0101 - ok
02:01:13.0194 0x0df0  [ 169351463039B45F5CDED9768879F712, 990C8C4AEF9ED7FF6BCEAE67F7BDAA037777B142B8D96A74F8715C941A5C63C6 ] UcmUcsi         C:\WINDOWS\System32\drivers\UcmUcsi.sys
02:01:13.0209 0x0df0  UcmUcsi - ok
02:01:13.0241 0x0df0  [ 08A9E3AD29B215484FBB68CDC175DF3A, 3EFFF99C3BC4A1454E3D2B5177AE587ED3041AB4CE2A95BA7E28A2124E38E1E5 ] Ucx01000        C:\WINDOWS\system32\drivers\ucx01000.sys
02:01:13.0272 0x0df0  Ucx01000 - ok
02:01:13.0288 0x0df0  [ DA70AEE267491AA56BC63AA0C0C96CA2, 0A0AADB27607F9292BB3CE000CFDDB19BD4CA09EAAD926C4925CB43B17817AD9 ] UdeCx           C:\WINDOWS\system32\drivers\udecx.sys
02:01:13.0334 0x0df0  UdeCx - ok
02:01:13.0350 0x0df0  [ FBC5ECF6D5A868D0B116C2DBB02B8168, 945AA76C60ABAD6075B5C8F9172C018F75BCF393A1CB8B329F5E68E664627775 ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
02:01:13.0397 0x0df0  udfs - ok
02:01:13.0428 0x0df0  [ B918E40FAA9CD118CCA4AD388B748C98, 4B539B7B656F02C5E5BAEE52A677757B05CC11C5500D619850A564C28FAB8115 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
02:01:13.0444 0x0df0  UEFI - ok
02:01:13.0475 0x0df0  [ 0FD75222C1AD2687AB365BEBEA400DD4, AD10DBCA59EB7D34FD8F963CE267F36774A9BC613F8D637903B12AC88C328E8A ] Ufx01000        C:\WINDOWS\system32\drivers\ufx01000.sys
02:01:13.0506 0x0df0  Ufx01000 - ok
02:01:13.0506 0x0df0  [ C1A78C53E01C641AE41BFA65797819F5, 0B9FE1BD724B3315199A1B1DA2F03255E4FE744DA3CE6CD0F77699A8E42E9359 ] UfxChipidea     C:\WINDOWS\System32\drivers\UfxChipidea.sys
02:01:13.0522 0x0df0  UfxChipidea - ok
02:01:13.0538 0x0df0  [ 767307212110EBEFB93EC9A5BE9E85B9, 368797400FE54802CE74F34B773CE2AF09EB8DEA6C035B55419A52F0B5A6FAD0 ] ufxsynopsys     C:\WINDOWS\System32\drivers\ufxsynopsys.sys
02:01:13.0553 0x0df0  ufxsynopsys - ok
02:01:13.0584 0x0df0  [ 8578F83EC5175920F2D8586FFF9DCE47, 049A16AC87F93E761150C8286633FFCA62EE85F5645DDE77D36BD0EB6481FF83 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
02:01:13.0600 0x0df0  UI0Detect - ok
02:01:13.0600 0x0df0  [ DC460AAA18CA2342FBBFB2DF9B044472, 14D45E059C596AE97506D26705F248CA1C2269160B31A60341060E8A93146CBD ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
02:01:13.0631 0x0df0  umbus - ok
02:01:13.0647 0x0df0  [ C3CF0377917ECE6D65D7623E1E61568F, 4909695E04CBC86BFCFFBC15F332C367521054B7B4D3C141C7CA6B2E40E090B9 ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
02:01:13.0709 0x0df0  UmPass - ok
02:01:13.0756 0x0df0  [ 640CF093C1CF16D5FD317616CA348F31, BEC34D1AACA83BF5A84CE01F6A668E3CA5A33C56A446DC42EFFF7C43D22E1AE6 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
02:01:13.0834 0x0df0  UmRdpService - ok
02:01:13.0913 0x0df0  [ B8272BB8D4982C496FDC704809C38E02, F93855D932FB1DBBCC86E82C0FE0DC9ECF93BBD629D2CA9D0BE7E075E114B7FF ] UnistoreSvc     C:\WINDOWS\System32\unistore.dll
02:01:14.0022 0x0df0  UnistoreSvc - ok
02:01:14.0038 0x0df0  [ 6CDA3536F6BAB7896A57EAB7DC07F379, 8FBE6457ECD1ABB518D9800EBA8A017774FFAA8EABD2EDC0825181A12FE9AEF6 ] upnphost        C:\WINDOWS\System32\upnphost.dll
02:01:14.0116 0x0df0  upnphost - ok
02:01:14.0178 0x0df0  [ 6B46FC140C9AF68E6E7697D66D59CB4D, F018B4784D65F1A8140A6EA69C35D6A7ECE01738694052FD54AFD2B81A8F2FF8 ] UrsChipidea     C:\WINDOWS\System32\drivers\urschipidea.sys
02:01:14.0241 0x0df0  UrsChipidea - ok
02:01:14.0272 0x0df0  [ B4402E7F0923F660270442CE76877ABE, 1C2DD26EAB71F75EA576E8DAABAF71FD7DC3DF807CF025617C774CEF33C0B718 ] UrsCx01000      C:\WINDOWS\system32\drivers\urscx01000.sys
02:01:14.0319 0x0df0  UrsCx01000 - ok
02:01:14.0335 0x0df0  [ 9DD431F1B94789CFB527E5D19261F124, 8F5A249A97C5B14B282E3147DD21951D2AD34B651E762814C12F4C26D74EC70C ] UrsSynopsys     C:\WINDOWS\System32\drivers\urssynopsys.sys
02:01:14.0350 0x0df0  UrsSynopsys - ok
02:01:14.0397 0x0df0  [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64       C:\WINDOWS\System32\Drivers\usbaapl64.sys
02:01:14.0460 0x0df0  USBAAPL64 - ok
02:01:14.0491 0x0df0  [ C87E32B90F085970D9637FBAD45EF6FE, C180EACD2EE479277DA5DBF39E43B428BD7945141B2451CB3946B0C1E495E76F ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
02:01:14.0522 0x0df0  usbccgp - ok
02:01:14.0554 0x0df0  [ 0B663856474AC41924D9E9112203858F, 9E09F2A6279B48CAC09F8C7AA1F1BE02864D540C2ED1460CBA9FABCF0A546A1E ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
