Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible rootkit


  • This topic is locked This topic is locked
6 replies to this topic

#1 crisgp

crisgp

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 16 March 2018 - 04:09 PM

Hello there. So I started getting random bsod crashes, sometimes with buzzing noises. Updated some drivers and that seemed to help but I ran malwarebytes and gmer to be safe. Malwarebytes finds nothing but gmer keeps crashing to bsod with the code DRIVER_IRQL_NOT_LESS_OR _EQUAL what failed: pflyypob.sys. I am suspicious because someone just tried to scam me on craigslist and I downloaded the profile pic from his email so I could google it. (It turned out to be from a news article about Afghanistan, he claimed to be in the military.) The problems started immediately after that. I have attached the requested text files. Thanks in advance!

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Chivoblack (administrator) on LAPTOP-NSNU8E5M (16-03-2018 13:50:41)
Running from C:\Users\Chivoblack\Downloads
Loaded Profiles: Chivoblack (Available Profiles: Chivoblack)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b326a764554caf41\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b326a764554caf41\IntelCpHDCPSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b326a764554caf41\IntelCpHeciSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUSTeK COMPUTER INC\ROG Gaming Center\ROGGamingKey.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b326a764554caf41\igfxEM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\Pub\PubMonitor.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKU\S-1-5-21-1686104792-881334532-2590191495-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5ff23220-3140-48f3-9e44-8ca456a9eee1}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1686104792-881334532-2590191495-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-03-01] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: x6sc54bw.default-1517417408912
FF ProfilePath: C:\Users\Chivoblack\AppData\Roaming\Mozilla\Firefox\Profiles\x6sc54bw.default-1517417408912 [2018-03-16]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-03-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-09-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-09-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1686104792-881334532-2590191495-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Chivoblack\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-02-26] (Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Chivoblack\AppData\Local\Google\Chrome\User Data\Default [2018-03-16]
CHR Extension: (Slides) - C:\Users\Chivoblack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-19]
CHR Extension: (Docs) - C:\Users\Chivoblack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-19]
CHR Extension: (Google Drive) - C:\Users\Chivoblack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-19]
CHR Extension: (YouTube) - C:\Users\Chivoblack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-19]
CHR Extension: (Adblock Plus) - C:\Users\Chivoblack\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-03-16]
CHR Extension: (Adobe Acrobat) - C:\Users\Chivoblack\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-02-13]
CHR Extension: (Sheets) - C:\Users\Chivoblack\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-19]
CHR Extension: (Google Docs Offline) - C:\Users\Chivoblack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chivoblack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-19]
CHR Extension: (Gmail) - C:\Users\Chivoblack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-19]
CHR Extension: (Chrome Media Router) - C:\Users\Chivoblack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-13]
CHR Profile: C:\Users\Chivoblack\AppData\Local\Google\Chrome\User Data\System Profile [2018-03-16]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AsHidService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [127864 2017-07-28] (ASUSTek Computer Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7002120 2018-01-25] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962800 2018-02-22] (Microsoft Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542392 2017-11-17] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-10-05] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2017-10-24] ()
S3 ROGGamingCenterService; C:\Program Files (x86)\ASUSTeK COMPUTER INC\ROG Gaming Center\ROGGamingCenterService.exe [40312 2017-06-08] (ASUSTeK COMPUTER INC.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-02] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-02] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [18264 2017-05-11] (Intel® Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758760 2017-10-24] (Intel® Corporation)
S3 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [99320 2016-10-11] (ASUS Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [31112 2017-05-02] (ASUS)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-03-16] (REALiX™)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136200 2017-11-17] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37912 2017-04-18] (Intel Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-03-16] (Malwarebytes)
S1 MpKsl4c6d9c31; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{58855E8C-D776-48FC-B873-4219A14D4B53}\MpKsl4c6d9c31.sys [58120 2018-03-16] () [File not signed]
S1 MpKslb0b9b914; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{58855E8C-D776-48FC-B873-4219A14D4B53}\MpKslb0b9b914.sys [58120 2018-03-16] () [File not signed]
R1 MpKsldb8189c6; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{58855E8C-D776-48FC-B873-4219A14D4B53}\MpKsldb8189c6.sys [58120 2018-03-16] (Microsoft Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7647232 2017-11-22] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_85e3b134be9efb31\nvlddmkm.sys [15629720 2018-01-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2018-03-16] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-05-03] (NVIDIA Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2018-03-16] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1024848 2018-03-16] (Realtek )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-02] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-02] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-02] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-16 13:50 - 2018-03-16 13:50 - 000017298 _____ C:\Users\Chivoblack\Downloads\FRST.txt
2018-03-16 13:50 - 2018-03-16 13:50 - 000000000 ____D C:\FRST
2018-03-16 13:46 - 2018-03-16 13:46 - 002403328 _____ (Farbar) C:\Users\Chivoblack\Downloads\FRST64.exe
2018-03-16 13:35 - 2018-03-16 13:35 - 001301172 _____ C:\WINDOWS\Minidump\031618-6218-01.dmp
2018-03-16 13:27 - 2018-03-16 13:27 - 000607604 _____ C:\WINDOWS\Minidump\031618-6125-01.dmp
2018-03-16 13:25 - 2018-03-16 13:26 - 000316206 _____ C:\WINDOWS\ntbtlog.txt
2018-03-16 13:25 - 2018-03-16 13:25 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-03-16 13:05 - 2018-03-16 13:05 - 001499732 _____ C:\WINDOWS\Minidump\031618-7437-01.dmp
2018-03-16 13:01 - 2018-03-16 13:25 - 098041856 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-03-16 12:58 - 2018-03-16 13:01 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2018-03-16 12:29 - 2018-03-16 12:29 - 001464860 _____ C:\WINDOWS\Minidump\031618-6312-01.dmp
2018-03-16 11:53 - 2018-03-16 11:53 - 015333512 _____ (Piriform Ltd) C:\Users\Chivoblack\Downloads\ccsetup541.exe
2018-03-16 11:26 - 2018-03-16 13:35 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-16 11:26 - 2018-03-16 11:26 - 002214596 _____ C:\WINDOWS\Minidump\031618-7562-01.dmp
2018-03-16 11:11 - 2018-03-16 11:13 - 000000000 ____D C:\WINDOWS\LastGood
2018-03-16 11:11 - 2018-03-16 11:11 - 000191648 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaLPSS2_I2C.sys
2018-03-16 10:58 - 2018-03-16 13:40 - 000003058 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Chivoblack)
2018-03-16 10:58 - 2018-03-16 11:13 - 000002351 _____ C:\Users\Public\Desktop\Driver Booster 5.lnk
2018-03-16 10:58 - 2018-03-16 10:59 - 000000000 ____D C:\Users\Chivoblack\AppData\LocalLow\IObit
2018-03-16 10:58 - 2018-03-16 10:58 - 000027552 _____ (REALiX™) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2018-03-16 10:58 - 2018-03-16 10:58 - 000003404 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2018-03-16 10:58 - 2018-03-16 10:58 - 000000000 ____D C:\WINDOWS\IObit
2018-03-16 10:58 - 2018-03-16 10:58 - 000000000 ____D C:\ProgramData\ProductData
2018-03-16 10:58 - 2018-03-16 10:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 5
2018-03-16 10:58 - 2018-03-16 10:58 - 000000000 ____D C:\Program Files (x86)\IObit
2018-03-16 10:57 - 2018-03-16 11:36 - 000000000 ____D C:\Users\Chivoblack\AppData\Roaming\IObit
2018-03-16 10:57 - 2018-03-16 10:59 - 000000000 ____D C:\ProgramData\IObit
2018-03-16 10:56 - 2018-03-16 10:57 - 019912008 _____ (IObit ) C:\Users\Chivoblack\Downloads\driver_booster_setup.exe
2018-03-16 10:53 - 2018-03-16 10:53 - 016486416 _____ (Corel Corporation) C:\Users\Chivoblack\Downloads\wzdu34.exe
2018-03-16 10:52 - 2018-03-16 10:52 - 000003784 _____ C:\WINDOWS\System32\Tasks\DriverUpdate Scan
2018-03-16 10:52 - 2018-03-16 10:52 - 000000000 ____D C:\Users\Public\Documents\Downloaded Installers
2018-03-16 10:51 - 2018-03-16 10:52 - 000999168 _____ (Slimware Utilities Holdings, Inc.) C:\Users\Chivoblack\Downloads\DriverUpdate-setup.exe
2018-03-16 10:48 - 2018-03-16 10:48 - 004587109 _____ (GoldSolution Software, Inc. ) C:\Users\Chivoblack\Downloads\DriverMagician(1).exe
2018-03-16 10:45 - 2018-03-16 10:45 - 004587109 _____ (GoldSolution Software, Inc. ) C:\Users\Chivoblack\Downloads\DriverMagician.exe
2018-03-16 10:08 - 2018-03-16 12:55 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-03-16 10:07 - 2018-03-16 10:27 - 000000000 ____D C:\ProgramData\RogueKiller
2018-03-16 10:07 - 2018-03-16 10:07 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-03-16 10:07 - 2018-03-16 10:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-03-16 10:07 - 2018-03-16 10:07 - 000000000 ____D C:\Program Files\RogueKiller
2018-03-16 10:02 - 2018-03-16 10:04 - 036485480 _____ (Adlice Software ) C:\Users\Chivoblack\Downloads\RogueKiller_setup.exe
2018-03-16 09:50 - 2018-03-16 09:50 - 000007601 _____ C:\Users\Chivoblack\AppData\Local\Resmon.ResmonCfg
2018-03-16 09:31 - 2018-03-16 09:36 - 000000000 ____D C:\Users\Chivoblack\Desktop\mbar
2018-03-16 09:31 - 2018-03-16 09:36 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-03-16 09:31 - 2018-03-16 09:31 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5771333A.sys
2018-03-16 09:31 - 2018-03-16 09:31 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-03-16 09:17 - 2018-03-16 09:17 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Chivoblack\Downloads\mbar-1.10.3.1001.exe
2018-03-16 09:07 - 2017-09-25 04:30 - 000135616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-03-16 08:45 - 2018-03-16 08:45 - 000000000 ____D C:\Program Files\Common Files\Intel
2018-03-16 08:43 - 2018-03-16 09:14 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-03-16 08:36 - 2018-03-16 08:36 - 000000000 ____D C:\Users\Chivoblack\AppData\Local\ElevatedDiagnostics
2018-03-16 08:19 - 2018-03-16 08:22 - 121088744 _____ (Microsoft Corporation) C:\Users\Chivoblack\Downloads\msert.exe
2018-03-16 08:00 - 2018-03-16 08:00 - 000380928 _____ C:\Users\Chivoblack\Downloads\f24t4ty3433.exe
2018-03-15 22:36 - 2018-03-16 13:35 - 995397495 _____ C:\WINDOWS\MEMORY.DMP
2018-03-15 22:36 - 2018-03-16 13:35 - 000000000 ____D C:\WINDOWS\Minidump
2018-03-13 20:43 - 2018-03-01 20:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-13 20:43 - 2018-03-01 19:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-13 20:43 - 2018-03-01 00:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-13 20:43 - 2018-03-01 00:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-13 20:43 - 2018-03-01 00:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-13 20:43 - 2018-03-01 00:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-13 20:43 - 2018-03-01 00:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-13 20:43 - 2018-03-01 00:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-13 20:43 - 2018-03-01 00:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-13 20:43 - 2018-03-01 00:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-13 20:43 - 2018-03-01 00:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-13 20:43 - 2018-03-01 00:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-13 20:43 - 2018-03-01 00:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-13 20:43 - 2018-03-01 00:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-13 20:43 - 2018-03-01 00:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-13 20:43 - 2018-03-01 00:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-13 20:43 - 2018-03-01 00:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-13 20:43 - 2018-03-01 00:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-13 20:43 - 2018-03-01 00:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-13 20:43 - 2018-03-01 00:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-13 20:43 - 2018-03-01 00:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-13 20:43 - 2018-03-01 00:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-13 20:43 - 2018-03-01 00:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-13 20:43 - 2018-03-01 00:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-13 20:43 - 2018-03-01 00:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-13 20:43 - 2018-03-01 00:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-13 20:43 - 2018-03-01 00:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-13 20:43 - 2018-03-01 00:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-13 20:43 - 2018-03-01 00:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-13 20:43 - 2018-03-01 00:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-13 20:43 - 2018-03-01 00:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-13 20:43 - 2018-03-01 00:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-13 20:43 - 2018-03-01 00:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-13 20:43 - 2018-03-01 00:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-13 20:43 - 2018-03-01 00:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-13 20:43 - 2018-03-01 00:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-13 20:43 - 2018-03-01 00:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-13 20:43 - 2018-03-01 00:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-13 20:43 - 2018-02-28 23:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-13 20:43 - 2018-02-28 23:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-13 20:43 - 2018-02-28 23:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-13 20:43 - 2018-02-28 23:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-13 20:43 - 2018-02-28 23:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-13 20:43 - 2018-02-28 23:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-13 20:43 - 2018-02-28 23:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-13 20:43 - 2018-02-28 23:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-13 20:43 - 2018-02-28 23:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-13 20:43 - 2018-02-28 23:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-13 20:43 - 2018-02-28 23:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-13 20:43 - 2018-02-28 23:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-13 20:43 - 2018-02-28 23:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-13 20:43 - 2018-02-28 23:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-13 20:43 - 2018-02-28 23:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-13 20:43 - 2018-02-28 23:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-13 20:43 - 2018-02-28 23:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-13 20:43 - 2018-02-28 23:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-13 20:43 - 2018-02-28 23:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-13 20:43 - 2018-02-28 23:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-13 20:43 - 2018-02-28 23:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-13 20:43 - 2018-02-28 22:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-13 20:43 - 2018-02-28 22:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-13 20:43 - 2018-02-28 22:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-13 20:43 - 2018-02-28 22:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-13 20:43 - 2018-02-28 22:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-13 20:43 - 2018-02-28 22:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-13 20:43 - 2018-02-28 22:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-13 20:43 - 2018-02-28 22:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-13 20:43 - 2018-02-28 22:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-13 20:43 - 2018-02-28 22:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-13 20:43 - 2018-02-28 22:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-13 20:43 - 2018-02-28 22:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-13 20:43 - 2018-02-28 22:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-13 20:43 - 2018-02-28 22:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-13 20:43 - 2018-02-28 22:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-13 20:43 - 2018-02-28 22:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-13 20:43 - 2018-02-28 22:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-13 20:43 - 2018-02-28 22:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-13 20:43 - 2018-02-28 22:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-13 20:43 - 2018-02-28 22:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-13 20:43 - 2018-02-28 22:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-13 20:43 - 2018-02-28 22:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-13 20:43 - 2018-02-28 22:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-13 20:43 - 2018-02-28 22:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-13 20:43 - 2018-02-28 22:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-13 20:43 - 2018-02-28 22:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-13 20:43 - 2018-02-28 22:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-13 20:43 - 2018-02-28 22:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-13 20:43 - 2018-02-28 22:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-13 20:43 - 2018-02-28 22:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-13 20:43 - 2018-02-28 22:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-13 20:43 - 2018-02-28 22:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-13 20:43 - 2018-02-28 22:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-13 20:43 - 2018-02-28 22:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-13 20:43 - 2018-02-28 22:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-13 20:43 - 2018-02-28 22:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-13 20:43 - 2018-02-28 22:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-13 20:43 - 2018-02-28 22:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-13 20:43 - 2018-02-28 22:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-13 20:43 - 2018-02-28 22:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-13 20:43 - 2018-02-28 22:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-13 20:43 - 2018-02-28 22:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-13 20:43 - 2018-02-28 22:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-13 20:43 - 2018-02-28 22:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-13 20:43 - 2018-02-28 22:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-13 20:43 - 2018-02-28 22:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-13 20:43 - 2018-02-28 22:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-13 20:43 - 2018-02-28 22:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-13 20:43 - 2018-02-28 22:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-13 20:43 - 2018-02-28 22:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-13 20:43 - 2018-02-28 22:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-13 20:43 - 2018-02-28 22:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-13 20:43 - 2018-02-28 22:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-13 20:43 - 2018-02-28 22:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-13 20:43 - 2018-02-28 22:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-13 20:43 - 2018-02-28 22:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-13 20:43 - 2018-02-28 22:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-13 20:43 - 2018-02-28 22:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-13 20:43 - 2018-02-28 22:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-13 20:43 - 2018-02-28 22:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-13 20:43 - 2018-02-21 19:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-13 20:43 - 2018-02-21 19:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-13 20:43 - 2018-02-21 19:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-13 20:43 - 2018-02-21 19:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-13 20:43 - 2018-02-21 19:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-13 20:43 - 2018-02-21 19:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-13 20:43 - 2018-02-21 19:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-13 20:43 - 2018-02-21 19:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-13 20:43 - 2018-02-21 19:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-13 20:43 - 2018-02-21 19:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-13 20:43 - 2018-02-21 19:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-13 20:43 - 2018-02-21 19:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-13 20:43 - 2018-02-21 19:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-13 20:43 - 2018-02-21 19:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-13 20:43 - 2018-02-21 19:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-13 20:43 - 2018-02-21 18:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-13 20:43 - 2018-02-21 18:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-13 20:43 - 2018-02-21 18:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-13 20:43 - 2018-02-21 18:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-13 20:43 - 2018-02-21 18:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-13 20:43 - 2018-02-21 18:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-13 20:43 - 2018-02-21 18:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-13 20:43 - 2018-02-21 17:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-13 20:43 - 2018-02-21 17:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-13 20:43 - 2018-02-21 17:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-13 20:43 - 2018-02-21 17:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-13 20:43 - 2018-02-21 17:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-13 20:43 - 2018-02-21 17:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-03-13 20:43 - 2018-02-21 17:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-13 20:43 - 2018-02-21 17:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-13 20:42 - 2018-03-01 20:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-13 20:42 - 2018-03-01 20:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-13 20:42 - 2018-03-01 20:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-13 20:42 - 2018-03-01 20:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-13 20:42 - 2018-03-01 20:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-13 20:42 - 2018-03-01 13:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-13 20:42 - 2018-03-01 00:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-13 20:42 - 2018-03-01 00:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-13 20:42 - 2018-03-01 00:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-13 20:42 - 2018-03-01 00:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-13 20:42 - 2018-03-01 00:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-13 20:42 - 2018-03-01 00:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-13 20:42 - 2018-02-28 23:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-13 20:42 - 2018-02-28 23:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-13 20:42 - 2018-02-28 23:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-13 20:42 - 2018-02-28 23:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-13 20:42 - 2018-02-28 23:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-13 20:42 - 2018-02-28 22:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-13 20:42 - 2018-02-28 22:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-13 20:42 - 2018-02-28 22:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-13 20:42 - 2018-02-28 22:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-13 20:42 - 2018-02-28 22:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-13 20:42 - 2018-02-28 22:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-13 20:42 - 2018-02-28 22:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-13 20:42 - 2018-02-28 22:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-13 20:42 - 2018-02-28 22:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-13 20:42 - 2018-02-28 22:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-13 20:42 - 2018-02-28 22:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-13 20:42 - 2018-02-28 22:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-13 20:42 - 2018-02-28 22:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-13 20:42 - 2018-02-21 19:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-13 20:42 - 2018-02-21 18:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-13 20:42 - 2018-02-21 17:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-13 20:42 - 2018-02-21 17:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-13 08:36 - 2018-03-13 08:36 - 000257123 _____ C:\Users\Chivoblack\Downloads\c1ef41_9da1a2f165a64ab29bfcfd9eca8fbd87.pdf
2018-03-12 14:05 - 2018-03-12 14:17 - 000000000 ____D C:\Users\Chivoblack\test
2018-03-10 13:42 - 2018-03-10 13:43 - 000000000 ____D C:\Users\Chivoblack\.ssh
2018-03-10 13:07 - 2018-03-10 14:34 - 000000000 ____D C:\Users\Chivoblack\code
2018-03-10 12:36 - 2018-03-12 14:10 - 000001493 _____ C:\Users\Chivoblack\.viminfo
2018-03-10 12:34 - 2018-03-10 12:34 - 000000063 _____ C:\Users\Chivoblack\.gitconfig
2018-03-10 11:58 - 2018-03-10 12:24 - 000000000 ____D C:\Users\Chivoblack\lessons_learned
2018-03-09 16:24 - 2018-03-12 14:26 - 000002345 _____ C:\Users\Chivoblack\.bash_history
2018-03-09 16:17 - 2018-03-09 16:18 - 000000000 ____D C:\Users\Chivoblack\bloc
2018-03-08 19:45 - 2018-03-08 19:45 - 000232611 _____ C:\Users\Chivoblack\Downloads\foundation-6.4.2-complete.zip
2018-03-05 15:16 - 2018-03-05 15:16 - 000693138 _____ C:\Users\Chivoblack\Downloads\97-Things-Every-Programmer-Should-Know-Extended.pdf
2018-03-05 14:16 - 2018-03-05 14:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2018-03-05 14:16 - 2018-03-05 14:16 - 000000000 ____D C:\ProgramData\Git
2018-03-05 14:16 - 2018-03-05 14:16 - 000000000 ____D C:\Program Files\Git
2018-03-05 14:13 - 2018-03-10 12:24 - 000000000 ____D C:\Users\Chivoblack\.atom
2018-03-05 14:13 - 2018-03-10 12:22 - 000002266 _____ C:\Users\Chivoblack\Desktop\Atom.lnk
2018-03-05 14:13 - 2018-03-10 12:22 - 000000000 ____D C:\Users\Chivoblack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2018-03-05 14:13 - 2018-03-10 12:22 - 000000000 ____D C:\Users\Chivoblack\AppData\Local\atom
2018-03-05 14:13 - 2018-03-10 12:19 - 000000000 ____D C:\Users\Chivoblack\AppData\Local\SquirrelTemp
2018-03-05 14:13 - 2018-03-05 14:14 - 000000000 ____D C:\Users\Chivoblack\AppData\Roaming\Atom
2018-03-05 14:09 - 2018-03-05 14:11 - 039139744 _____ (The Git Development Community ) C:\Users\Chivoblack\Downloads\Git-2.16.2-64-bit.exe
2018-03-05 14:08 - 2018-03-05 14:12 - 138624032 _____ (GitHub Inc.) C:\Users\Chivoblack\Downloads\AtomSetup-x64.exe
2018-03-05 13:12 - 2018-03-05 13:12 - 000592115 _____ C:\Users\Chivoblack\Downloads\bootstrap-4.0.0-dist.zip
2018-03-01 17:35 - 2018-03-01 17:35 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-02-26 15:35 - 2018-02-26 15:35 - 000001946 _____ C:\Users\Chivoblack\Desktop\Start Zoom.lnk
2018-02-26 15:31 - 2018-02-26 15:31 - 008102064 _____ (Microsoft Corporation) C:\Users\Chivoblack\Downloads\ZoomInstaller.exe
2018-02-26 15:31 - 2018-02-26 15:31 - 000000000 ____D C:\Users\Chivoblack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2018-02-22 14:30 - 2018-03-05 11:32 - 000001625 _____ C:\Users\Chivoblack\Desktop\html.htmal.txt
2018-02-21 12:59 - 2018-02-21 12:59 - 000133640 _____ (Zoom Video Communications, Inc.) C:\Users\Chivoblack\Downloads\Zoom_launcher (1).exe
2018-02-20 15:59 - 2018-02-20 15:59 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2018-02-20 15:42 - 2018-02-20 15:42 - 000163835 _____ C:\Users\Chivoblack\Downloads\SF_DD_32d2f183-bc0a-4215-a758-6c0e4ab28b5c.pdf
2018-02-19 14:31 - 2018-02-19 14:31 - 000000952 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VUDUToGo.lnk
2018-02-19 14:31 - 2018-02-19 14:31 - 000000940 _____ C:\Users\Public\Desktop\VUDUToGo.lnk
2018-02-19 14:31 - 2018-02-19 14:31 - 000000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2018-02-19 14:31 - 2018-02-19 14:31 - 000000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2018-02-19 14:31 - 2018-02-19 14:31 - 000000000 ____D C:\Users\Chivoblack\AppData\Roaming\Macromedia
2018-02-19 14:31 - 2018-02-19 14:31 - 000000000 ____D C:\Users\Chivoblack\AppData\Roaming\com.vudu.air.Downloader
2018-02-19 14:31 - 2018-02-19 14:31 - 000000000 ____D C:\Program Files (x86)\VUDUToGo
2018-02-19 14:30 - 2018-02-19 14:30 - 003495872 _____ C:\Users\Chivoblack\Downloads\VUDUToGo.exe
2018-02-19 14:30 - 2018-02-19 14:30 - 003495872 _____ C:\Users\Chivoblack\Downloads\VUDUToGo(1).exe
2018-02-14 01:11 - 2018-03-02 18:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-16 13:40 - 2018-01-19 10:25 - 001313542 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-16 13:36 - 2018-01-19 15:14 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-16 13:35 - 2018-01-19 10:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-16 13:35 - 2018-01-19 10:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-16 13:35 - 2018-01-18 17:29 - 000000000 __SHD C:\Users\Chivoblack\IntelGraphicsProfiles
2018-03-16 13:35 - 2017-09-30 15:18 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-16 13:27 - 2018-01-19 10:19 - 000000000 ____D C:\Users\Chivoblack
2018-03-16 13:25 - 2017-09-29 01:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-03-16 13:15 - 2018-01-18 17:35 - 000000000 ____D C:\Users\Chivoblack\AppData\LocalLow\Mozilla
2018-03-16 11:26 - 2018-01-31 09:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-16 11:26 - 2018-01-18 17:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-03-16 11:13 - 2017-09-30 15:23 - 001024848 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2018-03-16 11:13 - 2017-09-29 06:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-16 11:12 - 2017-09-30 15:16 - 000050624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2018-03-16 11:12 - 2016-09-19 03:21 - 000905736 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaStorA.sys
2018-03-16 11:11 - 2017-09-30 15:24 - 000329184 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsP2Stor.sys
2018-03-16 11:11 - 2016-09-22 23:40 - 000206496 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys
2018-03-16 10:35 - 2018-01-31 09:50 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-03-16 10:23 - 2017-03-18 14:03 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-03-16 09:31 - 2018-01-24 20:06 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-16 09:15 - 2018-01-19 10:22 - 000003260 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2018-03-16 09:15 - 2018-01-19 10:22 - 000003196 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2018-03-16 09:15 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-16 09:14 - 2017-09-30 15:23 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-03-16 09:14 - 2017-09-30 15:23 - 000000000 ____D C:\WINDOWS\system32\DAX3
2018-03-16 09:14 - 2017-09-30 15:23 - 000000000 ____D C:\WINDOWS\system32\DAX2
2018-03-16 09:08 - 2017-09-30 15:17 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-03-16 09:07 - 2017-09-30 15:15 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-03-16 08:57 - 2017-09-30 15:12 - 000000000 ____D C:\Program Files\Intel
2018-03-16 08:46 - 2017-09-30 15:14 - 000000000 ___HD C:\Intel
2018-03-16 08:46 - 2017-09-30 15:08 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-16 08:45 - 2017-09-30 15:12 - 000000000 ____D C:\ProgramData\Intel
2018-03-16 08:45 - 2017-09-30 15:12 - 000000000 ____D C:\Program Files (x86)\Intel
2018-03-16 08:26 - 2017-09-29 06:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-16 08:26 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-15 22:38 - 2018-01-19 11:41 - 000000000 ___RD C:\Users\Chivoblack\3D Objects
2018-03-15 22:38 - 2017-09-30 15:05 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-15 22:37 - 2018-01-19 10:17 - 000381984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-15 22:36 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-15 22:36 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-15 22:36 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-15 22:35 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-03-14 06:57 - 2018-01-19 16:43 - 000000000 ____D C:\Users\Chivoblack\AppData\Roaming\vlc
2018-03-14 03:33 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-13 20:47 - 2018-01-18 20:04 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-13 20:47 - 2017-09-29 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-13 20:46 - 2018-01-18 20:04 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-13 20:45 - 2018-01-18 20:04 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-13 20:44 - 2017-09-29 06:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-13 20:44 - 2017-09-29 06:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-07 17:12 - 2018-01-19 10:22 - 000003386 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1686104792-881334532-2590191495-1001
2018-03-07 17:12 - 2018-01-18 17:31 - 000002378 _____ C:\Users\Chivoblack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-07 17:12 - 2018-01-18 17:31 - 000000000 ___RD C:\Users\Chivoblack\OneDrive
2018-03-02 18:12 - 2017-09-29 06:46 - 000000000 ___RD C:\Program Files\Windows Defender
2018-03-02 14:09 - 2017-09-29 06:49 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-02 14:09 - 2017-09-29 06:49 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-02 03:14 - 2018-01-19 15:33 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-02 03:14 - 2018-01-19 15:33 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-01 17:35 - 2017-09-30 15:31 - 000000000 ____D C:\Program Files\Microsoft Office
2018-03-01 17:35 - 2017-09-29 06:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-01 17:35 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-03-01 17:19 - 2018-02-05 10:46 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-02-26 15:31 - 2018-02-12 08:00 - 000000000 ____D C:\Users\Chivoblack\AppData\Roaming\Zoom
2018-02-24 22:20 - 2018-01-26 09:10 - 000000000 ____D C:\Users\Chivoblack\AppData\Local\Arma 3 Launcher
2018-02-24 21:43 - 2018-01-26 09:10 - 000000000 ____D C:\Users\Chivoblack\AppData\Local\Arma 3
2018-02-24 02:30 - 2018-02-05 10:46 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-19 14:31 - 2018-02-05 10:46 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-02-19 14:31 - 2018-02-05 10:45 - 000000000 ____D C:\ProgramData\Adobe
2018-02-19 14:30 - 2018-02-05 10:43 - 000000000 ____D C:\Users\Chivoblack\AppData\Local\Adobe
2018-02-19 14:30 - 2018-01-18 17:29 - 000000000 ____D C:\Users\Chivoblack\AppData\Roaming\Adobe
2018-02-14 01:10 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-02-14 01:10 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\bcastdvr
 
