Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJackThis Log File - Continuous Cursor Loading


  • This topic is locked This topic is locked
11 replies to this topic

#1 ranncloud45

ranncloud45

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 PM

Posted 22 July 2018 - 06:34 PM

Can you Analyze the log file? problem is that the cursor keeps loading even tho no windows or any apps are popping. Also whenever I play games full screen they automatically alt tab into the desktop even tho there is nothing which is a little bit frustrating. It's like there is something going to pop up but its nothing. Even when typing these after a seconds it focuses now on something that causes me to type slowly because I need to always click the window message so I can write here again. please help. My start up suddenly got slower too.  :smash:

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:42 AM

Posted 23 July 2018 - 09:08 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Boot to Safe Mode with Networking.

This tool will run in Safe Mode.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs for my review.

Wait for further instructions.

#3 ranncloud45

ranncloud45
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 PM

Posted 23 July 2018 - 09:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Boot to Safe Mode with Networking.

This tool will run in Safe Mode.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs for my review.

Wait for further instructions.

For FRST.txt:

 

 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.07.2018
Ran by Michael (administrator) on DESKTOP-Q4JP885 (23-07-2018 23:22:27)
Running from C:\Users\Michael\Downloads
Loaded Profiles: Michael (Available Profiles: Michael)
Platform: Windows 10 Home Single Language Version 1709 16299.431 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.Getstarted_6.13.11581.0_x64__8wekyb3d8bbwe\WhatsNew.Store.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [pac] => C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe [339464 2017-01-17] (Autodesk, Inc.)
HKLM\...\Run: [Autodesk Sync] => [X]
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\ASUSWSLoader.exe [63272 2015-12-24] ()
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [704424 2017-06-15] (Autodesk, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
HKU\S-1-5-21-1609367736-3956026332-3981052178-1001\...\Run: [BitTorrent] => C:\Users\Michael\AppData\Roaming\BitTorrent\BitTorrent.exe [2154176 2018-06-22] (BitTorrent Inc.)
HKU\S-1-5-21-1609367736-3956026332-3981052178-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2007576 2017-02-03] (Autodesk, Inc.)
HKU\S-1-5-21-1609367736-3956026332-3981052178-1001\...\Run: [Chromium] => "c:\users\michael\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session --restore-last-session --restore-last-session
HKU\S-1-5-21-1609367736-3956026332-3981052178-1001\...\Run: [IDMan] => D:\Games\Plants vs Zombies - (Www.ApunKaGames.Net)\Plants vs Zombies - (Www.ApunKaGames.Net)\Extra\IDM 6.14 Build 3\IDM 6.14 Build 3\Crack\IDMan.exe [3541008 2012-12-25] (Tonec Inc.)
HKU\S-1-5-21-1609367736-3956026332-3981052178-1001\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe [1049600 2017-09-18] (ASUSTek Computer Inc)
HKU\S-1-5-21-1609367736-3956026332-3981052178-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe [1049600 2017-09-18] (ASUSTek Computer Inc)
HKU\S-1-5-21-1609367736-3956026332-3981052178-1001\...\RunOnce: [Application Restart #0] => C:\Users\Michael\AppData\Roaming\BitTorrent\BitTorrent.exe [2154176 2018-06-22] (BitTorrent Inc.)
HKU\S-1-5-21-1609367736-3956026332-3981052178-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-1609367736-3956026332-3981052178-1001\...\MountPoints2: {17a0abb5-7520-11e8-a776-38d54730ab10} - "F:\Setup.exe" /s
HKU\S-1-5-21-1609367736-3956026332-3981052178-1001\...\MountPoints2: {3129a68f-453b-11e8-a766-74dfbff34388} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1609367736-3956026332-3981052178-1001\...\MountPoints2: {3129b693-453b-11e8-a766-001e101f0000} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-1609367736-3956026332-3981052178-1001\...\MountPoints2: {735ac28c-6a1e-11e7-a724-74dfbff34388} - "G:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-1609367736-3956026332-3981052178-1001\...\MountPoints2: {a2f5afb8-caea-11e7-a741-74dfbff34388} - "F:\Setup.exe" /s
HKU\S-1-5-21-1609367736-3956026332-3981052178-1001\...\MountPoints2: {a74a6a49-b933-11e7-a738-74dfbff34388} - "F:\Setup.exe" /s
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\avast! SecureLine.lnk [2016-08-18]
ShortcutTarget: avast! SecureLine.lnk -> C:\Program Files\AVAST Software\SecureLine\SecureLine.exe (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-07-20]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.766\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Asetup.exe [2017-11-04] (Microsoft)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c84e4f18-3fdf-4af5-b2ed-bb062bbb3e02}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{ea19d7db-1234-494b-87cb-eb1f4548dba9}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1609367736-3956026332-3981052178-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1609367736-3956026332-3981052178-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> No File
BHO-x32: No Name -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-05-20] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-20] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-09-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-20] (Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-20] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-07-20] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-07-20] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-07-20] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-07-20] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-07-20] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-11] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=5.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2016-03-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems)
 
