Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected malware, identity theft.


  • Please log in to reply
6 replies to this topic

#1 porgandpoiss

porgandpoiss

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 23 August 2016 - 01:37 PM

Hello

My computer has been acting strange for some time. On August 22 while in Google accounts, the app warned me of authorization problems of some kind. I immediately turned suspicious. I ran a Malwarebytes scan and found 15 errors. I attached the log. I've also noticed some of my files and programs having multiple user groups: SYSTEM, Account unknown(S-1-5-21-1331788295-3651318079-3772849865-1000), Mihkel, Administrator, Administrators, INTERACTIVE. Some files have more "Account unknowns" and the malware found with Malwarebytes had two executables with almost the same name as unknown accounts under user security. I also experience random spikes in resource monitor for disk usage and network activity, even when the computer should be idle.

 

Looking forward to your help
Mihkel

Attached Files



BC AdBot (Login to Remove)

 


#2 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 27 August 2016 - 03:06 PM

Howdy porgandpoiss,

 

Some of the logs you posted show a fair bit of hack and crack downloads, so FYI, if subsequent logs show them actively installed, I will require you to remove them before we move on.

 

 

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).  

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document.  Once the file is created, open it and rightclick again and choose Paste.  Copy the information and post it here please.

----------------

Download RogueKiller from here to your desktop.

    Close all open programs
    Remember to right click -> run as administrator, and click the downloaded file.

Agree to the language prompt, and place a check next to:

Install 32 and 64 bits versions (Recommended for Technicians).

Then click Next until you get to the Finish button, and click it. RogueKiller will then open.

Click the Start Scan button, then again the Start Scan button.

When the scan finishes click the Open Report button. Then click the Open TXT button. Save that report to your desktop, and post it back here please. For now just close RogueKiller.


Ad eundum quo no duck ante iit

#3 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 27 August 2016 - 03:07 PM

If you would, please post the logs in your next reply, instead of just attaching them.


Ad eundum quo no duck ante iit

#4 porgandpoiss

porgandpoiss
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 29 August 2016 - 10:39 AM

Hello Jintan

 

I forgot to mention, that in my immediate panic after detecting malware, Windows Defender detected the same PUPs and files as Malwarebytes anti-malware and recommended to remove them which I did. I also ran TDSS scanner which found one malicious file. Im sorry for my reckless behavior. I attatched the TDSS scan result made on 23.08 as the last log. 

 

Below is the GMER log

 

GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-08-29 17:55:47
Windows 6.2.9200  x64 \Device\Harddisk1\DR1 -> \Device\00000030 SAMSUNG_HD103SJ rev.1AJ10001 931.51GB
Running: xnv4ciw0.exe; Driver: C:\Users\Mihkel\AppData\Local\Temp\uwldypob.sys
 
 
---- Threads - GMER 2.2 ----
 
Thread   C:\WINDOWS\system32\csrss.exe [636:684]                                                                                                                                                                                                                                  fffff96137f14030
Thread   C:\WINDOWS\system32\svchost.exe [868:1020]                                                                                                                                                                                                                               00007ff8fe948d90
Thread   C:\WINDOWS\system32\svchost.exe [104:2816]                                                                                                                                                                                                                               00007ff8f60a1a50
Thread   C:\WINDOWS\system32\svchost.exe [104:2844]                                                                                                                                                                                                                               00007ff8f0af3f50
Thread   C:\WINDOWS\system32\svchost.exe [104:660]                                                                                                                                                                                                                                00007ff8f0234ba0
Thread   C:\WINDOWS\system32\svchost.exe [104:3520]                                                                                                                                                                                                                               00007ff8f0af3f50
Thread   C:\WINDOWS\system32\svchost.exe [104:4024]                                                                                                                                                                                                                               00007ff8fd312750
Thread   C:\WINDOWS\system32\svchost.exe [104:4648]                                                                                                                                                                                                                               00007ff8fc7a1040
Thread   C:\WINDOWS\system32\svchost.exe [104:4664]                                                                                                                                                                                                                               00007ff8ee624c50
Thread   C:\WINDOWS\system32\svchost.exe [104:4440]                                                                                                                                                                                                                               00007ff8ee624c50
Thread   C:\WINDOWS\system32\svchost.exe [104:7384]                                                                                                                                                                                                                               00007ff8df7b3f10
Thread   C:\WINDOWS\system32\svchost.exe [104:9008]                                                                                                                                                                                                                               00007ff8df7a6760
Thread   C:\WINDOWS\system32\svchost.exe [104:8420]                                                                                                                                                                                                                               00007ff8df537b00
Thread   C:\WINDOWS\system32\svchost.exe [104:8552]                                                                                                                                                                                                                               00007ff8df748050
Thread   C:\WINDOWS\system32\svchost.exe [104:5336]                                                                                                                                                                                                                               00007ff8df576ba0
Thread   C:\WINDOWS\system32\svchost.exe [104:5688]                                                                                                                                                                                                                               00007ff8df57a8d0
Thread   C:\WINDOWS\system32\svchost.exe [104:11400]                                                                                                                                                                                                                              00007ff8f0efc040
Thread   C:\WINDOWS\system32\svchost.exe [104:5432]                                                                                                                                                                                                                               00007ff8f0efc040
Thread   C:\WINDOWS\system32\svchost.exe [104:4068]                                                                                                                                                                                                                               00007ff8f0efc040
Thread   C:\WINDOWS\system32\svchost.exe [104:9380]                                                                                                                                                                                                                               00007ff8dfc757a0
Thread   C:\WINDOWS\system32\svchost.exe [104:9952]                                                                                                                                                                                                                               00007ff8ef15c330
Thread   C:\WINDOWS\system32\svchost.exe [104:1192]                                                                                                                                                                                                                               00007ff8ef15c330
Thread   C:\WINDOWS\system32\svchost.exe [392:7840]                                                                                                                                                                                                                               00007ff8f0efc040
Thread   C:\WINDOWS\system32\svchost.exe [392:6492]                                                                                                                                                                                                                               00007ff8f0efc040
Thread   C:\WINDOWS\system32\svchost.exe [392:7936]                                                                                                                                                                                                                               00007ff8f0efc040
Thread   C:\WINDOWS\System32\svchost.exe [1084:1984]                                                                                                                                                                                                                              00007ff8f98b10a0
Thread   C:\WINDOWS\System32\svchost.exe [1084:7672]                                                                                                                                                                                                                              00007ff8e12e9dd0
Thread   C:\WINDOWS\System32\svchost.exe [1084:7676]                                                                                                                                                                                                                              00007ff8e12e2450
Thread   C:\WINDOWS\System32\svchost.exe [1084:11904]                                                                                                                                                                                                                             00007ff8f93a1670
Thread   C:\WINDOWS\System32\svchost.exe [1084:5232]                                                                                                                                                                                                                              00007ff8f16e6320
Thread   C:\WINDOWS\system32\svchost.exe [1420:2972]                                                                                                                                                                                                                              00007ff8f06d1240
Thread   C:\WINDOWS\system32\svchost.exe [1420:2976]                                                                                                                                                                                                                              00007ff8f0889490
Thread   C:\WINDOWS\system32\svchost.exe [1420:3052]                                                                                                                                                                                                                              00007ff8f00f29b0
Thread   C:\WINDOWS\system32\svchost.exe [1420:3480]                                                                                                                                                                                                                              00007ff8ed053d30
Thread   C:\WINDOWS\system32\svchost.exe [1420:4924]                                                                                                                                                                                                                              00007ff8ed0522b0
Thread   C:\WINDOWS\System32\spoolsv.exe [2024:2044]                                                                                                                                                                                                                              00007ff902be47b0
Thread   C:\WINDOWS\System32\spoolsv.exe [2024:6656]                                                                                                                                                                                                                              00007ff8f16e6320
Thread   C:\WINDOWS\System32\spoolsv.exe [2024:6648]                                                                                                                                                                                                                              00007ff8f16629a0
Thread   C:\WINDOWS\System32\spoolsv.exe [2024:7172]                                                                                                                                                                                                                              00007ff8e1e71180
Thread   C:\WINDOWS\System32\spoolsv.exe [2024:7176]                                                                                                                                                                                                                              00007ff8e1f0d430
Thread   C:\WINDOWS\system32\svchost.exe [7664:5428]                                                                                                                                                                                                                              00007ff8f0efc040
Thread   C:\Program Files\Windows Defender\MSASCui.exe [7300:4144]                                                                                                                                                                                                                00007ff8fe342850
Thread   C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe [884:12164]                                                                                                                                                                                            00007ff8fa53e200
Thread   C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe [884:4276]                                                                                                                                                                                             00007ff8f547fc00
Thread   C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe [884:9724]                                                                                                                                                                                             00007ff8fb7dcad4
Thread   C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6820:372]                                                                                                                                                                                                           00007ff902d07bd0
Thread   C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6820:9688]                                                                                                                                                                                                          00007ff900c48f90
Thread   C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6820:3936]                                                                                                                                                                                                          00007ff8f786b530
Thread   C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6820:5328]                                                                                                                                                                                                          00007ff900c4a090
Thread   C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6820:2820]                                                                                                                                                                                                          00007ff8fe210880
Thread   C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6820:5932]                                                                                                                                                                                                          00007ff900c48f90
Thread   C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6820:5788]                                                                                                                                                                                                          00007ff902d07bd0
Thread   C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6820:2828]                                                                                                                                                                                                          00007ff902d07bd0
Thread   C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6820:8096]                                                                                                                                                                                                          00007ff902d07bd0
Thread   C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6820:7864]                                                                                                                                                                                                          00007ff8febfecf0
Thread   C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6820:3276]                                                                                                                                                                                                          00007ff8f547fc00
Thread   C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6820:9344]                                                                                                                                                                                                          00007ff8fb7dcad4
Thread   C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6820:8268]                                                                                                                                                                                                          00007ff8f7606a00
Thread   C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [11480:7628]                                                                                                                                                                                             00000000779bc6d0
Thread   C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [11480:7244]                                                                                                                                                                                             00000000779bc6d0
Thread   C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [11480:10288]                                                                                                                                                                                            00000000779bc6d0
Thread   C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [11480:7816]                                                                                                                                                                                             00000000779bc6d0
---- Processes - GMER 2.2 ----
 
Library  C:\Users\Mihkel\AppData\Local\Temp\{8F717995-33E0-46CC-A6DC-DCB9A9D92E0C}\{57E53C53-E9E8-40B6-9431-430E1EE4A3A2}.exe (*** suspicious ***) @ C:\Users\Mihkel\AppData\Local\Temp\{8F717995-33E0-46CC-A6DC-DCB9A9D92E0C}\{57E53C53-E9E8-40B6-9431-430E1EE4A3A2}.exe [2092]  0000000000af0000
Library  C:\Users\Mihkel\AppData\Local\Temp\{BAEBBAC6-6BC4-4EBA-96E0-979CCF4E9D1B}\{8AEB903C-00C4-4A76-A9BC-0420019CA36C}.tmp (*** suspicious ***) @ C:\Users\Mihkel\AppData\Local\Temp\{8F717995-33E0-46CC-A6DC-DCB9A9D92E0C}\{57E53C53-E9E8-40B6-9431-430E1EE4A3A2}.exe [2092]  000000005e480000
Library  C:\Users\Mihkel\AppData\Local\Temp\{BAEBBAC6-6BC4-4EBA-96E0-979CCF4E9D1B}\{EC28C6E7-8DC3-4200-9CE3-05285C758615}.tmp (*** suspicious ***) @ C:\Users\Mihkel\AppData\Local\Temp\{8F717995-33E0-46CC-A6DC-DCB9A9D92E0C}\{57E53C53-E9E8-40B6-9431-430E1EE4A3A2}.exe [2092]  0000000064420000
Library  C:\Users\Mihkel\AppData\Local\Temp\{BAEBBAC6-6BC4-4EBA-96E0-979CCF4E9D1B}\{584CBC86-B5CC-4512-B8F9-7595156B6453}.tmp (*** suspicious ***) @ C:\Users\Mihkel\AppData\Local\Temp\{8F717995-33E0-46CC-A6DC-DCB9A9D92E0C}\{57E53C53-E9E8-40B6-9431-430E1EE4A3A2}.exe [2092]  0000000062f60000
Library  C:\Users\Mihkel\AppData\Local\Temp\{BAEBBAC6-6BC4-4EBA-96E0-979CCF4E9D1B}\{B6B307B5-C8BD-4A58-805C-0D069B8BC740}.tmp (*** suspicious ***) @ C:\Users\Mihkel\AppData\Local\Temp\{8F717995-33E0-46CC-A6DC-DCB9A9D92E0C}\{57E53C53-E9E8-40B6-9431-430E1EE4A3A2}.exe [2092]  0000000062a20000
Library  C:\Users\Mihkel\AppData\Local\Temp\{BAEBBAC6-6BC4-4EBA-96E0-979CCF4E9D1B}\{70FCB0E1-6792-46E7-A57D-65D3730271D2}.tmp (*** suspicious ***) @ C:\Users\Mihkel\AppData\Local\Temp\{8F717995-33E0-46CC-A6DC-DCB9A9D92E0C}\{57E53C53-E9E8-40B6-9431-430E1EE4A3A2}.exe [2092]  000000005e3e0000
Library  C:\Users\Mihkel\AppData\Local\Temp\{BAEBBAC6-6BC4-4EBA-96E0-979CCF4E9D1B}\{FA24E91A-51C5-4F87-83B8-67CB479601CA}.tmp (*** suspicious ***) @ C:\Users\Mihkel\AppData\Local\Temp\{8F717995-33E0-46CC-A6DC-DCB9A9D92E0C}\{57E53C53-E9E8-40B6-9431-430E1EE4A3A2}.exe [2092]  000000005e380000
Library  C:\Users\Mihkel\AppData\Local\Temp\{BAEBBAC6-6BC4-4EBA-96E0-979CCF4E9D1B}\{AD6797EF-4195-4E62-94B4-65DE65EA6C9A}.tmp (*** suspicious ***) @ C:\Users\Mihkel\AppData\Local\Temp\{8F717995-33E0-46CC-A6DC-DCB9A9D92E0C}\{57E53C53-E9E8-40B6-9431-430E1EE4A3A2}.exe [2092]  000000005ec70000
Library  C:\Users\Mihkel\AppData\Local\Temp\{BAEBBAC6-6BC4-4EBA-96E0-979CCF4E9D1B}\{8062DA23-6C70-4EEB-BAA1-902157EA8214}.tmp (*** suspicious ***) @ C:\Users\Mihkel\AppData\Local\Temp\{8F717995-33E0-46CC-A6DC-DCB9A9D92E0C}\{57E53C53-E9E8-40B6-9431-430E1EE4A3A2}.exe [2092]  000000005e2d0000
Library  C:\Users\Mihkel\AppData\Local\Temp\{BAEBBAC6-6BC4-4EBA-96E0-979CCF4E9D1B}\{260DD9FC-306F-4E90-8C00-05D48AFC5DCF}.tmp (*** suspicious ***) @ C:\Users\Mihkel\AppData\Local\Temp\{8F717995-33E0-46CC-A6DC-DCB9A9D92E0C}\{57E53C53-E9E8-40B6-9431-430E1EE4A3A2}.exe [2092]  000000005e260000
Library  C:\Users\Mihkel\AppData\Local\Temp\{BAEBBAC6-6BC4-4EBA-96E0-979CCF4E9D1B}\{8A4CDA25-0B4D-4D09-A07B-255A1667B647}.tmp (*** suspicious ***) @ C:\Users\Mihkel\AppData\Local\Temp\{8F717995-33E0-46CC-A6DC-DCB9A9D92E0C}\{57E53C53-E9E8-40B6-9431-430E1EE4A3A2}.exe [2092]  000000005e210000
 