==================== Files in the root of some directories =======
 
2018-03-16 09:50 - 2018-03-16 09:50 - 000007601 _____ () C:\Users\Chivoblack\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
2018-03-16 10:07 - 2018-02-09 23:15 - 001954048 _____ (Microsoft Corporation) C:\Users\Chivoblack\AppData\Local\Temp\dllnt_dump.dll
2018-03-16 10:52 - 2018-03-16 10:52 - 000253016 _____ (SlimWare Utilities Holdings, Inc.) C:\Users\Chivoblack\AppData\Local\Temp\scpADD7.tmp.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-03-11 20:19
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Chivoblack (16-03-2018 13:51:12)
Running from C:\Users\Chivoblack\Downloads
Windows 10 Home Version 1709 16299.309 (X64) (2018-01-19 17:24:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1686104792-881334532-2590191495-500 - Administrator - Disabled)
Chivoblack (S-1-5-21-1686104792-881334532-2590191495-1001 - Administrator - Enabled) => C:\Users\Chivoblack
DefaultAccount (S-1-5-21-1686104792-881334532-2590191495-503 - Limited - Disabled)
Guest (S-1-5-21-1686104792-881334532-2590191495-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1686104792-881334532-2590191495-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.73 - NVIDIA Corporation) Hidden
ASUS PTP Driver (HKLM-x32\...\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}) (Version: 11.0.14 - ASUS)
ATK Package (ASUS Keyboard Hotkeys) (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0056 - ASUSTeK COMPUTER INC.)
Atom (HKU\S-1-5-21-1686104792-881334532-2590191495-1001\...\atom) (Version: 1.24.1 - GitHub Inc.)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.3.8 - ICEpower a/s)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.2.7 - ASUSTek COMPUTER INC.)
Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.2.0 - IObit)
Git version 2.16.2 (HKLM\...\Git_is1) (Version: 2.16.2 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1035 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4849 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{7FADF1ED-241A-4F82-B8FD-19BD0A82FFA0}) (Version: 19.11.1639.0649 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{0e6a18a2-ea36-4041-9f69-0b2cc3f04f88}) (Version: 20.10.1 - Intel Corporation)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9029.2167 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1686104792-881334532-2590191495-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 59.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.1 (x64 en-US)) (Version: 59.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.1 - Mozilla)
NVIDIA 3D Vision Driver 385.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.73 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 385.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.73 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.29093 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8302 - Realtek Semiconductor Corp.)
ROG Gaming Center (HKLM\...\{CC182DBF-FC67-4F79-9930-6A2682E60BDD}) (Version: 2.1.3 - ASUSTeK COMPUTER INC.)
RogueKiller version 12.12.8.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.8.0 - Adlice Software)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{EC5A6438-850E-4AD1-9169-DD071C8EFFEF}) (Version: 2.10.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
VUDU To Go (HKLM-x32\...\{6E02BF8A-574B-5812-D034-59C0D8BD8CBD}) (Version: 2.3.3 - Vudu) Hidden
VUDU To Go (HKLM-x32\...\com.vudu.air.Downloader) (Version: 2.3.3 - Vudu)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22329 - Microsoft Corporation)
Windows Driver Package - ASUS (AsusPTPDrv) HIDClass  (09/23/2016 11.0.0.14) (HKLM\...\F95583A62AB902A3FC263F668380483F9E0113CD) (Version: 09/23/2016 11.0.0.14 - ASUS)
Zoom (HKU\S-1-5-21-1686104792-881334532-2590191495-1001\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b326a764554caf41\igfxDTCM.dll [2017-11-15] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-09-25] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04BD17A6-629A-49D7-9201-CA8E9C7D4F5E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-22] (Microsoft Corporation)
Task: {077654F3-4195-40C0-BCA4-31D9D3EC98EB} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2017-11-16] (Realtek Semiconductor)
Task: {11CE97A9-DA8E-4F48-B2E7-E347DEC77D28} - System32\Tasks\Driver Booster SkipUAC (Chivoblack) => C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe [2018-01-29] (IObit)
Task: {37394D2E-78E9-40A0-B91F-B6AB40003753} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {373D1148-8104-41BB-9D42-360844D2D8CC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-02] (Microsoft Corporation)
Task: {40522D8D-CCA7-42B3-8383-A9005BA7BEFB} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {54335029-B5BB-4CA4-8E99-56CB60DDDEE7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-01] (Microsoft Corporation)
Task: {560797A5-ADBC-475D-AFC8-566190BD5291} - System32\Tasks\DriverUpdate Scan => C:\Program Files\DriverUpdate\DriverUpdate.exe
Task: {5EB79365-0555-4061-8957-A75FDA3226DA} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-22] (Microsoft Corporation)
Task: {65BA8385-0A41-4B2E-8F71-9E161B8861E9} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\5.2.0\Scheduler.exe [2018-01-26] (IObit)
Task: {6BC7577B-4970-4F4A-BBFE-6D3D761A471E} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel® Corporation)
Task: {7250F999-6652-4446-86B2-B3AA3E858E04} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {741DACA6-8E2C-445B-A75F-45A80838B5C3} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2017-07-28] (ASUSTek Computer Inc.)
Task: {806ABAFF-F217-43A5-A304-56FABFC623F9} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-03] (NVIDIA Corporation)
Task: {86ADE001-C471-45BB-9984-112892C93739} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-02] (Microsoft Corporation)
Task: {88005489-BDD4-42CA-809A-2042D883FC98} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-11-16] (Realtek Semiconductor)
Task: {96FBCB6C-427B-446E-A438-23CE4F7F9C2C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-02] (Microsoft Corporation)
Task: {97C107AF-EDC4-4608-A157-3A57251E27A4} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {9AF83787-3949-4C88-904E-9DC2D200B26F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-19] (Google Inc.)
Task: {A58F35C0-743C-41EC-87F8-A7ABA792CD3B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation)
Task: {AAAFBD5C-1E69-4EA2-8F28-FF51F4CF9EED} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-01] (Microsoft Corporation)
Task: {ADBFAA66-E021-40D8-8F49-72E3D471C59A} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-03] (NVIDIA Corporation)
Task: {BB3FD94D-E6B1-40DD-A338-0E8B5F79CE32} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-02] (Microsoft Corporation)
Task: {BB647F1D-7B38-4C20-9958-32842A0E5A7C} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation)
Task: {BC9C5D10-2264-4AF5-B4BC-2FBEC5DD8ECD} - System32\Tasks\ROG Gaming Center => C:\Program Files (x86)\ASUSTeK COMPUTER INC\ROG Gaming Center\ROGGamingKey.exe [2017-05-10] (ASUSTek Computer Inc.)
Task: {C591BE9A-EEDA-4561-A84C-03B33FBD33D1} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2017-07-28] (ASUSTek Computer Inc.)
Task: {C8BC90C9-B36D-4D7F-9A9A-C68A1329F23D} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2016-11-09] (ASUSTek COMPUTER INC.)
Task: {D970A3E6-4C43-4A8A-AB29-CB88AE87097E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {DFEDEDEE-66A9-4F36-A5C4-DB1811FB5524} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-19] (Google Inc.)
Task: {FF2D091C-F87C-4360-A14B-79AD033A9E41} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-22] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-01-24 20:06 - 2017-11-29 10:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-13 20:43 - 2018-02-21 17:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-13 20:43 - 2018-02-21 17:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-16 08:24 - 2018-03-16 08:25 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-16 08:24 - 2018-03-16 08:25 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-16 08:24 - 2018-03-16 08:25 - 022044160 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-16 08:24 - 2018-03-16 08:25 - 002559488 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\skypert.dll
2018-03-16 08:24 - 2018-03-16 08:24 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-03-02 03:14 - 2018-02-21 20:57 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libglesv2.dll
2018-03-02 03:14 - 2018-02-21 20:57 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libegl.dll
2018-01-19 15:17 - 2017-11-28 22:09 - 000781088 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2018-01-19 15:17 - 2017-12-15 12:59 - 002558752 _____ () C:\Program Files (x86)\Steam\video.dll
2018-01-19 15:17 - 2016-08-31 18:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2018-01-19 15:17 - 2017-11-03 18:54 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2018-01-19 15:17 - 2017-11-03 18:54 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2018-01-19 15:17 - 2017-11-03 18:54 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2018-01-19 15:17 - 2017-11-03 18:54 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2018-01-19 15:17 - 2016-08-31 18:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2018-01-19 15:17 - 2017-11-03 18:54 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2018-01-19 15:17 - 2016-08-31 18:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2018-01-19 15:17 - 2017-12-15 12:59 - 000904992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2018-01-19 15:17 - 2016-07-04 15:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2018-01-19 15:19 - 2017-09-06 19:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2018-01-19 15:19 - 2017-10-30 21:44 - 071471904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2018-01-19 15:17 - 2015-09-24 16:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2016-10-05 21:17 - 2016-10-05 21:17 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-18 14:03 - 2017-03-18 14:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1686104792-881334532-2590191495-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Chivoblack\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{209A91A1-1856-4965-A013-BCC65818359C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D1671956-CD48-451B-94C3-5830A4EF1C6E}] => (Allow) C:\Program Files (x86)\ASUSTeK COMPUTER INC\ROG Gaming Center\ROGGCAndroidService.exe
FirewallRules: [{D45197DE-ABDC-47CF-8698-CFC2A00B45E7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CC176941-AF1D-4322-9C38-5EEFBF98F936}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2EE1CA0B-5125-42C6-8E6A-7210020549D7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{4E798E55-12A0-4312-B781-622E59BF2A4D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D8079AE8-8F07-4364-8D0F-E2FA366DF979}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7E047F88-CB48-407A-BD8D-0CBE89201144}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E7C6ACD0-B222-428A-9C73-4C6E653B5093}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{15620C9F-8F52-42E8-8F3F-7E3118326DE8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3FB7F962-7080-4E4C-A5A3-B0FE21ABB2C8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{23CAB328-3434-4F8A-9D25-1DA51F295D33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\IL 2 Sturmovik 1946\il2fb.exe
FirewallRules: [{0D4467DE-4DED-4EBA-8893-5670E89A89C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\IL 2 Sturmovik 1946\il2fb.exe
FirewallRules: [{4F7FF324-4015-4043-9B21-453702B42092}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{201014E2-947E-4B2B-B31A-3934133D8BE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [TCP Query User{0557477E-51EF-40C3-B6AE-04F98729D591}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [UDP Query User{F73B755D-7D98-4405-A18F-608DD085B8DF}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [{3A88F801-35EA-458E-948F-1F709CED9943}] => (Block) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [{656A85C9-EC99-4F14-BA72-6A6A8C0BC2B5}] => (Block) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [{E2F52E25-F92B-4004-8BD5-CE41336FB2C1}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{0F786791-EC54-4E49-8AC0-089B50C766AB}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [TCP Query User{0018EABA-9E0F-4E19-B11E-FC58085F5DD9}D:\steamlibrary\steamapps\common\arma 3\arma3_x64.exe] => (Allow) D:\steamlibrary\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [UDP Query User{A0E6B882-8BE2-4FCE-9E71-6F2F07F34E7D}D:\steamlibrary\steamapps\common\arma 3\arma3_x64.exe] => (Allow) D:\steamlibrary\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [{C1E01C50-C067-4488-97A3-3D3E3EE81D4A}] => (Block) D:\steamlibrary\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [{1BBB5F4F-CEFD-4D55-BB72-9BA1DC821F75}] => (Block) D:\steamlibrary\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [TCP Query User{D255C0B5-AF05-4278-BBA9-A1D6EEDB3923}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D9485330-E589-4AAA-829D-780B9C20F0C5}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{8DA484ED-F2B1-4FFD-9F4A-0A36A93E05D6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{2D434DEF-2995-4DD0-8458-15F30C1828A7}] => (Allow) C:\Users\Chivoblack\AppData\Roaming\Zoom\bin\Zoom.exe
FirewallRules: [{0118F211-BCF7-43F2-92CA-0F721A5B778C}] => (Allow) C:\Users\Chivoblack\AppData\Roaming\Zoom\bin\airhost.exe
FirewallRules: [{777FFFF3-32F9-4E0F-902A-CBC4B988B0A4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{12541580-1947-4808-83F9-DDD91ED4DC3C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{ED08C9DC-1C17-49AC-B870-7D31863D17FE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{BB315EF9-B279-42BF-90DE-F38BB9A9821A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{7E6F3C55-999E-45F4-9D33-2692F43F32C3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{3007D567-932E-4255-AA9B-7CE988D71368}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{FD3CB68E-DF98-4A08-90C2-5B51B4801DA7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{4DE3BAFE-FFCE-40B3-B354-3BF5FE3D19AC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{266992A8-30BF-42EA-9271-96A05BB5B77B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{79C67E14-E4B1-4622-80B5-3E57E0AEC88B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{EDBD4FCD-3CB8-4FFA-9617-CED558C97060}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{17839CF8-8393-41AC-B269-BE86CBF83DBD}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{C9106E69-17DD-4AB3-A8E8-57C0C5278AD4}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe
FirewallRules: [{779F4DE4-7106-4992-A3FC-98ADACEC8A7C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe
FirewallRules: [{20ED07FC-8158-4DC7-B7D7-DF2B64F6C583}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DBDownloader.exe
FirewallRules: [{7F742396-26CE-4C46-9965-EF5FAF7AC182}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DBDownloader.exe
FirewallRules: [{3DC04F0E-A3A4-4455-BE81-8B9C1203C285}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\AutoUpdate.exe
FirewallRules: [{3FA9843F-E827-4376-AF61-C312C9A0713C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\AutoUpdate.exe
 