Chrome: 
=======
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default [2018-07-23]
CHR Extension: (Slides) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-17]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-17]
CHR Extension: (Adobe Acrobat) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-08-06]
CHR Extension: (Sheets) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-17]
CHR Extension: (Chrome Media Router) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-20]
CHR HKU\S-1-5-21-1609367736-3956026332-3981052178-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - D:\Games\Plants vs Zombies - (Www.ApunKaGames.Net)\Plants vs Zombies - (Www.ApunKaGames.Net)\Extra\IDM 6.14 Build 3\IDM 6.14 Build 3\Crack\IDMGCExt.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1353208 2017-06-15] (Autodesk Inc.)
S2 AESMService; C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_1781f8bae8fdf5c0\aesm_service.exe [3233064 2018-01-26] (Intel Corporation)
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
S2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe [75264 2015-12-24] (ASUS Cloud Corporation) [File not signed]
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe [121560 2015-07-21] ()
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8765104 2018-07-13] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-16] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-16] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [372112 2017-08-02] (EasyAntiCheat Ltd)
S2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2015-11-09] (Intel Corporation)
S4 FBAgent; C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe [73032 2014-08-13] ()
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-20] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335360 2016-03-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [8704 2016-03-19] (Intel Corporation) [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [209184 2016-04-06] (Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdatesvr.exe [133480 2016-03-31] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.766\McCHSvc.exe [405392 2018-07-11] (McAfee, Inc.)
S2 MEmusvc; D:\Program Files\Microvirt\MEmu\MemuService.exe [269480 2017-05-26] (Microvirt Software Technology Co. Ltd.)
S2 osrss; C:\WINDOWS\system32\osrss.dll [130808 2018-06-08] (Microsoft Corporation)
S2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [293344 2017-07-12] (Realtek Semiconductor Corp.)
S2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2017-08-14] ()
S2 sedsvc; C:\Program Files\rempl\sedsvc.exe [135816 2018-06-28] (Microsoft Corporation)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-17] (TeamViewer GmbH)
S2 Tran_Process_Proc; C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe [71024 2014-03-25] ()
S3 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-09-11] (SHAREit Technologies Co.Ltd)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-07-03] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-07-03] (Microsoft Corporation)
S2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
S2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [141304 2015-12-19] (ASUS Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55784 2015-11-09] (Intel Corporation)
S3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-11-09] (Intel Corporation)
S3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-11-09] (Intel Corporation)
S1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes)
S3 farmntio; C:\Windows\system32\drivers\farmntio.sys [25144 2014-03-25] () [File not signed]
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-07-20] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-07-20] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-07-23] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103648 2018-07-20] (Malwarebytes)
S2 memudrv; D:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [260368 2015-11-02] (Microvirt Corporation)
S3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-06-21] (NVIDIA Corporation)
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2014-08-09] (The OpenVPN Project)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [898296 2016-01-13] (Realtek )
S3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [724448 2017-07-12] (Realtek Semiconductor Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [428032 2017-02-16] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6907240 2017-07-14] (Realtek Semiconductor Corporation )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 TTDrv; D:\KOPLAYER\vbox\TTDrv.sys [261104 2015-12-22] (Oracle Corporation)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [23040 2018-03-15] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46592 2018-07-03] (Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-07-03] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-07-03] (Microsoft Corporation)
S2 WinisoCDBus; C:\WINDOWS\System32\drivers\WinisoCDBus.sys [204032 2016-10-20] (WinISO.com)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-23 23:22 - 2018-07-23 23:23 - 000022495 _____ C:\Users\Michael\Downloads\FRST.txt
2018-07-23 23:17 - 2018-07-23 23:18 - 000365232 _____ C:\WINDOWS\ntbtlog.txt
2018-07-23 23:07 - 2018-07-23 23:13 - 000000000 ____D C:\Users\Michael\AppData\LocalLow\BitTorrent
2018-07-23 23:06 - 2018-07-23 23:06 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2018-07-23 23:04 - 2018-07-23 23:18 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-07-23 22:49 - 2018-07-23 22:49 - 000066626 _____ C:\Users\Michael\Downloads\Shortcut.txt
2018-07-23 22:42 - 2018-07-23 23:22 - 000000000 ____D C:\FRST
2018-07-23 22:39 - 2018-07-23 22:41 - 002412544 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2018-07-23 22:28 - 2018-07-23 22:28 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Offar
2018-07-23 08:34 - 2018-07-23 08:34 - 000005693 ___RH C:\farstone_pe.letter
2018-07-23 08:23 - 2018-07-23 08:23 - 000000000 ____D C:\WINDOWS\pss
2018-07-23 06:54 - 2018-07-23 06:54 - 000388608 _____ (Trend Micro Inc.) C:\Users\Michael\Downloads\HijackThis.exe
2018-07-21 07:48 - 2018-07-21 07:48 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-07-21 07:40 - 2018-07-21 07:40 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 2016.lnk
2018-07-21 07:40 - 2018-07-21 07:40 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio 2016.lnk
2018-07-21 07:40 - 2018-07-21 07:40 - 000002395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-07-21 07:39 - 2018-07-21 07:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-07-20 21:23 - 2018-07-20 21:23 - 000000000 ____D C:\Users\Michael\Desktop\rkill
2018-07-20 21:03 - 2017-11-05 08:23 - 000008704 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Intel.exe
2018-07-20 18:03 - 2018-07-20 18:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2018-07-20 18:02 - 2018-07-20 18:04 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2018-07-20 07:32 - 2018-07-20 16:37 - 000103648 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-07-20 07:32 - 2018-07-20 07:32 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-07-20 07:32 - 2018-07-20 07:32 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-07-20 07:30 - 2018-07-20 07:30 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-07-20 07:30 - 2018-07-20 07:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-07-20 07:30 - 2018-07-20 07:30 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-07-20 07:30 - 2018-07-20 07:30 - 000000000 ____D C:\Program Files\Malwarebytes
2018-07-20 07:30 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-07-20 07:16 - 2018-07-20 07:16 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Obsidium
2018-07-19 23:24 - 2018-07-19 23:24 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Siamx
2018-07-19 22:28 - 2018-07-23 08:17 - 000001086 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-07-19 22:28 - 2018-07-19 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-07-19 22:28 - 2018-07-19 22:28 - 000000000 ____D C:\Program Files\RogueKiller
2018-07-19 22:21 - 2018-07-19 22:26 - 078553895 _____ C:\Users\Michael\Downloads\RogueKiller.Premium.full.crack.12.12.26.pefelie.org.rar
2018-07-19 21:59 - 2018-07-19 22:03 - 036751000 _____ (Adlice Software ) C:\Users\Michael\Downloads\setup.exe
2018-07-19 21:58 - 2018-07-19 22:08 - 076534856 _____ (Malwarebytes ) C:\Users\Michael\Downloads\mb3-setup-19901.19901-3.5.1.2522-1.0.365-1.0.5292.exe
2018-07-18 22:39 - 2018-07-19 02:41 - 000000000 __SHD C:\[Smad-Cage]
2018-07-18 22:39 - 2018-07-18 22:39 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Smadav
2018-07-18 22:38 - 2018-07-20 06:47 - 000000000 ____D C:\Program Files (x86)\SMADAV
2018-07-18 22:37 - 2018-07-18 22:37 - 001886360 _____ (Smadsoft ) C:\Users\Michael\Downloads\smadav2018rev1201.exe
2018-07-16 17:18 - 2018-07-23 08:17 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-07-16 17:18 - 2018-07-18 22:33 - 000000000 ____D C:\ProgramData\RogueKiller
2018-07-16 17:12 - 2018-07-20 21:29 - 000032562 _____ C:\Users\Michael\Desktop\Rkill.txt
2018-07-16 09:14 - 2018-02-02 10:29 - 000000573 _____ C:\Users\Michael\Desktop\EPANET - Copy.lnk
2018-07-15 15:01 - 2018-07-15 15:01 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Offae
2018-07-08 22:31 - 2018-07-08 22:34 - 000000000 ____D C:\Users\Michael\AppData\Local\Ropak
2018-07-02 22:13 - 2018-07-02 22:13 - 000784114 _____ C:\Users\Michael\Downloads\letter-quad-1x1mm-cross orange.pdf
2018-07-02 21:48 - 2018-07-02 21:48 - 000005735 _____ C:\Users\Michael\Downloads\letter-quad-1x1mm-cross.pdf
2018-07-02 17:55 - 2018-06-08 14:09 - 000130808 _____ (Microsoft Corporation) C:\WINDOWS\system32\osrss.dll
2018-06-30 12:31 - 2018-06-30 12:33 - 042113080 _____ C:\Users\Michael\Documents\AutoCAD 2018 - English_cust_settings.zip
2018-06-30 12:06 - 2018-06-30 12:06 - 000000210 ____H C:\Users\Michael\Desktop\ANTIPAS COMPOUND V.2_recover.dwl2
2018-06-30 12:06 - 2018-06-30 12:06 - 000000060 ____H C:\Users\Michael\Desktop\ANTIPAS COMPOUND V.2_recover.dwl
2018-06-23 14:42 - 2018-06-16 20:30 - 3857468978 _____ C:\Users\Michael\Desktop\Doctor.Strange.2016.1080p.HDRip.X264.AC3-EVO[EtHD].mkv
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-23 23:17 - 2017-09-29 16:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-07-23 23:16 - 2017-11-12 12:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-23 23:15 - 2017-10-03 16:02 - 000000000 ____D C:\ProgramData\NVIDIA
2018-07-23 23:15 - 2017-07-17 22:02 - 000000000 ____D C:\Users\Michael\AppData\Roaming\BitTorrent
2018-07-23 23:15 - 2016-08-18 05:13 - 000000000 __RDL C:\Users\Michael\OneDrive
2018-07-23 23:15 - 2016-08-18 05:09 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2018-07-23 23:13 - 2017-08-07 10:23 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-07-23 23:12 - 2016-08-18 05:07 - 000000000 __SHD C:\Users\Michael\IntelGraphicsProfiles
2018-07-23 23:00 - 2017-07-17 20:49 - 000000000 ____D C:\Users\Michael\AppData\Local\CrashDumps
2018-07-23 22:40 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-23 22:37 - 2017-11-10 08:50 - 000000000 ___DC C:\WINDOWS\Panther
2018-07-23 22:29 - 2017-12-19 08:18 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Windows
2018-07-23 22:07 - 2017-11-12 12:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-23 21:11 - 2018-02-24 02:56 - 000004172 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F28317E4-A940-400C-8346-27A1294471F4}
2018-07-23 20:41 - 2018-06-17 00:10 - 000000000 ____D C:\Users\Michael\AppData\Roaming\checklive1
2018-07-23 16:21 - 2017-11-04 16:17 - 000000000 ____D C:\Users\Michael\Downloads\MEmu Download
2018-07-23 16:18 - 2017-09-29 21:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-23 15:18 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-07-23 14:51 - 2017-12-19 08:21 - 000000027 _____ C:\Users\Michael\AppData\win32
2018-07-23 14:50 - 2017-11-04 16:17 - 000000000 ____D C:\Users\Michael\.MemuHyperv
2018-07-23 14:50 - 2016-08-18 05:11 - 000000206 _____ C:\Users\Michael\AppData\Roaming\sp_data.sys
2018-07-23 08:30 - 2016-08-18 05:09 - 000000000 ____D C:\Users\Michael\AppData\Local\NVIDIA Corporation
2018-07-21 19:05 - 2017-07-17 22:09 - 000000000 ____D C:\Users\Michael\AppData\Roaming\vlc
2018-07-21 14:15 - 2018-04-13 18:44 - 000001205 _____ C:\Users\Michael\Desktop\Plants Vs Zombies.lnk
2018-07-21 14:11 - 2017-11-12 12:58 - 000004252 _____ C:\WINDOWS\System32\Tasks\avast! SL Update
2018-07-21 07:50 - 2017-09-29 21:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-21 07:48 - 2017-09-29 21:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-07-21 07:40 - 2016-08-18 04:26 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-07-21 07:40 - 2016-08-18 04:26 - 000002452 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-07-21 07:40 - 2016-08-18 04:26 - 000002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-07-21 07:40 - 2016-08-18 04:26 - 000002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-07-21 07:39 - 2016-08-18 04:26 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-07-21 07:39 - 2016-08-18 04:26 - 000002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-07-21 07:32 - 2016-08-18 04:20 - 000000000 ____D C:\Program Files\Microsoft Office
2018-07-20 22:06 - 2017-07-17 18:32 - 000001285 _____ C:\Users\Public\Desktop\SHAREit.lnk
2018-07-20 20:58 - 2018-04-02 00:34 - 000000000 ____D C:\Users\Michael\AppData\Roaming\194E8331-477C-D7D0-CE5C-3467195FF431
2018-07-20 20:58 - 2017-11-12 12:38 - 000000000 ____D C:\Users\Michael
2018-07-20 18:03 - 2017-09-17 22:31 - 000002011 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2018-07-20 18:03 - 2017-08-06 18:33 - 000000000 ____D C:\Program Files\McAfee Security Scan
2018-07-20 06:54 - 2017-11-12 13:00 - 001028926 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-19 23:36 - 2018-02-09 00:31 - 000000000 ____D C:\WINDOWS\System32\Tasks\{194E8331-477C-D7D0-CE5C-3467195FF431}
2018-07-19 02:41 - 2018-02-08 15:29 - 000000000 ____D C:\Users\Michael\AppData\Local\wincy
2018-07-19 02:12 - 2017-07-17 18:27 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-19 02:12 - 2017-07-17 18:27 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-19 01:55 - 2017-09-29 21:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-19 01:33 - 2017-11-12 12:58 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-07-19 01:32 - 2017-08-06 18:01 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-07-18 22:29 - 2017-11-22 15:06 - 000000355 _____ C:\Users\Michael\AppData\Roaming\WB.CFG
2018-07-18 20:32 - 2017-11-12 12:58 - 000003382 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1609367736-3956026332-3981052178-1001
2018-07-18 20:32 - 2016-08-18 05:13 - 000002375 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-18 14:15 - 2017-07-21 22:03 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-07-18 13:02 - 2017-09-29 21:44 - 000000000 ____D C:\WINDOWS\INF
2018-07-16 17:37 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-07-15 15:54 - 2017-07-17 01:06 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-15 15:53 - 2017-07-17 01:06 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-15 14:41 - 2017-07-17 00:42 - 000000000 ____D C:\Program Files\rempl
2018-07-15 11:31 - 2018-01-30 08:37 - 000291564 _____ C:\WINDOWS\ETABS9.7.4chg.tb2
2018-07-15 11:31 - 2010-01-19 19:24 - 000000739 _____ C:\WINDOWS\ETABSv9.ini
2018-07-15 11:28 - 2017-09-29 21:42 - 000000350 _____ C:\WINDOWS\SysWOW64\o1ypb9c.tgz
2018-07-15 11:28 - 2017-09-29 21:42 - 000000336 _____ C:\WINDOWS\SysWOW64\o1ypb9c.dll
2018-07-15 11:28 - 2017-09-29 21:42 - 000000114 _____ C:\WINDOWS\SysWOW64\prsgrc.tgz
2018-07-15 11:28 - 2017-09-29 21:42 - 000000100 _____ C:\WINDOWS\SysWOW64\prsgrc.dll
2018-07-15 11:28 - 2017-09-29 21:42 - 000000086 _____ C:\WINDOWS\SysWOW64\ssprs.tgz
2018-07-15 11:28 - 2017-07-17 21:27 - 000000000 ____D C:\ProgramData\RevitInterProcess
2018-07-08 22:15 - 2018-03-24 19:03 - 000000000 ____D C:\Users\Michael\Documents\Mixcraft Projects
2018-07-03 21:21 - 2018-02-25 22:09 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-07-02 22:07 - 2017-11-12 12:39 - 000000000 ____D C:\Users\Michael\AppData\Local\Packages
2018-07-02 21:57 - 2017-07-17 21:28 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Foxit Software
2018-06-30 15:18 - 2018-06-07 10:31 - 000000209 ____H C:\Users\Michael\Desktop\ANTIPAS COMPOUND V.2.dwl2
2018-06-30 15:18 - 2018-06-07 10:31 - 000000059 ____H C:\Users\Michael\Desktop\ANTIPAS COMPOUND V.2.dwl
2018-06-30 13:29 - 2017-08-05 16:37 - 000002173 _____ C:\Users\Public\Desktop\AutoCAD 2018 - English.lnk
2018-06-30 13:29 - 2017-08-05 16:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2018 - English
2018-06-30 13:26 - 2016-08-18 03:25 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-06-29 08:46 - 2017-12-14 23:17 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-29 08:46 - 2017-12-14 23:17 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2017-11-04 22:21 - 2017-11-04 22:21 - 000006144 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Asetup.exe
2017-06-13 16:54 - 2017-06-13 16:54 - 000005120 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\atxt.dll
2017-12-19 08:18 - 2017-12-19 08:18 - 000066055 _____ () C:\Users\Michael\AppData\Roaming\buz.zip
2017-06-13 15:43 - 2017-06-13 15:43 - 000004608 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Cdl.dll
2017-06-15 21:19 - 2017-06-15 21:19 - 000005120 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Dhan.dll
2017-06-17 08:38 - 2017-06-17 08:38 - 000006144 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Dom.dll
2017-06-13 21:35 - 2017-06-13 21:35 - 000006656 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\dw.dll
2017-11-05 08:22 - 2017-11-05 08:22 - 000009216 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\dwmDesktop.exe
2017-06-13 16:52 - 2017-06-13 16:52 - 000004608 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\fder.dll
2017-06-14 21:27 - 2017-06-14 21:27 - 000006656 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Ghan.dll
2017-06-15 20:55 - 2017-06-15 20:55 - 000004608 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\ghtml.dll
2017-06-13 16:59 - 2017-06-13 16:59 - 000006144 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Hosd.dll
2018-07-20 21:03 - 2017-11-05 08:23 - 000008704 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Intel.exe
2017-02-19 08:39 - 2017-02-19 08:39 - 000036864 _____ ( ) C:\Users\Michael\AppData\Roaming\Interop.Shell32.dll
2017-06-15 20:58 - 2017-06-15 20:58 - 000005120 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\KF.dll
2017-11-04 22:16 - 2017-11-04 22:16 - 000008192 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\KFC32.exe
2016-08-18 05:11 - 2018-07-23 14:50 - 000000206 _____ () C:\Users\Michael\AppData\Roaming\sp_data.sys
2017-06-15 21:01 - 2017-06-15 21:01 - 000004608 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\statin.dll
2017-06-15 21:20 - 2017-06-15 21:20 - 000007680 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Uzip.dll
2017-11-22 15:06 - 2018-07-18 22:29 - 000000355 _____ () C:\Users\Michael\AppData\Roaming\WB.CFG
2017-11-04 22:11 - 2017-11-04 22:11 - 000009728 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\WindowsDmedias.exe
2017-11-04 22:12 - 2017-11-04 22:12 - 000008192 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Windowsmediab.exe
2017-12-19 08:18 - 2017-11-04 22:21 - 000006144 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Microsoft\Asetup.exe
2017-12-19 08:18 - 2017-06-13 16:54 - 000005120 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Microsoft\atxt.dll
2017-12-19 08:18 - 2017-06-13 15:43 - 000004608 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Microsoft\Cdl.dll
2017-12-19 08:18 - 2017-06-15 21:19 - 000005120 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Microsoft\Dhan.dll
2017-12-19 08:18 - 2017-06-17 08:38 - 000006144 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Microsoft\Dom.dll
2017-12-19 08:18 - 2017-06-13 21:35 - 000006656 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Microsoft\dw.dll
2017-12-19 08:18 - 2017-11-05 08:22 - 000009216 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Microsoft\dwmDesktop.exe
2017-12-19 08:18 - 2017-06-13 16:52 - 000004608 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Microsoft\fder.dll
2017-12-19 08:18 - 2017-06-14 21:27 - 000006656 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Microsoft\Ghan.dll
2017-12-19 08:18 - 2017-06-15 20:55 - 000004608 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Microsoft\ghtml.dll
2017-12-19 08:18 - 2017-06-13 16:59 - 000006144 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Microsoft\Hosd.dll
2017-12-19 08:18 - 2017-11-05 08:23 - 000008704 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Microsoft\Intel.exe
2017-12-19 08:18 - 2017-02-19 08:39 - 000036864 _____ ( ) C:\Users\Michael\AppData\Roaming\Microsoft\Interop.Shell32.dll
2017-12-19 08:18 - 2017-06-15 20:58 - 000005120 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Microsoft\KF.dll
2017-12-19 08:18 - 2017-11-04 22:16 - 000008192 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Microsoft\KFC32.exe
2017-12-19 08:18 - 2017-12-19 08:18 - 000000012 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\nameusa.txt
2017-12-19 08:18 - 2017-11-05 09:33 - 000000012 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\ng
2017-12-19 08:18 - 2017-06-15 21:01 - 000004608 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Microsoft\statin.dll
2017-12-19 08:18 - 2017-06-15 21:20 - 000007680 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Microsoft\Uzip.dll
2017-12-19 08:18 - 2017-11-04 22:11 - 000009728 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Microsoft\WindowsDmedias.exe
2017-12-19 08:18 - 2017-11-04 22:12 - 000008192 _____ (Microsoft) C:\Users\Michael\AppData\Roaming\Microsoft\Windowsmediab.exe
2018-03-25 01:14 - 2018-03-25 02:04 - 000003584 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Some files in TEMP:
====================
2018-07-16 17:18 - 2018-04-16 05:49 - 001954056 _____ (Microsoft Corporation) C:\Users\Michael\AppData\Local\Temp\dllnt_dump.dll
2018-07-20 22:03 - 2018-07-23 18:49 - 000492544 _____ () C:\Users\Michael\AppData\Local\Temp\s3.exe
2018-07-21 12:25 - 2018-04-25 19:13 - 000372116 _____ () C:\Users\Michael\AppData\Local\Temp\Uninstall.exe
2018-07-20 07:23 - 2018-05-08 23:42 - 074288784 _____ (Malwarebytes                                                ) C:\Users\Michael\AppData\Local\Temp\[PiratePC.Net] Malwarebytes Premium 3.5.1.2522.exe
2018-07-18 20:48 - 2018-07-18 20:51 - 049627752 _____ (Google Inc.) C:\Users\Michael\AppData\Local\Temp\{4CB5CCD9-CCF2-4FBF-BCC0-12F991604D9F}-67.0.3396.99_chrome_installer.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-07-15 15:51
 
==================== End of FRST.txt ============================

Attached Files


Edited by ranncloud45, 23 July 2018 - 10:38 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:42 AM

Posted 23 July 2018 - 01:40 PM

HI,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Asetup.exe

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Let me know if the problem persists.

#5 ranncloud45

ranncloud45
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 PM

Posted 24 July 2018 - 05:57 PM

I believe it still does that. This is the fixlog.

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:42 AM

Posted 25 July 2018 - 08:10 AM

Hi,

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • ===


#7 ranncloud45

ranncloud45
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 PM

Posted 25 July 2018 - 09:49 AM

Hi,

Read carefully and follow these steps.
TDSS

  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • ===

 

 

Here is the report:

 

 