02:01:14.0585 0x0df0  usbcir - ok
02:01:14.0601 0x0df0  [ F83D2250256203AC5DA5E8601C1AFDD7, AC0D90E2DB3051798B9D287CF3D0E92FED4000822E65A82775A29CF896B76F04 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
02:01:14.0632 0x0df0  usbehci - ok
02:01:14.0663 0x0df0  [ 7FFD26742321919590ED77FCA556D65F, F7FAB63C36F8519F5A7B9091C507F3CB580C390322FAF9155CCE7F66C965B968 ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
02:01:14.0710 0x0df0  usbhub - ok
02:01:14.0725 0x0df0  [ 7A749B2863B5561BE34B39E8E249AD8F, E5B67DFAF5407007FD0CC408D6B4BA19DF59584819FC715E9F9E0FBF3EA00AAB ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
02:01:14.0757 0x0df0  USBHUB3 - ok
02:01:14.0772 0x0df0  [ D2109F1F4FEBF1DAC415CDC5DE876479, C8A871EBD0E5EF004BA622A73DAC36C03608CD317FDCD0A6A98608DF4CC10D55 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
02:01:14.0788 0x0df0  usbohci - ok
02:01:14.0804 0x0df0  [ 29C9572F2D061CFC3C0BD48A3163E343, 2527DCC9E6D421F5DC40051C787A5270EB077746785465C9AA2A2AEEF47307D5 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
02:01:14.0835 0x0df0  usbprint - ok
02:01:14.0851 0x0df0  [ 429477D6DEF3321FF7D3EF23CAAADA00, BB7D2AFE99736AAFFA8B0B2DABF7D6A6D5CB9563B1DE6A7E86CE7DC9D27F31C0 ] usbser          C:\WINDOWS\System32\drivers\usbser.sys
02:01:14.0866 0x0df0  usbser - ok
02:01:14.0897 0x0df0  [ 0CC16F7B91C57AE9A4E44425A295FDAA, 7CEE11955E5742DA390601F565412C14A7481B8747C495CCD246696C56B426DC ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
02:01:14.0929 0x0df0  USBSTOR - ok
02:01:14.0944 0x0df0  [ C917D09064CDBD18F75ADC9B2C48F847, A7F6223346CCD7E84186CD0C0715014F8E3A4398298925A43290224678620D23 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
02:01:14.0975 0x0df0  usbuhci - ok
02:01:15.0007 0x0df0  [ CED4FE214D4D03E29BD1041597057F38, 67A8471DF97A6733E35F2A2585C4630441C83109B2FF74D31A25A8E7744E6880 ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
02:01:15.0054 0x0df0  usbvideo - ok
02:01:15.0132 0x0df0  [ 95BCCEFBC40D06484CF16144FE79B8A5, 8ABA73C5FFEDD319FB96B807AD08716698E557522478DF1A2C5D662675636AE0 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
02:01:15.0210 0x0df0  USBXHCI - ok
02:01:15.0366 0x0df0  [ 4CC81AB9D380A6264FF4C0C1512CF965, 76C33053D1C9155B0F3F8392FF982AD4EABEE2BBBEE89EA41DBFE8E436973EB0 ] UserDataSvc     C:\WINDOWS\System32\userdataservice.dll
02:01:15.0460 0x0df0  UserDataSvc - ok
02:01:15.0522 0x0df0  [ 8F6DAAFDDDA27D83ACC8C7FF1536CAF6, 5E1B67A5B388CBB3B193C238546BAD4DC5F5DF54859E16607A60681E6D38FA73 ] UserManager     C:\WINDOWS\System32\usermgr.dll
02:01:15.0679 0x0df0  UserManager - ok
02:01:15.0710 0x0df0  [ C7CC4F8EA7FC1DE4221103B39360ABA0, 00B12186D731C3869022DCE763B243123D4E0B9BD0EA52AD9C95F9416F13FFD1 ] UsoSvc          C:\WINDOWS\system32\usocore.dll
02:01:15.0819 0x0df0  UsoSvc - ok
02:01:15.0835 0x0df0  [ FD0FC10A8CFD7AFEC58BBBE649BAA470, 9BDBD540FCF33FC01AB896D50A872E2FB5A007225FA003C528E6DCBDBEE19C25 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
02:01:15.0866 0x0df0  VaultSvc - ok
02:01:15.0882 0x0df0  [ 0CBDE344FB48E42D78E29469F202ADBC, A1C3FBA5409DD3BBEAF1D3CE2583D6C8A621C0E4F534155EC540AFD67BC9E8CA ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
02:01:15.0897 0x0df0  vdrvroot - ok
02:01:15.0944 0x0df0  [ 0783EDE1FA94649ED7F3CEF6A734041A, 1A13A613EF6B67459031C7994FFC6F32F73E02E0F123A171618E4F011C635684 ] vds             C:\WINDOWS\System32\vds.exe
02:01:16.0007 0x0df0  vds - ok
02:01:16.0038 0x0df0  [ 723195568C8755CAD57F7933C5F2C5C2, 5C403799F67223605F825BC16D217C1EF5E1A0DDF00AC6380FE8976339B67D9B ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
02:01:16.0054 0x0df0  VerifierExt - ok
02:01:16.0101 0x0df0  [ C12B4859FC255AA6B3021CF8BB14A11F, E95922351825D23ABCADD173E9256FC9AFFF28555DD1971CFF5666A2055958C5 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
02:01:16.0147 0x0df0  vhdmp - ok
02:01:16.0179 0x0df0  [ 7929228F0E8B0C2FA0495A17A4FC27F6, 1F1667B10A96B1D85ED165F62A5C0EF28C37F828B8280EA08BFCC1BAC03F2C90 ] vhf             C:\WINDOWS\System32\drivers\vhf.sys
02:01:16.0210 0x0df0  vhf - ok
02:01:16.0257 0x0df0  [ AEE432ED868831B1F068E373598F6D93, BAE91F47B0CB94B826CA010B490AD924D7B715911DF3FCE62F9165F3B571105C ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