==================== Restore Points =========================
 
16-03-2018 11:09:54 Driver Booster : Intel® 100 Series/C230 Chipset Family SATA AHCI Controller
16-03-2018 11:18:34 Removed DriverUpdate
16-03-2018 11:19:31 Removed SlimCleaner Plus
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/16/2018 11:19:54 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: LAPTOP-NSNU8E5M)
Description: Application or service 'SlimWare Utility Service Launcher' could not be restarted.
 
Error: (03/16/2018 11:18:41 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: LAPTOP-NSNU8E5M)
Description: Application or service 'SlimWare Services' could not be restarted.
 
Error: (03/16/2018 09:43:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: x4hb0h9g.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Faulting module name: x4hb0h9g.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Exception code: 0xc0000005
Fault offset: 0x0001d061
Faulting process id: 0x1f64
Faulting application start time: 0x01d3bd44fffbde96
Faulting application path: C:\Users\Chivoblack\Downloads\x4hb0h9g.exe
Faulting module path: C:\Users\Chivoblack\Downloads\x4hb0h9g.exe
Report Id: 24bb263e-a974-4cbc-a458-7b3e201d55e4
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/16/2018 08:08:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: x4hb0h9g.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Faulting module name: x4hb0h9g.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Exception code: 0xc0000005
Fault offset: 0x0001d061
Faulting process id: 0x218c
Faulting application start time: 0x01d3bd378844d104
Faulting application path: C:\Users\Chivoblack\Downloads\x4hb0h9g.exe
Faulting module path: C:\Users\Chivoblack\Downloads\x4hb0h9g.exe
Report Id: bf41a3cd-ff3f-4c6e-99e1-9f2902767f37
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/15/2018 11:13:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.16299.248, time stamp: 0x7a3355c2
Faulting module name: ICEsoundAPO64.dll, version: 1.0.0.28, time stamp: 0x58822fc8
Exception code: 0xc0000409
Fault offset: 0x000000000004354c
Faulting process id: 0x1598
Faulting application start time: 0x01d3bcec1f95f372
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\system32\ICEsoundAPO64.dll
Report Id: d6bfbc36-b1c6-4823-8b3d-46cf12f72d88
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/15/2018 11:13:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.16299.248, time stamp: 0x7a3355c2
Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0xeffc9126
Exception code: 0xc0000005
Fault offset: 0x00000000000a38ed
Faulting process id: 0x1598
Faulting application start time: 0x01d3bcec1f95f372
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: d4aa4f01-a008-4ec6-9a17-d0a58310e003
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/15/2018 11:13:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.16299.248, time stamp: 0x7a3355c2
Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0xeffc9126
Exception code: 0xc0000005
Fault offset: 0x00000000000a38ed
Faulting process id: 0x1598
Faulting application start time: 0x01d3bcec1f95f372
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 7ce88828-7736-4236-bb4f-5f56b90e38bf
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/15/2018 07:38:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.16299.248, time stamp: 0x7a3355c2
Faulting module name: ICEsoundAPO64.dll, version: 1.0.0.28, time stamp: 0x58822fc8
Exception code: 0xc0000409
Fault offset: 0x000000000004354c
Faulting process id: 0x40d0
Faulting application start time: 0x01d3bccb25c2bf3a
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\system32\ICEsoundAPO64.dll
Report Id: 5eb0f321-5415-4a7f-ab12-f2c950264452
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (03/16/2018 01:50:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/16/2018 01:45:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/16/2018 01:36:05 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-NSNU8E5M)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user LAPTOP-NSNU8E5M\Chivoblack SID (S-1-5-21-1686104792-881334532-2590191495-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/16/2018 01:35:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/16/2018 01:35:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/16/2018 01:35:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/16/2018 01:35:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/16/2018 01:35:13 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000d1 (0xffffa300755e9010, 0x00000000000000ff, 0x0000000000000000, 0xfffff800d0bd8bc8). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 6daafb64-ebe4-44c7-a01e-02f9008b87ab.
 
 
Windows Defender:
===================================
Date: 2018-02-04 03:18:02.997
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9850EE12-3C4F-4F71-8C82-90E6237DF426}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-03-16 13:25:42.015
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2018-01-31 15:19:40.325
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.261.584.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2018-01-31 15:19:40.324
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.261.584.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2018-01-31 15:19:40.323
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.261.584.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2018-01-30 09:14:46.463
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.261.441.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14500.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 
 
CodeIntegrity:
===================================
 
Date: 2018-01-25 08:39:41.470
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-01-25 08:39:40.823
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-01-25 08:39:33.398
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-01-25 08:39:33.280
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 20%
Total physical RAM: 16268.82 MB
Available physical RAM: 12955.29 MB
Total Virtual: 18700.82 MB
Available Virtual: 15455.09 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:118.19 GB) (Free:37.43 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:903.22 GB) NTFS
 
\\?\Volume{32b3a31a-035a-4265-95f7-17d429850821}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.23 GB) FAT32
\\?\Volume{9e14910f-1d89-4029-bbbd-929e198ce335}\ (RECOVERY) (Fixed) (Total:0.78 GB) (Free:0.4 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: F4696ED0)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 1142137E)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


Edited by crisgp, 16 March 2018 - 04:17 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:41 PM

Posted 17 March 2018 - 10:05 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {560797A5-ADBC-475D-AFC8-566190BD5291} - System32\Tasks\DriverUpdate Scan => C:\Program Files\DriverUpdate\DriverUpdate.exe
C:\Windows\System32\Tasks\DriverUpdate Scan
C:\Program Files\DriverUpdate
2018-03-16 10:07 - 2018-02-09 23:15 - 001954048 _____ (Microsoft Corporation) C:\Users\Chivoblack\AppData\Local\Temp\dllnt_dump.dll
2018-03-16 10:52 - 2018-03-16 10:52 - 000253016 _____ (SlimWare Utilities Holdings, Inc.) C:\Users\Chivoblack\AppData\Local\Temp\scpADD7.tmp.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Will also check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • ===

    Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
    • Click the "Scan" button to start scan.
    • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
    • Please paste the contents of that log in your next reply.
    There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
    ===

    Wait for further instructions.


#3 crisgp

crisgp
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 17 March 2018 - 03:23 PM

Hi nasdaq. Thanks for your help. Here are the logs for FRST, Rogue and TDS. When I try running aswMBR a window pops up asking if I want to use virtualization technology. If I click yes it crashes to blue screen with the message page fault in nonpaged area What failed: aswVmm.sys. I haven't tried clicking no.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Chivoblack (17-03-2018 12:28:46) Run:1
Running from C:\Users\Chivoblack\Downloads
Loaded Profiles: Chivoblack (Available Profiles: Chivoblack)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {560797A5-ADBC-475D-AFC8-566190BD5291} - System32\Tasks\DriverUpdate Scan => C:\Program Files\DriverUpdate\DriverUpdate.exe
C:\Windows\System32\Tasks\DriverUpdate Scan
C:\Program Files\DriverUpdate
2018-03-16 10:07 - 2018-02-09 23:15 - 001954048 _____ (Microsoft Corporation) C:\Users\Chivoblack\AppData\Local\Temp\dllnt_dump.dll
2018-03-16 10:52 - 2018-03-16 10:52 - 000253016 _____ (SlimWare Utilities Holdings, Inc.) C:\Users\Chivoblack\AppData\Local\Temp\scpADD7.tmp.exe
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{560797A5-ADBC-475D-AFC8-566190BD5291}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{560797A5-ADBC-475D-AFC8-566190BD5291}" => removed successfully
C:\WINDOWS\System32\Tasks\DriverUpdate Scan => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverUpdate Scan" => removed successfully
"C:\Windows\System32\Tasks\DriverUpdate Scan" => not found
"C:\Program Files\DriverUpdate" => not found
C:\Users\Chivoblack\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\Chivoblack\AppData\Local\Temp\scpADD7.tmp.exe => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25362010 B
Java, Flash, Steam htmlcache => 346677783 B
Windows/system/drivers => 225800368 B
Edge => 1033642 B
Chrome => 305785908 B
Firefox => 412680861 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 484330 B
Chivoblack => 56734415 B
 
RecycleBin => 56716 B
EmptyTemp: => 1.3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 12:29:13 ====
 
 
 
RogueKiller V12.12.8.0 (x64) [Mar 12 2018] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : Chivoblack [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 03/17/2018 12:32:23 (Duration : 00:15:07)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 1 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0118F211-BCF7-43F2-92CA-0F721A5B778C} : v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Chivoblack\AppData\Roaming\Zoom\bin\airhost.exe|Name=Airhost service for Zoom Video Meetings|Desc=Allow network traffic for Zoom Video Conference|EmbedCtxt=Zoom Video Conference| [x] -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SanDisk SD8SN8U128G1002 +++++
--- User ---
[MBR] af7f19fad3101fef2716721e80ee1886
[BSP] 93b8110f81582b119b908340c0cf6342 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 121027 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 248430592 | Size: 800 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: TOSHIBA MQ01ABD100 +++++
--- User ---
[MBR] e4bafa833de78012a2198738724d1d29
[BSP] 326986b2424ae57b9ce7d0d86e066701 : Empty MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 953868 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
 