22:47:20.0098 10348  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:47:20.0098 10348  UEFI system
22:47:21.0970 10348  ============================================================
22:47:21.0970 10348  Current date / time: 2018/07/25 22:47:21.0970
22:47:21.0970 10348  SystemInfo:
22:47:22.0004 10348  
22:47:22.0004 10348  OS Version: 6.2.9200 ServicePack: 0.0
22:47:22.0004 10348  Product type: Workstation
22:47:22.0004 10348  ComputerName: DESKTOP-Q4JP885
22:47:22.0013 10348  UserName: Michael
22:47:22.0013 10348  Windows directory: C:\WINDOWS
22:47:22.0013 10348  System windows directory: C:\WINDOWS
22:47:22.0013 10348  Running under WOW64
22:47:22.0013 10348  Processor architecture: Intel x64
22:47:22.0013 10348  Number of processors: 4
22:47:22.0013 10348  Page size: 0x1000
22:47:22.0013 10348  Boot type: Normal boot
22:47:22.0013 10348  ============================================================
22:47:22.0164 10348  BG loaded
22:47:22.0402 10348  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:47:22.0405 10348  ============================================================
22:47:22.0405 10348  \Device\Harddisk0\DR0:
22:47:22.0405 10348  GPT partitions:
22:47:22.0405 10348  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {C76EAB79-E9D3-41EE-A280-D554E4E8001E}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x82000
22:47:22.0405 10348  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {82F16BF6-D7FA-4730-9062-FFBB75AB5C52}, Name: Microsoft reserved partition, StartLBA 0x82800, BlocksNum 0x8000
22:47:22.0405 10348  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {5B9F6973-1307-4007-AFEC-7E632A9FD644}, Name: Basic data partition, StartLBA 0x8A800, BlocksNum 0x2E6FF188
22:47:22.0405 10348  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {BE776927-2FE0-444F-8BF0-B295E019AA7A}, Name: , StartLBA 0x2E78A000, BlocksNum 0x1AC000
22:47:22.0406 10348  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {8807F996-C394-42FB-8F46-BB0184C90A6D}, Name: Basic data partition, StartLBA 0x2E936000, BlocksNum 0x45DD0800
22:47:22.0406 10348  MBR partitions:
22:47:22.0406 10348  ============================================================
22:47:22.0446 10348  C: <-> \Device\Harddisk0\DR0\Partition3
22:47:22.0474 10348  D: <-> \Device\Harddisk0\DR0\Partition5
22:47:22.0474 10348  ============================================================
22:47:22.0474 10348  Initialize success
22:47:22.0474 10348  ============================================================
22:47:30.0090 8520  ============================================================
22:47:30.0090 8520  Scan started
22:47:30.0090 8520  Mode: Manual; 
22:47:30.0090 8520  ============================================================
22:47:31.0265 8520  ================ Scan system memory ========================
22:47:31.0265 8520  System memory - ok
22:47:31.0265 8520  ================ Scan services =============================
22:47:31.0369 8520  1394ohci - ok
22:47:31.0371 8520  Suspicious service (Hidden): 21117903
22:47:31.0372 8520  21117903 ( HiddenService.Multi.Generic ) - warning
22:47:31.0372 8520  21117903 - detected HiddenService.Multi.Generic (1)
22:47:31.0376 8520  3ware - ok
22:47:31.0390 8520  ACPI - ok
22:47:31.0396 8520  AcpiDev - ok
22:47:31.0400 8520  acpiex - ok
22:47:31.0427 8520  acpipagr - ok
22:47:31.0464 8520  [ B9805A3C479390CEAEA5AEF5E4A90A2E ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
22:47:31.0464 8520  AcpiPmi - ok
22:47:31.0469 8520  acpitime - ok
22:47:31.0594 8520  [ EF88AC7F6A45A531FAF6663F8BEDC2E9 ] AdAppMgrSvc     C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
22:47:31.0594 8520  AdAppMgrSvc - ok
22:47:31.0665 8520  [ AE86FE2A70C377C0F1AD5B20E66F4C2F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:47:31.0665 8520  AdobeARMservice - ok
22:47:31.0678 8520  ADP80XX - ok
22:47:31.0810 8520  [ DD0F522345A45E86BFB2F0DD22FCD2A3 ] AESMService     C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_1781f8bae8fdf5c0\aesm_service.exe
22:47:31.0827 8520  AESMService - ok
22:47:31.0846 8520  AFD - ok
22:47:31.0925 8520  [ 3D1BB871A893182B0058A4898D5AFE29 ] AGMService      C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
22:47:31.0930 8520  AGMService - ok
22:47:31.0971 8520  [ C20CA26CDE768CA950C622B866292FC2 ] AGSService      C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
22:47:31.0978 8520  AGSService - ok
22:47:31.0994 8520  ahcache - ok
22:47:32.0029 8520  [ EF91AC93FD14599002CC21D10F9F0D58 ] AiCharger       C:\WINDOWS\system32\DRIVERS\AiCharger.sys
22:47:32.0044 8520  AiCharger - ok
22:47:32.0078 8520  [ 84FFB4AC2BA923364DF13F73751E05D1 ] AJRouter        C:\WINDOWS\System32\AJRouter.dll
22:47:32.0078 8520  AJRouter - ok
22:47:32.0095 8520  [ 084101AB03969D8ED00D5FFBE5F4C3DF ] ALG             C:\WINDOWS\System32\alg.exe
22:47:32.0111 8520  ALG - ok
22:47:32.0127 8520  AmdK8 - ok
22:47:32.0138 8520  AmdPPM - ok
22:47:32.0157 8520  amdsata - ok
22:47:32.0161 8520  amdsbs - ok
22:47:32.0165 8520  amdxata - ok
22:47:32.0168 8520  AppID - ok
22:47:32.0195 8520  AppIDSvc - ok
22:47:32.0211 8520  Appinfo - ok
22:47:32.0244 8520  [ 1E085E2302D568F0CE041732B3E887B0 ] applockerfltr   C:\WINDOWS\system32\drivers\applockerfltr.sys
22:47:32.0244 8520  applockerfltr - ok
22:47:32.0262 8520  AppMgmt - ok
22:47:32.0297 8520  [ 1D123729F547EEDFBE3F510346848C38 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
22:47:32.0297 8520  AppReadiness - ok
22:47:32.0343 8520  AppXSvc - ok
22:47:32.0350 8520  arcsas - ok
22:47:32.0418 8520  [ DC932785E0BEBCD6F980068047BD80BC ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
22:47:32.0418 8520  ASLDRService - ok
22:47:32.0429 8520  [ 116DD55EEF8843D7C526EB17A932822F ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
22:47:32.0429 8520  ASMMAP64 - ok
22:47:32.0484 8520  [ AF0561974536C33073E0DF48C2F47C19 ] Asus WebStorage Windows Service C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe
22:47:32.0485 8520  Asus WebStorage Windows Service - ok
22:47:32.0511 8520  [ 308437492F76E3498F5D9B8DB5E5B2C8 ] AsusSGDrv       C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys
22:47:32.0511 8520  AsusSGDrv - ok
22:47:32.0528 8520  AsyncMac - ok
22:47:32.0561 8520  atapi - ok
22:47:32.0578 8520  [ F989273B3F820E5C20F6D1F351E8EBE9 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
22:47:32.0578 8520  ATKGFNEXSrv - ok
22:47:32.0595 8520  [ 0E717D7FED23731863EC44B4031DC268 ] ATKWMIACPIIO    C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
22:47:32.0595 8520  ATKWMIACPIIO - ok
22:47:32.0629 8520  AudioEndpointBuilder - ok
22:47:32.0645 8520  Audiosrv - ok
22:47:32.0696 8520  [ 947FF5992E26AFD4CAA34506678B70BC ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
22:47:32.0710 8520  AxInstSV - ok
22:47:32.0726 8520  b06bdrv - ok
22:47:32.0741 8520  bam - ok
22:47:32.0777 8520  BasicDisplay - ok
22:47:32.0811 8520  BasicRender - ok
22:47:32.0819 8520  bcmfn2 - ok
22:47:32.0845 8520  [ 72963E0676003016B431306A6F4951BF ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
22:47:32.0845 8520  BDESVC - ok
22:47:32.0877 8520  Beep - ok
22:47:32.0881 8520  BFE - ok
22:47:32.0894 8520  BITS - ok
22:47:32.0897 8520  bowser - ok
22:47:32.0914 8520  BrokerInfrastructure - ok
22:47:32.0964 8520  [ DB109DA005B6FE2A350C5DD7CA768DFD ] BrYNSvc         C:\Program Files (x86)\Browny02\BrYNSvc.exe
22:47:32.0965 8520  BrYNSvc - ok
22:47:32.0997 8520  [ 2F860584C523300AEC6B22F1A46FF044 ] BTDevManager    C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe
22:47:32.0997 8520  BTDevManager - ok
22:47:33.0027 8520  [ 8A99FD5859DF5B147256B1BF46A97A9E ] BthA2DP         C:\WINDOWS\system32\drivers\BthA2DP.sys
22:47:33.0027 8520  BthA2DP - ok
22:47:33.0060 8520  [ A4863B7B1F0DB513D6E34547BACC211A ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
22:47:33.0060 8520  BthAvrcpTg - ok
22:47:33.0144 8520  [ 82BD96D56574231AD0E9BBF293EA2E7F ] BthEnum         C:\WINDOWS\System32\drivers\BthEnum.sys
22:47:33.0144 8520  BthEnum - ok
22:47:33.0177 8520  [ F0801BA7335BF5C8BBD33ECF1C8DA352 ] BthHFAud        C:\WINDOWS\system32\DRIVERS\BthHfAud.sys
22:47:33.0177 8520  BthHFAud - ok
22:47:33.0210 8520  [ 9C9EE272C11252C651C5DE6A1AC1EDAA ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
22:47:33.0210 8520  BthHFEnum - ok
22:47:33.0244 8520  [ 69734E386826ED857C889330F35B4D9C ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
22:47:33.0259 8520  bthhfhid - ok
22:47:33.0294 8520  [ BC58294295CBAD6637A526470305B5EA ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
22:47:33.0294 8520  BthHFSrv - ok
22:47:33.0327 8520  [ 338B8D45C7DFB03DB7957188E16C9661 ] bthl2cap        C:\WINDOWS\system32\DRIVERS\bthl2cap.sys
22:47:33.0327 8520  bthl2cap - ok
22:47:33.0377 8520  [ 47BF82E2A6D11279C8501E08518AB835 ] BthLEEnum       C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
22:47:33.0377 8520  BthLEEnum - ok
22:47:33.0411 8520  [ A94AFAEA86F5F792BB4ECA095B231464 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
22:47:33.0411 8520  BTHMODEM - ok
22:47:33.0430 8520  BthPan - ok
22:47:33.0447 8520  BTHPORT - ok
22:47:33.0479 8520  [ 572BCA61B7E026E057AF7DF456AC7E0B ] bthserv         C:\WINDOWS\system32\bthserv.dll
22:47:33.0479 8520  bthserv - ok
22:47:33.0577 8520  [ 55C836530A9602255BFB4F5D9DA2B737 ] BTHUSB          C:\WINDOWS\System32\drivers\BTHUSB.sys
22:47:33.0577 8520  BTHUSB - ok
22:47:33.0594 8520  bttflt - ok
22:47:33.0610 8520  buttonconverter - ok
22:47:33.0643 8520  [ 2AB01CE5E233A6FBA3E91BD57772AA4B ] CAD             C:\WINDOWS\System32\drivers\CAD.sys
22:47:33.0643 8520  CAD - ok
22:47:33.0677 8520  camsvc - ok
22:47:33.0684 8520  CapImg - ok
22:47:33.0685 8520  cdfs - ok
22:47:33.0743 8520  [ 147CEBE0C5F7A80135C54715521AD9E1 ] CDPSvc          C:\WINDOWS\System32\CDPSvc.dll
22:47:33.0743 8520  CDPSvc - ok
22:47:33.0777 8520  CDPUserSvc - ok
22:47:33.0811 8520  cdrom - ok
22:47:33.0843 8520  CertPropSvc - ok
22:47:33.0851 8520  cht4iscsi - ok
22:47:33.0854 8520  cht4vbd - ok
22:47:33.0878 8520  [ 9798D58461706930190F1F2F6BF21D80 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
22:47:33.0893 8520  circlass - ok
22:47:33.0943 8520  CldFlt - ok
22:47:33.0959 8520  CLFS - ok
22:47:34.0173 8520  [ 1D46F38E0F5CCE3726EDAC81B26D4A89 ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
22:47:34.0195 8520  ClickToRunSvc - ok
22:47:34.0226 8520  ClipSVC - ok
22:47:34.0259 8520  CmBatt - ok
22:47:34.0276 8520  CNG - ok
22:47:34.0293 8520  [ C65AF00EF12A1755E7CA370B0C71935D ] cnghwassist     C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
22:47:34.0308 8520  cnghwassist - ok
22:47:34.0387 8520  [ A50300498D56B2448F3593D25478D508 ] CompositeBus    C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_9c1fb8f4db31c348\CompositeBus.sys
22:47:34.0387 8520  CompositeBus - ok
22:47:34.0404 8520  COMSysApp - ok
22:47:34.0409 8520  condrv - ok
22:47:34.0443 8520  CoreMessagingRegistrar - ok
22:47:34.0502 8520  [ 903F7F0109670544B92C26BFB461A10E ] cphs            C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe
22:47:34.0502 8520  cphs - ok
22:47:34.0531 8520  [ 6F259733CCCABCFBB3F5A9034277AB8D ] cplspcon        C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe
22:47:34.0531 8520  cplspcon - ok
22:47:34.0554 8520  CryptSvc - ok
22:47:34.0592 8520  [ 72BE43ABD786E86AAE7EA2193201E100 ] dam             C:\WINDOWS\system32\drivers\dam.sys
22:47:34.0592 8520  dam - ok
22:47:34.0665 8520  [ A1F58FFF448E4099297D6EE0641D4D0E ] dbupdate        C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
22:47:34.0665 8520  dbupdate - ok
22:47:34.0676 8520  [ A1F58FFF448E4099297D6EE0641D4D0E ] dbupdatem       C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
22:47:34.0677 8520  dbupdatem - ok
22:47:34.0685 8520  DcomLaunch - ok
22:47:34.0692 8520  defragsvc - ok
22:47:34.0743 8520  [ B5F9123D6537856EA698386ABA27A232 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
22:47:34.0743 8520  DeviceAssociationService - ok
22:47:34.0750 8520  DeviceInstall - ok
22:47:34.0794 8520  [ A19F51A044B62C994144ED87A7A5A887 ] DevicesFlowUserSvc C:\WINDOWS\System32\DevicesFlowBroker.dll
22:47:34.0794 8520  DevicesFlowUserSvc - ok
22:47:34.0826 8520  [ 0D2A4CA81D1F7B5E5FBFE1E4F60246B8 ] DevQueryBroker  C:\WINDOWS\system32\DevQueryBroker.dll
22:47:34.0826 8520  DevQueryBroker - ok
22:47:34.0843 8520  Dfsc - ok
22:47:34.0875 8520  [ 9593475FBC857A05D93BFF4FA7323C2B ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
22:47:34.0875 8520  dg_ssudbus - ok
22:47:34.0926 8520  Dhcp - ok
22:47:34.0975 8520  diagnosticshub.standardcollector.service - ok
22:47:35.0008 8520  [ E2BF09B816393AF73EDCB8ECF9BBDB2D ] diagsvc         C:\WINDOWS\system32\DiagSvc.dll
22:47:35.0009 8520  diagsvc - ok
22:47:35.0047 8520  DiagTrack - ok
22:47:35.0064 8520  Disk - ok
22:47:35.0092 8520  DmEnrollmentSvc - ok
22:47:35.0099 8520  dmvsc - ok
22:47:35.0126 8520  [ 10E72E3315305461D3F0C7560AE98CA5 ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
22:47:35.0126 8520  dmwappushservice - ok
22:47:35.0160 8520  Dnscache - ok
22:47:35.0181 8520  dot3svc - ok
22:47:35.0208 8520  [ 6D8971C942FEE43A0AB6B3192534AFB4 ] DPS             C:\WINDOWS\system32\dps.dll
22:47:35.0208 8520  DPS - ok
22:47:35.0242 8520  [ 225C4E9280B2AE38DCAA5E2FEFC437C2 ] dptf_acpi       C:\WINDOWS\System32\drivers\dptf_acpi.sys
22:47:35.0242 8520  dptf_acpi - ok
22:47:35.0275 8520  [ 4DD17AA07FA0A75E79B47E5B7F18964D ] dptf_cpu        C:\WINDOWS\System32\drivers\dptf_cpu.sys
22:47:35.0275 8520  dptf_cpu - ok
22:47:35.0293 8520  drmkaud - ok
22:47:35.0310 8520  DsmSvc - ok
22:47:35.0330 8520  DsSvc - ok
22:47:35.0336 8520  DusmSvc - ok