02:01:16.0272 0x0df0  vmbus - ok
02:01:16.0288 0x0df0  [ 9444B23FC694B5F90F21B0FC7F10D8DD, 86F92856F5C985DD8E5993B51E85E1F47EF8C9B2FB37468998C94266963BB4BD ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
02:01:16.0335 0x0df0  VMBusHID - ok
02:01:16.0351 0x0df0  [ 4D0287F566B36536DD812A54C015FC4A, 01D6508CA59CF04A47902B1F7C202FD14A81240E0B447588D919DD1072B040CF ] vmgid           C:\WINDOWS\System32\drivers\vmgid.sys
02:01:16.0414 0x0df0  vmgid - ok
02:01:16.0461 0x0df0  [ A6CA116884BE5352829D2E538AD56A87, 9C58A15E15433EA92E3DDB38BB446700BD620D43B0F46EDD578349676B4B4D76 ] vmicguestinterface C:\WINDOWS\System32\icsvc.dll
02:01:16.0539 0x0df0  vmicguestinterface - ok
02:01:16.0570 0x0df0  [ A6CA116884BE5352829D2E538AD56A87, 9C58A15E15433EA92E3DDB38BB446700BD620D43B0F46EDD578349676B4B4D76 ] vmicheartbeat   C:\WINDOWS\System32\icsvc.dll
02:01:16.0648 0x0df0  vmicheartbeat - ok
02:01:16.0680 0x0df0  [ A6CA116884BE5352829D2E538AD56A87, 9C58A15E15433EA92E3DDB38BB446700BD620D43B0F46EDD578349676B4B4D76 ] vmickvpexchange C:\WINDOWS\System32\icsvc.dll
02:01:16.0726 0x0df0  vmickvpexchange - ok
02:01:16.0742 0x0df0  [ DC3172A6EB5DDB5EF94CB734CB7D4E63, 812971E0C2C18C876FFC9A46F1563801894C2EE9DD01CE1A641A0C68C0C1C6E2 ] vmicrdv         C:\WINDOWS\System32\icsvcext.dll
02:01:16.0820 0x0df0  vmicrdv - ok
02:01:16.0851 0x0df0  [ A6CA116884BE5352829D2E538AD56A87, 9C58A15E15433EA92E3DDB38BB446700BD620D43B0F46EDD578349676B4B4D76 ] vmicshutdown    C:\WINDOWS\System32\icsvc.dll
02:01:16.0898 0x0df0  vmicshutdown - ok
02:01:16.0914 0x0df0  [ A6CA116884BE5352829D2E538AD56A87, 9C58A15E15433EA92E3DDB38BB446700BD620D43B0F46EDD578349676B4B4D76 ] vmictimesync    C:\WINDOWS\System32\icsvc.dll
02:01:16.0930 0x0df0  vmictimesync - ok
02:01:16.0945 0x0df0  [ A6CA116884BE5352829D2E538AD56A87, 9C58A15E15433EA92E3DDB38BB446700BD620D43B0F46EDD578349676B4B4D76 ] vmicvmsession   C:\WINDOWS\System32\icsvc.dll
02:01:16.0961 0x0df0  vmicvmsession - ok
02:01:16.0992 0x0df0  [ DC3172A6EB5DDB5EF94CB734CB7D4E63, 812971E0C2C18C876FFC9A46F1563801894C2EE9DD01CE1A641A0C68C0C1C6E2 ] vmicvss         C:\WINDOWS\System32\icsvcext.dll
02:01:17.0023 0x0df0  vmicvss - ok
02:01:17.0039 0x0df0  [ 29075915F9BDC3437F8BED71C067D399, 2C7718080C11DFDD4C9A2085537F78F5633369B4A27D9C64168F0249594A4AA2 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
02:01:17.0055 0x0df0  volmgr - ok
02:01:17.0055 0x0df0  [ 6BDB6CE6D2D9E3D3F28F1C97E12B62E2, 5E77D7AF858D7B90FF395F39B86D6F96413D1DDEA28BC9FB40C5524A4DF6DAD0 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
02:01:17.0086 0x0df0  volmgrx - ok
02:01:17.0086 0x0df0  [ BF2546583BB75F01DDA60A7921DFB230, 579BD0BC55F4F03CD8D1FCDAC3975A1649C688820F2F7FC1AD354132D9E3BEE9 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
02:01:17.0117 0x0df0  volsnap - ok
02:01:17.0133 0x0df0  [ AC2E20A74D09D24485BE8396CE04F07B, 23FCE8BEE01B89E5CDCA536D75DBA6DCE3E92E13178A66836CEB7829310A89D1 ] volume          C:\WINDOWS\system32\drivers\volume.sys
02:01:17.0148 0x0df0  volume - ok
02:01:17.0164 0x0df0  [ 04BEC879AD7B3FDDD0339B19FECB0160, 8C92755DDB41AD7DDA1643D7F32FAA0FCA7E2C65C69611EB5EC1B3276EA8DBC7 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
02:01:17.0180 0x0df0  vpci - ok
02:01:17.0211 0x0df0  [ FD9BCB8920973CEAD4D49DC7A6D8A618, 34AB4A485FB40DF737600006D8323BE927FB0BDA2BC170F4C123BE775EAE7CC8 ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
02:01:17.0226 0x0df0  vsmraid - ok
02:01:17.0289 0x0df0  [ 01FFD5AF533F2CFDF26DDDC9313731C1, BFF0F2E57CD2358AC8F519F6F5692A46D97EC4E9B763D47101CEF31712FD4738 ] VSS             C:\WINDOWS\system32\vssvc.exe
02:01:17.0351 0x0df0  VSS - ok
02:01:17.0367 0x0df0  [ 0C111F220798CCE80484026E06822379, B98A5E44D3ABA67E6DE99E18BF3C2C606923E6269E262665C721F672ACBBED2A ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
02:01:17.0398 0x0df0  VSTXRAID - ok
02:01:17.0414 0x0df0  [ 607639716E9DB1CEF4E18B5B229293B4, 1D997177093F907EFE8A04AD10443BB9C355C0D7657DBD449E7EE7FCABC3ECBC ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
02:01:17.0445 0x0df0  vwifibus - ok
02:01:17.0461 0x0df0  [ B1ED64E628763148BF84FBE23F2AD711, 6182A39675E6049BC3DD353694720795A8E3D0331509AA8ABA4883D5C569AD5E ] vwififlt        C:\WINDOWS\system32\drivers\vwififlt.sys