 
13:01:19.0113 11344  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:01:19.0113 11344  UEFI system
13:01:20.0082 11344  ============================================================
13:01:20.0082 11344  Current date / time: 2018/03/17 13:01:20.0082
13:01:20.0082 11344  SystemInfo:
13:01:20.0082 11344  
13:01:20.0082 11344  OS Version: 6.2.9200 ServicePack: 0.0
13:01:20.0082 11344  Product type: Workstation
13:01:20.0082 11344  ComputerName: LAPTOP-NSNU8E5M
13:01:20.0082 11344  UserName: Chivoblack
13:01:20.0082 11344  Windows directory: C:\WINDOWS
13:01:20.0082 11344  System windows directory: C:\WINDOWS
13:01:20.0082 11344  Running under WOW64
13:01:20.0082 11344  Processor architecture: Intel x64
13:01:20.0082 11344  Number of processors: 8
13:01:20.0082 11344  Page size: 0x1000
13:01:20.0082 11344  Boot type: Normal boot
13:01:20.0082 11344  ============================================================
13:01:20.0285 11344  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:01:20.0582 11344  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:01:20.0582 11344  ============================================================
13:01:20.0582 11344  \Device\Harddisk0\DR0:
13:01:20.0582 11344  GPT partitions:
13:01:20.0582 11344  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {32B3A31A-035A-4265-95F7-17D429850821}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x82000
13:01:20.0582 11344  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {EBB3A49B-FB19-4465-99D6-28D589D65EFA}, Name: Microsoft reserved partition, StartLBA 0x82800, BlocksNum 0x8000
13:01:20.0582 11344  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {7D4F859A-CDBF-41A2-A9DF-454D80ADA86D}, Name: Basic data partition, StartLBA 0x8A800, BlocksNum 0xEC61800
13:01:20.0582 11344  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {9E14910F-1D89-4029-BBBD-929E198CE335}, Name: Basic data partition, StartLBA 0xECEC000, BlocksNum 0x190000
13:01:20.0582 11344  MBR partitions:
13:01:20.0582 11344  \Device\Harddisk1\DR1:
13:01:20.0582 11344  GPT partitions:
13:01:20.0598 11344  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {3D610EB9-3293-4B99-B3AF-44D2975C7944}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x74706000
13:01:20.0598 11344  MBR partitions:
13:01:20.0598 11344  ============================================================
13:01:20.0598 11344  C: <-> \Device\Harddisk0\DR0\Partition3
13:01:20.0613 11344  D: <-> \Device\Harddisk1\DR1\Partition1
13:01:20.0613 11344  ============================================================
13:01:20.0613 11344  Initialize success
13:01:20.0613 11344  ============================================================
13:01:38.0801 3352  ============================================================
13:01:38.0801 3352  Scan started
13:01:38.0801 3352  Mode: Manual; 
13:01:38.0801 3352  ============================================================
13:01:39.0059 3352  ================ Scan system memory ========================
13:01:39.0059 3352  System memory - ok
13:01:39.0059 3352  ================ Scan services =============================
13:01:39.0090 3352  [ 08312DEEF0D3F8647AA53AD90A69094E ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
13:01:39.0106 3352  1394ohci - ok
13:01:39.0106 3352  [ 645009E711BBF117CCEE917A03FB0CDD ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
13:01:39.0106 3352  3ware - ok
13:01:39.0106 3352  ACPI - ok
13:01:39.0106 3352  [ 44EA35A4B397898A83BF1B9B4B8DAE35 ] AcpiDev         C:\WINDOWS\System32\drivers\AcpiDev.sys
13:01:39.0106 3352  AcpiDev - ok
13:01:39.0106 3352  [ 91D113A1532B8AB1E25B7DE5AB3C2F83 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
13:01:39.0106 3352  acpiex - ok
13:01:39.0121 3352  [ 620BB2682BA625DF037072D89F44F6EE ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
13:01:39.0121 3352  acpipagr - ok
13:01:39.0121 3352  [ B9805A3C479390CEAEA5AEF5E4A90A2E ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
13:01:39.0121 3352  AcpiPmi - ok
13:01:39.0121 3352  [ ABD4EB55C661143B015BD0B9B47B235C ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
13:01:39.0121 3352  acpitime - ok
13:01:39.0121 3352  [ CA805DA983594B01F3554464B2E5158F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:01:39.0121 3352  AdobeARMservice - ok
13:01:39.0137 3352  [ 8C58BD711FAD5F11E8CFDBC5CED973A5 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
13:01:39.0153 3352  ADP80XX - ok
13:01:39.0153 3352  AFD - ok
13:01:39.0153 3352  [ 56166D110D3ECFFC595E5FA02D9BA491 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
13:01:39.0153 3352  ahcache - ok
13:01:39.0153 3352  [ 84FFB4AC2BA923364DF13F73751E05D1 ] AJRouter        C:\WINDOWS\System32\AJRouter.dll
13:01:39.0153 3352  AJRouter - ok
13:01:39.0168 3352  [ 084101AB03969D8ED00D5FFBE5F4C3DF ] ALG             C:\WINDOWS\System32\alg.exe
13:01:39.0168 3352  ALG - ok
13:01:39.0168 3352  [ 62619E31AFF88F906A7E793AC4A9FF51 ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
13:01:39.0168 3352  AmdK8 - ok
13:01:39.0168 3352  [ 735142DD039BEB35632765C41FC6E397 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
13:01:39.0168 3352  AmdPPM - ok
13:01:39.0184 3352  [ F1C16AABA27E9E153AEC7BD2AB853F30 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
13:01:39.0184 3352  amdsata - ok
13:01:39.0184 3352  [ C834D0F1ECB8473E9E6D18EE1BCEECB2 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
13:01:39.0184 3352  amdsbs - ok
13:01:39.0184 3352  [ 49203D2FFE30CBB36BE66A0E70F3D954 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
13:01:39.0184 3352  amdxata - ok
13:01:39.0184 3352  [ 3692C75C47285D388C886D162F54C430 ] AppID           C:\WINDOWS\system32\drivers\appid.sys
13:01:39.0184 3352  AppID - ok
13:01:39.0199 3352  [ A78F24AF599EA536C6028D80E4037664 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
13:01:39.0199 3352  AppIDSvc - ok
13:01:39.0199 3352  Appinfo - ok
13:01:39.0199 3352  [ 1E085E2302D568F0CE041732B3E887B0 ] applockerfltr   C:\WINDOWS\system32\drivers\applockerfltr.sys
13:01:39.0215 3352  applockerfltr - ok
13:01:39.0215 3352  [ 1D123729F547EEDFBE3F510346848C38 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
13:01:39.0215 3352  AppReadiness - ok
13:01:39.0215 3352  AppXSvc - ok
13:01:39.0231 3352  [ B42C83DE28776B80DBA1310C56DD4F74 ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
13:01:39.0231 3352  arcsas - ok
13:01:39.0231 3352  [ 32B51FB3E0877DCD0F4AE2B1D10D37FE ] AsHidService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
13:01:39.0231 3352  AsHidService - ok
13:01:39.0231 3352  [ EF68096DA9EC90D41AFED7CE63B70CAE ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
13:01:39.0231 3352  ASLDRService - ok
13:01:39.0231 3352  [ 1E4A5E33D193A40EE6160169B24984F4 ] AsusPTPDrv      C:\WINDOWS\System32\drivers\AsusPTPFilter.sys
13:01:39.0246 3352  AsusPTPDrv - ok
13:01:39.0246 3352  [ C2151380227CD1F7DDA2401C1F151367 ] AsyncMac        C:\WINDOWS\System32\drivers\asyncmac.sys
13:01:39.0246 3352  AsyncMac - ok
13:01:39.0246 3352  [ 6191B9B2EE0E8CB957C683B9B341CC86 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
13:01:39.0246 3352  atapi - ok
13:01:39.0262 3352  [ 0E717D7FED23731863EC44B4031DC268 ] ATKWMIACPIIO    C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
13:01:39.0262 3352  ATKWMIACPIIO - ok
13:01:39.0262 3352  AudioEndpointBuilder - ok
13:01:39.0262 3352  Audiosrv - ok
13:01:39.0262 3352  [ 947FF5992E26AFD4CAA34506678B70BC ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
13:01:39.0262 3352  AxInstSV - ok
13:01:39.0278 3352  [ A921805C1ED3253DF48FCA4D724173EB ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
13:01:39.0278 3352  b06bdrv - ok
13:01:39.0278 3352  bam - ok
13:01:39.0278 3352  [ 2A7267AA15E508F6D05A5B562F1FD1CE ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
13:01:39.0278 3352  BasicDisplay - ok
13:01:39.0278 3352  BasicRender - ok
13:01:39.0293 3352  [ 739D089777D2B66DBE7201E5EA4BA2D7 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
13:01:39.0293 3352  bcmfn2 - ok
13:01:39.0293 3352  [ 72963E0676003016B431306A6F4951BF ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
13:01:39.0293 3352  BDESVC - ok
13:01:39.0293 3352  [ EDDAA3A563E7EB71C991FE91249C7D81 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
13:01:39.0309 3352  Beep - ok
13:01:39.0356 3352  [ 51CFE772834DA428523CC9E8363EEB92 ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
13:01:39.0387 3352  BEService - ok
13:01:39.0387 3352  [ 86CAB4060251D418B6449D6CBCC852A6 ] BFE             C:\WINDOWS\System32\bfe.dll
13:01:39.0403 3352  BFE - ok
13:01:39.0403 3352  [ E223918B4E0B28CF7BE132C30D1E161A ] BITS            C:\WINDOWS\System32\qmgr.dll
13:01:39.0418 3352  BITS - ok
13:01:39.0418 3352  [ D030A1203680D66716F4E74053468627 ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
13:01:39.0418 3352  bowser - ok
13:01:39.0418 3352  BrokerInfrastructure - ok
13:01:39.0418 3352  [ A4863B7B1F0DB513D6E34547BACC211A ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
13:01:39.0434 3352  BthAvrcpTg - ok
13:01:39.0434 3352  [ 82BD96D56574231AD0E9BBF293EA2E7F ] BthEnum         C:\WINDOWS\System32\drivers\BthEnum.sys
13:01:39.0434 3352  BthEnum - ok
13:01:39.0434 3352  [ 9C9EE272C11252C651C5DE6A1AC1EDAA ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
13:01:39.0449 3352  BthHFEnum - ok
13:01:39.0449 3352  [ 69734E386826ED857C889330F35B4D9C ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
13:01:39.0449 3352  bthhfhid - ok
13:01:39.0449 3352  [ BC58294295CBAD6637A526470305B5EA ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
13:01:39.0449 3352  BthHFSrv - ok
13:01:39.0449 3352  [ 338B8D45C7DFB03DB7957188E16C9661 ] bthl2cap        C:\WINDOWS\system32\DRIVERS\bthl2cap.sys
13:01:39.0449 3352  bthl2cap - ok
13:01:39.0465 3352  [ 47BF82E2A6D11279C8501E08518AB835 ] BthLEEnum       C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
13:01:39.0465 3352  BthLEEnum - ok
13:01:39.0465 3352  [ A94AFAEA86F5F792BB4ECA095B231464 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
13:01:39.0465 3352  BTHMODEM - ok
13:01:39.0465 3352  [ 4F58D8C265FFA943878CF7F922432847 ] BthPan          C:\WINDOWS\System32\drivers\bthpan.sys
13:01:39.0465 3352  BthPan - ok
13:01:39.0465 3352  BTHPORT - ok
13:01:39.0481 3352  [ 572BCA61B7E026E057AF7DF456AC7E0B ] bthserv         C:\WINDOWS\system32\bthserv.dll
13:01:39.0481 3352  bthserv - ok
13:01:39.0481 3352  [ 55C836530A9602255BFB4F5D9DA2B737 ] BTHUSB          C:\WINDOWS\System32\drivers\BTHUSB.sys
13:01:39.0481 3352  BTHUSB - ok
13:01:39.0481 3352  [ 39E7437FC59CDD7A303ABD514E462E8B ] bttflt          C:\WINDOWS\system32\drivers\bttflt.sys
13:01:39.0481 3352  bttflt - ok
13:01:39.0481 3352  [ 522888590B0C19BC8128119060AE7901 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
13:01:39.0481 3352  buttonconverter - ok
13:01:39.0496 3352  [ 2AB01CE5E233A6FBA3E91BD57772AA4B ] CAD             C:\WINDOWS\System32\drivers\CAD.sys
13:01:39.0496 3352  CAD - ok
13:01:39.0496 3352  [ E2C8EE32C053892E685A989071AAE333 ] camsvc          C:\WINDOWS\system32\CapabilityAccessManager.dll
13:01:39.0496 3352  camsvc - ok
13:01:39.0496 3352  [ F6F97879F53AD57194C6BC8272FD73EA ] CapImg          C:\WINDOWS\System32\drivers\capimg.sys
13:01:39.0496 3352  CapImg - ok
13:01:39.0496 3352  [ 9E82A95D77AC78C84BA75FF896B060BF ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
13:01:39.0512 3352  cdfs - ok
13:01:39.0512 3352  [ 147CEBE0C5F7A80135C54715521AD9E1 ] CDPSvc          C:\WINDOWS\System32\CDPSvc.dll
13:01:39.0512 3352  CDPSvc - ok
13:01:39.0512 3352  CDPUserSvc - ok
13:01:39.0528 3352  [ 6D83565C1652E80447EDEA6947FA89D7 ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
13:01:39.0528 3352  cdrom - ok
13:01:39.0528 3352  [ 200A5398C0E7E78DBDF6C0D9E811F366 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
13:01:39.0528 3352  CertPropSvc - ok
13:01:39.0528 3352  [ D81954CE5E016FD716EDDB2B2FD9BA58 ] cht4iscsi       C:\WINDOWS\system32\drivers\cht4sx64.sys
13:01:39.0543 3352  cht4iscsi - ok
13:01:39.0559 3352  [ F9A8570805807FFD66488F0A858E1308 ] cht4vbd         C:\WINDOWS\System32\drivers\cht4vx64.sys
13:01:39.0559 3352  cht4vbd - ok
13:01:39.0559 3352  [ 9798D58461706930190F1F2F6BF21D80 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
13:01:39.0559 3352  circlass - ok
13:01:39.0559 3352  CldFlt - ok
13:01:39.0559 3352  CLFS - ok
13:01:39.0637 3352  [ E746E97335BEFC7AB47CCAFEAD3491C7 ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
13:01:39.0653 3352  ClickToRunSvc - ok
13:01:39.0653 3352  ClipSVC - ok
13:01:39.0668 3352  [ 2BA3BA38B5A6A667B0EAEC477276707B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
13:01:39.0668 3352  CmBatt - ok
13:01:39.0668 3352  CNG - ok
13:01:39.0668 3352  [ C65AF00EF12A1755E7CA370B0C71935D ] cnghwassist     C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
13:01:39.0668 3352  cnghwassist - ok
13:01:39.0684 3352  [ A50300498D56B2448F3593D25478D508 ] CompositeBus    C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_9c1fb8f4db31c348\CompositeBus.sys
13:01:39.0684 3352  CompositeBus - ok
13:01:39.0684 3352  COMSysApp - ok
13:01:39.0700 3352  [ 65602B0DB49199647FECB2D1212147BE ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
13:01:39.0700 3352  condrv - ok
13:01:39.0700 3352  CoreMessagingRegistrar - ok
13:01:39.0715 3352  [ 11D1CE9F0FF70784139738F006AC6E02 ] cphs            C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b326a764554caf41\IntelCpHeciSvc.exe
13:01:39.0715 3352  cphs - ok
13:01:39.0715 3352  [ 2CBD6218D97DB576C352B31124F0A5E7 ] cplspcon        C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b326a764554caf41\IntelCpHDCPSvc.exe
13:01:39.0715 3352  cplspcon - ok
13:01:39.0731 3352  [ D64EF74FC6DA47EC2E460076F299E77D ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
13:01:39.0731 3352  CryptSvc - ok
13:01:39.0731 3352  [ 72BE43ABD786E86AAE7EA2193201E100 ] dam             C:\WINDOWS\system32\drivers\dam.sys
13:01:39.0731 3352  dam - ok
13:01:39.0747 3352  [ 79BDBB684629A526CCD958F06B9D6FAD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
13:01:39.0747 3352  DcomLaunch - ok
13:01:39.0762 3352  [ F7FB921F438C3566CEC55657EA4E7D9C ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
13:01:39.0762 3352  defragsvc - ok
13:01:39.0762 3352  [ B5F9123D6537856EA698386ABA27A232 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
13:01:39.0762 3352  DeviceAssociationService - ok
13:01:39.0778 3352  [ 64A80A746FC460126FA4124AA2D93848 ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
13:01:39.0778 3352  DeviceInstall - ok
13:01:39.0778 3352  [ A19F51A044B62C994144ED87A7A5A887 ] DevicesFlowUserSvc C:\WINDOWS\System32\DevicesFlowBroker.dll
13:01:39.0778 3352  DevicesFlowUserSvc - ok
13:01:39.0793 3352  [ 0D2A4CA81D1F7B5E5FBFE1E4F60246B8 ] DevQueryBroker  C:\WINDOWS\system32\DevQueryBroker.dll
13:01:39.0793 3352  DevQueryBroker - ok
13:01:39.0793 3352  [ 9910E9CFF5ECDCB225F82E72CE9DE459 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
13:01:39.0793 3352  Dfsc - ok
13:01:39.0793 3352  [ 309F4FBA6AC2CA70663C99690AE900C2 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
13:01:39.0809 3352  Dhcp - ok
13:01:39.0809 3352  [ 8C46ADC4354DDE94CA459CB4BA822073 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
13:01:39.0809 3352  diagnosticshub.standardcollector.service - ok
13:01:39.0809 3352  [ E2BF09B816393AF73EDCB8ECF9BBDB2D ] diagsvc         C:\WINDOWS\system32\DiagSvc.dll
13:01:39.0809 3352  diagsvc - ok
13:01:39.0825 3352  DiagTrack - ok
13:01:39.0825 3352  [ 811173C821171BB910219E53C7FD97AD ] Disk            C:\WINDOWS\system32\drivers\disk.sys
13:01:39.0825 3352  Disk - ok
13:01:39.0825 3352  [ 133E5277C2A50770EADFAC4AF2232D69 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
13:01:39.0840 3352  DmEnrollmentSvc - ok
13:01:39.0840 3352  [ 569FE16775E15A49DC904DE20BF8CAA0 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
13:01:39.0840 3352  dmvsc - ok
13:01:39.0840 3352  [ 10E72E3315305461D3F0C7560AE98CA5 ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
13:01:39.0840 3352  dmwappushservice - ok
13:01:39.0840 3352  Dnscache - ok
13:01:39.0856 3352  [ 24F0CF56DF2725291937B32597BA8D51 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
13:01:39.0856 3352  dot3svc - ok
13:01:39.0856 3352  [ 6D8971C942FEE43A0AB6B3192534AFB4 ] DPS             C:\WINDOWS\system32\dps.dll
13:01:39.0856 3352  DPS - ok
13:01:39.0856 3352  [ F4800922F4ABA619585CE320A72E6389 ] drmkaud         C:\WINDOWS\System32\drivers\drmkaud.sys
13:01:39.0856 3352  drmkaud - ok
13:01:39.0871 3352  [ BB73FD1329739982C2915AB827A01362 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
13:01:39.0871 3352  DsmSvc - ok
13:01:39.0871 3352  [ C7DC50CC0C6B0948A0C040622FCD70EA ] DsSvc           C:\WINDOWS\System32\DsSvc.dll
13:01:39.0871 3352  DsSvc - ok
13:01:39.0871 3352  DusmSvc - ok
13:01:39.0871 3352  DXGKrnl - ok
13:01:39.0887 3352  [ FA94398748930D840FE35A44F1D225A7 ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
13:01:39.0887 3352  Eaphost - ok
13:01:39.0918 3352  [ C99D40C97841E0A7F0F90B8629593A97 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
13:01:39.0918 3352  ebdrv - ok
13:01:39.0934 3352  [ 94E06D509D50807774F35BEE3163E806 ] EFS             C:\WINDOWS\System32\lsass.exe
13:01:39.0934 3352  EFS - ok
13:01:39.0934 3352  [ 260BBD6B1ED06298E509B452354EDB91 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
13:01:39.0934 3352  EhStorClass - ok
13:01:39.0934 3352  [ F3BEBDC1B9DBA32F183079EAE6244837 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
13:01:39.0934 3352  EhStorTcgDrv - ok
13:01:39.0934 3352  [ A75880A9192B9DA69F46867B06276746 ] embeddedmode    C:\WINDOWS\System32\embeddedmodesvc.dll
13:01:39.0934 3352  embeddedmode - ok
13:01:39.0950 3352  EntAppSvc - ok
13:01:39.0950 3352  [ 1B63CA857FD03FD0A5A1379F2996784F ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
13:01:39.0950 3352  ErrDev - ok
13:01:39.0950 3352  [ 6A5FA501A2D96001391FF3CBA32935AB ] EventSystem     C:\WINDOWS\system32\es.dll
13:01:39.0965 3352  EventSystem - ok
13:01:39.0965 3352  [ FDA93BA2763D29BBFC033681487E9687 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:01:39.0965 3352  EvtEng - ok
13:01:39.0981 3352  [ F1ACA42D448E3986565EA54275EEEA65 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
13:01:39.0981 3352  exfat - ok
13:01:39.0981 3352  [ 0AF4B36754A6EAE794EE4398E219A9E1 ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
13:01:39.0981 3352  fastfat - ok
13:01:39.0996 3352  [ B1A38C0D977D8738779CA3EFEBDFCA8C ] Fax             C:\WINDOWS\system32\fxssvc.exe
13:01:39.0996 3352  Fax - ok
13:01:39.0996 3352  [ 7CD8426A33F06EB72BFEC51F7C264AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
13:01:39.0996 3352  fdc - ok
13:01:39.0996 3352  [ 21EB16C5DDFBC19DEBE9EEC10EA423FB ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
13:01:39.0996 3352  fdPHost - ok
13:01:40.0012 3352  [ 57F98EFE6CB82AE5400BA99C705AF45C ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
13:01:40.0012 3352  FDResPub - ok
13:01:40.0012 3352  [ 02F93E4B9EC2821B6670208044FF5332 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
13:01:40.0012 3352  fhsvc - ok
13:01:40.0012 3352  [ DE51BBBCF358188F9736F031546F9908 ] FileCrypt       C:\WINDOWS\system32\drivers\filecrypt.sys
13:01:40.0012 3352  FileCrypt - ok
13:01:40.0012 3352  [ 822F664952B0F8D11BB6BD2F11779602 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
13:01:40.0012 3352  FileInfo - ok
13:01:40.0028 3352  [ 5A4935682A0D47A4EAC4BE3C2ACF74D6 ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
13:01:40.0028 3352  Filetrace - ok
13:01:40.0028 3352  [ 60641F22D1D38EAD197C25F0339C9712 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
13:01:40.0028 3352  flpydisk - ok
13:01:40.0028 3352  FltMgr - ok
13:01:40.0028 3352  FontCache - ok