22:47:35.0344 8520  DXGKrnl - ok
22:47:35.0359 8520  Eaphost - ok
22:47:35.0369 8520  EasyAntiCheat - ok
22:47:35.0372 8520  ebdrv - ok
22:47:35.0428 8520  EFS - ok
22:47:35.0445 8520  EhStorClass - ok
22:47:35.0460 8520  EhStorTcgDrv - ok
22:47:35.0493 8520  [ A75880A9192B9DA69F46867B06276746 ] embeddedmode    C:\WINDOWS\System32\embeddedmodesvc.dll
22:47:35.0493 8520  embeddedmode - ok
22:47:35.0525 8520  EntAppSvc - ok
22:47:35.0525 8520  ErrDev - ok
22:47:35.0615 8520  [ 49EDBE0603232013F7247413407F713E ] esifsvc         C:\WINDOWS\SysWOW64\esif_uf.exe
22:47:35.0615 8520  esifsvc - ok
22:47:35.0649 8520  [ A63C10A6A6B09FED00046DDD313C2CC1 ] esif_lf         C:\WINDOWS\system32\DRIVERS\esif_lf.sys
22:47:35.0649 8520  esif_lf - ok
22:47:35.0680 8520  [ 082F9D1ADB6DF9E5DB30EB52A34FCF0A ] ESProtectionDriver C:\WINDOWS\system32\drivers\mbae64.sys
22:47:35.0680 8520  ESProtectionDriver - ok
22:47:35.0728 8520  [ 6A5FA501A2D96001391FF3CBA32935AB ] EventSystem     C:\WINDOWS\system32\es.dll
22:47:35.0728 8520  EventSystem - ok
22:47:35.0743 8520  exfat - ok
22:47:35.0761 8520  [ 0EE1D766D9B671AB101978723FE3558B ] farmntio        C:\Windows\system32\drivers\farmntio.sys
22:47:35.0761 8520  farmntio - ok
22:47:35.0769 8520  fastfat - ok
22:47:35.0817 8520  [ B1A38C0D977D8738779CA3EFEBDFCA8C ] Fax             C:\WINDOWS\system32\fxssvc.exe
22:47:35.0817 8520  Fax - ok
22:47:35.0901 8520  [ 273C8426CB8FCAF9BDAD04F59B080490 ] FBAgent         C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe
22:47:35.0902 8520  FBAgent - ok
22:47:35.0909 8520  fdc - ok
22:47:35.0943 8520  [ 21EB16C5DDFBC19DEBE9EEC10EA423FB ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
22:47:35.0943 8520  fdPHost - ok
22:47:35.0975 8520  [ 57F98EFE6CB82AE5400BA99C705AF45C ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
22:47:35.0975 8520  FDResPub - ok
22:47:36.0008 8520  [ 02F93E4B9EC2821B6670208044FF5332 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
22:47:36.0024 8520  fhsvc - ok
22:47:36.0041 8520  [ DE51BBBCF358188F9736F031546F9908 ] FileCrypt       C:\WINDOWS\system32\drivers\filecrypt.sys
22:47:36.0041 8520  FileCrypt - ok
22:47:36.0060 8520  FileInfo - ok
22:47:36.0076 8520  Filetrace - ok
22:47:36.0137 8520  [ 1B04D931B3EFA5FE67FA7D8510722222 ] FlexNet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
22:47:36.0137 8520  FlexNet Licensing Service 64 - ok
22:47:36.0156 8520  flpydisk - ok
22:47:36.0174 8520  FltMgr - ok
22:47:36.0192 8520  FontCache - ok
22:47:36.0274 8520  FontCache3.0.0.0 - ok
22:47:36.0292 8520  FrameServer - ok
22:47:36.0308 8520  FsDepends - ok
22:47:36.0325 8520  Fs_Rec - ok
22:47:36.0340 8520  fvevol - ok
22:47:36.0374 8520  gencounter - ok
22:47:36.0391 8520  genericusbfn - ok
22:47:36.0396 8520  GPIOClx0101 - ok
22:47:36.0409 8520  gpsvc - ok
22:47:36.0440 8520  GpuEnergyDrv - ok
22:47:36.0473 8520  [ 141904F0581468B39B579EA33CA57549 ] GraphicsPerfSvc C:\WINDOWS\System32\GraphicsPerfSvc.dll
22:47:36.0474 8520  GraphicsPerfSvc - ok
22:47:36.0513 8520  [ 0545A3EB959CFA4790D267BFB8C1ACA4 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:47:36.0513 8520  gupdate - ok
22:47:36.0526 8520  [ 0545A3EB959CFA4790D267BFB8C1ACA4 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:47:36.0527 8520  gupdatem - ok
22:47:36.0531 8520  HDAudBus - ok
22:47:36.0542 8520  HidBatt - ok
22:47:36.0589 8520  [ 205043CDC16ADE85E252DD54AE925161 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
22:47:36.0589 8520  HidBth - ok
22:47:36.0593 8520  hidi2c - ok
22:47:36.0598 8520  hidinterrupt - ok
22:47:36.0625 8520  [ 366AC0E05EBF5D5C375F65CD8BC7F0DF ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
22:47:36.0625 8520  HidIr - ok
22:47:36.0641 8520  hidserv - ok
22:47:36.0658 8520  [ 38DA94B6DD8022DA43810E4328608E54 ] HIDSwitch       C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys
22:47:36.0658 8520  HIDSwitch - ok
22:47:36.0692 8520  HidUsb - ok
22:47:36.0710 8520  HomeGroupListener - ok
22:47:36.0750 8520  [ 24C900B7296AA9867FB761A5801AFBD1 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
22:47:36.0751 8520  HomeGroupProvider - ok
22:47:36.0778 8520  HpSAMD - ok
22:47:36.0791 8520  HTTP - ok
22:47:36.0824 8520  HvHost - ok
22:47:36.0907 8520  [ 9F2CFC90306532866C62BDCDFD2532AA ] hvservice       C:\WINDOWS\system32\drivers\hvservice.sys
22:47:36.0907 8520  hvservice - ok
22:47:36.0940 8520  [ 3737FE486929AFC48F1D10677B698E52 ] HwNClx0101      C:\WINDOWS\system32\Drivers\mshwnclx.sys
22:47:36.0940 8520  HwNClx0101 - ok
22:47:36.0956 8520  hwpolicy - ok
22:47:36.0976 8520  hyperkbd - ok
22:47:37.0007 8520  HyperVideo - ok
22:47:37.0017 8520  i8042prt - ok
22:47:37.0018 8520  iagpio - ok
22:47:37.0023 8520  iai2c - ok
22:47:37.0030 8520  iaLPSS2i_GPIO2 - ok
22:47:37.0041 8520  iaLPSS2i_GPIO2_BXT_P - ok
22:47:37.0061 8520  iaLPSS2i_I2C - ok
22:47:37.0065 8520  iaLPSS2i_I2C_BXT_P - ok
22:47:37.0069 8520  iaLPSSi_GPIO - ok
22:47:37.0073 8520  iaLPSSi_I2C - ok
22:47:37.0114 8520  [ 62EECD3225EF2B5649780746928F5CF7 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
22:47:37.0114 8520  iaStorA - ok
22:47:37.0131 8520  iaStorAV - ok
22:47:37.0131 8520  iaStorV - ok
22:47:37.0138 8520  ibbus - ok
22:47:37.0157 8520  icssvc - ok
22:47:37.0410 8520  [ 0BE62DDF66932D1BC1FCB5DF74173680 ] igfx            C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igdkmd64.sys
22:47:37.0459 8520  igfx - ok
22:47:37.0497 8520  [ 2972D9B9B157025F988203DF6545401A ] igfxCUIService2.0.0.0 C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
22:47:37.0497 8520  igfxCUIService2.0.0.0 - ok
22:47:37.0507 8520  IKEEXT - ok
22:47:37.0540 8520  [ 42CAF6216A6E516DC56BA319ACC7EEC5 ] IndirectKmd     C:\WINDOWS\System32\drivers\IndirectKmd.sys
22:47:37.0540 8520  IndirectKmd - ok
22:47:37.0574 8520  InstallService - ok
22:47:37.0664 8520  [ D7B55FE6AF52974A28BD83F675103F00 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
22:47:37.0689 8520  IntcAzAudAddService - ok
22:47:37.0724 8520  [ A6087A824507CAB1ED568895F8081950 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
22:47:37.0724 8520  IntcDAud - ok
22:47:37.0815 8520  [ AE32376564771525DCDD2F0280619E1A ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
22:47:37.0815 8520  Intel® Capability Licensing Service TCP IP Interface - ok
22:47:37.0896 8520  [ 56BA2118E48D0BBB980ADAA830220C1D ] Intel® Security Assist C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
22:47:37.0896 8520  Intel® Security Assist - ok
22:47:37.0923 8520  intelide - ok
22:47:37.0942 8520  [ 327D9CCF5492543AEF3979F9EEAD02BE ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
22:47:37.0955 8520  intelpep - ok
22:47:37.0957 8520  intelppm - ok
22:47:37.0990 8520  invdimm - ok
22:47:38.0023 8520  [ E207078E0E1BB3524277DB9077E4148E ] iorate          C:\WINDOWS\system32\drivers\iorate.sys
22:47:38.0023 8520  iorate - ok
22:47:38.0057 8520  [ FD8F64B7B345E539F2EA7F72846F83B4 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:47:38.0057 8520  IpFilterDriver - ok
22:47:38.0089 8520  iphlpsvc - ok
22:47:38.0106 8520  IPMIDRV - ok
22:47:38.0139 8520  [ 7BEC2AF23F586EFF0DB4DBF4331B0C70 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
22:47:38.0139 8520  IPNAT - ok
22:47:38.0173 8520  [ 35A54F19E703D4FE5919F812F6CC5D0A ] IPT             C:\WINDOWS\System32\drivers\ipt.sys
22:47:38.0173 8520  IPT - ok
22:47:38.0211 8520  [ F6C47021C41F721B628161B64D7DECB9 ] IpxlatCfgSvc    C:\WINDOWS\System32\IpxlatCfg.dll
22:47:38.0211 8520  IpxlatCfgSvc - ok
22:47:38.0228 8520  irda - ok
22:47:38.0256 8520  [ F88664A2A82DDA456180FFF95A771765 ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
22:47:38.0257 8520  IRENUM - ok
22:47:38.0276 8520  [ 4F500A0171606B0E37964694140FCA16 ] irmon           C:\WINDOWS\System32\irmon.dll
22:47:38.0276 8520  irmon - ok
22:47:38.0307 8520  [ 8CA2C261AB69D0195BED81E58EDF167D ] isaHelperSvc    C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
22:47:38.0307 8520  isaHelperSvc - ok
22:47:38.0323 8520  isapnp - ok
22:47:38.0339 8520  iScsiPrt - ok
22:47:38.0389 8520  [ 2D9A7975B03A863F17B00FB688502F07 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
22:47:38.0389 8520  jhi_service - ok
22:47:38.0406 8520  kbdclass - ok
22:47:38.0424 8520  kbdhid - ok
22:47:38.0432 8520  kdnic - ok
22:47:38.0507 8520  KeyIso - ok
22:47:38.0540 8520  [ 16EED67699FC20629FFFF750B2EB2A48 ] Kingsoft_WPS_UpdateService C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdatesvr.exe
22:47:38.0540 8520  Kingsoft_WPS_UpdateService - ok
22:47:38.0572 8520  KSecDD - ok
22:47:38.0579 8520  KSecPkg - ok
22:47:38.0589 8520  ksthunk - ok
22:47:38.0643 8520  [ 6EAF246BC12DB548AC65A4CEFB14B547 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
22:47:38.0643 8520  KtmRm - ok
22:47:38.0655 8520  LanmanServer - ok
22:47:38.0655 8520  LanmanWorkstation - ok
22:47:38.0690 8520  [ D81931EF9914A135F9ECF409DC826266 ] lfsvc           C:\WINDOWS\System32\lfsvc.dll
22:47:38.0690 8520  lfsvc - ok
22:47:38.0706 8520  LicenseManager - ok
22:47:38.0722 8520  lltdio - ok
22:47:38.0759 8520  [ 48199253D7F6119F88294F8845F0808D ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
22:47:38.0759 8520  lltdsvc - ok
22:47:38.0804 8520  lmhosts - ok
22:47:38.0849 8520  [ CCF5B57A38AC46A93F9A013AEDED2876 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:47:38.0849 8520  LMS - ok
22:47:38.0860 8520  LSI_SAS - ok
22:47:38.0875 8520  LSI_SAS2i - ok
22:47:38.0880 8520  LSI_SAS3i - ok
22:47:38.0881 8520  LSI_SSS - ok
22:47:38.0891 8520  LSM - ok
22:47:38.0906 8520  luafv - ok
22:47:38.0939 8520  [ 3520DE00ABC5EFF0DBAFD41129AD970F ] MapsBroker      C:\WINDOWS\System32\moshost.dll
22:47:38.0939 8520  MapsBroker - ok
22:47:38.0945 8520  mausbhost - ok
22:47:38.0948 8520  mausbip - ok
22:47:39.0013 8520  [ 30531264292DBC7507AA1FF4123F1F39 ] MBAMFarflt      C:\WINDOWS\system32\DRIVERS\farflt.sys
22:47:39.0014 8520  MBAMFarflt - ok
22:47:39.0040 8520  [ 0987B4BB03FA1F3C0C7D37347B707D4E ] MBAMProtection  C:\WINDOWS\system32\DRIVERS\mbam.sys
22:47:39.0040 8520  MBAMProtection - ok
22:47:39.0171 8520  [ F7265B7490428499F2FE409FA9247866 ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
22:47:39.0205 8520  MBAMService - ok
22:47:39.0239 8520  [ 351BF8F77B0A15A7B5A2AE098C52A387 ] MBAMSwissArmy   C:\WINDOWS\System32\Drivers\mbamswissarmy.sys
22:47:39.0241 8520  MBAMSwissArmy - ok
22:47:39.0258 8520  [ A2814DB0A52A490AE674AD06ECBDC4CF ] MBAMWebProtection C:\WINDOWS\system32\DRIVERS\mwac.sys
22:47:39.0258 8520  MBAMWebProtection - ok
22:47:39.0337 8520  [ 0327185087FDBD17FC1263DD9D20D450 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.11.766\McCHSvc.exe
22:47:39.0337 8520  McComponentHostService - ok
22:47:39.0355 8520  megasas - ok
22:47:39.0361 8520  megasas2i - ok
22:47:39.0361 8520  megasr - ok
22:47:39.0389 8520  [ 8EC6459491D8508BBA5E3CEC5C930914 ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
22:47:39.0389 8520  MEIx64 - ok
22:47:39.0463 8520  [ 573F228F046D12EBF33EF85C87DDE074 ] memudrv         D:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys
22:47:39.0465 8520  memudrv - ok
22:47:39.0489 8520  [ 5065E32F1DB2468678C81BC667628E6C ] MEmusvc         D:\Program Files\Microvirt\MEmu\MemuService.exe
22:47:39.0489 8520  MEmusvc - ok
22:47:39.0521 8520  [ 4965456A1B4B3039E4B9AB233F5E9B1E ] MessagingService C:\WINDOWS\System32\MessagingService.dll
22:47:39.0521 8520  MessagingService - ok
22:47:39.0538 8520  mlx4_bus - ok
22:47:39.0549 8520  MMCSS - ok
22:47:39.0573 8520  [ A4467A5C080318F0CCCF5ED463821F8B ] Modem           C:\WINDOWS\system32\drivers\modem.sys
22:47:39.0573 8520  Modem - ok
22:47:39.0654 8520  [ 78BE85C1F1C7F3AF6C87BCE127007D5A ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
22:47:39.0654 8520  monitor - ok
22:47:39.0672 8520  mouclass - ok
22:47:39.0688 8520  mouhid - ok
22:47:39.0706 8520  mountmgr - ok
22:47:39.0718 8520  mpsdrv - ok
22:47:39.0722 8520  MpsSvc - ok
22:47:39.0755 8520  [ 215D672CB71987CD98EB2298EFB84DDC ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
22:47:39.0755 8520  MRxDAV - ok
22:47:39.0755 8520  mrxsmb - ok
22:47:39.0770 8520  mrxsmb20 - ok
22:47:39.0806 8520  [ 167408B38458ECAE545C57527BC99024 ] MsBridge        C:\WINDOWS\system32\drivers\bridge.sys
22:47:39.0806 8520  MsBridge - ok
22:47:39.0822 8520  [ D5778559A0F34EE0BF0457293C6B5F4F ] MSDTC           C:\WINDOWS\System32\msdtc.exe
22:47:39.0838 8520  MSDTC - ok
22:47:39.0857 8520  Msfs - ok
22:47:39.0888 8520  [ 6DDDFCAB646BBBCFC583135C4430E10F ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
22:47:39.0888 8520  msgpiowin32 - ok
22:47:39.0906 8520  mshidkmdf - ok
22:47:39.0953 8520  [ F65ABC7DE945047147F17330F79732CB ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
22:47:39.0953 8520  mshidumdf - ok
22:47:39.0971 8520  msisadrv - ok
22:47:40.0001 8520  MSiSCSI - ok
22:47:40.0004 8520  msiserver - ok
22:47:40.0022 8520  MSKSSRV - ok
22:47:40.0057 8520  [ C3F5EA6B9041A30B4F11BE2E7863E487 ] MsLldp          C:\WINDOWS\system32\drivers\mslldp.sys
22:47:40.0057 8520  MsLldp - ok
22:47:40.0064 8520  MSPCLOCK - ok
22:47:40.0073 8520  MSPQM - ok
22:47:40.0095 8520  MsRPC - ok
22:47:40.0099 8520  mssmbios - ok
22:47:40.0103 8520  MSTEE - ok
22:47:40.0107 8520  MTConfig - ok
22:47:40.0138 8520  Mup - ok
22:47:40.0141 8520  mvumis - ok
22:47:40.0156 8520  NativeWifiP - ok
22:47:40.0187 8520  NaturalAuthentication - ok
22:47:40.0229 8520  [ FBA9F5B9F59A665F248F70B905EDCE14 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
22:47:40.0234 8520  NcaSvc - ok
22:47:40.0253 8520  NcbService - ok
22:47:40.0273 8520  [ 3C7E074AE41D8DFB41A9E65904D8BF43 ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
