Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Still infected, absolutely frustrated!!!


  • This topic is locked This topic is locked
18 replies to this topic

#1 BOV72

BOV72

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, United States
  • Local time:06:43 PM

Posted 09 October 2016 - 09:32 PM

Hello- I am in need of some assistance with this Bleeping CPU. I had previously posted before, and was helped by Aura (Yoan). As he is currently unavailable, I'm reaching out. A quick background, I've been battling this infection for months to no avail. After using BitDefender rescue, 4 infections were found. I have reinstalled Windows too many times to count. Yoan informed me that these were probably false positives from using livecd. At one point, i had the machine at a clean install with no problems. however, when I tried to recover some photos from an external hdd, the infection came back. At one time, I had some (believe it or not) WAREZ from 2012 that was on that drive. I must have activated the infection when I tried to restore the photos. Which brings me to today. I had panicked the other day, and deleted my boot files. I couldn't even reinstall using my win7 disk. I happened to have an old win 7 enterprise that I installed to get me back on the machine. When I went to install my paid copy, I had to copy the DVD to USB for it to work. I just upgraded to Windows 10, and did all updates. The only software I installed was Bitdefender 2017 trial, and chrome. My last update installed the nvidia drivers, then afepter reset, it happened again. CPU running very slow, I went to safe mode, downloaded gmer, and it showed rootkit/malware crss.exe. So what do I need to do?

BC AdBot (Login to Remove)

 


#2 BOV72

BOV72
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, United States
  • Local time:06:43 PM

Posted 09 October 2016 - 09:36 PM

Gmer: c:\windows\system32\csrss.exe [456,508] value ffff aec599336c20

#3 BOV72

BOV72
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, United States
  • Local time:06:43 PM

Posted 10 October 2016 - 12:42 AM

Nothing on malewarebytes .

Here are FRST Logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-10-2016
Ran by TennVols-72 (administrator) on TENNVOLS-72-PC (10-10-2016 01:18:42)
Running from C:\Users\TennVols-72\Downloads
Loaded Profiles: TennVols-72 (Available Profiles: TennVols-72)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1802424 2015-11-19] (NVIDIA Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{57af6b13-db5d-48c1-a7e7-08ff320e3e09}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-328236176-1146243434-4001858858-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2016-09-14] (Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2016-09-14] (Bitdefender)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2016-09-14] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2016-09-14] (Bitdefender)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff [2016-10-06]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2016-10-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-09] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default [2016-10-10]
CHR Extension: (Google Slides) - C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-09]
CHR Extension: (Google Docs) - C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-09]
CHR Extension: (Google Drive) - C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-09]
CHR Extension: (YouTube) - C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-09]
CHR Extension: (Google Sheets) - C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-09]
CHR Extension: (Bitdefender Wallet) - C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2016-10-09]
CHR Extension: (Google Docs Offline) - C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-09]
CHR Extension: (Gmail) - C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-09]
CHR Extension: (Chrome Media Router) - C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-09]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [100448 2016-10-06] (Bitdefender)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1088944 2016-09-13] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [216880 2016-08-24] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [1306832 2016-10-04] (Bitdefender)
R2 vsservp; C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe [524872 2016-08-25] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1603264 2016-06-29] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [850464 2016-06-03] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [128400 2016-06-24] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2015-12-16] (BitDefender LLC)
R0 ignis; C:\Windows\system32\DRIVERS\ignis.sys [300840 2016-08-11] (Bitdefender)
R3 ITECIRfilter; C:\Windows\system32\DRIVERS\ITECIRfilter.sys [36560 2015-11-24] (ITE Tech. Inc. )
R3 MTsensor; C:\Windows\system32\DRIVERS\ATK64AMD.sys [13680 2007-08-09] ()
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [520032 2016-03-10] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-10 01:20 - 2016-10-10 01:20 - 00000000 ____D C:\Users\TennVols-72\Downloads\FRST64
2016-10-10 01:18 - 2016-10-10 01:20 - 00009375 _____ C:\Users\TennVols-72\Downloads\FRST.txt
2016-10-10 01:18 - 2016-10-10 01:18 - 00000000 ____D C:\FRST
2016-10-10 01:17 - 2016-10-10 01:17 - 00000000 ____D C:\Users\TennVols-72\AppData\Local\NVIDIA
2016-10-10 01:02 - 2016-10-10 01:04 - 00003942 _____ C:\Users\TennVols-72\Desktop\Rkill.txt
2016-10-10 01:02 - 2016-10-10 01:02 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\TennVols-72\Downloads\rkill.exe
2016-10-10 01:01 - 2016-10-10 01:18 - 02407424 _____ (Farbar) C:\Users\TennVols-72\Downloads\FRST64.exe
2016-10-10 01:00 - 2016-10-10 01:00 - 00448512 _____ (OldTimer Tools) C:\Users\TennVols-72\Downloads\TFC.exe
2016-10-09 23:11 - 2016-10-09 19:47 - 00000000 ___DC C:\WINDOWS\Panther
2016-10-09 23:10 - 2016-10-09 23:10 - 00000000 ____D C:\Windows.old
2016-10-09 23:08 - 2016-10-09 23:08 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-10-09 23:07 - 2016-10-09 23:07 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-10-09 23:07 - 2016-10-09 23:07 - 00000000 ____D C:\Program Files\MSBuild
2016-10-09 23:07 - 2016-10-09 23:07 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-10-09 23:07 - 2016-10-09 23:07 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-10-09 23:06 - 2016-10-09 23:06 - 01349128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-10-09 23:06 - 2016-10-09 23:06 - 01163696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-10-09 23:06 - 2016-10-09 23:06 - 01046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-10-09 23:06 - 2016-10-09 23:06 - 00885832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-10-09 23:06 - 2016-10-09 23:06 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2016-10-09 23:06 - 2016-05-25 18:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-10-09 23:06 - 2016-05-25 18:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-10-09 23:06 - 2016-05-25 18:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-10-09 23:06 - 2016-05-25 15:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-10-09 23:06 - 2016-05-25 15:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-10-09 23:06 - 2016-05-25 15:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-10-09 21:06 - 2016-10-09 21:06 - 00371282 _____ C:\Users\TennVols-72\Downloads\gmer.zip
2016-10-09 21:04 - 2016-10-10 00:56 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-10-09 21:01 - 2016-10-10 01:05 - 00000000 ____D C:\WINDOWS\pss
2016-10-09 20:15 - 2016-10-09 20:15 - 00003260 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2016-10-09 20:15 - 2016-10-09 20:15 - 00003194 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2016-10-09 20:15 - 2016-10-09 20:15 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-10-09 20:14 - 2016-10-09 20:14 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-10-09 20:14 - 2016-10-09 20:14 - 00000000 ____D C:\WINDOWS\system32\DAX2
2016-10-09 20:14 - 2016-10-09 20:14 - 00000000 ____D C:\Program Files\Realtek
2016-10-09 20:11 - 2016-10-09 20:11 - 00000000 ____D C:\Users\TennVols-72\AppData\Local\Comms
2016-10-09 20:09 - 2016-10-09 20:21 - 524288512 _____ C:\Users\TennVols-72\Documents\Vols Nation 2.bvd
2016-10-09 20:07 - 2016-10-10 01:15 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-09 20:06 - 2016-10-09 20:07 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-10-09 20:06 - 2015-10-13 11:26 - 00608048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-10-09 20:05 - 2015-10-13 13:26 - 06783280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-10-09 20:05 - 2015-10-13 13:26 - 03522168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-10-09 20:05 - 2015-10-13 13:26 - 02557616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-10-09 20:05 - 2015-10-13 13:26 - 00933168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-10-09 20:05 - 2015-10-13 13:26 - 00384176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-10-09 20:05 - 2015-10-13 13:26 - 00062584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-10-09 20:05 - 2015-10-13 12:19 - 05972783 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-10-09 20:04 - 2016-10-10 01:00 - 00000000 ____D C:\Users\TennVols-72\AppData\Temp
2016-10-09 20:04 - 2015-11-19 22:55 - 00082744 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2016-10-09 20:04 - 2015-11-19 22:55 - 00068280 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2016-10-09 20:03 - 2016-10-09 20:07 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-10-09 20:02 - 2016-10-09 20:07 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-10-09 20:00 - 2016-10-09 20:00 - 00383721 _____ C:\ProgramData\cl.1476057214.bdinstall.bin
2016-10-09 20:00 - 2016-10-09 20:00 - 00003408 _____ C:\WINDOWS\System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C
2016-10-09 20:00 - 2016-10-09 20:00 - 00000385 _____ C:\WINDOWS\system32\user_gensett.xml
2016-10-09 19:59 - 2016-10-09 19:59 - 00002299 _____ C:\Users\Public\Desktop\Bitdefender 2017.lnk
2016-10-09 19:59 - 2016-10-09 19:59 - 00000684 ____H C:\bdr-cf03
2016-10-09 19:59 - 2016-10-09 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2017
2016-10-09 19:58 - 2016-10-09 19:58 - 00000000 ____D C:\ProgramData\BDLogging
2016-10-09 19:58 - 2016-03-14 22:04 - 00023672 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2016-10-09 19:58 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
2016-10-09 19:58 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
2016-10-09 19:57 - 2016-08-11 17:42 - 00300840 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2016-10-09 19:57 - 2016-06-29 18:07 - 01603264 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2016-10-09 19:57 - 2016-06-03 17:05 - 00850464 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2016-10-09 19:56 - 2016-10-09 19:59 - 00253404 ____H C:\bdr-ld03
2016-10-09 19:56 - 2016-10-09 19:59 - 00009216 ____H C:\bdr-ld03.mbr
2016-10-09 19:56 - 2016-10-09 19:57 - 00002425 _____ C:\Users\TennVols-72\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-10-09 19:56 - 2016-10-09 19:57 - 00000000 ___RD C:\Users\TennVols-72\OneDrive
2016-10-09 19:56 - 2016-04-18 12:37 - 49758821 ____H C:\bdr-im03.gz
2016-10-09 19:56 - 2013-08-13 13:38 - 03271472 ____H C:\bdr-bz03
2016-10-09 19:53 - 2016-10-09 20:00 - 00000000 ____D C:\ProgramData\Bitdefender
2016-10-09 19:53 - 2016-03-10 07:41 - 00520032 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2016-10-09 19:53 - 2015-12-16 05:53 - 00182936 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2016-10-09 19:51 - 2016-10-09 19:51 - 00027048 _____ C:\ProgramData\agent.1476057087.bdinstall.bin
2016-10-09 19:51 - 2016-10-09 19:51 - 00000000 ____D C:\Users\TennVols-72\AppData\Local\NetworkTiles
2016-10-09 19:51 - 2016-10-09 19:51 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-10-09 19:50 - 2016-10-09 19:50 - 00039052 _____ C:\ProgramData\dm.1476056952.bdinstall.bin
2016-10-09 19:49 - 2016-10-09 19:49 - 00000000 ____D C:\Users\TennVols-72\AppData\Local\Publishers
2016-10-09 19:48 - 2016-10-09 20:49 - 00000000 ____D C:\Users\TennVols-72\AppData\Local\ConnectedDevicesPlatform
2016-10-09 19:48 - 2016-10-09 20:15 - 00000000 ____D C:\Users\TennVols-72\AppData\Local\Packages
2016-10-09 19:48 - 2016-10-09 19:48 - 00000020 ___SH C:\Users\TennVols-72\ntuser.ini
2016-10-09 19:48 - 2016-10-09 19:48 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-10-09 19:48 - 2016-10-09 19:48 - 00000000 ____D C:\Users\TennVols-72\AppData\Roaming\Adobe
2016-10-09 19:48 - 2016-10-09 19:48 - 00000000 ____D C:\Users\TennVols-72\AppData\Local\TileDataLayer
2016-10-09 19:36 - 2016-10-10 01:00 - 00959422 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-10-09 19:36 - 2016-10-09 19:36 - 00000000 ____D C:\ProgramData\USOShared
2016-10-09 19:35 - 2016-10-09 19:35 - 00000000 _SHDL C:\Users\Default\My Documents
2016-10-09 19:35 - 2016-10-09 19:35 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-10-09 19:35 - 2016-10-09 19:35 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-10-09 19:35 - 2016-10-09 19:35 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-10-09 19:35 - 2016-10-09 19:35 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-10-09 19:35 - 2016-10-09 19:35 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-10-09 19:35 - 2016-10-09 19:35 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-10-09 19:34 - 2016-10-09 19:35 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-10-09 19:34 - 2016-10-09 19:34 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-10-09 19:33 - 2016-10-10 01:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-09 19:33 - 2016-10-09 19:33 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-10-09 19:33 - 2016-10-09 19:33 - 00004014 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-10-09 19:33 - 2016-10-09 19:33 - 00003762 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-10-09 19:33 - 2016-10-09 19:33 - 00003750 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2016-10-09 19:33 - 2016-10-09 19:33 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2016-10-09 19:25 - 2016-10-09 19:25 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-10-09 19:25 - 2016-10-09 19:25 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2016-10-09 19:25 - 2016-10-09 19:25 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2016-10-09 19:24 - 2016-10-09 19:24 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2016-10-09 19:23 - 2016-10-10 00:55 - 00000000 ____D C:\Users\TennVols-72
2016-10-09 19:23 - 2016-10-09 19:23 - 00000000 _SHDL C:\Users\TennVols-72\My Documents
2016-10-09 19:23 - 2016-10-09 19:23 - 00000000 _SHDL C:\Users\TennVols-72\Documents\My Videos
2016-10-09 19:23 - 2016-10-09 19:23 - 00000000 _SHDL C:\Users\TennVols-72\Documents\My Pictures
2016-10-09 19:23 - 2016-10-09 19:23 - 00000000 _SHDL C:\Users\TennVols-72\Documents\My Music
2016-10-09 19:19 - 2016-07-16 07:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-10-09 19:15 - 2016-10-10 00:55 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-10-09 19:15 - 2016-10-09 20:56 - 00194192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-10-09 19:15 - 2016-10-09 19:16 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-10-09 17:39 - 2016-10-09 18:47 - 00000000 ___HD C:\$WINDOWS.~BT
2016-10-09 17:25 - 2016-10-09 17:39 - 00000000 ____D C:\ESD
2016-10-09 17:24 - 2016-10-09 17:24 - 00000000 ___HD C:\$Windows.~WS
2016-10-09 17:23 - 2016-10-09 20:25 - 00000000 ____D C:\RescueCD Logs
2016-10-09 17:23 - 2016-10-09 17:23 - 18309328 _____ (Microsoft Corporation) C:\Users\TennVols-72\Downloads\MediaCreationTool.exe
2016-10-09 17:23 - 2016-10-09 17:23 - 18309328 _____ (Microsoft Corporation) C:\Users\TennVols-72\Downloads\MediaCreationTool (1).exe
2016-10-09 17:22 - 2016-10-09 19:56 - 00000000 ____D C:\Users\TennVols-72\AppData\Roaming\Bitdefender
2016-10-09 17:22 - 2016-10-09 17:22 - 00054718 _____ C:\ProgramData\dm.1476048124.bdinstall.bin
2016-10-09 17:22 - 2016-10-09 17:22 - 00000000 ____D C:\ProgramData\Bitdefender Device Management
2016-10-09 17:13 - 2016-10-09 17:13 - 306012736 _____ C:\WINDOWS\MEMORY.DMP
2016-10-09 17:08 - 2016-10-09 17:22 - 00000000 ____D C:\Program Files\Bitdefender
2016-10-09 17:07 - 2016-10-09 19:53 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-10-09 17:07 - 2016-10-09 17:07 - 00000000 ____D C:\Users\TennVols-72\AppData\Roaming\QuickScan
2016-10-09 17:05 - 2016-10-09 20:59 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-10-09 17:05 - 2016-10-09 17:05 - 00046255 _____ C:\ProgramData\agent.1476047108.bdinstall.bin
2016-10-09 17:05 - 2016-10-09 17:05 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-10-09 17:04 - 2016-10-09 19:51 - 09052608 _____ C:\Users\TennVols-72\Downloads\bitdefender_windows_dbcf08f7-6934-4260-bd6b-6e53d651ecce.exe
2016-10-09 08:11 - 2016-10-09 08:11 - 00000000 ____D C:\Windows.old.001
2016-10-09 07:24 - 2016-10-09 07:24 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-10-09 04:42 - 2016-10-09 19:32 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-09 04:42 - 2016-10-09 18:47 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-09 04:42 - 2016-10-09 17:19 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-09 04:42 - 2016-10-09 04:42 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-09 04:41 - 2016-10-09 06:05 - 00000000 ____D C:\Users\TennVols-72\AppData\Local\Google
2016-10-09 04:41 - 2016-10-09 04:42 - 00000000 ____D C:\Program Files (x86)\Google
2016-10-09 04:41 - 2016-10-09 04:41 - 00057560 _____ C:\Users\TennVols-72\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-09 04:41 - 2016-10-09 04:41 - 00000000 ____D C:\Users\TennVols-72\AppData\Local\Apps\2.0
2016-10-09 04:38 - 2016-10-09 04:38 - 00000000 ____D C:\Users\TennVols-72\AppData\Local\VirtualStore
2016-10-09 04:38 - 2010-11-21 03:16 - 00000000 ____D C:\Users\TennVols-72\AppData\Roaming\Media Center Programs
2016-10-08 00:48 - 2016-10-08 00:48 - 00000000 ____D C:\Windows.old.000
2016-10-07 23:20 - 2016-10-07 23:20 - 00253404 ____H C:\bdr-ld02
2016-10-07 23:20 - 2016-10-07 23:20 - 00009216 ____H C:\bdr-ld02.mbr
2016-10-07 23:20 - 2016-10-07 23:20 - 00000684 ____H C:\bdr-cf02
2016-10-07 23:20 - 2016-04-18 12:37 - 49758821 ____H C:\bdr-im02.gz
2016-10-07 23:20 - 2013-08-13 13:38 - 03271472 ____H C:\bdr-bz02
2016-10-07 19:30 - 2016-10-09 21:01 - 00007472 _____ C:\bdlog.txt
2016-10-07 19:24 - 2016-10-07 19:24 - 00000684 ____H C:\bdr-cf01
2016-10-07 19:23 - 2016-10-07 19:24 - 00253404 ____H C:\bdr-ld01
2016-10-07 19:23 - 2016-10-07 19:24 - 00009216 ____H C:\bdr-ld01.mbr
2016-10-07 19:23 - 2016-04-18 12:37 - 49758821 ____H C:\bdr-im01.gz
2016-10-07 19:23 - 2013-08-13 13:38 - 03271472 ____H C:\bdr-bz01
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-10 01:17 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2016-10-10 01:14 - 2016-07-16 02:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2016-10-09 23:11 - 2016-07-16 07:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-10-09 21:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-10-09 21:00 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-10-09 20:42 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-10-09 20:05 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Help
2016-10-09 19:38 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache
2016-10-09 19:36 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-10-09 19:35 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-10-09 19:35 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-10-09 19:35 - 2016-07-16 02:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-10-09 19:34 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Registration
2016-10-09 19:34 - 2009-07-13 23:20 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-10-09 19:32 - 2016-07-16 07:47 - 00000000 __RSD C:\WINDOWS\Media
2016-10-09 19:32 - 2016-07-16 07:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-10-09 19:32 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-10-09 19:25 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-10-09 19:25 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-10-09 19:25 - 2009-07-13 23:20 - 00000000 ____D C:\Users\Default.migrated
2016-10-09 19:24 - 2016-07-16 07:47 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-10-09 19:24 - 2016-07-16 07:47 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-10-09 19:24 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\IME
2016-10-09 19:24 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\schemas
2016-10-09 19:24 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Microsoft Games
2016-10-09 19:24 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-10-09 19:22 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-10-09 19:18 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-10-09 19:18 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-10-09 19:18 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-10-09 18:52 - 2009-07-14 00:45 - 00020272 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-09 18:52 - 2009-07-14 00:45 - 00020272 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-09 07:25 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-10-06 13:20 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ELAMBKUP
 
==================== Files in the root of some directories =======
 
2016-10-09 17:05 - 2016-10-09 17:05 - 0046255 _____ () C:\ProgramData\agent.1476047108.bdinstall.bin
2016-10-09 19:51 - 2016-10-09 19:51 - 0027048 _____ () C:\ProgramData\agent.1476057087.bdinstall.bin
2016-10-09 20:00 - 2016-10-09 20:00 - 0383721 _____ () C:\ProgramData\cl.1476057214.bdinstall.bin
2016-10-09 17:22 - 2016-10-09 17:22 - 0054718 _____ () C:\ProgramData\dm.1476048124.bdinstall.bin
2016-10-09 19:50 - 2016-10-09 19:50 - 0039052 _____ () C:\ProgramData\dm.1476056952.bdinstall.bin
2016-10-09 20:15 - 2016-10-09 20:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-10-09 19:15
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-10-2016
Ran by TennVols-72 (10-10-2016 01:20:57)
Running from C:\Users\TennVols-72\Downloads
Windows 10 Home Version 1607 (X64) (2016-10-09 23:47:51)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-328236176-1146243434-4001858858-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-328236176-1146243434-4001858858-503 - Limited - Disabled)
Guest (S-1-5-21-328236176-1146243434-4001858858-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-328236176-1146243434-4001858858-1002 - Limited - Enabled)
TennVols-72 (S-1-5-21-328236176-1146243434-4001858858-1001 - Administrator - Enabled) => C:\Users\TennVols-72
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.18.898 - Bitdefender)
Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 21.0.18.925 - Bitdefender)
Bitdefender Total Security 2017 (HKLM\...\Bitdefender) (Version: 21.0.18.898 - Bitdefender)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
NVIDIA 3D Vision Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-328236176-1146243434-4001858858-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\TennVols-72\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03CD4BEC-A0BD-4001-8FE7-2080EABB1048} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1E1C25FA-AB77-44A2-9431-DEAF19787259} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {29A2BFA4-59E7-45B3-B92F-9450E0684459} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {30074716-DD08-4CB3-AA6C-989B3695E239} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {3373AFE0-2E99-43E2-B109-F53AF9B22944} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {3BA8286C-635C-4197-AC8F-5984DD15A8C8} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {49C26B71-1EEB-452D-80DA-1D9BDB5DDB92} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-09] (Google Inc.)
Task: {51B349C2-98CB-4303-B96C-2BB01606BC55} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-11-10] (Realtek Semiconductor)
Task: {5A2B8008-FF26-4020-A99F-5D23BB858108} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-09-13] (Bitdefender)
Task: {61D3F0CA-0FC6-4570-B322-545C4ED36CE4} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-11-10] (Realtek Semiconductor)
Task: {631419A7-B084-42CC-9799-632B21135833} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {64B9C87F-C439-42E1-9C0E-66DDDC50C524} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {724FDFC1-0993-4144-B3D9-FAEAD543846A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {7EC9D92A-B772-4257-8A90-FC6FE8A7B532} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {9241E3B8-A31A-4590-87C5-A919A26EDC17} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {96E27A60-D370-40B8-BC07-F2BC177ED36B} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {996405D8-D62E-49A0-BC28-2AA0146C38C8} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {AA617B64-2945-4818-90FD-AA6585F29E48} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B4BA4941-C3E1-48CE-B1BB-E152DD26C3E9} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {B9E51DD5-BFCD-4F1E-AA6B-58FC54E06F4C} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C5B95591-01AC-4029-A705-50AE43E08F57} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {CB9B23CE-A262-4E1D-B53D-2C9619B0BC0F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {D004D926-EC7C-48D1-96B9-4D9926E7555B} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe [2016-09-01] (Bitdefender)
Task: {D7F3FC55-FC92-4AED-9A46-414548A75D20} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {D920A4D4-180E-4B78-86EC-ED1908C1777F} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {DEEBFADF-5960-415C-A635-08A9EC429198} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-09] (Google Inc.)
Task: {FC223F3D-AA2E-4A21-AEBC-B5CA0A31EE8F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 07:42 - 2016-07-16 07:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-09 20:05 - 2015-10-13 13:26 - 00125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-09 19:58 - 2013-09-03 14:29 - 00111832 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\bdmetrics.dll
2016-10-09 19:58 - 2016-08-24 19:02 - 00134152 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\ECEvents.dll
2016-10-09 19:58 - 2016-09-21 19:47 - 00113944 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\ThreatReporter.dll
2016-07-16 07:42 - 2016-07-16 07:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-09 19:57 - 2016-10-09 19:57 - 00959168 _____ () C:\Users\TennVols-72\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-07-16 07:42 - 2016-07-16 07:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2016-07-16 07:42 - 2016-07-16 07:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-07-16 07:43 - 2016-07-16 07:43 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-07-16 07:43 - 2016-07-16 10:27 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-16 07:43 - 2016-07-16 10:27 - 01400320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-16 07:43 - 2016-07-16 10:27 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-07-16 07:43 - 2016-07-16 10:27 - 01033728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-07-16 07:43 - 2016-07-16 10:27 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-16 07:43 - 2016-07-16 10:27 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-07-16 07:43 - 2016-07-16 10:27 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2016-10-09 19:57 - 2016-10-09 19:57 - 00679624 _____ () C:\Users\TennVols-72\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2016-10-10 01:17 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-328236176-1146243434-4001858858-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{08B5F4DA-6403-4DB7-B320-E1DAEE9FC658}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/10/2016 01:14:15 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TennVols-72-PC)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/10/2016 01:04:39 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TennVols-72-PC)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/10/2016 01:01:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TennVols-72-PC)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/10/2016 01:01:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TennVols-72-PC)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/10/2016 01:01:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TennVols-72-PC)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/10/2016 12:56:36 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TennVols-72-PC)
Description: Activation of app Microsoft.Getstarted_3.11.3.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/09/2016 09:05:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TennVols-72-PC)
Description: Activation of app Microsoft.Getstarted_3.11.3.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/09/2016 08:42:43 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (10/09/2016 08:21:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TennVols-72-PC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/09/2016 07:38:00 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
 
System errors:
=============
Error: (10/10/2016 01:17:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/10/2016 01:14:29 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (10/10/2016 01:14:29 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (10/10/2016 01:14:28 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (10/10/2016 01:14:28 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (10/10/2016 01:14:27 AM) (Source: DCOM) (EventID: 10005) (User: TennVols-72-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (10/10/2016 01:14:21 AM) (Source: DCOM) (EventID: 10005) (User: TennVols-72-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (10/10/2016 01:14:18 AM) (Source: DCOM) (EventID: 10005) (User: TennVols-72-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (10/10/2016 01:14:12 AM) (Source: DCOM) (EventID: 10005) (User: TennVols-72-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (10/10/2016 01:14:12 AM) (Source: DCOM) (EventID: 10005) (User: TennVols-72-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
 
CodeIntegrity:
===================================
  Date: 2016-10-10 01:15:48.484
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-09 20:56:43.959
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-09 20:36:32.074
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-09 19:59:09.234
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 41%
Total physical RAM: 4095.11 MB
Available physical RAM: 2414.57 MB
Total Virtual: 8191.11 MB
Available Virtual: 6488.3 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:297.45 GB) (Free:245.89 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D50FCF61)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================


#4 BOV72

BOV72
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, United States
  • Local time:06:43 PM

Posted 10 October 2016 - 01:09 AM

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-10-10 01:58:40
-----------------------------
01:58:40.855    OS Version: Windows x64 6.2.9200 
01:58:40.855    Number of processors: 2 586 0x1706
01:58:40.855    ComputerName: TENNVOLS-72-PC  UserName: TennVols-72
01:58:42.480    Initialize success
02:00:00.324    AVAST engine defs: 16100900
02:00:03.683    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002c
02:00:03.683    Disk 0 Vendor: ST9320320AS 0303 Size: 305245MB BusType: 11
02:00:03.887    Disk 0 MBR read successfully
02:00:03.902    Disk 0 MBR scan
02:00:03.902    Disk 0 Windows 7 default MBR code
02:00:03.918    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 206848
02:00:03.933    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       304592 MB offset 411648
02:00:03.980    Disk 0 Partition 3 00     27 Hidden NTFS WinRE NTFS          450 MB offset 624216064
02:00:04.058    Disk 0 scanning C:\WINDOWS\system32\drivers
02:00:17.090    Service scanning
02:00:54.168    Modules scanning
02:00:54.168    Disk 0 trace - called modules:
02:00:54.183    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll storahci.sys 
02:00:54.183    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffac8221748060]
02:00:54.199    3 CLASSPNP.SYS[fffff808cbcf5eeb] -> nt!IofCallDriver -> [0xffffac8221549930]
02:00:54.199    5 ACPI.sys[fffff808cb984571] -> nt!IofCallDriver -> \Device\0000002c[0xffffac822154e400]
02:00:54.824    AVAST engine scan C:\WINDOWS
02:00:56.996    AVAST engine scan C:\WINDOWS\system32
02:04:24.090    AVAST engine scan C:\WINDOWS\system32\drivers
02:04:38.824    AVAST engine scan C:\Users\TennVols-72
02:05:44.168    File: C:\Users\TennVols-72\Downloads\aswMBR.exe **HIDDEN**
02:05:44.730    File: C:\Users\TennVols-72\Downloads\FRST64\FRST64.exe **HIDDEN**
02:05:45.293    File: C:\Users\TennVols-72\Downloads\rkill.exe **HIDDEN**
02:05:49.074    File: C:\Users\TennVols-72\Downloads\TFC.exe **HIDDEN**
02:05:56.418    AVAST engine scan C:\ProgramData
02:06:32.762    Disk 0 statistics 3084357/0/0 @ 7.44 MB/s
02:06:32.777    Scan finished successfully
02:07:22.168    Disk 0 MBR has been saved successfully to "C:\Users\TennVols-72\Desktop\Bleeping Computer\MBR.dat"
02:07:22.168    The log file has been saved successfully to "C:\Users\TennVols-72\Desktop\Bleeping Computer\aswMBR.txt"


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:43 PM

Posted 12 October 2016 - 09:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR Extension: (Chrome Web Store Payments) - C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-09]
CHR Extension: (Chrome Media Router) - C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-09]
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
aswMBRScan.gif
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
  • There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
    ===

    Wait for further instructions.


#6 BOV72

BOV72
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, United States
  • Local time:06:43 PM

Posted 13 October 2016 - 04:09 AM

Hello NASDAQ, thank you for your response. My actual name is Heath, if you would like to use that instead of the acronym. I have printed your response and also have this up on my iPad as well. On that note, i shall begin.