13:01:40.0028 3352  [ A7C6894FFF261C0FEFDCB41BE83CF430 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:01:40.0028 3352  FontCache3.0.0.0 - ok
13:01:40.0028 3352  FrameServer - ok
13:01:40.0043 3352  FsDepends - ok
13:01:40.0043 3352  [ BB82CC2F51F7C3D5DCD13FA3B040D8F8 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:01:40.0043 3352  Fs_Rec - ok
13:01:40.0043 3352  fvevol - ok
13:01:40.0043 3352  [ 3B5DDF1061930A0A891FA63DB0CB878B ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
13:01:40.0043 3352  gencounter - ok
13:01:40.0043 3352  [ 8B34E3F794F652082D7E8AF112F71681 ] genericusbfn    C:\WINDOWS\System32\drivers\genericusbfn.sys
13:01:40.0043 3352  genericusbfn - ok
13:01:40.0059 3352  [ 127C23F4720C8902A3AB0FEE12205317 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
13:01:40.0059 3352  GPIOClx0101 - ok
13:01:40.0059 3352  [ A7A85B505944F99CB55C8669E4F7FC0F ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
13:01:40.0075 3352  gpsvc - ok
13:01:40.0075 3352  [ C7DEA3458E50B691E69EFF0B47CBCCDB ] GpuEnergyDrv    C:\WINDOWS\system32\drivers\gpuenergydrv.sys
13:01:40.0075 3352  GpuEnergyDrv - ok
13:01:40.0090 3352  [ 141904F0581468B39B579EA33CA57549 ] GraphicsPerfSvc C:\WINDOWS\System32\GraphicsPerfSvc.dll
13:01:40.0090 3352  GraphicsPerfSvc - ok
13:01:40.0090 3352  [ 605CCC9CE1839BC5583017DF7CAE27A6 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:01:40.0090 3352  gupdate - ok
13:01:40.0090 3352  [ 605CCC9CE1839BC5583017DF7CAE27A6 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:01:40.0090 3352  gupdatem - ok
13:01:40.0090 3352  [ 99A34FD1F6431A10D8C3BB50E170D0F2 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
13:01:40.0090 3352  HDAudBus - ok
13:01:40.0106 3352  [ 2443FC6EEB9CF092B62127D867901B02 ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
13:01:40.0106 3352  HidBatt - ok
13:01:40.0106 3352  [ 205043CDC16ADE85E252DD54AE925161 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
13:01:40.0106 3352  HidBth - ok
13:01:40.0106 3352  [ B521DDDC9038C066B1B957BF063A531A ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
13:01:40.0106 3352  hidi2c - ok
13:01:40.0106 3352  [ 5AC0EBFA76E93273A806176D3178E986 ] hidinterrupt    C:\WINDOWS\System32\drivers\hidinterrupt.sys
13:01:40.0106 3352  hidinterrupt - ok
13:01:40.0106 3352  [ 366AC0E05EBF5D5C375F65CD8BC7F0DF ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
13:01:40.0106 3352  HidIr - ok
13:01:40.0121 3352  [ 75F4CCB7FF03603E91DD0C7FF83DAABF ] hidserv         C:\WINDOWS\system32\hidserv.dll
13:01:40.0121 3352  hidserv - ok
13:01:40.0121 3352  [ D479BA2CD2E72C8C011BDB0357A2F0D0 ] HIDSwitch       C:\WINDOWS\System32\drivers\AsRadioControl.sys
13:01:40.0121 3352  HIDSwitch - ok
13:01:40.0121 3352  [ 7CB54D02746024648FCE184FC3F941FF ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
13:01:40.0137 3352  HidUsb - ok
13:01:40.0137 3352  HomeGroupListener - ok
13:01:40.0137 3352  [ 24C900B7296AA9867FB761A5801AFBD1 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
13:01:40.0137 3352  HomeGroupProvider - ok
13:01:40.0137 3352  [ 835FB95D85D362057A72D21A48C2C7F8 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
13:01:40.0153 3352  HpSAMD - ok
13:01:40.0153 3352  HTTP - ok
13:01:40.0153 3352  [ AD930879F319969EB09449C015A32104 ] HvHost          C:\WINDOWS\System32\hvhostsvc.dll
13:01:40.0153 3352  HvHost - ok
13:01:40.0153 3352  [ 9F2CFC90306532866C62BDCDFD2532AA ] hvservice       C:\WINDOWS\system32\drivers\hvservice.sys
13:01:40.0153 3352  hvservice - ok
13:01:40.0168 3352  [ EF558A02D734A1403583E95CCEEC2487 ] HWiNFO32        C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS
13:01:40.0168 3352  HWiNFO32 - ok
13:01:40.0184 3352  [ 3737FE486929AFC48F1D10677B698E52 ] HwNClx0101      C:\WINDOWS\system32\Drivers\mshwnclx.sys
13:01:40.0184 3352  HwNClx0101 - ok
13:01:40.0184 3352  [ 3C65EBF7F1BFD98426C355D66876ECEE ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
13:01:40.0184 3352  hwpolicy - ok
13:01:40.0184 3352  [ 7E00234C67A322988AFEA717D5609C9E ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
13:01:40.0200 3352  hyperkbd - ok
13:01:40.0200 3352  [ FBF5BB641DE99AE1DF4835E88D4F8993 ] HyperVideo      C:\WINDOWS\System32\drivers\HyperVideo.sys
13:01:40.0200 3352  HyperVideo - ok
13:01:40.0200 3352  [ 56FF074E50F9042FD2856AB3418F4B18 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
13:01:40.0200 3352  i8042prt - ok
13:01:40.0215 3352  [ B5EC43755E62591197DE5CBBDAA9FEB7 ] iagpio          C:\WINDOWS\System32\drivers\iagpio.sys
13:01:40.0215 3352  iagpio - ok
13:01:40.0215 3352  [ D8CA23F9C5FEF44296FDE1E005C06EC0 ] iai2c           C:\WINDOWS\System32\drivers\iai2c.sys
13:01:40.0215 3352  iai2c - ok
13:01:40.0215 3352  [ 7B769C9D19C013F94874C4B15D59A005 ] iaLPSS2i_GPIO2  C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys
13:01:40.0215 3352  iaLPSS2i_GPIO2 - ok
13:01:40.0215 3352  [ E0F1B3A2A70FABE3BE1C9140BB55E607 ] iaLPSS2i_GPIO2_BXT_P C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys
13:01:40.0215 3352  iaLPSS2i_GPIO2_BXT_P - ok
13:01:40.0231 3352  [ 89A869BCC0588A3009ECB875B09ECD39 ] iaLPSS2i_I2C    C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
13:01:40.0231 3352  iaLPSS2i_I2C - ok
13:01:40.0231 3352  [ 2E693DF3C02A0859DB8DE25772751100 ] iaLPSS2i_I2C_BXT_P C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys
13:01:40.0231 3352  iaLPSS2i_I2C_BXT_P - ok
13:01:40.0231 3352  [ 7F16755A482A86D53F0E0373F9F25A7E ] iaLPSS2_I2C     C:\WINDOWS\System32\drivers\iaLPSS2_I2C.sys
13:01:40.0231 3352  iaLPSS2_I2C - ok
13:01:40.0231 3352  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
13:01:40.0231 3352  iaLPSSi_GPIO - ok
13:01:40.0246 3352  [ EB82A11613326691508D9ED9A4FE29E7 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
13:01:40.0246 3352  iaLPSSi_I2C - ok
13:01:40.0246 3352  [ 0C03EA90CAB8B82FBF6F043E412646AE ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
13:01:40.0262 3352  iaStorA - ok
13:01:40.0262 3352  [ 435883A27A376B125BD4DF888417C85F ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
13:01:40.0262 3352  iaStorAV - ok
13:01:40.0278 3352  [ 7118E4390C4ACDE61E280CE52BCAF44E ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
13:01:40.0278 3352  iaStorV - ok
13:01:40.0278 3352  [ 9DBE8C359ABACE1BE1BBAB687D114506 ] ibbus           C:\WINDOWS\System32\drivers\ibbus.sys
13:01:40.0278 3352  ibbus - ok
13:01:40.0293 3352  ibtsiva - ok
13:01:40.0293 3352  [ 4E1B3A134ABCB88B40A7D0544F51C7FB ] ibtusb          C:\WINDOWS\system32\DRIVERS\ibtusb.sys
13:01:40.0293 3352  ibtusb - ok
13:01:40.0293 3352  [ 1C3C0E8045D1F5BE43B4B37DCEC230A6 ] ICCWDT          C:\WINDOWS\System32\drivers\ICCWDT.sys
13:01:40.0293 3352  ICCWDT - ok
13:01:40.0293 3352  icssvc - ok
13:01:40.0403 3352  [ 286CE6486D79970CFBAC3AC6005E6DD6 ] igfx            C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b326a764554caf41\igdkmd64.sys
13:01:40.0450 3352  igfx - ok
13:01:40.0465 3352  [ 1DC47C658F0A94322C5A1CEDB5BF08FB ] igfxCUIService2.0.0.0 C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b326a764554caf41\igfxCUIService.exe
13:01:40.0465 3352  igfxCUIService2.0.0.0 - ok
13:01:40.0465 3352  [ 72AB18B50053FA57B08FD4065C11B16B ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
13:01:40.0481 3352  IKEEXT - ok
13:01:40.0481 3352  [ 42CAF6216A6E516DC56BA319ACC7EEC5 ] IndirectKmd     C:\WINDOWS\System32\drivers\IndirectKmd.sys
13:01:40.0481 3352  IndirectKmd - ok
13:01:40.0496 3352  InstallService - ok
13:01:40.0543 3352  [ 99B2D87B4D1C93C9E02F8C5D61F0C97E ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
13:01:40.0559 3352  IntcAzAudAddService - ok
13:01:40.0559 3352  [ 00386575E3114F15C65665BD003A9A4E ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
13:01:40.0575 3352  IntcDAud - ok
13:01:40.0575 3352  [ AEA02F1F43503A5E10C92246A0B70DBD ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
13:01:40.0590 3352  Intel® Capability Licensing Service TCP IP Interface - ok
13:01:40.0590 3352  [ 40943C1CD031ACE06A8374AD56B9E5EA ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
13:01:40.0590 3352  intelide - ok
13:01:40.0590 3352  [ 327D9CCF5492543AEF3979F9EEAD02BE ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
13:01:40.0590 3352  intelpep - ok
13:01:40.0590 3352  [ 10F2757836F41BFAEA2AE19F6FE869B2 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
13:01:40.0590 3352  intelppm - ok
13:01:40.0606 3352  [ 8387E90B551B9B7F32EDC69909591E9E ] invdimm         C:\WINDOWS\System32\drivers\invdimm.sys
13:01:40.0606 3352  invdimm - ok
13:01:40.0606 3352  [ 73218D23E533593510A3757D2DEC0CB5 ] iocbios2        C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys
13:01:40.0606 3352  iocbios2 - ok
13:01:40.0606 3352  [ E207078E0E1BB3524277DB9077E4148E ] iorate          C:\WINDOWS\system32\drivers\iorate.sys
13:01:40.0606 3352  iorate - ok
13:01:40.0606 3352  [ FD8F64B7B345E539F2EA7F72846F83B4 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:01:40.0621 3352  IpFilterDriver - ok
13:01:40.0621 3352  [ 0076CE11539416052A7A79B2DCC53E6D ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
13:01:40.0621 3352  iphlpsvc - ok
13:01:40.0637 3352  [ 8AAB863E72A4F9C578FED2EE3541545B ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
13:01:40.0637 3352  IPMIDRV - ok
13:01:40.0637 3352  [ 7BEC2AF23F586EFF0DB4DBF4331B0C70 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
13:01:40.0637 3352  IPNAT - ok
13:01:40.0637 3352  [ 35A54F19E703D4FE5919F812F6CC5D0A ] IPT             C:\WINDOWS\System32\drivers\ipt.sys
13:01:40.0637 3352  IPT - ok
13:01:40.0637 3352  [ F6C47021C41F721B628161B64D7DECB9 ] IpxlatCfgSvc    C:\WINDOWS\System32\IpxlatCfg.dll
13:01:40.0637 3352  IpxlatCfgSvc - ok
13:01:40.0653 3352  [ 359CDDBC825959DA28FA886B3C271B53 ] irda            C:\WINDOWS\system32\drivers\irda.sys
13:01:40.0653 3352  irda - ok
13:01:40.0653 3352  [ F88664A2A82DDA456180FFF95A771765 ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
13:01:40.0653 3352  IRENUM - ok
13:01:40.0653 3352  [ 4F500A0171606B0E37964694140FCA16 ] irmon           C:\WINDOWS\System32\irmon.dll
13:01:40.0668 3352  irmon - ok
13:01:40.0668 3352  isapnp - ok
13:01:40.0668 3352  iScsiPrt - ok
13:01:40.0668 3352  [ 4DAEC587A8D45EADEE978885493AFA81 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
13:01:40.0668 3352  jhi_service - ok
13:01:40.0668 3352  [ E320F986BBE0CD9324EA0A193EBF29B1 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
13:01:40.0668 3352  kbdclass - ok
13:01:40.0684 3352  [ AFF5DDCC1A79217C9526FF5E01A69E89 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
13:01:40.0684 3352  kbdhid - ok
13:01:40.0684 3352  [ 916E62AF3386F7A74603E5C545F6FF2D ] kdnic           C:\WINDOWS\System32\drivers\kdnic.sys
13:01:40.0684 3352  kdnic - ok
13:01:40.0684 3352  [ 94E06D509D50807774F35BEE3163E806 ] KeyIso          C:\WINDOWS\system32\lsass.exe
13:01:40.0684 3352  KeyIso - ok
13:01:40.0700 3352  [ 69FA8BEBADF807089FEFCD3F59CFAC1E ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
13:01:40.0700 3352  KSecDD - ok
13:01:40.0700 3352  KSecPkg - ok
13:01:40.0700 3352  [ DD8C4726127CFE313233372D70787C37 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
13:01:40.0700 3352  ksthunk - ok
13:01:40.0700 3352  [ 6EAF246BC12DB548AC65A4CEFB14B547 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
13:01:40.0700 3352  KtmRm - ok
13:01:40.0715 3352  [ E154D11E1EDAD53DF6A2204F3A604F28 ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
13:01:40.0715 3352  LanmanServer - ok
13:01:40.0715 3352  [ DBB81AAC130C4CAAB87E519467846A06 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
13:01:40.0731 3352  LanmanWorkstation - ok
13:01:40.0731 3352  [ D81931EF9914A135F9ECF409DC826266 ] lfsvc           C:\WINDOWS\System32\lfsvc.dll
13:01:40.0731 3352  lfsvc - ok
13:01:40.0731 3352  [ F180F46B88044C6F6D3C313A799E5857 ] LicenseManager  C:\WINDOWS\system32\LicenseManagerSvc.dll
13:01:40.0731 3352  LicenseManager - ok
13:01:40.0746 3352  [ CB5A6E117502156794F0DA9E61506006 ] lltdio          C:\WINDOWS\system32\drivers\lltdio.sys
13:01:40.0746 3352  lltdio - ok
13:01:40.0746 3352  [ 48199253D7F6119F88294F8845F0808D ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
13:01:40.0746 3352  lltdsvc - ok
13:01:40.0762 3352  [ DCF6F1AA7A51CC08FED089363F83316E ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
13:01:40.0762 3352  lmhosts - ok
13:01:40.0762 3352  [ 11EEB592ADBF5390DA5C9BDFF586F9EB ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:01:40.0762 3352  LMS - ok
13:01:40.0778 3352  [ 20048BEE892138A745B1C23EBB0E069F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
13:01:40.0778 3352  LSI_SAS - ok
13:01:40.0778 3352  [ 9EAB16572B576979D585DDEDB12417CD ] LSI_SAS2i       C:\WINDOWS\system32\drivers\lsi_sas2i.sys
13:01:40.0778 3352  LSI_SAS2i - ok
13:01:40.0778 3352  [ 3B7B359C0870317106DF3438D4FF491D ] LSI_SAS3i       C:\WINDOWS\system32\drivers\lsi_sas3i.sys
13:01:40.0778 3352  LSI_SAS3i - ok
13:01:40.0778 3352  [ 2DE03BA338A4B0ACDB416A30F1C7D56F ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
13:01:40.0778 3352  LSI_SSS - ok
13:01:40.0778 3352  LSM - ok
13:01:40.0793 3352  [ 9A497169E145FCE2D8AA7DBC67377F64 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
13:01:40.0793 3352  luafv - ok
13:01:40.0793 3352  [ 3520DE00ABC5EFF0DBAFD41129AD970F ] MapsBroker      C:\WINDOWS\System32\moshost.dll
13:01:40.0793 3352  MapsBroker - ok
13:01:40.0793 3352  [ BF56CB9D02DEE8CA9CBA50220BE16F15 ] mausbhost       C:\WINDOWS\System32\drivers\mausbhost.sys
13:01:40.0809 3352  mausbhost - ok
13:01:40.0809 3352  [ 01BDEE1FFF6D2216797DFEE4ABD937D9 ] mausbip         C:\WINDOWS\System32\drivers\mausbip.sys
13:01:40.0809 3352  mausbip - ok
13:01:40.0856 3352  [ 734B435E1693386213EEFD4D17A70DEB ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
13:01:40.0872 3352  MBAMService - ok
13:01:40.0887 3352  [ B047B9CE5A0D800E6D713B43D0405221 ] MBAMSwissArmy   C:\WINDOWS\System32\Drivers\mbamswissarmy.sys
13:01:40.0887 3352  MBAMSwissArmy - ok
13:01:40.0887 3352  [ C7B8B5053D646CBD30BE1BA6B487D396 ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
13:01:40.0887 3352  megasas - ok
13:01:40.0887 3352  [ EB8ED3204499DDB2D3BA094A4563EE3E ] megasas2i       C:\WINDOWS\system32\drivers\MegaSas2i.sys
13:01:40.0887 3352  megasas2i - ok
13:01:40.0887 3352  [ F1C1D4E752DE1D58295040E5BE8813AF ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
13:01:40.0903 3352  megasr - ok
13:01:40.0903 3352  [ F1E754DEEB3369BCCE2228D5C10DE101 ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
13:01:40.0903 3352  MEIx64 - ok
13:01:40.0903 3352  [ 4965456A1B4B3039E4B9AB233F5E9B1E ] MessagingService C:\WINDOWS\System32\MessagingService.dll
13:01:40.0903 3352  MessagingService - ok
13:01:40.0918 3352  [ 16B078D1089FEA98710C9D07C152DCEE ] mlx4_bus        C:\WINDOWS\System32\drivers\mlx4_bus.sys
13:01:40.0918 3352  mlx4_bus - ok
13:01:40.0918 3352  [ 20C57CE47B1A877C48A4B68E9A4E21FA ] MMCSS           C:\WINDOWS\system32\drivers\mmcss.sys
13:01:40.0918 3352  MMCSS - ok
13:01:40.0918 3352  [ A4467A5C080318F0CCCF5ED463821F8B ] Modem           C:\WINDOWS\system32\drivers\modem.sys
13:01:40.0918 3352  Modem - ok
13:01:40.0918 3352  [ 78BE85C1F1C7F3AF6C87BCE127007D5A ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
13:01:40.0934 3352  monitor - ok
13:01:40.0934 3352  [ 8E262B34A8BD184B4B3025AA8C396B00 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
13:01:40.0934 3352  mouclass - ok
13:01:40.0934 3352  [ C094A555F148495EA130D3BBC5232D5E ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
13:01:40.0934 3352  mouhid - ok
13:01:40.0934 3352  [ 6434BC884502E95EEA2379C92DD22B60 ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
13:01:40.0934 3352  mountmgr - ok
13:01:40.0934 3352  [ D8EC957D7CC9C917B8E850D725C2F7E1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:01:40.0934 3352  MozillaMaintenance - ok
13:01:40.0950 3352  [ F36E4074C66DD31855A8D79EF0AE8066 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
13:01:40.0950 3352  mpsdrv - ok
13:01:40.0950 3352  MpsSvc - ok
13:01:40.0950 3352  [ 215D672CB71987CD98EB2298EFB84DDC ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
13:01:40.0950 3352  MRxDAV - ok
13:01:40.0950 3352  mrxsmb - ok
13:01:40.0965 3352  [ 87FF93E7420C9068C0D5B2F3109809F4 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
13:01:40.0965 3352  mrxsmb20 - ok
13:01:40.0965 3352  [ 167408B38458ECAE545C57527BC99024 ] MsBridge        C:\WINDOWS\system32\drivers\bridge.sys
13:01:40.0965 3352  MsBridge - ok
13:01:40.0965 3352  [ D5778559A0F34EE0BF0457293C6B5F4F ] MSDTC           C:\WINDOWS\System32\msdtc.exe
13:01:40.0965 3352  MSDTC - ok
13:01:40.0965 3352  [ AE111778CA6AC08862B3C713F0413333 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
13:01:40.0981 3352  Msfs - ok
13:01:40.0981 3352  [ 6DDDFCAB646BBBCFC583135C4430E10F ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
13:01:40.0981 3352  msgpiowin32 - ok
13:01:40.0981 3352  [ 01C6A86BEA8279E557A5056148F068BF ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
13:01:40.0981 3352  mshidkmdf - ok
13:01:40.0981 3352  [ F65ABC7DE945047147F17330F79732CB ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
13:01:40.0981 3352  mshidumdf - ok
13:01:40.0981 3352  [ 05B23012427801E710BDD12720B9020B ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
13:01:40.0981 3352  msisadrv - ok
13:01:40.0997 3352  [ 21B88DF67507BD4DFF8A5487074BB31F ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
13:01:40.0997 3352  MSiSCSI - ok
13:01:40.0997 3352  msiserver - ok
13:01:40.0997 3352  MSKSSRV - ok
13:01:40.0997 3352  [ C3F5EA6B9041A30B4F11BE2E7863E487 ] MsLldp          C:\WINDOWS\system32\drivers\mslldp.sys
13:01:40.0997 3352  MsLldp - ok
13:01:40.0997 3352  [ 601D666820F0408B896791D19BE6D258 ] MSPCLOCK        C:\WINDOWS\System32\drivers\MSPCLOCK.sys
13:01:40.0997 3352  MSPCLOCK - ok
13:01:40.0997 3352  [ 46E61FBA0097E48E5628C74A3F72233A ] MSPQM           C:\WINDOWS\System32\drivers\MSPQM.sys
13:01:40.0997 3352  MSPQM - ok
13:01:41.0012 3352  MsRPC - ok
13:01:41.0012 3352  [ CBD56E0B55FB3672BA80382EC2F8835C ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
13:01:41.0012 3352  mssmbios - ok
13:01:41.0012 3352  [ 5734B2A36D3BB13A638E5305EEEC582D ] MSTEE           C:\WINDOWS\System32\drivers\MSTEE.sys
13:01:41.0012 3352  MSTEE - ok
13:01:41.0012 3352  [ 85270E0DC6907C6B99F72A36F17AED34 ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
13:01:41.0012 3352  MTConfig - ok
13:01:41.0028 3352  [ DB5B1539F5EBB3DD3A7ED25ADBC4D6D9 ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
13:01:41.0028 3352  Mup - ok
13:01:41.0028 3352  [ 3C57FF3BCF496D24C39C2198158864BB ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
13:01:41.0028 3352  mvumis - ok
13:01:41.0028 3352  [ AB470D436F92381965F06CB7E94271FA ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
13:01:41.0028 3352  MyWiFiDHCPDNS - ok
13:01:41.0028 3352  NativeWifiP - ok
13:01:41.0043 3352  NaturalAuthentication - ok
13:01:41.0043 3352  [ FBA9F5B9F59A665F248F70B905EDCE14 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
13:01:41.0043 3352  NcaSvc - ok
13:01:41.0043 3352  [ 1A75CBB2C8161676CEA17E6FFE441FE7 ] NcbService      C:\WINDOWS\System32\ncbservice.dll
13:01:41.0059 3352  NcbService - ok
13:01:41.0059 3352  [ 3C7E074AE41D8DFB41A9E65904D8BF43 ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
13:01:41.0059 3352  NcdAutoSetup - ok
13:01:41.0059 3352  [ 77B047B109CE758A017F58FAE5038D0D ] ndfltr          C:\WINDOWS\System32\drivers\ndfltr.sys
13:01:41.0059 3352  ndfltr - ok
13:01:41.0059 3352  NDIS - ok
13:01:41.0059 3352  [ 067AE5BA349CC35AF8975D22DC483DDF ] NdisCap         C:\WINDOWS\system32\drivers\ndiscap.sys
13:01:41.0059 3352  NdisCap - ok
13:01:41.0075 3352  [ 6FC4D7EB5D38CFB7966405036116F065 ] NdisImPlatform  C:\WINDOWS\system32\drivers\NdisImPlatform.sys
13:01:41.0075 3352  NdisImPlatform - ok