22:47:40.0289 8520  NcdAutoSetup - ok
22:47:40.0291 8520  ndfltr - ok
22:47:40.0305 8520  NDIS - ok
22:47:40.0338 8520  [ 067AE5BA349CC35AF8975D22DC483DDF ] NdisCap         C:\WINDOWS\system32\drivers\ndiscap.sys
22:47:40.0338 8520  NdisCap - ok
22:47:40.0369 8520  [ 6FC4D7EB5D38CFB7966405036116F065 ] NdisImPlatform  C:\WINDOWS\system32\drivers\NdisImPlatform.sys
22:47:40.0370 8520  NdisImPlatform - ok
22:47:40.0405 8520  NdisTapi - ok
22:47:40.0420 8520  Ndisuio - ok
22:47:40.0432 8520  NdisVirtualBus - ok
22:47:40.0436 8520  NdisWan - ok
22:47:40.0439 8520  ndiswanlegacy - ok
22:47:40.0471 8520  ndproxy - ok
22:47:40.0504 8520  [ A791792DC412CCD83DA0AF6871682552 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
22:47:40.0504 8520  Ndu - ok
22:47:40.0504 8520  NetAdapterCx - ok
22:47:40.0521 8520  NetBIOS - ok
22:47:40.0537 8520  NetBT - ok
22:47:40.0537 8520  Netlogon - ok
22:47:40.0553 8520  Netman - ok
22:47:40.0607 8520  [ 79ED54CA41486399361778D533E55A99 ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
22:47:40.0607 8520  netprofm - ok
22:47:40.0625 8520  NetSetupSvc - ok
22:47:40.0728 8520  [ 97FF2186BBAA215727300404862D297B ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:47:40.0728 8520  NetTcpPortSharing - ok
22:47:40.0737 8520  netvsc - ok
22:47:40.0786 8520  [ E27ACE78CA1BDF4FBBF3323D6E9AFCDB ] NgcCtnrSvc      C:\WINDOWS\System32\NgcCtnrSvc.dll
22:47:40.0786 8520  NgcCtnrSvc - ok
22:47:40.0843 8520  [ A557C92583E81CA97D2C0F2467E7C2F9 ] NgcSvc          C:\WINDOWS\system32\ngcsvc.dll
22:47:40.0855 8520  NgcSvc - ok
22:47:40.0875 8520  NlaSvc - ok
22:47:40.0887 8520  Npfs - ok
22:47:40.0919 8520  [ 5CB8082E51DE7D19042F0FF8C517CB0D ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
22:47:40.0920 8520  npsvctrig - ok
22:47:40.0937 8520  nsi - ok
22:47:40.0946 8520  nsiproxy - ok
22:47:40.0969 8520  NTFS - ok
22:47:40.0973 8520  Null - ok
22:47:41.0031 8520  [ 070ECC7E30A6A02AD136EB26EA47C819 ] NvContainerLocalSystem C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
22:47:41.0031 8520  NvContainerLocalSystem - ok
22:47:41.0043 8520  [ 070ECC7E30A6A02AD136EB26EA47C819 ] NvContainerNetworkService C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
22:47:41.0043 8520  NvContainerNetworkService - ok
22:47:41.0058 8520  nvdimmn - ok
22:47:41.0353 8520  [ 60328FA27CB565D708CACAC8206037FB ] nvlddmkm        C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys
22:47:41.0404 8520  nvlddmkm - ok
22:47:41.0436 8520  nvraid - ok
22:47:41.0438 8520  nvstor - ok
22:47:41.0470 8520  [ 2233104E40673D290B35008F5BA515CF ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
22:47:41.0470 8520  NvStreamKms - ok
22:47:41.0511 8520  [ 85397430F424516BF8300FAAEF929366 ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
22:47:41.0511 8520  nvsvc - ok
22:47:41.0610 8520  [ 8EB60AC505E8D99AAB1B9DA1A5989CD9 ] NvTelemetryContainer C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
22:47:41.0611 8520  NvTelemetryContainer - ok
22:47:41.0620 8520  [ 644387C02C56E73DC1BC3843EFA2AC8A ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
22:47:41.0620 8520  nvvad_WaveExtensible - ok
22:47:41.0668 8520  [ B4BECC1004F648202E5903F5E8B6BA51 ] nvvhci          C:\WINDOWS\System32\drivers\nvvhci.sys
22:47:41.0673 8520  nvvhci - ok
22:47:41.0704 8520  OneSyncSvc - ok
22:47:41.0765 8520  [ 91ED1D1CB78794D10A1D506BC727868D ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:47:41.0768 8520  ose64 - ok
22:47:41.0786 8520  [ E0406C2951A24073AB920705A9CC9D59 ] osrss           C:\WINDOWS\system32\osrss.dll
22:47:41.0802 8520  osrss - ok
22:47:41.0820 8520  p2pimsvc - ok
22:47:41.0835 8520  p2psvc - ok
22:47:41.0854 8520  Parport - ok
22:47:41.0870 8520  partmgr - ok
22:47:41.0903 8520  PcaSvc - ok
22:47:41.0907 8520  pci - ok
22:47:41.0935 8520  pciide - ok
22:47:41.0938 8520  pcmcia - ok
22:47:41.0954 8520  pcw - ok
22:47:41.0964 8520  pdc - ok
22:47:41.0973 8520  PEAUTH - ok
22:47:41.0987 8520  percsas2i - ok
22:47:41.0997 8520  percsas3i - ok
22:47:42.0054 8520  PerfHost - ok
22:47:42.0104 8520  PhoneSvc - ok
22:47:42.0136 8520  PimIndexMaintenanceSvc - ok
22:47:42.0210 8520  [ 73B5A132EBF3A8075A7C68DFBB4DE719 ] pla             C:\WINDOWS\system32\pla.dll
22:47:42.0210 8520  pla - ok
22:47:42.0236 8520  PlugPlay - ok
22:47:42.0248 8520  pmem - ok
22:47:42.0281 8520  [ 59048555B59FD69287CFAB6022B5CC86 ] PNPMEM          C:\WINDOWS\System32\drivers\pnpmem.sys
22:47:42.0282 8520  PNPMEM - ok
22:47:42.0306 8520  [ 7815D5EEE3624640150B1365EB2E98C5 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
22:47:42.0322 8520  PNRPAutoReg - ok
22:47:42.0324 8520  PNRPsvc - ok
22:47:42.0345 8520  PolicyAgent - ok
22:47:42.0354 8520  Power - ok
22:47:42.0373 8520  PptpMiniport - ok
22:47:42.0468 8520  [ FAA5FBD37C00DE72573F9BF6B6E64BAD ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
22:47:42.0484 8520  PrintNotify - ok
22:47:42.0520 8520  [ 8803D4F36F1CB2E2203F5EB59571E89C ] PrintWorkflowUserSvc C:\WINDOWS\System32\PrintWorkflowService.dll
22:47:42.0520 8520  PrintWorkflowUserSvc - ok
22:47:42.0539 8520  Processor - ok
22:47:42.0553 8520  ProfSvc - ok
22:47:42.0572 8520  [ 5818FE76C3C6AE0CA723EBE483BF447F ] Psched          C:\WINDOWS\system32\drivers\pacer.sys
22:47:42.0584 8520  Psched - ok
22:47:42.0617 8520  [ D8EB393983B644879DE0546122CC16DF ] ptun0901        C:\WINDOWS\System32\drivers\ptun0901.sys
22:47:42.0618 8520  ptun0901 - ok
22:47:42.0638 8520  PushToInstall - ok
22:47:42.0685 8520  [ 034BA34ADFA10F9D7E4989273DDABA33 ] QWAVE           C:\WINDOWS\system32\qwave.dll
22:47:42.0685 8520  QWAVE - ok
22:47:42.0718 8520  [ 16F9A6B593B52EB18F7ECB9D251BDF7A ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
22:47:42.0718 8520  QWAVEdrv - ok
22:47:42.0735 8520  Ramdisk - ok
22:47:42.0752 8520  RasAcd - ok
22:47:42.0785 8520  RasAgileVpn - ok
22:47:42.0802 8520  RasAuto - ok
22:47:42.0818 8520  Rasl2tp - ok
22:47:42.0821 8520  RasMan - ok
22:47:42.0827 8520  RasPppoe - ok
22:47:42.0828 8520  RasSstp - ok
22:47:42.0850 8520  rdbss - ok
22:47:42.0855 8520  rdpbus - ok
22:47:42.0865 8520  RDPDR - ok
22:47:42.0918 8520  [ 4D1A63ACEC42A88E52AFC4E84A8CE9EE ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
22:47:42.0918 8520  RdpVideoMiniport - ok
22:47:42.0939 8520  rdyboost - ok
22:47:42.0969 8520  ReFS - ok
22:47:42.0973 8520  ReFSv1 - ok
22:47:43.0017 8520  [ 16884710EB4898CB49B18609EEE34C6C ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
22:47:43.0017 8520  RemoteAccess - ok
22:47:43.0052 8520  [ 9D82CD53B622A85A10B4DA8F4724A8E4 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
22:47:43.0052 8520  RemoteRegistry - ok
22:47:43.0086 8520  RetailDemo - ok
22:47:43.0135 8520  [ 5BF7698021DB13B55753FD921BEBE318 ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
22:47:43.0145 8520  RFCOMM - ok
22:47:43.0168 8520  [ BBC228CA2F96B784B01FE7F1C5E3CFBB ] rhproxy         C:\WINDOWS\System32\drivers\rhproxy.sys
22:47:43.0168 8520  rhproxy - ok
22:47:43.0202 8520  [ 665A51DE515A2E8B0BDB3D6917D47DD9 ] RmSvc           C:\WINDOWS\System32\RMapi.dll
22:47:43.0218 8520  RmSvc - ok
22:47:43.0224 8520  RpcEptMapper - ok
22:47:43.0269 8520  [ EB65907BD63871669C54D5E5BAE4DD34 ] RpcLocator      C:\WINDOWS\system32\locator.exe
22:47:43.0269 8520  RpcLocator - ok
22:47:43.0283 8520  RpcSs - ok
22:47:43.0351 8520  [ 27B80E5766B114621980F82FB78E912A ] rspndr          C:\WINDOWS\system32\drivers\rspndr.sys
22:47:43.0351 8520  rspndr - ok
22:47:43.0402 8520  [ 5FC48CA9FFB9FB56ABA925A85BAB0272 ] rt640x64        C:\WINDOWS\System32\drivers\rt640x64.sys
22:47:43.0402 8520  rt640x64 - ok
22:47:43.0439 8520  [ C42D09BCC1880A0AF8DE008EB7A806E1 ] RtkBtFilter     C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys
22:47:43.0439 8520  RtkBtFilter - ok
22:47:43.0479 8520  [ 2D3E7ED7119B65BCEE123281321125BF ] RtkBtManServ    C:\WINDOWS\RtkBtManServ.exe
22:47:43.0479 8520  RtkBtManServ - ok
22:47:43.0529 8520  [ 14190644E437A95B244BFC9B37ACDB61 ] RTL8192su       C:\WINDOWS\System32\drivers\RTL8192su.sys
22:47:43.0529 8520  RTL8192su - ok
22:47:43.0570 8520  [ B483E22E200D5428E675B07266A72F84 ] RTSUER          C:\WINDOWS\system32\Drivers\RtsUer.sys
22:47:43.0570 8520  RTSUER - ok
22:47:43.0690 8520  [ FD0DA24DCA6D12F5A3F0B34F137086C6 ] RTWlanE         C:\WINDOWS\System32\drivers\rtwlane.sys
22:47:43.0725 8520  RTWlanE - ok
22:47:43.0735 8520  s3cap - ok
22:47:43.0816 8520  SamSs - ok
22:47:43.0835 8520  sbp2port - ok
22:47:43.0852 8520  SCardSvr - ok
22:47:43.0884 8520  ScDeviceEnum - ok
22:47:43.0918 8520  [ 62A33CE69DB508BCEC63F4D3BFF400CE ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
22:47:43.0918 8520  scfilter - ok
22:47:43.0951 8520  Schedule - ok
22:47:43.0968 8520  scmbus - ok
22:47:44.0003 8520  SCPolicySvc - ok
22:47:44.0018 8520  sdbus - ok
22:47:44.0035 8520  [ 6D3853838864886B4F10B074282772E0 ] SDFRd           C:\WINDOWS\System32\drivers\SDFRd.sys
22:47:44.0050 8520  SDFRd - ok
22:47:44.0102 8520  [ 368180051766E4289E3D47AF21F2668C ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
22:47:44.0117 8520  SDRSVC - ok
22:47:44.0134 8520  sdstor - ok
22:47:44.0168 8520  [ 0356C85312D78F4C7F33C74B6000BB93 ] seclogon        C:\WINDOWS\system32\seclogon.dll
22:47:44.0168 8520  seclogon - ok
22:47:44.0243 8520  [ EA160DB2589350DFF52C7ACCD7763187 ] SecureLine      C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
22:47:44.0243 8520  SecureLine - ok
22:47:44.0269 8520  SecurityHealthService - ok
22:47:44.0340 8520  [ 859BA8C74932ADA8CF04FBF169BB1470 ] sedsvc          C:\Program Files\rempl\sedsvc.exe
22:47:44.0340 8520  sedsvc - ok
22:47:44.0363 8520  SEMgrSvc - ok
22:47:44.0396 8520  [ 62EDAD383010E037C4D3846C7C021A00 ] SENS            C:\WINDOWS\System32\sens.dll
22:47:44.0400 8520  SENS - ok
22:47:44.0454 8520  [ DDBBE9A08C79D3BB50D6053507F7777D ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
22:47:44.0468 8520  SensorDataService - ok
22:47:44.0500 8520  SensorService - ok
22:47:44.0533 8520  SensrSvc - ok
22:47:44.0538 8520  SerCx - ok
22:47:44.0551 8520  SerCx2 - ok
22:47:44.0555 8520  Serenum - ok
22:47:44.0557 8520  Serial - ok
22:47:44.0561 8520  sermouse - ok
22:47:44.0586 8520  SessionEnv - ok
22:47:44.0589 8520  sfloppy - ok
22:47:44.0617 8520  SharedAccess - ok
22:47:44.0660 8520  [ 63377493508564288721EF5421A216F5 ] SharedRealitySvc C:\WINDOWS\System32\SharedRealitySvc.dll
22:47:44.0669 8520  SharedRealitySvc - ok
22:47:44.0700 8520  [ 887458A234108B5B69038299BE7FAD88 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:47:44.0700 8520  ShellHWDetection - ok
22:47:44.0752 8520  [ 5ED18BE9FE76540A0596BB41C91719C6 ] shpamsvc        C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
22:47:44.0752 8520  shpamsvc - ok
22:47:44.0770 8520  SiSRaid2 - ok
22:47:44.0773 8520  SiSRaid4 - ok
22:47:44.0800 8520  smphost - ok
22:47:44.0836 8520  SmsRouter - ok
22:47:44.0867 8520  [ FDADDEC855034107E5FAD708B4E2424D ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
22:47:44.0867 8520  SNMPTRAP - ok
22:47:44.0900 8520  spaceport - ok
22:47:44.0933 8520  [ CCECE7E96B4F7B0E9F0FC82F6DADA917 ] SpatialGraphFilter C:\WINDOWS\system32\drivers\SpatialGraphFilter.sys
22:47:44.0933 8520  SpatialGraphFilter - ok
22:47:44.0937 8520  SpbCx - ok
22:47:44.0984 8520  spectrum - ok
22:47:45.0002 8520  Spooler - ok
22:47:45.0017 8520  sppsvc - ok
22:47:45.0084 8520  [ C386F811A5E2F87DCF3EA4A527A20AA6 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:47:45.0085 8520  SQLWriter - ok
22:47:45.0105 8520  srv2 - ok
22:47:45.0117 8520  srvnet - ok
22:47:45.0151 8520  SSDPSRV - ok
22:47:45.0167 8520  SstpSvc - ok
22:47:45.0200 8520  [ 592FF34A2FD6C6351B8A3AA76B2C0A9E ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
22:47:45.0216 8520  ssudmdm - ok
22:47:45.0233 8520  StateRepository - ok
22:47:45.0266 8520  stexstor - ok
22:47:45.0303 8520  [ 0690CE515A295BD101415C7E411C43F3 ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
22:47:45.0304 8520  StillCam - ok
22:47:45.0346 8520  [ 3B3F5D6BB8A6A6F3630194A471989069 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
22:47:45.0346 8520  stisvc - ok
22:47:45.0383 8520  storahci - ok
22:47:45.0401 8520  storflt - ok
22:47:45.0406 8520  stornvme - ok
22:47:45.0417 8520  storqosflt - ok
22:47:45.0435 8520  StorSvc - ok
22:47:45.0444 8520  storufs - ok
22:47:45.0447 8520  storvsc - ok
22:47:45.0466 8520  svsvc - ok
22:47:45.0469 8520  swenum - ok
22:47:45.0485 8520  swprv - ok
22:47:45.0516 8520  Synth3dVsc - ok
22:47:45.0534 8520  SysMain - ok
22:47:45.0550 8520  SystemEventsBroker - ok
22:47:45.0571 8520  [ 73F6476EE9F5448838B2883E0B710CD7 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
22:47:45.0583 8520  TabletInputService - ok
22:47:45.0624 8520  [ AC1AA61B04116E540C5AFD18F11F2697 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
22:47:45.0624 8520  TapiSrv - ok
22:47:45.0634 8520  Tcpip - ok
22:47:45.0637 8520  Tcpip6 - ok
22:47:45.0650 8520  [ 74A1BF4093FA7B7D6C9366A39911A78E ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
22:47:45.0650 8520  tcpipreg - ok
22:47:45.0667 8520  tdx - ok
22:47:45.0813 8520  [ D013AC1FB414C99FEEFB4C2AC1B82DEF ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
22:47:45.0833 8520  TeamViewer - ok
22:47:45.0867 8520  [ B4B68E1DB59456419D9E49645729502A ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
22:47:45.0867 8520  terminpt - ok
22:47:45.0914 8520  [ 96037700AEE1B4D5A6FFC62861E4FF8C ] TermService     C:\WINDOWS\System32\termsrv.dll
22:47:45.0914 8520  TermService - ok
22:47:45.0945 8520  [ E0F78207F33D6C10CBFB23E873837C87 ] Themes          C:\WINDOWS\system32\themeservice.dll