#7 BOV72

BOV72
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, United States
  • Local time:06:43 PM

Posted 13 October 2016 - 04:41 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-10-2016
Ran by TennVols-72 (13-10-2016 05:33:57) Run:1
Running from C:\Users\TennVols-72\Desktop\Bleeping Computer\FRST64
Loaded Profiles: TennVols-72 (Available Profiles: TennVols-72)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
CHR Extension: (Chrome Web Store Payments) - C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-09]
CHR Extension: (Chrome Media Router) - C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-09]
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
idsvc => service removed successfully
wpcsvc => service removed successfully
"C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7097059 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 50728 B
Edge => 0 B
Chrome => 50251894 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 8998 B
NetworkService => 6462 B
TennVols-72 => 187819300 B
 
RecycleBin => 0 B
EmptyTemp: => 233.9 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 05:34:47 ====


#8 BOV72

BOV72
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, United States
  • Local time:06:43 PM

Posted 13 October 2016 - 05:32 AM

RogueKiller V12.7.1.0 (x64) [Oct 10 2016] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : TennVols-72 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 10/13/2016 05:45:23 (Duration : 00:24:29)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9320320AS +++++
--- User ---
[MBR] 070c38f53815e0abb90cafd69e0c4ad8
[BSP] b201e4b814a6957c0715086e214ec00f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 304592 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 624216064 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK


#9 BOV72

BOV72
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, United States
  • Local time:06:43 PM