---- Registry - GMER 2.2 ----
 
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed                                                                                                                                                                                        1210672156
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002683188f63                                                                                                                                                                                              
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings                                                                                                                                                                                                
Reg      HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated                                                                                                                                                                                      0xA8 0x73 0x27 0xD1 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh                                                                                                                                                                                           0xA8 0xDB 0xEB 0x32 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow                                                                                                                                                                                            0xA8 0x0B 0x63 0x6F ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeTickCount                                                                                                                                                                                      0xEC 0xB1 0x49 0x1E ...
 
---- EOF - GMER 2.2 ----
 
 
 
RogueKiller V12.5.2.0 (x64) [Aug 29 2016] (Premium) by Adlice Software
 
Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Mihkel [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 08/29/2016 18:01:05 (Duration : 00:20:27)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD20EFRX-68EUZN0 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 1907600 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: SAMSUNG HD103SJ +++++
--- User ---
[MBR] 5c49b7512d78f1cc61bed70541f15f2b
[BSP] 2840171779d675b978c093b5a0395ebf : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 952967 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1951678464 | Size: 450 MB
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1952600064 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
 
 
 
19:59:21.0019 0x0914  TDSS rootkit removing tool 3.1.0.11 Aug  5 2016 12:13:31
19:59:23.0532 0x0914  ============================================================
19:59:23.0532 0x0914  Current date / time: 2016/08/23 19:59:23.0532
19:59:23.0532 0x0914  SystemInfo:
19:59:23.0532 0x0914  
19:59:23.0532 0x0914  OS Version: 10.0.10586 ServicePack: 0.0
19:59:23.0532 0x0914  Product type: Workstation
19:59:23.0532 0x0914  ComputerName: MIKUPC
19:59:23.0533 0x0914  UserName: Mihkel
19:59:23.0533 0x0914  Windows directory: C:\WINDOWS
19:59:23.0533 0x0914  System windows directory: C:\WINDOWS
19:59:23.0533 0x0914  Running under WOW64
19:59:23.0533 0x0914  Processor architecture: Intel x64
19:59:23.0533 0x0914  Number of processors: 8
19:59:23.0533 0x0914  Page size: 0x1000
19:59:23.0533 0x0914  Boot type: Normal boot
19:59:23.0533 0x0914  CodeIntegrityOptions = 0x00000001
19:59:23.0533 0x0914  ============================================================
19:59:24.0332 0x0914  KLMD registered as C:\WINDOWS\system32\drivers\80014288.sys
19:59:24.0332 0x0914  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 10586.545, osProperties = 0x19
19:59:25.0939 0x0914  System UUID: {E695C0E8-C36B-A2A4-1FED-11F5CF3EA728}
19:59:26.0443 0x0914  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:59:26.0459 0x0914  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:59:26.0459 0x0914  ============================================================
19:59:26.0459 0x0914  \Device\Harddisk0\DR0:
19:59:26.0459 0x0914  GPT partitions:
19:59:26.0459 0x0914  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {1002FC75-CD62-48C3-AF1B-2CD2AEACFF29}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
19:59:26.0459 0x0914  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {5C8C6570-CE22-43FB-BD3F-A1B8CEAE3553}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0xE8DC8000
19:59:26.0459 0x0914  MBR partitions:
19:59:26.0459 0x0914  \Device\Harddisk1\DR1:
19:59:26.0459 0x0914  MBR partitions:
19:59:26.0459 0x0914  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74543800
19:59:26.0459 0x0914  ============================================================
19:59:26.0521 0x0914  C: <-> \Device\Harddisk1\DR1\Partition1
19:59:26.0553 0x0914  D: <-> \Device\Harddisk0\DR0\Partition2
19:59:26.0553 0x0914  ============================================================
19:59:26.0553 0x0914  Initialize success
19:59:26.0553 0x0914  ============================================================
19:59:30.0823 0x1c60  ============================================================
19:59:30.0823 0x1c60  Scan started
19:59:30.0823 0x1c60  Mode: Manual; 
19:59:30.0823 0x1c60  ============================================================
19:59:30.0823 0x1c60  KSN ping started
19:59:30.0839 0x1c60  KSN ping finished: false
19:59:37.0905 0x1c60  ================ Scan system memory ========================
19:59:37.0905 0x1c60  System memory - ok
19:59:37.0905 0x1c60  ================ Scan services =============================
19:59:38.0187 0x1c60  1394ohci - ok
19:59:38.0187 0x1c60  3ware - ok
19:59:38.0218 0x1c60  ACPI - ok
19:59:38.0233 0x1c60  acpiex - ok
19:59:38.0233 0x1c60  acpipagr - ok
19:59:38.0280 0x1c60  AcpiPmi - ok
19:59:38.0280 0x1c60  acpitime - ok
19:59:38.0296 0x1c60  ADP80XX - ok
19:59:38.0296 0x1c60  AFD - ok
19:59:38.0296 0x1c60  agp440 - ok
19:59:38.0296 0x1c60  ahcache - ok
19:59:38.0327 0x1c60  AJRouter - ok
19:59:38.0327 0x1c60  ALG - ok
19:59:38.0327 0x1c60  AmdK8 - ok
19:59:38.0343 0x1c60  AmdPPM - ok
19:59:38.0343 0x1c60  amdsata - ok
19:59:38.0343 0x1c60  amdsbs - ok
19:59:38.0343 0x1c60  amdxata - ok
19:59:38.0358 0x1c60  AppID - ok
19:59:38.0358 0x1c60  AppIDSvc - ok
19:59:38.0358 0x1c60  Appinfo - ok
19:59:38.0358 0x1c60  AppMgmt - ok
19:59:38.0390 0x1c60  AppReadiness - ok
19:59:38.0405 0x1c60  AppXSvc - ok
19:59:38.0405 0x1c60  arcsas - ok
19:59:38.0405 0x1c60  AsyncMac - ok
19:59:38.0405 0x1c60  atapi - ok
19:59:38.0437 0x1c60  [ 4ECC791539F23982411864037D1AC8FC, 063CBA00E453B5FF3CDFDFB5FA2E6A190A0DC3D399EC36F646262BE76F98A60C ] AthDfu          C:\WINDOWS\System32\Drivers\AthDfu.sys
19:59:38.0437 0x1c60  AthDfu - ok
19:59:38.0483 0x1c60  [ 4562542F6F1D27A4B71CC1B824D45A61, 5ACA1818BB8A8906D9523F63641B5D2E7F203614F623D31BF3D8138C23ABF579 ] atrfiltr        C:\WINDOWS\system32\DRIVERS\atrfiltr.sys
19:59:38.0483 0x1c60  atrfiltr - ok
19:59:38.0483 0x1c60  AudioEndpointBuilder - ok
19:59:38.0515 0x1c60  Audiosrv - ok
19:59:38.0515 0x1c60  AxInstSV - ok
19:59:38.0515 0x1c60  b06bdrv - ok
19:59:38.0562 0x1c60  BasicDisplay - ok
19:59:38.0562 0x1c60  BasicRender - ok
19:59:38.0562 0x1c60  bcmfn - ok
19:59:38.0562 0x1c60  bcmfn2 - ok
19:59:38.0562 0x1c60  BDESVC - ok
19:59:38.0577 0x1c60  Beep - ok
19:59:38.0577 0x1c60  BFE - ok
19:59:38.0577 0x1c60  BITS - ok
19:59:38.0577 0x1c60  bowser - ok
19:59:38.0593 0x1c60  BrokerInfrastructure - ok
19:59:38.0593 0x1c60  Browser - ok
19:59:38.0702 0x1c60  [ 239A81CC18170F3369D389DA65E74342, 5E26976176A6651B149784B1ED86ECCA133B7755EBB8B04361A8DDB705767AA3 ] BtFilter        C:\WINDOWS\system32\DRIVERS\btfilter.sys
19:59:38.0718 0x1c60  BtFilter - ok
19:59:38.0749 0x1c60  BthAvrcpTg - ok
19:59:38.0780 0x1c60  BthEnum - ok
19:59:38.0780 0x1c60  BthHFEnum - ok
19:59:38.0796 0x1c60  bthhfhid - ok
19:59:38.0796 0x1c60  BthHFSrv - ok
19:59:38.0812 0x1c60  BTHMODEM - ok
19:59:38.0843 0x1c60  BthPan - ok
19:59:38.0874 0x1c60  BTHPORT - ok
19:59:38.0921 0x1c60  bthserv - ok
19:59:38.0937 0x1c60  BTHUSB - ok
19:59:38.0937 0x1c60  buttonconverter - ok
19:59:38.0937 0x1c60  CapImg - ok
19:59:38.0952 0x1c60  cdfs - ok
19:59:38.0952 0x1c60  CDPSvc - ok
19:59:38.0952 0x1c60  cdrom - ok
19:59:38.0968 0x1c60  CertPropSvc - ok
19:59:38.0968 0x1c60  circlass - ok
19:59:38.0968 0x1c60  CLFS - ok
19:59:39.0312 0x1c60  [ F6541F3D7FAF912F52AAE4398757084E, 1C573949C115B0A371236B791BB748FFFC4E7B12CA4D4ACD23110AF6082625FA ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
19:59:39.0343 0x1c60  ClickToRunSvc - ok
19:59:39.0358 0x1c60  ClipSVC - ok
19:59:39.0374 0x1c60  CmBatt - ok
19:59:39.0374 0x1c60  CNG - ok
19:59:39.0374 0x1c60  cnghwassist - ok
19:59:39.0437 0x1c60  CompositeBus - ok
19:59:39.0437 0x1c60  COMSysApp - ok
19:59:39.0437 0x1c60  condrv - ok
19:59:39.0468 0x1c60  CoreMessagingRegistrar - ok
19:59:39.0504 0x1c60  CryptSvc - ok
19:59:39.0504 0x1c60  CSC - ok
19:59:39.0504 0x1c60  CscService - ok
19:59:39.0597 0x1c60  [ 36BFFFA4D9B136098C5B300E2E345090, 838D80E151CC9FC4ACF5A15F9355472134AF141D2FFAC095A25DE8B6E3093199 ] cxbu0x64        C:\WINDOWS\system32\DRIVERS\cxbu0x64.sys
19:59:39.0597 0x1c60  cxbu0x64 - ok
19:59:39.0597 0x1c60  dam - ok
19:59:39.0613 0x1c60  DcomLaunch - ok
19:59:39.0629 0x1c60  DcpSvc - ok
19:59:39.0644 0x1c60  defragsvc - ok
19:59:39.0644 0x1c60  DeviceAssociationService - ok
19:59:39.0644 0x1c60  DeviceInstall - ok
19:59:39.0660 0x1c60  DevQueryBroker - ok
19:59:39.0660 0x1c60  Dfsc - ok
19:59:39.0660 0x1c60  Dhcp - ok
19:59:39.0754 0x1c60  diagnosticshub.standardcollector.service - ok
19:59:39.0754 0x1c60  DiagTrack - ok
19:59:39.0754 0x1c60  disk - ok
19:59:39.0800 0x1c60  DmEnrollmentSvc - ok
19:59:39.0800 0x1c60  dmvsc - ok
19:59:39.0800 0x1c60  dmwappushservice - ok
19:59:39.0832 0x1c60  Dnscache - ok
19:59:39.0847 0x1c60  dot3svc - ok
19:59:39.0847 0x1c60  DPS - ok
19:59:39.0863 0x1c60  drmkaud - ok
19:59:39.0863 0x1c60  DsmSvc - ok
19:59:39.0863 0x1c60  DsSvc - ok
19:59:39.0863 0x1c60  DXGKrnl - ok