22:47:45.0949 8520  Themes - ok
22:47:45.0987 8520  [ B52BA61AB8E4BAA83EA86BAB312EE6ED ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
22:47:45.0987 8520  TieringEngineService - ok
22:47:46.0032 8520  [ BC834B233125DBB321B809972F2E270E ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
22:47:46.0032 8520  tiledatamodelsvc - ok
22:47:46.0049 8520  TimeBrokerSvc - ok
22:47:46.0084 8520  TokenBroker - ok
22:47:46.0099 8520  TPM - ok
22:47:46.0141 8520  [ 1F9EE31770782886A3A3CF7C174765AF ] Tran_Process_Proc C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe
22:47:46.0141 8520  Tran_Process_Proc - ok
22:47:46.0182 8520  [ 39187852984778424A0EFD6B01FAB272 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
22:47:46.0198 8520  TrkWks - ok
22:47:46.0250 8520  TrustedInstaller - ok
22:47:46.0290 8520  [ 8D811209E34358EAD3FD8E40F657E59C ] tsusbflt        C:\WINDOWS\system32\drivers\TsUsbFlt.sys
22:47:46.0292 8520  tsusbflt - ok
22:47:46.0322 8520  [ 68DE1735FB020AE8948BD7B60F2EBD3B ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
22:47:46.0322 8520  TsUsbGD - ok
22:47:46.0382 8520  [ 5EAE7CDD32076AB06563FB1B5680B8E4 ] TTDrv           D:\KOPLAYER\vbox\TTDrv.sys
22:47:46.0382 8520  TTDrv - ok
22:47:46.0416 8520  [ ACD39B0E5CFDA7B1AB7DF33FC5CC0E46 ] tunnel          C:\WINDOWS\System32\drivers\tunnel.sys
22:47:46.0431 8520  tunnel - ok
22:47:46.0466 8520  [ D5E68FCEDE15214BDB5D986D5B50E0BF ] tzautoupdate    C:\WINDOWS\system32\tzautoupdate.dll
22:47:46.0466 8520  tzautoupdate - ok
22:47:46.0481 8520  UASPStor - ok
22:47:46.0493 8520  UcmCx0101 - ok
22:47:46.0515 8520  [ 950A3E42167904CAB9AA64863C31CEB5 ] UcmTcpciCx0101  C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
22:47:46.0515 8520  UcmTcpciCx0101 - ok
22:47:46.0531 8520  UcmUcsi - ok
22:47:46.0549 8520  Ucx01000 - ok
22:47:46.0553 8520  UdeCx - ok
22:47:46.0555 8520  udfs - ok
22:47:46.0560 8520  UEFI - ok
22:47:46.0598 8520  [ 58447F28E697A93521DD20530A8D50ED ] Ufx01000        C:\WINDOWS\system32\drivers\ufx01000.sys
22:47:46.0598 8520  Ufx01000 - ok
22:47:46.0615 8520  UfxChipidea - ok
22:47:46.0618 8520  ufxsynopsys - ok
22:47:46.0651 8520  [ B26729B378282F72241859C13326E3E8 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
22:47:46.0651 8520  UI0Detect - ok
22:47:46.0681 8520  umbus - ok
22:47:46.0699 8520  UmPass - ok
22:47:46.0742 8520  [ E6B6BDA0412D3C56275E662A5A1937FD ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
22:47:46.0748 8520  UmRdpService - ok
22:47:46.0782 8520  UnistoreSvc - ok
22:47:46.0828 8520  [ D2931E3F67A990328DE5CE7E43F4467C ] upnphost        C:\WINDOWS\System32\upnphost.dll
22:47:46.0833 8520  upnphost - ok
22:47:46.0867 8520  [ ACE4C3B4C7D17B154FFC5BBE5F7A9835 ] UrsChipidea     C:\WINDOWS\System32\drivers\urschipidea.sys
22:47:46.0867 8520  UrsChipidea - ok
22:47:46.0883 8520  UrsCx01000 - ok
22:47:46.0923 8520  [ EB738F830D3E7EA62A218F101EF91FD4 ] UrsSynopsys     C:\WINDOWS\System32\drivers\urssynopsys.sys
22:47:46.0923 8520  UrsSynopsys - ok
22:47:46.0931 8520  usbaudio - ok
22:47:46.0931 8520  usbccgp - ok
22:47:46.0965 8520  [ 1080D80B5F6D249F23BAE1C0C36233A4 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
22:47:46.0965 8520  usbcir - ok
22:47:46.0981 8520  usbehci - ok
22:47:46.0983 8520  usbhub - ok
22:47:47.0002 8520  USBHUB3 - ok
22:47:47.0005 8520  usbohci - ok
22:47:47.0032 8520  [ EEF26F9034F0608B93D4D239534BB0BA ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
22:47:47.0032 8520  usbprint - ok
22:47:47.0065 8520  usbrndis6 - ok
22:47:47.0070 8520  usbser - ok
22:47:47.0082 8520  USBSTOR - ok
22:47:47.0084 8520  usbuhci - ok
22:47:47.0110 8520  [ 68788AE61B2E6A7D97CAD73B632F5BF5 ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
22:47:47.0111 8520  usbvideo - ok
22:47:47.0118 8520  USBXHCI - ok
22:47:47.0151 8520  UserDataSvc - ok
22:47:47.0155 8520  UserManager - ok
22:47:47.0200 8520  [ FCB8DD20046D231611EC4D3E466BAD45 ] uSHAREitSvc     C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe
22:47:47.0200 8520  uSHAREitSvc - ok
22:47:47.0216 8520  UsoSvc - ok
22:47:47.0229 8520  VaultSvc - ok
22:47:47.0233 8520  vdrvroot - ok
22:47:47.0249 8520  vds - ok
22:47:47.0252 8520  VerifierExt - ok
22:47:47.0267 8520  vhdmp - ok
22:47:47.0282 8520  vhf - ok
22:47:47.0285 8520  vmbus - ok
22:47:47.0298 8520  VMBusHID - ok
22:47:47.0303 8520  vmgid - ok
22:47:47.0309 8520  vmicguestinterface - ok
22:47:47.0312 8520  vmicheartbeat - ok
22:47:47.0316 8520  vmickvpexchange - ok
22:47:47.0337 8520  vmicrdv - ok
22:47:47.0337 8520  vmicshutdown - ok
22:47:47.0345 8520  vmictimesync - ok
22:47:47.0348 8520  vmicvmsession - ok
22:47:47.0348 8520  vmicvss - ok
22:47:47.0356 8520  vnvdimm - ok
22:47:47.0359 8520  volmgr - ok
22:47:47.0363 8520  volmgrx - ok
22:47:47.0375 8520  volsnap - ok
22:47:47.0378 8520  volume - ok
22:47:47.0382 8520  vpci - ok
22:47:47.0386 8520  vsmraid - ok
22:47:47.0389 8520  VSS - ok
22:47:47.0393 8520  VSTXRAID - ok
22:47:47.0415 8520  vwifibus - ok
22:47:47.0421 8520  vwififlt - ok
22:47:47.0438 8520  vwifimp - ok
22:47:47.0449 8520  W32Time - ok
22:47:47.0449 8520  WacomPen - ok
22:47:47.0497 8520  [ 451D40C28E7D1CF51A980B83FDEFF498 ] WalletService   C:\WINDOWS\system32\WalletService.dll
22:47:47.0498 8520  WalletService - ok
22:47:47.0520 8520  wanarp - ok
22:47:47.0523 8520  wanarpv6 - ok
22:47:47.0548 8520  [ E3B4C37F1F3D8078AA2AFBEE7F5468CF ] WarpJITSvc      C:\WINDOWS\System32\Windows.WARP.JITService.dll
22:47:47.0548 8520  WarpJITSvc - ok
22:47:47.0566 8520  wbengine - ok
22:47:47.0582 8520  WbioSrvc - ok
22:47:47.0599 8520  wcifs - ok
22:47:47.0613 8520  Wcmsvc - ok
22:47:47.0628 8520  wcncsvc - ok
22:47:47.0634 8520  wcnfs - ok
22:47:47.0683 8520  [ CD8A7398D8E0710CD3AA316A4427C56B ] WdBoot          C:\WINDOWS\system32\drivers\wd\WdBoot.sys
22:47:47.0683 8520  WdBoot - ok
22:47:47.0716 8520  [ A556768CC1FA4F36022BEE2F0EDE2566 ] WDC_SAM         C:\WINDOWS\System32\drivers\wdcsam64.sys
22:47:47.0716 8520  WDC_SAM - ok
22:47:47.0721 8520  Wdf01000 - ok
22:47:47.0742 8520  [ 58B452788C0051C6C6E62F188EFEE438 ] WdFilter        C:\WINDOWS\system32\drivers\wd\WdFilter.sys
22:47:47.0742 8520  WdFilter - ok
22:47:47.0780 8520  [ AB406F30BE98CDB7AA7171336EF031BA ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
22:47:47.0781 8520  WdiServiceHost - ok
22:47:47.0789 8520  [ AB406F30BE98CDB7AA7171336EF031BA ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
22:47:47.0790 8520  WdiSystemHost - ok
22:47:47.0820 8520  wdiwifi - ok
22:47:47.0848 8520  [ 65081A53DB730D2347AD66AF7187795A ] WdNisDrv        C:\WINDOWS\system32\drivers\wd\WdNisDrv.sys
22:47:47.0848 8520  WdNisDrv - ok
22:47:47.0983 8520  [ 71C846A2F98CFC9F2E426890523AC276 ] WdNisSvc        C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe
22:47:48.0016 8520  WdNisSvc - ok
22:47:48.0067 8520  [ DF58AA71FBA55E15F572C93447696DEC ] wdnsfltr        C:\WINDOWS\system32\drivers\wdnsfltr.sys
22:47:48.0067 8520  wdnsfltr - ok
22:47:48.0067 8520  WebClient - ok
22:47:48.0099 8520  [ 7997BC2386A9976C0645A28FA8A6E7EA ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
22:47:48.0114 8520  Wecsvc - ok
22:47:48.0147 8520  [ CEA146E0D096A491B265CD2340C2E31D ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
22:47:48.0147 8520  WEPHOSTSVC - ok
22:47:48.0181 8520  [ 40610BA98D5830FB14C3695B3BCA647A ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
22:47:48.0193 8520  wercplsupport - ok
22:47:48.0213 8520  WerSvc - ok
22:47:48.0254 8520  [ 86B816E9D24625287BDE9784953A5E86 ] WFDSConMgrSvc   C:\WINDOWS\System32\wfdsconmgrsvc.dll
22:47:48.0258 8520  WFDSConMgrSvc - ok
22:47:48.0266 8520  WFPLWFS - ok
22:47:48.0299 8520  [ F78A2731EC972312C4C998174A9BB325 ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
22:47:48.0299 8520  WiaRpc - ok
22:47:48.0349 8520  WIMMount - ok
22:47:48.0380 8520  [ DD752ECFDEC95581A00D62A8B00591EC ] WinDefend       C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe
22:47:48.0380 8520  WinDefend - ok
22:47:48.0416 8520  WindowsTrustedRT - ok
22:47:48.0447 8520  [ 813EE0F4D4B8D599DB1968682D080732 ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
22:47:48.0447 8520  WindowsTrustedRTProxy - ok
22:47:48.0480 8520  WinHttpAutoProxySvc - ok
22:47:48.0498 8520  [ BC67C1E4B36063968E54C3B2E4DB8978 ] WinisoCDBus     C:\WINDOWS\system32\drivers\WinisoCDBus.sys
22:47:48.0498 8520  WinisoCDBus - ok
22:47:48.0518 8520  WinMad - ok
22:47:48.0564 8520  Winmgmt - ok
22:47:48.0581 8520  WinNat - ok
22:47:48.0647 8520  [ C2A88E382CD48E4772A5570D66BF1A90 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
22:47:48.0676 8520  WinRM - ok
22:47:48.0713 8520  [ E92F3539C4758F6A9F4B80CBAC75B3E6 ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
22:47:48.0713 8520  WINUSB - ok
22:47:48.0713 8520  WinVerbs - ok
22:47:48.0731 8520  wisvc - ok
22:47:48.0766 8520  WlanSvc - ok
22:47:48.0780 8520  wlidsvc - ok
22:47:48.0822 8520  [ 56E1A46DD1C5D28B10F02E21D077EBF6 ] wlpasvc         C:\WINDOWS\System32\lpasvc.dll
22:47:48.0830 8520  wlpasvc - ok
22:47:48.0850 8520  WmiAcpi - ok
22:47:48.0880 8520  wmiApSrv - ok
22:47:48.0899 8520  WMPNetworkSvc - ok
22:47:48.0931 8520  [ 8D6E6F6C233AF450C50FA615530B44D2 ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
22:47:48.0931 8520  Wof - ok
22:47:48.0996 8520  [ 1431D184691F7FA9AAC2064EB0EC6C96 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
22:47:49.0013 8520  workfolderssvc - ok
22:47:49.0063 8520  [ AE9793230B219113DE1163138645E5AE ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
22:47:49.0066 8520  WPDBusEnum - ok
22:47:49.0095 8520  [ 9EAE1EF282864674355B4B81DF6AE935 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
22:47:49.0095 8520  WpdUpFltr - ok
22:47:49.0191 8520  [ C75B59E441206A572CC64BBB60EE54B3 ] WpnService      C:\WINDOWS\system32\WpnService.dll
22:47:49.0191 8520  WpnService - ok
22:47:49.0232 8520  [ 07F4AF1730D55567EACE7ADDEA28FE48 ] WpnUserService  C:\WINDOWS\System32\WpnUserService.dll
22:47:49.0247 8520  WpnUserService - ok
22:47:49.0253 8520  ws2ifsl - ok
22:47:49.0264 8520  wscsvc - ok
22:47:49.0298 8520  [ 7B44553610A89F2011CF69BEA9AFD4CB ] WSDPrintDevice  C:\WINDOWS\System32\drivers\WSDPrint.sys
22:47:49.0312 8520  WSDPrintDevice - ok
22:47:49.0344 8520  [ 8068DC839C3729FFC70821FBEF05D5ED ] WSDScan         C:\WINDOWS\system32\DRIVERS\WSDScan.sys
22:47:49.0346 8520  WSDScan - ok
22:47:49.0349 8520  WSearch - ok
22:47:49.0383 8520  wuauserv - ok
22:47:49.0429 8520  [ BD5E68B369DF3453A0A87663C6C5476D ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
22:47:49.0430 8520  WudfPf - ok
22:47:49.0463 8520  [ A86A249314FD0A780214028B0C31A386 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
22:47:49.0463 8520  WUDFRd - ok
22:47:49.0477 8520  [ A86A249314FD0A780214028B0C31A386 ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
22:47:49.0479 8520  WUDFWpdFs - ok
22:47:49.0484 8520  [ A86A249314FD0A780214028B0C31A386 ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
22:47:49.0485 8520  WUDFWpdMtp - ok
22:47:49.0497 8520  WwanSvc - ok
22:47:49.0512 8520  [ 42C738ED1552FE168F6EE1BAE8ACFCAC ] xbgm            C:\WINDOWS\system32\xbgmsvc.exe
22:47:49.0528 8520  xbgm - ok
22:47:49.0571 8520  [ A03C4D4D71304087820A0EF18FCF7582 ] XblAuthManager  C:\WINDOWS\System32\XblAuthManager.dll
22:47:49.0585 8520  XblAuthManager - ok
22:47:49.0635 8520  [ 77ADC2F5DBE303EF8B8D2D08AEE3F3DB ] XblGameSave     C:\WINDOWS\System32\XblGameSave.dll
22:47:49.0653 8520  XblGameSave - ok
22:47:49.0682 8520  [ 2244A4CEFE8F9C74091369ACE2E9EBC6 ] xboxgip         C:\WINDOWS\System32\drivers\xboxgip.sys
22:47:49.0682 8520  xboxgip - ok
22:47:49.0713 8520  [ 1A9550D746B8604D37A90436EF686777 ] XboxGipSvc      C:\WINDOWS\System32\XboxGipSvc.dll
22:47:49.0728 8520  XboxGipSvc - ok
22:47:49.0773 8520  [ 4951DD543AA2710760D90A58261ED665 ] XboxNetApiSvc   C:\WINDOWS\system32\XboxNetApiSvc.dll
22:47:49.0788 8520  XboxNetApiSvc - ok
22:47:49.0813 8520  [ 4A91B49C6B1E41151D47CB919ADF013A ] xinputhid       C:\WINDOWS\System32\drivers\xinputhid.sys
22:47:49.0813 8520  xinputhid - ok
22:47:49.0813 8520  ================ Scan global ===============================
22:47:49.0912 8520  [Global] - ok
22:47:49.0912 8520  ================ Scan MBR ==================================
22:47:49.0917 8520  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
22:47:49.0931 8520  \Device\Harddisk0\DR0 - ok
22:47:49.0932 8520  ================ Scan VBR ==================================
22:47:49.0944 8520  [ 0F8B600347611D0EB00F93BF519B8534 ] \Device\Harddisk0\DR0\Partition1
22:47:49.0945 8520  \Device\Harddisk0\DR0\Partition1 - ok
22:47:49.0949 8520  [ 494C8CC71311C136DFDA0E9135EF2DC7 ] \Device\Harddisk0\DR0\Partition2
22:47:49.0949 8520  \Device\Harddisk0\DR0\Partition2 - ok
22:47:49.0962 8520  [ 1DE551B005C1F09A5450AAD94534BA78 ] \Device\Harddisk0\DR0\Partition3
22:47:49.0968 8520  \Device\Harddisk0\DR0\Partition3 - ok
22:47:49.0980 8520  [ 036731A291B2C571EB1E1D36D22EC1E7 ] \Device\Harddisk0\DR0\Partition4
22:47:49.0988 8520  \Device\Harddisk0\DR0\Partition4 - ok
22:47:49.0996 8520  [ BB3978CB3B8D3678786285A8AAE36CF9 ] \Device\Harddisk0\DR0\Partition5
22:47:50.0000 8520  \Device\Harddisk0\DR0\Partition5 - ok
22:47:50.0000 8520  ============================================================
22:47:50.0000 8520  Scan finished
22:47:50.0000 8520  ============================================================
22:47:50.0007 8352  Detected object count: 1
22:47:50.0007 8352  Actual detected object count: 1
22:48:09.0401 8352  21117903 ( HiddenService.Multi.Generic ) - skipped by user
22:48:09.0401 8352  21117903 ( HiddenService.Multi.Generic ) - User select action: Skip 