02:01:17.0508 0x0df0  vwififlt - ok
02:01:17.0523 0x0df0  [ 59920894C38A827091A06AF559834E47, 8B40FE0B1BA3B2A79BFF70803D039DB921F85C978724722E5E5AFF188FA75471 ] vwifimp         C:\WINDOWS\System32\drivers\vwifimp.sys
02:01:17.0555 0x0df0  vwifimp - ok
02:01:17.0711 0x0df0  [ E7DE2794DF35F02868513D9594BF10FD, 89CB88814A5F7ACCFAC6FB5E3388B6922E1F8DCBB275531826DD04419BF74A7A ] W32Time         C:\WINDOWS\system32\w32time.dll
02:01:17.0820 0x0df0  W32Time - ok
02:01:17.0836 0x0df0  [ 55D00B785A7587F4263D125817871283, B92400B229099C1E243F2B149881A1423A2E9C8CA2D77D868B9B923BFDEC7FF2 ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
02:01:17.0883 0x0df0  WacomPen - ok
02:01:17.0914 0x0df0  [ 1483BE4D0135C378CB61D3CD73AB3E03, B7309C9E4F370860C507BF52D17234CDF4A7FAE95D2D822714E07EF5DEC0249B ] WalletService   C:\WINDOWS\system32\WalletService.dll
02:01:17.0992 0x0df0  WalletService - ok
02:01:18.0023 0x0df0  [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:01:18.0102 0x0df0  wanarp - ok
02:01:18.0102 0x0df0  [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:01:18.0180 0x0df0  wanarpv6 - ok
02:01:18.0305 0x0df0  [ 30B8286F8FE1AE90A583100D45E02247, 3C86A4A5E21F9A1267EA231B20914E0A162BA4C25FE8917AD3AB6D504DA5BE0C ] wbengine        C:\WINDOWS\system32\wbengine.exe
02:01:18.0445 0x0df0  wbengine - ok
02:01:18.0539 0x0df0  [ 6BE945D6DE02713BAD8627205CDF9F48, F6548EAF5D67DA4682D8B31E5B565606DEAAB9276B44F25F1A4203AB61B9400B ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
02:01:18.0648 0x0df0  WbioSrvc - ok
02:01:18.0680 0x0df0  [ CD24DEEA22152524CCFE859591D12A57, C60ACF77647E5D6EDC10BBBCF974DF264145123C8EDB6506AFA9C949EBA53D7F ] wcifs           C:\WINDOWS\system32\drivers\wcifs.sys
02:01:18.0727 0x0df0  wcifs - ok
02:01:18.0758 0x0df0  [ 32960EA9CF836D7DD77767DCB68CE230, 679446A4FAB0331C181D2716CAEA225267C6164BB9867E360C5B3D6AB1083195 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
02:01:18.0836 0x0df0  Wcmsvc - ok
02:01:18.0852 0x0df0  [ D50645235A507B0546B1B5CF7D0B8849, 19F5FE10C953B8EE8EEDA9A9F7F2E97AA193BB085E7FC364066686089ADD1C9F ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
02:01:18.0898 0x0df0  wcncsvc - ok
02:01:18.0898 0x0df0  [ AEA1093B751339267D8C8C1EF3D669CF, 8F3325E7FB16BD856A0593C36F2E3E018909038C52CD5F92E116E0C1366F31CB ] wcnfs           C:\WINDOWS\system32\drivers\wcnfs.sys
02:01:18.0945 0x0df0  wcnfs - ok
02:01:18.0977 0x0df0  [ D520B1B849B6D4D707AB31722B952C2D, 149BABB7BD63C1F212ADD9306C84FFB2A5CE6DC435BD3213EAB787E9B222C61F ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
02:01:19.0008 0x0df0  WdBoot - ok
02:01:19.0070 0x0df0  [ 5030C76047D756263093A47B82970868, E772F15973F6DE36851DD230F1F4190746CD81CA1E7284DC074711C4BF45CAF0 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
02:01:19.0133 0x0df0  Wdf01000 - ok
02:01:19.0164 0x0df0  [ 29FF9199EDEB4F5470BB134D1A2563D2, 94713F98A6EA6042203D5DD0DE6758F5F0F331F7D4BB05E91EF20CEEEBD6780F ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
02:01:19.0211 0x0df0  WdFilter - ok
02:01:19.0273 0x0df0  [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
02:01:19.0367 0x0df0  WdiServiceHost - ok
02:01:19.0383 0x0df0  [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
02:01:19.0414 0x0df0  WdiSystemHost - ok
02:01:19.0446 0x0df0  [ 373DF27CD5D5E50FFA2A90FEE0C0D994, 09E6C6C690AEE1C1A9A84BBA87A934040B2A20F677E5F5B2D24F8433B61BD81E ] wdiwifi         C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
02:01:19.0555 0x0df0  wdiwifi - ok
02:01:19.0571 0x0df0  [ 17CF416CFF408190F5A4CBD79AB12E55, E376C8865C7EA633AE20D2CF940E4C7584AC783BAAF7941780FB6C4C84802F33 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
02:01:19.0586 0x0df0  WdNisDrv - ok
02:01:19.0633 0x0df0  WdNisSvc - ok
02:01:19.0680 0x0df0  [ 3570C4E14F85CE0B537D126727ACA91C, A474C9E6B6E4E5945C63367C1D3D24D4782C4A4FEB00FAE15DFED099D8283078 ] WebClient       C:\WINDOWS\System32\webclnt.dll
02:01:19.0758 0x0df0  WebClient - ok
02:01:19.0805 0x0df0  [ 1785F9C96A0BDEC1F6E0C79EF412F342, D6D4EDA69457BEDDA69C2F60FC4C2FAC97D46CD8E9C1804CCD68F169383583E3 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
02:01:19.0868 0x0df0  Wecsvc - ok