13:01:41.0075 3352  [ ED7CC4E16B76B2603C9F827188EA63B4 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:01:41.0075 3352  NdisTapi - ok
13:01:41.0075 3352  [ 8D977AFC195A3F4B15B05D02B2BD0292 ] Ndisuio         C:\WINDOWS\system32\drivers\ndisuio.sys
13:01:41.0075 3352  Ndisuio - ok
13:01:41.0075 3352  [ DC1D26D62F40B7552BCF49D92774F0C5 ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
13:01:41.0075 3352  NdisVirtualBus - ok
13:01:41.0075 3352  [ 66F56AC744101DB870934D0EB31C2426 ] NdisWan         C:\WINDOWS\System32\drivers\ndiswan.sys
13:01:41.0090 3352  NdisWan - ok
13:01:41.0090 3352  [ 66F56AC744101DB870934D0EB31C2426 ] ndiswanlegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:01:41.0090 3352  ndiswanlegacy - ok
13:01:41.0090 3352  ndproxy - ok
13:01:41.0090 3352  [ A791792DC412CCD83DA0AF6871682552 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
13:01:41.0090 3352  Ndu - ok
13:01:41.0090 3352  [ BE79982A50AC88BC0765F3AFECFCB596 ] NetAdapterCx    C:\WINDOWS\system32\drivers\NetAdapterCx.sys
13:01:41.0090 3352  NetAdapterCx - ok
13:01:41.0106 3352  NetBIOS - ok
13:01:41.0106 3352  NetBT - ok
13:01:41.0106 3352  [ 94E06D509D50807774F35BEE3163E806 ] Netlogon        C:\WINDOWS\system32\lsass.exe
13:01:41.0106 3352  Netlogon - ok
13:01:41.0106 3352  [ 94BC40F88309B0B7DFE68B2C2BB15EB6 ] Netman          C:\WINDOWS\System32\netman.dll
13:01:41.0122 3352  Netman - ok
13:01:41.0122 3352  [ 79ED54CA41486399361778D533E55A99 ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
13:01:41.0122 3352  netprofm - ok
13:01:41.0122 3352  NetSetupSvc - ok
13:01:41.0137 3352  [ 97FF2186BBAA215727300404862D297B ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:01:41.0137 3352  NetTcpPortSharing - ok
13:01:41.0137 3352  netvsc - ok
13:01:41.0215 3352  [ E78415469235CF12A4390CAFFDE1A9A4 ] Netwtw04        C:\WINDOWS\System32\drivers\Netwtw04.sys
13:01:41.0231 3352  Netwtw04 - ok
13:01:41.0247 3352  [ E27ACE78CA1BDF4FBBF3323D6E9AFCDB ] NgcCtnrSvc      C:\WINDOWS\System32\NgcCtnrSvc.dll
13:01:41.0247 3352  NgcCtnrSvc - ok
13:01:41.0262 3352  [ A557C92583E81CA97D2C0F2467E7C2F9 ] NgcSvc          C:\WINDOWS\system32\ngcsvc.dll
13:01:41.0278 3352  NgcSvc - ok
13:01:41.0278 3352  NlaSvc - ok
13:01:41.0278 3352  Npfs - ok
13:01:41.0278 3352  [ 5CB8082E51DE7D19042F0FF8C517CB0D ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
13:01:41.0278 3352  npsvctrig - ok
13:01:41.0293 3352  [ 3BA4E9585E9D7D7E6E68A18184DDDBF2 ] nsi             C:\WINDOWS\system32\nsisvc.dll
13:01:41.0293 3352  nsi - ok
13:01:41.0293 3352  [ 958921BB7AE2671983743FDA0DD587C4 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
13:01:41.0293 3352  nsiproxy - ok
13:01:41.0293 3352  NTFS - ok
13:01:41.0293 3352  [ 0D1E03A5F87F4DE04D97622C686910A2 ] Null            C:\WINDOWS\system32\drivers\Null.sys
13:01:41.0293 3352  Null - ok
13:01:41.0309 3352  [ CEFDB5A85FF9F1F8E4CA832D41D59BFA ] NvContainerLocalSystem C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
13:01:41.0309 3352  NvContainerLocalSystem - ok
13:01:41.0309 3352  [ CEFDB5A85FF9F1F8E4CA832D41D59BFA ] NvContainerNetworkService C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
13:01:41.0309 3352  NvContainerNetworkService - ok
13:01:41.0309 3352  [ 532F27A2B62D70C327E763F035AED6C1 ] nvdimmn         C:\WINDOWS\System32\drivers\nvdimmn.sys
13:01:41.0309 3352  nvdimmn - ok
13:01:41.0434 3352  [ 9AC6A19C3314E392D70596511DB4C25A ] nvlddmkm        C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_85e3b134be9efb31\nvlddmkm.sys
13:01:41.0481 3352  nvlddmkm - ok
13:01:41.0497 3352  [ 7E04652EB1A476BC0A72ECDC613AF0C5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
13:01:41.0497 3352  nvraid - ok
13:01:41.0497 3352  [ 880B3E874914DAEF97119876543AE117 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
13:01:41.0497 3352  nvstor - ok
13:01:41.0497 3352  [ 6D0FBFF20D03AD65F361A4F992F4BD9E ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
13:01:41.0497 3352  NvStreamKms - ok
13:01:41.0497 3352  [ 1B221319F0FCFC8B741FE3777DC412D3 ] NvTelemetryContainer C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
13:01:41.0497 3352  NvTelemetryContainer - ok
13:01:41.0512 3352  [ CC96143828750E44313B9412694FE0E0 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
13:01:41.0512 3352  nvvad_WaveExtensible - ok
13:01:41.0512 3352  [ E922DF7E9767AB997EF82BD8DA37F84A ] nvvhci          C:\WINDOWS\System32\drivers\nvvhci.sys
13:01:41.0512 3352  nvvhci - ok
13:01:41.0512 3352  OneSyncSvc - ok
13:01:41.0512 3352  [ D1A6BFC7CA6F5908C9C15727607C3ECC ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:01:41.0512 3352  ose64 - ok
13:01:41.0528 3352  p2pimsvc - ok
13:01:41.0528 3352  p2psvc - ok
13:01:41.0528 3352  [ 2E07EC2C1622F5E7B535D62DCD61F3AB ] Parport         C:\WINDOWS\System32\drivers\parport.sys
13:01:41.0528 3352  Parport - ok
13:01:41.0528 3352  partmgr - ok
13:01:41.0528 3352  PcaSvc - ok
13:01:41.0528 3352  pci - ok
13:01:41.0543 3352  [ E5AF806815ED797086629741F29E4156 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
13:01:41.0543 3352  pciide - ok
13:01:41.0543 3352  [ 2A631D447B988AFBE847CBAA8E5CC298 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
13:01:41.0543 3352  pcmcia - ok
13:01:41.0543 3352  [ ACD510CF2B631A2D36B2CFB7D31E22FD ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
13:01:41.0543 3352  pcw - ok
13:01:41.0543 3352  [ 1796112EB89559910BC18865A29C8894 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
13:01:41.0543 3352  pdc - ok
13:01:41.0559 3352  [ F21127EDE5D72090A1B029AFF4AFFD17 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
13:01:41.0559 3352  PEAUTH - ok
13:01:41.0559 3352  [ 35FD028E4323018202C0B7D115FD3AEF ] percsas2i       C:\WINDOWS\system32\drivers\percsas2i.sys
13:01:41.0559 3352  percsas2i - ok
13:01:41.0559 3352  [ F9F3D8BE9BC9241CC726197261362AC4 ] percsas3i       C:\WINDOWS\system32\drivers\percsas3i.sys
13:01:41.0559 3352  percsas3i - ok
13:01:41.0590 3352  [ EA780FAE0D6796D56D0CAF39360BF7C0 ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
13:01:41.0590 3352  PerfHost - ok
13:01:41.0590 3352  PhoneSvc - ok
13:01:41.0590 3352  PimIndexMaintenanceSvc - ok
13:01:41.0606 3352  [ 73B5A132EBF3A8075A7C68DFBB4DE719 ] pla             C:\WINDOWS\system32\pla.dll
13:01:41.0606 3352  pla - ok
13:01:41.0622 3352  [ 64A80A746FC460126FA4124AA2D93848 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
13:01:41.0622 3352  PlugPlay - ok
13:01:41.0622 3352  [ 36D43EA5517F3F4AAAC8EE061C957EF1 ] pmem            C:\WINDOWS\System32\drivers\pmem.sys
13:01:41.0622 3352  pmem - ok
13:01:41.0622 3352  [ 59048555B59FD69287CFAB6022B5CC86 ] PNPMEM          C:\WINDOWS\System32\drivers\pnpmem.sys
13:01:41.0622 3352  PNPMEM - ok
13:01:41.0622 3352  [ 7815D5EEE3624640150B1365EB2E98C5 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
13:01:41.0622 3352  PNRPAutoReg - ok
13:01:41.0637 3352  PNRPsvc - ok
13:01:41.0637 3352  [ E1BCA08929D806A087D90BC11C6020E8 ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
13:01:41.0637 3352  PolicyAgent - ok
13:01:41.0637 3352  [ A3CCFB8A5BD48F56EF2ACB4A427A1AC7 ] Power           C:\WINDOWS\system32\umpo.dll
13:01:41.0653 3352  Power - ok
13:01:41.0653 3352  PptpMiniport - ok
13:01:41.0684 3352  [ 7CD1D9EE59F49FBD3E72876F19038BE0 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
13:01:41.0700 3352  PrintNotify - ok
13:01:41.0700 3352  [ 8803D4F36F1CB2E2203F5EB59571E89C ] PrintWorkflowUserSvc C:\WINDOWS\System32\PrintWorkflowService.dll
13:01:41.0700 3352  PrintWorkflowUserSvc - ok
13:01:41.0715 3352  [ B1111C47F128C946BDC87A18E44007EB ] Processor       C:\WINDOWS\System32\drivers\processr.sys
13:01:41.0715 3352  Processor - ok
13:01:41.0715 3352  [ A2CA8830BF77FAB39D6E5C45A404FB78 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
13:01:41.0715 3352  ProfSvc - ok
13:01:41.0715 3352  [ 5818FE76C3C6AE0CA723EBE483BF447F ] Psched          C:\WINDOWS\system32\drivers\pacer.sys
13:01:41.0731 3352  Psched - ok
13:01:41.0731 3352  [ FC1CEF0CC00E2C405ABFEF07B8CD1375 ] PushToInstall   C:\WINDOWS\system32\PushToInstall.dll
13:01:41.0731 3352  PushToInstall - ok
13:01:41.0747 3352  [ 034BA34ADFA10F9D7E4989273DDABA33 ] QWAVE           C:\WINDOWS\system32\qwave.dll
13:01:41.0747 3352  QWAVE - ok
13:01:41.0747 3352  [ 16F9A6B593B52EB18F7ECB9D251BDF7A ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
13:01:41.0747 3352  QWAVEdrv - ok
13:01:41.0747 3352  [ 13600C467512147E99052806F2C1307A ] Ramdisk         C:\WINDOWS\system32\DRIVERS\ramdisk.sys
13:01:41.0747 3352  Ramdisk - ok
13:01:41.0762 3352  [ F57D1DE0C9522BCD590A69D044641B5A ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:01:41.0762 3352  RasAcd - ok
13:01:41.0762 3352  [ ED0EE10911C16AD8B21B9003C90E968F ] RasAgileVpn     C:\WINDOWS\System32\drivers\AgileVpn.sys
13:01:41.0762 3352  RasAgileVpn - ok
13:01:41.0762 3352  RasAuto - ok
13:01:41.0762 3352  [ E0220BB6580D34001D4D1D133052DAA4 ] Rasl2tp         C:\WINDOWS\System32\drivers\rasl2tp.sys
13:01:41.0762 3352  Rasl2tp - ok
13:01:41.0762 3352  RasMan - ok
13:01:41.0762 3352  [ 12EE1D92F4E5FAE4B6F65195A2016CE5 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:01:41.0778 3352  RasPppoe - ok
13:01:41.0778 3352  [ 91CE469015979E5B3C3DBC2C41A476E8 ] RasSstp         C:\WINDOWS\System32\drivers\rassstp.sys
13:01:41.0778 3352  RasSstp - ok
13:01:41.0778 3352  rdbss - ok
13:01:41.0778 3352  [ 8A5285B38A203D15110E142DE68406DD ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
13:01:41.0778 3352  rdpbus - ok
13:01:41.0778 3352  [ DF83769C92527DB50653F8FB57D001FF ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
13:01:41.0778 3352  RDPDR - ok
13:01:41.0793 3352  [ 4D1A63ACEC42A88E52AFC4E84A8CE9EE ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
13:01:41.0793 3352  RdpVideoMiniport - ok
13:01:41.0793 3352  [ 12AF835862F2B6B2FB9DEA8BA2288587 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
13:01:41.0793 3352  rdyboost - ok
13:01:41.0809 3352  [ FB0577F6BC9E07549CEACF5224327499 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
13:01:41.0809 3352  ReFS - ok
13:01:41.0825 3352  [ 4136BCA61BCDCC79DCE145F9CB639CD6 ] ReFSv1          C:\WINDOWS\system32\drivers\ReFSv1.sys
13:01:41.0825 3352  ReFSv1 - ok
13:01:41.0840 3352  [ 7FAF275536458A8A92A77ED04150F91B ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:01:41.0840 3352  RegSrvc - ok
13:01:41.0840 3352  [ 16884710EB4898CB49B18609EEE34C6C ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
13:01:41.0856 3352  RemoteAccess - ok
13:01:41.0856 3352  [ 9D82CD53B622A85A10B4DA8F4724A8E4 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
13:01:41.0856 3352  RemoteRegistry - ok
13:01:41.0872 3352  [ 24C716C6A5AA3BEC3180BB15050C75C5 ] RetailDemo      C:\WINDOWS\system32\RDXService.dll
13:01:41.0872 3352  RetailDemo - ok
13:01:41.0872 3352  [ 5BF7698021DB13B55753FD921BEBE318 ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
13:01:41.0872 3352  RFCOMM - ok
13:01:41.0872 3352  [ BBC228CA2F96B784B01FE7F1C5E3CFBB ] rhproxy         C:\WINDOWS\System32\drivers\rhproxy.sys
13:01:41.0872 3352  rhproxy - ok
13:01:41.0887 3352  [ 665A51DE515A2E8B0BDB3D6917D47DD9 ] RmSvc           C:\WINDOWS\System32\RMapi.dll
13:01:41.0887 3352  RmSvc - ok
13:01:41.0887 3352  [ 7190786F51AFE7F160F3F3D56E8355E7 ] ROGGamingCenterService C:\Program Files (x86)\ASUSTeK COMPUTER INC\ROG Gaming Center\ROGGamingCenterService.exe
13:01:41.0887 3352  ROGGamingCenterService - ok
13:01:41.0887 3352  [ D0F6698E56F0157EA72F2D754C6FD555 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
13:01:41.0887 3352  RpcEptMapper - ok
13:01:41.0903 3352  [ EB65907BD63871669C54D5E5BAE4DD34 ] RpcLocator      C:\WINDOWS\system32\locator.exe
13:01:41.0903 3352  RpcLocator - ok
13:01:41.0903 3352  [ 79BDBB684629A526CCD958F06B9D6FAD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
13:01:41.0918 3352  RpcSs - ok
13:01:41.0918 3352  [ 4AEF2CC20371CC7965C460EB0CC5DEF5 ] RSP2STOR        C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys
13:01:41.0918 3352  RSP2STOR - ok
13:01:41.0918 3352  [ 27B80E5766B114621980F82FB78E912A ] rspndr          C:\WINDOWS\system32\drivers\rspndr.sys
13:01:41.0918 3352  rspndr - ok
13:01:41.0934 3352  [ 79747DDE91258C902A84E5132B9C0E17 ] rt640x64        C:\WINDOWS\System32\drivers\rt640x64.sys
13:01:41.0934 3352  rt640x64 - ok
13:01:41.0934 3352  [ F0FA6B67B16EEFDEF8E8AFAD47A4F9B8 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
13:01:41.0934 3352  s3cap - ok
13:01:41.0950 3352  [ 94E06D509D50807774F35BEE3163E806 ] SamSs           C:\WINDOWS\system32\lsass.exe
13:01:41.0950 3352  SamSs - ok
13:01:41.0950 3352  [ 324FA3C337EB54B43448F7B08444DC8D ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
13:01:41.0950 3352  sbp2port - ok
13:01:41.0950 3352  SCardSvr - ok
13:01:41.0950 3352  [ 5CB8816960FE5C608F75607F34530BBB ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
13:01:41.0950 3352  ScDeviceEnum - ok
13:01:41.0965 3352  [ 62A33CE69DB508BCEC63F4D3BFF400CE ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
13:01:41.0965 3352  scfilter - ok
13:01:41.0965 3352  Schedule - ok
13:01:41.0965 3352  [ 7B057373146CC4E5A1F1DA665EA55DC7 ] scmbus          C:\WINDOWS\system32\drivers\scmbus.sys
13:01:41.0965 3352  scmbus - ok
13:01:41.0965 3352  [ 200A5398C0E7E78DBDF6C0D9E811F366 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
13:01:41.0981 3352  SCPolicySvc - ok
13:01:41.0981 3352  sdbus - ok
13:01:41.0981 3352  [ 6D3853838864886B4F10B074282772E0 ] SDFRd           C:\WINDOWS\System32\drivers\SDFRd.sys
13:01:41.0981 3352  SDFRd - ok
13:01:41.0981 3352  [ 368180051766E4289E3D47AF21F2668C ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
13:01:41.0981 3352  SDRSVC - ok
13:01:41.0981 3352  sdstor - ok
13:01:41.0997 3352  [ 0356C85312D78F4C7F33C74B6000BB93 ] seclogon        C:\WINDOWS\system32\seclogon.dll
13:01:41.0997 3352  seclogon - ok
13:01:41.0997 3352  SecurityHealthService - ok
13:01:41.0997 3352  SEMgrSvc - ok
13:01:41.0997 3352  [ 62EDAD383010E037C4D3846C7C021A00 ] SENS            C:\WINDOWS\System32\sens.dll
13:01:41.0997 3352  SENS - ok
13:01:42.0012 3352  [ DDBBE9A08C79D3BB50D6053507F7777D ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
13:01:42.0012 3352  SensorDataService - ok
13:01:42.0028 3352  SensorService - ok
13:01:42.0028 3352  [ 25B028799D43FE6324CC9E79B31E6ACD ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
13:01:42.0028 3352  SensrSvc - ok
13:01:42.0028 3352  [ 75A27472AFD009255DBDE52038E3BDB5 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
13:01:42.0028 3352  SerCx - ok
13:01:42.0028 3352  [ 84005F54308109A022413D628E966412 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
13:01:42.0028 3352  SerCx2 - ok
13:01:42.0044 3352  [ 40384793F74CFFA45BCC38DF65E978EC ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
13:01:42.0044 3352  Serenum - ok
13:01:42.0044 3352  [ 699470AD24D67908991A777716A352FD ] Serial          C:\WINDOWS\System32\drivers\serial.sys
13:01:42.0044 3352  Serial - ok
13:01:42.0044 3352  [ 92453F065F52A8EF0328A926B2C9502F ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
13:01:42.0044 3352  sermouse - ok
13:01:42.0059 3352  [ 8958262EA3A871D45B14B7BA00F795C1 ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
13:01:42.0059 3352  SessionEnv - ok
13:01:42.0059 3352  [ 1D8920C40F19B5FBA5F4897779840AD1 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
13:01:42.0059 3352  sfloppy - ok
13:01:42.0059 3352  SharedAccess - ok
13:01:42.0075 3352  [ 63377493508564288721EF5421A216F5 ] SharedRealitySvc C:\WINDOWS\System32\SharedRealitySvc.dll
13:01:42.0075 3352  SharedRealitySvc - ok
13:01:42.0090 3352  [ 887458A234108B5B69038299BE7FAD88 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:01:42.0090 3352  ShellHWDetection - ok
13:01:42.0090 3352  [ 5ED18BE9FE76540A0596BB41C91719C6 ] shpamsvc        C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
13:01:42.0106 3352  shpamsvc - ok
13:01:42.0106 3352  [ A871F9CC9CF388DC7193D22EF8D8C8DF ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
13:01:42.0106 3352  SiSRaid2 - ok
13:01:42.0106 3352  [ D30FC341550CC364880950152AE8B1C5 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
13:01:42.0106 3352  SiSRaid4 - ok
13:01:42.0106 3352  [ 9CA6E573757C76A515EFD6DD795A3A1E ] smphost         C:\WINDOWS\System32\smphost.dll
13:01:42.0106 3352  smphost - ok
13:01:42.0122 3352  SmsRouter - ok
13:01:42.0122 3352  [ FDADDEC855034107E5FAD708B4E2424D ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
13:01:42.0122 3352  SNMPTRAP - ok
13:01:42.0122 3352  spaceport - ok
13:01:42.0122 3352  [ CCECE7E96B4F7B0E9F0FC82F6DADA917 ] SpatialGraphFilter C:\WINDOWS\system32\drivers\SpatialGraphFilter.sys
13:01:42.0122 3352  SpatialGraphFilter - ok
13:01:42.0137 3352  [ 545507AF670BC88B89200A118513ED9A ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
13:01:42.0137 3352  SpbCx - ok
13:01:42.0137 3352  spectrum - ok
13:01:42.0137 3352  Spooler - ok
13:01:42.0137 3352  sppsvc - ok
13:01:42.0137 3352  srv2 - ok
13:01:42.0137 3352  [ 43480B3EE4D23F5AA8EE7C6D83B09487 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
13:01:42.0153 3352  srvnet - ok
13:01:42.0153 3352  [ 5319E85C030CDB3E779D774FEEFF4842 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
13:01:42.0153 3352  SSDPSRV - ok
13:01:42.0153 3352  [ 3BEF5FAC7F3DA3E25B80CC41B5060616 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
13:01:42.0169 3352  SstpSvc - ok
13:01:42.0169 3352  StateRepository - ok
13:01:42.0184 3352  [ F71CA689063E1A15A44268A6B42E3164 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
13:01:42.0184 3352  Steam Client Service - ok
13:01:42.0200 3352  [ 162A805E13B3C0DD06AE8B6FC1900156 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
13:01:42.0200 3352  stexstor - ok
13:01:42.0200 3352  [ 3B3F5D6BB8A6A6F3630194A471989069 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
13:01:42.0200 3352  stisvc - ok
13:01:42.0215 3352  storahci - ok
13:01:42.0215 3352  [ A12CFAAA0F113A25D8CEFE58B1CBB207 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
13:01:42.0215 3352  storflt - ok
13:01:42.0215 3352  stornvme - ok
13:01:42.0215 3352  [ 57377953F5688158054BC8CB5A243115 ] storqosflt      C:\WINDOWS\system32\drivers\storqosflt.sys
13:01:42.0215 3352  storqosflt - ok
13:01:42.0215 3352  StorSvc - ok
13:01:42.0231 3352  storufs - ok
13:01:42.0231 3352  [ 9B431079624306B5659B3B7208A71C75 ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
13:01:42.0231 3352  storvsc - ok
13:01:42.0231 3352  [ 587854AF01CABE83A62D81FFEEBCD6AA ] svsvc           C:\WINDOWS\system32\svsvc.dll
13:01:42.0231 3352  svsvc - ok
13:01:42.0231 3352  [ 027B27E4B9DB3931D64159B81BD915A0 ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
13:01:42.0231 3352  swenum - ok
13:01:42.0247 3352  [ E0915F9B3C154FEF700C34A8E613B945 ] swprv           C:\WINDOWS\System32\swprv.dll
13:01:42.0247 3352  swprv - ok
13:01:42.0247 3352  [ AB15F9FDCD11D5283891BC956E8C5C95 ] Synth3dVsc      C:\WINDOWS\System32\drivers\Synth3dVsc.sys
13:01:42.0247 3352  Synth3dVsc - ok
13:01:42.0247 3352  SysMain - ok
13:01:42.0262 3352  [ 0839E5F9192B050F3B220562FF2C10AF ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
13:01:42.0262 3352  SystemEventsBroker - ok
13:01:42.0262 3352  [ 73F6476EE9F5448838B2883E0B710CD7 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
13:01:42.0262 3352  TabletInputService - ok
13:01:42.0278 3352  [ AC1AA61B04116E540C5AFD18F11F2697 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
13:01:42.0278 3352  TapiSrv - ok
13:01:42.0278 3352  Tcpip - ok
13:01:42.0278 3352  Tcpip6 - ok
13:01:42.0278 3352  [ 74A1BF4093FA7B7D6C9366A39911A78E ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
13:01:42.0278 3352  tcpipreg - ok
13:01:42.0294 3352  [ 571D82ABAC428D902ACA0CF60373C039 ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
13:01:42.0294 3352  tdx - ok
13:01:42.0294 3352  [ B4B68E1DB59456419D9E49645729502A ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