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:42 AM

Posted 25 July 2018 - 01:17 PM

Hi,

Run the program one more time and deleted these.

22:47:31.0371 8520 Suspicious service (Hidden): 21117903
22:47:31.0372 8520 21117903 ( HiddenService.Multi.Generic ) - warning
22:47:31.0372 8520 21117903 - detected HiddenService.Multi.Generic (1)

Restart the computer normally when completed.

#9 ranncloud45

ranncloud45
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 PM

Posted 26 July 2018 - 06:37 PM

I really don't know what happened. All I know is that, i tried to end task windows explorer so i can smoothly play on my game and suddenly I slept on it, leaving the laptop still on the whole night.  The next day I woke up looking at my laptop was on, I then turned it off and go with my activities. I finally received the mail pertaining the deletion of the suspicious file but was preparing to go to school. It was around 5pm when I decided to read the email and decided to do the instruction pertaining the deletion of the suspicious file. At first I was a little shock that my lappy got a little faster turning on. normally I would get frustrated because of the slowness of my lappy due to having virus that causes the lappy to always load and stuffs. After scanning, I thought it was weird too that the suspicious file was not there anymore and so I scanned again and the suspicious file was really gone. After that I decided to shutdown my lappy and suddenly noticed that (Intel.exe, refer to the image) error and ("G" is preventing the windows to shut down, unfortunately I didn't got the chance to take a picture of it) was also gone. I was confused that day so I turned my lappy once more and it now really boot faster than before. I played Plants vs. Zombies(PvZ) because it was my tester to see whether the virus was still at my lappy. I chose PvZ because whenever I play that game and play it for a little minute, it will alt tab due to the constant loading but to my surprise, I was playing the whole time without the alt tab thingy that is happening in my lappy. Even the constant loading is gone now too. So... I don't really know what I did and now happy that my lappy is now in good condition. although I am still a bit suspicious about the events so I'll still report the scan data. 

 

This is the report:

 

 