Posted 13 October 2016 - 05:37 AM

06:33:45.0913 0x1a2c  TDSS rootkit removing tool 3.1.0.11 Aug  5 2016 12:13:31
06:33:49.0756 0x1a2c  ============================================================
06:33:49.0756 0x1a2c  Current date / time: 2016/10/13 06:33:49.0756
06:33:49.0756 0x1a2c  SystemInfo:
06:33:49.0756 0x1a2c  
06:33:49.0756 0x1a2c  OS Version: 10.0.14393 ServicePack: 0.0
06:33:49.0756 0x1a2c  Product type: Workstation
06:33:49.0756 0x1a2c  ComputerName: TENNVOLS-72-PC
06:33:49.0756 0x1a2c  UserName: TennVols-72
06:33:49.0756 0x1a2c  Windows directory: C:\WINDOWS
06:33:49.0756 0x1a2c  System windows directory: C:\WINDOWS
06:33:49.0756 0x1a2c  Running under WOW64
06:33:49.0756 0x1a2c  Processor architecture: Intel x64
06:33:49.0756 0x1a2c  Number of processors: 2
06:33:49.0756 0x1a2c  Page size: 0x1000
06:33:49.0756 0x1a2c  Boot type: Normal boot
06:33:49.0756 0x1a2c  CodeIntegrityOptions = 0x00000001
06:33:49.0756 0x1a2c  ============================================================
06:33:50.0475 0x1a2c  KLMD registered as C:\WINDOWS\system32\drivers\04200573.sys
06:33:50.0475 0x1a2c  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.0, osProperties = 0x19
06:33:50.0788 0x1a2c  System UUID: {0B084582-A8B5-D078-F1E4-CC1E9F38AB5F}
06:33:51.0428 0x1a2c  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
06:33:51.0428 0x1a2c  ============================================================
06:33:51.0428 0x1a2c  \Device\Harddisk0\DR0:
06:33:51.0428 0x1a2c  MBR partitions:
06:33:51.0428 0x1a2c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x32000
06:33:51.0428 0x1a2c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x252E8000
06:33:51.0428 0x1a2c  ============================================================
06:33:51.0475 0x1a2c  C: <-> \Device\Harddisk0\DR0\Partition2
06:33:51.0475 0x1a2c  ============================================================
06:33:51.0475 0x1a2c  Initialize success
06:33:51.0475 0x1a2c  ============================================================
06:33:53.0100 0x1a58  ============================================================
06:33:53.0100 0x1a58  Scan started
06:33:53.0100 0x1a58  Mode: Manual; 
06:33:53.0100 0x1a58  ============================================================
06:33:53.0100 0x1a58  KSN ping started
06:33:53.0288 0x1a58  KSN ping finished: true
06:34:07.0165 0x1a58  ================ Scan system memory ========================
06:34:07.0165 0x1a58  System memory - ok
06:34:07.0165 0x1a58  ================ Scan services =============================
06:34:07.0650 0x1a58  [ A7901875F89D011C38CF52C98ACF5B29, 782141AB1DD7ACDE6EA08B5BAFDE8BADD05B81D38C18E097D6D9C46102056EB1 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
06:34:07.0697 0x1a58  1394ohci - ok
06:34:07.0775 0x1a58  [ EE1CCC54F75C24727A218F98FC5349DA, 0B0D26640BFA0F551B7087027E572D0BF2C5EAF50A4187C5A7D839180B7FF589 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
06:34:07.0775 0x1a58  3ware - ok
06:34:07.0806 0x1a58  [ 73C73E1AA0D4D727A04AAAB120B7F56A, 5D311F11022994410DF5C67914D38B1F0D813EFD181EA234750286A272D67A1A ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
06:34:07.0822 0x1a58  ACPI - ok
06:34:07.0868 0x1a58  [ 0935496EF9624B46B935CB35ECE1F205, A22A2A29195505A65E8626D60B00C86C23E0CABC1EB8345EA5ED523516CC21C0 ] AcpiDev         C:\WINDOWS\System32\drivers\AcpiDev.sys
06:34:07.0884 0x1a58  AcpiDev - ok
06:34:07.0884 0x1a58  [ D6794C31F4077B71433988787BAA926E, F16365C2F195AAE94D4740E6C3DF4C0CECEC6393CAD65425DCCD28CDBA6EC51A ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
06:34:07.0900 0x1a58  acpiex - ok
06:34:07.0900 0x1a58  [ FE5F656D6B35089DA39112E74EC6A85A, 5D81EE63998232A5B36DE47FE15B9D04D5BD02234CA133A2462AECA8C60A22ED ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
06:34:07.0900 0x1a58  acpipagr - ok
06:34:07.0947 0x1a58  [ 2F242941E4DFF69B883D77A16F039557, 45C388365317C720654A659A9326B2BC0E9D84929C704654985597D5D620101C ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
06:34:08.0009 0x1a58  AcpiPmi - ok
06:34:08.0025 0x1a58  [ C247E35A21682DA8D0DC3AF9F025FCC5, 455415EE3166B3043AD8A4DD50B688DB74242267FB555642441251EFA823E971 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
06:34:08.0025 0x1a58  acpitime - ok
06:34:08.0103 0x1a58  [ 49B9DB97AFC85DCCBDACDAB2E90085B7, 2A6C2A09F74EA15044F442CCFB54A0F24F105ADB915E5C78F02F59652DC29152 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
06:34:08.0150 0x1a58  ADP80XX - ok
06:34:08.0212 0x1a58  [ 983266DA83FFF73DBDDD3730A4712228, 433A2731DAC687C52FB7E23093B8E11D92CCCF4C35B493D73AC30C6A4A6D2A6C ] AFD             C:\WINDOWS\system32\drivers\afd.sys
06:34:08.0243 0x1a58  AFD - ok
06:34:08.0275 0x1a58  [ E44DB3F7225EC3E119560738B3619972, 32946FBC2BD74072F22E48D769A034183F6C3728FCCC3CF0DD561602511E39B2 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
06:34:08.0369 0x1a58  ahcache - ok
06:34:08.0431 0x1a58  [ D0905D4A945D01D4B28DB9E1BD5985F7, CF389CBCD3B99D1BAE34A42F723F1005C32213A394F691978076D3DF1727715C ] AJRouter        C:\WINDOWS\System32\AJRouter.dll
06:34:08.0540 0x1a58  AJRouter - ok
06:34:08.0572 0x1a58  [ 8FD51B3B35707A66080D7C8CB05E792D, FE52F3DC280D208FDDC75F6E3294B8D601E0D86F9BD3DB1ACC8FC296AC74C23B ] ALG             C:\WINDOWS\System32\alg.exe
06:34:08.0587 0x1a58  ALG - ok
06:34:08.0665 0x1a58  [ DF21E05E41E5AC3F13F304D91457649A, 7F48F2AD1DBE89A261113C76D7C23AD7D87D5599BCC31F8A558A8A10B81BF521 ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
06:34:08.0744 0x1a58  AmdK8 - ok
06:34:08.0790 0x1a58  [ 45D0AA4BB90B821DF92E8F19ABED0C5E, EA87A6E98DB3C5A88A844C04C6934E870B7004E783AA5211722115382A211B90 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
06:34:08.0790 0x1a58  AmdPPM - ok
06:34:08.0822 0x1a58  [ 74FFBC43B4B899C9A8CA06A892F2CE73, 8D599363C7F3D373F1859BAA4D06DD0F40BE78B56BE52B74DE6EA6EF99452004 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
06:34:08.0837 0x1a58  amdsata - ok
06:34:08.0884 0x1a58  [ AAB0F1D8D7E54761ABAB13AF161F1680, CF847990EFFA2828F5B1DB1A68F08A6C2C918E9612EDFFCF95C36BCABBBEA272 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
06:34:08.0900 0x1a58  amdsbs - ok
06:34:08.0915 0x1a58  [ F91BAAC4237C40352A807000F3B716F9, F7EFA08E5067C3D419C9D21EDB880BA08883A80DDF35F8B42EC3AB293FE5E03E ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
06:34:08.0915 0x1a58  amdxata - ok
06:34:08.0978 0x1a58  [ BC121C099C6C659126AD2102AFDFF8CF, 42B5EE293BDD7ADCE48173A01B30D8452564B9DA225EAF25E9292FE77C0FCF3E ] AppID           C:\WINDOWS\system32\drivers\appid.sys
06:34:08.0978 0x1a58  AppID - ok
06:34:09.0119 0x1a58  [ 74A24CF946279111D7F203B36569EC02, FD67D36804744B4FE3E20BA891852575E6C2DA6515643B2F4B4210118B0FCCDA ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
06:34:09.0119 0x1a58  AppIDSvc - ok
06:34:09.0165 0x1a58  [ 008E4CCA7A4B33042276061E0A5B8244, DAD980540B564EFA06760435AF1B3213056E6DE8B2A55DF98E7D871625D4B080 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
06:34:09.0181 0x1a58  Appinfo - ok
06:34:09.0197 0x1a58  [ 68190E2BADF23BD782344970E5B5DE9E, 95D30EC12C7FDF5822CED8BC2F17669A6687A2FB262B4F0D15C8DCFF4E9AB33D ] applockerfltr   C:\WINDOWS\system32\drivers\applockerfltr.sys
06:34:09.0197 0x1a58  applockerfltr - ok
06:34:09.0275 0x1a58  [ 41BF82B41BD24BAC9D9890DAC3212007, 0644BEE740244188B3D39F875D313B560D288B7FC33064E352C2A5F09073E361 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
06:34:09.0306 0x1a58  AppReadiness - ok
06:34:09.0603 0x1a58  [ 757646A22C2E9BC21E6A50842FE79139, 6AEBD3486F79C55154D677204D0CCB8179DAFC90941A743D277B44C1EED9DB12 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
06:34:09.0697 0x1a58  AppXSvc - ok
06:34:09.0728 0x1a58  [ E6AB1F0B4C3D4E0D2A88332D76FECD03, 0D3003EB979DA4546DCDD055011E24F13E34F683F02C9801CAC564D1809F11D2 ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
06:34:09.0728 0x1a58  arcsas - ok
06:34:09.0744 0x1a58  [ 61C5A480C43E7E8E49C42869F49D0D3E, E610F0E4315ABA1D90AD4A1D7A68ABA2ACBB7FCA89E9D1798470365D52592D55 ] AsyncMac        C:\WINDOWS\System32\drivers\asyncmac.sys
06:34:09.0744 0x1a58  AsyncMac - ok
06:34:09.0759 0x1a58  [ A10F989A812B57B9695F6C305907C9C6, E2B292610079AA1A10696138DE8130905A8A834B75A8DED7EBF8B6732B77A0F4 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
06:34:09.0775 0x1a58  atapi - ok
06:34:09.0978 0x1a58  [ 5D637DF654D6386487876ADF5AF301B3, 7B53356237369D892F5BBEA9C967B20DCA40FA2B6B3C5AF7A4304FFD00DF1BFC ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
06:34:10.0009 0x1a58  AudioEndpointBuilder - ok
06:34:10.0275 0x1a58  [ 57CEE51D9D84870F93D404302705A054, 14364B9798E9FE3F8A42109D749804795FA507C1A7D535DC17876ECCD47644E9 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
06:34:10.0447 0x1a58  Audiosrv - ok
06:34:11.0103 0x1a58  [ ED9D271CDC32C4EDCD86835372BAB74E, 639D2BCE1FD143DAE61DD5F0FE4E5C38942FCE9AEB5C7201EA431FA511CEC676 ] avc3            C:\WINDOWS\system32\DRIVERS\avc3.sys
06:34:11.0384 0x1a58  avc3 - ok
06:34:11.0587 0x1a58  [ 6917D3C8923ABF7EBC68029A1E15C1AE, 6EBFE25343026E2AE62F195CC2164566F0C8FF7ACAA8FA5B2713766C4C7877BF ] avckf           C:\WINDOWS\system32\DRIVERS\avckf.sys
06:34:11.0619 0x1a58  avckf - ok
06:34:11.0822 0x1a58  [ 6D90FDA2DC364B8EA1420F2F81585CC3, 10E6F23A213CFE49BE04BB7D366ADD4028D61D7114FEC67C30B5467DF6B36D4F ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
06:34:11.0837 0x1a58  AxInstSV - ok
06:34:12.0134 0x1a58  [ 61BAC67048CA5C1D08C48FCC8012B613, 71B2A466FC38DA1029B471FBD2541D8FE359751A7B212AE0F420DB3645916450 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
06:34:12.0197 0x1a58  b06bdrv - ok
06:34:12.0447 0x1a58  [ 68F72B05EBC6D1779C0D60A147C7CA0B, AA1C857BEE34865C6B901157FC22570D4CF45D950708BAD7AA333F120F2B474C ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
06:34:12.0447 0x1a58  BasicDisplay - ok
06:34:12.0525 0x1a58  [ 23156E7EDAF613D839E2839746B168D3, CAEF8F9C7D3A338BD747AC9D5BFBE730D77B911E87BCF532EBB75E1F80916AFA ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
06:34:12.0540 0x1a58  BasicRender - ok
06:34:12.0619 0x1a58  [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn           C:\WINDOWS\System32\drivers\bcmfn.sys
06:34:12.0634 0x1a58  bcmfn - ok
06:34:12.0712 0x1a58  [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
06:34:12.0712 0x1a58  bcmfn2 - ok
06:34:13.0134 0x1a58  [ 4B190ACAE90EC79AD4D43EFCD3743DA0, 9D5187D4E1DF1672DEA2EF5C910FCA08BD8ED0573A55DF774E5300312ED87E05 ] bdelam          C:\WINDOWS\system32\drivers\bdelam.sys
06:34:13.0150 0x1a58  bdelam - ok
06:34:13.0384 0x1a58  [ D4EFDA0D56429018281F8F3188E6F86C, 020B861338BAF8E2A861CA1D2D22640CCD39BA84F18260F9862F7E3AC5014985 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
06:34:13.0400 0x1a58  BDESVC - ok
06:34:13.0728 0x1a58  [ 14F686FA27C2914128031504B70D2B5E, BED77F4A6DC8B30ADB698FBCC00153D924310188EFBE22ADD2BAA3321C746556 ] bdfwfpf         C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
06:34:13.0884 0x1a58  bdfwfpf - ok
06:34:13.0978 0x1a58  [ D8FAF7CFBC81E5E15CA7A7EC8EE1B409, 75E60DF2147DFB109E628FDF80EB1BFA5360E5935BB9237B67053588F906E1B1 ] BDVEDISK        C:\WINDOWS\system32\DRIVERS\bdvedisk.sys
06:34:14.0072 0x1a58  BDVEDISK - ok
06:34:14.0181 0x1a58  [ 0A508274355745EEF01C6BE3198D02C4, E2DB08AEE2368FA95FDB357BB31EA4EBF31679C3E72E109DB3D7CD1B5F7B828E ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
06:34:14.0197 0x1a58  Beep - ok
06:34:14.0415 0x1a58  [ 5125CBB61AC81168366BEB290399CB8E, B2A3095D45E2114DE2BD0E5A3AE20B3CE95EE517A35B9E1EAD05E231F38DBDCF ] BFE             C:\WINDOWS\System32\bfe.dll
06:34:14.0509 0x1a58  BFE - ok
06:34:14.0712 0x1a58  [ D99CD8421A546B5AC727CD947C61DC83, E5DD081CB7D8FB6891277D4DEB34B003C04EEF236462E2FCAE35D131F580C10D ] BITS            C:\WINDOWS\System32\qmgr.dll
06:34:15.0009 0x1a58  BITS - ok
06:34:15.0056 0x1a58  [ EEBFAEB4702E1049ECD44B10485E6C0C, 8F4D31E36717101B6172D7346E86EBC77B9CDAA5CC14AA1379661C16A7FF05E2 ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
06:34:15.0056 0x1a58  bowser - ok
06:34:15.0181 0x1a58  [ B21BEC2F807D75A360EFBF2FCE6C3619, B096E29521E547223558609AEC293B457601686E8B96F4915687D19C39552D9B ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
06:34:15.0244 0x1a58  BrokerInfrastructure - ok
06:34:15.0384 0x1a58  [ B3F32C630DD3F2F6A6091B89CFF13641, 7A9C53EF9AB9FF1DC392FD711B194A101DB36CA5BC799E817BEB446741089B76 ] Browser         C:\WINDOWS\System32\browser.dll
06:34:15.0400 0x1a58  Browser - ok
06:34:15.0525 0x1a58  [ 722036C26D2C4E50EC2A2EC5FD678846, 999468038AE01F0FF6881F4B2A2CB67BC636641188E95F10729E08ADBC3CB3DE ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
06:34:15.0540 0x1a58  BthAvrcpTg - ok
06:34:15.0822 0x1a58  [ C2E31BE025D46D189E38DD1EDF07837A, 656528DCAAAF485EC57EE5C3021E96736634DE3B9C39CBCD2728E055ABD4C0A5 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
06:34:15.0837 0x1a58  BthHFEnum - ok
06:34:15.0978 0x1a58  [ F7CD605FC0B0B22F3F6F247595E3A655, 1CD9140DE5415DDBEACD8667E63E5C95FD64D693B56302A0474E693E578BEAB0 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
06:34:15.0978 0x1a58  bthhfhid - ok
06:34:16.0275 0x1a58  [ B157D72BDA6A6DD6E9DC6BF338CD0CF8, B2AC26AE214151E5AD93DED78256BC0295DBF0133C854E7DEE4CD776D9C9A349 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
06:34:16.0337 0x1a58  BthHFSrv - ok
06:34:16.0603 0x1a58  [ 535DC41A33630AE4C262406F9E981C03, 599332589AA28D04189E19B87A4AE6FEEB60B40A7BC6E3B11240DA363A981C29 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
06:34:16.0619 0x1a58  BTHMODEM - ok
06:34:16.0915 0x1a58  [ 96932F631F5CB9F5D1C8F99A71568EF3, 5E4C8955A2EE9DC76B4EBC383653EB753D76D6B017E1A5DD553AC16094D7F12A ] bthserv         C:\WINDOWS\system32\bthserv.dll
06:34:16.0947 0x1a58  bthserv - ok
06:34:17.0165 0x1a58  [ 23F9EF739F685E07482116425E7879AA, 0EBDF96A49A319C0BCF6F51FB6C8C392C017E1738B950C19C91FF43E14D73143 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
06:34:17.0165 0x1a58  buttonconverter - ok
06:34:17.0306 0x1a58  [ 4C61113687EB66035A70A55EE9B7DB4A, 3339821A3853B90F3B468470493A813053D82014E2677E726C16E19AABE2A440 ] CapImg          C:\WINDOWS\System32\drivers\capimg.sys
06:34:17.0322 0x1a58  CapImg - ok
06:34:17.0494 0x1a58  [ F8FB51B9EF6372610E9B31A1D86B62FC, 7461584A8B39AC549AD7BAFFA509D4CD81EEE542808BC8EFC285863A0AE6432D ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
06:34:17.0509 0x1a58  cdfs - ok
06:34:17.0775 0x1a58  [ 7AD576CF28F1E7AEFC3D6E8279DF84F6, 1F7E26F9354B543881E940F5183086AC00684CDC0AB7A797E1F0AB21C4AD8716 ] CDPSvc          C:\WINDOWS\System32\CDPSvc.dll
06:34:17.0806 0x1a58  CDPSvc - ok
06:34:17.0994 0x1a58  [ 0415CA08674F64D63329CB51D4004685, 12F3AB9A263F2E131F4969E6CED2AE6DD7AF06C10AF02923256FF4C9E34698BF ] CDPUserSvc      C:\WINDOWS\System32\CDPUserSvc.dll
06:34:18.0009 0x1a58  CDPUserSvc - ok
06:34:18.0509 0x1a58  [ 613D0137C269187FA298A157E3D14A18, 84BC268525F14BB27202CE242BF94D9E83BC91B50A0335908574F31B29A2F04D ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
06:34:18.0650 0x1a58  cdrom - ok
06:34:18.0790 0x1a58  [ 9450FA11E9DE6715FCB71A519A8FF90B, B7E341C6E4CE967FCDD0D17A497C07E8A1C6B0AACE8A6E8E5D6C21EF73F13E16 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
06:34:18.0806 0x1a58  CertPropSvc - ok
06:34:18.0962 0x1a58  [ 0AED948DA8D5F08B3D6F12E4E2089736, 95E538E81DDBC83492C5F3820C82C78F050B4D74ACF12D7970EC84F93581AE29 ] cht4iscsi       C:\WINDOWS\system32\drivers\cht4sx64.sys
06:34:18.0978 0x1a58  cht4iscsi - ok
06:34:19.0353 0x1a58  [ 0002A0FDE087C1657AB31CE73077539C, 4DD6210B67E9633AB3240371590869DC833A4C986C74FC12A5D4FFFFD361848A ] cht4vbd         C:\WINDOWS\System32\drivers\cht4vx64.sys
06:34:19.0478 0x1a58  cht4vbd - ok
06:34:19.0540 0x1a58  [ 6B4F90A287D75CCD78694F6790C911B2, 73D7C31E9F475FA3FD568FCA9A953F968729AA114F63C06F38BF5198DAD67BD8 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
06:34:19.0540 0x1a58  circlass - ok
06:34:19.0650 0x1a58  [ 09D0B94D3A06EFD1EB70189EC4B26DF7, 47E73C536C63F4C21E4ADBB122A152D3A291CF4EDD4CB4D07D09D14E1A9961F1 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
06:34:19.0681 0x1a58  CLFS - ok
06:34:19.0759 0x1a58  [ E133CFCBFABB3CB517BE9F42FEA5887C, DA699CDD5F3CC427354540C907BD24CCA7BAC3112C53918EB611CB4EEC7611DA ] ClipSVC         C:\WINDOWS\System32\ClipSVC.dll
06:34:19.0822 0x1a58  ClipSVC - ok
06:34:19.0947 0x1a58  [ EEC3A4A98AE1A337E3CD1483AD6F2E15, 764DA329984A95E092F5C15116DA34FA7FC27216C0862365D4BF10ADC97EC5C5 ] clreg           C:\WINDOWS\System32\drivers\registry.sys
06:34:19.0962 0x1a58  clreg - ok
06:34:20.0040 0x1a58  [ 429623E266EF067A44E8CF148E9DFB9B, A48AA85ACC52C7AD73DB2D6148B3F9FB5EAC33C8F8C5BB6D7D0A9D84B7C08E11 ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
06:34:20.0056 0x1a58  CmBatt - ok
06:34:20.0165 0x1a58  [ D0438FBD80ECEF7591575AA9E7186E93, E9E339DB5DCB2D6830FA835497F4837D0BB9693E968E9B1DA7E9D21E67DBB282 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
06:34:20.0228 0x1a58  CNG - ok
06:34:20.0259 0x1a58  [ 3DB10C59405931E2C72EFB82C1AF97D1, 100B5450A70988DB1C1F8A5FDBB3553AF1A0D47B42A5AC71460DB92E26010CE6 ] cnghwassist     C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
06:34:20.0259 0x1a58  cnghwassist - ok
06:34:20.0947 0x1a58  [ 34C935AF2A414572B412B3556586D783, 912981B88B0796576ECCD5EBE0C4728EC02D5D6A96B039447DCBA59B2583F25E ] CompositeBus    C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
06:34:20.0962 0x1a58  CompositeBus - ok
06:34:20.0978 0x1a58  COMSysApp - ok
06:34:21.0040 0x1a58  [ 44EEEB2382F566999287E13F2067693C, 53A4A0C85EAD38030FF2078C67465E3710ECD03A08FF34E1E67B2E3E1CC70043 ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
06:34:21.0040 0x1a58  condrv - ok
06:34:21.0337 0x1a58  [ 9CE94A05A5BA6A92013CAD1B924B1EC2, 19ECE2C607BAE5DCE7ED4AB46722E63EF834B219716F3A90AF661C02B58088C4 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
06:34:21.0525 0x1a58  CoreMessagingRegistrar - ok
06:34:21.0697 0x1a58  [ 5F06CAC4B09250CDDDD0180A08162924, A2EB0A57225E65FC264CFC9FAD858D8B54A015CDAE3DC904B1C4E9AAB40B1F06 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
06:34:21.0712 0x1a58  CryptSvc - ok
06:34:21.0806 0x1a58  [ 42F254BA851371E2F5351E59E391751B, C1668FD70A538F14DF0504F93B235B57CAB3A98F7F3B26A631F3576E7BDA67EA ] dam             C:\WINDOWS\system32\drivers\dam.sys
06:34:21.0822 0x1a58  dam - ok
06:34:22.0212 0x1a58  [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
06:34:22.0337 0x1a58  DcomLaunch - ok
06:34:22.0681 0x1a58  [ AE9F09F87755C18904656CB4F59F351D, B352A43B3B68B497D87B49C302AF3F37F36D56D49878AE3785C3D43597E5DC57 ] DcpSvc          C:\WINDOWS\system32\dcpsvc.dll
06:34:22.0759 0x1a58  DcpSvc - ok
06:34:22.0853 0x1a58  [ ABBD3EE724117242E28D31F19FBCFF03, 68EA91A969DD80A5DE28B0A8EAEB308837183713559C2C2FAEF991858C971393 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
06:34:22.0900 0x1a58  defragsvc - ok
06:34:23.0072 0x1a58  [ 78658EBDAD59E17ACC3569C8451F07B3, 629A014AF4E306C167B4D5C8DAFEE145472691CDCBBBB616D1435B67AA6FF20B ] DeviceAssociationService C:\WINDOWS\system32\das.dll
06:34:23.0150 0x1a58  DeviceAssociationService - ok
06:34:23.0228 0x1a58  [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
06:34:23.0259 0x1a58  DeviceInstall - ok
06:34:23.0478 0x1a58  [ 34CA1928EDF11796AA6CD8A2BBAF2A07, B394A6163E6CA56EB21D7F469EA5861FD035745169345F28720DD3AD8ECFA405 ] DevMgmtService  C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
06:34:23.0494 0x1a58  DevMgmtService - ok
06:34:23.0572 0x1a58  [ CDF1B1B5C5951111791C236B2696C7F8, BF6C4BA545C8827B40DB69890DB4D2B2F9C583C5E3CFBDFD370B05891141458D ] DevQueryBroker  C:\WINDOWS\system32\DevQueryBroker.dll
06:34:23.0572 0x1a58  DevQueryBroker - ok
06:34:23.0665 0x1a58  [ 7EAFDEF51136E8F2452CEBD8D084F108, 88609DCB578D14BEBF7CF3C4D300FE2440BA0CF95189969247AB516059E9C284 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
06:34:23.0681 0x1a58  Dfsc - ok
06:34:23.0759 0x1a58  [ F0D4400BA0F08610D9A551B15BF10B76, 83EB8FB272FC2DD2CC0659C2FB90AD0DAE88A88AB3951E03BCD933A25B601E10 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
06:34:23.0775 0x1a58  Dhcp - ok
06:34:23.0915 0x1a58  [ CA7FEDDFCF61EF15A09C54DA2C07C49F, 346EF7709BA9E6BD48592B86FA46F9D956C847EF91F4980EEAD98269D0F0EF67 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
06:34:23.0931 0x1a58  diagnosticshub.standardcollector.service - ok
06:34:24.0165 0x1a58  [ 6079A6F6406C4FFB552F66384F25F919, 8B38645F1F4A8F72DF18373EDCD3828DDF8D4E2A406E42E654F21C0C1A5EB661 ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
06:34:24.0306 0x1a58  DiagTrack - ok
06:34:24.0415 0x1a58  [ 35B9D46560339A5A7F0CAC6ED702C817, F70480B01533B7029F90E2DE297E9E829660300DDE7A7D009B0AC2684E7691A7 ] disk            C:\WINDOWS\system32\drivers\disk.sys
06:34:24.0415 0x1a58  disk - ok
06:34:24.0823 0x1a58  [ 53757B27986CDC970725FAE35F45CA11, 3B332C2FBD502BAD959DDD65C86FEAFA78DFDDF6405F130F2F26A8AF9424E21B ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
06:34:25.0073 0x1a58  DmEnrollmentSvc - ok
06:34:25.0260 0x1a58  [ 815F45161A4571C2C44491564F3D5968, 32E7AE8414A178CE429C0CDFCF718E3C11C705FB3155EA5CA0EAD48AAE507B01 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
06:34:25.0276 0x1a58  dmvsc - ok
06:34:25.0588 0x1a58  [ 6E5EE6E420FECD64DE463C5F01CBFE71, F173C56895E80AA03D70CD78B3AB659C2EEAACFF43BE3B6EF3939D6F4AD4F62D ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
06:34:25.0666 0x1a58  dmwappushservice - ok
06:34:25.0885 0x1a58  [ 7F8A3ABF7750326E18CE953CCE262670, 5DBD159E8A455A42764FC73CF7DCAC849B5896848C5589B00BD36697804C0A3B ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
06:34:25.0916 0x1a58  Dnscache - ok
06:34:26.0182 0x1a58  [ 8F46B4C3F9BA19C26A26D0A11137B20B, BA0A66DBA98D77FD85A7CD2D4593F2B2A1A3B4D32BBECBCFFBEB5A54DCB0D8ED ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
06:34:26.0198 0x1a58  dot3svc - ok
06:34:26.0323 0x1a58  [ CA09EAEE92C6FDDC6B05057F11A0372D, 14DB5C186B69644AA93C445BF31CC9670204F95A47B77B6EACB19B4A316378AD ] DPS             C:\WINDOWS\system32\dps.dll
06:34:26.0338 0x1a58  DPS - ok
06:34:26.0526 0x1a58  [ AE6BD4C879A8C849E53947C92DF3B3A0, 8C29774CB2D30D901C54AAC0C8ACE709351EE40E5C8FB9951B2A18B4A03F28B7 ] drmkaud         C:\WINDOWS\system32\DRIVERS\drmkaud.sys
06:34:26.0541 0x1a58  drmkaud - ok
06:34:26.0744 0x1a58  [ 7433474BE77F065D2FA628671FE31A3E, 063ADDC68F48036749E6EC7B2F66284DB29F90F62E9468D16B4EF5A0FDC45E35 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
06:34:26.0760 0x1a58  DsmSvc - ok
06:34:27.0010 0x1a58  [ 5FCA45C24501DA7390065D3706A9FC3F, 093FD840F1502ECC6F05B9723CA523B3F15CF39A5D2B9106E1267739B3F2C52C ] DsSvc           C:\WINDOWS\System32\DsSvc.dll
06:34:27.0026 0x1a58  DsSvc - ok
06:34:27.0463 0x1a58  [ E28103485F82F30AFC5DE1CEDF4AF295, 960DE1AFFEC72E25AA71AE537E87CF7E02542179C0AAAED244CD221FE6C839EC ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
06:34:27.0573 0x1a58  DXGKrnl - ok
06:34:27.0666 0x1a58  [ 9FCE4EF7D5E274F862D9A2526B5F4779, 81D42D5475C2801C8E0C233A0BA827569D8A70590017C91C665C8B232D9BFAA9 ] EapHost         C:\WINDOWS\System32\eapsvc.dll
06:34:27.0666 0x1a58  EapHost - ok
06:34:28.0088 0x1a58  [ 7EC6FC0266D74BD47ABB130A328B70EC, 3856790AF967AB03B1A89F97328DC4D5A6854ACDA6169681A9AFB03D7CF791F9 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
06:34:28.0244 0x1a58  ebdrv - ok
06:34:28.0401 0x1a58  [ FD0FC10A8CFD7AFEC58BBBE649BAA470, 9BDBD540FCF33FC01AB896D50A872E2FB5A007225FA003C528E6DCBDBEE19C25 ] EFS             C:\WINDOWS\System32\lsass.exe
06:34:28.0401 0x1a58  EFS - ok
06:34:28.0588 0x1a58  [ 8D74B8B5D6F7C5BC4C525BAF2B083FF1, DA5656F745B3911F96871887FDFDC40F4D9C820622A0AA27EFE4BA93662833CA ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
06:34:28.0604 0x1a58  EhStorClass - ok
06:34:28.0823 0x1a58  [ 4D49B99DCACA1FC782A94DB596246504, 878B27A128093640830AB4C78973E1D896CF3AA918FA24FAB1029F0C9D1CB98B ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
06:34:28.0823 0x1a58  EhStorTcgDrv - ok
06:34:29.0383 0x1a58  [ 80A7999DE02CE678B865832E1CE78CD6, 2576EBB6E4D630A906DE724F125099E52A962B5B68B9F9BCA849A7B29D8C8689 ] embeddedmode    C:\WINDOWS\System32\embeddedmodesvc.dll
06:34:29.0385 0x1a58  embeddedmode - ok
06:34:29.0588 0x1a58  [ B4264DEF962801CDB83C008DE30758D1, 57886688102BE727450BA45932044A5A389B5822A0C1C08C2AFFBA380F70C3F3 ] EntAppSvc       C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
06:34:29.0604 0x1a58  EntAppSvc - ok
06:34:29.0651 0x1a58  [ 77B60DEC7DCB4233E4A69D3F52E5DB24, 3A5C905E37A93899051497C90E5BA8E1D003B56C6906CADFD2F1CDF52052D248 ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
06:34:29.0651 0x1a58  ErrDev - ok
06:34:29.0916 0x1a58  [ F89083AB8B9F51C0031C1CBD0A9A7E35, 9EE973A25134960E62D1A6A1E34AD9B3F7690E71C1AD31A23FA2081A73438754 ] EventSystem     C:\WINDOWS\system32\es.dll
06:34:30.0119 0x1a58  EventSystem - ok
06:34:30.0244 0x1a58  [ FCD2C63754C2E739A8EEAD9BC63F9DDC, C57A72ABA4C0BD71F914B9C8FF965DCFF585A205498F19A4584A4BAF7674839D ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
06:34:30.0260 0x1a58  exfat - ok
06:34:30.0448 0x1a58  [ C077AA74EDDAF69985EB27597BCB342A, 8CE48D37E39A6DFA3C8E959CA92A49029100446DC40044EE009D55FB9CDE378A ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
06:34:30.0479 0x1a58  fastfat - ok
06:34:30.0666 0x1a58  [ 77CE56471AF984800F318F3734D768C7, 72D540072374A56C2C497F0532A50705D3F0637F2C0C96B1D715F2EDFCA3AA2D ] Fax             C:\WINDOWS\system32\fxssvc.exe
06:34:30.0776 0x1a58  Fax - ok
06:34:30.0776 0x1a58  [ 99598ECA5E41996E005D5B9D9FF1EFA2, 91345CD50EF02431B69093505C1C5F5DC6A1AA6BF192EE9392ED4D5626B60462 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
06:34:30.0776 0x1a58  fdc - ok
06:34:30.0823 0x1a58  [ EF0DD43A4CBAB367BCA1AFBDC9971E4F, 73E161C45D63FDDE71EE2438137913724DC513860539D1E7F6BD861F5D1B33F3 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
06:34:30.0838 0x1a58  fdPHost - ok
06:34:30.0885 0x1a58  [ 34DAC585994CD3B4E910DE11C584EF3D, A6C6A4CB5413EA61F1A54E2D3AD71A311CEA2C26218544D2D2D4A5CFEC52DE8C ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
06:34:30.0901 0x1a58  FDResPub - ok
06:34:30.0948 0x1a58  [ B68DA1FE3CA2311AFD38DD6905CA7F71, 4B395DFB1B47D2507CA4D9DC996A70D0A3BDB1A245CD6DA6C42B2A299AFCCF37 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
06:34:30.0963 0x1a58  fhsvc - ok
06:34:31.0026 0x1a58  [ F44F666B0EACC3181544FFCF8CA0FFC7, 83F771CF9DAE1C504B30731EEC55355EA1253174252DA2192ADF1D228B3735C3 ] FileCrypt       C:\WINDOWS\system32\drivers\filecrypt.sys
06:34:31.0026 0x1a58  FileCrypt - ok
06:34:31.0073 0x1a58  [ 78A210DDFDF2C9EC884631D2DAA573F0, 5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BD ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
06:34:31.0088 0x1a58  FileInfo - ok
06:34:31.0166 0x1a58  [ 1A97DB5E701A186989F3795223C3BE39, F7982220D4DF7E104955E63CACE352394E2577DEF49506EA126127F820EB62DF ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
06:34:31.0182 0x1a58  Filetrace - ok
06:34:31.0182 0x1a58  [ 46626665F0E5906E45619B4EFD6186B8, 37FDD3B8AD49FD29E54DA5567EA77F28A53498AE56348F7A2628E5E5549D638B ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
06:34:31.0198 0x1a58  flpydisk - ok
06:34:31.0213 0x1a58  [ FDA72ACA14D516D18C33AFCD0FD9260F, 6509612DEC82EA74614B5C9A7B432305A1A468C97B88BED9E141DF2929B621B1 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
06:34:31.0229 0x1a58  FltMgr - ok
06:34:31.0369 0x1a58  [ 289EFA0470B308F01BAF955DE81E0682, F88081AD427BD90B3085A07439D1BDBB4966A898D49B0ABEFF7829D68BE532A5 ] FontCache       C:\WINDOWS\system32\FntCache.dll
06:34:31.0448 0x1a58  FontCache - ok
06:34:31.0682 0x1a58  [ 59241194DBDF30A2B4029E402F377900, 47A92E9CD8494C403B377799D395670A393766647E24CD83B15338CE2AA50266 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:34:31.0713 0x1a58  FontCache3.0.0.0 - ok
06:34:32.0338 0x1a58  [ B6848AE7BF5BD5182075D948DF7588DC, 0245D35CA48451D0743347338EE2E8E8AB6C6FD8ABE0B91E7FE2830714D30BE0 ] FrameServer     C:\WINDOWS\system32\FrameServer.dll
06:34:32.0401 0x1a58  FrameServer - ok
06:34:32.0573 0x1a58  [ D152CCBFC8251670BF0AAFE00D6BC782, 9DE82D8FC4E1DAF8FF23EE08C0B7CB5051A9224E64544D262CFA4996A41B04E1 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
06:34:32.0573 0x1a58  FsDepends - ok
06:34:32.0635 0x1a58  [ 6D6BB5C7363CD35FA715E826F3D029EE, C214F791EB39E8B25CE57ED9D6C1D56EE1AF6021BCB380980BD42A6338A6C9F7 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:34:32.0651 0x1a58  Fs_Rec - ok
06:34:32.0901 0x1a58  [ B719EAA1EC93586955B013BD7DD61356, 0D0D94CF33322EEC0AD08835D0314E578F9687F361CD436A2073A4D2C0D56C86 ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
06:34:33.0010 0x1a58  fvevol - ok
06:34:33.0260 0x1a58  [ EF78034773CE506323655A868C949144, DF195BEEE6704FBCC6D2D9E1BF6723E52ED502A1459F495B7D18481E6A79B5BC ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
06:34:33.0260 0x1a58  gencounter - ok
06:34:33.0432 0x1a58  [ B55FEBC6A00DAA1FE074F020B6907516, 67071FBAC2ABA47AB71358A5F08E92E034A55343878F00137E90B3B1F7362976 ] genericusbfn    C:\WINDOWS\System32\drivers\genericusbfn.sys
06:34:33.0448 0x1a58  genericusbfn - ok
06:34:33.0588 0x1a58  [ DDD8A8CDDC7F13EF57D1DAAE71865936, 9D472A8689F72F24D40D5B94849690F53C67849FDF6162A94EF4FB330A3DA566 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