19:59:39.0863 0x1c60  e1iexpress - ok
19:59:39.0863 0x1c60  Eaphost - ok
19:59:39.0879 0x1c60  ebdrv - ok
19:59:39.0879 0x1c60  EFS - ok
19:59:39.0879 0x1c60  EhStorClass - ok
19:59:39.0894 0x1c60  EhStorTcgDrv - ok
19:59:39.0941 0x1c60  embeddedmode - ok
19:59:39.0941 0x1c60  EntAppSvc - ok
19:59:39.0941 0x1c60  ErrDev - ok
19:59:39.0972 0x1c60  EventSystem - ok
19:59:39.0972 0x1c60  exfat - ok
19:59:39.0988 0x1c60  fastfat - ok
19:59:40.0004 0x1c60  Fax - ok
19:59:40.0004 0x1c60  fdc - ok
19:59:40.0004 0x1c60  fdPHost - ok
19:59:40.0004 0x1c60  FDResPub - ok
19:59:40.0019 0x1c60  fhsvc - ok
19:59:40.0051 0x1c60  FileCrypt - ok
19:59:40.0051 0x1c60  FileInfo - ok
19:59:40.0051 0x1c60  Filetrace - ok
19:59:40.0051 0x1c60  flpydisk - ok
19:59:40.0066 0x1c60  FltMgr - ok
19:59:40.0066 0x1c60  FontCache - ok
19:59:40.0207 0x1c60  FontCache3.0.0.0 - ok
19:59:40.0207 0x1c60  FsDepends - ok
19:59:40.0207 0x1c60  Fs_Rec - ok
19:59:40.0222 0x1c60  fvevol - ok
19:59:40.0222 0x1c60  gagp30kx - ok
19:59:40.0254 0x1c60  gencounter - ok
19:59:40.0269 0x1c60  genericusbfn - ok
19:59:40.0394 0x1c60  [ 154651F84794535631970749476B53E6, 62D94A36133EB1E1E403159619362E77B34BBE55282A6EE53E503E6DF6A9839E ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
19:59:40.0410 0x1c60  GfExperienceService - ok
19:59:40.0441 0x1c60  GPIOClx0101 - ok
19:59:40.0441 0x1c60  gpsvc - ok
19:59:40.0457 0x1c60  GpuEnergyDrv - ok
19:59:40.0566 0x1c60  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:59:40.0582 0x1c60  gupdate - ok
19:59:40.0582 0x1c60  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:59:40.0597 0x1c60  gupdatem - ok
19:59:40.0597 0x1c60  HdAudAddService - ok
19:59:40.0597 0x1c60  HDAudBus - ok
19:59:40.0597 0x1c60  HidBatt - ok
19:59:40.0613 0x1c60  HidBth - ok
19:59:40.0613 0x1c60  hidi2c - ok
19:59:40.0613 0x1c60  hidinterrupt - ok
19:59:40.0613 0x1c60  HidIr - ok
19:59:40.0660 0x1c60  [ 436646F307122622978338DE503FCB13, F9FC507740D3CF7DE5FC1F15F8CDA6D157AB9217284ECDB6F79D7DDA131D06B8 ] hidkmdf         C:\WINDOWS\System32\drivers\hidkmdf.sys
19:59:40.0660 0x1c60  hidkmdf - ok
19:59:40.0660 0x1c60  hidserv - ok
19:59:40.0691 0x1c60  HidUsb - ok
19:59:40.0722 0x1c60  HomeGroupListener - ok
19:59:40.0738 0x1c60  HomeGroupProvider - ok
19:59:40.0738 0x1c60  HpSAMD - ok
19:59:40.0754 0x1c60  HTTP - ok
19:59:40.0754 0x1c60  hwpolicy - ok
19:59:40.0754 0x1c60  hyperkbd - ok
19:59:40.0801 0x1c60  HyperVideo - ok
19:59:40.0801 0x1c60  i8042prt - ok
19:59:40.0816 0x1c60  iai2c - ok
19:59:40.0816 0x1c60  iaLPSS2i_I2C - ok
19:59:40.0816 0x1c60  iaLPSSi_GPIO - ok
19:59:40.0816 0x1c60  iaLPSSi_I2C - ok
19:59:40.0832 0x1c60  iaStorAV - ok
19:59:40.0832 0x1c60  iaStorV - ok
19:59:40.0847 0x1c60  ibbus - ok
19:59:40.0847 0x1c60  icssvc - ok
19:59:40.0847 0x1c60  IEEtwCollectorService - ok
19:59:40.0879 0x1c60  IKEEXT - ok
19:59:40.0879 0x1c60  intelide - ok
19:59:40.0879 0x1c60  intelpep - ok
19:59:40.0879 0x1c60  intelppm - ok
19:59:40.0879 0x1c60  IoQos - ok
19:59:40.0894 0x1c60  IpFilterDriver - ok
19:59:40.0894 0x1c60  iphlpsvc - ok
19:59:40.0894 0x1c60  IPMIDRV - ok
19:59:40.0894 0x1c60  IPNAT - ok
19:59:40.0894 0x1c60  IRENUM - ok
19:59:40.0894 0x1c60  isapnp - ok
19:59:40.0894 0x1c60  iScsiPrt - ok
19:59:40.0910 0x1c60  kbdclass - ok
19:59:40.0910 0x1c60  kbdhid - ok
19:59:40.0910 0x1c60  kdnic - ok
19:59:40.0910 0x1c60  KeyIso - ok
19:59:40.0910 0x1c60  KSecDD - ok
19:59:40.0910 0x1c60  KSecPkg - ok
19:59:40.0910 0x1c60  ksthunk - ok
19:59:40.0941 0x1c60  KtmRm - ok
19:59:40.0941 0x1c60  LanmanServer - ok
19:59:40.0941 0x1c60  LanmanWorkstation - ok
19:59:41.0176 0x1c60  lfsvc - ok
19:59:41.0176 0x1c60  LicenseManager - ok
19:59:41.0176 0x1c60  lltdio - ok
19:59:41.0191 0x1c60  lltdsvc - ok
19:59:41.0191 0x1c60  lmhosts - ok
19:59:41.0191 0x1c60  LSI_SAS - ok
19:59:41.0207 0x1c60  LSI_SAS2i - ok
19:59:41.0207 0x1c60  LSI_SAS3i - ok
19:59:41.0207 0x1c60  LSI_SSS - ok
19:59:41.0207 0x1c60  LSM - ok
19:59:41.0207 0x1c60  luafv - ok
19:59:41.0207 0x1c60  MapsBroker - ok
19:59:41.0207 0x1c60  megasas - ok
19:59:41.0207 0x1c60  megasr - ok
19:59:41.0238 0x1c60  [ 9732602297242FFFBA9D9ED0290442F0, 27848E3497AEC52CCC36684E7CC3B8FDFF66EC4947DABF64F57ED5D4E988D9B7 ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
19:59:41.0238 0x1c60  MEIx64 - ok
19:59:41.0254 0x1c60  MessagingService - ok
19:59:41.0347 0x1c60  mlx4_bus - ok
19:59:41.0347 0x1c60  MMCSS - ok
19:59:41.0347 0x1c60  Modem - ok
19:59:41.0363 0x1c60  monitor - ok
19:59:41.0363 0x1c60  mouclass - ok
19:59:41.0363 0x1c60  mouhid - ok
19:59:41.0379 0x1c60  mountmgr - ok
19:59:41.0379 0x1c60  mpsdrv - ok
19:59:41.0379 0x1c60  MpsSvc - ok
19:59:41.0394 0x1c60  MRxDAV - ok
19:59:41.0394 0x1c60  mrxsmb - ok
19:59:41.0410 0x1c60  mrxsmb10 - ok
19:59:41.0410 0x1c60  mrxsmb20 - ok
19:59:41.0410 0x1c60  MsBridge - ok
19:59:41.0426 0x1c60  MSDTC - ok
19:59:41.0426 0x1c60  Msfs - ok
19:59:41.0441 0x1c60  msgpiowin32 - ok
19:59:41.0441 0x1c60  mshidkmdf - ok
19:59:41.0441 0x1c60  mshidumdf - ok
19:59:41.0441 0x1c60  msisadrv - ok
19:59:41.0457 0x1c60  MSiSCSI - ok
19:59:41.0457 0x1c60  msiserver - ok
19:59:41.0457 0x1c60  MSKSSRV - ok
19:59:41.0473 0x1c60  MsLldp - ok
19:59:41.0473 0x1c60  MSPCLOCK - ok
19:59:41.0473 0x1c60  MSPQM - ok
19:59:41.0473 0x1c60  MsRPC - ok
19:59:41.0473 0x1c60  mssmbios - ok
19:59:41.0473 0x1c60  MSTEE - ok
19:59:41.0473 0x1c60  MTConfig - ok
19:59:41.0488 0x1c60  Mup - ok
19:59:41.0488 0x1c60  mvumis - ok
19:59:41.0488 0x1c60  NativeWifiP - ok
19:59:41.0488 0x1c60  NcaSvc - ok
19:59:41.0488 0x1c60  NcbService - ok
19:59:41.0488 0x1c60  NcdAutoSetup - ok
19:59:41.0488 0x1c60  ndfltr - ok
19:59:41.0504 0x1c60  NDIS - ok
19:59:41.0504 0x1c60  NdisCap - ok
19:59:41.0504 0x1c60  NdisImPlatform - ok
19:59:41.0504 0x1c60  NdisTapi - ok
19:59:41.0504 0x1c60  Ndisuio - ok
19:59:41.0504 0x1c60  NdisVirtualBus - ok
19:59:41.0504 0x1c60  NdisWan - ok
19:59:41.0519 0x1c60  ndiswanlegacy - ok
19:59:41.0519 0x1c60  ndproxy - ok
19:59:41.0519 0x1c60  Ndu - ok
19:59:41.0519 0x1c60  NetBIOS - ok
19:59:41.0519 0x1c60  NetBT - ok
19:59:41.0519 0x1c60  Netlogon - ok
19:59:41.0519 0x1c60  Netman - ok
19:59:41.0535 0x1c60  netprofm - ok
19:59:41.0535 0x1c60  NetSetupSvc - ok
19:59:41.0566 0x1c60  NetTcpPortSharing - ok
19:59:41.0566 0x1c60  netvsc - ok
19:59:41.0816 0x1c60  NgcCtnrSvc - ok
19:59:41.0816 0x1c60  NgcSvc - ok
19:59:41.0816 0x1c60  NlaSvc - ok
19:59:41.0832 0x1c60  Npfs - ok
19:59:41.0832 0x1c60  npsvctrig - ok
19:59:41.0832 0x1c60  nsi - ok
19:59:41.0832 0x1c60  nsiproxy - ok
19:59:41.0848 0x1c60  NTFS - ok
19:59:41.0848 0x1c60  Null - ok
19:59:41.0891 0x1c60  [ 1F346E981A76BA8B98540B3481C1D659, 701F49AD67AD23A5B935F8A2A8A64CBEC194368889FE8CF09EEE44192D25E3E3 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
19:59:41.0907 0x1c60  NVHDA - ok
19:59:42.0297 0x1c60  [ 931D4A31CCF9C9C2D3C0DB1A64A06590, 54B0EE326451BE1892E4DEF17AFBF21F20DE7E00CDBBB3F5F81C3D5B02CC15E8 ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
19:59:42.0454 0x1c60  nvlddmkm - ok
19:59:42.0860 0x1c60  [ D2D76544A26DB7819CBDFC1F4A995B65, 528B529C21B2B9E580F15781918B302378CFAA1111F347ADE40476C484C2FA66 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
19:59:42.0891 0x1c60  NvNetworkService - ok
19:59:42.0891 0x1c60  nvraid - ok
19:59:42.0891 0x1c60  nvstor - ok
19:59:42.0954 0x1c60  [ 86893B821E35433759EBD7D21B56B42E, 4979D7F4B41AEA1CF693076D9574CE44ABE8F2584C7383510CB95EF324E70553 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
19:59:42.0954 0x1c60  NvStreamKms - ok
19:59:43.0063 0x1c60  [ 6917C4B6633B3F0BFAC3DB20011126A8, EE91CCA7453F749258B9EB884D4FDD4BFC32119EB69DD62D9961642233805522 ] NvStreamNetworkSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
19:59:43.0141 0x1c60  NvStreamNetworkSvc - ok
19:59:43.0313 0x1c60  [ 871DF38D1C791031988AC1932D6499FF, BCE58D69BB0D785787BA684F75F75D2F23E65037CAD6A70DBA5B91508DD90256 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
19:59:43.0360 0x1c60  NvStreamSvc - ok
19:59:43.0469 0x1c60  [ AEDA2633444029C9A3E879BD685F8B9C, CA11A737C91CF117AAAB8BBBDD1F59E4EAD5CEE5AECEA8E2DDC07FDC713BB425 ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
19:59:43.0485 0x1c60  nvsvc - ok
19:59:43.0532 0x1c60  [ 0BAF8B3DF77EFF04CC0BEA5F2C3657F9, 8E7A542E20416835F31B8648B5724446A78609C0ACC26FCC20E885CF83BE9CB2 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
19:59:43.0532 0x1c60  nvvad_WaveExtensible - ok
19:59:43.0547 0x1c60  nv_agp - ok
19:59:43.0594 0x1c60  OneSyncSvc - ok
19:59:43.0891 0x1c60  [ 8C02B0CC65BEE71124A565062BA77B39, C3B4965D62995195A776581BA0750FA72833F4E2E1F8F9DC683F562C13A9E20C ] OpenVPNAccessClient C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
19:59:43.0907 0x1c60  OpenVPNAccessClient - ok
19:59:44.0016 0x1c60  [ E6D14F57D20E1C70482BA3ABAC367E4B, 9C0C5337F38EBC446FBC968098C55DF7FF101CF2291FD3A98EC7055F36964BC8 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:59:44.0032 0x1c60  ose - ok
19:59:44.0047 0x1c60  p2pimsvc - ok
19:59:44.0047 0x1c60  p2psvc - ok
19:59:44.0063 0x1c60  Parport - ok
19:59:44.0110 0x1c60  partmgr - ok
19:59:44.0110 0x1c60  PcaSvc - ok
19:59:44.0125 0x1c60  pci - ok
19:59:44.0125 0x1c60  pciide - ok
19:59:44.0141 0x1c60  pcmcia - ok
19:59:44.0141 0x1c60  pcw - ok
19:59:44.0141 0x1c60  pdc - ok
19:59:44.0157 0x1c60  PEAUTH - ok
19:59:44.0172 0x1c60  PeerDistSvc - ok
19:59:44.0188 0x1c60  percsas2i - ok
19:59:44.0188 0x1c60  percsas3i - ok
19:59:44.0282 0x1c60  PerfHost - ok
19:59:44.0297 0x1c60  PhoneSvc - ok
19:59:44.0313 0x1c60  PimIndexMaintenanceSvc - ok
19:59:44.0329 0x1c60  pla - ok
19:59:44.0344 0x1c60  PlugPlay - ok
19:59:44.0344 0x1c60  PNRPAutoReg - ok
19:59:44.0344 0x1c60  PNRPsvc - ok
19:59:44.0344 0x1c60  PolicyAgent - ok
19:59:44.0344 0x1c60  Power - ok
19:59:44.0360 0x1c60  PptpMiniport - ok
19:59:44.0532 0x1c60  [ C9908063F90F5541098BF19EA63E1327, AA6B5E4D01CD8061D5953FDE3025FE4AF01B265C182B8818107A035E4FFAD0DF ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
19:59:44.0735 0x1c60  PrintNotify - ok
19:59:44.0751 0x1c60  Processor - ok
19:59:44.0766 0x1c60  ProfSvc - ok
19:59:44.0766 0x1c60  Psched - ok
19:59:44.0766 0x1c60  QWAVE - ok