02:01:19.0883 0x0df0  [ B9175D63527B05131F2FA504CF0265F2, 1E43A17788F1B6A29E2889C81E0BE100D64BD3A9DEE7C154D9581F01D2D7D05F ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
02:01:19.0914 0x0df0  WEPHOSTSVC - ok
02:01:19.0914 0x0df0  [ 5C58EC0C9D4DE04DCDE56F6DCEA62080, 8ED386EDF4C39C339CE0BB2AC7E199C38705E5A6B3F56A4987B9A8ABD19BB59F ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
02:01:19.0977 0x0df0  wercplsupport - ok
02:01:20.0008 0x0df0  [ F899B355CC95AF26AB36E84E8A0DD685, C400F2F80FFF6473FEF066943C4A2AFF0FFE988A4F755757A2E5005C2A10DAD8 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
02:01:20.0086 0x0df0  WerSvc - ok
02:01:20.0122 0x0df0  [ E1785942AC51FEE6826CDF02075C5AA9, 56FE7017684086F4F9C3A2C0D3AC00369BA0938BA3987EEBEE9A75B8E3CA0AE1 ] WFPLWFS         C:\WINDOWS\system32\drivers\wfplwfs.sys
02:01:20.0163 0x0df0  WFPLWFS - ok
02:01:20.0199 0x0df0  [ B154618505A6A9026EFA6AB8C4123BF1, 713648D71AA027B4472E7E75B942630DBE7383687984B02A5E99C9E4192C95EB ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
02:01:20.0215 0x0df0  WiaRpc - ok
02:01:20.0246 0x0df0  [ 0CF79A0EACFFBB75A50A469A27696D02, E112BF7B5A8D0B0AD2EA0E7B9FD4E8CFEC9371C8E94A60248292D688AFE715C4 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
02:01:20.0261 0x0df0  WIMMount - ok
02:01:20.0261 0x0df0  WinDefend - ok
02:01:20.0277 0x0df0  [ 0DE131733317EB4BE67028366B0CAAC6, AC7DADBF03A3752B4D33CA19F03DBCEDD6F56893C2DA25C98B0AB07063D990E3 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
02:01:20.0293 0x0df0  WindowsTrustedRT - ok
02:01:20.0308 0x0df0  [ 92EB5D38BDF10C790450F3E46BF93A0E, 0FC027398DBD43EDC1F7D703C0B6DB20294DF34E67C9288442039B1A5663CE1B ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
02:01:20.0324 0x0df0  WindowsTrustedRTProxy - ok
02:01:20.0371 0x0df0  [ C9E7D91A044B77CBCB4121C06610A86C, 9FF039D67A5CE4732920EA4F1F5CFD9DE0AAADC34829A007EA697030D42D3623 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
02:01:20.0418 0x0df0  WinHttpAutoProxySvc - ok
02:01:20.0449 0x0df0  [ F95DE20312ACCA7761446DE152BD1F7C, F6C5ACA500C2182437F4A7402BD81C3A2B77C0BBD78BA31FB574DC1997FCBFE6 ] WinMad          C:\WINDOWS\System32\drivers\winmad.sys
02:01:20.0480 0x0df0  WinMad - ok
02:01:20.0543 0x0df0  [ CD49CA8E3280ACEEC5ECF431A59F5EFD, 75F48EFC6DEE9E06B490703EE47602AFDEA51505285B02D2CF884601E71857CC ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
02:01:20.0605 0x0df0  Winmgmt - ok
02:01:20.0761 0x0df0  [ F86E9029774478D276E0AAB7D169896D, EDCB96F745E1F16BDFF70B140B38412096FA29A407157183223AE6111CBB4B38 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
02:01:20.0886 0x0df0  WinRM - ok
02:01:20.0980 0x0df0  [ 4EFB346BFDAEEB29316AA52BBB9852B1, 4BC5554F44BD9549D0A929D77BD410FA3EB502A7D0170303D369268672505494 ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
02:01:21.0027 0x0df0  WINUSB - ok
02:01:21.0043 0x0df0  [ 8B9AFF5F08E66A6F1F1063DEC9457FB6, 98F2AF6988D125521FD34CAA48B9652922F0C8ECFAE9B0C1DF4B3CE6B9CF500F ] WinVerbs        C:\WINDOWS\System32\drivers\winverbs.sys
02:01:21.0090 0x0df0  WinVerbs - ok
02:01:21.0168 0x0df0  [ 3A627A24EAC6CEC3BA59548AA70BAD6E, C4B908CEB2D6F7F14C635AE02E20B16DAF795073975AE3967627D27E8ABAB015 ] WirelessKeyboardFilter C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys
02:01:21.0199 0x0df0  WirelessKeyboardFilter - ok
02:01:21.0277 0x0df0  [ 4D694EDF85F1BFC463B15846D4E00A9B, 4ED44C0E22D2843121E4C8A58F97B526BB7D85C0D7A0BB4B1158A970258C791E ] wisvc           C:\WINDOWS\system32\flightsettings.dll
02:01:21.0402 0x0df0  wisvc - ok
02:01:21.0590 0x0df0  [ B155B02AFF09DEFBC7FC8B359747B2C3, 6F759629305B4BDF08FC9C99C8EE3F328D87E8703819D98E1452D6A9F5D9896C ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
02:01:21.0699 0x0df0  WlanSvc - ok
02:01:21.0808 0x0df0  [ 7A98AF088E0B1A5EB98863B14F493716, 8B2F8D02AC0637C72859AF29C05C01D7D1C81C6A15CBE2D579F27F3254E66076 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
02:01:21.0933 0x0df0  wlidsvc - ok
02:01:21.0980 0x0df0  [ 6F4F4F5A007D1710BD76FB311DA97C07, FC0FEA4364F6BA4E31DBC82735D09D429CA3BE9AFCFF5D5E1263D8B27FC2CE3E ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
02:01:22.0027 0x0df0  WmiAcpi - ok
02:01:22.0136 0x0df0  [ 3CDDFF6CAD962C5EF1C52FD667C358B6, F6F09145E9461EB17172988D26749FCF36920A1A683459334D04A6D072B31A92 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