06:34:33.0604 0x1a58  GPIOClx0101 - ok
06:34:34.0088 0x1a58  [ C9316C91895057669386E620C89580E5, 5C7BF2C890E77AE3D401BB1F9F76B42D8A0ECD98118F17929FCD4097C768D90A ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
06:34:34.0229 0x1a58  gpsvc - ok
06:34:34.0244 0x1a58  [ 7ACD8F69B5D6EC97E6D2C006E19BED88, FC69214C9308EA64B88EF4C3C95800586DDBB44C8540846B79A161BAD8203B6E ] GpuEnergyDrv    C:\WINDOWS\system32\drivers\gpuenergydrv.sys
06:34:34.0244 0x1a58  GpuEnergyDrv - ok
06:34:34.0401 0x1a58  [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:34:34.0416 0x1a58  gupdate - ok
06:34:34.0416 0x1a58  [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:34:34.0432 0x1a58  gupdatem - ok
06:34:34.0510 0x1a58  [ E4B7F2553A127E86E11343ED15320A99, A4EA52DF5D24EF8210192669934D3D0DD1A0E4CCAAD014D52F58D58A9D3C886A ] gzflt           C:\WINDOWS\system32\DRIVERS\gzflt.sys
06:34:34.0526 0x1a58  gzflt - ok
06:34:34.0666 0x1a58  [ 217230B984AB2954E2FA5E36578D7B08, BB7B79EA7501A28EB2A0303FDF66FB9D59D567994C25A1523CD6D2081C403AF6 ] HdAudAddService C:\WINDOWS\system32\DRIVERS\HdAudio.sys
06:34:34.0682 0x1a58  HdAudAddService - ok
06:34:34.0760 0x1a58  [ 10E3515FE5DBA6656FA62C29342EC4A1, 2051F10F74ED712B1766EB61E87FADE25AB3D0970BABFD320600D1B0D6377F26 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
06:34:34.0760 0x1a58  HDAudBus - ok
06:34:34.0791 0x1a58  [ B90D284B97CD4CA9DE7430AAAD887A56, 2F14F985C39B7801ED64590979CF2114924E9547F5B11D2B37A74DBFFDD9E7C5 ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
06:34:34.0791 0x1a58  HidBatt - ok
06:34:34.0823 0x1a58  [ B2FE11643CC6ACDEE6C247DD36018FDB, 5796613C7DBF8B2A9E860E006FF1A245B6BE7D10E3F6685AD142B48E5C237B8C ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
06:34:34.0823 0x1a58  HidBth - ok
06:34:34.0869 0x1a58  [ D24355488A2D4D2323518EC1AC7A6D9E, ED2176A2093726087EDDA25B86E9CDD4BA35F4E748E3A6DE0B15C4C97646B5C7 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
06:34:34.0869 0x1a58  hidi2c - ok
06:34:34.0885 0x1a58  [ 0AF9ABBA4F3F55C6C803890D64BC3C29, D3DE6FA308F8E7CD4F16387F46AE4B2F7EC9BBA07BF87652B660A0D645710571 ] hidinterrupt    C:\WINDOWS\System32\drivers\hidinterrupt.sys
06:34:34.0885 0x1a58  hidinterrupt - ok
06:34:34.0901 0x1a58  [ CDBCF8E9AB06D88A1E1191D32F320C5D, F76963AB7CF2BAB3A220013879AECD3976BFD851CFB66B5A69A9EA2541048861 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
06:34:34.0901 0x1a58  HidIr - ok
06:34:35.0010 0x1a58  [ C900FE0DD6A1E2220084B8F1C427790C, 802194EBEDA1A50EDA300078B0888AAC1F17A42E67147B7B3B9C50AD8D4E5C89 ] hidserv         C:\WINDOWS\system32\hidserv.dll
06:34:35.0026 0x1a58  hidserv - ok
06:34:35.0057 0x1a58  [ 2B7002EEACFC2687788A34ADB204293D, 040B5FC43459E80AD56CEBB26EC7676F449310537ADCD3272C2064241E328834 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
06:34:35.0057 0x1a58  HidUsb - ok
06:34:35.0166 0x1a58  [ 44D54C8356588525D7AD0FDCFDDA0811, 46963ADBF14FA8A9B0E6564106ADEA49BBD4EBD9E43DF389CCD31F9B9BD080D9 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
06:34:35.0166 0x1a58  HomeGroupListener - ok
06:34:35.0291 0x1a58  [ 86161A89F16851728802590EC7C92608, 3A3B05BB4E115410D27063B30C0EF3F18295F542050F329F1E466C81A9E23A46 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
06:34:35.0323 0x1a58  HomeGroupProvider - ok
06:34:35.0494 0x1a58  [ F5CA18197B4646E04DB9EB2D6642CC4D, 5BA3342DDF1BCB67E4156169FE9A33E7BC2641C729E9F1A80C0E80953C6AB114 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
06:34:35.0510 0x1a58  HpSAMD - ok
06:34:35.0807 0x1a58  [ 65E358D604267CBAACB74A2598BBE22B, A645E48641D638A58789B7948FC3DD5072179C0919B546A6DB08094FA9321A30 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
06:34:36.0010 0x1a58  HTTP - ok
06:34:36.0401 0x1a58  [ 0C84C250F80EAEC2C9768464CC1A9626, 212E1003B78F9B98FEB084FD1FDB59B26A9DE4C9120F24D4361FBBF0F3C035E7 ] HvHost          C:\WINDOWS\System32\hvhostsvc.dll
06:34:36.0416 0x1a58  HvHost - ok
06:34:36.0573 0x1a58  [ 3756E15BB86689412775DF22A442FC46, AD9DF5B542B30C89F9904CB574E75BD2D18A31F67032F0E2453290E912FC5DE3 ] hvservice       C:\WINDOWS\system32\drivers\hvservice.sys
06:34:36.0573 0x1a58  hvservice - ok
06:34:36.0635 0x1a58  [ 771EDDA9830A3079F996F34D681FB6E5, F452AD656872A1C8B2D6DCE232CE01EBD456C46F4934A7601E78470F2A2CBF38 ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
06:34:36.0635 0x1a58  hwpolicy - ok
06:34:36.0869 0x1a58  [ 3B9F315E7FA72CC25228EB097DD9C694, B26F1E494428EF197A0C97645C05BB3CA093827A005D35C987F1D6778BC4E52C ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
06:34:36.0869 0x1a58  hyperkbd - ok
06:34:37.0073 0x1a58  [ B54B30992620C97230013A74461C8517, CAF09BDCDD6DE2A39CB8AE2C65E6F8FE12D8E93D84BBEF6C6A98F872BF54A4E3 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
06:34:37.0229 0x1a58  i8042prt - ok
06:34:37.0260 0x1a58  [ C6B8743B213F06AA60943D8366FE968F, 758954F70B810063914B243115B2C753B2BCE40190F95C30ACBA0BF04EBD5B33 ] iagpio          C:\WINDOWS\System32\drivers\iagpio.sys
06:34:37.0307 0x1a58  iagpio - ok
06:34:37.0354 0x1a58  [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c           C:\WINDOWS\System32\drivers\iai2c.sys
06:34:37.0432 0x1a58  iai2c - ok
06:34:37.0448 0x1a58  [ 5A0E850F8CD17791A3E6A3CF81D0CA28, 10A965A49D53360DD250E0758B6BB142872298A21C732EB026ACB93492C5C6CF ] iaLPSS2i_GPIO2  C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys
06:34:37.0448 0x1a58  iaLPSS2i_GPIO2 - ok
06:34:37.0463 0x1a58  [ 7508F1096803385D6376BFD0BD473AC4, 1F32EC23CDC94DCB9710E6663B5C3BD83568545DDC2C741CFC13550A4E4DD2BE ] iaLPSS2i_I2C    C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
06:34:37.0479 0x1a58  iaLPSS2i_I2C - ok
06:34:37.0479 0x1a58  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
06:34:37.0479 0x1a58  iaLPSSi_GPIO - ok
06:34:37.0526 0x1a58  [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
06:34:37.0526 0x1a58  iaLPSSi_I2C - ok
06:34:37.0635 0x1a58  [ 97E553D03219D3D51705C7235D9EAEBD, 5D4578C8804AF32D1DC0868E34D6538138DC15F9568CA7E21051B1C82C0D8D55 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
06:34:37.0666 0x1a58  iaStorAV - ok
06:34:37.0713 0x1a58  [ 8350FE3BCDE3428BC040877BB7E9EAEB, 77F9456351CA640C6B7862907C0580627E761EC807B551976A95657EB4D6CC20 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
06:34:37.0729 0x1a58  iaStorV - ok
06:34:37.0776 0x1a58  [ 3BA03F7C7700DDF4C383DDE9252F5817, 3E90F69D0010E7764349D9AE865D577E431FEBC67DA554B400BC808DD286E203 ] ibbus           C:\WINDOWS\System32\drivers\ibbus.sys
06:34:37.0791 0x1a58  ibbus - ok
06:34:37.0979 0x1a58  [ 937AC47F7356554DA05D9722C356EB55, 9EABC9F19B4E1193B669D2674967F5C6F03FAD348EDF0615E3F78554FF9A83CC ] icssvc          C:\WINDOWS\System32\tetheringservice.dll
06:34:37.0979 0x1a58  icssvc - ok
06:34:38.0057 0x1a58  [ 2C3928A343E2F29A7770BD429331DDCF, 5F376C4E7F097C410EC44E8EABA415B145939292713841AFF77702FF1BC57B61 ] ignis           C:\WINDOWS\system32\DRIVERS\ignis.sys
06:34:38.0057 0x1a58  ignis - ok
06:34:38.0385 0x1a58  [ F2934208C0E50C0B971A7981AB90BED2, B936BFBBD71E731CC2CDB8B47D262F2EF09726FF921C2DA0841910CA2401423D ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
06:34:38.0432 0x1a58  IKEEXT - ok
06:34:38.0494 0x1a58  [ 2A01C96DF5802D3434634E55C91232D8, A3ABEF36E2FD2CF5C371ADBF92566A09669A1D990ABE4677370F57F2EEAF8121 ] IndirectKmd     C:\WINDOWS\System32\drivers\IndirectKmd.sys
06:34:38.0510 0x1a58  IndirectKmd - ok
06:34:39.0994 0x1a58  [ A15C6143EED6F615C4BBD28796C6BD49, 5D3E50F29FAA94F9EBCFE675A32E392367C4385CD3594CF37940B41D3F0A2810 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
06:34:40.0432 0x1a58  IntcAzAudAddService - ok
06:34:40.0526 0x1a58  [ 9F7E87F6595D065A8A200A291043045E, 6944F72F73EADC6C9B7691F2C1C6DF1898F22C88EFA78EC0BA8CB5FFD9CE057B ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
06:34:40.0526 0x1a58  intelide - ok
06:34:40.0541 0x1a58  [ A6BD2E20AE1BC5CB2776C87C28E4F4CA, BD8BE67CED9A4982D785CE9ECBEFE868C3A2E37DF7F9592B9F9049B807A1554B ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
06:34:40.0541 0x1a58  intelpep - ok
06:34:40.0588 0x1a58  [ 2A48DA39542636DB0FA3BA915385D1B3, 6CA0916F5F4B1E81AE6A6233276320599BFA7C129267177703E3BB6468FB4683 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
06:34:40.0604 0x1a58  intelppm - ok
06:34:40.0635 0x1a58  [ 4A922CAB4AB5F29F1BECC9D95B4B7F05, 7C1006799E26A0B4DF49373A4D0509748C602588CFB3C1CBB409E335F5DF9593 ] iorate          C:\WINDOWS\system32\drivers\iorate.sys
06:34:40.0635 0x1a58  iorate - ok
06:34:40.0651 0x1a58  [ FE85D0A86CA7A5A99CF8CD04DE7F80AE, 544C01FC01EE728EB5667158207E5F4418FE77A88BA318192A834722DB766F4E ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:34:40.0666 0x1a58  IpFilterDriver - ok
06:34:40.0791 0x1a58  [ 89548E57FD0A7BC703541C69C0286B13, 261698B302DF5B80C57FC4257E0A0AABC8DEFFED16D8CD142AD8E7CB51AF2007 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
06:34:40.0823 0x1a58  iphlpsvc - ok
06:34:40.0823 0x1a58  [ 450DBDD716C7911F83E05F78EE18BFA2, 43C0DA172F632131898F315A53DEDD1AE99FB0620AB32B3A5B99FEC498C9AAE5 ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
06:34:40.0838 0x1a58  IPMIDRV - ok
06:34:40.0854 0x1a58  [ F1DAECC3B3D6399875D4F10529D6A77C, 6533D2F858816BE6570C998510919FCA2904EC6EF806F61C1FD325E88133111B ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
06:34:40.0869 0x1a58  IPNAT - ok
06:34:40.0869 0x1a58  [ 7475A2903BB704B446AA6309E34D3362, C94643A1626A9716015EBA7041A1224098501EB7DAA704CBFCAD3DC6F3CFC6AF ] irda            C:\WINDOWS\system32\drivers\irda.sys
06:34:40.0885 0x1a58  irda - ok
06:34:40.0948 0x1a58  [ 9725E7F0C64CE9916A5CDABE8D6E13C3, 04AF9E48FEF208A2850DF28352E8FDCBF4018982C72C0F67EE12C048C4070116 ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
06:34:40.0963 0x1a58  IRENUM - ok
06:34:41.0088 0x1a58  [ 8C604213A2E73088BFFE6CD2E6F1AE53, B4C4FEE4D398A29F72EC27D5668071D7E68CD943FFFC38624DD5DF5BEBDF46D3 ] irmon           C:\WINDOWS\System32\irmon.dll
06:34:41.0088 0x1a58  irmon - ok
06:34:41.0244 0x1a58  [ 58040898883A96160D41739C80328BBF, 7F85C91C905811416E266A263DDEFCDCB0B45376AAE51B551AB636C16577DB9F ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
06:34:41.0244 0x1a58  isapnp - ok
06:34:41.0323 0x1a58  [ C9FD02D62E09337B67B0C61EC8CA38CC, DC77E935ECC8474BE9018F0937CB11C137073582B20A0EE107CE247FD9E1F9C1 ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
06:34:41.0354 0x1a58  iScsiPrt - ok
06:34:41.0463 0x1a58  [ 2A61516963F604D012FEDE8F4B36A849, 5DF0AA6F5189CBC5BE18095EB0579EC91DF693B9D3B51397483027CB242B8B2E ] itecir          C:\WINDOWS\system32\DRIVERS\itecir.sys
06:34:41.0494 0x1a58  itecir - ok
06:34:41.0619 0x1a58  [ 9075E7EA06F087860EDB9882BF8C24D6, D9DE4F4D10F3B0FAC132DD2E9B1269726A2D9B6757EEAB73FFD6993499999953 ] ITECIRfilter    C:\WINDOWS\system32\DRIVERS\ITECIRfilter.sys
06:34:41.0635 0x1a58  ITECIRfilter - ok
06:34:41.0776 0x1a58  [ 210808437570BDDEE71A43535E3A2D30, EF5DE6EE4FF58F44CDE4D4E7F298ABBC9086EC05CC3AE4903060DA878115AC1E ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
06:34:41.0776 0x1a58  kbdclass - ok
06:34:41.0869 0x1a58  [ 2D05785B0C58D90A34EA15032EADBBA9, 3E1238FF7F6ECA522761830FE7EA7587B704FCB3ECE8C6BF94CC17A640B678ED ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
06:34:41.0885 0x1a58  kbdhid - ok
06:34:41.0932 0x1a58  [ 813BA3EB2CE038F2A5382DDD75CAD60B, 99FA444027CAC247B54317730D54AB0C4C000AE076B97E47470FDA9834594312 ] kdnic           C:\WINDOWS\System32\drivers\kdnic.sys
06:34:41.0948 0x1a58  kdnic - ok
06:34:42.0026 0x1a58  [ FD0FC10A8CFD7AFEC58BBBE649BAA470, 9BDBD540FCF33FC01AB896D50A872E2FB5A007225FA003C528E6DCBDBEE19C25 ] KeyIso          C:\WINDOWS\system32\lsass.exe
06:34:42.0041 0x1a58  KeyIso - ok
06:34:42.0323 0x1a58  [ 9FA1B5D84F596F0664F0465F302044DC, 47B41D3D6119B5B20C83AF84D315C4AB40B5534D687736A8B67BD985A3B232C1 ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
06:34:42.0448 0x1a58  KSecDD - ok
06:34:42.0463 0x1a58  [ ECC7F3CDF34AAA49C00504466FC2B698, EE226CEB0B267BECBD59DFA9A390060A21545CC59E175E862678E964DF6C9DFC ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
06:34:42.0479 0x1a58  KSecPkg - ok
06:34:42.0479 0x1a58  [ 4ED115CD1A1099705F56B5E0FFF97CC6, 9CC49DF2CD6AAAE405BA661D13EFC1E05111D1DE3D1E50C39C425AF1F075610B ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
06:34:42.0479 0x1a58  ksthunk - ok
06:34:42.0635 0x1a58  [ 8125BDF7ADC261F75EF0CAD92456E350, 184797AA1D58C4FF743BA60D48590B88B781EE7779205E45E0679DEC79F3E185 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
06:34:42.0635 0x1a58  KtmRm - ok
06:34:42.0838 0x1a58  [ 8CCAB08815B50AD78B823DB3F96C8604, 265E6D582EB7207B5CC577D61CB7BC3646F613047F168CD69BB776C37780EBF5 ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
06:34:42.0854 0x1a58  LanmanServer - ok
06:34:43.0010 0x1a58  [ 752FE77F22592016A5EBBF399EC12E14, 231CF3E069FF64A4E8C81D0799A73924D864585B25382EFF8D1707F87747AC9E ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
06:34:43.0088 0x1a58  LanmanWorkstation - ok
06:34:43.0151 0x1a58  [ F8EBAA1FE6D3BF84752931DE1BFA0E2A, 2F3C512712BA709BBBBD779D9E792DBE324876C402CDCEF0345B8B7ABE1D232A ] lfsvc           C:\WINDOWS\System32\lfsvc.dll
06:34:43.0166 0x1a58  lfsvc - ok
06:34:43.0229 0x1a58  [ F2E1302599E445F3E1A305123A92A8BC, 162D5C8045463931E8465544144F11567AA0F246AEAC3828A13284C283F01633 ] LicenseManager  C:\WINDOWS\system32\LicenseManagerSvc.dll
06:34:43.0229 0x1a58  LicenseManager - ok
06:34:43.0276 0x1a58  [ 5933A6673F00D8255C52957E40C2D601, 0AA1281F8B3F97E360592D1B35EE7D3D614F1AB46007F9884CFFB1C5E647575E ] lltdio          C:\WINDOWS\system32\drivers\lltdio.sys
06:34:43.0369 0x1a58  lltdio - ok
06:34:43.0494 0x1a58  [ 88A3C935725FA6EA1A228DCC26CF9C6F, 9B1F70644EEFA1EE7CE151A8A970430087339B7A6345F2E0252370929D4AFAC6 ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
06:34:43.0541 0x1a58  lltdsvc - ok
06:34:43.0619 0x1a58  [ 3F858E28AEE6545FA1B64134DFD5C2CE, FFD7B4FB0A7B61BC6B76A172134673842F2CF00E96FA3ED4A8273DC525B6BB92 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
06:34:43.0635 0x1a58  lmhosts - ok
06:34:43.0760 0x1a58  [ 8E1B0946948CCC0BC1FA3CB70374A795, 0B894C129A35E223FF9594725AC90916CBD597FAD2211A18FC2AE03EA8679597 ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
06:34:43.0776 0x1a58  LSI_SAS - ok
06:34:43.0948 0x1a58  [ 4F68163FC04C973500DC4DA0946917B0, DF060C29109EB3978CEDFE781999B0C4C1E8C0FDB133428058D8400C53315EEC ] LSI_SAS2i       C:\WINDOWS\system32\drivers\lsi_sas2i.sys
06:34:43.0963 0x1a58  LSI_SAS2i - ok
06:34:44.0041 0x1a58  [ E5AC5F2815938651CDCC27F425474673, 3AF0598982153C36A766506FA088F7B84333CC96FEBB050402547AFC613AF9F7 ] LSI_SAS3i       C:\WINDOWS\system32\drivers\lsi_sas3i.sys
06:34:44.0057 0x1a58  LSI_SAS3i - ok
06:34:44.0119 0x1a58  [ CCF6EC9FB9B8F18E05B4253E81013E48, EBE8D77FEE8B99BD8C29702404774D554673C96DF3FDF3DCEA9C99E22C2709FC ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
06:34:44.0135 0x1a58  LSI_SSS - ok
06:34:44.0494 0x1a58  [ 5570D03E2048AC7961BEF6FFEE3A2CA5, FD0232312D87015FA0B8062FA175A44410F8C1C9778145CCDD57BA1C23929C87 ] LSM             C:\WINDOWS\System32\lsm.dll
06:34:44.0698 0x1a58  LSM - ok
06:34:44.0994 0x1a58  [ C9579D32219E5B936AC3A48D470117EC, E61A77191B6BA25D29B1221FEBBE826BBC11F825C0E35A72B4CEFFF8B7FE59A8 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
06:34:45.0010 0x1a58  luafv - ok
06:34:45.0151 0x1a58  [ 6D4111E1852A9F0BFC07BB69F3141841, 9BFF4517F26F1E9DF4DA6633B542EAA20A698B9397D2ED73134E7AEF306FBB15 ] MapsBroker      C:\WINDOWS\System32\moshost.dll
06:34:45.0166 0x1a58  MapsBroker - ok
06:34:45.0338 0x1a58  [ C3CDCCF07486BD2616A7B82946E07AC0, 1EF95DAB2DA856BC7D7573B2EB2D9006DF337F827F0B56A161D0C97F45DB755E ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
06:34:45.0354 0x1a58  megasas - ok
06:34:45.0713 0x1a58  [ FADB2FE017E69EECE0E1BA78661C2E8C, BE99B49031D8B4B670B6F6B6E829E54406779CF6F1D8AFE8AB79A73E6764AB2F ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
06:34:45.0916 0x1a58  megasr - ok
06:34:46.0057 0x1a58  [ 55A417C3E41F2A98666CF929EC19108E, A38C262B2863C87E4151525BF26D6AC16E7982D370E2C6998EB15C88C4BC8254 ] MessagingService C:\WINDOWS\System32\MessagingService.dll
06:34:46.0151 0x1a58  MessagingService - ok
06:34:46.0635 0x1a58  [ FD60818B66B2E8A5415EA840E99A9D8F, 5D2F22909354534B821D958FBEF6A40EB4F642F53C7B509D00949096EF716F36 ] mlx4_bus        C:\WINDOWS\System32\drivers\mlx4_bus.sys
06:34:46.0744 0x1a58  mlx4_bus - ok
06:34:46.0869 0x1a58  [ 68F6977F1CFBAAC770D940A8C0326FA1, 90EE1E7DAC680EAA5AD50E9B0B9FD8FCE8DD6A02D5EF941B5AA5084CBD40BB80 ] MMCSS           C:\WINDOWS\system32\drivers\mmcss.sys
06:34:46.0885 0x1a58  MMCSS - ok
06:34:47.0073 0x1a58  [ D842ADDB5911945D51F61A0B1C8F36E3, 5EB93A1FD2D2D9FAB6121356E1AB18F2ADE9550D3033274AF7CA8F7FD51E59ED ] Modem           C:\WINDOWS\system32\drivers\modem.sys
06:34:47.0073 0x1a58  Modem - ok
06:34:47.0104 0x1a58  [ 9CCCB7FC3EDADEBA461D78615A6011A6, C120B58F25E8CCFD971EB78645C0682F367AD56DC15F2D8C1980CE75B04719DF ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
06:34:47.0119 0x1a58  monitor - ok
06:34:47.0198 0x1a58  [ 27A07B2FB2E3057DA8DAEA4F25D843C7, 09D2B39E6B9AAEC879E5871DD6BCFF2AEF0B894F3B44649665A685F8B3CA6F27 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
06:34:47.0198 0x1a58  mouclass - ok
06:34:47.0291 0x1a58  [ 7BD6E7F7C9001AB21B8362CFFEE80B25, C470C3363EEF3A60409A5934988BFB9B72AE7C2BB63CC2C2D006D7EB1C797F6A ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
06:34:47.0291 0x1a58  mouhid - ok
06:34:47.0323 0x1a58  [ F5BDAEE4B7D369D4C74668DCFBA3FF10, 100F39288E56AFE0D39D1CC235BDC9F3727C873CD3114E092DA7A08810BD3EB2 ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
06:34:47.0323 0x1a58  mountmgr - ok
06:34:47.0354 0x1a58  [ 30844BD376F9D01E62C820BEF446F1F8, 910D672EDB544A20AEB4450B4D89830F46EDD28CE0021156176315C5D068A1B4 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
06:34:47.0354 0x1a58  mpsdrv - ok
06:34:47.0604 0x1a58  [ 779CFDB17EA07A6D26FEBBAC95B65772, 74D9542E8DCCD07396A45A45D2F500AA6F9DCC1DB785A6153EB3067E42F576A4 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
06:34:47.0651 0x1a58  MpsSvc - ok
06:34:47.0807 0x1a58  [ 50C2389CD04C5B8632E3DC2D733EF15D, 0F83A8A5F405BC6F401B5A75D45F6D07C61C0CA692D2A77C63E742622F5BF921 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
06:34:47.0823 0x1a58  MRxDAV - ok
06:34:47.0948 0x1a58  [ C9BB4E2FCAB693FEB00CF940060D94F4, DBE5DACBAB0CF803EBBDC414FD4D2A159B9062892DE923E22E56CBCDB80F13A7 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:34:48.0088 0x1a58  mrxsmb - ok
06:34:48.0119 0x1a58  [ 8F58AEAE00B39AC9AD93755E777B19D8, 335E4D9E9E81609BEAFA08376EE29C35DA6A1839FAFC37399B9066F03BFFFBC1 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
06:34:48.0135 0x1a58  mrxsmb10 - ok
06:34:48.0209 0x1a58  [ 6C83C4A8278E48455DA13E554CEB45F1, 9389EF464F242861FCE8C22D2EB19E8574BF3E56C1A4FB064DE9E7480631E7F6 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
06:34:48.0230 0x1a58  mrxsmb20 - ok
06:34:48.0316 0x1a58  [ 74C9D21523DAE0C18F413C196DF0058A, 3DB4B8CA368D9DD82FAE2C2BC828A21142C8D29780A7C8667188C447519FF702 ] MsBridge        C:\WINDOWS\system32\drivers\bridge.sys
06:34:48.0324 0x1a58  MsBridge - ok
06:34:48.0528 0x1a58  [ 308F08347923DEEDE7BC03EC7D485841, 72DB45CA11FE635DF9F8273C38CBEFB8DF5362ADA0CBF6D2B1E570365DC700C0 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
06:34:48.0544 0x1a58  MSDTC - ok
06:34:48.0636 0x1a58  [ F01B849D9D4A8CEAF32D4FDBD0B83C92, D2473AC4C6E6C03DEF13EA73EC78FB878BDC95C047651BF79A16C9DEA82AD046 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
06:34:48.0652 0x1a58  Msfs - ok
06:34:48.0756 0x1a58  [ 22ECD8F5D1DFADF2011BBB1700CB871D, 8F9EFF51137394EFA5471B8A29C541710063B65806B075B4925A84D5B6BC3BBB ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
06:34:48.0772 0x1a58  msgpiowin32 - ok
06:34:48.0824 0x1a58  [ FD870F6968A145E4D2BA8A8842686B03, 34B8F601F3B5E42B4D0A41E2AF7DB4EB4E5B627DA8DA9A2A2D46B153AF23AEB1 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
06:34:48.0840 0x1a58  mshidkmdf - ok
06:34:48.0840 0x1a58  [ 30364757963A028CE5DF0FBAAC270173, C72588A6A52FF8E418A15D2C407A4DB7EA768585423720145F8253D5CA519DC2 ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
06:34:48.0855 0x1a58  mshidumdf - ok
06:34:48.0902 0x1a58  [ 6BB0FEDDAE7135FA37FFAFF4D9E0E876, B41A3C0FFDFC493D6325ED493445AFCED04EC9DFF2B38125616FC5419AD1ACC4 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
06:34:48.0902 0x1a58  msisadrv - ok
06:34:49.0105 0x1a58  [ 07E3E54734B14F43A4A95A849C0A0DE2, 314AA02EA84D267B32DBAEBEA6C1AC1A266DED1E8D35A17B41D1D2AC75E8049E ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
06:34:49.0121 0x1a58  MSiSCSI - ok
06:34:49.0137 0x1a58  msiserver - ok
06:34:49.0215 0x1a58  [ 13D614E6B51ECF36746C48CE829FA7F6, CAD63C0A4F7110093F84C58252C5803F14E3FC46584B79DA17EC86D49FEAEA64 ] MSKSSRV         C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys
06:34:49.0233 0x1a58  MSKSSRV - ok
06:34:49.0348 0x1a58  [ 642CDE46351D5D2D90311E77072AB46D, B2D3033E607BA2F6E6B9CFB1CBF154CD0CE910EA473C56343EC81B9B94044CCA ] MsLldp          C:\WINDOWS\system32\drivers\mslldp.sys
06:34:49.0355 0x1a58  MsLldp - ok
06:34:49.0362 0x1a58  [ F2302A5CE63CA7673200FAFCEEEDB6AF, B8C44FC2DC0332183DE325CDBF511101F3307225295EDD428CE575A8DE15C223 ] MSPCLOCK        C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys
06:34:49.0368 0x1a58  MSPCLOCK - ok
06:34:49.0548 0x1a58  [ 6114512EA26E835BA522C63635429DB5, 0F91CE41B4555316A79AEF3047C152D538CC9C7C329987C9FD0E3D961AFC87C8 ] MSPQM           C:\WINDOWS\system32\DRIVERS\MSPQM.sys
06:34:49.0557 0x1a58  MSPQM - ok
06:34:49.0676 0x1a58  [ AA538E16E644D00E3BA5349BBA9598EC, 64A68B06883FE7ED34E04AB119BA819753F1222923EDD4E802C35D402B89D075 ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
06:34:49.0692 0x1a58  MsRPC - ok
06:34:49.0739 0x1a58  [ 0543BEFD41EC4D25C7F7CF36409CEC7D, 631622CFEC49952C0470531B23FFFFF483DC0EFFEF7A97B1179A600392C05DDD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
06:34:49.0739 0x1a58  mssmbios - ok
06:34:49.0770 0x1a58  [ C1569E4DB8EFE3617847BF041A3C842F, 99ADE5E7F50E04CAEC737F7F90741CCA8EE628996BA5EB6C6BC62184884429B6 ] MSTEE           C:\WINDOWS\system32\DRIVERS\MSTEE.sys
06:34:49.0848 0x1a58  MSTEE - ok
06:34:49.0895 0x1a58  [ 130B16970154BA9876B09E5C4BAC63BE, BE3AF8FC5A26AB9C9DBA9C015C2E1FD3C4CD9CB423A2BBDABA91428BF8620553 ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
06:34:49.0895 0x1a58  MTConfig - ok
06:34:49.0926 0x1a58  [ A523D9F6AEB152C4480D754DF7FA9F7F, 3376AE692081FF0B9A9E5DEC764BAD12B5AA363E402F3CE358F765454922693E ] MTsensor        C:\WINDOWS\system32\DRIVERS\ATK64AMD.sys
06:34:49.0926 0x1a58  MTsensor - ok
06:34:49.0957 0x1a58  [ 15D987C8F6CCD4AC94E070C5986762CB, 452FB0C48B86C7F8F53794CC2DDBF2B900B03A0383B2DE8F6A830F8CB0AFBAD8 ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
06:34:49.0957 0x1a58  Mup - ok
06:34:49.0989 0x1a58  [ 3D2C5B4995CA0751D32DEA0DE9FDFE44, A26958785FD9E05E2CA97078C9BB277CD44222BF5F7D9E8DC2F3F6AAAFFC6483 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
06:34:49.0989 0x1a58  mvumis - ok
06:34:50.0098 0x1a58  [ DB31EBB04C871F422C36A0962DA7D38B, B1BC2344744F537FB2C7D07B415F860195B7795E185253F05C0817A3764FEC10 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
06:34:50.0161 0x1a58  NativeWifiP - ok
06:34:50.0412 0x1a58  [ C3D9870E680D9D843B18F4626C3858FE, 43596CAC9FB488F810FBA954C52BC4D13F7D32028C40ACFE33DFD7EE36A65C17 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
06:34:50.0421 0x1a58  NcaSvc - ok
06:34:50.0505 0x1a58  [ 04CE2C0F0759EACD886BA4B658B60D5D, E34D0976FC5936C8629800D826DB127072D1DFC3D350EFACA3AA1B8119551762 ] NcbService      C:\WINDOWS\System32\ncbservice.dll
06:34:50.0521 0x1a58  NcbService - ok
06:34:50.0573 0x1a58  [ E6094065008FE423377294050E7CEA2D, 86E200227256407530E2C28243DEFBC3CB6E9497644404D9AD79DA242286DF7B ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
06:34:50.0581 0x1a58  NcdAutoSetup - ok
06:34:50.0688 0x1a58  [ 629CB21AC49C8867E0F29DF1C16DB7B4, 20663E68C69D0A1A2FE99A0C2A9DEFABF49786A1DC8F7F4E1699458AF57D7E79 ] ndfltr          C:\WINDOWS\System32\drivers\ndfltr.sys
06:34:50.0696 0x1a58  ndfltr - ok
06:34:50.0844 0x1a58  [ 36DD2C614720EC2970CB5E870BA69D8D, 692BDA4201119E0561E17E7E1A72320DBECDE3F8E4E65FBEA1B2C1128E16508B ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
06:34:50.0985 0x1a58  NDIS - ok
06:34:51.0079 0x1a58  [ 6DD605338FAAF6BA17662AA874E0D162, 636607829F5D7C3B7A4683C0A2DD594360D72F2AA3F8710153BE32575AE34A15 ] NdisCap         C:\WINDOWS\system32\drivers\ndiscap.sys
06:34:51.0079 0x1a58  NdisCap - ok
06:34:51.0125 0x1a58  [ E34196F285F8B8879E1FF36C31F7179E, 77A4F24F995D4C0689C43F9956E08DCEC62517E4F8B1B9EAA1852B5293DB5B9A ] NdisImPlatform  C:\WINDOWS\system32\drivers\NdisImPlatform.sys
06:34:51.0125 0x1a58  NdisImPlatform - ok
06:34:51.0141 0x1a58  [ 1FAD2398673F30CEC616B89C46B7DCBA, 70302049E6AE2BC6B3A7A9DE54D3F940AD6A9771CC2EBCCEC65994E67A25ECB5 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:34:51.0157 0x1a58  NdisTapi - ok
06:34:51.0204 0x1a58  [ AEB8ECBE66CC46854066CB1F5623E179, 2F650A85A9DAE38887610C0B876621035616CEDB65D4BBBD7F1405616D218AAF ] Ndisuio         C:\WINDOWS\system32\drivers\ndisuio.sys
06:34:51.0219 0x1a58  Ndisuio - ok
06:34:51.0250 0x1a58  [ 7340104C2BF2F126714F7CDE85E63610, 45B64EC6F3A4C43F7D74806789067658C6EF0D44D36B841F4D26E1EBC95AF66C ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
06:34:51.0266 0x1a58  NdisVirtualBus - ok
06:34:51.0375 0x1a58  [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] NdisWan         C:\WINDOWS\System32\drivers\ndiswan.sys
06:34:51.0389 0x1a58  NdisWan - ok
06:34:51.0494 0x1a58  [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] ndiswanlegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:34:51.0510 0x1a58  ndiswanlegacy - ok
06:34:51.0525 0x1a58  [ 78A12E3DF035B5D054986949B19BE43C, AD9B34F89B9F27D473BD5FCE6694A40FCCB808B61ABEDD6F70F1AF6C7E73ABF8 ] ndproxy         C:\WINDOWS\system32\DRIVERS\NDProxy.sys
06:34:51.0532 0x1a58  ndproxy - ok
06:34:51.0642 0x1a58  [ 04C8859355C1DC9C0FA198D1894D71C2, E7C67E73009341B5D402470C686781B3C7BBE2531CE26665E08E711B990B1A77 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
06:34:51.0657 0x1a58  Ndu - ok
06:34:51.0798 0x1a58  [ 6C76780A01FC2B885BD6E957B5C36B02, DB7834F03A765F65C773E772D8051AFADB22CA4B5074180AA397857A0C47A068 ] NetAdapterCx    C:\WINDOWS\system32\drivers\NetAdapterCx.sys
06:34:51.0814 0x1a58  NetAdapterCx - ok
06:34:52.0048 0x1a58  [ 5D1513BD6430307C9DB86C6E351372ED, D2AB709CF7CFA5B857B084AFC821914A975B7DDDCE154229981F19448973BD6D ] NetBIOS         C:\WINDOWS\system32\drivers\netbios.sys
06:34:52.0064 0x1a58  NetBIOS - ok
06:34:52.0126 0x1a58  [ 6FEBB0A847FFD5F057B9AC8889F1B9A7, 558BCC64C59079E6569F61CCE1219A124B3313FC4E6CB5CBCC94124D202FF19D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
06:34:52.0142 0x1a58  NetBT - ok
06:34:52.0267 0x1a58  [ FD0FC10A8CFD7AFEC58BBBE649BAA470, 9BDBD540FCF33FC01AB896D50A872E2FB5A007225FA003C528E6DCBDBEE19C25 ] Netlogon        C:\WINDOWS\system32\lsass.exe
06:34:52.0282 0x1a58  Netlogon - ok
06:34:52.0517 0x1a58  [ D3BF2DA9216A4CF22A97820A50A67EFF, D00CBE0A7ECFB449D9B48967A01EE56141404EBE229893D5A1710781AD5F2551 ] Netman          C:\WINDOWS\System32\netman.dll
06:34:52.0532 0x1a58  Netman - ok
06:34:52.0751 0x1a58  [ F2645D51DD8AABC8BC72358409410437, 8CB97628923D6CEA6EFAD7E666BE92C154060BD108C28D46287A520A14B18ADA ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
06:34:52.0907 0x1a58  netprofm - ok
06:34:53.0001 0x1a58  [ 724EA060EF56BAB4DED8F731FA56279B, E07FFE11D7B5C94D6B56940C6423ACB85910F6E8789E788EC91EEEE1C02B247F ] NetSetupSvc     C:\WINDOWS\System32\NetSetupSvc.dll
06:34:53.0001 0x1a58  NetSetupSvc - ok
06:34:53.0126 0x1a58  [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:34:53.0298 0x1a58  NetTcpPortSharing - ok
06:34:54.0072 0x1a58  [ 57B9C04D673F236D41FAB03842C8640B, 898DCBBBF94875059CD328B0FC75BE36A4E3DD471C6E28BFAE064BCF84349518 ] NETwNs64        C:\WINDOWS\System32\drivers\NETwNs64.sys
06:34:54.0400 0x1a58  NETwNs64 - ok
06:34:54.0697 0x1a58  [ B996DE26A2E16053C9485F5905B05320, 30EB2CEB466A4F05A44F7CBFCDFD8CC3C27B5FCF1269C1B9410C48AB362D2A75 ] NgcCtnrSvc      C:\WINDOWS\System32\NgcCtnrSvc.dll
06:34:54.0712 0x1a58  NgcCtnrSvc - ok
06:34:55.0040 0x1a58  [ 2EC2F2E4C88BA9B72D1F6B92234BCD53, 4DC98EBE5A3B34ED654017F076F457970D3FBF749DC54A6533DAABDE85A7C4FE ] NgcSvc          C:\WINDOWS\system32\ngcsvc.dll
06:34:55.0290 0x1a58  NgcSvc - ok
06:34:55.0537 0x1a58  [ 0B5083278F195C26FE9E0140AEAEDCBE, B4D505963D5EBA14EC80E6D0BB8B862D96D1D1C3A57F4744AEBA3FF4BFB1997A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
06:34:55.0553 0x1a58  NlaSvc - ok
06:34:55.0725 0x1a58  [ 001CBD7A2CD45C4EB39C01C3C677EF73, F4AAF4D60DB1232921C7811A62287B55C7C098B7A1FF9A40D88AF58A5ABECBA2 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
06:34:55.0725 0x1a58  Npfs - ok
06:34:55.0740 0x1a58  [ 90F5DC9802AAA00CD0B6E2AD9E7FFADC, 71C0777829299DECA6ACD42F38802DBE3C29A42CFBD8A396F39DFA44D1F55B6C ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
06:34:55.0740 0x1a58  npsvctrig - ok