19:59:44.0782 0x1c60  QWAVEdrv - ok
19:59:44.0782 0x1c60  RasAcd - ok
19:59:44.0829 0x1c60  RasAgileVpn - ok
19:59:44.0844 0x1c60  RasAuto - ok
19:59:44.0860 0x1c60  Rasl2tp - ok
19:59:44.0860 0x1c60  RasMan - ok
19:59:44.0860 0x1c60  RasPppoe - ok
19:59:44.0876 0x1c60  RasSstp - ok
19:59:44.0907 0x1c60  rdbss - ok
19:59:44.0907 0x1c60  rdpbus - ok
19:59:44.0922 0x1c60  RDPDR - ok
19:59:44.0954 0x1c60  RdpVideoMiniport - ok
19:59:44.0954 0x1c60  rdyboost - ok
19:59:44.0969 0x1c60  ReFSv1 - ok
19:59:44.0969 0x1c60  RemoteAccess - ok
19:59:44.0985 0x1c60  RemoteRegistry - ok
19:59:45.0001 0x1c60  RetailDemo - ok
19:59:45.0016 0x1c60  RFCOMM - ok
19:59:45.0016 0x1c60  RpcEptMapper - ok
19:59:45.0032 0x1c60  RpcLocator - ok
19:59:45.0032 0x1c60  RpcSs - ok
19:59:45.0047 0x1c60  rspndr - ok
19:59:45.0047 0x1c60  rt640x64 - ok
19:59:45.0063 0x1c60  s3cap - ok
19:59:45.0063 0x1c60  SamSs - ok
19:59:45.0063 0x1c60  sbp2port - ok
19:59:45.0079 0x1c60  SCardSvr - ok
19:59:45.0079 0x1c60  ScDeviceEnum - ok
19:59:45.0079 0x1c60  scfilter - ok
19:59:45.0079 0x1c60  Schedule - ok
19:59:45.0094 0x1c60  SCPolicySvc - ok
19:59:45.0126 0x1c60  sdbus - ok
19:59:45.0126 0x1c60  SDRSVC - ok
19:59:45.0126 0x1c60  sdstor - ok
19:59:45.0141 0x1c60  seclogon - ok
19:59:45.0141 0x1c60  SENS - ok
19:59:45.0141 0x1c60  SensorDataService - ok
19:59:45.0141 0x1c60  SensorService - ok
19:59:45.0141 0x1c60  SensrSvc - ok
19:59:45.0141 0x1c60  SerCx - ok
19:59:45.0141 0x1c60  SerCx2 - ok
19:59:45.0157 0x1c60  Serenum - ok
19:59:45.0188 0x1c60  Serial - ok
19:59:45.0188 0x1c60  sermouse - ok
19:59:45.0188 0x1c60  SessionEnv - ok
19:59:45.0188 0x1c60  sfloppy - ok
19:59:45.0204 0x1c60  SharedAccess - ok
19:59:45.0219 0x1c60  ShellHWDetection - ok
19:59:45.0219 0x1c60  SiSRaid2 - ok
19:59:45.0219 0x1c60  SiSRaid4 - ok
19:59:45.0297 0x1c60  [ 6749AD471D1D44CBD1F30257C861F77B, D5A554F35E380948F13BFE0673B49F8FD8AE5A438BF3645857522E2560A58685 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:59:45.0313 0x1c60  SkypeUpdate - ok
19:59:45.0329 0x1c60  smphost - ok
19:59:45.0329 0x1c60  SmsRouter - ok
19:59:45.0329 0x1c60  SNMPTRAP - ok
19:59:45.0329 0x1c60  spaceport - ok
19:59:45.0329 0x1c60  SpbCx - ok
19:59:45.0329 0x1c60  Spooler - ok
19:59:45.0344 0x1c60  sppsvc - ok
19:59:45.0344 0x1c60  srv - ok
19:59:45.0344 0x1c60  srv2 - ok
19:59:45.0344 0x1c60  srvnet - ok
19:59:45.0344 0x1c60  SSDPSRV - ok
19:59:45.0344 0x1c60  SstpSvc - ok
19:59:45.0360 0x1c60  StateRepository - ok
19:59:45.0454 0x1c60  [ 843F5E097F35534FBD18A84156E30687, BA446B8A3A2675D862BA841020BD651FDE8BBBF05BB6C0F8F483CCE0D5BF7C14 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:59:45.0469 0x1c60  Stereo Service - ok
19:59:45.0469 0x1c60  stexstor - ok
19:59:45.0485 0x1c60  stisvc - ok
19:59:45.0485 0x1c60  storahci - ok
19:59:45.0501 0x1c60  storflt - ok
19:59:45.0501 0x1c60  stornvme - ok
19:59:45.0501 0x1c60  storqosflt - ok
19:59:45.0516 0x1c60  StorSvc - ok
19:59:45.0516 0x1c60  storufs - ok
19:59:45.0516 0x1c60  storvsc - ok
19:59:45.0516 0x1c60  svsvc - ok
19:59:45.0516 0x1c60  swenum - ok
19:59:45.0532 0x1c60  swprv - ok
19:59:45.0579 0x1c60  Synth3dVsc - ok
19:59:45.0579 0x1c60  SysMain - ok
19:59:45.0594 0x1c60  SystemEventsBroker - ok
19:59:45.0610 0x1c60  TabletInputService - ok
19:59:45.0626 0x1c60  TapiSrv - ok
19:59:45.0657 0x1c60  [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD, 58F14DAA0EA21EA2F2A1D3D62C88BD8E5A0E0EF498B7B8D367BEEADE6A46843C ] tapoas          C:\WINDOWS\System32\drivers\tapoas.sys
19:59:45.0657 0x1c60  tapoas - ok
19:59:45.0657 0x1c60  Tcpip - ok
19:59:45.0657 0x1c60  Tcpip6 - ok
19:59:45.0672 0x1c60  tcpipreg - ok
19:59:45.0672 0x1c60  tdx - ok
19:59:45.0672 0x1c60  terminpt - ok
19:59:45.0688 0x1c60  TermService - ok
19:59:45.0688 0x1c60  Themes - ok
19:59:45.0688 0x1c60  TieringEngineService - ok
19:59:45.0735 0x1c60  tiledatamodelsvc - ok
19:59:45.0735 0x1c60  TimeBroker - ok
19:59:45.0735 0x1c60  TPM - ok
19:59:45.0735 0x1c60  TrkWks - ok
19:59:45.0766 0x1c60  [ 0D5A09B08568760AE85A801FCBC0F83D, 347ACBA74FDCBEAC671521739F8A34EC0E378CAF716C31F55616F9F843E4D0D3 ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
19:59:45.0766 0x1c60  TrueSight - ok
19:59:45.0813 0x1c60  TrustedInstaller - ok
19:59:45.0813 0x1c60  tsusbflt - ok
19:59:45.0829 0x1c60  TsUsbGD - ok
19:59:45.0829 0x1c60  tunnel - ok
19:59:45.0876 0x1c60  tzautoupdate - ok
19:59:45.0876 0x1c60  uagp35 - ok
19:59:45.0891 0x1c60  UASPStor - ok
19:59:45.0891 0x1c60  UcmCx0101 - ok
19:59:45.0907 0x1c60  UcmUcsi - ok
19:59:45.0907 0x1c60  Ucx01000 - ok
19:59:45.0907 0x1c60  UdeCx - ok
19:59:45.0907 0x1c60  udfs - ok
19:59:45.0907 0x1c60  UEFI - ok
19:59:45.0922 0x1c60  Ufx01000 - ok
19:59:45.0938 0x1c60  UfxChipidea - ok
19:59:45.0938 0x1c60  ufxsynopsys - ok
19:59:45.0938 0x1c60  UI0Detect - ok
19:59:45.0938 0x1c60  uliagpkx - ok
19:59:45.0954 0x1c60  umbus - ok
19:59:45.0954 0x1c60  UmPass - ok
19:59:45.0954 0x1c60  UmRdpService - ok
19:59:45.0954 0x1c60  UnistoreSvc - ok
19:59:45.0969 0x1c60  upnphost - ok
19:59:45.0969 0x1c60  UrsChipidea - ok
19:59:45.0969 0x1c60  UrsCx01000 - ok
19:59:45.0969 0x1c60  UrsSynopsys - ok
19:59:45.0969 0x1c60  usbccgp - ok
19:59:45.0969 0x1c60  usbcir - ok
19:59:45.0985 0x1c60  usbehci - ok
19:59:45.0985 0x1c60  usbhub - ok
19:59:45.0985 0x1c60  USBHUB3 - ok
19:59:45.0985 0x1c60  usbohci - ok
19:59:45.0985 0x1c60  usbprint - ok
19:59:46.0001 0x1c60  usbser - ok
19:59:46.0001 0x1c60  USBSTOR - ok
19:59:46.0001 0x1c60  usbuhci - ok
19:59:46.0001 0x1c60  USBXHCI - ok
19:59:46.0001 0x1c60  UserDataSvc - ok
19:59:46.0032 0x1c60  UserManager - ok
19:59:46.0047 0x1c60  UsoSvc - ok
19:59:46.0047 0x1c60  VaultSvc - ok
19:59:46.0047 0x1c60  vdrvroot - ok
19:59:46.0047 0x1c60  vds - ok
19:59:46.0047 0x1c60  VerifierExt - ok
19:59:46.0047 0x1c60  vhdmp - ok
19:59:46.0047 0x1c60  vhf - ok
19:59:46.0063 0x1c60  vmbus - ok
19:59:46.0063 0x1c60  VMBusHID - ok
19:59:46.0063 0x1c60  vmicguestinterface - ok
19:59:46.0063 0x1c60  vmicheartbeat - ok
19:59:46.0063 0x1c60  vmickvpexchange - ok
19:59:46.0079 0x1c60  vmicrdv - ok
19:59:46.0079 0x1c60  vmicshutdown - ok
19:59:46.0079 0x1c60  vmictimesync - ok
19:59:46.0079 0x1c60  vmicvmsession - ok
19:59:46.0079 0x1c60  vmicvss - ok
19:59:46.0079 0x1c60  volmgr - ok
19:59:46.0079 0x1c60  volmgrx - ok
19:59:46.0094 0x1c60  volsnap - ok
19:59:46.0094 0x1c60  vpci - ok
19:59:46.0094 0x1c60  vsmraid - ok
19:59:46.0094 0x1c60  VSS - ok
19:59:46.0094 0x1c60  VSTXRAID - ok
19:59:46.0094 0x1c60  vwifibus - ok
19:59:46.0094 0x1c60  vwififlt - ok
19:59:46.0094 0x1c60  W32Time - ok
19:59:46.0126 0x1c60  [ 8192518C03634C5AE9ABF327CBE162C6, D03597AD818B4448CB5ED87D6982A2601FA09B519D9D93EC44346E7CEF8BAC0B ] WacHidRouterPro C:\WINDOWS\System32\drivers\wachidrouter.sys
19:59:46.0126 0x1c60  WacHidRouterPro - ok
19:59:46.0141 0x1c60  WacomPen - ok
19:59:46.0157 0x1c60  [ 9964F4E598CC594A7397BEBDEDA2EAAD, D281AC4E0AEFA309B4754623EF8F281A833D136C243A498AD215166F2DF126DE ] wacomrouterfilter C:\WINDOWS\System32\drivers\wacomrouterfilter.sys
19:59:46.0157 0x1c60  wacomrouterfilter - ok
19:59:46.0172 0x1c60  WalletService - ok
19:59:46.0172 0x1c60  wanarp - ok
19:59:46.0172 0x1c60  wanarpv6 - ok
19:59:46.0188 0x1c60  wbengine - ok
19:59:46.0188 0x1c60  WbioSrvc - ok
19:59:46.0188 0x1c60  Wcmsvc - ok
19:59:46.0188 0x1c60  wcncsvc - ok
19:59:46.0204 0x1c60  WcsPlugInService - ok
19:59:46.0204 0x1c60  WdBoot - ok
19:59:46.0266 0x1c60  [ A556768CC1FA4F36022BEE2F0EDE2566, 3A4BC9DE614F43CD94FA354A565C66B2E1E36C0608D84C6288010B97B9D811AA ] WDC_SAM         C:\WINDOWS\System32\drivers\wdcsam64.sys
19:59:46.0266 0x1c60  WDC_SAM - ok
19:59:46.0282 0x1c60  Wdf01000 - ok
19:59:46.0282 0x1c60  WdFilter - ok
19:59:46.0282 0x1c60  WdiServiceHost - ok
19:59:46.0282 0x1c60  WdiSystemHost - ok
19:59:46.0297 0x1c60  wdiwifi - ok
19:59:46.0297 0x1c60  WdNisDrv - ok
19:59:46.0313 0x1c60  WdNisSvc - ok
19:59:46.0329 0x1c60  WebClient - ok
19:59:46.0329 0x1c60  Wecsvc - ok
19:59:46.0329 0x1c60  WEPHOSTSVC - ok
19:59:46.0391 0x1c60  wercplsupport - ok
19:59:46.0391 0x1c60  WerSvc - ok
19:59:46.0438 0x1c60  WFPLWFS - ok
19:59:46.0438 0x1c60  WiaRpc - ok
19:59:46.0438 0x1c60  WIMMount - ok
19:59:46.0438 0x1c60  WinDefend - ok
19:59:46.0454 0x1c60  WindowsTrustedRT - ok
19:59:46.0454 0x1c60  WindowsTrustedRTProxy - ok
19:59:46.0469 0x1c60  WinHttpAutoProxySvc - ok
19:59:46.0469 0x1c60  WinMad - ok
19:59:46.0532 0x1c60  Winmgmt - ok
19:59:46.0547 0x1c60  WinRM - ok
19:59:46.0547 0x1c60  WINUSB - ok
19:59:46.0547 0x1c60  WinVerbs - ok
19:59:46.0563 0x1c60  WlanSvc - ok
19:59:46.0563 0x1c60  wlidsvc - ok
19:59:46.0563 0x1c60  WmiAcpi - ok
19:59:46.0563 0x1c60  wmiApSrv - ok
19:59:46.0594 0x1c60  WMPNetworkSvc - ok
19:59:46.0641 0x1c60  [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
19:59:46.0641 0x1c60  Wof - ok
19:59:46.0657 0x1c60  workfolderssvc - ok
19:59:46.0657 0x1c60  wpcfltr - ok
19:59:46.0688 0x1c60  WPDBusEnum - ok
19:59:46.0688 0x1c60  WpdUpFltr - ok
19:59:46.0688 0x1c60  WpnService - ok
19:59:46.0704 0x1c60  ws2ifsl - ok
19:59:46.0704 0x1c60  wscsvc - ok
19:59:46.0704 0x1c60  WSearch - ok
19:59:46.0719 0x1c60  WSService - ok
19:59:46.0876 0x1c60  [ 62EB58FF4053ED8B89B4BA7A437BCF5B, B494E9F2399755298917360A2837E5E11F40220BBC64376F32814777CF083B92 ] WTabletServicePro C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
19:59:46.0891 0x1c60  WTabletServicePro - ok
19:59:46.0891 0x1c60  wuauserv - ok
19:59:46.0907 0x1c60  WudfPf - ok
19:59:46.0907 0x1c60  WUDFRd - ok
19:59:46.0922 0x1c60  wudfsvc - ok
19:59:46.0922 0x1c60  WUDFWpdFs - ok
19:59:46.0922 0x1c60  WUDFWpdMtp - ok
19:59:46.0922 0x1c60  WwanSvc - ok
19:59:46.0954 0x1c60  XblAuthManager - ok
19:59:46.0954 0x1c60  XblGameSave - ok
19:59:46.0954 0x1c60  xboxgip - ok
19:59:46.0954 0x1c60  XboxNetApiSvc - ok
19:59:46.0954 0x1c60  xinputhid - ok
19:59:46.0954 0x1c60  ================ Scan global ===============================
19:59:47.0063 0x1c60  [ Global ] - ok
19:59:47.0063 0x1c60  ================ Scan MBR ==================================
19:59:47.0063 0x1c60  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:59:47.0079 0x1c60  \Device\Harddisk0\DR0 - ok