02:01:22.0168 0x0df0  wmiApSrv - ok
02:01:22.0199 0x0df0  WMPNetworkSvc - ok
02:01:22.0261 0x0df0  [ EDADABA8665AB5C51BF59C4E2566BA7E, C85337881856B466F61DFA1E69FC2FD8250085D299A5DE052BFA80C83FD5EFD0 ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
02:01:22.0324 0x0df0  Wof - ok
02:01:22.0355 0x0df0  [ F02930EB91596042F2221397D60AFCE5, 10E2AB0993B67CBAA9E11C68280608965064EC9F7E0C570F5B453FACADB8AB5D ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
02:01:22.0387 0x0df0  WPDBusEnum - ok
02:01:22.0418 0x0df0  [ 75A9284F01FE7CB1A7D5EAE5C1EB4F33, 390EF23AEA06D8711555F7979FF8BE0620B53C1A551638C4EC6FB7C6678965B3 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
02:01:22.0434 0x0df0  WpdUpFltr - ok
02:01:22.0449 0x0df0  [ 60E2EB3E7B7F15C25E02462159F90707, D8344B529EEC0D4922CAC3E6897CC9F191ACF1376017BE38ED6BF6019F1ED181 ] WpnService      C:\WINDOWS\system32\WpnService.dll
02:01:22.0496 0x0df0  WpnService - ok
02:01:22.0527 0x0df0  [ C7C91FB86A3C6CD7619725A88ED1884C, 132C43C518F37BF303D768BD5FB0AB835F693C43FE693937D804A34E940D770F ] WpnUserService  C:\WINDOWS\System32\WpnUserService.dll
02:01:22.0574 0x0df0  WpnUserService - ok
02:01:22.0621 0x0df0  [ 36D7B73ADC3E10607ED6EC874AFB5D1E, 1737B3E4D2CA76BB27903BF460E4960E6A0BC32D35069AC7C5E4B07F625F3282 ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
02:01:22.0699 0x0df0  ws2ifsl - ok
02:01:22.0746 0x0df0  [ 519806FBCF00A0B17B8E03297DB0F551, 1911EA7168B06DBF3D36833120E4731437BF1ACC294C289B132C50280A40F548 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
02:01:22.0793 0x0df0  wscsvc - ok
02:01:22.0793 0x0df0  WSearch - ok
02:01:22.0918 0x0df0  [ DB38A10568D01CCCDA442C8F52EDF657, C48AE43F8AE22B1A68E73E452C09CE8913885A549DCD33D017A16350AEA5EAB5 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
02:01:23.0152 0x0df0  wuauserv - ok
02:01:23.0246 0x0df0  [ AED7FE551E8672B824A56324076183EB, FFE543AAEFDEFFE6B20C244DB141A9425BDA88ED36F4870F0B70FEC433BDF0C1 ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
02:01:23.0465 0x0df0  WudfPf - ok
02:01:23.0527 0x0df0  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
02:01:23.0746 0x0df0  WUDFRd - ok
02:01:23.0965 0x0df0  [ 47F6450F28BAA32B2AB0D6BE00996249, C8A47D6ADF89AD613AB685C6224B9099DCEFDCD8ABCF703542AFDC356404116E ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
02:01:24.0027 0x0df0  wudfsvc - ok
02:01:24.0059 0x0df0  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
02:01:24.0121 0x0df0  WUDFWpdFs - ok
02:01:24.0215 0x0df0  [ 42DF36725C1B28EF40F94363BA9213ED, 87F7355FEF000326BFFC9ED24D6E32D05F36A549779A1D319603F94E6D8223FD ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
02:01:24.0277 0x0df0  WwanSvc - ok
02:01:24.0371 0x0df0  [ 38DDEB2AFE7D72B43DB116DACBFB97CD, 516368980793E22034298CA9C800D1AAD5B89979771182B74EB6E5FBC8BA1016 ] XblAuthManager  C:\WINDOWS\System32\XblAuthManager.dll
02:01:24.0466 0x0df0  XblAuthManager - ok
02:01:24.0529 0x0df0  [ 765FF96467A26C4C03281ECA426EC2D9, 2526B03C518D72F429C29BA4D4F11707AF277BF71520A1A92238A932950AE161 ] XblGameSave     C:\WINDOWS\System32\XblGameSave.dll
02:01:24.0607 0x0df0  XblGameSave - ok
02:01:24.0654 0x0df0  [ 59335CEA021FB89E07AD5DB5D17F09D0, 33FEFD5798BFA306FBEDCC8F2D0D984B6546A61B5026E921A8AC0466ADF2B698 ] xboxgip         C:\WINDOWS\System32\drivers\xboxgip.sys
02:01:24.0732 0x0df0  xboxgip - ok
02:01:24.0841 0x0df0  [ 335E6F2BE58523B295945C840C185B00, 94ED7E2CB212A3D55B8A2CB90CD1D02A6AF92DC0DDD487CB5B7CAC9883343460 ] XboxNetApiSvc   C:\WINDOWS\system32\XboxNetApiSvc.dll
02:01:24.0950 0x0df0  XboxNetApiSvc - ok
02:01:24.0966 0x0df0  [ 864F4209B03BE4267DDE09B067A165CA, C6751CB80940F320A742C38295E4FEEC85F99BE7D6C564AC5F5068E85A82421D ] xinputhid       C:\WINDOWS\System32\drivers\xinputhid.sys
02:01:25.0013 0x0df0  xinputhid - ok
02:01:25.0091 0x0df0  ZeroConfigService - ok
02:01:25.0091 0x0df0  ================ Scan global ===============================
02:01:25.0169 0x0df0  [ 0C710DB449712EE13ACE733695DB7780, BBC7875B38D318CE4E88979D083AC72E8993254A466A8A6882DDE9E0C3B687A3 ] C:\WINDOWS\system32\basesrv.dll
02:01:25.0216 0x0df0  [ 1FEF9536BA2779E2F3CB524E34BAC715, 6387C7E2FD538EFD9AC19B622AEC81F6F924576FDAB6F003AF5B6CBD33F6A379 ] C:\WINDOWS\system32\winsrv.dll