06:34:55.0756 0x1a58  [ 1993C85962692EF7024501E7FE92D466, F5BCAA8308495EBF8BB061C2015E07C202A779668D171364D7E312975BC18B10 ] nsi             C:\WINDOWS\system32\nsisvc.dll
06:34:55.0772 0x1a58  nsi - ok
06:34:55.0772 0x1a58  [ 0C6218321A09A7B51BA7FFAFBA4CCB21, 330B3FA793A78410B28DFC8250BBF24442E3BB80434A7938BB96F02337614E0D ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
06:34:55.0772 0x1a58  nsiproxy - ok
06:34:56.0053 0x1a58  [ D1AF837A1555990602A51A3ED238EC80, 37F25AAC4431C665F014FF7EB2FBB395621581200CB5029D4C3F5040E9181F52 ] NTFS            C:\WINDOWS\system32\drivers\NTFS.sys
06:34:56.0194 0x1a58  NTFS - ok
06:34:56.0209 0x1a58  [ 6E6DD6F9DD2A034CF85E94047DBDB992, 63D0A0756F551B7668D1CBAB24B29FD462C706E8A81690BC248D6C92061FE215 ] Null            C:\WINDOWS\system32\drivers\Null.sys
06:34:56.0209 0x1a58  Null - ok
06:34:56.0287 0x1a58  [ 6CA2FCA120F8AD6150E2FDA8FCF58AEE, 6608C86703DA188A440726C47307CBC5C4899B28ABBF6D92CF68ED986AF07EE1 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
06:34:56.0303 0x1a58  NVHDA - ok
06:34:58.0664 0x1a58  [ 6F270C57A0B65A76400F411A230338C6, AF1BB61F02BBFE51160B4CC7966220A500D8DCD38B3AEB0152209674D770DE4B ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
06:34:59.0625 0x1a58  nvlddmkm - ok
06:34:59.0781 0x1a58  [ D261DF41F0840F734856A2B4F5E072C7, 2E703556D0C919375D0B7770513456844B13362190643D5524663EC8546E0FF5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
06:34:59.0781 0x1a58  nvraid - ok
06:34:59.0813 0x1a58  [ 23B702B555EB0436B9DAA0BC63DA65CE, D454F80D9657CFEC852F022C12D7B2C1A2D7D247ECC591EDB07B9369DFD8C99E ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
06:34:59.0828 0x1a58  nvstor - ok
06:35:00.0156 0x1a58  [ F3A837A403C0E92A7475913659DECF94, D76875A11889474203A5CBACE5912562C4361C1A7A9AEB3DD06AF1E4523F4D98 ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
06:35:00.0422 0x1a58  nvsvc - ok
06:35:00.0563 0x1a58  [ 17997DC2441F7E29CDFC6458E0392764, 636CCE2DA1EF8195B33F8D6D5C8CC151D58EBF08DC9AD8ACCCE7ABD41A69639F ] OneSyncSvc      C:\WINDOWS\System32\APHostService.dll
06:35:00.0578 0x1a58  OneSyncSvc - ok
06:35:00.0656 0x1a58  [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
06:35:00.0688 0x1a58  p2pimsvc - ok
06:35:00.0735 0x1a58  [ 2BBCED66D7AFC968BDBB0E4D8524DF0A, 762D916390F9DE69B3EA1D31244224F910645F8E5CEF4C505B76B215BFDFCD9A ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
06:35:00.0750 0x1a58  p2psvc - ok
06:35:00.0828 0x1a58  [ 6B81BF7853D161DB8AC62CD8B9C2DE6B, B2DC06D135FD2501217DDA7349556EB873309E02188D4C3901807BA24FAB30C7 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
06:35:00.0844 0x1a58  Parport - ok
06:35:00.0891 0x1a58  [ F9C32E5ECA5D29852A93C3888A4CC4B2, D52FFB5B85962D5C8FF8016627CBAE69472DDBA559261B6C7FD6DC4C677BB7C0 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
06:35:00.0891 0x1a58  partmgr - ok
06:35:01.0141 0x1a58  [ CE515B2C6E2EA50053A8862398646B38, C85D370E5250AFCF44796CE274B5A100C6829DC28BF1D4C6991EF61DE46FD10A ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
06:35:01.0156 0x1a58  PcaSvc - ok
06:35:01.0250 0x1a58  [ 55E45E0A89429AE9C62D728B9C4891C0, 729922C3488866C8D67F00E82C082F2E8E6F05180F4767AD30FC7E1FFE4946C5 ] pci             C:\WINDOWS\system32\drivers\pci.sys
06:35:01.0266 0x1a58  pci - ok
06:35:01.0360 0x1a58  [ 214DCC87E3898F738075D1341252A552, E721FBBC3510DDB848A8CAEA3B6031EE988F42252DBC3BF7BDB6ABD9A0D9FABD ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
06:35:01.0360 0x1a58  pciide - ok
06:35:01.0557 0x1a58  [ AED76A3333B3A31536E430020E0226FC, EC255B79B0908E3C142D92E35B79D90A3F2594BA012CA2B1B04A6A8745153430 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
06:35:01.0557 0x1a58  pcmcia - ok
06:35:01.0636 0x1a58  [ E63FB38B6E75B39467492FBAD2CD512A, DB406C92BA2460C833A49B98EB5BD58348E868F643A0123B0C9B5315FFC6A124 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
06:35:01.0636 0x1a58  pcw - ok
06:35:01.0776 0x1a58  [ 2CCD68D8A6BBFF2DE0EC54F086C5F3BC, D3D5A56F0C1BEBA9A05CE82F4BBD011E40A15358C00A668F9614F7E002A65A08 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
06:35:01.0901 0x1a58  pdc - ok
06:35:02.0214 0x1a58  [ 1509A77F840AA9E72CF8247D0CF2FBDE, 2D47AD4D8F5C2D871E603FB6D72D25EFD0E63FA3A542DAADAB9D82ED074C0E0B ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
06:35:02.0261 0x1a58  PEAUTH - ok
06:35:02.0417 0x1a58  [ 540116170E2135FCD5DDE77702166B67, CBEC51C2D47532F1781B3255040F303263420B204C2F8BB2B5D1EC342F57B285 ] percsas2i       C:\WINDOWS\system32\drivers\percsas2i.sys
06:35:02.0417 0x1a58  percsas2i - ok
06:35:02.0448 0x1a58  [ 8356F87553BF49C703CF382033815898, 245EB941566D848F134629690BF271B1CBEAB6440771D3D8D7AED3756835354E ] percsas3i       C:\WINDOWS\system32\drivers\percsas3i.sys
06:35:02.0526 0x1a58  percsas3i - ok
06:35:03.0386 0x1a58  [ CB5343FF52A702A9ACFAAE6BE972FE09, EAA5362D91D05D382DF4EBBAA3FD575456F23CAD531CC6F1270F8254892DBF02 ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
06:35:03.0583 0x1a58  PerfHost - ok
06:35:03.0896 0x1a58  [ CFA4868B2932396D47BCC8E7350907C1, C757910212982F54CF9B2CFFCB632D58E3A07E468A2DA42CDF97BFB6A05823DE ] PhoneSvc        C:\WINDOWS\System32\PhoneService.dll
06:35:03.0927 0x1a58  PhoneSvc - ok
06:35:03.0989 0x1a58  [ 06A31E2C90347128A1A25290568E152C, 7F0BC96C116A5C6B9796233CA975B1F6A73D554A533191F38295D60221E503C4 ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
06:35:04.0005 0x1a58  PimIndexMaintenanceSvc - ok
06:35:04.0536 0x1a58  [ F931F21E4287FE3ECCF09B54A232BBA2, CEB7AB3236E5F30214027092B7B695ED35F7A1E007DF4046797D1E4DFEF49EC8 ] pla             C:\WINDOWS\system32\pla.dll
06:35:04.0599 0x1a58  pla - ok
06:35:04.0661 0x1a58  [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
06:35:04.0661 0x1a58  PlugPlay - ok
06:35:04.0833 0x1a58  [ 56D7A89423325121C4A9BD5C326414F3, 649048C23D1973C3504E26B35362AC99DFE9BF31FFE73F45B43306A212AEA34C ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
06:35:04.0833 0x1a58  PNRPAutoReg - ok
06:35:04.0958 0x1a58  [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
06:35:04.0989 0x1a58  PNRPsvc - ok
06:35:05.0193 0x1a58  [ F70CAC34B455D05EAA04B2F8FB58E1CB, 295BFFB3DA03C5CE5462C11D3240024B68AC06E8DEA9062A739BE2CCEE19EB5D ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
06:35:05.0333 0x1a58  PolicyAgent - ok
06:35:05.0411 0x1a58  [ 60C8376B48BA96F07AEA536527433D44, EB988C119C3E71169B91ED2A744C71933DD35447DC4A8249E80EC24E9E7077D4 ] Power           C:\WINDOWS\system32\umpo.dll
06:35:05.0458 0x1a58  Power - ok
06:35:05.0594 0x1a58  [ 5645B9D9788CCA2C88B9534996ED2D6D, 4988942DF163DB5B9B1A08CE6B628D2C47C2E2EAA30AEAE4EFE21C8CF4C8DC5D ] PptpMiniport    C:\WINDOWS\System32\drivers\raspptp.sys
06:35:05.0641 0x1a58  PptpMiniport - ok
06:35:07.0172 0x1a58  [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
06:35:08.0344 0x1a58  PrintNotify - ok
06:35:08.0438 0x1a58  [ 372913E12677A8CBBBABDD8311894F9D, A5233D95A0D22D2A9DB214E7CB79A99D389B67189FF6A87D0AD4610A333A637F ] Processor       C:\WINDOWS\System32\drivers\processr.sys
06:35:08.0469 0x1a58  Processor - ok
06:35:09.0023 0x1a58  [ F6ACBFD52A3BEC4B73DAE66997489101, 74E58A30B77ECD1CFAA059BC5EB6B2E352B8341F14CE8CA9095307C35EC08CAD ] ProductAgentService C:\Program Files\Bitdefender Agent\ProductAgentService.exe
06:35:09.0038 0x1a58  ProductAgentService - ok
06:35:09.0413 0x1a58  [ B2DC3BA675F95343D55EC989FE303561, C53FCA036358B0B11BBE5348074FA24831CF67C9FEE31A3DC9CF88B6178CFBC8 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
06:35:09.0553 0x1a58  ProfSvc - ok
06:35:09.0615 0x1a58  [ FC98407B85A31161851FDE245517574F, 2CCD706CF243934FCDA32B24CE0C385EA2E67F206E0306FA584496F583A20CD1 ] Psched          C:\WINDOWS\system32\drivers\pacer.sys
06:35:09.0615 0x1a58  Psched - ok
06:35:10.0131 0x1a58  [ 7A68710BAC9B6809314B86C0CB1CBC4A, C02D97993D1F6FE6EFBA5B1366B3A4FE8CE1136A95F3A2DA07BA59554C163501 ] QWAVE           C:\WINDOWS\system32\qwave.dll
06:35:10.0209 0x1a58  QWAVE - ok
06:35:10.0381 0x1a58  [ 819602BBBFDB0BD46DEA3715BF0DD452, D4007FF1E5296316B53436CA3598D6B1CF4F60AB77D5B02F3E595081EDD5D879 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
06:35:10.0381 0x1a58  QWAVEdrv - ok
06:35:10.0537 0x1a58  [ CDF47037A0939F56D11F699629C276AD, A63F2A3FE80FB8084E3870E907505694B79EE1D9E56E292C01D481FEFD2534B0 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:35:10.0553 0x1a58  RasAcd - ok
06:35:10.0756 0x1a58  [ 28C2EA278070EE12701D0EDF8CB0EC36, F10288C1C6835840026DB30285345EF892DE989F43C948E7F4760B8895FF675F ] RasAgileVpn     C:\WINDOWS\System32\drivers\AgileVpn.sys
06:35:10.0819 0x1a58  RasAgileVpn - ok
06:35:10.0912 0x1a58  [ 7B82197BF35CC3BE59AEF8B706AB8A16, AB0216164A548A48CD21F5F035E57E867584A96890B9887EC08F8DABDD89F990 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
06:35:10.0975 0x1a58  RasAuto - ok
06:35:11.0037 0x1a58  [ 17E565710172ED71B8531D8822E1C5D1, 0CA39ABD9E544DDAD9D9D7D1FC50444274C31E18F9BF73069051D9F62833698F ] Rasl2tp         C:\WINDOWS\System32\drivers\rasl2tp.sys
06:35:11.0115 0x1a58  Rasl2tp - ok
06:35:11.0397 0x1a58  [ DF0702D6A190452E1BFA52F36E58640A, 37B7B8220CDE965F1232D883CEEEDDDB309ABA0ACBE38486E69B9052D39187C4 ] RasMan          C:\WINDOWS\System32\rasmans.dll
06:35:11.0477 0x1a58  RasMan - ok
06:35:11.0542 0x1a58  [ 9387DF155233D45D4E010F4F2FB52A57, CABC25DA4E512809AED0085767BDD94BF3C1DA792BFF8A009B5465D9110E7060 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:35:11.0591 0x1a58  RasPppoe - ok
06:35:11.0631 0x1a58  [ F0F4EEDEEBEE7A4244FAFB96A16B5712, F64717E601BD5EB674003009507B8CDD6F69F00E8670D6895EC64786166A0E8D ] RasSstp         C:\WINDOWS\System32\drivers\rassstp.sys
06:35:11.0636 0x1a58  RasSstp - ok
06:35:11.0925 0x1a58  [ BBE0FC9C9E7C556DA6E6E6904739DF7E, E6F0C48371EEB92B796DA0AE49DA575AC0B4403146F75A1040DC2C1A44CAB0F6 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:35:11.0958 0x1a58  rdbss - ok
06:35:12.0041 0x1a58  [ 79A415E6FA915EFC00297DAB16EC2635, 47BB49F6D756214193D38A4AB182B541AAC180381C3111FF7F9B0AD4C44D8733 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
06:35:12.0041 0x1a58  rdpbus - ok
06:35:12.0150 0x1a58  [ 7135785C21CA79D270D11037C43D3F19, 654A3C65CF891ED8C82A740D10CF607FC7D709185E664DE03288CEB5B25F03A6 ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
06:35:12.0166 0x1a58  RDPDR - ok
06:35:12.0181 0x1a58  [ 97A61A3CB2B5CB4FC32B3224EF333448, E4F2E8BCEE3639BE57BBC8A8E67FDE42C3A5158F1204684B0ECD216F4AA044A3 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
06:35:12.0260 0x1a58  RdpVideoMiniport - ok
06:35:12.0322 0x1a58  [ 69BB204AE07EE84ECFAB1BF13C4BD04B, 1CA832CBF4AE4821EEA2A19F9519C2D1D00406B8CCE2A86FE3B33A5F293DB218 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
06:35:12.0369 0x1a58  rdyboost - ok
06:35:12.0728 0x1a58  [ 940D6F5A2B0A61EE4170DF84F6C95C20, F8EE846DC8015EDFE7CB5BEEDC977EAA9C586BAC2216DE69D8ECCBDBC7408649 ] ReFSv1          C:\WINDOWS\system32\drivers\ReFSv1.sys
06:35:12.0869 0x1a58  ReFSv1 - ok
06:35:13.0010 0x1a58  [ FD2B3A645798A2EFB7FB61AC42AAA611, 8A121D361A73CA19AA87B1AD33B8020A99444BF4C8904944AD5913C5083859B8 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
06:35:13.0072 0x1a58  RemoteAccess - ok
06:35:13.0166 0x1a58  [ 3183B161B1F05333F6C325577FEF3596, D6A89B2A021377B6F371E5B9EFC36FF018822B28F0ED41F8CD2F00C5C8605707 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
06:35:13.0306 0x1a58  RemoteRegistry - ok
06:35:13.0539 0x1a58  [ 94DCF20DF6170B557AFD386E37C128BC, 70FB7C7A7D2BFA95EACEEE38B39E1DCA93DA63AE1898C4F54956B9413C60EB88 ] RetailDemo      C:\WINDOWS\system32\RDXService.dll
06:35:13.0711 0x1a58  RetailDemo - ok
06:35:13.0898 0x1a58  [ 9C3AC71A9934B884FAC567A8807E9C4D, 0B6B2970098E3C21E1E54A25785544903E8CD415B527FCEF86ABC7B33BEC83E7 ] Revoflt         C:\WINDOWS\system32\DRIVERS\revoflt.sys
06:35:14.0039 0x1a58  Revoflt - ok
06:35:14.0195 0x1a58  [ 068220E1B417556F4226E6A3CA0A1C24, 381DD82EF6EAEE83B5B3FA123D04A4D1EEB3407737683C22BBA787C39DCAFFE3 ] RmSvc           C:\WINDOWS\System32\RMapi.dll
06:35:14.0226 0x1a58  RmSvc - ok
06:35:14.0367 0x1a58  [ 672724C8B21B7DC56646045DE4D5B860, 79986E80A92C949C543959F1E35647A9788DAB2892AC20B6DEA5C0BBC0CEDE9E ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
06:35:14.0382 0x1a58  RpcEptMapper - ok
06:35:14.0429 0x1a58  [ 109C1D609951E886D3643B15C1EDD1C2, 347D8E7C50EC7F96217C7421D9BC8A42C9DF50B94169CB58DCF857A63C33C2EA ] RpcLocator      C:\WINDOWS\system32\locator.exe
06:35:14.0429 0x1a58  RpcLocator - ok
06:35:14.0851 0x1a58  [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
06:35:14.0867 0x1a58  RpcSs - ok
06:35:15.0007 0x1a58  [ 5FF28F097C9699097B473F8FC7C1AA7D, 695560F1DBD85073F3D6CB1FF16F16504CA044EA62E940E463A16BBA8B86E2FA ] rspndr          C:\WINDOWS\system32\drivers\rspndr.sys
06:35:15.0007 0x1a58  rspndr - ok
06:35:15.0164 0x1a58  [ F9265C902BB9146C6BFF97BDF35C04DE, DC70B404A701CE5F60421F664F745CA84722ED86FAFC87F2A8A71BFD25CD6151 ] rt640x64        C:\WINDOWS\System32\drivers\rt640x64.sys
06:35:15.0210 0x1a58  rt640x64 - ok
06:35:15.0242 0x1a58  [ B5DAEE69BACA64D2BB004568E22D8756, C0072CF6B438ED756435A182D55AC55F3AD356ACBD483DE06A94893D3CA8CCC5 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
06:35:15.0257 0x1a58  s3cap - ok
06:35:15.0320 0x1a58  [ FD0FC10A8CFD7AFEC58BBBE649BAA470, 9BDBD540FCF33FC01AB896D50A872E2FB5A007225FA003C528E6DCBDBEE19C25 ] SamSs           C:\WINDOWS\system32\lsass.exe
06:35:15.0320 0x1a58  SamSs - ok
06:35:15.0476 0x1a58  [ 5E73FB63E2DBC75FE0C17DEB0010CE0E, 9DAC47486262397D03BC01F7438CAB62CF33BD7B5283F5B9548C770A3D6D0ADC ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
06:35:15.0534 0x1a58  sbp2port - ok
06:35:15.0598 0x1a58  [ 3CD0130FFDEAEACF0905B482F3934EA3, 1EC355B63135FD2563093EBB206741C0C4CCE0551A662F6DC86C875146A88B06 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
06:35:15.0676 0x1a58  SCardSvr - ok
06:35:15.0770 0x1a58  [ 9EE060D6560FFBFBDB2ED5D6ED192294, 14387B69CD26D12BE31A23251B6AA8EDFC4D6CDE4FA558F0950DE91D2DD03946 ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
06:35:15.0801 0x1a58  ScDeviceEnum - ok
06:35:15.0926 0x1a58  [ 3D9A82B03C92D1FEC42CB171D6F57778, DC027F02F5EB5F1D10DB6F405FB0C15D4D5C922445F5F3C916624113278AF072 ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
06:35:16.0020 0x1a58  scfilter - ok
06:35:16.0317 0x1a58  [ D4DB6B318A0A0C74A90260725A228C0B, 57BA2EF9D880488C785C806ABF9EE753A48E589129442D72F815CD6EFFA07B22 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
06:35:16.0379 0x1a58  Schedule - ok
06:35:16.0489 0x1a58  [ 9055ADDFBA4C8B914C914CE693B55C0A, DB213AC36E14D856B81D2AFE46815402537A2ABEEA15032A9FF436F953129441 ] scmbus          C:\WINDOWS\system32\drivers\scmbus.sys
06:35:16.0504 0x1a58  scmbus - ok
06:35:16.0536 0x1a58  [ B6F2363584E62960846F7C3F00124A4F, 252189FF9D623CF69BF415FF7C7FE74B0BBF756B632420578BFAFF6595616CF7 ] scmdisk0101     C:\WINDOWS\System32\drivers\scmdisk0101.sys
06:35:16.0598 0x1a58  scmdisk0101 - ok
06:35:16.0723 0x1a58  [ 9450FA11E9DE6715FCB71A519A8FF90B, B7E341C6E4CE967FCDD0D17A497C07E8A1C6B0AACE8A6E8E5D6C21EF73F13E16 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
06:35:16.0739 0x1a58  SCPolicySvc - ok
06:35:16.0911 0x1a58  [ FCBB8A17B4437B2CA8CC8DA8CB1D306E, 5FA762B1B6C8A45ED6F304A45B500038537ABD3DF6328F3C8E2BD43CBDEAB835 ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
06:35:17.0036 0x1a58  sdbus - ok
06:35:17.0286 0x1a58  [ F3714DBAA42C15F78FFCDFE4273214EB, 2D018970B92C5F0744FAE10A2FC298F3DCEA5C2EDEB760F4F0651337B9878ABF ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
06:35:17.0301 0x1a58  SDRSVC - ok
06:35:17.0332 0x1a58  [ 120DFCB71D6C502613A9E2D50E16850C, 2C294010AD1C9C380CD5221A37720544178B7358C8C8553AF44055E4CEE5DAF5 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
06:35:17.0426 0x1a58  sdstor - ok
06:35:17.0473 0x1a58  [ EFD644DD091E1D94555FC3BBC95EA66D, FBDDA6680BEC378CCF12A32D9186020E884DA15A1E789D1531B1E687FC7B54B1 ] seclogon        C:\WINDOWS\system32\seclogon.dll
06:35:17.0489 0x1a58  seclogon - ok
06:35:17.0547 0x1a58  [ B605A44ACA1FCFF736235A4D7AEDA548, 48D8B5BC027CFE91AF7402C463327572181D4C1B1E2942F4D05792EED070B2DC ] SENS            C:\WINDOWS\System32\sens.dll
06:35:17.0547 0x1a58  SENS - ok
06:35:18.0047 0x1a58  [ 1CC993A041899B48D5DF4D3F4A4425FC, 8D138B3A92C0E181C865A37AD55EE2D55CC352ED9B60BF60BE0AC610F13F8FA1 ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
06:35:18.0172 0x1a58  SensorDataService - ok
06:35:18.0390 0x1a58  [ 7BFD114F0F308CE29AEB8F16056D0658, 0CD3B3C69DCB3EAD8F8EF5C633911DD4F2C1167DC6FE28107EE38713A35A1F5C ] SensorService   C:\WINDOWS\system32\SensorService.dll
06:35:18.0453 0x1a58  SensorService - ok
06:35:18.0609 0x1a58  [ E6F00415DADCEEC860E7AB42BFD19A65, 274CAF22F93D43B6DB6953730E3DF8DA94776B24EEE74B80AB4CD780BC1366A9 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
06:35:18.0672 0x1a58  SensrSvc - ok
06:35:18.0765 0x1a58  [ 401D706DDC0A7AF18C3DD228ADF74551, 27C0B38D7C2E3F6FF06201124E63483931F6071954B2B99EC0143C464238C0B7 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
06:35:18.0875 0x1a58  SerCx - ok
06:35:18.0922 0x1a58  [ 7084D11083F0CDCA8B5C76F9846ABF5D, F639920882B0E784D8CFAF0D4C0F0C411937B6831E5DD99B0ABFBFE06BA4742F ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
06:35:18.0937 0x1a58  SerCx2 - ok
06:35:19.0031 0x1a58  [ 3FF478A8ED32A83C36581425F6282B6C, 787646A17098EA7CF36064D0A950C1D470D4A280C8C5AC40023D566E53860EAE ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
06:35:19.0031 0x1a58  Serenum - ok
06:35:19.0078 0x1a58  [ 92509187AA171A80521528B36F753E1D, FE0DA272B8A155ECC161E99586C4AE7EE17B1C84BC330DA1566C83B8E03FA825 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
06:35:19.0172 0x1a58  Serial - ok
06:35:19.0187 0x1a58  [ 433D38FF6D08B993847EA2A10EB8CB52, 29BA75DB6D1AC761BBDFB5AC8874FC7D763E1CD10D290E369063B34CE951270F ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
06:35:19.0187 0x1a58  sermouse - ok
06:35:19.0328 0x1a58  [ D525D273BE5691BDACE72B07AB0D1E02, 9231BD2137E71B3D555CEBBA8811297F239FDA08BF573CA4741D03D76718B5B1 ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
06:35:19.0437 0x1a58  SessionEnv - ok
06:35:19.0484 0x1a58  [ 697D3EE0740AEAB62B66ABCA1C83D13B, FCF54A0071ED04AD3FC8551C67FE5FD49089DC0510F753052CAC5972A65C9E3D ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
06:35:19.0484 0x1a58  sfloppy - ok
06:35:19.0839 0x1a58  [ 3D0069B8F0C2FB1B0F13DBDB57593DAD, 4CEC91BC45A51C4E445D2DD8A13AC97719D5AAC1DBA8EA9166D2A354E7857378 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
06:35:19.0964 0x1a58  SharedAccess - ok
06:35:20.0151 0x1a58  [ 482E6BE8A07832E824080D352075ACA1, 4123A76C8E805AF4FE229C53E9C174095C0937913BA81A63FE9B45C44AA5B15F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
06:35:20.0261 0x1a58  ShellHWDetection - ok
06:35:20.0386 0x1a58  [ CF3BDF9EAD8D3EF671E9339B44B185BA, C17EC6D5B00F49D9C8B5B6C262A85F34ED71C58450659F006B3632AA84F68E23 ] shpamsvc        C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
06:35:20.0464 0x1a58  shpamsvc - ok
06:35:20.0526 0x1a58  [ A34CE1830E45DA98932295FDE4B7908A, FC553ECF4D64B4B10B7FDE5352707785517A18D487A80665BAFC7261E3F35CDC ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
06:35:20.0542 0x1a58  SiSRaid2 - ok
06:35:20.0573 0x1a58  [ A7B5C670770E908DA5FEF5BF1136E933, 8D3BB6FF65E631C34BE8EA766481B2FDB2E1E916A4FD67F86705A8975A136E6C ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
06:35:20.0683 0x1a58  SiSRaid4 - ok
06:35:20.0776 0x1a58  [ 3CF50AFD283566573E0412E5D512184A, 382825D5592F13088FB82A0452F9FAC917767A808B521F1BDACB78B70797FB5A ] smphost         C:\WINDOWS\System32\smphost.dll
06:35:20.0855 0x1a58  smphost - ok
06:35:21.0058 0x1a58  [ 0B217141AC1283655402CDB356577735, 6EFA4CA46CFC8B7156CE7E5CA89B7F7073E16D66C2FC13F4DB95FEB78CCF698F ] SmsRouter       C:\WINDOWS\system32\SmsRouterSvc.dll
06:35:21.0183 0x1a58  SmsRouter - ok
06:35:21.0261 0x1a58  [ 6F4CE07D420FB657B5936F71101ABD41, CEC52984C56E578E0FFE12BE1B8148335F788B7D1751F2D0E79B944A41113C20 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
06:35:21.0355 0x1a58  SNMPTRAP - ok
06:35:21.0567 0x1a58  [ 3DB9C2950439B61A038BF83E697C7A14, 6BF5EA5D4A251CB982F336840A60EF4241A3FC7442E7CD4D7C82199F5BF8D4D2 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
06:35:21.0723 0x1a58  spaceport - ok
06:35:21.0770 0x1a58  [ E03264C4C25B568F92ED1656AD541E64, D42942BFFBC7213D204FAF84F4FE015FC23A6ACB29B5E752834EDBC17A3AC20D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
06:35:21.0770 0x1a58  SpbCx - ok
06:35:21.0989 0x1a58  [ DA5A9752A702E86AFC10F06115A8AF4C, 1EBF973AAEE0D851934CFD99BF6FC3B33D6EF5EDE95F81450D2EA18117172FC9 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
06:35:22.0005 0x1a58  Spooler - ok
06:35:22.0895 0x1a58  [ D9B2C0D75F4463EE117F56D59D3CD670, 6E43BCF9388BCA58E2BDF64B71022334542727B0CDDE5F8DAF2AA8CFEA5F619F ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
06:35:23.0114 0x1a58  sppsvc - ok
06:35:23.0270 0x1a58  [ EDCDCD95B916DB156A903AC6256F0CCF, 4158EFE298235EDE2C34CE9F3978A4F3690379F14B21F917647EEAA0A8C1DE4A ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
06:35:23.0333 0x1a58  srv - ok
06:35:23.0552 0x1a58  [ DF7147DE10921DBAAE9F9EEF94590E10, 2222BA441227056DA17194648B3AF49655650F7BBA9E4A9ACEF519E392099C6D ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
06:35:23.0606 0x1a58  srv2 - ok
06:35:23.0637 0x1a58  [ 416D224AF7481A4179F018FB1F9A5B6B, 38159D7957A8091DFC5C32DCAC4DB07FDE14BBE4E75B4E61B4FBB332E3F9259D ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
06:35:23.0746 0x1a58  srvnet - ok
06:35:23.0809 0x1a58  [ 44758105AB3EA34E815D4B6CA1153311, 7F223A20D2538C123BAC6F75BE0E126876A116F09502FD980C05B8916E26E1B7 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
06:35:23.0840 0x1a58  SSDPSRV - ok
06:35:24.0075 0x1a58  [ B97C7EC07218A8002323718202BF5E77, 39D3254383E3F49FD3E2DFF8212F4B5744D8D5E0A6BB320516C5EE525AD211EB ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
06:35:24.0090 0x1a58  SstpSvc - ok
06:35:24.0856 0x1a58  [ DF762D30EF0EE10E569C507BE75EAA6B, C23BA05E778CF1A547E7D3FE2226E0E68917570C56D5E703E599CAF2FD10BD17 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
06:35:25.0090 0x1a58  StateRepository - ok
06:35:25.0528 0x1a58  [ 7FFEE5D79695C7392DBF3EA1F18A1E67, 641FB87F0826C183F54B24099A3DFD2A322CF60500D31A602B83C2D5B6F40781 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
06:35:25.0583 0x1a58  Stereo Service - ok
06:35:25.0677 0x1a58  [ 29D26E1347AE1BBD4201014E19880B2C, 9E2153AD96CE4F189EEE43BB02515532C619FB1CA02D8F6DEF517AC3347AAA14 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
06:35:25.0677 0x1a58  stexstor - ok
06:35:25.0958 0x1a58  [ 91CB95B35481155BFE29C217CD237F27, CA66957DF1441D991453BEF02D768D44E5D9A484BC23C8874E8A7AC20904CB06 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
06:35:26.0083 0x1a58  stisvc - ok
06:35:26.0192 0x1a58  [ 0FE3B9A9E40DE1029B0AC2368A3F765D, AB06795E456DB9CE4E5A91DD1C2638B4D474CE1C5DB4819D5EE17A337D74A231 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
06:35:26.0215 0x1a58  storahci - ok
06:35:26.0278 0x1a58  [ C5E0ACE4771F5575D9D5B457ABF3AD03, 365880BC5AC313F25C313EFB7758301F98D9B2BF4C5FC9499F98C2B7F8407D96 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
06:35:26.0341 0x1a58  storflt - ok
06:35:26.0391 0x1a58  [ C1CFB9C19BF1134D8B9A7CF89BEC0AD1, 60DDF10777B30F3F70E4D52AFEABE71C7B509D0F2E3829106ED42ED330F8BCF4 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
06:35:26.0396 0x1a58  stornvme - ok
06:35:26.0446 0x1a58  [ BEBF85EB4D90E6996047DA027D0ED26E, DF109CF0F07CDD1B9B702C2A076D4DD5366DAAD971CC9359AF0358E79981706F ] storqosflt      C:\WINDOWS\system32\drivers\storqosflt.sys
06:35:26.0449 0x1a58  storqosflt - ok
06:35:26.0753 0x1a58  [ EAB902EB8DCF9436354C7CF71A41C223, BB855A7C296AE60C025C7D488EB24BB7AB72FC716A12BE0BBE14B95DFCD290ED ] StorSvc         C:\WINDOWS\system32\storsvc.dll
06:35:26.0831 0x1a58  StorSvc - ok
06:35:26.0909 0x1a58  [ 8E73037A6F8938475692FFCC26EBF385, F78C5CD1A3CD17AA831EEC82426B14006B4DDBC9085A4814E04E8C37FD6B05F7 ] storufs         C:\WINDOWS\system32\drivers\storufs.sys
06:35:26.0909 0x1a58  storufs - ok
06:35:26.0925 0x1a58  [ 9D9DED47DA10E845EFF2DD57C94C809B, 520D0CE7A867051B80C8141E351FE5A5BCE3C99776093F234DB77D3407B1F104 ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
06:35:26.0940 0x1a58  storvsc - ok
06:35:27.0050 0x1a58  [ 224C92E442B1B8C20C274332F1ACF00D, CDE5DCFB7A21089464A6E2ABB29BBE08B184C3433C218756AA5902A8F67C0B2C ] svsvc           C:\WINDOWS\system32\svsvc.dll
06:35:27.0144 0x1a58  svsvc - ok
06:35:27.0284 0x1a58  [ 505E0C40B5D0ADDCBB414640F59BD2E0, DF4B5E65FE6FF2224F298A2A2FAC9B648C082DFF8463148633647580A9FAD34D ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
06:35:27.0284 0x1a58  swenum - ok
06:35:27.0378 0x1a58  [ 2EE27411B5904C63D723BEA391819F58, C88C11D460E90398E16011B8A2CED5EE5626084F24790EA6115532F8F70060C6 ] swprv           C:\WINDOWS\System32\swprv.dll
06:35:27.0503 0x1a58  swprv - ok
06:35:27.0639 0x1a58  [ 32F46FB0F290D16DAA452B289C985795, 73F88AAAA6026DB4C27F1D054145216DCC3F1960946FB2A7A90518DD1D5737CB ] Synth3dVsc      C:\WINDOWS\System32\drivers\Synth3dVsc.sys
06:35:27.0639 0x1a58  Synth3dVsc - ok
06:35:27.0998 0x1a58  [ FED48B19D6F55D7A3AB498D85729D1BA, FA5E0E02BC2E2DE108C55991E3B063CC947072228B53539F42F922661510DE7C ] SysMain         C:\WINDOWS\system32\sysmain.dll
06:35:28.0170 0x1a58  SysMain - ok
06:35:28.0342 0x1a58  [ D9FEA79BF6AF136F8E656AE045C2FEC8, E6F08A93348E035185F0F1C6B6277E636F4F25D1136E3ACCA63488DAEEC7114B ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
06:35:28.0436 0x1a58  SystemEventsBroker - ok
06:35:28.0592 0x1a58  [ 86E7FD5C8DBEC1EB51C4368561402B75, 86EE61414CD5854E39E33F67BF5DA4377B569B3ED4D18882C470BC6784891DA1 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
06:35:28.0608 0x1a58  TabletInputService - ok
06:35:28.0701 0x1a58  [ 3929C8FC134AC672C4F3F85160956257, CD3195CA58BA6F55EA0DDA2BE6AB58280AD1CA488D7AAA1539DD05FB99374F36 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
06:35:28.0811 0x1a58  TapiSrv - ok
06:35:29.0358 0x1a58  [ 172B5A199F917B4BACB38F13BCAA11CB, 8491C9E284658920544F5EFED7125D50135C43360BD50B78F962578D9716C719 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
06:35:29.0483 0x1a58  Tcpip - ok
06:35:30.0026 0x1a58  [ 172B5A199F917B4BACB38F13BCAA11CB, 8491C9E284658920544F5EFED7125D50135C43360BD50B78F962578D9716C719 ] Tcpip6          C:\WINDOWS\system32\drivers\tcpip.sys
06:35:30.0073 0x1a58  Tcpip6 - ok
06:35:30.0166 0x1a58  [ 8DBB1BE20C36E6D19BCC89EEA00B953C, 8B97A7E53E1D77363AFF6A5AAEAD89EBAE28DCB8D82753C804FD7CD5646500AF ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
06:35:30.0213 0x1a58  tcpipreg - ok
06:35:30.0323 0x1a58  [ 9D2DD64A0B51C56285512DC9454340F6, ABB90CE6A55269F71AFB08E04969CF9A4EFD93F7A7189AF920EEE3E005214DDD ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
06:35:30.0338 0x1a58  tdx - ok
06:35:30.0416 0x1a58  [ 06130AFFECEB94525FC2352936576B70, 10EBE2C8FDC087D29E2FFB328F0F7905A5374AB8CC9FAE8699E7676DBC8CBF91 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
06:35:30.0416 0x1a58  terminpt - ok
06:35:30.0870 0x1a58  [ FB68E5F02316C42BE7282DA492351C6F, AC31D841FEA58B776127E138DB20F8D48E26FD8C00CE2FA9695EA14EBF159A0A ] TermService     C:\WINDOWS\System32\termsrv.dll
06:35:31.0026 0x1a58  TermService - ok
06:35:31.0151 0x1a58  [ 2AF438EC0D361A7BBB70E604A686602C, 4BE6A0461EB2CB94288614434A1CEC81C2ED46241721FD5BBD8ABE0680F7C804 ] Themes          C:\WINDOWS\system32\themeservice.dll
06:35:31.0245 0x1a58  Themes - ok
06:35:31.0416 0x1a58  [ 1482B8ED5CACA87992A882B853B83CEE, 613247F0E362A109090E8563D977DECC50C64D45D6962905FA84A2D59329045C ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
06:35:31.0495 0x1a58  TieringEngineService - ok
06:35:31.0678 0x1a58  [ 3B3C607C3C62DFBEF61938DA2CAB94DF, E5EEA7F45A7BBFDF6F0003CD77E39958C451DD1B4B401876B5619A3C20F5C370 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
06:35:31.0772 0x1a58  tiledatamodelsvc - ok
06:35:31.0788 0x1a58  [ C1F8CBE2D4843E0CCC3EFEA2EC60D4AB, 9D07527D982066922318C77AECE99280DE55034C375ACE145E827A6BEB5C3B70 ] TimeBrokerSvc   C:\WINDOWS\System32\TimeBrokerServer.dll
06:35:31.0897 0x1a58  TimeBrokerSvc - ok
06:35:32.0006 0x1a58  [ 798C8CB861EB09C5AFB77468E5449BBB, F6631E779159B99B097A59792D11713809CA493618B6A210A4BC905F16782094 ] TPM             C:\WINDOWS\System32\drivers\tpm.sys
06:35:32.0038 0x1a58  TPM - ok
06:35:32.0163 0x1a58  [ 3B91F35089240F6187AD681A5EC28BDE, 3D035CB73BC8E7831DCD0FB7D9DAD91CE51D3D0F9D9C8B866A0009BD508B6702 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
06:35:32.0194 0x1a58  TrkWks - ok
06:35:32.0522 0x1a58  [ 0D5A09B08568760AE85A801FCBC0F83D, 347ACBA74FDCBEAC671521739F8A34EC0E378CAF716C31F55616F9F843E4D0D3 ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
06:35:32.0584 0x1a58  TrueSight - ok
06:35:32.0850 0x1a58  [ ADD8AFDAB539AF2B1FB75F6DB2CD7B71, 46BA69DA6114A167D6C467AB9BA583514475509184C6FF056460ADE76D0A76B1 ] trufos          C:\WINDOWS\system32\DRIVERS\trufos.sys
06:35:33.0116 0x1a58  trufos - ok
06:35:33.0256 0x1a58  [ AF343840E793BE63A9C646760BE8F2CD, 483FE55873A01DB7ACEC99B6823DAACC9EA7C67D36C6F12698113B31A7D5B8BE ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