19:59:47.0110 0x1c60  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:59:47.0344 0x1c60  \Device\Harddisk1\DR1 - ok
19:59:47.0344 0x1c60  ================ Scan VBR ==================================
19:59:47.0344 0x1c60  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition1
19:59:47.0344 0x1c60  \Device\Harddisk0\DR0\Partition1 - ok
19:59:47.0344 0x1c60  [ 70B8CEFC5BA6DC56F2C2058AC5EB4B2E ] \Device\Harddisk0\DR0\Partition2
19:59:47.0360 0x1c60  \Device\Harddisk0\DR0\Partition2 - ok
19:59:47.0360 0x1c60  [ 89AEF3B35B35C208170803E4AE0698A5 ] \Device\Harddisk1\DR1\Partition1
19:59:47.0360 0x1c60  \Device\Harddisk1\DR1\Partition1 - ok
19:59:47.0360 0x1c60  ================ Scan generic autorun ======================
19:59:47.0469 0x1c60  [ 8792B098E4B72A53ACC14FCD7DB4261A, B70273E2CCDB120C1B4F80E49DC7EFF574E2E0BB80E4B5C8D2383CD21DBBE34D ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
19:59:47.0501 0x1c60  NvBackend - ok
19:59:47.0516 0x1c60  ShadowPlay - ok
19:59:47.0688 0x1c60  [ A33833D1CB24AA28372CE0D43D4F5112, D1FDE1418094B29D680CAC4E1D9C67DF6880378552EDC9E52948F67D5CCFF805 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
19:59:47.0704 0x1c60  AdobeAAMUpdater-1.0 - ok
19:59:47.0797 0x1c60  OneDriveSetup - ok
19:59:47.0797 0x1c60  OneDriveSetup - ok
19:59:48.0080 0x1c60  [ 8F2EA5EE0695CCE2285D92C44108375C, 2C96A8E7E41E87C27B6A3325526F99A03333357EF2682C17A4892BE4A58D157E ] C:\Users\Mihkel\AppData\Local\Microsoft\OneDrive\OneDrive.exe
19:59:48.0173 0x1c60  OneDrive - ok
19:59:48.0220 0x1c60  Skype - ok
19:59:48.0220 0x1c60  BlueStacks Agent - ok
19:59:48.0236 0x1c60  Uninstall C:\Users\Mihkel\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64 - ok
19:59:48.0252 0x1c60  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.494 ), 0x61100 ( enabled : updated )
19:59:48.0252 0x1c60  Win FW state via NFP2: enabled ( trusted )
19:59:48.0267 0x1c60  ============================================================
19:59:48.0267 0x1c60  Scan finished
19:59:48.0267 0x1c60  ============================================================
19:59:48.0267 0x0370  Detected object count: 0
19:59:48.0267 0x0370  Actual detected object count: 0
20:00:25.0845 0x0a14  ============================================================
20:00:25.0845 0x0a14  Scan started
20:00:25.0845 0x0a14  Mode: Manual; SigCheck; TDLFS; 
20:00:25.0845 0x0a14  ============================================================
20:00:25.0845 0x0a14  KSN ping started
20:00:25.0845 0x0a14  KSN ping finished: false
20:00:26.0909 0x0a14  ================ Scan system memory ========================
20:00:26.0909 0x0a14  System memory - ok
20:00:26.0909 0x0a14  ================ Scan services =============================
20:00:27.0065 0x0a14  1394ohci - ok
20:00:27.0081 0x0a14  3ware - ok
20:00:27.0081 0x0a14  ACPI - ok
20:00:27.0097 0x0a14  acpiex - ok
20:00:27.0097 0x0a14  acpipagr - ok
20:00:27.0097 0x0a14  AcpiPmi - ok
20:00:27.0097 0x0a14  acpitime - ok
20:00:27.0112 0x0a14  ADP80XX - ok
20:00:27.0112 0x0a14  AFD - ok
20:00:27.0112 0x0a14  agp440 - ok
20:00:27.0128 0x0a14  ahcache - ok
20:00:27.0144 0x0a14  AJRouter - ok
20:00:27.0144 0x0a14  ALG - ok
20:00:27.0144 0x0a14  AmdK8 - ok
20:00:27.0159 0x0a14  AmdPPM - ok
20:00:27.0159 0x0a14  amdsata - ok
20:00:27.0159 0x0a14  amdsbs - ok
20:00:27.0159 0x0a14  amdxata - ok
20:00:27.0175 0x0a14  AppID - ok
20:00:27.0175 0x0a14  AppIDSvc - ok
20:00:27.0175 0x0a14  Appinfo - ok
20:00:27.0175 0x0a14  AppMgmt - ok
20:00:27.0190 0x0a14  AppReadiness - ok
20:00:27.0206 0x0a14  AppXSvc - ok
20:00:27.0206 0x0a14  arcsas - ok
20:00:27.0222 0x0a14  AsyncMac - ok
20:00:27.0222 0x0a14  atapi - ok
20:00:27.0269 0x0a14  [ 4ECC791539F23982411864037D1AC8FC, 063CBA00E453B5FF3CDFDFB5FA2E6A190A0DC3D399EC36F646262BE76F98A60C ] AthDfu          C:\WINDOWS\System32\Drivers\AthDfu.sys
20:00:27.0300 0x0a14  AthDfu - ok
20:00:27.0331 0x0a14  [ 4562542F6F1D27A4B71CC1B824D45A61, 5ACA1818BB8A8906D9523F63641B5D2E7F203614F623D31BF3D8138C23ABF579 ] atrfiltr        C:\WINDOWS\system32\DRIVERS\atrfiltr.sys
20:00:27.0347 0x0a14  atrfiltr - ok
20:00:27.0362 0x0a14  AudioEndpointBuilder - ok
20:00:27.0378 0x0a14  Audiosrv - ok
20:00:27.0378 0x0a14  AxInstSV - ok
20:00:27.0394 0x0a14  b06bdrv - ok
20:00:27.0394 0x0a14  BasicDisplay - ok
20:00:27.0394 0x0a14  BasicRender - ok
20:00:27.0409 0x0a14  bcmfn - ok
20:00:27.0409 0x0a14  bcmfn2 - ok
20:00:27.0425 0x0a14  BDESVC - ok
20:00:27.0425 0x0a14  Beep - ok
20:00:27.0425 0x0a14  BFE - ok
20:00:27.0440 0x0a14  BITS - ok
20:00:27.0440 0x0a14  bowser - ok
20:00:27.0440 0x0a14  BrokerInfrastructure - ok
20:00:27.0440 0x0a14  Browser - ok
20:00:27.0534 0x0a14  [ 239A81CC18170F3369D389DA65E74342, 5E26976176A6651B149784B1ED86ECCA133B7755EBB8B04361A8DDB705767AA3 ] BtFilter        C:\WINDOWS\system32\DRIVERS\btfilter.sys
20:00:27.0565 0x0a14  BtFilter - ok
20:00:27.0581 0x0a14  BthAvrcpTg - ok
20:00:27.0612 0x0a14  BthEnum - ok
20:00:27.0612 0x0a14  BthHFEnum - ok
20:00:27.0612 0x0a14  bthhfhid - ok
20:00:27.0612 0x0a14  BthHFSrv - ok
20:00:27.0612 0x0a14  BTHMODEM - ok
20:00:27.0628 0x0a14  BthPan - ok
20:00:27.0659 0x0a14  BTHPORT - ok
20:00:27.0675 0x0a14  bthserv - ok
20:00:27.0675 0x0a14  BTHUSB - ok
20:00:27.0675 0x0a14  buttonconverter - ok
20:00:27.0675 0x0a14  CapImg - ok
20:00:27.0675 0x0a14  cdfs - ok
20:00:27.0690 0x0a14  CDPSvc - ok
20:00:27.0690 0x0a14  cdrom - ok
20:00:27.0706 0x0a14  CertPropSvc - ok
20:00:27.0706 0x0a14  circlass - ok
20:00:27.0706 0x0a14  CLFS - ok
20:00:28.0034 0x0a14  [ F6541F3D7FAF912F52AAE4398757084E, 1C573949C115B0A371236B791BB748FFFC4E7B12CA4D4ACD23110AF6082625FA ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
20:00:28.0081 0x0a14  ClickToRunSvc - ok
20:00:28.0097 0x0a14  ClipSVC - ok
20:00:28.0097 0x0a14  CmBatt - ok
20:00:28.0097 0x0a14  CNG - ok
20:00:28.0112 0x0a14  cnghwassist - ok
20:00:28.0159 0x0a14  CompositeBus - ok
20:00:28.0159 0x0a14  COMSysApp - ok
20:00:28.0159 0x0a14  condrv - ok
20:00:28.0175 0x0a14  CoreMessagingRegistrar - ok
20:00:28.0190 0x0a14  CryptSvc - ok
20:00:28.0206 0x0a14  CSC - ok
20:00:28.0206 0x0a14  CscService - ok
20:00:28.0253 0x0a14  [ 36BFFFA4D9B136098C5B300E2E345090, 838D80E151CC9FC4ACF5A15F9355472134AF141D2FFAC095A25DE8B6E3093199 ] cxbu0x64        C:\WINDOWS\system32\DRIVERS\cxbu0x64.sys
20:00:28.0269 0x0a14  cxbu0x64 - ok
20:00:28.0269 0x0a14  dam - ok
20:00:28.0284 0x0a14  DcomLaunch - ok
20:00:28.0300 0x0a14  DcpSvc - ok
20:00:28.0300 0x0a14  defragsvc - ok
20:00:28.0300 0x0a14  DeviceAssociationService - ok
20:00:28.0315 0x0a14  DeviceInstall - ok
20:00:28.0315 0x0a14  DevQueryBroker - ok
20:00:28.0315 0x0a14  Dfsc - ok
20:00:28.0315 0x0a14  Dhcp - ok
20:00:28.0394 0x0a14  diagnosticshub.standardcollector.service - ok
20:00:28.0440 0x0a14  DiagTrack - ok
20:00:28.0440 0x0a14  disk - ok
20:00:28.0472 0x0a14  DmEnrollmentSvc - ok
20:00:28.0472 0x0a14  dmvsc - ok
20:00:28.0487 0x0a14  dmwappushservice - ok
20:00:28.0503 0x0a14  Dnscache - ok
20:00:28.0519 0x0a14  dot3svc - ok
20:00:28.0519 0x0a14  DPS - ok
20:00:28.0534 0x0a14  drmkaud - ok
20:00:28.0534 0x0a14  DsmSvc - ok
20:00:28.0534 0x0a14  DsSvc - ok
20:00:28.0534 0x0a14  DXGKrnl - ok
20:00:28.0550 0x0a14  e1iexpress - ok
20:00:28.0550 0x0a14  Eaphost - ok
20:00:28.0550 0x0a14  ebdrv - ok
20:00:28.0565 0x0a14  EFS - ok
20:00:28.0565 0x0a14  EhStorClass - ok
20:00:28.0565 0x0a14  EhStorTcgDrv - ok
20:00:28.0565 0x0a14  embeddedmode - ok
20:00:28.0581 0x0a14  EntAppSvc - ok
20:00:28.0581 0x0a14  ErrDev - ok
20:00:28.0581 0x0a14  EventSystem - ok
20:00:28.0597 0x0a14  exfat - ok
20:00:28.0612 0x0a14  fastfat - ok
20:00:28.0612 0x0a14  Fax - ok
20:00:28.0612 0x0a14  fdc - ok
20:00:28.0612 0x0a14  fdPHost - ok
20:00:28.0612 0x0a14  FDResPub - ok
20:00:28.0628 0x0a14  fhsvc - ok
20:00:28.0644 0x0a14  FileCrypt - ok
20:00:28.0644 0x0a14  FileInfo - ok
20:00:28.0644 0x0a14  Filetrace - ok
20:00:28.0644 0x0a14  flpydisk - ok
20:00:28.0644 0x0a14  FltMgr - ok
20:00:28.0644 0x0a14  FontCache - ok
20:00:28.0769 0x0a14  FontCache3.0.0.0 - ok
20:00:28.0769 0x0a14  FsDepends - ok
20:00:28.0784 0x0a14  Fs_Rec - ok
20:00:28.0784 0x0a14  fvevol - ok
20:00:28.0784 0x0a14  gagp30kx - ok
20:00:28.0831 0x0a14  gencounter - ok
20:00:28.0831 0x0a14  genericusbfn - ok
20:00:28.0940 0x0a14  [ 154651F84794535631970749476B53E6, 62D94A36133EB1E1E403159619362E77B34BBE55282A6EE53E503E6DF6A9839E ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
20:00:28.0972 0x0a14  GfExperienceService - ok
20:00:28.0972 0x0a14  GPIOClx0101 - ok
20:00:28.0972 0x0a14  gpsvc - ok
20:00:28.0987 0x0a14  GpuEnergyDrv - ok
20:00:29.0065 0x0a14  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:00:29.0081 0x0a14  gupdate - ok
20:00:29.0081 0x0a14  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:00:29.0097 0x0a14  gupdatem - ok
20:00:29.0097 0x0a14  HdAudAddService - ok
20:00:29.0097 0x0a14  HDAudBus - ok
20:00:29.0112 0x0a14  HidBatt - ok
20:00:29.0112 0x0a14  HidBth - ok
20:00:29.0128 0x0a14  hidi2c - ok
20:00:29.0128 0x0a14  hidinterrupt - ok
20:00:29.0128 0x0a14  HidIr - ok
20:00:29.0159 0x0a14  [ 436646F307122622978338DE503FCB13, F9FC507740D3CF7DE5FC1F15F8CDA6D157AB9217284ECDB6F79D7DDA131D06B8 ] hidkmdf         C:\WINDOWS\System32\drivers\hidkmdf.sys
20:00:29.0175 0x0a14  hidkmdf - ok
20:00:29.0175 0x0a14  hidserv - ok
20:00:29.0206 0x0a14  HidUsb - ok
20:00:29.0206 0x0a14  HomeGroupListener - ok
20:00:29.0222 0x0a14  HomeGroupProvider - ok
20:00:29.0222 0x0a14  HpSAMD - ok
20:00:29.0237 0x0a14  HTTP - ok
20:00:29.0237 0x0a14  hwpolicy - ok
20:00:29.0253 0x0a14  hyperkbd - ok
20:00:29.0253 0x0a14  HyperVideo - ok
20:00:29.0269 0x0a14  i8042prt - ok
20:00:29.0269 0x0a14  iai2c - ok
20:00:29.0269 0x0a14  iaLPSS2i_I2C - ok
20:00:29.0269 0x0a14  iaLPSSi_GPIO - ok
20:00:29.0269 0x0a14  iaLPSSi_I2C - ok
20:00:29.0284 0x0a14  iaStorAV - ok
20:00:29.0284 0x0a14  iaStorV - ok
20:00:29.0284 0x0a14  ibbus - ok
20:00:29.0284 0x0a14  icssvc - ok
20:00:29.0284 0x0a14  IEEtwCollectorService - ok
20:00:29.0315 0x0a14  IKEEXT - ok
20:00:29.0315 0x0a14  intelide - ok
20:00:29.0315 0x0a14  intelpep - ok
20:00:29.0315 0x0a14  intelppm - ok
20:00:29.0315 0x0a14  IoQos - ok