02:01:25.0263 0x0df0  [ 1EE06E957B0B2CA52D26DA7861E160EF, 4B743A1C7010138F5F6684BBCF7CAD6FD05F49920BDD3FDB776347AA6B44AB94 ] C:\WINDOWS\system32\sxssrv.dll
02:01:25.0310 0x0df0  [ 133390D061D94917125DC666DA67ECD0, 69D6FFF3E0A0C4D77A62B4D71E1E3A8D10D93C46782A1B05F0EC4B8919C384B9 ] C:\WINDOWS\system32\services.exe
02:01:25.0325 0x0df0  [ Global ] - ok
02:01:25.0325 0x0df0  ================ Scan MBR ==================================
02:01:25.0341 0x0df0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
02:01:25.0435 0x0df0  \Device\Harddisk0\DR0 - ok
02:01:25.0435 0x0df0  ================ Scan VBR ==================================
02:01:25.0435 0x0df0  [ A15DB3910623D378CDD041A411600D5A ] \Device\Harddisk0\DR0\Partition1
02:01:25.0435 0x0df0  \Device\Harddisk0\DR0\Partition1 - ok
02:01:25.0466 0x0df0  [ 4CB6FE7FCB336284E1D070056366A66C ] \Device\Harddisk0\DR0\Partition2
02:01:25.0466 0x0df0  \Device\Harddisk0\DR0\Partition2 - ok
02:01:25.0482 0x0df0  [ C4671B08AF1C4A66382A1938863C3AB3 ] \Device\Harddisk0\DR0\Partition3
02:01:25.0482 0x0df0  \Device\Harddisk0\DR0\Partition3 - ok
02:01:25.0482 0x0df0  [ AD4B821BBBF3BC9AE0D2842D7E4F7B73 ] \Device\Harddisk0\DR0\Partition4
02:01:25.0482 0x0df0  \Device\Harddisk0\DR0\Partition4 - ok
02:01:25.0482 0x0df0  ================ Scan generic autorun ======================
02:01:25.0575 0x0df0  [ BDBD361050F436856AAD571F981819BA, 76F2C97A7E8512B801064EB8936A0F1DD31E8152CA94E6ADD3F41551DFDA5F43 ] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
02:01:25.0654 0x0df0  lxeamon.exe - ok
02:01:25.0685 0x0df0  [ 8EA3BE4CCC814F5AE1EA4E4EEF4D577A, 5AFD8D8FCADAE65FDD0077C432B9270695AFD00320C99EC9E9C78516BFC77D4C ] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
02:01:25.0716 0x0df0  EzPrint - ok
02:01:25.0716 0x0df0  SynTPEnh - ok
02:01:25.0763 0x0df0  [ 6EACC43D0542EF88226FB34B0B12EDB0, 6345E4B49D7F804F6DE042F981AB172822B6AB74C42209BEFB0582B019430884 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
02:01:25.0794 0x0df0  SunJavaUpdateSched - ok
02:01:25.0950 0x0df0  [ 1A774CBE54318A3411539BA10D47BEF5, 99CDBD90429FCAFA1C814E49EFF1160E8DC7D43B8F82E8AC33116BE7D42DBA9B ] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
02:01:26.0013 0x0df0  Malwarebytes Anti-Exploit - ok
02:01:26.0404 0x0df0  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
02:01:26.0732 0x0df0  OneDriveSetup - ok
02:01:27.0044 0x0df0  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
02:01:27.0232 0x0df0  OneDriveSetup - ok
02:01:27.0435 0x0df0  [ B06AABF698418A6863FB1FCF8A618F78, 5E8A78971997B0BA58E7D0E045B6391A8D6ADC5B1AE043F095AADC46698679BA ] C:\Users\dde.DESKTOP-PN259HG\AppData\Roaming\Dashlane\Dashlane.exe
02:01:27.0482 0x0df0  Dashlane - ok
02:01:27.0529 0x0df0  [ BDBDB91936CE826E3EDF76891BEE12F8, 41F0098402A657C920068B489869D510F2881538D003D2CF4CF99330BF3B7CD6 ] C:\Users\dde.DESKTOP-PN259HG\AppData\Roaming\Dashlane\DashlanePlugin.exe
02:01:27.0560 0x0df0  DashlanePlugin - ok
02:01:28.0029 0x0df0  [ A5945A0CFB0A6ED54DB29370F61F0CBF, 94F36F68AC524E9624FFFFCFB4F44807654DC87E7A41FD9900CAE9932BE5FADC ] C:\Program Files (x86)\GlassWire\glasswire.exe
02:01:28.0185 0x0df0  GlassWire - ok
02:01:28.0389 0x0df0  [ 8F2EA5EE0695CCE2285D92C44108375C, 2C96A8E7E41E87C27B6A3325526F99A03333357EF2682C17A4892BE4A58D157E ] C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe
02:01:28.0451 0x0df0  OneDrive - ok
02:01:28.0451 0x0df0  Waiting for KSN requests completion. In queue: 235
02:01:29.0545 0x0df0  AV detected via SS2: Norton Security, C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.7.1.32\WSCStub.exe ( 22.7.0.0 ), 0x51000 ( enabled : updated )
02:01:29.0576 0x0df0  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.0 ), 0x60100 ( disabled : updated )
02:01:29.0576 0x0df0  FW detected via SS2: Norton Security, C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.7.1.32\WSCStub.exe ( 22.7.0.0 ), 0x51010 ( enabled )
02:01:29.0951 0x0df0  ============================================================
02:01:29.0951 0x0df0  Scan finished
02:01:29.0951 0x0df0  ============================================================
02:01:29.0967 0x1774  Detected object count: 0
02:01:29.0967 0x1774  Actual detected object count: 0
 