06:35:33.0272 0x1a58  TrustedInstaller - ok
06:35:33.0428 0x1a58  [ A6F4025664C9D4BC2A9EDAB4092706D7, 89808A1679C0E716F86F06EE7701DCC289200894F0FA1F120DA2AC3A45FDB312 ] tsusbflt        C:\WINDOWS\system32\drivers\TsUsbFlt.sys
06:35:33.0428 0x1a58  tsusbflt - ok
06:35:33.0459 0x1a58  [ 37A96AD493E110C0BF1EE0AC0F9E7DBD, F2A6894A4AEE18DF2B92222CDB0801A13AEEB7212071F0431430788339B30E23 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
06:35:33.0459 0x1a58  TsUsbGD - ok
06:35:33.0720 0x1a58  [ 79E264287F17D56D768440B0270466DE, ABF9DC95C5E939B30BFD9BF9EDFDB3BD78A9DFCB055B945965303B6A60E6D7A7 ] tunnel          C:\WINDOWS\System32\drivers\tunnel.sys
06:35:33.0751 0x1a58  tunnel - ok
06:35:33.0892 0x1a58  [ 0F38FCE8C61CC14DE3718FAB5FFC0D3A, 527071956BDC0F2863DCDFEDD314DB5265A6AE525F810186F508E0D58A97D767 ] tzautoupdate    C:\WINDOWS\system32\tzautoupdate.dll
06:35:34.0002 0x1a58  tzautoupdate - ok
06:35:34.0034 0x1a58  [ AA65954F512BA097DD190790876DD991, C1BB2B8F54F064D01190327B5E7949EBBDA21D6FC6F94D9FCD20F685C2F855FA ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
06:35:34.0077 0x1a58  UASPStor - ok
06:35:34.0143 0x1a58  [ AB6268022C3A5B529075A39C33904DA6, 2717F1704640201F2681711543EA39A74C3E89C7DB232EC5DD89FD8AA6F07846 ] UcmCx0101       C:\WINDOWS\system32\Drivers\UcmCx.sys
06:35:34.0149 0x1a58  UcmCx0101 - ok
06:35:34.0205 0x1a58  [ 7ED2EDA43D21C7A5F589A7960E265C52, 7DB8A595236FBB8A264D7AB155201357212855050ABB5B1036EF32F1223FDCC2 ] UcmTcpciCx0101  C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
06:35:34.0212 0x1a58  UcmTcpciCx0101 - ok
06:35:34.0234 0x1a58  [ 169351463039B45F5CDED9768879F712, 990C8C4AEF9ED7FF6BCEAE67F7BDAA037777B142B8D96A74F8715C941A5C63C6 ] UcmUcsi         C:\WINDOWS\System32\drivers\UcmUcsi.sys
06:35:34.0238 0x1a58  UcmUcsi - ok
06:35:34.0374 0x1a58  [ 08A9E3AD29B215484FBB68CDC175DF3A, 3EFFF99C3BC4A1454E3D2B5177AE587ED3041AB4CE2A95BA7E28A2124E38E1E5 ] Ucx01000        C:\WINDOWS\system32\drivers\ucx01000.sys
06:35:34.0389 0x1a58  Ucx01000 - ok
06:35:34.0406 0x1a58  [ DA70AEE267491AA56BC63AA0C0C96CA2, 0A0AADB27607F9292BB3CE000CFDDB19BD4CA09EAAD926C4925CB43B17817AD9 ] UdeCx           C:\WINDOWS\system32\drivers\udecx.sys
06:35:34.0410 0x1a58  UdeCx - ok
06:35:34.0597 0x1a58  [ FBC5ECF6D5A868D0B116C2DBB02B8168, 945AA76C60ABAD6075B5C8F9172C018F75BCF393A1CB8B329F5E68E664627775 ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
06:35:34.0613 0x1a58  udfs - ok
06:35:34.0707 0x1a58  [ B918E40FAA9CD118CCA4AD388B748C98, 4B539B7B656F02C5E5BAEE52A677757B05CC11C5500D619850A564C28FAB8115 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
06:35:34.0707 0x1a58  UEFI - ok
06:35:34.0754 0x1a58  [ 0FD75222C1AD2687AB365BEBEA400DD4, AD10DBCA59EB7D34FD8F963CE267F36774A9BC613F8D637903B12AC88C328E8A ] Ufx01000        C:\WINDOWS\system32\drivers\ufx01000.sys
06:35:34.0832 0x1a58  Ufx01000 - ok
06:35:34.0879 0x1a58  [ C1A78C53E01C641AE41BFA65797819F5, 0B9FE1BD724B3315199A1B1DA2F03255E4FE744DA3CE6CD0F77699A8E42E9359 ] UfxChipidea     C:\WINDOWS\System32\drivers\UfxChipidea.sys
06:35:34.0957 0x1a58  UfxChipidea - ok
06:35:35.0035 0x1a58  [ 767307212110EBEFB93EC9A5BE9E85B9, 368797400FE54802CE74F34B773CE2AF09EB8DEA6C035B55419A52F0B5A6FAD0 ] ufxsynopsys     C:\WINDOWS\System32\drivers\ufxsynopsys.sys
06:35:35.0082 0x1a58  ufxsynopsys - ok
06:35:35.0222 0x1a58  [ 8578F83EC5175920F2D8586FFF9DCE47, 049A16AC87F93E761150C8286633FFCA62EE85F5645DDE77D36BD0EB6481FF83 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
06:35:35.0238 0x1a58  UI0Detect - ok
06:35:35.0316 0x1a58  [ DC460AAA18CA2342FBBFB2DF9B044472, 14D45E059C596AE97506D26705F248CA1C2269160B31A60341060E8A93146CBD ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
06:35:35.0410 0x1a58  umbus - ok
06:35:35.0472 0x1a58  [ C3CF0377917ECE6D65D7623E1E61568F, 4909695E04CBC86BFCFFBC15F332C367521054B7B4D3C141C7CA6B2E40E090B9 ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
06:35:35.0488 0x1a58  UmPass - ok
06:35:35.0702 0x1a58  [ 640CF093C1CF16D5FD317616CA348F31, BEC34D1AACA83BF5A84CE01F6A668E3CA5A33C56A446DC42EFFF7C43D22E1AE6 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
06:35:35.0717 0x1a58  UmRdpService - ok
06:35:36.0030 0x1a58  [ B8272BB8D4982C496FDC704809C38E02, F93855D932FB1DBBCC86E82C0FE0DC9ECF93BBD629D2CA9D0BE7E075E114B7FF ] UnistoreSvc     C:\WINDOWS\System32\unistore.dll
06:35:36.0186 0x1a58  UnistoreSvc - ok
06:35:37.0155 0x1a58  [ 88E54041480637C2E424AF9E593C904C, 07CD209474C04EFFB8CE6FE5060ABAACE963051B76E3A9E330F1D9A083C60A71 ] UPDATESRV       C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
06:35:37.0217 0x1a58  UPDATESRV - ok
06:35:37.0624 0x1a58  [ 6CDA3536F6BAB7896A57EAB7DC07F379, 8FBE6457ECD1ABB518D9800EBA8A017774FFAA8EABD2EDC0825181A12FE9AEF6 ] upnphost        C:\WINDOWS\System32\upnphost.dll
06:35:37.0665 0x1a58  upnphost - ok
06:35:37.0758 0x1a58  [ 6B46FC140C9AF68E6E7697D66D59CB4D, F018B4784D65F1A8140A6EA69C35D6A7ECE01738694052FD54AFD2B81A8F2FF8 ] UrsChipidea     C:\WINDOWS\System32\drivers\urschipidea.sys
06:35:37.0837 0x1a58  UrsChipidea - ok
06:35:37.0915 0x1a58  [ B4402E7F0923F660270442CE76877ABE, 1C2DD26EAB71F75EA576E8DAABAF71FD7DC3DF807CF025617C774CEF33C0B718 ] UrsCx01000      C:\WINDOWS\system32\drivers\urscx01000.sys
06:35:38.0008 0x1a58  UrsCx01000 - ok
06:35:38.0071 0x1a58  [ 9DD431F1B94789CFB527E5D19261F124, 8F5A249A97C5B14B282E3147DD21951D2AD34B651E762814C12F4C26D74EC70C ] UrsSynopsys     C:\WINDOWS\System32\drivers\urssynopsys.sys
06:35:38.0071 0x1a58  UrsSynopsys - ok
06:35:38.0118 0x1a58  [ C87E32B90F085970D9637FBAD45EF6FE, C180EACD2EE479277DA5DBF39E43B428BD7945141B2451CB3946B0C1E495E76F ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
06:35:38.0165 0x1a58  usbccgp - ok
06:35:38.0243 0x1a58  [ 0B663856474AC41924D9E9112203858F, 9E09F2A6279B48CAC09F8C7AA1F1BE02864D540C2ED1460CBA9FABCF0A546A1E ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
06:35:38.0305 0x1a58  usbcir - ok
06:35:38.0430 0x1a58  [ F83D2250256203AC5DA5E8601C1AFDD7, AC0D90E2DB3051798B9D287CF3D0E92FED4000822E65A82775A29CF896B76F04 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
06:35:38.0446 0x1a58  usbehci - ok
06:35:38.0680 0x1a58  [ 7FFD26742321919590ED77FCA556D65F, F7FAB63C36F8519F5A7B9091C507F3CB580C390322FAF9155CCE7F66C965B968 ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
06:35:38.0727 0x1a58  usbhub - ok
06:35:39.0008 0x1a58  [ 7A749B2863B5561BE34B39E8E249AD8F, E5B67DFAF5407007FD0CC408D6B4BA19DF59584819FC715E9F9E0FBF3EA00AAB ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
06:35:39.0149 0x1a58  USBHUB3 - ok
06:35:39.0274 0x1a58  [ D2109F1F4FEBF1DAC415CDC5DE876479, C8A871EBD0E5EF004BA622A73DAC36C03608CD317FDCD0A6A98608DF4CC10D55 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
06:35:39.0274 0x1a58  usbohci - ok
06:35:39.0430 0x1a58  [ 29C9572F2D061CFC3C0BD48A3163E343, 2527DCC9E6D421F5DC40051C787A5270EB077746785465C9AA2A2AEEF47307D5 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
06:35:39.0493 0x1a58  usbprint - ok
06:35:39.0540 0x1a58  [ 429477D6DEF3321FF7D3EF23CAAADA00, BB7D2AFE99736AAFFA8B0B2DABF7D6A6D5CB9563B1DE6A7E86CE7DC9D27F31C0 ] usbser          C:\WINDOWS\System32\drivers\usbser.sys
06:35:39.0540 0x1a58  usbser - ok
06:35:39.0602 0x1a58  [ 0CC16F7B91C57AE9A4E44425A295FDAA, 7CEE11955E5742DA390601F565412C14A7481B8747C495CCD246696C56B426DC ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
06:35:39.0602 0x1a58  USBSTOR - ok
06:35:39.0719 0x1a58  [ C917D09064CDBD18F75ADC9B2C48F847, A7F6223346CCD7E84186CD0C0715014F8E3A4398298925A43290224678620D23 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
06:35:39.0766 0x1a58  usbuhci - ok
06:35:39.0860 0x1a58  [ 95BCCEFBC40D06484CF16144FE79B8A5, 8ABA73C5FFEDD319FB96B807AD08716698E557522478DF1A2C5D662675636AE0 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
06:35:39.0969 0x1a58  USBXHCI - ok
06:35:40.0391 0x1a58  [ 4CC81AB9D380A6264FF4C0C1512CF965, 76C33053D1C9155B0F3F8392FF982AD4EABEE2BBBEE89EA41DBFE8E436973EB0 ] UserDataSvc     C:\WINDOWS\System32\userdataservice.dll
06:35:40.0547 0x1a58  UserDataSvc - ok
06:35:40.0797 0x1a58  [ 8F6DAAFDDDA27D83ACC8C7FF1536CAF6, 5E1B67A5B388CBB3B193C238546BAD4DC5F5DF54859E16607A60681E6D38FA73 ] UserManager     C:\WINDOWS\System32\usermgr.dll
06:35:40.0954 0x1a58  UserManager - ok
06:35:41.0094 0x1a58  [ C7CC4F8EA7FC1DE4221103B39360ABA0, 00B12186D731C3869022DCE763B243123D4E0B9BD0EA52AD9C95F9416F13FFD1 ] UsoSvc          C:\WINDOWS\system32\usocore.dll
06:35:41.0219 0x1a58  UsoSvc - ok
06:35:41.0266 0x1a58  [ FD0FC10A8CFD7AFEC58BBBE649BAA470, 9BDBD540FCF33FC01AB896D50A872E2FB5A007225FA003C528E6DCBDBEE19C25 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
06:35:41.0282 0x1a58  VaultSvc - ok
06:35:41.0313 0x1a58  [ 0CBDE344FB48E42D78E29469F202ADBC, A1C3FBA5409DD3BBEAF1D3CE2583D6C8A621C0E4F534155EC540AFD67BC9E8CA ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
06:35:41.0313 0x1a58  vdrvroot - ok
06:35:41.0579 0x1a58  [ 0783EDE1FA94649ED7F3CEF6A734041A, 1A13A613EF6B67459031C7994FFC6F32F73E02E0F123A171618E4F011C635684 ] vds             C:\WINDOWS\System32\vds.exe
06:35:41.0716 0x1a58  vds - ok
06:35:41.0778 0x1a58  [ 723195568C8755CAD57F7933C5F2C5C2, 5C403799F67223605F825BC16D217C1EF5E1A0DDF00AC6380FE8976339B67D9B ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
06:35:41.0888 0x1a58  VerifierExt - ok
06:35:42.0059 0x1a58  [ C12B4859FC255AA6B3021CF8BB14A11F, E95922351825D23ABCADD173E9256FC9AFFF28555DD1971CFF5666A2055958C5 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
06:35:42.0169 0x1a58  vhdmp - ok
06:35:42.0184 0x1a58  [ 7929228F0E8B0C2FA0495A17A4FC27F6, 1F1667B10A96B1D85ED165F62A5C0EF28C37F828B8280EA08BFCC1BAC03F2C90 ] vhf             C:\WINDOWS\System32\drivers\vhf.sys
06:35:42.0184 0x1a58  vhf - ok
06:35:42.0294 0x1a58  [ AEE432ED868831B1F068E373598F6D93, BAE91F47B0CB94B826CA010B490AD924D7B715911DF3FCE62F9165F3B571105C ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
06:35:42.0294 0x1a58  vmbus - ok
06:35:42.0341 0x1a58  [ 9444B23FC694B5F90F21B0FC7F10D8DD, 86F92856F5C985DD8E5993B51E85E1F47EF8C9B2FB37468998C94266963BB4BD ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
06:35:42.0341 0x1a58  VMBusHID - ok
06:35:42.0403 0x1a58  [ 4D0287F566B36536DD812A54C015FC4A, 01D6508CA59CF04A47902B1F7C202FD14A81240E0B447588D919DD1072B040CF ] vmgid           C:\WINDOWS\System32\drivers\vmgid.sys
06:35:42.0419 0x1a58  vmgid - ok
06:35:42.0653 0x1a58  [ A6CA116884BE5352829D2E538AD56A87, 9C58A15E15433EA92E3DDB38BB446700BD620D43B0F46EDD578349676B4B4D76 ] vmicguestinterface C:\WINDOWS\System32\icsvc.dll
06:35:42.0747 0x1a58  vmicguestinterface - ok
06:35:42.0841 0x1a58  [ A6CA116884BE5352829D2E538AD56A87, 9C58A15E15433EA92E3DDB38BB446700BD620D43B0F46EDD578349676B4B4D76 ] vmicheartbeat   C:\WINDOWS\System32\icsvc.dll
06:35:42.0872 0x1a58  vmicheartbeat - ok
06:35:42.0903 0x1a58  [ A6CA116884BE5352829D2E538AD56A87, 9C58A15E15433EA92E3DDB38BB446700BD620D43B0F46EDD578349676B4B4D76 ] vmickvpexchange C:\WINDOWS\System32\icsvc.dll
06:35:42.0903 0x1a58  vmickvpexchange - ok
06:35:43.0059 0x1a58  [ DC3172A6EB5DDB5EF94CB734CB7D4E63, 812971E0C2C18C876FFC9A46F1563801894C2EE9DD01CE1A641A0C68C0C1C6E2 ] vmicrdv         C:\WINDOWS\System32\icsvcext.dll
06:35:43.0075 0x1a58  vmicrdv - ok
06:35:43.0106 0x1a58  [ A6CA116884BE5352829D2E538AD56A87, 9C58A15E15433EA92E3DDB38BB446700BD620D43B0F46EDD578349676B4B4D76 ] vmicshutdown    C:\WINDOWS\System32\icsvc.dll
06:35:43.0106 0x1a58  vmicshutdown - ok
06:35:43.0231 0x1a58  [ A6CA116884BE5352829D2E538AD56A87, 9C58A15E15433EA92E3DDB38BB446700BD620D43B0F46EDD578349676B4B4D76 ] vmictimesync    C:\WINDOWS\System32\icsvc.dll
06:35:43.0247 0x1a58  vmictimesync - ok
06:35:43.0341 0x1a58  [ A6CA116884BE5352829D2E538AD56A87, 9C58A15E15433EA92E3DDB38BB446700BD620D43B0F46EDD578349676B4B4D76 ] vmicvmsession   C:\WINDOWS\System32\icsvc.dll
06:35:43.0356 0x1a58  vmicvmsession - ok
06:35:43.0544 0x1a58  [ DC3172A6EB5DDB5EF94CB734CB7D4E63, 812971E0C2C18C876FFC9A46F1563801894C2EE9DD01CE1A641A0C68C0C1C6E2 ] vmicvss         C:\WINDOWS\System32\icsvcext.dll
06:35:43.0559 0x1a58  vmicvss - ok
06:35:43.0683 0x1a58  [ 29075915F9BDC3437F8BED71C067D399, 2C7718080C11DFDD4C9A2085537F78F5633369B4A27D9C64168F0249594A4AA2 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
06:35:43.0683 0x1a58  volmgr - ok
06:35:43.0777 0x1a58  [ 6BDB6CE6D2D9E3D3F28F1C97E12B62E2, 5E77D7AF858D7B90FF395F39B86D6F96413D1DDEA28BC9FB40C5524A4DF6DAD0 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
06:35:43.0886 0x1a58  volmgrx - ok
06:35:43.0917 0x1a58  [ BF2546583BB75F01DDA60A7921DFB230, 579BD0BC55F4F03CD8D1FCDAC3975A1649C688820F2F7FC1AD354132D9E3BEE9 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
06:35:43.0933 0x1a58  volsnap - ok
06:35:44.0042 0x1a58  [ AC2E20A74D09D24485BE8396CE04F07B, 23FCE8BEE01B89E5CDCA536D75DBA6DCE3E92E13178A66836CEB7829310A89D1 ] volume          C:\WINDOWS\system32\drivers\volume.sys
06:35:44.0042 0x1a58  volume - ok
06:35:44.0183 0x1a58  [ 04BEC879AD7B3FDDD0339B19FECB0160, 8C92755DDB41AD7DDA1643D7F32FAA0FCA7E2C65C69611EB5EC1B3276EA8DBC7 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
06:35:44.0199 0x1a58  vpci - ok
06:35:44.0277 0x1a58  [ FD9BCB8920973CEAD4D49DC7A6D8A618, 34AB4A485FB40DF737600006D8323BE927FB0BDA2BC170F4C123BE775EAE7CC8 ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
06:35:44.0339 0x1a58  vsmraid - ok
06:35:44.0699 0x1a58  [ 01FFD5AF533F2CFDF26DDDC9313731C1, BFF0F2E57CD2358AC8F519F6F5692A46D97EC4E9B763D47101CEF31712FD4738 ] VSS             C:\WINDOWS\system32\vssvc.exe
06:35:44.0870 0x1a58  VSS - ok
06:35:45.0230 0x1a58  [ E474CA91B9F0BA84F16B24465594BB4D, B2E8F0DE277690DA8A1069350D4547E16C45133E35648017E1AC6716AF99E6E4 ] VSSERV          C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
06:35:45.0277 0x1a58  VSSERV - ok
06:35:45.0480 0x1a58  [ 4889BF61752AD05C2AC73CF72A7C8F16, 9B2FF0CAF57855AA1F37933F2B9DC2B845D6BAD80C5DD400BD688DF343AFCDF5 ] vsservp         C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe
06:35:45.0691 0x1a58  vsservp - ok
06:35:45.0723 0x1a58  [ 0C111F220798CCE80484026E06822379, B98A5E44D3ABA67E6DE99E18BF3C2C606923E6269E262665C721F672ACBBED2A ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
06:35:45.0863 0x1a58  VSTXRAID - ok
06:35:45.0973 0x1a58  [ 607639716E9DB1CEF4E18B5B229293B4, 1D997177093F907EFE8A04AD10443BB9C355C0D7657DBD449E7EE7FCABC3ECBC ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
06:35:45.0988 0x1a58  vwifibus - ok
06:35:46.0051 0x1a58  [ B1ED64E628763148BF84FBE23F2AD711, 6182A39675E6049BC3DD353694720795A8E3D0331509AA8ABA4883D5C569AD5E ] vwififlt        C:\WINDOWS\system32\drivers\vwififlt.sys
06:35:46.0160 0x1a58  vwififlt - ok
06:35:46.0441 0x1a58  [ E7DE2794DF35F02868513D9594BF10FD, 89CB88814A5F7ACCFAC6FB5E3388B6922E1F8DCBB275531826DD04419BF74A7A ] W32Time         C:\WINDOWS\system32\w32time.dll
06:35:46.0582 0x1a58  W32Time - ok
06:35:46.0613 0x1a58  [ 55D00B785A7587F4263D125817871283, B92400B229099C1E243F2B149881A1423A2E9C8CA2D77D868B9B923BFDEC7FF2 ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
06:35:46.0660 0x1a58  WacomPen - ok
06:35:46.0910 0x1a58  [ 1483BE4D0135C378CB61D3CD73AB3E03, B7309C9E4F370860C507BF52D17234CDF4A7FAE95D2D822714E07EF5DEC0249B ] WalletService   C:\WINDOWS\system32\WalletService.dll
06:35:47.0035 0x1a58  WalletService - ok
06:35:47.0035 0x1a58  [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:35:47.0035 0x1a58  wanarp - ok
06:35:47.0051 0x1a58  [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:35:47.0051 0x1a58  wanarpv6 - ok
06:35:47.0473 0x1a58  [ 30B8286F8FE1AE90A583100D45E02247, 3C86A4A5E21F9A1267EA231B20914E0A162BA4C25FE8917AD3AB6D504DA5BE0C ] wbengine        C:\WINDOWS\system32\wbengine.exe
06:35:47.0551 0x1a58  wbengine - ok
06:35:47.0996 0x1a58  [ 6BE945D6DE02713BAD8627205CDF9F48, F6548EAF5D67DA4682D8B31E5B565606DEAAB9276B44F25F1A4203AB61B9400B ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
06:35:48.0121 0x1a58  WbioSrvc - ok
06:35:48.0152 0x1a58  [ CD24DEEA22152524CCFE859591D12A57, C60ACF77647E5D6EDC10BBBCF974DF264145123C8EDB6506AFA9C949EBA53D7F ] wcifs           C:\WINDOWS\system32\drivers\wcifs.sys
06:35:48.0293 0x1a58  wcifs - ok
06:35:48.0559 0x1a58  [ 32960EA9CF836D7DD77767DCB68CE230, 679446A4FAB0331C181D2716CAEA225267C6164BB9867E360C5B3D6AB1083195 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
06:35:48.0668 0x1a58  Wcmsvc - ok
06:35:48.0824 0x1a58  [ D50645235A507B0546B1B5CF7D0B8849, 19F5FE10C953B8EE8EEDA9A9F7F2E97AA193BB085E7FC364066686089ADD1C9F ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
06:35:48.0949 0x1a58  wcncsvc - ok
06:35:48.0981 0x1a58  [ AEA1093B751339267D8C8C1EF3D669CF, 8F3325E7FB16BD856A0593C36F2E3E018909038C52CD5F92E116E0C1366F31CB ] wcnfs           C:\WINDOWS\system32\drivers\wcnfs.sys
06:35:48.0996 0x1a58  wcnfs - ok
06:35:49.0199 0x1a58  [ D520B1B849B6D4D707AB31722B952C2D, 149BABB7BD63C1F212ADD9306C84FFB2A5CE6DC435BD3213EAB787E9B222C61F ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
06:35:49.0215 0x1a58  WdBoot - ok
06:35:49.0465 0x1a58  [ 5030C76047D756263093A47B82970868, E772F15973F6DE36851DD230F1F4190746CD81CA1E7284DC074711C4BF45CAF0 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
06:35:49.0621 0x1a58  Wdf01000 - ok
06:35:49.0684 0x1a58  [ 29FF9199EDEB4F5470BB134D1A2563D2, 94713F98A6EA6042203D5DD0DE6758F5F0F331F7D4BB05E91EF20CEEEBD6780F ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
06:35:49.0704 0x1a58  WdFilter - ok
06:35:49.0806 0x1a58  [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
06:35:49.0884 0x1a58  WdiServiceHost - ok
06:35:49.0915 0x1a58  [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
06:35:49.0915 0x1a58  WdiSystemHost - ok
06:35:50.0134 0x1a58  [ 373DF27CD5D5E50FFA2A90FEE0C0D994, 09E6C6C690AEE1C1A9A84BBA87A934040B2A20F677E5F5B2D24F8433B61BD81E ] wdiwifi         C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
06:35:50.0259 0x1a58  wdiwifi - ok
06:35:50.0321 0x1a58  [ 17CF416CFF408190F5A4CBD79AB12E55, E376C8865C7EA633AE20D2CF940E4C7584AC783BAAF7941780FB6C4C84802F33 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
06:35:50.0415 0x1a58  WdNisDrv - ok
06:35:50.0493 0x1a58  WdNisSvc - ok
06:35:50.0602 0x1a58  [ 3570C4E14F85CE0B537D126727ACA91C, A474C9E6B6E4E5945C63367C1D3D24D4782C4A4FEB00FAE15DFED099D8283078 ] WebClient       C:\WINDOWS\System32\webclnt.dll
06:35:50.0618 0x1a58  WebClient - ok
06:35:50.0821 0x1a58  [ 1785F9C96A0BDEC1F6E0C79EF412F342, D6D4EDA69457BEDDA69C2F60FC4C2FAC97D46CD8E9C1804CCD68F169383583E3 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
06:35:50.0884 0x1a58  Wecsvc - ok
06:35:51.0071 0x1a58  [ B9175D63527B05131F2FA504CF0265F2, 1E43A17788F1B6A29E2889C81E0BE100D64BD3A9DEE7C154D9581F01D2D7D05F ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
06:35:51.0087 0x1a58  WEPHOSTSVC - ok
06:35:51.0165 0x1a58  [ 5C58EC0C9D4DE04DCDE56F6DCEA62080, 8ED386EDF4C39C339CE0BB2AC7E199C38705E5A6B3F56A4987B9A8ABD19BB59F ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
06:35:51.0274 0x1a58  wercplsupport - ok
06:35:51.0321 0x1a58  [ F899B355CC95AF26AB36E84E8A0DD685, C400F2F80FFF6473FEF066943C4A2AFF0FFE988A4F755757A2E5005C2A10DAD8 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
06:35:51.0431 0x1a58  WerSvc - ok
06:35:51.0509 0x1a58  [ E1785942AC51FEE6826CDF02075C5AA9, 56FE7017684086F4F9C3A2C0D3AC00369BA0938BA3987EEBEE9A75B8E3CA0AE1 ] WFPLWFS         C:\WINDOWS\system32\drivers\wfplwfs.sys
06:35:51.0556 0x1a58  WFPLWFS - ok
06:35:51.0618 0x1a58  [ B154618505A6A9026EFA6AB8C4123BF1, 713648D71AA027B4472E7E75B942630DBE7383687984B02A5E99C9E4192C95EB ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
06:35:51.0634 0x1a58  WiaRpc - ok
06:35:51.0785 0x1a58  [ 0CF79A0EACFFBB75A50A469A27696D02, E112BF7B5A8D0B0AD2EA0E7B9FD4E8CFEC9371C8E94A60248292D688AFE715C4 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
06:35:51.0801 0x1a58  WIMMount - ok
06:35:51.0801 0x1a58  WinDefend - ok
06:35:51.0848 0x1a58  [ 0DE131733317EB4BE67028366B0CAAC6, AC7DADBF03A3752B4D33CA19F03DBCEDD6F56893C2DA25C98B0AB07063D990E3 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
06:35:51.0957 0x1a58  WindowsTrustedRT - ok
06:35:52.0004 0x1a58  [ 92EB5D38BDF10C790450F3E46BF93A0E, 0FC027398DBD43EDC1F7D703C0B6DB20294DF34E67C9288442039B1A5663CE1B ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
06:35:52.0020 0x1a58  WindowsTrustedRTProxy - ok
06:35:52.0348 0x1a58  [ C9E7D91A044B77CBCB4121C06610A86C, 9FF039D67A5CE4732920EA4F1F5CFD9DE0AAADC34829A007EA697030D42D3623 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
06:35:52.0426 0x1a58  WinHttpAutoProxySvc - ok
06:35:52.0598 0x1a58  [ F95DE20312ACCA7761446DE152BD1F7C, F6C5ACA500C2182437F4A7402BD81C3A2B77C0BBD78BA31FB574DC1997FCBFE6 ] WinMad          C:\WINDOWS\System32\drivers\winmad.sys
06:35:52.0598 0x1a58  WinMad - ok
06:35:53.0176 0x1a58  [ CD49CA8E3280ACEEC5ECF431A59F5EFD, 75F48EFC6DEE9E06B490703EE47602AFDEA51505285B02D2CF884601E71857CC ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
06:35:53.0238 0x1a58  Winmgmt - ok
06:35:54.0030 0x1a58  [ F86E9029774478D276E0AAB7D169896D, EDCB96F745E1F16BDFF70B140B38412096FA29A407157183223AE6111CBB4B38 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
06:35:54.0202 0x1a58  WinRM - ok
06:35:54.0280 0x1a58  [ 4EFB346BFDAEEB29316AA52BBB9852B1, 4BC5554F44BD9549D0A929D77BD410FA3EB502A7D0170303D369268672505494 ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
06:35:54.0424 0x1a58  WINUSB - ok
06:35:54.0530 0x1a58  [ 8B9AFF5F08E66A6F1F1063DEC9457FB6, 98F2AF6988D125521FD34CAA48B9652922F0C8ECFAE9B0C1DF4B3CE6B9CF500F ] WinVerbs        C:\WINDOWS\System32\drivers\winverbs.sys
06:35:54.0595 0x1a58  WinVerbs - ok
06:35:55.0004 0x1a58  [ 4D694EDF85F1BFC463B15846D4E00A9B, 4ED44C0E22D2843121E4C8A58F97B526BB7D85C0D7A0BB4B1158A970258C791E ] wisvc           C:\WINDOWS\system32\flightsettings.dll
06:35:55.0051 0x1a58  wisvc - ok
06:35:55.0567 0x1a58  [ B155B02AFF09DEFBC7FC8B359747B2C3, 6F759629305B4BDF08FC9C99C8EE3F328D87E8703819D98E1452D6A9F5D9896C ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
06:35:55.0737 0x1a58  WlanSvc - ok
06:35:56.0159 0x1a58  [ 7A98AF088E0B1A5EB98863B14F493716, 8B2F8D02AC0637C72859AF29C05C01D7D1C81C6A15CBE2D579F27F3254E66076 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
06:35:56.0362 0x1a58  wlidsvc - ok
06:35:56.0471 0x1a58  [ 6F4F4F5A007D1710BD76FB311DA97C07, FC0FEA4364F6BA4E31DBC82735D09D429CA3BE9AFCFF5D5E1263D8B27FC2CE3E ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
06:35:56.0487 0x1a58  WmiAcpi - ok
06:35:56.0596 0x1a58  [ 3CDDFF6CAD962C5EF1C52FD667C358B6, F6F09145E9461EB17172988D26749FCF36920A1A683459334D04A6D072B31A92 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
06:35:56.0706 0x1a58  wmiApSrv - ok
06:35:56.0768 0x1a58  WMPNetworkSvc - ok
06:35:56.0846 0x1a58  [ 43C8D087B31C592163B33A4BDA540E40, 3A6C4E5E56931B29321DCC723585F2F0E804EF4DCDEAB2A8687F30FC3AE70E43 ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
06:35:56.0987 0x1a58  Wof - ok
06:35:57.0331 0x1a58  [ 909CB4BBF7B08E78C363000E09E79A6F, 217205D1B5EE03274AFF9405AED6D2A5665CBA4C3876E84B53DA44920CDF9CB1 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
06:35:57.0503 0x1a58  workfolderssvc - ok
06:35:57.0659 0x1a58  [ F02930EB91596042F2221397D60AFCE5, 10E2AB0993B67CBAA9E11C68280608965064EC9F7E0C570F5B453FACADB8AB5D ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
06:35:57.0675 0x1a58  WPDBusEnum - ok
06:35:57.0838 0x1a58  [ 75A9284F01FE7CB1A7D5EAE5C1EB4F33, 390EF23AEA06D8711555F7979FF8BE0620B53C1A551638C4EC6FB7C6678965B3 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
06:35:57.0838 0x1a58  WpdUpFltr - ok
06:35:57.0901 0x1a58  [ 60E2EB3E7B7F15C25E02462159F90707, D8344B529EEC0D4922CAC3E6897CC9F191ACF1376017BE38ED6BF6019F1ED181 ] WpnService      C:\WINDOWS\system32\WpnService.dll
06:35:58.0026 0x1a58  WpnService - ok
06:35:58.0089 0x1a58  [ C7C91FB86A3C6CD7619725A88ED1884C, 132C43C518F37BF303D768BD5FB0AB835F693C43FE693937D804A34E940D770F ] WpnUserService  C:\WINDOWS\System32\WpnUserService.dll
06:35:58.0214 0x1a58  WpnUserService - ok
06:35:58.0464 0x1a58  [ 36D7B73ADC3E10607ED6EC874AFB5D1E, 1737B3E4D2CA76BB27903BF460E4960E6A0BC32D35069AC7C5E4B07F625F3282 ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
06:35:58.0479 0x1a58  ws2ifsl - ok
06:35:58.0557 0x1a58  [ 519806FBCF00A0B17B8E03297DB0F551, 1911EA7168B06DBF3D36833120E4731437BF1ACC294C289B132C50280A40F548 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
06:35:58.0604 0x1a58  wscsvc - ok
06:35:58.0620 0x1a58  WSearch - ok
06:35:59.0135 0x1a58  [ DB38A10568D01CCCDA442C8F52EDF657, C48AE43F8AE22B1A68E73E452C09CE8913885A549DCD33D017A16350AEA5EAB5 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
06:35:59.0307 0x1a58  wuauserv - ok
06:35:59.0338 0x1a58  [ AED7FE551E8672B824A56324076183EB, FFE543AAEFDEFFE6B20C244DB141A9425BDA88ED36F4870F0B70FEC433BDF0C1 ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
06:35:59.0354 0x1a58  WudfPf - ok
06:35:59.0448 0x1a58  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFRd          C:\WINDOWS\system32\drivers\WudfRd.sys
06:35:59.0542 0x1a58  WUDFRd - ok
06:35:59.0604 0x1a58  [ 47F6450F28BAA32B2AB0D6BE00996249, C8A47D6ADF89AD613AB685C6224B9099DCEFDCD8ABCF703542AFDC356404116E ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
06:35:59.0620 0x1a58  wudfsvc - ok
06:35:59.0942 0x1a58  [ 42DF36725C1B28EF40F94363BA9213ED, 87F7355FEF000326BFFC9ED24D6E32D05F36A549779A1D319603F94E6D8223FD ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
06:36:00.0067 0x1a58  WwanSvc - ok
06:36:00.0349 0x1a58  [ 38DDEB2AFE7D72B43DB116DACBFB97CD, 516368980793E22034298CA9C800D1AAD5B89979771182B74EB6E5FBC8BA1016 ] XblAuthManager  C:\WINDOWS\System32\XblAuthManager.dll
06:36:00.0536 0x1a58  XblAuthManager - ok
06:36:00.0817 0x1a58  [ 765FF96467A26C4C03281ECA426EC2D9, 2526B03C518D72F429C29BA4D4F11707AF277BF71520A1A92238A932950AE161 ] XblGameSave     C:\WINDOWS\System32\XblGameSave.dll
06:36:01.0005 0x1a58  XblGameSave - ok
06:36:01.0052 0x1a58  [ 59335CEA021FB89E07AD5DB5D17F09D0, 33FEFD5798BFA306FBEDCC8F2D0D984B6546A61B5026E921A8AC0466ADF2B698 ] xboxgip         C:\WINDOWS\System32\drivers\xboxgip.sys
06:36:01.0146 0x1a58  xboxgip - ok
06:36:01.0349 0x1a58  [ 335E6F2BE58523B295945C840C185B00, 94ED7E2CB212A3D55B8A2CB90CD1D02A6AF92DC0DDD487CB5B7CAC9883343460 ] XboxNetApiSvc   C:\WINDOWS\system32\XboxNetApiSvc.dll
06:36:01.0474 0x1a58  XboxNetApiSvc - ok
06:36:01.0568 0x1a58  [ 864F4209B03BE4267DDE09B067A165CA, C6751CB80940F320A742C38295E4FEEC85F99BE7D6C564AC5F5068E85A82421D ] xinputhid       C:\WINDOWS\System32\drivers\xinputhid.sys
06:36:01.0568 0x1a58  xinputhid - ok
06:36:01.0583 0x1a58  ================ Scan global ===============================
06:36:01.0724 0x1a58  [ 0C710DB449712EE13ACE733695DB7780, BBC7875B38D318CE4E88979D083AC72E8993254A466A8A6882DDE9E0C3B687A3 ] C:\WINDOWS\system32\basesrv.dll
06:36:01.0829 0x1a58  [ 1FEF9536BA2779E2F3CB524E34BAC715, 6387C7E2FD538EFD9AC19B622AEC81F6F924576FDAB6F003AF5B6CBD33F6A379 ] C:\WINDOWS\system32\winsrv.dll
06:36:02.0000 0x1a58  [ 1EE06E957B0B2CA52D26DA7861E160EF, 4B743A1C7010138F5F6684BBCF7CAD6FD05F49920BDD3FDB776347AA6B44AB94 ] C:\WINDOWS\system32\sxssrv.dll
06:36:02.0235 0x1a58  [ 133390D061D94917125DC666DA67ECD0, 69D6FFF3E0A0C4D77A62B4D71E1E3A8D10D93C46782A1B05F0EC4B8919C384B9 ] C:\WINDOWS\system32\services.exe
06:36:02.0250 0x1a58  [ Global ] - ok
06:36:02.0250 0x1a58  ================ Scan MBR ==================================
06:36:02.0329 0x1a58  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
06:36:10.0414 0x1a58  \Device\Harddisk0\DR0 - ok
06:36:10.0414 0x1a58  ================ Scan VBR ==================================
06:36:10.0461 0x1a58  [ 5241D8A29BEE8478DC96CF7B44C8AE73 ] \Device\Harddisk0\DR0\Partition1
06:36:10.0570 0x1a58  \Device\Harddisk0\DR0\Partition1 - ok
06:36:10.0617 0x1a58  [ B58BAA6588B4A0B509FB96A32AE755D8 ] \Device\Harddisk0\DR0\Partition2
06:36:10.0633 0x1a58  \Device\Harddisk0\DR0\Partition2 - ok
06:36:10.0633 0x1a58  ================ Scan generic autorun ======================
06:36:13.0809 0x1a58  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
06:36:14.0262 0x1a58  OneDriveSetup - ok
06:36:15.0910 0x1a58  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
06:36:16.0067 0x1a58  OneDriveSetup - ok
06:36:16.0082 0x1a58  Waiting for KSN requests completion. In queue: 2
06:36:17.0129 0x1a58  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.0 ), 0x60100 ( disabled : updated )
06:36:17.0129 0x1a58  AV detected via SS2: Bitdefender Antivirus, C:\Program Files\Bitdefender\Bitdefender 2017\wscfix.exe ( 21.0.17.874 ), 0x41000 ( enabled : updated )
06:36:17.0129 0x1a58  FW detected via SS2: Bitdefender Firewall, C:\Program Files\Bitdefender\Bitdefender 2017\wscfix.exe ( 21.0.17.874 ), 0x41010 ( enabled )
06:36:17.0488 0x1a58  ============================================================
06:36:17.0488 0x1a58  Scan finished
06:36:17.0488 0x1a58  ============================================================
06:36:17.0520 0x1a50  Detected object count: 0
06:36:17.0520 0x1a50  Actual detected object count: 0