20:00:29.0315 0x0a14  IpFilterDriver - ok
20:00:29.0315 0x0a14  iphlpsvc - ok
20:00:29.0315 0x0a14  IPMIDRV - ok
20:00:29.0331 0x0a14  IPNAT - ok
20:00:29.0331 0x0a14  IRENUM - ok
20:00:29.0331 0x0a14  isapnp - ok
20:00:29.0331 0x0a14  iScsiPrt - ok
20:00:29.0331 0x0a14  kbdclass - ok
20:00:29.0331 0x0a14  kbdhid - ok
20:00:29.0331 0x0a14  kdnic - ok
20:00:29.0331 0x0a14  KeyIso - ok
20:00:29.0347 0x0a14  KSecDD - ok
20:00:29.0347 0x0a14  KSecPkg - ok
20:00:29.0347 0x0a14  ksthunk - ok
20:00:29.0378 0x0a14  KtmRm - ok
20:00:29.0378 0x0a14  LanmanServer - ok
20:00:29.0378 0x0a14  LanmanWorkstation - ok
20:00:29.0394 0x0a14  lfsvc - ok
20:00:29.0394 0x0a14  LicenseManager - ok
20:00:29.0394 0x0a14  lltdio - ok
20:00:29.0394 0x0a14  lltdsvc - ok
20:00:29.0394 0x0a14  lmhosts - ok
20:00:29.0394 0x0a14  LSI_SAS - ok
20:00:29.0409 0x0a14  LSI_SAS2i - ok
20:00:29.0409 0x0a14  LSI_SAS3i - ok
20:00:29.0409 0x0a14  LSI_SSS - ok
20:00:29.0409 0x0a14  LSM - ok
20:00:29.0409 0x0a14  luafv - ok
20:00:29.0409 0x0a14  MapsBroker - ok
20:00:29.0409 0x0a14  megasas - ok
20:00:29.0409 0x0a14  megasr - ok
20:00:29.0456 0x0a14  [ 9732602297242FFFBA9D9ED0290442F0, 27848E3497AEC52CCC36684E7CC3B8FDFF66EC4947DABF64F57ED5D4E988D9B7 ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
20:00:29.0472 0x0a14  MEIx64 - ok
20:00:29.0472 0x0a14  MessagingService - ok
20:00:29.0487 0x0a14  mlx4_bus - ok
20:00:29.0503 0x0a14  MMCSS - ok
20:00:29.0503 0x0a14  Modem - ok
20:00:29.0503 0x0a14  monitor - ok
20:00:29.0503 0x0a14  mouclass - ok
20:00:29.0503 0x0a14  mouhid - ok
20:00:29.0503 0x0a14  mountmgr - ok
20:00:29.0503 0x0a14  mpsdrv - ok
20:00:29.0503 0x0a14  MpsSvc - ok
20:00:29.0519 0x0a14  MRxDAV - ok
20:00:29.0519 0x0a14  mrxsmb - ok
20:00:29.0519 0x0a14  mrxsmb10 - ok
20:00:29.0534 0x0a14  mrxsmb20 - ok
20:00:29.0534 0x0a14  MsBridge - ok
20:00:29.0534 0x0a14  MSDTC - ok
20:00:29.0534 0x0a14  Msfs - ok
20:00:29.0550 0x0a14  msgpiowin32 - ok
20:00:29.0550 0x0a14  mshidkmdf - ok
20:00:29.0565 0x0a14  mshidumdf - ok
20:00:29.0565 0x0a14  msisadrv - ok
20:00:29.0565 0x0a14  MSiSCSI - ok
20:00:29.0565 0x0a14  msiserver - ok
20:00:29.0581 0x0a14  MSKSSRV - ok
20:00:29.0581 0x0a14  MsLldp - ok
20:00:29.0581 0x0a14  MSPCLOCK - ok
20:00:29.0581 0x0a14  MSPQM - ok
20:00:29.0581 0x0a14  MsRPC - ok
20:00:29.0581 0x0a14  mssmbios - ok
20:00:29.0581 0x0a14  MSTEE - ok
20:00:29.0597 0x0a14  MTConfig - ok
20:00:29.0597 0x0a14  Mup - ok
20:00:29.0597 0x0a14  mvumis - ok
20:00:29.0597 0x0a14  NativeWifiP - ok
20:00:29.0597 0x0a14  NcaSvc - ok
20:00:29.0597 0x0a14  NcbService - ok
20:00:29.0597 0x0a14  NcdAutoSetup - ok
20:00:29.0612 0x0a14  ndfltr - ok
20:00:29.0612 0x0a14  NDIS - ok
20:00:29.0612 0x0a14  NdisCap - ok
20:00:29.0612 0x0a14  NdisImPlatform - ok
20:00:29.0612 0x0a14  NdisTapi - ok
20:00:29.0612 0x0a14  Ndisuio - ok
20:00:29.0612 0x0a14  NdisVirtualBus - ok
20:00:29.0612 0x0a14  NdisWan - ok
20:00:29.0630 0x0a14  ndiswanlegacy - ok
20:00:29.0630 0x0a14  ndproxy - ok
20:00:29.0630 0x0a14  Ndu - ok
20:00:29.0630 0x0a14  NetBIOS - ok
20:00:29.0630 0x0a14  NetBT - ok
20:00:29.0630 0x0a14  Netlogon - ok
20:00:29.0645 0x0a14  Netman - ok
20:00:29.0645 0x0a14  netprofm - ok
20:00:29.0661 0x0a14  NetSetupSvc - ok
20:00:29.0692 0x0a14  NetTcpPortSharing - ok
20:00:29.0692 0x0a14  netvsc - ok
20:00:29.0723 0x0a14  NgcCtnrSvc - ok
20:00:29.0723 0x0a14  NgcSvc - ok
20:00:29.0723 0x0a14  NlaSvc - ok
20:00:29.0739 0x0a14  Npfs - ok
20:00:29.0739 0x0a14  npsvctrig - ok
20:00:29.0739 0x0a14  nsi - ok
20:00:29.0755 0x0a14  nsiproxy - ok
20:00:29.0755 0x0a14  NTFS - ok
20:00:29.0755 0x0a14  Null - ok
20:00:29.0786 0x0a14  [ 1F346E981A76BA8B98540B3481C1D659, 701F49AD67AD23A5B935F8A2A8A64CBEC194368889FE8CF09EEE44192D25E3E3 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
20:00:29.0786 0x0a14  NVHDA - ok
20:00:30.0114 0x0a14  [ 931D4A31CCF9C9C2D3C0DB1A64A06590, 54B0EE326451BE1892E4DEF17AFBF21F20DE7E00CDBBB3F5F81C3D5B02CC15E8 ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
20:00:30.0317 0x0a14  nvlddmkm - ok
20:00:30.0693 0x0a14  [ D2D76544A26DB7819CBDFC1F4A995B65, 528B529C21B2B9E580F15781918B302378CFAA1111F347ADE40476C484C2FA66 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
20:00:30.0724 0x0a14  NvNetworkService - ok
20:00:30.0724 0x0a14  nvraid - ok
20:00:30.0740 0x0a14  nvstor - ok
20:00:30.0787 0x0a14  [ 86893B821E35433759EBD7D21B56B42E, 4979D7F4B41AEA1CF693076D9574CE44ABE8F2584C7383510CB95EF324E70553 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
20:00:30.0787 0x0a14  NvStreamKms - ok
20:00:30.0880 0x0a14  [ 6917C4B6633B3F0BFAC3DB20011126A8, EE91CCA7453F749258B9EB884D4FDD4BFC32119EB69DD62D9961642233805522 ] NvStreamNetworkSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
20:00:30.0943 0x0a14  NvStreamNetworkSvc - ok
20:00:31.0099 0x0a14  [ 871DF38D1C791031988AC1932D6499FF, BCE58D69BB0D785787BA684F75F75D2F23E65037CAD6A70DBA5B91508DD90256 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
20:00:31.0146 0x0a14  NvStreamSvc - ok
20:00:31.0240 0x0a14  [ AEDA2633444029C9A3E879BD685F8B9C, CA11A737C91CF117AAAB8BBBDD1F59E4EAD5CEE5AECEA8E2DDC07FDC713BB425 ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
20:00:31.0271 0x0a14  nvsvc - ok
20:00:31.0302 0x0a14  [ 0BAF8B3DF77EFF04CC0BEA5F2C3657F9, 8E7A542E20416835F31B8648B5724446A78609C0ACC26FCC20E885CF83BE9CB2 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
20:00:31.0302 0x0a14  nvvad_WaveExtensible - ok
20:00:31.0302 0x0a14  nv_agp - ok
20:00:31.0334 0x0a14  OneSyncSvc - ok
20:00:31.0427 0x0a14  [ 8C02B0CC65BEE71124A565062BA77B39, C3B4965D62995195A776581BA0750FA72833F4E2E1F8F9DC683F562C13A9E20C ] OpenVPNAccessClient C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
20:00:31.0459 0x0a14  OpenVPNAccessClient - detected UnsignedFile.Multi.Generic ( 1 )
20:00:31.0521 0x0a14  OpenVPNAccessClient ( UnsignedFile.Multi.Generic ) - warning
20:00:31.0521 0x0a14  Force sending object to P2P due to detect: OpenVPNAccessClient
20:00:31.0521 0x0a14  Object send P2P result: false
20:00:31.0599 0x0a14  [ E6D14F57D20E1C70482BA3ABAC367E4B, 9C0C5337F38EBC446FBC968098C55DF7FF101CF2291FD3A98EC7055F36964BC8 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:00:31.0630 0x0a14  ose - ok
20:00:31.0646 0x0a14  p2pimsvc - ok
20:00:31.0662 0x0a14  p2psvc - ok
20:00:31.0662 0x0a14  Parport - ok
20:00:31.0677 0x0a14  partmgr - ok
20:00:31.0693 0x0a14  PcaSvc - ok
20:00:31.0693 0x0a14  pci - ok
20:00:31.0693 0x0a14  pciide - ok
20:00:31.0693 0x0a14  pcmcia - ok
20:00:31.0693 0x0a14  pcw - ok
20:00:31.0693 0x0a14  pdc - ok
20:00:31.0724 0x0a14  PEAUTH - ok
20:00:31.0724 0x0a14  PeerDistSvc - ok
20:00:31.0724 0x0a14  percsas2i - ok
20:00:31.0724 0x0a14  percsas3i - ok
20:00:31.0818 0x0a14  PerfHost - ok
20:00:31.0834 0x0a14  PhoneSvc - ok
20:00:31.0849 0x0a14  PimIndexMaintenanceSvc - ok
20:00:31.0865 0x0a14  pla - ok
20:00:31.0880 0x0a14  PlugPlay - ok
20:00:31.0880 0x0a14  PNRPAutoReg - ok
20:00:31.0880 0x0a14  PNRPsvc - ok
20:00:31.0880 0x0a14  PolicyAgent - ok
20:00:31.0896 0x0a14  Power - ok
20:00:31.0896 0x0a14  PptpMiniport - ok
20:00:32.0084 0x0a14  [ C9908063F90F5541098BF19EA63E1327, AA6B5E4D01CD8061D5953FDE3025FE4AF01B265C182B8818107A035E4FFAD0DF ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
20:00:32.0240 0x0a14  PrintNotify - ok
20:00:32.0255 0x0a14  Processor - ok
20:00:32.0255 0x0a14  ProfSvc - ok
20:00:32.0255 0x0a14  Psched - ok
20:00:32.0271 0x0a14  QWAVE - ok
20:00:32.0271 0x0a14  QWAVEdrv - ok
20:00:32.0271 0x0a14  RasAcd - ok
20:00:32.0302 0x0a14  RasAgileVpn - ok
20:00:32.0318 0x0a14  RasAuto - ok
20:00:32.0318 0x0a14  Rasl2tp - ok
20:00:32.0318 0x0a14  RasMan - ok
20:00:32.0318 0x0a14  RasPppoe - ok
20:00:32.0318 0x0a14  RasSstp - ok
20:00:32.0334 0x0a14  rdbss - ok
20:00:32.0334 0x0a14  rdpbus - ok
20:00:32.0349 0x0a14  RDPDR - ok
20:00:32.0365 0x0a14  RdpVideoMiniport - ok
20:00:32.0365 0x0a14  rdyboost - ok
20:00:32.0365 0x0a14  ReFSv1 - ok
20:00:32.0380 0x0a14  RemoteAccess - ok
20:00:32.0380 0x0a14  RemoteRegistry - ok
20:00:32.0412 0x0a14  RetailDemo - ok
20:00:32.0427 0x0a14  RFCOMM - ok
20:00:32.0427 0x0a14  RpcEptMapper - ok
20:00:32.0427 0x0a14  RpcLocator - ok
20:00:32.0427 0x0a14  RpcSs - ok
20:00:32.0443 0x0a14  rspndr - ok
20:00:32.0443 0x0a14  rt640x64 - ok
20:00:32.0443 0x0a14  s3cap - ok
20:00:32.0443 0x0a14  SamSs - ok
20:00:32.0443 0x0a14  sbp2port - ok
20:00:32.0443 0x0a14  SCardSvr - ok
20:00:32.0443 0x0a14  ScDeviceEnum - ok
20:00:32.0459 0x0a14  scfilter - ok
20:00:32.0459 0x0a14  Schedule - ok
20:00:32.0490 0x0a14  SCPolicySvc - ok
20:00:32.0505 0x0a14  sdbus - ok
20:00:32.0505 0x0a14  SDRSVC - ok
20:00:32.0521 0x0a14  sdstor - ok
20:00:32.0521 0x0a14  seclogon - ok
20:00:32.0521 0x0a14  SENS - ok
20:00:32.0537 0x0a14  SensorDataService - ok
20:00:32.0537 0x0a14  SensorService - ok
20:00:32.0537 0x0a14  SensrSvc - ok
20:00:32.0537 0x0a14  SerCx - ok
20:00:32.0537 0x0a14  SerCx2 - ok
20:00:32.0552 0x0a14  Serenum - ok
20:00:32.0552 0x0a14  Serial - ok
20:00:32.0568 0x0a14  sermouse - ok
20:00:32.0568 0x0a14  SessionEnv - ok
20:00:32.0568 0x0a14  sfloppy - ok
20:00:32.0568 0x0a14  SharedAccess - ok
20:00:32.0584 0x0a14  ShellHWDetection - ok
20:00:32.0584 0x0a14  SiSRaid2 - ok
20:00:32.0584 0x0a14  SiSRaid4 - ok
20:00:32.0646 0x0a14  [ 6749AD471D1D44CBD1F30257C861F77B, D5A554F35E380948F13BFE0673B49F8FD8AE5A438BF3645857522E2560A58685 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:00:32.0662 0x0a14  SkypeUpdate - ok
20:00:32.0662 0x0a14  smphost - ok
20:00:32.0662 0x0a14  SmsRouter - ok
20:00:32.0677 0x0a14  SNMPTRAP - ok
20:00:32.0677 0x0a14  spaceport - ok
20:00:32.0677 0x0a14  SpbCx - ok
20:00:32.0677 0x0a14  Spooler - ok
20:00:32.0677 0x0a14  sppsvc - ok
20:00:32.0677 0x0a14  srv - ok
20:00:32.0677 0x0a14  srv2 - ok
20:00:32.0677 0x0a14  srvnet - ok
20:00:32.0693 0x0a14  SSDPSRV - ok
20:00:32.0693 0x0a14  SstpSvc - ok
20:00:32.0693 0x0a14  StateRepository - ok
20:00:32.0771 0x0a14  [ 843F5E097F35534FBD18A84156E30687, BA446B8A3A2675D862BA841020BD651FDE8BBBF05BB6C0F8F483CCE0D5BF7C14 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:00:32.0787 0x0a14  Stereo Service - ok
20:00:32.0787 0x0a14  stexstor - ok