#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:08 PM

Posted 24 August 2016 - 05:21 AM

Thank you very much!

 

 

Is there anything like strange symptoms or alarms from your antivirus program that makes you fear you're infected? Or what was the reason for running GMER?

 

Step 1

v21logo.PNG

Scan with Malwarebytes Anti-Malware.

  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png

  • Return to our forum. Paste your log into your next reply and then click Finish [7].

mbamv21.gif

 

 

Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:


settings.png



  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.


esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


Edited by deeprybka, 24 August 2016 - 05:27 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 motojon

motojon
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 24 August 2016 - 07:17 PM

Not really to be honest, noticed some windows moving on my screen as if someone was remoting in last week that seemed weird but nothing more than that.   I've have noticed my computer slowing down intermittently, but nothing unbearable.  About a week ago Norton shutdown on its own but i could re-enable it without problem.

 

Not sure if this is related but might explain my paranoia, a few months ago my android was cloned or hacked and the crooks ended up contacting me saying that they've been monitoring my text messages and phone for months, blah blah, they proved it by actually putting up pics of old texts on my phone, and saying i had to call some number or else they were going to post stuff on the internet. i told them to f'off, then i reset my phone and my daughters tablet which they also had control of. I haven't heard from them since. It was a big deal at the time but nothing came of it because i reset everything immediately, including my home router and even had my work completely reformat my laptop just to be safe...therefore there was no trace of them on any of my devices that the FBI could use to figure out what actually happened and the crooks have not contacted me since.

 

I think Verizon or the FBI or someone i talked to back when my phone was hacked mentioned to run gmer on my computers, I ran it recently after i noticed some windows moving around.

 

im following your instructions on the scan now and will post immediately. thanks again



#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:08 PM

Posted 31 August 2016 - 11:33 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users