#10 BOV72

BOV72
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, United States
  • Local time:06:43 PM

Posted 13 October 2016 - 05:44 AM

Unfortunately, I cannot run aswMBR in normal mode.  As soon as i get the "supports virtualization" pop-up and click start, the cpu freezes then reboots.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:43 PM

Posted 13 October 2016 - 09:56 AM




Please run the Farbar Recovery Scan Tool. Enter csrss.exe in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.

<<<>>>

Lets see what we can fin in the Registry.

Please run the Farbar Recovery Scan Tool. Enter csrss.exe in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

#12 BOV72

BOV72
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, United States
  • Local time:06:43 PM

Posted 13 October 2016 - 02:53 PM

Farbar Recovery Scan Tool (x64) Version: 13-10-2016
Ran by TennVols-72 (13-10-2016 15:52:45)
Running from C:\Users\TennVols-72\Desktop\Bleeping Computer\FRST64
Boot Mode: Normal
 
================== Search Registry: "csrss.exe" ===========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FTH-vols]
"ExclusionList"="smss.exe
csrss.exe
wininit.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
winlogon.exe
SLsvc.exe
spoolsv.exe
taskhost.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR-vols\HeapLeakDetection\ReflectionApplications-vols\csrss.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Performance\Resolvers]
"SystemBinariesList"="win32k.sys:winlogon.exe:EXPLORER.EXE:CSRSS.Exe:dwm.exe:logon.scr:logonui.exe:lsass.exe:lsm.exe:ntkrpamp.exe:ntoskrnl.exe:RUNDLL32.EXE:services.exe:sppsvc.exe:smss.exe:spoolsv.exe:svchost.exe:taskeng.exe:WinInit.exe:WISPTIS.EXE:dllhost.exe:dllhst3g.exe:cscript.exe:mmc.exe:msiexec.exe:upnpcont.exe:wscript.exe:WUDFHost.exe:dfsvc.exe:dfsvc.exe:fdbs.exe:ntfsbs.exe:memdiag.exe:NETFXSBS10.exe:applaunch.exe:aspnet_compiler.exe:aspnet_regbrowsers.exe:aspnet_regiis.exe:aspnet_regsql.exe:aspnet_state.exe:aspnet_wp.exe:caspol.exe:csc.exe:CVTRES.EXE:dfsvc.exe:dw20.exe:IEExec.exe:ilasm.exe:InstallUtil.exe:jsc.exe:MSBuild.exe:mscorsvw.exe:ngen.exe:RegAsm.exe::RegSvcs.exe:vbc.exe:TrustedInstaller.exe:Aurora.scr:AutoChk.Exe:AUTOFMT.EXE:CHKDSK.EXE:CHKNTFS.EXE:consent.exe:PnPUnattend.exe:PnPutil.exe:RacAgent.exe:fsquirt.exe:Uninst.exe:updateWmc.exe:wmdc.exe:wmdsync.exe:mofcomp.exe:ScrCons.exe:smi2smir.exe:unsecapp.exe:wbemtest.exe:winmgmt.exe:wmic.exe:bfsvc.exe:Twunk_16.exe:Twunk_32.exe:wuauclt.exe:wsqmcons.exe:sapisvr.exe:WinSAT.exe:p2phost.exe:SearchProtocolHost.exe:WerFault.exe:drvinst.exe:ehshell.exe:UI0Detect.exe:ehtray.exe:HelpPane.exe:mrt.exe:SearchFilterHost.exe:mobsync.exe:Narrator.exe:SLUI.exe:taskmgr.exe:PresentationSettings.exe:vds.exe:sdclt.exe:irftp.exe:DFDWiz.exe:SndVol.exe:makecab.exe:msfeedssync.exe:unregmp2.exe:DeviceProperties.exe:rstrui.exe:MdRes.exe:netsh.exe:printui.exe:mcupdate.exe:4mmdat.sys:61883.sys:ACPI.sys:amdk7.sys:amdk8.sys:ASYNCMAC.SYS:atapi.sys:AVC.SYS:cdfs.sys:cdrom.sys:circlass.sys:cmbatt.sys:crusoe.sys:CSC.Sys:dc21x4vm.sys:disk.sys:dot4.sys:dot4usb.sys:drmkaud.sys:ecache.sys:fdc.sys:floppy.sys:hdaudbus.sys:HDAudio.sys:HIDBTH.SYS:HIDIR.SYS:i8042prt.sys:intelppm.sys:irenum.SYS:IRSIR.SYS:kbdclass.sys:kbdhid.sys:LOOP.SYS:mf.sys:monitor.sys:mouclass.sys:mouhid.sys:msisadrv.sys:msiscsi.sys:NDISWAN.SYS:nsiproxy.sys:ohci1394.sys:pci.sys:pciide.sys:powerfil.sys:processr.sys:rasl2tp.sys:raspppoe.sys:RASPPTP.SYS:RDPCDD.SYS:rfcomm.sys:sbp2port.sys:sdbus.sys:serenum.sys:serial.sys:sermouse.sys:sffdisk.sys:sffp_mmc.sys:smbios.sys:swenum.sys:tdx.sys:termdd.sys:tpm.sys:tunmp.sys:tunnel.sys:umbus.sys:update.sys:usb8023.sys:USBAudio.sys:USBCCGP.SYS:usbcir.sys:USBEHCI.sys:usbhub.sys:USBOHCI.sys:usbprint.sys:USBUHCI.sys:viac7.sys:wacompen.sys:wceusbsh.sys:winusb.sys:ws2ifsl.sys:xnacc.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\FTH]
"ExclusionList"="smss.exe
csrss.exe
wininit.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
winlogon.exe
SLsvc.exe
spoolsv.exe
taskhost.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\RADAR\HeapLeakDetection\ReflectionApplications\csrss.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16"
 
====== End of Search ======


#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:43 PM

Posted 14 October 2016 - 08:50 AM


As reported in your Registry search you only have one csrss.exe running and it's a good sign.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16"


Gmer may be reporting a false positive.

Lets find out what other version of the files is available on your system.

Please run the Farbar Recovery Scan Tool. Enter csrss.exe in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.

#14 BOV72

BOV72
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, United States
  • Local time:06:43 PM

Posted 14 October 2016 - 11:43 AM

OTL logfile created on: 10/10/2016 9:29:25 PM - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\TennVols-72\Desktop\Bleeping Computer
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.14393.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 2.84 Gb Available Physical Memory | 70.98% Memory free
10.69 Gb Paging File | 9.64 Gb Available in Paging File | 90.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.45 Gb Total Space | 242.61 Gb Free Space | 81.56% Space Free | Partition Type: NTFS
 
Computer Name: TENNVOLS-72-PC | User Name: TennVols-72 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2016/10/10 17:50:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TennVols-72\Desktop\Bleeping Computer\OTL.exe
PRC - [2016/09/25 02:02:13 | 001,135,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2016/07/16 10:27:07 | 010,653,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
PRC - [2016/07/16 07:42:56 | 000,416,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2016/07/16 07:42:45 | 001,543,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mmc.exe
PRC - [2016/07/16 07:42:40 | 004,673,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2016/07/16 07:42:20 | 000,975,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
PRC - [2016/07/16 07:42:02 | 001,653,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
PRC - [2016/05/09 12:49:34 | 016,430,112 | ---- | M] (VS Revo Group) -- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2016/10/06 11:49:38 | 000,100,448 | ---- | M] (Bitdefender) [Auto | Stopped] -- C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe -- (DevMgmtService)
SRV:64bit: - [2016/10/04 12:44:46 | 001,306,832 | ---- | M] (Bitdefender) [Auto | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe -- (VSSERV)
SRV:64bit: - [2016/09/13 18:38:28 | 001,088,944 | ---- | M] (Bitdefender) [Auto | Stopped] -- C:\Program Files\Bitdefender Agent\ProductAgentService.exe -- (ProductAgentService)
SRV:64bit: - [2016/08/25 16:53:08 | 000,524,872 | ---- | M] (Bitdefender) [Auto | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe -- (vsservp)
SRV:64bit: - [2016/08/24 18:56:14 | 000,216,880 | ---- | M] (Bitdefender) [Auto | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2016/07/16 07:43:51 | 000,650,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo)
SRV:64bit: - [2016/07/16 07:43:50 | 000,082,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2016/07/16 07:43:47 | 000,560,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2016/07/16 07:43:47 | 000,436,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService)
SRV:64bit: - [2016/07/16 07:43:18 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2016/07/16 07:43:10 | 001,836,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2016/07/16 07:43:06 | 000,347,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2016/07/16 07:43:04 | 000,103,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2016/07/16 07:42:43 | 000,691,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2016/07/16 07:42:42 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2016/07/16 07:42:39 | 001,234,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc)
SRV:64bit: - [2016/07/16 07:42:39 | 000,285,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc)
SRV:64bit: - [2016/07/16 07:42:39 | 000,161,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Windows.SharedPC.AccountManager.dll -- (shpamsvc)
SRV:64bit: - [2016/07/16 07:42:38 | 001,312,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService)
SRV:64bit: - [2016/07/16 07:42:38 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc)
SRV:64bit: - [2016/07/16 07:42:38 | 000,781,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PhoneService.dll -- (PhoneSvc)
SRV:64bit: - [2016/07/16 07:42:38 | 000,407,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV:64bit: - [2016/07/16 07:42:38 | 000,141,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RMapi.dll -- (RmSvc)
SRV:64bit: - [2016/07/16 07:42:38 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice)
SRV:64bit: - [2016/07/16 07:42:38 | 000,055,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2016/07/16 07:42:37 | 000,718,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2016/07/16 07:42:36 | 001,020,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager)
SRV:64bit: - [2016/07/16 07:42:36 | 000,539,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc)
SRV:64bit: - [2016/07/16 07:42:36 | 000,183,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dcpsvc.dll -- (DcpSvc)
SRV:64bit: - [2016/07/16 07:42:34 | 002,264,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2016/07/16 07:42:31 | 000,023,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2016/07/16 07:42:28 | 000,447,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2016/07/16 07:42:28 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService)
SRV:64bit: - [2016/07/16 07:42:27 | 001,980,416 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2016/07/16 07:42:27 | 000,827,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2016/07/16 07:42:27 | 000,614,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FlightSettings.dll -- (wisvc)
SRV:64bit: - [2016/07/16 07:42:27 | 000,265,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc)
SRV:64bit: - [2016/07/16 07:42:27 | 000,096,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2016/07/16 07:42:27 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service)
SRV:64bit: - [2016/07/16 07:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (WpnUserService_1a43d)
SRV:64bit: - [2016/07/16 07:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_1a43d)
SRV:64bit: - [2016/07/16 07:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_1a43d)
SRV:64bit: - [2016/07/16 07:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_1a43d)
SRV:64bit: - [2016/07/16 07:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_1a43d)
SRV:64bit: - [2016/07/16 07:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_1a43d)
SRV:64bit: - [2016/07/16 07:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (CDPUserSvc_1a43d)
SRV:64bit: - [2016/07/16 07:42:23 | 000,765,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV:64bit: - [2016/07/16 07:42:23 | 000,366,592 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc)
SRV:64bit: - [2016/07/16 07:42:22 | 000,803,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FrameServer.dll -- (FrameServer)
SRV:64bit: - [2016/07/16 07:42:22 | 000,337,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2016/07/16 07:42:20 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2016/07/16 07:42:19 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2016/07/16 07:42:16 | 000,287,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TieringEngineService.exe -- (TieringEngineService)
SRV:64bit: - [2016/07/16 07:42:16 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2016/07/16 07:42:16 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2016/07/16 07:42:13 | 000,590,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter)
SRV:64bit: - [2016/07/16 07:42:12 | 000,519,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2016/07/16 07:42:12 | 000,052,224 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\MessagingService.dll -- (MessagingService)
SRV:64bit: - [2016/07/16 07:42:09 | 001,512,448 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc)
SRV:64bit: - [2016/07/16 07:42:09 | 001,184,256 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc)
SRV:64bit: - [2016/07/16 07:42:09 | 000,983,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc)
SRV:64bit: - [2016/07/16 07:42:09 | 000,765,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2016/07/16 07:42:09 | 000,574,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tileobjserver.dll -- (tiledatamodelsvc)
SRV:64bit: - [2016/07/16 07:42:09 | 000,387,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2016/07/16 07:42:09 | 000,358,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2016/07/16 07:42:09 | 000,339,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2016/07/16 07:42:09 | 000,326,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV:64bit: - [2016/07/16 07:42:09 | 000,234,496 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService)
SRV:64bit: - [2016/07/16 07:42:09 | 000,203,776 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc)
SRV:64bit: - [2016/07/16 07:42:09 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc)
SRV:64bit: - [2016/07/16 07:42:09 | 000,177,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBrokerSvc)
SRV:64bit: - [2016/07/16 07:42:09 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker)
SRV:64bit: - [2016/07/16 07:42:09 | 000,074,240 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\WpnUserService.dll -- (WpnUserService)
SRV:64bit: - [2016/07/16 07:42:09 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc)
SRV:64bit: - [2016/07/16 07:42:09 | 000,034,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker)
SRV:64bit: - [2016/07/16 07:42:09 | 000,023,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager)
SRV:64bit: - [2016/07/16 07:42:07 | 001,159,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave)
SRV:64bit: - [2016/07/16 07:42:06 | 004,136,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository)
SRV:64bit: - [2016/07/16 07:42:06 | 000,729,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC)
SRV:64bit: - [2016/07/16 07:42:06 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter)
SRV:64bit: - [2016/07/16 07:42:05 | 002,104,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2016/07/16 07:42:05 | 001,012,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager)
SRV:64bit: - [2016/07/16 07:42:05 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc)
SRV:64bit: - [2016/07/16 07:42:05 | 000,337,408 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\cdpusersvc.dll -- (CDPUserSvc)
SRV:64bit: - [2016/07/16 07:42:05 | 000,197,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2016/07/16 07:42:05 | 000,152,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc)
SRV:64bit: - [2016/07/16 07:42:05 | 000,140,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode)
SRV:64bit: - [2016/07/16 07:42:05 | 000,095,232 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tzautoupdate.dll -- (tzautoupdate)
SRV:64bit: - [2016/07/16 07:42:04 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hvhostsvc.dll -- (HvHost)
SRV:64bit: - [2016/07/16 07:42:02 | 000,349,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvcext.dll -- (vmicvss)
SRV:64bit: - [2016/07/16 07:42:02 | 000,349,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvcext.dll -- (vmicrdv)
SRV:64bit: - [2016/07/16 07:42:02 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession)
SRV:64bit: - [2016/07/16 07:42:02 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2016/07/16 07:42:02 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2016/07/16 07:42:02 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2016/07/16 07:42:02 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2016/07/16 07:42:02 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2016/07/16 07:41:50 | 003,318,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2016/07/16 07:41:50 | 000,321,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV - [2016/07/16 07:43:02 | 000,298,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2016/07/16 07:42:56 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2016/07/16 07:42:55 | 003,369,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository)
SRV - [2016/07/16 07:42:55 | 000,968,704 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc)
SRV - [2016/07/16 07:42:49 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2016/07/16 07:41:50 | 003,318,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2015/10/13 11:26:28 | 000,416,432 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2016/10/09 23:06:16 | 000,199,008 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2016/08/11 17:42:35 | 000,300,840 | ---- | M] (Bitdefender) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\ignis.sys -- (ignis)
DRV:64bit: - [2016/07/16 10:27:23 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2016/07/16 10:27:05 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2016/07/16 07:44:01 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2016/07/16 07:43:06 | 000,123,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2016/07/16 07:43:04 | 000,290,144 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2016/07/16 07:43:04 | 000,044,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2016/07/16 07:42:38 | 000,125,440 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2016/07/16 07:42:36 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2016/07/16 07:42:36 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2016/07/16 07:42:36 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\applockerfltr.sys -- (applockerfltr)
DRV:64bit: - [2016/07/16 07:42:35 | 000,928,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refsv1.sys -- (ReFSv1)
DRV:64bit: - [2016/07/16 07:42:35 | 000,376,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2016/07/16 07:42:35 | 000,227,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2016/07/16 07:42:35 | 000,045,920 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iorate.sys -- (iorate)
DRV:64bit: - [2016/07/16 07:42:28 | 000,107,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT)
DRV:64bit: - [2016/07/16 07:42:28 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv)
DRV:64bit: - [2016/07/16 07:42:27 | 000,263,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000)
DRV:64bit: - [2016/07/16 07:42:27 | 000,201,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2016/07/16 07:42:27 | 000,151,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2016/07/16 07:42:27 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmTcpciCx.sys -- (UcmTcpciCx0101)
DRV:64bit: - [2016/07/16 07:42:27 | 000,095,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101)
DRV:64bit: - [2016/07/16 07:42:27 | 000,079,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2016/07/16 07:42:27 | 000,078,336 | ---- | M] (Microsoft Corporation) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt)
DRV:64bit: - [2016/07/16 07:42:27 | 000,074,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2016/07/16 07:42:27 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000)
DRV:64bit: - [2016/07/16 07:42:27 | 000,053,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2016/07/16 07:42:27 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IndirectKmd.sys -- (IndirectKmd)
DRV:64bit: - [2016/07/16 07:42:27 | 000,031,584 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2016/07/16 07:42:27 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2016/07/16 07:42:23 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist)
DRV:64bit: - [2016/07/16 07:42:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS)
DRV:64bit: - [2016/07/16 07:42:18 | 000,088,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2016/07/16 07:42:16 | 000,062,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2016/07/16 07:42:13 | 000,719,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi)
DRV:64bit: - [2016/07/16 07:42:12 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2016/07/16 07:42:11 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2016/07/16 07:42:09 | 000,168,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2016/07/16 07:42:09 | 000,156,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2016/07/16 07:42:09 | 000,119,648 | ---- | M] (Microsoft Corporation) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\wcifs.sys -- (wcifs)
DRV:64bit: - [2016/07/16 07:42:09 | 000,070,144 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\registry.sys -- (clreg)
DRV:64bit: - [2016/07/16 07:42:09 | 000,066,560 | ---- | M] (Microsoft Corporation) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\wcnfs.sys -- (wcnfs)
DRV:64bit: - [2016/07/16 07:42:04 | 000,073,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hvservice.sys -- (hvservice)
DRV:64bit: - [2016/07/16 07:42:03 | 000,210,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000)
DRV:64bit: - [2016/07/16 07:42:03 | 000,126,816 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2016/07/16 07:42:03 | 000,108,384 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2016/07/16 07:42:03 | 000,090,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NetAdapterCx.sys -- (NetAdapterCx)
DRV:64bit: - [2016/07/16 07:42:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt)
DRV:64bit: - [2016/07/16 07:42:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (tsusbflt)
DRV:64bit: - [2016/07/16 07:42:03 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx)
DRV:64bit: - [2016/07/16 07:42:03 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf)
DRV:64bit: - [2016/07/16 07:41:55 | 000,535,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2016/07/16 07:41:55 | 000,381,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2016/07/16 07:41:55 | 000,279,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2016/07/16 07:41:55 | 000,220,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2016/07/16 07:41:55 | 000,137,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV:64bit: - [2016/07/16 07:41:55 | 000,096,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea)
DRV:64bit: - [2016/07/16 07:41:55 | 000,095,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2016/07/16 07:41:55 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsi.sys -- (UcmUcsi)
DRV:64bit: - [2016/07/16 07:41:55 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea)
DRV:64bit: - [2016/07/16 07:41:55 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys)
DRV:64bit: - [2016/07/16 07:41:55 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfn.sys -- (genericusbfn)
DRV:64bit: - [2016/07/16 07:41:55 | 000,017,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy)
DRV:64bit: - [2016/07/16 07:41:54 | 000,258,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip)
DRV:64bit: - [2016/07/16 07:41:54 | 000,176,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys -- (iaLPSS2i_I2C)
DRV:64bit: - [2016/07/16 07:41:54 | 000,081,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iai2c.sys -- (iai2c)
DRV:64bit: - [2016/07/16 07:41:54 | 000,064,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2.sys -- (iaLPSS2i_GPIO2)
DRV:64bit: - [2016/07/16 07:41:54 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2016/07/16 07:41:54 | 000,050,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2016/07/16 07:41:54 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV:64bit: - [2016/07/16 07:41:54 | 000,043,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid)
DRV:64bit: - [2016/07/16 07:41:54 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter)
DRV:64bit: - [2016/07/16 07:41:54 | 000,034,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2016/07/16 07:41:54 | 000,033,280 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iagpio.sys -- (iagpio)
DRV:64bit: - [2016/07/16 07:41:54 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2016/07/16 07:41:54 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2016/07/16 07:41:53 | 002,104,160 | ---- | M] (Chelsio Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cht4vx64.sys -- (cht4vbd)
DRV:64bit: - [2016/07/16 07:41:53 | 001,135,456 | ---- | M] (PMC-Sierra) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2016/07/16 07:41:53 | 000,842,584 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus)
DRV:64bit: - [2016/07/16 07:41:53 | 000,673,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2016/07/16 07:41:53 | 000,589,824 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rt640x64.sys -- (rt640x64)
DRV:64bit: - [2016/07/16 07:41:53 | 000,544,608 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2016/07/16 07:41:53 | 000,526,176 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus)
DRV:64bit: - [2016/07/16 07:41:53 | 000,346,976 | ---- | M] (Chelsio Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cht4sx64.sys -- (cht4iscsi)
DRV:64bit: - [2016/07/16 07:41:53 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2016/07/16 07:41:53 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2016/07/16 07:41:53 | 000,131,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2016/07/16 07:41:53 | 000,123,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\scmdisk0101.sys -- (scmdisk0101)
DRV:64bit: - [2016/07/16 07:41:53 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg)
DRV:64bit: - [2016/07/16 07:41:53 | 000,108,896 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr)
DRV:64bit: - [2016/07/16 07:41:53 | 000,107,360 | ---- | M] (LSI) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2016/07/16 07:41:53 | 000,105,824 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV:64bit: - [2016/07/16 07:41:53 | 000,101,216 | ---- | M] (Avago Technologies) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV:64bit: - [2016/07/16 07:41:53 | 000,088,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\scmbus.sys -- (scmbus)
DRV:64bit: - [2016/07/16 07:41:53 | 000,083,296 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2016/07/16 07:41:53 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2016/07/16 07:41:53 | 000,082,776 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2016/07/16 07:41:53 | 000,077,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2016/07/16 07:41:53 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2016/07/16 07:41:53 | 000,064,864 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs)
DRV:64bit: - [2016/07/16 07:41:53 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2016/07/16 07:41:53 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2016/07/16 07:41:53 | 000,061,792 | ---- | M] (Avago Technologies) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i)
DRV:64bit: - [2016/07/16 07:41:53 | 000,058,720 | ---- | M] (Avago Technologies) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i)
DRV:64bit: - [2016/07/16 07:41:53 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2016/07/16 07:41:53 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2016/07/16 07:41:53 | 000,032,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs)
DRV:64bit: - [2016/07/16 07:41:53 | 000,032,096 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad)
DRV:64bit: - [2016/07/16 07:41:53 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2016/07/16 07:41:53 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2016/07/16 07:41:53 | 000,026,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2016/07/16 07:41:53 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AcpiDev.sys -- (AcpiDev)
DRV:64bit: - [2016/07/16 07:41:53 | 000,016,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volume.sys -- (volume)
DRV:64bit: - [2016/07/16 07:41:53 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2016/07/16 07:41:53 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2016/07/16 07:41:53 | 000,009,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2016/07/16 07:41:53 | 000,009,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn.sys -- (bcmfn)
DRV:64bit: - [2016/07/16 07:41:52 | 003,418,976 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2016/07/16 07:41:52 | 000,533,856 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2016/07/16 07:41:52 | 000,048,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2016/07/16 07:41:52 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2016/07/16 07:41:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2016/07/16 07:41:50 | 000,118,112 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2016/07/16 07:41:50 | 000,113,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2016/07/16 07:41:50 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2016/07/16 07:41:50 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2016/07/16 07:41:50 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2016/07/16 07:41:50 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2016/07/16 07:41:50 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2016/07/16 07:41:50 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2016/07/16 07:41:50 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2016/07/16 07:41:50 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2016/07/16 07:41:50 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2016/07/16 07:41:50 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgid.sys -- (vmgid)
DRV:64bit: - [2016/06/29 18:07:26 | 001,603,264 | ---- | M] (BitDefender) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2016/06/24 08:42:40 | 000,128,400 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2016/06/03 17:05:18 | 000,850,464 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2016/03/14 22:04:45 | 000,023,672 | ---- | M] (Bitdefender) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bdelam.sys -- (bdelam)
DRV:64bit: - [2016/03/10 07:41:58 | 000,520,032 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2015/12/16 05:53:12 | 000,182,936 | ---- | M] (BitDefender LLC) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\gzflt.sys -- (gzflt)
DRV:64bit: - [2015/12/04 19:27:06 | 000,087,912 | ---- | M] (BitDefender) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK)
DRV:64bit: - [2015/11/24 14:39:24 | 000,088,184 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2015/11/24 14:39:24 | 000,036,560 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ITECIRfilter.sys -- (ITECIRfilter)
DRV:64bit: - [2015/11/19 22:55:12 | 000,206,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2007/08/09 01:21:00 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV - [2016/07/16 07:41:50 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys -- (CompositeBus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
 
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
 
IE - HKU\S-1-5-21-328236176-1146243434-4001858858-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-328236176-1146243434-4001858858-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-328236176-1146243434-4001858858-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 73 7E C5 08 22 D2 01  [binary data]
IE - HKU\S-1-5-21-328236176-1146243434-4001858858-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-328236176-1146243434-4001858858-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bdwteffv20@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2017\ANTISPAM32\BDWTEFF\ [2016/10/06 13:20:27 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2017\BDTBEXT [2016/10/06 13:20:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bdwteffv20@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff\ [2016/10/06 13:20:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2016/10/06 13:20:06 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\TennVols-72\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
 