20:00:32.0818 0x0a14  stisvc - ok
20:00:32.0818 0x0a14  storahci - ok
20:00:32.0818 0x0a14  storflt - ok
20:00:32.0818 0x0a14  stornvme - ok
20:00:32.0818 0x0a14  storqosflt - ok
20:00:32.0834 0x0a14  StorSvc - ok
20:00:32.0834 0x0a14  storufs - ok
20:00:32.0834 0x0a14  storvsc - ok
20:00:32.0849 0x0a14  svsvc - ok
20:00:32.0849 0x0a14  swenum - ok
20:00:32.0849 0x0a14  swprv - ok
20:00:32.0849 0x0a14  Synth3dVsc - ok
20:00:32.0865 0x0a14  SysMain - ok
20:00:32.0865 0x0a14  SystemEventsBroker - ok
20:00:32.0896 0x0a14  TabletInputService - ok
20:00:32.0896 0x0a14  TapiSrv - ok
20:00:32.0943 0x0a14  [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD, 58F14DAA0EA21EA2F2A1D3D62C88BD8E5A0E0EF498B7B8D367BEEADE6A46843C ] tapoas          C:\WINDOWS\System32\drivers\tapoas.sys
20:00:33.0005 0x0a14  tapoas - ok
20:00:33.0021 0x0a14  Tcpip - ok
20:00:33.0021 0x0a14  Tcpip6 - ok
20:00:33.0037 0x0a14  tcpipreg - ok
20:00:33.0037 0x0a14  tdx - ok
20:00:33.0037 0x0a14  terminpt - ok
20:00:33.0052 0x0a14  TermService - ok
20:00:33.0052 0x0a14  Themes - ok
20:00:33.0052 0x0a14  TieringEngineService - ok
20:00:33.0068 0x0a14  tiledatamodelsvc - ok
20:00:33.0068 0x0a14  TimeBroker - ok
20:00:33.0068 0x0a14  TPM - ok
20:00:33.0068 0x0a14  TrkWks - ok
20:00:33.0084 0x0a14  [ 0D5A09B08568760AE85A801FCBC0F83D, 347ACBA74FDCBEAC671521739F8A34EC0E378CAF716C31F55616F9F843E4D0D3 ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
20:00:33.0084 0x0a14  TrueSight - ok
20:00:33.0130 0x0a14  TrustedInstaller - ok
20:00:33.0130 0x0a14  tsusbflt - ok
20:00:33.0146 0x0a14  TsUsbGD - ok
20:00:33.0146 0x0a14  tunnel - ok
20:00:33.0162 0x0a14  tzautoupdate - ok
20:00:33.0162 0x0a14  uagp35 - ok
20:00:33.0162 0x0a14  UASPStor - ok
20:00:33.0177 0x0a14  UcmCx0101 - ok
20:00:33.0177 0x0a14  UcmUcsi - ok
20:00:33.0177 0x0a14  Ucx01000 - ok
20:00:33.0177 0x0a14  UdeCx - ok
20:00:33.0177 0x0a14  udfs - ok
20:00:33.0177 0x0a14  UEFI - ok
20:00:33.0193 0x0a14  Ufx01000 - ok
20:00:33.0209 0x0a14  UfxChipidea - ok
20:00:33.0209 0x0a14  ufxsynopsys - ok
20:00:33.0224 0x0a14  UI0Detect - ok
20:00:33.0224 0x0a14  uliagpkx - ok
20:00:33.0224 0x0a14  umbus - ok
20:00:33.0224 0x0a14  UmPass - ok
20:00:33.0224 0x0a14  UmRdpService - ok
20:00:33.0224 0x0a14  UnistoreSvc - ok
20:00:33.0240 0x0a14  upnphost - ok
20:00:33.0240 0x0a14  UrsChipidea - ok
20:00:33.0240 0x0a14  UrsCx01000 - ok
20:00:33.0240 0x0a14  UrsSynopsys - ok
20:00:33.0240 0x0a14  usbccgp - ok
20:00:33.0255 0x0a14  usbcir - ok
20:00:33.0255 0x0a14  usbehci - ok
20:00:33.0255 0x0a14  usbhub - ok
20:00:33.0255 0x0a14  USBHUB3 - ok
20:00:33.0255 0x0a14  usbohci - ok
20:00:33.0255 0x0a14  usbprint - ok
20:00:33.0255 0x0a14  usbser - ok
20:00:33.0255 0x0a14  USBSTOR - ok
20:00:33.0271 0x0a14  usbuhci - ok
20:00:33.0271 0x0a14  USBXHCI - ok
20:00:33.0271 0x0a14  UserDataSvc - ok
20:00:33.0287 0x0a14  UserManager - ok
20:00:33.0302 0x0a14  UsoSvc - ok
20:00:33.0302 0x0a14  VaultSvc - ok
20:00:33.0318 0x0a14  vdrvroot - ok
20:00:33.0318 0x0a14  vds - ok
20:00:33.0318 0x0a14  VerifierExt - ok
20:00:33.0318 0x0a14  vhdmp - ok
20:00:33.0318 0x0a14  vhf - ok
20:00:33.0318 0x0a14  vmbus - ok
20:00:33.0318 0x0a14  VMBusHID - ok
20:00:33.0334 0x0a14  vmicguestinterface - ok
20:00:33.0334 0x0a14  vmicheartbeat - ok
20:00:33.0334 0x0a14  vmickvpexchange - ok
20:00:33.0334 0x0a14  vmicrdv - ok
20:00:33.0349 0x0a14  vmicshutdown - ok
20:00:33.0349 0x0a14  vmictimesync - ok
20:00:33.0349 0x0a14  vmicvmsession - ok
20:00:33.0349 0x0a14  vmicvss - ok
20:00:33.0349 0x0a14  volmgr - ok
20:00:33.0349 0x0a14  volmgrx - ok
20:00:33.0349 0x0a14  volsnap - ok
20:00:33.0349 0x0a14  vpci - ok
20:00:33.0365 0x0a14  vsmraid - ok
20:00:33.0365 0x0a14  VSS - ok
20:00:33.0365 0x0a14  VSTXRAID - ok
20:00:33.0365 0x0a14  vwifibus - ok
20:00:33.0365 0x0a14  vwififlt - ok
20:00:33.0365 0x0a14  W32Time - ok
20:00:33.0412 0x0a14  [ 8192518C03634C5AE9ABF327CBE162C6, D03597AD818B4448CB5ED87D6982A2601FA09B519D9D93EC44346E7CEF8BAC0B ] WacHidRouterPro C:\WINDOWS\System32\drivers\wachidrouter.sys
20:00:33.0427 0x0a14  WacHidRouterPro - ok
20:00:33.0427 0x0a14  WacomPen - ok
20:00:33.0459 0x0a14  [ 9964F4E598CC594A7397BEBDEDA2EAAD, D281AC4E0AEFA309B4754623EF8F281A833D136C243A498AD215166F2DF126DE ] wacomrouterfilter C:\WINDOWS\System32\drivers\wacomrouterfilter.sys
20:00:33.0459 0x0a14  wacomrouterfilter - ok
20:00:33.0459 0x0a14  WalletService - ok
20:00:33.0459 0x0a14  wanarp - ok
20:00:33.0459 0x0a14  wanarpv6 - ok
20:00:33.0474 0x0a14  wbengine - ok
20:00:33.0474 0x0a14  WbioSrvc - ok
20:00:33.0474 0x0a14  Wcmsvc - ok
20:00:33.0474 0x0a14  wcncsvc - ok
20:00:33.0474 0x0a14  WcsPlugInService - ok
20:00:33.0474 0x0a14  WdBoot - ok
20:00:33.0521 0x0a14  [ A556768CC1FA4F36022BEE2F0EDE2566, 3A4BC9DE614F43CD94FA354A565C66B2E1E36C0608D84C6288010B97B9D811AA ] WDC_SAM         C:\WINDOWS\System32\drivers\wdcsam64.sys
20:00:33.0537 0x0a14  WDC_SAM - ok
20:00:33.0537 0x0a14  Wdf01000 - ok
20:00:33.0552 0x0a14  WdFilter - ok
20:00:33.0552 0x0a14  WdiServiceHost - ok
20:00:33.0552 0x0a14  WdiSystemHost - ok
20:00:33.0552 0x0a14  wdiwifi - ok
20:00:33.0568 0x0a14  WdNisDrv - ok
20:00:33.0584 0x0a14  WdNisSvc - ok
20:00:33.0584 0x0a14  WebClient - ok
20:00:33.0584 0x0a14  Wecsvc - ok
20:00:33.0584 0x0a14  WEPHOSTSVC - ok
20:00:33.0615 0x0a14  wercplsupport - ok
20:00:33.0615 0x0a14  WerSvc - ok
20:00:33.0646 0x0a14  WFPLWFS - ok
20:00:33.0646 0x0a14  WiaRpc - ok
20:00:33.0662 0x0a14  WIMMount - ok
20:00:33.0662 0x0a14  WinDefend - ok
20:00:33.0662 0x0a14  WindowsTrustedRT - ok
20:00:33.0662 0x0a14  WindowsTrustedRTProxy - ok
20:00:33.0677 0x0a14  WinHttpAutoProxySvc - ok
20:00:33.0677 0x0a14  WinMad - ok
20:00:33.0771 0x0a14  Winmgmt - ok
20:00:33.0787 0x0a14  WinRM - ok
20:00:33.0787 0x0a14  WINUSB - ok
20:00:33.0787 0x0a14  WinVerbs - ok
20:00:33.0802 0x0a14  WlanSvc - ok
20:00:33.0802 0x0a14  wlidsvc - ok
20:00:33.0802 0x0a14  WmiAcpi - ok
20:00:33.0802 0x0a14  wmiApSrv - ok
20:00:33.0834 0x0a14  WMPNetworkSvc - ok
20:00:33.0849 0x0a14  [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
20:00:33.0849 0x0a14  Wof - ok
20:00:33.0865 0x0a14  workfolderssvc - ok
20:00:33.0865 0x0a14  wpcfltr - ok
20:00:33.0880 0x0a14  WPDBusEnum - ok
20:00:33.0880 0x0a14  WpdUpFltr - ok
20:00:33.0896 0x0a14  WpnService - ok
20:00:33.0896 0x0a14  ws2ifsl - ok
20:00:33.0896 0x0a14  wscsvc - ok
20:00:33.0896 0x0a14  WSearch - ok
20:00:33.0912 0x0a14  WSService - ok
20:00:34.0021 0x0a14  [ 62EB58FF4053ED8B89B4BA7A437BCF5B, B494E9F2399755298917360A2837E5E11F40220BBC64376F32814777CF083B92 ] WTabletServicePro C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
20:00:34.0037 0x0a14  WTabletServicePro - ok
20:00:34.0052 0x0a14  wuauserv - ok
20:00:34.0068 0x0a14  WudfPf - ok
20:00:34.0068 0x0a14  WUDFRd - ok
20:00:34.0068 0x0a14  wudfsvc - ok
20:00:34.0084 0x0a14  WUDFWpdFs - ok
20:00:34.0084 0x0a14  WUDFWpdMtp - ok
20:00:34.0084 0x0a14  WwanSvc - ok
20:00:34.0099 0x0a14  XblAuthManager - ok
20:00:34.0099 0x0a14  XblGameSave - ok
20:00:34.0115 0x0a14  xboxgip - ok
20:00:34.0115 0x0a14  XboxNetApiSvc - ok
20:00:34.0115 0x0a14  xinputhid - ok
20:00:34.0115 0x0a14  ================ Scan global ===============================
20:00:34.0146 0x0a14  [ Global ] - ok
20:00:34.0146 0x0a14  ================ Scan MBR ==================================
20:00:34.0146 0x0a14  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:00:34.0224 0x0a14  \Device\Harddisk0\DR0 - ok
20:00:34.0240 0x0a14  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
20:00:34.0510 0x0a14  \Device\Harddisk1\DR1 - ok
20:00:34.0510 0x0a14  ================ Scan VBR ==================================
20:00:34.0510 0x0a14  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition1
20:00:34.0510 0x0a14  \Device\Harddisk0\DR0\Partition1 - ok
20:00:34.0510 0x0a14  [ 70B8CEFC5BA6DC56F2C2058AC5EB4B2E ] \Device\Harddisk0\DR0\Partition2
20:00:34.0510 0x0a14  \Device\Harddisk0\DR0\Partition2 - ok
20:00:34.0526 0x0a14  [ 89AEF3B35B35C208170803E4AE0698A5 ] \Device\Harddisk1\DR1\Partition1
20:00:34.0526 0x0a14  \Device\Harddisk1\DR1\Partition1 - ok
20:00:34.0526 0x0a14  ================ Scan generic autorun ======================
20:00:34.0682 0x0a14  [ 8792B098E4B72A53ACC14FCD7DB4261A, B70273E2CCDB120C1B4F80E49DC7EFF574E2E0BB80E4B5C8D2383CD21DBBE34D ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
20:00:34.0713 0x0a14  NvBackend - ok
20:00:34.0729 0x0a14  ShadowPlay - ok
20:00:34.0869 0x0a14  [ A33833D1CB24AA28372CE0D43D4F5112, D1FDE1418094B29D680CAC4E1D9C67DF6880378552EDC9E52948F67D5CCFF805 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
20:00:34.0885 0x0a14  AdobeAAMUpdater-1.0 - ok
20:00:34.0994 0x0a14  OneDriveSetup - ok
20:00:34.0994 0x0a14  OneDriveSetup - ok
20:00:35.0135 0x0a14  [ 8F2EA5EE0695CCE2285D92C44108375C, 2C96A8E7E41E87C27B6A3325526F99A03333357EF2682C17A4892BE4A58D157E ] C:\Users\Mihkel\AppData\Local\Microsoft\OneDrive\OneDrive.exe
20:00:35.0151 0x0a14  OneDrive - ok
20:00:35.0213 0x0a14  Skype - ok
20:00:35.0229 0x0a14  BlueStacks Agent - ok
20:00:35.0229 0x0a14  Uninstall C:\Users\Mihkel\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64 - ok
20:00:35.0244 0x0a14  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.494 ), 0x61100 ( enabled : updated )
20:00:35.0244 0x0a14  Win FW state via NFP2: enabled ( trusted )
20:00:35.0244 0x0a14  ============================================================
20:00:35.0244 0x0a14  Scan finished
20:00:35.0244 0x0a14  ============================================================
20:00:35.0244 0x1374  Detected object count: 1
20:00:35.0244 0x1374  Actual detected object count: 1
20:04:56.0118 0x1374  C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe - copied to quarantine
20:04:56.0265 0x1374  HKLM\SYSTEM\ControlSet001\services\OpenVPNAccessClient - will be deleted on reboot
20:04:56.0461 0x1374  C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe - will be deleted on reboot
20:04:56.0461 0x1374  OpenVPNAccessClient ( UnsignedFile.Multi.Generic ) - User select action: Delete 
20:04:56.0588 0x1374  KLMD registered as C:\WINDOWS\system32\drivers\56922707.sys
20:05:20.0158 0x232c  Deinitialize success
 