13:01:42.0294 3352  terminpt - ok
13:01:42.0294 3352  [ 96037700AEE1B4D5A6FFC62861E4FF8C ] TermService     C:\WINDOWS\System32\termsrv.dll
13:01:42.0309 3352  TermService - ok
13:01:42.0309 3352  [ E0F78207F33D6C10CBFB23E873837C87 ] Themes          C:\WINDOWS\system32\themeservice.dll
13:01:42.0309 3352  Themes - ok
13:01:42.0309 3352  [ B52BA61AB8E4BAA83EA86BAB312EE6ED ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
13:01:42.0325 3352  TieringEngineService - ok
13:01:42.0325 3352  [ BC834B233125DBB321B809972F2E270E ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
13:01:42.0325 3352  tiledatamodelsvc - ok
13:01:42.0340 3352  [ 9B3AA589825CF90E187DF432D806A316 ] TimeBrokerSvc   C:\WINDOWS\System32\TimeBrokerServer.dll
13:01:42.0340 3352  TimeBrokerSvc - ok
13:01:42.0340 3352  TokenBroker - ok
13:01:42.0340 3352  TPM - ok
13:01:42.0340 3352  [ 39187852984778424A0EFD6B01FAB272 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
13:01:42.0356 3352  TrkWks - ok
13:01:42.0356 3352  TrustedInstaller - ok
13:01:42.0356 3352  [ 8D811209E34358EAD3FD8E40F657E59C ] tsusbflt        C:\WINDOWS\system32\drivers\TsUsbFlt.sys
13:01:42.0356 3352  tsusbflt - ok
13:01:42.0356 3352  [ 68DE1735FB020AE8948BD7B60F2EBD3B ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
13:01:42.0356 3352  TsUsbGD - ok
13:01:42.0356 3352  [ ACD39B0E5CFDA7B1AB7DF33FC5CC0E46 ] tunnel          C:\WINDOWS\System32\drivers\tunnel.sys
13:01:42.0356 3352  tunnel - ok
13:01:42.0372 3352  [ D5E68FCEDE15214BDB5D986D5B50E0BF ] tzautoupdate    C:\WINDOWS\system32\tzautoupdate.dll
13:01:42.0372 3352  tzautoupdate - ok
13:01:42.0372 3352  [ 04FC2C7F73AE58BF0DD674164E28A6DF ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
13:01:42.0372 3352  UASPStor - ok
13:01:42.0372 3352  [ E437FC4B1833F6B745184F78C4921FB8 ] UcmCx0101       C:\WINDOWS\system32\Drivers\UcmCx.sys
13:01:42.0372 3352  UcmCx0101 - ok
13:01:42.0372 3352  [ 950A3E42167904CAB9AA64863C31CEB5 ] UcmTcpciCx0101  C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
13:01:42.0372 3352  UcmTcpciCx0101 - ok
13:01:42.0387 3352  UcmUcsi - ok
13:01:42.0387 3352  [ E6E91B3980A495D2A9D28A09580EA993 ] Ucx01000        C:\WINDOWS\system32\drivers\ucx01000.sys
13:01:42.0387 3352  Ucx01000 - ok
13:01:42.0387 3352  [ DACA289DFFA7658C04FEF6DCFA2AA9CE ] UdeCx           C:\WINDOWS\system32\drivers\udecx.sys
13:01:42.0387 3352  UdeCx - ok
13:01:42.0403 3352  [ 12383D410AEF99AD6979A8EFD3D61888 ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
13:01:42.0403 3352  udfs - ok
13:01:42.0403 3352  [ AB7FE51D818B6059C2F56FA62268CCAC ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
13:01:42.0403 3352  UEFI - ok
13:01:42.0403 3352  [ 58447F28E697A93521DD20530A8D50ED ] Ufx01000        C:\WINDOWS\system32\drivers\ufx01000.sys
13:01:42.0403 3352  Ufx01000 - ok
13:01:42.0403 3352  [ 69ED2D00A7787D9D84E6C90CE0B02B2D ] UfxChipidea     C:\WINDOWS\System32\drivers\UfxChipidea.sys
13:01:42.0403 3352  UfxChipidea - ok
13:01:42.0419 3352  [ F061EC57330FBC597A4E7298BE667780 ] ufxsynopsys     C:\WINDOWS\System32\drivers\ufxsynopsys.sys
13:01:42.0419 3352  ufxsynopsys - ok
13:01:42.0419 3352  [ B26729B378282F72241859C13326E3E8 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
13:01:42.0419 3352  UI0Detect - ok
13:01:42.0419 3352  [ D40BCED160D332005AF612E1228825E6 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
13:01:42.0419 3352  umbus - ok
13:01:42.0419 3352  [ 64CF24D7B1FA4975C52A31BF4C82EB73 ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
13:01:42.0434 3352  UmPass - ok
13:01:42.0434 3352  [ E6B6BDA0412D3C56275E662A5A1937FD ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
13:01:42.0434 3352  UmRdpService - ok
13:01:42.0434 3352  UnistoreSvc - ok
13:01:42.0450 3352  [ D2931E3F67A990328DE5CE7E43F4467C ] upnphost        C:\WINDOWS\System32\upnphost.dll
13:01:42.0450 3352  upnphost - ok
13:01:42.0450 3352  [ ACE4C3B4C7D17B154FFC5BBE5F7A9835 ] UrsChipidea     C:\WINDOWS\System32\drivers\urschipidea.sys
13:01:42.0450 3352  UrsChipidea - ok
13:01:42.0450 3352  [ ECE40EB976A5ACB366808AECF6B235BA ] UrsCx01000      C:\WINDOWS\system32\drivers\urscx01000.sys
13:01:42.0450 3352  UrsCx01000 - ok
13:01:42.0450 3352  [ EB738F830D3E7EA62A218F101EF91FD4 ] UrsSynopsys     C:\WINDOWS\System32\drivers\urssynopsys.sys
13:01:42.0450 3352  UrsSynopsys - ok
13:01:42.0465 3352  [ B43E28E5CF868517EEC0923AB2BC366B ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
13:01:42.0465 3352  usbccgp - ok
13:01:42.0465 3352  [ 1080D80B5F6D249F23BAE1C0C36233A4 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
13:01:42.0465 3352  usbcir - ok
13:01:42.0465 3352  [ EE162DA2C92026A5B96ED89737975AA8 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
13:01:42.0465 3352  usbehci - ok
13:01:42.0481 3352  [ C27FEE9758E3BEDE4D48B5EDBE1122CF ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
13:01:42.0481 3352  usbhub - ok
13:01:42.0481 3352  USBHUB3 - ok
13:01:42.0497 3352  [ 44B954306BB2B311E070EDA276FECAB1 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
13:01:42.0497 3352  usbohci - ok
13:01:42.0497 3352  [ EEF26F9034F0608B93D4D239534BB0BA ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
13:01:42.0497 3352  usbprint - ok
13:01:42.0497 3352  [ 913CFF365DB1803525DBD2AA8B8188B4 ] usbser          C:\WINDOWS\System32\drivers\usbser.sys
13:01:42.0497 3352  usbser - ok
13:01:42.0497 3352  [ 441CAE778B6A1FF6E618E37814A7A52A ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
13:01:42.0497 3352  USBSTOR - ok
13:01:42.0497 3352  [ 2D6BB2157B37B2D9DABF8C218F2A805B ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
13:01:42.0512 3352  usbuhci - ok
13:01:42.0512 3352  [ 68788AE61B2E6A7D97CAD73B632F5BF5 ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
13:01:42.0512 3352  usbvideo - ok
13:01:42.0512 3352  USBXHCI - ok
13:01:42.0512 3352  UserDataSvc - ok
13:01:42.0512 3352  UserManager - ok
13:01:42.0512 3352  UsoSvc - ok
13:01:42.0528 3352  [ 94E06D509D50807774F35BEE3163E806 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
13:01:42.0528 3352  VaultSvc - ok
13:01:42.0528 3352  [ C77C537077822D8EA529AD4EBFD971D6 ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
13:01:42.0528 3352  vdrvroot - ok
13:01:42.0528 3352  [ 07C192BEEA76B1BD9D0310ED20551D54 ] vds             C:\WINDOWS\System32\vds.exe
13:01:42.0544 3352  vds - ok
13:01:42.0544 3352  [ 9D4EEE333603F3675685F644053499D5 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
13:01:42.0544 3352  VerifierExt - ok
13:01:42.0544 3352  vhdmp - ok
13:01:42.0544 3352  [ E10FEBB566E1F0A3936AB304F338637E ] vhf             C:\WINDOWS\System32\drivers\vhf.sys
13:01:42.0544 3352  vhf - ok
13:01:42.0559 3352  vmbus - ok
13:01:42.0559 3352  [ DC9E0600B356258E31403789119C78A9 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
13:01:42.0559 3352  VMBusHID - ok
13:01:42.0559 3352  [ B24F74B2710B66F647419697BDB9E163 ] vmgid           C:\WINDOWS\System32\drivers\vmgid.sys
13:01:42.0559 3352  vmgid - ok
13:01:42.0559 3352  [ CE70937143DBDB2B4BF3A0310EB9E189 ] vmicguestinterface C:\WINDOWS\System32\icsvc.dll
13:01:42.0559 3352  vmicguestinterface - ok
13:01:42.0575 3352  [ CE70937143DBDB2B4BF3A0310EB9E189 ] vmicheartbeat   C:\WINDOWS\System32\icsvc.dll
13:01:42.0575 3352  vmicheartbeat - ok
13:01:42.0575 3352  [ CE70937143DBDB2B4BF3A0310EB9E189 ] vmickvpexchange C:\WINDOWS\System32\icsvc.dll
13:01:42.0575 3352  vmickvpexchange - ok
13:01:42.0575 3352  [ FD73A74D26F5BEC303763FD9CDD2DFB2 ] vmicrdv         C:\WINDOWS\System32\icsvcext.dll
13:01:42.0590 3352  vmicrdv - ok
13:01:42.0590 3352  [ CE70937143DBDB2B4BF3A0310EB9E189 ] vmicshutdown    C:\WINDOWS\System32\icsvc.dll
13:01:42.0590 3352  vmicshutdown - ok
13:01:42.0590 3352  [ CE70937143DBDB2B4BF3A0310EB9E189 ] vmictimesync    C:\WINDOWS\System32\icsvc.dll
13:01:42.0590 3352  vmictimesync - ok
13:01:42.0590 3352  [ CE70937143DBDB2B4BF3A0310EB9E189 ] vmicvmsession   C:\WINDOWS\System32\icsvc.dll
13:01:42.0606 3352  vmicvmsession - ok
13:01:42.0606 3352  [ FD73A74D26F5BEC303763FD9CDD2DFB2 ] vmicvss         C:\WINDOWS\System32\icsvcext.dll
13:01:42.0606 3352  vmicvss - ok
13:01:42.0606 3352  [ D81F6B790519A60F3D1788B45D04B749 ] vnvdimm         C:\WINDOWS\System32\drivers\vnvdimm.sys
13:01:42.0606 3352  vnvdimm - ok
13:01:42.0606 3352  volmgr - ok
13:01:42.0622 3352  [ 6D6CACED512C1EF1FEAC215E37E3A9BC ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
13:01:42.0622 3352  volmgrx - ok
13:01:42.0622 3352  [ 5B27846CF4B1C21AFB3A35A8336BA02F ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
13:01:42.0622 3352  volsnap - ok
13:01:42.0622 3352  [ 72A95A844D6BAF2924A4C15BEDFD6BCA ] volume          C:\WINDOWS\system32\drivers\volume.sys
13:01:42.0622 3352  volume - ok
13:01:42.0637 3352  [ 702273C7C1BE9D366BAF1305D382F03C ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
13:01:42.0637 3352  vpci - ok
13:01:42.0637 3352  [ 075CE3C9E77D2666AFA888951E5F07A9 ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
13:01:42.0637 3352  vsmraid - ok
13:01:42.0637 3352  VSS - ok
13:01:42.0637 3352  [ 26D00E85BE4726B114335250FCDEDA89 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
13:01:42.0637 3352  VSTXRAID - ok
13:01:42.0653 3352  [ 3DFDB573E4D49EA8F416B573525B7A86 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
13:01:42.0653 3352  vwifibus - ok
13:01:42.0653 3352  [ A40FA64655AB5B8773A96A821616C5FC ] vwififlt        C:\WINDOWS\system32\drivers\vwififlt.sys
13:01:42.0653 3352  vwififlt - ok
13:01:42.0653 3352  [ 0D34F98DBDF09D239533AC345C360F03 ] vwifimp         C:\WINDOWS\System32\drivers\vwifimp.sys
13:01:42.0653 3352  vwifimp - ok
13:01:42.0669 3352  [ A17A4F2823C5424C9B8B990644817DC0 ] W32Time         C:\WINDOWS\system32\w32time.dll
13:01:42.0669 3352  W32Time - ok
13:01:42.0669 3352  [ 5B5430522E0BDF2A753D758710BE7C5E ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
13:01:42.0669 3352  WacomPen - ok
13:01:42.0684 3352  [ 451D40C28E7D1CF51A980B83FDEFF498 ] WalletService   C:\WINDOWS\system32\WalletService.dll
13:01:42.0684 3352  WalletService - ok
13:01:42.0684 3352  wanarp - ok
13:01:42.0684 3352  wanarpv6 - ok
13:01:42.0700 3352  [ E3B4C37F1F3D8078AA2AFBEE7F5468CF ] WarpJITSvc      C:\WINDOWS\System32\Windows.WARP.JITService.dll
13:01:42.0700 3352  WarpJITSvc - ok
13:01:42.0715 3352  [ 1C1EB9C4DAF428B3BFDD58572768182C ] wbengine        C:\WINDOWS\system32\wbengine.exe
13:01:42.0731 3352  wbengine - ok
13:01:42.0731 3352  WbioSrvc - ok
13:01:42.0731 3352  wcifs - ok
13:01:42.0731 3352  [ EB1B7609CC9BFA19D81BC0A43CEE067B ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
13:01:42.0747 3352  Wcmsvc - ok
13:01:42.0747 3352  wcncsvc - ok
13:01:42.0747 3352  wcnfs - ok
13:01:42.0747 3352  [ DD2214F899E204ADE6820D387CCA7851 ] WdBoot          C:\WINDOWS\system32\drivers\wd\WdBoot.sys
13:01:42.0747 3352  WdBoot - ok
13:01:42.0762 3352  [ FCC960498E3CD899F0A429F7CF9E77AD ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
13:01:42.0762 3352  Wdf01000 - ok
13:01:42.0762 3352  [ 52A152D8C2AE3824BCFD5F87BE45AA40 ] WdFilter        C:\WINDOWS\system32\drivers\wd\WdFilter.sys
13:01:42.0762 3352  WdFilter - ok
13:01:42.0778 3352  [ AB406F30BE98CDB7AA7171336EF031BA ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
13:01:42.0778 3352  WdiServiceHost - ok
13:01:42.0778 3352  [ AB406F30BE98CDB7AA7171336EF031BA ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
13:01:42.0778 3352  WdiSystemHost - ok
13:01:42.0778 3352  wdiwifi - ok
13:01:42.0794 3352  [ 06C4A87BD6F5FFB3B879435685508BBA ] WdNisDrv        C:\WINDOWS\system32\drivers\wd\WdNisDrv.sys
13:01:42.0794 3352  WdNisDrv - ok
13:01:42.0794 3352  [ 708A11E95855ADF67134A2C5354D9CC3 ] WdNisSvc        C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe
13:01:42.0794 3352  WdNisSvc - ok
13:01:42.0794 3352  [ DF58AA71FBA55E15F572C93447696DEC ] wdnsfltr        C:\WINDOWS\system32\drivers\wdnsfltr.sys
13:01:42.0794 3352  wdnsfltr - ok
13:01:42.0794 3352  WebClient - ok
13:01:42.0809 3352  [ 7997BC2386A9976C0645A28FA8A6E7EA ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
13:01:42.0809 3352  Wecsvc - ok
13:01:42.0809 3352  [ CEA146E0D096A491B265CD2340C2E31D ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
13:01:42.0809 3352  WEPHOSTSVC - ok
13:01:42.0809 3352  [ 40610BA98D5830FB14C3695B3BCA647A ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
13:01:42.0825 3352  wercplsupport - ok
13:01:42.0825 3352  [ AA2B3154D12ABE34640C866AC3472E33 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
13:01:42.0825 3352  WerSvc - ok
13:01:42.0840 3352  [ 86B816E9D24625287BDE9784953A5E86 ] WFDSConMgrSvc   C:\WINDOWS\System32\wfdsconmgrsvc.dll
13:01:42.0840 3352  WFDSConMgrSvc - ok
13:01:42.0840 3352  WFPLWFS - ok
13:01:42.0840 3352  [ F78A2731EC972312C4C998174A9BB325 ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
13:01:42.0840 3352  WiaRpc - ok
13:01:42.0856 3352  [ C8D3FC38426E990E2787771678B19C6D ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
13:01:42.0856 3352  WIMMount - ok
13:01:42.0856 3352  [ 46681DEDF89749053A1FD2694508DB76 ] WinDefend       C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe
13:01:42.0856 3352  WinDefend - ok
13:01:42.0856 3352  [ 0484B0D01EA6F7017519EBDDBADE759D ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
13:01:42.0856 3352  WindowsTrustedRT - ok
13:01:42.0856 3352  [ 813EE0F4D4B8D599DB1968682D080732 ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
13:01:42.0856 3352  WindowsTrustedRTProxy - ok
13:01:42.0872 3352  WinHttpAutoProxySvc - ok
13:01:42.0872 3352  [ E23475E9150E6A50B12DB176EA5CDD56 ] WinMad          C:\WINDOWS\System32\drivers\winmad.sys
13:01:42.0872 3352  WinMad - ok
13:01:42.0872 3352  [ 0FBD5D358094E254A1508832D4042FF7 ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
13:01:42.0872 3352  Winmgmt - ok
13:01:42.0872 3352  WinNat - ok
13:01:42.0903 3352  [ C2A88E382CD48E4772A5570D66BF1A90 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
13:01:42.0919 3352  WinRM - ok
13:01:42.0919 3352  [ E92F3539C4758F6A9F4B80CBAC75B3E6 ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
13:01:42.0919 3352  WINUSB - ok
13:01:42.0919 3352  [ 59126AFCC64270747B5CC9B44A4A48F4 ] WinVerbs        C:\WINDOWS\System32\drivers\winverbs.sys
13:01:42.0919 3352  WinVerbs - ok
13:01:42.0934 3352  [ 0A3ADAA0EFAFA26CA8570E24A13CE484 ] wisvc           C:\WINDOWS\system32\flightsettings.dll
13:01:42.0934 3352  wisvc - ok
13:01:42.0934 3352  WlanSvc - ok
13:01:42.0934 3352  wlidsvc - ok
13:01:42.0950 3352  [ 56E1A46DD1C5D28B10F02E21D077EBF6 ] wlpasvc         C:\WINDOWS\System32\lpasvc.dll
13:01:42.0950 3352  wlpasvc - ok
13:01:42.0965 3352  [ E8C793ED028E132771988760819E3754 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
13:01:42.0965 3352  WmiAcpi - ok
13:01:42.0965 3352  [ 7112092A3C6F41EDBE83636791C774D9 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
13:01:42.0965 3352  wmiApSrv - ok
13:01:42.0965 3352  WMPNetworkSvc - ok
13:01:42.0965 3352  [ 8D6E6F6C233AF450C50FA615530B44D2 ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
13:01:42.0965 3352  Wof - ok
13:01:42.0981 3352  [ 1431D184691F7FA9AAC2064EB0EC6C96 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
13:01:42.0997 3352  workfolderssvc - ok
13:01:42.0997 3352  [ AE9793230B219113DE1163138645E5AE ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
13:01:42.0997 3352  WPDBusEnum - ok
13:01:43.0012 3352  [ 9EAE1EF282864674355B4B81DF6AE935 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
13:01:43.0012 3352  WpdUpFltr - ok
13:01:43.0012 3352  [ C75B59E441206A572CC64BBB60EE54B3 ] WpnService      C:\WINDOWS\system32\WpnService.dll
13:01:43.0012 3352  WpnService - ok
13:01:43.0012 3352  [ 07F4AF1730D55567EACE7ADDEA28FE48 ] WpnUserService  C:\WINDOWS\System32\WpnUserService.dll
13:01:43.0028 3352  WpnUserService - ok
13:01:43.0028 3352  [ 367B3ED0C688AFE28C376B0230814567 ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
13:01:43.0028 3352  ws2ifsl - ok
13:01:43.0028 3352  [ 39DA352FAD220E83CE64DE8DCCB9736B ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
13:01:43.0028 3352  wscsvc - ok
13:01:43.0028 3352  WSearch - ok
13:01:43.0044 3352  wuauserv - ok
13:01:43.0044 3352  [ BD5E68B369DF3453A0A87663C6C5476D ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
13:01:43.0044 3352  WudfPf - ok
13:01:43.0044 3352  [ A86A249314FD0A780214028B0C31A386 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
13:01:43.0044 3352  WUDFRd - ok
13:01:43.0059 3352  [ A86A249314FD0A780214028B0C31A386 ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
13:01:43.0059 3352  WUDFWpdFs - ok
13:01:43.0059 3352  [ A86A249314FD0A780214028B0C31A386 ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
13:01:43.0059 3352  WUDFWpdMtp - ok
13:01:43.0059 3352  WwanSvc - ok
13:01:43.0059 3352  [ 42C738ED1552FE168F6EE1BAE8ACFCAC ] xbgm            C:\WINDOWS\system32\xbgmsvc.exe
13:01:43.0059 3352  xbgm - ok
13:01:43.0075 3352  [ A03C4D4D71304087820A0EF18FCF7582 ] XblAuthManager  C:\WINDOWS\System32\XblAuthManager.dll
13:01:43.0090 3352  XblAuthManager - ok
13:01:43.0106 3352  [ 77ADC2F5DBE303EF8B8D2D08AEE3F3DB ] XblGameSave     C:\WINDOWS\System32\XblGameSave.dll
13:01:43.0106 3352  XblGameSave - ok
13:01:43.0106 3352  [ 2244A4CEFE8F9C74091369ACE2E9EBC6 ] xboxgip         C:\WINDOWS\System32\drivers\xboxgip.sys
13:01:43.0122 3352  xboxgip - ok
13:01:43.0122 3352  [ 1A9550D746B8604D37A90436EF686777 ] XboxGipSvc      C:\WINDOWS\System32\XboxGipSvc.dll
13:01:43.0122 3352  XboxGipSvc - ok
13:01:43.0137 3352  [ 4951DD543AA2710760D90A58261ED665 ] XboxNetApiSvc   C:\WINDOWS\system32\XboxNetApiSvc.dll
13:01:43.0137 3352  XboxNetApiSvc - ok
13:01:43.0137 3352  [ 4A91B49C6B1E41151D47CB919ADF013A ] xinputhid       C:\WINDOWS\System32\drivers\xinputhid.sys
13:01:43.0137 3352  xinputhid - ok
13:01:43.0153 3352  [ D9F4CE6584EE4CA954E8B5C9617B41B1 ] XTU3SERVICE     C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
13:01:43.0153 3352  XTU3SERVICE - ok
13:01:43.0184 3352  [ 855FC47624665AD14BB5BA0034E3A567 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
13:01:43.0200 3352  ZeroConfigService - ok
13:01:43.0200 3352  ================ Scan global ===============================
13:01:43.0200 3352  [ EB45383BE9D7ECB36D55B262E0D8EB46 ] C:\WINDOWS\system32\basesrv.dll
13:01:43.0216 3352  [ 9451BA31B1DC19CED2608D82863C6486 ] C:\WINDOWS\system32\sxssrv.dll
13:01:43.0216 3352  [Global] - ok
13:01:43.0216 3352  ================ Scan MBR ==================================
13:01:43.0216 3352  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
13:01:43.0216 3352  \Device\Harddisk0\DR0 - ok
13:01:43.0216 3352  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
13:01:43.0231 3352  \Device\Harddisk1\DR1 - ok
13:01:43.0231 3352  ================ Scan VBR ==================================
13:01:43.0231 3352  [ 973069D7C83E2D7991B9C6A532DA37CC ] \Device\Harddisk0\DR0\Partition1
13:01:43.0231 3352  \Device\Harddisk0\DR0\Partition1 - ok
13:01:43.0231 3352  [ 7E5AF65FBF243F715EA1A252BB41C3FF ] \Device\Harddisk0\DR0\Partition2
13:01:43.0231 3352  \Device\Harddisk0\DR0\Partition2 - ok
13:01:43.0231 3352  [ 3968D1871FF4291A5A8A05DA468A6511 ] \Device\Harddisk0\DR0\Partition3
13:01:43.0231 3352  \Device\Harddisk0\DR0\Partition3 - ok
13:01:43.0231 3352  [ 2BBC9EC2D759D0EEB52047993F907774 ] \Device\Harddisk0\DR0\Partition4
13:01:43.0231 3352  \Device\Harddisk0\DR0\Partition4 - ok
13:01:43.0247 3352  [ 6F3D64A33307F8D56228BF43D53EEBAB ] \Device\Harddisk1\DR1\Partition1
13:01:43.0247 3352  \Device\Harddisk1\DR1\Partition1 - ok
13:01:43.0247 3352  ============================================================
13:01:43.0247 3352  Scan finished
13:01:43.0247 3352  ============================================================
13:01:43.0262 2184  Detected object count: 0
13:01:43.0262 2184  Actual detected object count: 0
 