O1 HOSTS File: ([2016/10/10 01:54:23 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Bitdefender Wallet ) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll (Bitdefender)
O2 - BHO: (Bitdefender Wallet) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\pmbxie.dll (Bitdefender)
O3:64bit: - HKLM\..\Toolbar: (Bitdefender Wallet ) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (Bitdefender Wallet) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\pmbxie.dll (Bitdefender)
O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57af6b13-db5d-48c1-a7e7-08ff320e3e09}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
gfyu
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2016/10/10 21:30:13 | 000,000,000 | ---D | C] -- C:\Users\TennVols-72\Desktop\OTL Fix Lists
[2016/10/10 21:28:05 | 000,000,000 | ---D | C] -- C:\Users\TennVols-72\Desktop\OTL old
[2016/10/10 19:21:06 | 000,000,000 | ---D | C] -- C:\Users\TennVols-72\AppData\Local\VS Revo Group
[2016/10/10 19:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2016/10/10 19:20:59 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\WINDOWS\SysNative\drivers\revoflt.sys
[2016/10/10 19:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2016/10/10 19:20:57 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2016/10/10 17:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2016/10/10 17:21:44 | 000,000,000 | ---D | C] -- C:\Users\TennVols-72\Desktop\mbar
[2016/10/10 02:11:36 | 000,000,000 | ---D | C] -- C:\Users\TennVols-72\AppData\Local\ESET
[2016/10/10 02:02:53 | 000,000,000 | ---D | C] -- C:\Users\TennVols-72\Desktop\Bleeping Computer
[2016/10/10 01:46:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2016/10/10 01:24:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2016/10/10 01:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2016/10/10 01:24:01 | 000,000,000 | ---D | C] -- C:\Users\TennVols-72\AppData\Local\Programs
[2016/10/10 01:18:32 | 000,000,000 | ---D | C] -- C:\FRST
[2016/10/10 01:17:43 | 000,000,000 | ---D | C] -- C:\Users\TennVols-72\AppData\Local\NVIDIA
[2016/10/09 23:11:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2016/10/09 23:10:32 | 000,000,000 | ---D | C] -- C:\Windows.old
[2016/10/09 23:08:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\Microsoft
[2016/10/09 23:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2016/10/09 23:07:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2016/10/09 23:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2016/10/09 23:07:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2016/10/09 23:06:49 | 000,778,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
[2016/10/09 23:06:49 | 000,103,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2016/10/09 23:06:49 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TsWpfWrp.exe
[2016/10/09 23:06:44 | 001,166,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationNative_v0300.dll
[2016/10/09 23:06:44 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TsWpfWrp.exe
[2016/10/09 23:06:43 | 000,124,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2016/10/09 23:06:24 | 001,349,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2016/10/09 23:06:24 | 001,163,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2016/10/09 23:06:24 | 001,046,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2016/10/09 23:06:24 | 000,885,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2016/10/09 23:06:16 | 000,199,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wof.sys
[2016/10/09 21:01:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2016/10/09 20:14:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\DAX2
[2016/10/09 20:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2016/10/09 20:14:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\RTCOM
[2016/10/09 20:11:36 | 000,000,000 | ---D | C] -- C:\Users\TennVols-72\AppData\Local\Comms
[2016/10/09 20:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2016/10/09 20:06:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2016/10/09 20:06:31 | 000,608,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvStreaming.exe
[2016/10/09 20:05:49 | 003,522,168 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvsvc64.dll
[2016/10/09 20:05:49 | 000,062,584 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvshext.dll
[2016/10/09 20:05:48 | 002,557,616 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvsvcr.dll
[2016/10/09 20:05:47 | 006,783,280 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvcpl.dll
[2016/10/09 20:05:47 | 000,384,176 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvmctray.dll
[2016/10/09 20:04:37 | 000,082,744 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.dll
[2016/10/09 20:04:37 | 000,068,280 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.dll
[2016/10/09 20:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2016/10/09 20:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2016/10/09 19:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2017
[2016/10/09 19:58:59 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2016/10/09 19:58:36 | 000,023,672 | ---- | C] (Bitdefender) -- C:\WINDOWS\SysNative\drivers\bdelam.sys
[2016/10/09 19:58:31 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\capicom.dll
[2016/10/09 19:58:02 | 000,087,912 | ---- | C] (BitDefender) -- C:\WINDOWS\SysNative\drivers\bdvedisk.sys
[2016/10/09 19:57:58 | 000,850,464 | ---- | C] (BitDefender) -- C:\WINDOWS\SysNative\drivers\avckf.sys
[2016/10/09 19:57:57 | 001,603,264 | ---- | C] (BitDefender) -- C:\WINDOWS\SysNative\drivers\avc3.sys
[2016/10/09 19:57:37 | 000,300,840 | ---- | C] (Bitdefender) -- C:\WINDOWS\SysNative\drivers\ignis.sys
[2016/10/09 19:56:50 | 000,000,000 | R--D | C] -- C:\Users\TennVols-72\OneDrive
[2016/10/09 19:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2016/10/09 19:53:48 | 000,182,936 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\SysNative\drivers\gzflt.sys
[2016/10/09 19:53:46 | 000,520,032 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\SysNative\drivers\trufos.sys
[2016/10/09 19:51:20 | 000,000,000 | ---D | C] -- C:\Users\TennVols-72\AppData\Local\NetworkTiles
[2016/10/09 19:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft OneDrive
[2016/10/09 19:49:24 | 000,000,000 | ---D | C] -- C:\Users\TennVols-72\AppData\Local\Publishers
[2016/10/09 19:48:28 | 000,000,000 | ---D | C] -- C:\Users\TennVols-72\AppData\Local\Packages
[2016/10/09 19:48:28 | 000,000,000 | ---D | C] -- C:\Users\TennVols-72\AppData\Roaming\Adobe
[2016/10/09 19:48:22 | 000,000,000 | ---D | C] -- C:\Users\TennVols-72\AppData\Local\TileDataLayer
[2016/10/09 19:48:17 | 000,000,000 | ---D | C] -- C:\Users\TennVols-72\AppData\Local\ConnectedDevicesPlatform
[2016/10/09 19:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\USOShared
[2016/10/09 19:35:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2016/10/09 19:35:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2016/10/09 19:35:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2016/10/09 19:35:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2016/10/09 19:35:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2016/10/09 19:35:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2016/10/09 19:35:40 | 000,000,000 | -HSD | C] -- C:\Recovery
[2016/10/09 19:24:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeechEngines
[2016/10/09 19:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2016/10/09 19:23:19 | 000,000,000 | --SD | C] -- C:\Users\TennVols-72\AppData\Roaming\Microsoft
[2016/10/09 19:23:19 | 000,000,000 | R--D | C] -- C:\Users\TennVols-72\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[2016/10/09 19:23:19 | 000,000,000 | R--D | C] -- C:\Users\TennVols-72\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2016/10/09 19:23:19 | 000,000,000 | R--D | C] -- C:\Users\TennVols-72\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2016/10/09 19:23:19 | 000,000,000 | R--D | C] -- C:\Users\TennVols-72\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2016/10/09 19:23:19 | 000,000,000 | -HSD | C] -- C:\Users\TennVols-72\AppData\Local\Temporary Internet Files
[2016/10/09 19:23:19 | 000,000,000 | -HSD | C] -- C:\Users\TennVols-72\Templates
[2016/10/09 19:23:19 | 000,000,000 | -HSD | C] -- C:\Users\TennVols-72\Start Menu
[2016/10/09 19:23:19 | 000,000,000 | -HSD | C] -- C:\Users\TennVols-72\SendTo
[2016/10/09 19:23:19 | 000,000,000 | -HSD | C] -- C:\Users\TennVols-72\Recent
[2016/10/09 19:23:19 | 000,000,000 | -HSD | C] -- C:\Users\TennVols-72\PrintHood
[2016/10/09 19:23:19 | 000,000,000 | -HSD | C] -- C:\Users\TennVols-72\NetHood
[2016/10/09 19:23:19 | 000,000,000 | -HSD | C] -- C:\Users\TennVols-72\Documents\My Videos
[2016/10/09 19:23:19 | 000,000,000 | -HSD | C] -- C:\Users\TennVols-72\Documents\My Pictures
[2016/10/09 19:23:19 | 000,000,000 | -HSD | C] -- C:\Users\TennVols-72\Documents\My Music
[2016/10/09 19:23:19 | 000,000,000 | -HSD | C] -- C:\Users\TennVols-72\My Documents
[2016/10/09 19:23:19 | 000,000,000 | -HSD | C] -- C:\Users\TennVols-72\Local Settings
[2016/10/09 19:23:19 | 000,000,000 | -HSD | C] -- C:\Users\TennVols-72\AppData\Local\History
[2016/10/09 19:23:19 | 000,000,000 | -HSD | C] -- C:\Users\TennVols-72\Cookies
[2016/10/09 19:23:19 | 000,000,000 | -HSD | C] -- C:\Users\TennVols-72\Application Data
[2016/10/09 19:23:19 | 000,000,000 | -HSD | C] -- C:\Users\TennVols-72\AppData\Local\Application Data
[2016/10/09 19:23:19 | 000,000,000 | -H-D | C] -- C:\Users\TennVols-72\AppData
[2016/10/09 19:23:19 | 000,000,000 | ---D | C] -- C:\Users\TennVols-72\AppData\Local\Temp
[2016/10/09 19:23:19 | 000,000,000 | ---D | C] -- C:\Users\TennVols-72\AppData\Local\Microsoft
[2016/10/09 19:23:19 | 000,000,000 | ---D | C] -- C:\Users\TennVols-72\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2016/10/09 19:19:05 | 002,716,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PrintConfig.dll
[2016/10/09 19:16:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2016/10/09 19:15:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\SleepStudy
[2016/10/09 19:15:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServiceProfiles
[2016/10/09 17:39:30 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~BT
[2016/10/09 17:25:10 | 000,000,000 | ---D | C] -- C:\ESD
[2016/10/09 17:24:00 | 000,000,000 | -H-D | C] -- C:\$Windows.~WS
[2016/10/09 17:23:48 | 000,000,000 | ---D | C] -- C:\RescueCD Logs
[2016/10/09 17:22:46 | 000,000,000 | ---D | C] -- C:\Users\TennVols-72\AppData\Roaming\Bitdefender
[2016/10/09 17:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender Device Management
[2016/10/09 17:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2016/10/09 17:07:50 | 000,000,000 | ---D | C] -- C:\Users\TennVols-72\AppData\Roaming\QuickScan
[2016/10/09 17:07:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2016/10/09 17:05:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender Agent
[2016/10/09 17:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender Agent
[2016/10/09 08:11:56 | 000,000,000 | ---D | C] -- C:\Windows.old.001
[2016/10/09 07:24:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2016/10/09 04:41:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2016/10/09 04:41:50 | 000,000,000 | ---D | C] -- C:\Users\TennVols-72\AppData\Local\Google
[2016/10/09 04:41:27 | 000,000,000 | ---D | C] -- C:\Users\TennVols-72\AppData\Local\Apps
[2016/10/09 04:39:20 | 000,000,000 | R--D | C] -- C:\Users\TennVols-72\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2016/10/09 04:39:20 | 000,000,000 | R--D | C] -- C:\Users\TennVols-72\Searches
[2016/10/09 04:39:20 | 000,000,000 | R--D | C] -- C:\Users\TennVols-72\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2016/10/09 04:39:19 | 000,000,000 | -H-D | C] -- C:\Users\TennVols-72\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2016/10/09 04:38:54 | 000,000,000 | ---D | C] -- C:\Users\TennVols-72\AppData\Roaming\Identities
[2016/10/09 04:38:45 | 000,000,000 | R--D | C] -- C:\Users\TennVols-72\Contacts
[2016/10/09 04:38:33 | 000,000,000 | ---D | C] -- C:\Users\TennVols-72\AppData\Local\VirtualStore
[2016/10/09 04:38:05 | 000,000,000 | R--D | C] -- C:\Users\TennVols-72\Videos
[2016/10/09 04:38:05 | 000,000,000 | R--D | C] -- C:\Users\TennVols-72\Saved Games
[2016/10/09 04:38:05 | 000,000,000 | R--D | C] -- C:\Users\TennVols-72\Pictures
[2016/10/09 04:38:05 | 000,000,000 | R--D | C] -- C:\Users\TennVols-72\Music
[2016/10/09 04:38:05 | 000,000,000 | R--D | C] -- C:\Users\TennVols-72\Links
[2016/10/09 04:38:05 | 000,000,000 | R--D | C] -- C:\Users\TennVols-72\Favorites
[2016/10/09 04:38:05 | 000,000,000 | R--D | C] -- C:\Users\TennVols-72\Downloads
[2016/10/09 04:38:05 | 000,000,000 | R--D | C] -- C:\Users\TennVols-72\Documents
[2016/10/09 04:38:05 | 000,000,000 | R--D | C] -- C:\Users\TennVols-72\Desktop
[2016/10/09 04:38:05 | 000,000,000 | ---D | C] -- C:\Users\TennVols-72\AppData\Roaming\Media Center Programs
[2016/10/08 00:48:13 | 000,000,000 | ---D | C] -- C:\Windows.old.000
[2016/10/07 21:31:02 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\WINDOWS\SysWow64\Windows.UI.CredDialogController.bad.virus-Gen:Variant.Graftor.12239
File not found -- C:\WINDOWS\SysWow64\pla.bad.virus-Gen:Variant.Graftor.7549
File not found -- C:\WINDOWS\SysWow64\GamePanelExternalHook.bad.virus-Gen:Variant.Symmi.58329
File not found -- C:\WINDOWS\SysWow64\bthudtask.bad.virus-Gen:Variant.Strictor.58214
[2016/10/10 21:17:20 | 000,002,356 | ---- | M] () -- C:\Users\TennVols-72\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2016/10/10 21:16:51 | 000,002,332 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016/10/10 20:53:50 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2016/10/10 20:53:49 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2016/10/10 19:21:00 | 000,001,146 | ---- | M] () -- C:\Users\TennVols-72\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2016/10/10 19:21:00 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2016/10/10 17:23:16 | 001,014,036 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2016/10/10 17:23:16 | 000,845,246 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2016/10/10 17:23:16 | 000,169,304 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2016/10/10 17:18:29 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job
[2016/10/10 17:18:00 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2016/10/10 01:54:23 | 000,000,824 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts
[2016/10/10 01:50:57 | 419,694,130 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2016/10/09 23:06:24 | 001,349,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2016/10/09 23:06:24 | 001,163,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2016/10/09 23:06:24 | 001,046,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2016/10/09 23:06:24 | 000,885,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2016/10/09 23:06:16 | 000,199,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wof.sys
[2016/10/09 20:56:19 | 000,194,192 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2016/10/09 20:21:28 | 524,288,512 | ---- | M] () -- C:\Users\TennVols-72\Documents\Vols Nation 2.bvd
[2016/10/09 20:15:04 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl
[2016/10/09 20:00:45 | 000,000,385 | ---- | M] () -- C:\WINDOWS\SysNative\user_gensett.xml
[2016/10/09 20:00:27 | 000,383,721 | ---- | M] () -- C:\ProgramData\cl.1476057214.bdinstall.bin
[2016/10/09 19:59:19 | 000,253,404 | -H-- | M] () -- C:\bdr-ld03
[2016/10/09 19:59:19 | 000,009,216 | -H-- | M] () -- C:\bdr-ld03.mbr
[2016/10/09 19:59:19 | 000,000,684 | -H-- | M] () -- C:\bdr-cf03
[2016/10/09 19:59:09 | 000,002,299 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender 2017.lnk
[2016/10/09 19:51:33 | 000,027,048 | ---- | M] () -- C:\ProgramData\agent.1476057087.bdinstall.bin
[2016/10/09 19:50:19 | 000,039,052 | ---- | M] () -- C:\ProgramData\dm.1476056952.bdinstall.bin
[2016/10/09 19:35:00 | 000,007,623 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2016/10/09 19:34:59 | 000,007,623 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2016/10/09 19:33:19 | 000,022,744 | ---- | M] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2016/10/09 18:52:11 | 000,020,272 | -H-- | M] () -- C:\WINDOWS\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016/10/09 18:52:11 | 000,020,272 | -H-- | M] () -- C:\WINDOWS\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016/10/09 18:47:37 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2016/10/09 17:22:50 | 000,054,718 | ---- | M] () -- C:\ProgramData\dm.1476048124.bdinstall.bin
[2016/10/09 17:19:17 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2016/10/09 17:05:20 | 000,046,255 | ---- | M] () -- C:\ProgramData\agent.1476047108.bdinstall.bin
[2016/10/09 07:24:43 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2016/10/09 04:40:02 | 000,001,437 | ---- | M] () -- C:\Users\TennVols-72\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2016/10/07 23:20:46 | 000,253,404 | -H-- | M] () -- C:\bdr-ld02
[2016/10/07 23:20:46 | 000,009,216 | -H-- | M] () -- C:\bdr-ld02.mbr
[2016/10/07 23:20:46 | 000,000,684 | -H-- | M] () -- C:\bdr-cf02
[2016/10/07 19:24:36 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01
[2016/10/07 19:24:36 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr
[2016/10/07 19:24:36 | 000,000,684 | -H-- | M] () -- C:\bdr-cf01
 
========== Files Created - No Company Name ==========
 
File not found -- C:\WINDOWS\SysWow64\Windows.UI.CredDialogController.bad.virus-Gen:Variant.Graftor.12239
File not found -- C:\WINDOWS\SysWow64\pla.bad.virus-Gen:Variant.Graftor.7549
File not found -- C:\WINDOWS\SysWow64\GamePanelExternalHook.bad.virus-Gen:Variant.Symmi.58329
File not found -- C:\WINDOWS\SysWow64\bthudtask.bad.virus-Gen:Variant.Strictor.58214
[2016/10/10 21:16:51 | 000,002,356 | ---- | C] () -- C:\Users\TennVols-72\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2016/10/10 21:16:51 | 000,002,332 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016/10/10 19:21:00 | 000,001,146 | ---- | C] () -- C:\Users\TennVols-72\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2016/10/10 19:21:00 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2016/10/09 23:11:57 | 000,036,799 | ---- | C] () -- C:\WINDOWS\SysWow64\license.rtf
[2016/10/09 23:11:57 | 000,036,799 | ---- | C] () -- C:\WINDOWS\SysNative\license.rtf
[2016/10/09 21:04:45 | 000,000,214 | ---- | C] () -- C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job
[2016/10/09 20:15:04 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2016/10/09 20:09:59 | 524,288,512 | ---- | C] () -- C:\Users\TennVols-72\Documents\Vols Nation 2.bvd
[2016/10/09 20:05:48 | 005,972,783 | ---- | C] () -- C:\WINDOWS\SysNative\nvcoproc.bin
[2016/10/09 20:00:45 | 000,000,385 | ---- | C] () -- C:\WINDOWS\SysNative\user_gensett.xml
[2016/10/09 20:00:27 | 000,383,721 | ---- | C] () -- C:\ProgramData\cl.1476057214.bdinstall.bin
[2016/10/09 19:59:19 | 000,000,684 | -H-- | C] () -- C:\bdr-cf03
[2016/10/09 19:59:09 | 000,002,299 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender 2017.lnk
[2016/10/09 19:56:49 | 000,002,425 | ---- | C] () -- C:\Users\TennVols-72\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[2016/10/09 19:56:47 | 003,271,472 | -H-- | C] () -- C:\bdr-bz03
[2016/10/09 19:56:47 | 000,009,216 | -H-- | C] () -- C:\bdr-ld03.mbr
[2016/10/09 19:56:46 | 049,758,821 | -H-- | C] () -- C:\bdr-im03.gz
[2016/10/09 19:56:46 | 000,253,404 | -H-- | C] () -- C:\bdr-ld03
[2016/10/09 19:51:33 | 000,027,048 | ---- | C] () -- C:\ProgramData\agent.1476057087.bdinstall.bin
[2016/10/09 19:50:19 | 000,039,052 | ---- | C] () -- C:\ProgramData\dm.1476056952.bdinstall.bin
[2016/10/09 19:36:32 | 001,014,036 | ---- | C] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2016/10/09 19:34:55 | 000,007,623 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2016/10/09 19:34:55 | 000,007,623 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2016/10/09 19:33:19 | 000,022,744 | ---- | C] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2016/10/09 19:28:57 | 3220,525,056 | -HS- | C] () -- C:\hiberfil.sys
[2016/10/09 19:25:32 | 000,001,576 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2016/10/09 19:23:19 | 000,000,352 | ---- | C] () -- C:\Users\TennVols-72\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2016/10/09 19:23:19 | 000,000,334 | ---- | C] () -- C:\Users\TennVols-72\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2016/10/09 19:17:33 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2016/10/09 19:15:32 | 000,194,192 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2016/10/09 19:15:14 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2016/10/09 17:22:50 | 000,054,718 | ---- | C] () -- C:\ProgramData\dm.1476048124.bdinstall.bin
[2016/10/09 17:13:03 | 419,694,130 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2016/10/09 17:05:20 | 000,046,255 | ---- | C] () -- C:\ProgramData\agent.1476047108.bdinstall.bin
[2016/10/09 07:24:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2016/10/09 04:42:51 | 000,002,344 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[2016/10/09 04:42:06 | 000,000,908 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2016/10/09 04:42:02 | 000,000,904 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2016/10/09 04:40:02 | 000,001,437 | ---- | C] () -- C:\Users\TennVols-72\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2016/10/07 23:20:46 | 000,000,684 | -H-- | C] () -- C:\bdr-cf02
[2016/10/07 23:20:05 | 003,271,472 | -H-- | C] () -- C:\bdr-bz02
[2016/10/07 23:20:05 | 000,009,216 | -H-- | C] () -- C:\bdr-ld02.mbr
[2016/10/07 23:20:04 | 049,758,821 | -H-- | C] () -- C:\bdr-im02.gz
[2016/10/07 23:20:04 | 000,253,404 | -H-- | C] () -- C:\bdr-ld02
[2016/10/07 19:24:36 | 000,000,684 | -H-- | C] () -- C:\bdr-cf01
[2016/10/07 19:23:55 | 003,271,472 | -H-- | C] () -- C:\bdr-bz01
[2016/10/07 19:23:55 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr
[2016/10/07 19:23:54 | 049,758,821 | -H-- | C] () -- C:\bdr-im01.gz
[2016/10/07 19:23:54 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01
[2016/07/16 07:47:57 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2016/07/16 07:47:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2016/07/16 07:43:04 | 000,055,296 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2016/07/16 07:42:56 | 000,185,368 | ---- | C] () -- C:\WINDOWS\SysWow64\weretw.dll
[2016/07/16 07:42:55 | 002,048,496 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2016/07/16 07:42:55 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2016/07/16 07:42:55 | 000,038,400 | ---- | C] () -- C:\WINDOWS\SysWow64\dtdump.exe
[2016/07/16 07:42:54 | 000,265,728 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Perception.Stub.dll
[2016/07/16 07:42:53 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2016/07/16 07:42:49 | 000,304,640 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
[2016/07/16 07:42:48 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2016/07/16 07:42:46 | 000,109,056 | ---- | C] () -- C:\WINDOWS\SysWow64\chartv.dll
[2016/07/16 07:42:46 | 000,031,232 | ---- | C] () -- C:\WINDOWS\SysWow64\efsext.dll
[2016/07/16 07:42:45 | 000,336,896 | ---- | C] () -- C:\WINDOWS\SysWow64\msinfo32.exe
[2016/07/16 07:42:43 | 000,002,307 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2016/07/16 07:42:12 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2016/07/16 07:42:06 | 007,222,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2016/07/16 07:42:54 | 005,723,344 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2016/07/16 07:42:31 | 000,977,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2016/07/16 07:42:56 | 000,779,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2016/07/16 07:42:31 | 000,518,656 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2016/10/09 19:56:53 | 000,000,000 | ---D | M] -- C:\Users\TennVols-72\AppData\Roaming\Bitdefender
[2016/10/09 17:07:50 | 000,000,000 | ---D | M] -- C:\Users\TennVols-72\AppData\Roaming\QuickScan
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
No service found with a name of AeLookupSvc
SRV:64bit: - [2016/07/16 07:42:19 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2016/07/16 07:42:39 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2016/07/16 07:42:06 | 001,052,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2016/07/16 07:42:09 | 000,795,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2016/07/16 07:42:27 | 000,096,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2016/07/16 07:42:55 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV:64bit: - [2016/07/16 07:42:17 | 000,453,632 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2016/07/16 07:42:46 | 000,347,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2016/07/16 07:43:10 | 000,134,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2016/07/16 07:42:27 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2016/07/16 07:42:27 | 000,888,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2016/07/16 07:42:27 | 000,360,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2016/07/16 07:42:55 | 000,292,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2016/07/16 07:42:27 | 000,264,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2016/07/16 07:42:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2016/07/16 07:42:18 | 000,036,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2016/07/16 07:42:46 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2016/07/16 07:42:38 | 000,541,696 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2016/07/16 07:42:11 | 000,391,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2016/07/16 07:42:16 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
No service found with a name of MMCSS
SRV:64bit: - [2016/07/16 07:42:12 | 000,259,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2016/07/16 07:42:12 | 000,519,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2016/07/16 07:43:50 | 000,368,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2016/07/16 07:42:27 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2016/07/16 07:42:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2016/07/16 07:42:39 | 000,787,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
SRV:64bit: - [2016/07/16 07:42:04 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2016/07/16 07:42:38 | 000,647,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2016/07/16 07:42:27 | 000,888,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2016/07/16 07:42:27 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2016/07/16 07:42:27 | 000,057,400 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2016/07/16 07:43:47 | 000,187,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2016/07/16 07:42:27 | 000,305,152 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2016/07/16 07:42:40 | 000,617,472 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2016/07/16 07:43:04 | 000,566,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2016/07/16 07:42:36 | 000,948,224 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2016/07/16 07:42:39 | 000,309,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2016/07/16 07:43:02 | 000,254,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2016/07/16 07:42:42 | 000,070,656 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2016/07/16 07:42:27 | 000,358,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2016/07/16 07:42:15 | 001,443,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2016/07/16 07:42:22 | 000,944,640 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv)
SRV:64bit: - [2016/07/16 07:42:22 | 000,337,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2016/07/16 07:43:47 | 000,147,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2016/07/16 07:43:04 | 000,103,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2016/07/16 07:42:36 | 001,708,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog)
SRV:64bit: - [2016/07/16 07:42:06 | 000,893,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2016/07/16 07:43:50 | 000,646,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2016/07/16 07:42:13 | 000,065,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\msiexec.exe -- (msiserver)
SRV - [2016/07/16 07:42:45 | 000,058,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2016/07/16 07:42:31 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2016/07/16 07:42:09 | 002,314,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2016/07/16 07:42:13 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2016/07/16 07:42:13 | 002,368,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc)
SRV:64bit: - [2016/07/16 07:42:27 | 000,283,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
< %systemdrive%\*.exe >
 iiuji
< MD5 for: EXPLORER.EXE  >
[2016/07/16 07:42:40 | 004,673,304 | ---- | M] (Microsoft Corporation) MD5=05181A5AC4197D6C5C02ACE6070AF234 -- C:\Windows\explorer.exe
[2016/07/16 07:42:40 | 004,673,304 | ---- | M] (Microsoft Corporation) MD5=05181A5AC4197D6C5C02ACE6070AF234 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_10.0.14393.0_none_7f29128d906f1326\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old.001\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows.old.001\Windows\SysWOW64\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows.old.001\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows.old\Windows\SysWOW64\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2016/07/16 07:43:04 | 004,312,248 | ---- | M] (Microsoft Corporation) MD5=8931C71ADDC9B0944332336B9F4A3505 -- C:\Windows\SysWOW64\explorer.exe
[2016/07/16 07:43:04 | 004,312,248 | ---- | M] (Microsoft Corporation) MD5=8931C71ADDC9B0944332336B9F4A3505 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.14393.0_none_897dbcdfc4cfd521\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows.old.001\Windows\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows.old.001\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows.old\Windows\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows.old.001\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
 
< MD5 for: SERVICES  >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows.old.001\Windows\System32\drivers\etc\services
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows.old.001\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
[2016/07/16 08:32:08 | 000,003,998 | ---- | M] () MD5=FBB1AF2D54D04362629A036256472350 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_10.0.14393.0_none_62b408f17bc49699\services
 
< MD5 for: SERVICES.EXE  >
[2016/07/16 07:42:27 | 000,454,600 | ---- | M] (Microsoft Corporation) MD5=133390D061D94917125DC666DA67ECD0 -- C:\WINDOWS\SysNative\services.exe
[2016/07/16 07:42:27 | 000,454,600 | ---- | M] (Microsoft Corporation) MD5=133390D061D94917125DC666DA67ECD0 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.14393.0_none_6c8d30ea1355e3dc\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows.old.001\Windows\System32\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows.old.001\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows.old\Windows\System32\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2016/07/16 10:13:00 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=0EFE406646E3D327884D481FF893AF92 -- C:\Users\TennVols-72\AppData\Local\Temp\services.exe.mui
[2016/07/16 10:13:00 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=0EFE406646E3D327884D481FF893AF92 -- C:\WINDOWS\SysNative\en-US\services.exe.mui
[2016/07/16 10:13:00 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=0EFE406646E3D327884D481FF893AF92 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_10.0.14393.0_en-us_9771b2923ca7d228\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows.old.001\Windows\System32\en-US\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows.old.001\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows.old\Windows\System32\en-US\services.exe.mui
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2016/07/16 07:42:13 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2016/07/16 07:42:13 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2016/07/16 07:42:13 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2016/07/16 07:42:13 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_10.0.14393.0_none_fcd84e1f5c6d894a\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Documents and Settings\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Documents and Settings\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\ProgramData\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\ProgramData\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\ProgramData\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\ProgramData\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\ProgramData\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\ProgramData\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\ProgramData\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\ProgramData\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Users\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Users\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Users\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Users\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Users\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Users\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Users\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Users\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old.001\Users\All Users\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old.001\Windows\System32\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old.001\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\System32\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
[2016/07/16 07:42:35 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\SysNative\wbem\services.mof
[2016/07/16 07:42:35 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_10.0.14393.0_none_fcd42be2e3fba571\services.mof
 
< MD5 for: SERVICES.MSC  >
[2016/07/16 10:12:53 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\WINDOWS\SysNative\en-US\services.msc
[2016/07/16 07:42:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\WINDOWS\SysNative\services.msc
[2016/07/16 10:13:07 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\en-US\services.msc
[2016/07/16 07:42:43 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\services.msc
[2016/07/16 10:12:53 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_10.0.14393.0_en-us_d1b3827e13116c1b\services.msc
[2016/07/16 07:42:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_10.0.14393.0_none_fcd84e1f5c6d894a\services.msc
[2016/07/16 07:42:43 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_10.0.14393.0_none_072cf87190ce4b45\services.msc
[2016/07/16 10:13:07 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_10.0.14393.0_en-us_7594e6fa5ab3fae5\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old.001\Windows\System32\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old.001\Windows\System32\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old.001\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old.001\Windows\SysWOW64\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old.001\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old.001\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old.001\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old.001\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\System32\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\System32\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\SysWOW64\services.msc
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old.001\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old.001\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SVCHOST.EXE  >
[2016/07/16 07:42:55 | 000,038,792 | ---- | M] (Microsoft Corporation) MD5=1F8434DD4907C832E6E90D6298EAB85B -- C:\Windows\SysWOW64\svchost.exe
[2016/07/16 07:42:55 | 000,038,792 | ---- | M] (Microsoft Corporation) MD5=1F8434DD4907C832E6E90D6298EAB85B -- C:\Windows\WinSxS\wow64_microsoft-windows-services-svchost_31bf3856ad364e35_10.0.14393.0_none_ed846f6e50612447\svchost.exe
[2016/07/16 07:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) MD5=36F670D89040709013F6A460176767EC -- C:\WINDOWS\SysNative\svchost.exe
[2016/07/16 07:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) MD5=36F670D89040709013F6A460176767EC -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_10.0.14393.0_none_e32fc51c1c00624c\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old.001\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old.001\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old.001\Windows\System32\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old.001\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\System32\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows.old.001\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows.old.001\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows.old\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old.001\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old.001\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows.old.001\Windows\System32\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows.old.001\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows.old\Windows\System32\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[2016/07/16 07:42:27 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=C1B1FFC800BE2F31EB2CF8CB40629C69 -- C:\WINDOWS\SysNative\userinit.exe
[2016/07/16 07:42:27 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=C1B1FFC800BE2F31EB2CF8CB40629C69 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_10.0.14393.0_none_099d2590e8629c72\userinit.exe
[2016/07/16 07:42:55 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=FA900E6CCCF0A429D5B720C6F0E2274B -- C:\Windows\SysWOW64\userinit.exe
[2016/07/16 07:42:55 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=FA900E6CCCF0A429D5B720C6F0E2274B -- C:\Windows\WinSxS\wow64_microsoft-windows-userinit_31bf3856ad364e35_10.0.14393.0_none_13f1cfe31cc35e6d\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows.old.001\Windows\System32\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows.old.001\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows.old\Windows\System32\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows.old.001\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2016/07/16 07:42:20 | 000,674,304 | ---- | M] (Microsoft Corporation) MD5=770DB86BF679CA34FC927F25FBAA350C -- C:\WINDOWS\SysNative\winlogon.exe
[2016/07/16 07:42:20 | 000,674,304 | ---- | M] (Microsoft Corporation) MD5=770DB86BF679CA34FC927F25FBAA350C -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_10.0.14393.0_none_9d376c91eba4205c\winlogon.exe
 
< End of report >

My apologies, here it is:

Farbar Recovery Scan Tool (x64) Version: 13-10-2016
Ran by TennVols-72 (14-10-2016 12:31:15)
Running from C:\Users\TennVols-72\Desktop\Bleeping Computer\FRST64
Boot Mode: Normal
 
================== Search Files: "csrss.exe" =============
 
C:\Windows.old.001\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
[2009-07-13 19:19][2009-07-13 21:39] 0007680 ____A (Microsoft Corporation) 60C2862B4BF0FD9F582EF344C2B1EC72 [File not signed]
 
C:\Windows.old.001\Windows\System32\csrss.exe
[2009-07-13 19:19][2009-07-13 21:39] 0007680 ____A (Microsoft Corporation) 60C2862B4BF0FD9F582EF344C2B1EC72 [File not signed]
 
C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
[2009-07-13 19:19][2009-07-13 21:39] 0007680 ____A (Microsoft Corporation) 60C2862B4BF0FD9F582EF344C2B1EC72 [File not signed]
 
C:\Windows.old\Windows\System32\csrss.exe
[2009-07-13 19:19][2009-07-13 21:39] 0007680 ____A (Microsoft Corporation) 60C2862B4BF0FD9F582EF344C2B1EC72 [File not signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-csrss_31bf3856ad364e35_10.0.14393.0_none_86584f52fac852b3\csrss.exe
[2016-07-16 07:42][2016-07-16 07:42] 0018144 ____A (Microsoft Corporation) 77DBC745D957B4F0404ABABC10696784 [File is digitally signed]
 
C:\Windows\System32\csrss.exe
[2016-07-16 07:42][2016-07-16 07:42] 0018144 ____A (Microsoft Corporation) 77DBC745D957B4F0404ABABC10696784 [File is digitally signed]
 
====== End of Search ======


#15 BOV72

BOV72
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, United States
  • Local time:06:43 PM

Posted 14 October 2016 - 11:45 AM

Sorry NASDAQ here is the repost:

 

Farbar Recovery Scan Tool (x64) Version: 13-10-2016
Ran by TennVols-72 (14-10-2016 12:31:15)
Running from C:\Users\TennVols-72\Desktop\Bleeping Computer\FRST64
Boot Mode: Normal
 
================== Search Files: "csrss.exe" =============
 
C:\Windows.old.001\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
[2009-07-13 19:19][2009-07-13 21:39] 0007680 ____A (Microsoft Corporation) 60C2862B4BF0FD9F582EF344C2B1EC72 [File not signed]
 
C:\Windows.old.001\Windows\System32\csrss.exe
[2009-07-13 19:19][2009-07-13 21:39] 0007680 ____A (Microsoft Corporation) 60C2862B4BF0FD9F582EF344C2B1EC72 [File not signed]
 
C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
[2009-07-13 19:19][2009-07-13 21:39] 0007680 ____A (Microsoft Corporation) 60C2862B4BF0FD9F582EF344C2B1EC72 [File not signed]
 
C:\Windows.old\Windows\System32\csrss.exe
[2009-07-13 19:19][2009-07-13 21:39] 0007680 ____A (Microsoft Corporation) 60C2862B4BF0FD9F582EF344C2B1EC72 [File not signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-csrss_31bf3856ad364e35_10.0.14393.0_none_86584f52fac852b3\csrss.exe
[2016-07-16 07:42][2016-07-16 07:42] 0018144 ____A (Microsoft Corporation) 77DBC745D957B4F0404ABABC10696784 [File is digitally signed]
 
C:\Windows\System32\csrss.exe
[2016-07-16 07:42][2016-07-16 07:42] 0018144 ____A (Microsoft Corporation) 77DBC745D957B4F0404ABABC10696784 [File is digitally signed]
 
====== End of Search ======





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users