#5 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 29 August 2016 - 04:52 PM

Yeah, you let TDSSKiller delete an OpenVPN driver, which may have been a TDSSKiller error.

 

Gmer picked up a lot of activity, but I am not that familiar with Windows 10 Gmer scan results, and wonder if Defender wasn't involved. RogueKiller, which found nothing, should have shown something if the Gmer scan showed malicious activity.

 

 

To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types".

 

Go to VirusTotal, click Choose File, and upload the following. Then click "Scan it!"

 

C:\Users\Mihkel\AppData\Local\Temp\{8F717995-33E0-46CC-A6DC-DCB9A9D92E0C}\{57E53C53-E9E8-40B6-9431-430E1EE4A3A2}.exe
 

After the scan finishes, copy the scan address in the address bar, and paste it back here please.


Ad eundum quo no duck ante iit

#6 porgandpoiss

porgandpoiss
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 05 September 2016 - 11:51 AM

Hello

 

Im sorry for the late response. I followed the instructions, but when I try to upload the file, Windows tells me that it cannot find the file specified. Should I run another scan?

 

edit: I should probably mention, that there is a folder in the same /Temp directory created on 23/08/2016 for which I do not have read permissions. It's size is 0 bytes.


Edited by porgandpoiss, 05 September 2016 - 12:00 PM.


#7 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 05 September 2016 - 04:28 PM

Did you see the file when you tried to upload it?

 

Run Gmer again. Once it finishes it's opening scan, press the >>> at the top. Then click the Processes tab. Does the list show any blank spaces, like this?

 

62z77Hp.png

 

 

:step1: Run Malwarebytes Anti-Rootkit again: Double click mbar.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.

  • Scan your system for malware
  • If malware is found, click on the Cleanup
  • button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

Ad eundum quo no duck ante iit




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users