 

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:41 PM

Posted 18 March 2018 - 08:35 AM



Hi,

13:01:19.0113 11344 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:01:19.0113 11344 UEFI system


You are using UEFI instead of the BIOS this is more secure and I suspect that gmer and aswMBR will not run as the BIOS is protected.

====

Leta check for a rootkit.

Please download Anti-Rootkit BETA and save it to your Desktop. <check the version below....
  • Right-click on the icon and select Run as administrator to start the extraction of the program;
  • Click Yes to accept the security warning that may appear;
  • Click OK to extract it to your Desktop (MBAR will be launched shortly after the extraction);
  • Click on Next, and then on the Update button to let it update its database. Once the database has been successfully updated, click on Next;
  • Make sure all the checkboxes are checked, then click on the Scan button, and let it completes its scan (this can take a while);
  • Once the scan is done, if threats are found, make sure that every item is checked, and click on the Cleanup button (a reboot might be required);
  • After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt;
  • Please copy and paste the entire content of that log in your next reply;
If you have any problems running either one come back and let me know.
===

p.s.
Other than being unable to run the BIOS's tool what is the problem with this computer?

#5 crisgp

crisgp
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 19 March 2018 - 09:26 AM

Currently there is no problem other than not being able to run the tools. The random crashes seem to have stopped after diver updates.  Here is the Mbar log.

 

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2018.03.18.03
  rootkit: v2018.03.08.03
 
Windows 10 x64 NTFS
Internet Explorer 11.309.16299.0
Chivoblack :: LAPTOP-NSNU8E5M [administrator]
 
3/18/2018 10:20:31 AM
mbar-log-2018-03-18 (10-20-31).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 199024
Time elapsed: 4 minute(s), 28 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:41 PM

Posted 19 March 2018 - 10:36 AM


Hi,

If you want to get more information Google this string UEFI instead of the BIOS

If you need more information you can start a new topic in the Internat Hardware forum.

https://www.bleepingcomputer.com/forums/f/7/internal-hardware/

An expert can help you better than I can on the issues.

It's not malwere and not my forte.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#7 crisgp

crisgp
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 21 March 2018 - 04:57 PM

Thank you. I was not aware of the UEFI/BIOS thing






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users