18:01:31.0286 3592  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:01:31.0286 3592  UEFI system
18:01:31.0299 3592  ============================================================
18:01:31.0299 3592  Current date / time: 2018/07/26 18:01:31.0299
18:01:31.0299 3592  SystemInfo:
18:01:31.0299 3592  
18:01:31.0299 3592  OS Version: 6.2.9200 ServicePack: 0.0
18:01:31.0299 3592  Product type: Workstation
18:01:31.0299 3592  ComputerName: DESKTOP-Q4JP885
18:01:31.0300 3592  UserName: Michael
18:01:31.0300 3592  Windows directory: C:\WINDOWS
18:01:31.0300 3592  System windows directory: C:\WINDOWS
18:01:31.0300 3592  Running under WOW64
18:01:31.0300 3592  Processor architecture: Intel x64
18:01:31.0300 3592  Number of processors: 4
18:01:31.0300 3592  Page size: 0x1000
18:01:31.0300 3592  Boot type: Normal boot
18:01:31.0300 3592  ============================================================
18:01:31.0643 3592  BG loaded
18:01:31.0913 3592  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:01:31.0917 3592  ============================================================
18:01:31.0917 3592  \Device\Harddisk0\DR0:
18:01:31.0918 3592  GPT partitions:
18:01:31.0918 3592  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {C76EAB79-E9D3-41EE-A280-D554E4E8001E}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x82000
18:01:31.0918 3592  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {82F16BF6-D7FA-4730-9062-FFBB75AB5C52}, Name: Microsoft reserved partition, StartLBA 0x82800, BlocksNum 0x8000
18:01:31.0918 3592  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {5B9F6973-1307-4007-AFEC-7E632A9FD644}, Name: Basic data partition, StartLBA 0x8A800, BlocksNum 0x2E6FF188
18:01:31.0918 3592  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {BE776927-2FE0-444F-8BF0-B295E019AA7A}, Name: , StartLBA 0x2E78A000, BlocksNum 0x1AC000
18:01:31.0932 3592  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {8807F996-C394-42FB-8F46-BB0184C90A6D}, Name: Basic data partition, StartLBA 0x2E936000, BlocksNum 0x45DD0800
18:01:31.0932 3592  MBR partitions:
18:01:31.0932 3592  ============================================================
18:01:31.0960 3592  C: <-> \Device\Harddisk0\DR0\Partition3
18:01:31.0986 3592  D: <-> \Device\Harddisk0\DR0\Partition5
18:01:31.0986 3592  ============================================================
18:01:31.0986 3592  Initialize success
18:01:31.0986 3592  ============================================================
18:01:37.0563 4808  ============================================================
18:01:37.0563 4808  Scan started
18:01:37.0563 4808  Mode: Manual; 
18:01:37.0563 4808  ============================================================
18:01:38.0610 4808  ================ Scan system memory ========================
18:01:38.0610 4808  System memory - ok
18:01:38.0610 4808  ================ Scan services =============================
18:01:38.0725 4808  1394ohci - ok
18:01:38.0729 4808  3ware - ok
18:01:38.0747 4808  ACPI - ok
18:01:38.0751 4808  AcpiDev - ok
18:01:38.0756 4808  acpiex - ok
18:01:38.0772 4808  acpipagr - ok
18:01:38.0811 4808  [ B9805A3C479390CEAEA5AEF5E4A90A2E ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
18:01:38.0813 4808  AcpiPmi - ok
18:01:38.0816 4808  acpitime - ok
18:01:38.0939 4808  [ EF88AC7F6A45A531FAF6663F8BEDC2E9 ] AdAppMgrSvc     C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
18:01:38.0962 4808  AdAppMgrSvc - ok
18:01:39.0026 4808  [ AE86FE2A70C377C0F1AD5B20E66F4C2F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:01:39.0027 4808  AdobeARMservice - ok
18:01:39.0047 4808  ADP80XX - ok
18:01:39.0166 4808  [ DD0F522345A45E86BFB2F0DD22FCD2A3 ] AESMService     C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_1781f8bae8fdf5c0\aesm_service.exe
18:01:39.0234 4808  AESMService - ok
18:01:39.0271 4808  AFD - ok
18:01:39.0347 4808  [ 3D1BB871A893182B0058A4898D5AFE29 ] AGMService      C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
18:01:39.0381 4808  AGMService - ok
18:01:39.0417 4808  [ C20CA26CDE768CA950C622B866292FC2 ] AGSService      C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
18:01:39.0451 4808  AGSService - ok
18:01:39.0475 4808  ahcache - ok
18:01:39.0511 4808  [ EF91AC93FD14599002CC21D10F9F0D58 ] AiCharger       C:\WINDOWS\system32\DRIVERS\AiCharger.sys
18:01:39.0511 4808  AiCharger - ok
18:01:39.0549 4808  [ 84FFB4AC2BA923364DF13F73751E05D1 ] AJRouter        C:\WINDOWS\System32\AJRouter.dll
18:01:39.0594 4808  AJRouter - ok
18:01:39.0621 4808  [ 084101AB03969D8ED00D5FFBE5F4C3DF ] ALG             C:\WINDOWS\System32\alg.exe
18:01:39.0623 4808  ALG - ok
18:01:39.0639 4808  AmdK8 - ok
18:01:39.0650 4808  AmdPPM - ok
18:01:39.0670 4808  amdsata - ok
18:01:39.0674 4808  amdsbs - ok
18:01:39.0678 4808  amdxata - ok
18:01:39.0683 4808  AppID - ok
18:01:39.0715 4808  AppIDSvc - ok
18:01:39.0732 4808  Appinfo - ok
18:01:39.0768 4808  [ 1E085E2302D568F0CE041732B3E887B0 ] applockerfltr   C:\WINDOWS\system32\drivers\applockerfltr.sys
18:01:39.0778 4808  applockerfltr - ok
18:01:39.0789 4808  AppMgmt - ok
18:01:39.0822 4808  [ 1D123729F547EEDFBE3F510346848C38 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
18:01:39.0851 4808  AppReadiness - ok
18:01:39.0889 4808  AppXSvc - ok
18:01:39.0903 4808  arcsas - ok
18:01:39.0963 4808  [ DC932785E0BEBCD6F980068047BD80BC ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
18:01:39.0964 4808  ASLDRService - ok
18:01:39.0981 4808  [ 116DD55EEF8843D7C526EB17A932822F ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
18:01:39.0982 4808  ASMMAP64 - ok
18:01:40.0018 4808  [ AF0561974536C33073E0DF48C2F47C19 ] Asus WebStorage Windows Service C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe
18:01:40.0019 4808  Asus WebStorage Windows Service - ok
18:01:40.0054 4808  [ 308437492F76E3498F5D9B8DB5E5B2C8 ] AsusSGDrv       C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys
18:01:40.0056 4808  AsusSGDrv - ok
18:01:40.0070 4808  AsyncMac - ok
18:01:40.0102 4808  atapi - ok
18:01:40.0118 4808  [ F989273B3F820E5C20F6D1F351E8EBE9 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
18:01:40.0120 4808  ATKGFNEXSrv - ok
18:01:40.0143 4808  [ 0E717D7FED23731863EC44B4031DC268 ] ATKWMIACPIIO    C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
18:01:40.0144 4808  ATKWMIACPIIO - ok
18:01:40.0167 4808  AudioEndpointBuilder - ok
18:01:40.0201 4808  Audiosrv - ok
18:01:40.0276 4808  [ 947FF5992E26AFD4CAA34506678B70BC ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
18:01:40.0291 4808  AxInstSV - ok
18:01:40.0306 4808  b06bdrv - ok
18:01:40.0320 4808  bam - ok
18:01:40.0359 4808  BasicDisplay - ok
18:01:40.0393 4808  BasicRender - ok
18:01:40.0398 4808  bcmfn2 - ok
18:01:40.0425 4808  [ 72963E0676003016B431306A6F4951BF ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
18:01:40.0429 4808  BDESVC - ok
18:01:40.0444 4808  Beep - ok
18:01:40.0452 4808  BFE - ok
18:01:40.0484 4808  BITS - ok
18:01:40.0563 4808  bowser - ok
18:01:40.0570 4808  BrokerInfrastructure - ok
18:01:40.0621 4808  [ DB109DA005B6FE2A350C5DD7CA768DFD ] BrYNSvc         C:\Program Files (x86)\Browny02\BrYNSvc.exe
18:01:40.0623 4808  BrYNSvc - ok
18:01:40.0654 4808  [ 2F860584C523300AEC6B22F1A46FF044 ] BTDevManager    C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe
18:01:40.0655 4808  BTDevManager - ok
18:01:40.0691 4808  [ 8A99FD5859DF5B147256B1BF46A97A9E ] BthA2DP         C:\WINDOWS\system32\drivers\BthA2DP.sys
18:01:40.0693 4808  BthA2DP - ok
18:01:40.0717 4808  [ A4863B7B1F0DB513D6E34547BACC211A ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
18:01:40.0718 4808  BthAvrcpTg - ok
18:01:40.0805 4808  [ 82BD96D56574231AD0E9BBF293EA2E7F ] BthEnum         C:\WINDOWS\System32\drivers\BthEnum.sys
18:01:40.0807 4808  BthEnum - ok
18:01:40.0841 4808  [ F0801BA7335BF5C8BBD33ECF1C8DA352 ] BthHFAud        C:\WINDOWS\system32\DRIVERS\BthHfAud.sys
18:01:40.0843 4808  BthHFAud - ok
18:01:40.0874 4808  [ 9C9EE272C11252C651C5DE6A1AC1EDAA ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
18:01:40.0877 4808  BthHFEnum - ok
18:01:40.0916 4808  [ 69734E386826ED857C889330F35B4D9C ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
18:01:40.0917 4808  bthhfhid - ok
18:01:40.0961 4808  [ BC58294295CBAD6637A526470305B5EA ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
18:01:40.0966 4808  BthHFSrv - ok
18:01:41.0007 4808  [ 338B8D45C7DFB03DB7957188E16C9661 ] bthl2cap        C:\WINDOWS\system32\DRIVERS\bthl2cap.sys
18:01:41.0009 4808  bthl2cap - ok
18:01:41.0052 4808  [ 47BF82E2A6D11279C8501E08518AB835 ] BthLEEnum       C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
18:01:41.0093 4808  BthLEEnum - ok
18:01:41.0127 4808  [ A94AFAEA86F5F792BB4ECA095B231464 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
18:01:41.0128 4808  BTHMODEM - ok
18:01:41.0142 4808  BthPan - ok
18:01:41.0148 4808  BTHPORT - ok
18:01:41.0180 4808  [ 572BCA61B7E026E057AF7DF456AC7E0B ] bthserv         C:\WINDOWS\system32\bthserv.dll
18:01:41.0183 4808  bthserv - ok
18:01:41.0286 4808  [ 55C836530A9602255BFB4F5D9DA2B737 ] BTHUSB          C:\WINDOWS\System32\drivers\BTHUSB.sys
18:01:41.0287 4808  BTHUSB - ok
18:01:41.0306 4808  bttflt - ok
18:01:41.0315 4808  buttonconverter - ok
18:01:41.0354 4808  [ 2AB01CE5E233A6FBA3E91BD57772AA4B ] CAD             C:\WINDOWS\System32\drivers\CAD.sys
18:01:41.0355 4808  CAD - ok
18:01:41.0381 4808  camsvc - ok
18:01:41.0386 4808  CapImg - ok
18:01:41.0390 4808  cdfs - ok
18:01:41.0445 4808  [ 147CEBE0C5F7A80135C54715521AD9E1 ] CDPSvc          C:\WINDOWS\System32\CDPSvc.dll
18:01:41.0456 4808  CDPSvc - ok
18:01:41.0498 4808  CDPUserSvc - ok
18:01:41.0500 4808  Suspicious service (Hidden): CDPUserSvc_140c9e
18:01:41.0572 4808  cdrom - ok
18:01:41.0604 4808  CertPropSvc - ok
18:01:41.0608 4808  cht4iscsi - ok
18:01:41.0612 4808  cht4vbd - ok
18:01:41.0649 4808  [ 9798D58461706930190F1F2F6BF21D80 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
18:01:41.0651 4808  circlass - ok
18:01:41.0668 4808  CldFlt - ok
18:01:41.0691 4808  CLFS - ok
18:01:41.0891 4808  [ 1D46F38E0F5CCE3726EDAC81B26D4A89 ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
18:01:42.0029 4808  ClickToRunSvc - ok
18:01:42.0046 4808  ClipSVC - ok
18:01:42.0072 4808  CmBatt - ok
18:01:42.0090 4808  CNG - ok
18:01:42.0119 4808  [ C65AF00EF12A1755E7CA370B0C71935D ] cnghwassist     C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
18:01:42.0120 4808  cnghwassist - ok
18:01:42.0201 4808  [ A50300498D56B2448F3593D25478D508 ] CompositeBus    C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_9c1fb8f4db31c348\CompositeBus.sys
18:01:42.0202 4808  CompositeBus - ok
18:01:42.0207 4808  COMSysApp - ok
18:01:42.0217 4808  condrv - ok
18:01:42.0257 4808  CoreMessagingRegistrar - ok
18:01:42.0373 4808  [ 903F7F0109670544B92C26BFB461A10E ] cphs            C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe
18:01:42.0376 4808  cphs - ok
18:01:42.0525 4808  [ 6F259733CCCABCFBB3F5A9034277AB8D ] cplspcon        C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe
18:01:42.0577 4808  cplspcon - ok
18:01:42.0599 4808  CryptSvc - ok
18:01:42.0676 4808  [ 72BE43ABD786E86AAE7EA2193201E100 ] dam             C:\WINDOWS\system32\drivers\dam.sys
18:01:42.0678 4808  dam - ok
18:01:42.0881 4808  [ A1F58FFF448E4099297D6EE0641D4D0E ] dbupdate        C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
18:01:42.0886 4808  dbupdate - ok
18:01:42.0890 4808  [ A1F58FFF448E4099297D6EE0641D4D0E ] dbupdatem       C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
18:01:42.0890 4808  dbupdatem - ok
18:01:42.0917 4808  DcomLaunch - ok
18:01:42.0967 4808  defragsvc - ok
18:01:43.0089 4808  [ B5F9123D6537856EA698386ABA27A232 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
18:01:43.0234 4808  DeviceAssociationService - ok
18:01:43.0244 4808  DeviceInstall - ok
18:01:43.0374 4808  [ A19F51A044B62C994144ED87A7A5A887 ] DevicesFlowUserSvc C:\WINDOWS\System32\DevicesFlowBroker.dll
18:01:43.0641 4808  DevicesFlowUserSvc - ok
18:01:43.0655 4808  Suspicious service (Hidden): DevicesFlowUserSvc_140c9e
18:01:43.0700 4808  [ 0D2A4CA81D1F7B5E5FBFE1E4F60246B8 ] DevQueryBroker  C:\WINDOWS\system32\DevQueryBroker.dll
18:01:43.0774 4808  DevQueryBroker - ok
18:01:43.0797 4808  Dfsc - ok
18:01:43.0901 4808  [ 9593475FBC857A05D93BFF4FA7323C2B ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
18:01:43.0991 4808  dg_ssudbus - ok
18:01:44.0029 4808  Dhcp - ok
18:01:44.0151 4808  diagnosticshub.standardcollector.service - ok
18:01:44.0243 4808  [ E2BF09B816393AF73EDCB8ECF9BBDB2D ] diagsvc         C:\WINDOWS\system32\DiagSvc.dll
18:01:44.0312 4808  diagsvc - ok
18:01:44.0370 4808  DiagTrack - ok
18:01:44.0391 4808  Disk - ok
18:01:44.0419 4808  DmEnrollmentSvc - ok
18:01:44.0441 4808  dmvsc - ok
18:01:44.0486 4808  [ 10E72E3315305461D3F0C7560AE98CA5 ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
18:01:44.0510 4808  dmwappushservice - ok
18:01:44.0542 4808  Dnscache - ok
18:01:44.0565 4808  dot3svc - ok
18:01:44.0780 4808  [ 6D8971C942FEE43A0AB6B3192534AFB4 ] DPS             C:\WINDOWS\system32\dps.dll
18:01:44.0785 4808  DPS - ok
18:01:44.0839 4808  [ 225C4E9280B2AE38DCAA5E2FEFC437C2 ] dptf_acpi       C:\WINDOWS\System32\drivers\dptf_acpi.sys
18:01:44.0840 4808  dptf_acpi - ok
18:01:44.0878 4808  [ 4DD17AA07FA0A75E79B47E5B7F18964D ] dptf_cpu        C:\WINDOWS\System32\drivers\dptf_cpu.sys
18:01:44.0879 4808  dptf_cpu - ok
18:01:45.0117 4808  drmkaud - ok
18:01:45.0185 4808  DsmSvc - ok
18:01:45.0210 4808  DsSvc - ok
18:01:45.0237 4808  DusmSvc - ok
18:01:45.0338 4808  DXGKrnl - ok
18:01:45.0401 4808  Eaphost - ok
18:01:45.0404 4808  EasyAntiCheat - ok
18:01:45.0418 4808  ebdrv - ok
18:01:45.0563 4808  EFS - ok
18:01:45.0595 4808  EhStorClass - ok
18:01:45.0627 4808  EhStorTcgDrv - ok
18:01:45.0698 4808  [ A75880A9192B9DA69F46867B06276746 ] embeddedmode    C:\WINDOWS\System32\embeddedmodesvc.dll
18:01:45.0702 4808  embeddedmode - ok
18:01:45.0746 4808  EntAppSvc - ok
18:01:45.0750 4808  ErrDev - ok
18:01:46.0055 4808  [ 49EDBE0603232013F7247413407F713E ] esifsvc         C:\WINDOWS\SysWOW64\esif_uf.exe
18:01:46.0201 4808  esifsvc - ok
18:01:46.0228 4808  [ A63C10A6A6B09FED00046DDD313C2CC1 ] esif_lf         C:\WINDOWS\system32\DRIVERS\esif_lf.sys
18:01:46.0231 4808  esif_lf - ok
18:01:46.0252 4808  [ 082F9D1ADB6DF9E5DB30EB52A34FCF0A ] ESProtectionDriver C:\WINDOWS\system32\drivers\mbae64.sys
18:01:46.0254 4808  ESProtectionDriver - ok
18:01:46.0306 4808  [ 6A5FA501A2D96001391FF3CBA32935AB ] EventSystem     C:\WINDOWS\system32\es.dll
18:01:46.0311 4808  EventSystem - ok
18:01:46.0340 4808  exfat - ok
18:01:46.0355 4808  [ 0EE1D766D9B671AB101978723FE3558B ] farmntio        C:\Windows\system32\drivers\farmntio.sys
18:01:46.0464 4808  farmntio - ok
18:01:46.0468 4808  fastfat - ok
18:01:46.0519 4808  [ B1A38C0D977D8738779CA3EFEBDFCA8C ] Fax             C:\WINDOWS\system32\fxssvc.exe
18:01:46.0531 4808  Fax - ok
18:01:46.0602 4808  [ 273C8426CB8FCAF9BDAD04F59B080490 ] FBAgent         C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe
18:01:46.0604 4808  FBAgent - ok
18:01:46.0618 4808  fdc - ok
18:01:46.0646 4808  [ 21EB16C5DDFBC19DEBE9EEC10EA423FB ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
18:01:46.0649 4808  fdPHost - ok
18:01:46.0683 4808  [ 57F98EFE6CB82AE5400BA99C705AF45C ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
18:01:46.0685 4808  FDResPub - ok
18:01:46.0722 4808  [ 02F93E4B9EC2821B6670208044FF5332 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
18:01:46.0726 4808  fhsvc - ok
18:01:46.0765 4808  [ DE51BBBCF358188F9736F031546F9908 ] FileCrypt       C:\WINDOWS\system32\drivers\filecrypt.sys
18:01:46.0766 4808  FileCrypt - ok
18:01:46.0785 4808  FileInfo - ok
18:01:46.0788 4808  Filetrace - ok
18:01:46.0856 4808  [ 1B04D931B3EFA5FE67FA7D8510722222 ] FlexNet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
18:01:46.0889 4808  FlexNet Licensing Service 64 - ok
18:01:46.0954 4808  flpydisk - ok
18:01:46.0985 4808  FltMgr - ok
18:01:47.0003 4808  FontCache - ok
18:01:47.0086 4808  FontCache3.0.0.0 - ok
18:01:47.0111 4808  FrameServer - ok
18:01:47.0128 4808  FsDepends - ok
18:01:47.0141 4808  Fs_Rec - ok
18:01:47.0151 4808  fvevol - ok
18:01:47.0181 4808  gencounter - ok
18:01:47.0198 4808  genericusbfn - ok
18:01:47.0214 4808  GPIOClx0101 - ok
18:01:47.0232 4808  gpsvc - ok
18:01:47.0248 4808  GpuEnergyDrv - ok
18:01:47.0282 4808  [ 141904F0581468B39B579EA33CA57549 ] GraphicsPerfSvc C:\WINDOWS\System32\GraphicsPerfSvc.dll
18:01:47.0327 4808  GraphicsPerfSvc - ok
18:01:47.0368 4808  [ 0545A3EB959CFA4790D267BFB8C1ACA4 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:01:47.0381 4808  gupdate - ok
18:01:47.0384 4808  [ 0545A3EB959CFA4790D267BFB8C1ACA4 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:01:47.0384 4808  gupdatem - ok
18:01:47.0415 4808  HDAudBus - ok
18:01:47.0420 4808  HidBatt - ok
18:01:47.0464 4808  [ 205043CDC16ADE85E252DD54AE925161 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
18:01:47.0470 4808  HidBth - ok
18:01:47.0473 4808  hidi2c - ok
18:01:47.0494 4808  hidinterrupt - ok
18:01:47.0522 4808  [ 366AC0E05EBF5D5C375F65CD8BC7F0DF ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
18:01:47.0523 4808  HidIr - ok
18:01:47.0535 4808  hidserv - ok
18:01:47.0549 4808  [ 38DA94B6DD8022DA43810E4328608E54 ] HIDSwitch       C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys
18:01:47.0549 4808  HIDSwitch - ok
18:01:47.0580 4808  HidUsb - ok
18:01:47.0602 4808  HomeGroupListener - ok
18:01:47.0651 4808  [ 24C900B7296AA9867FB761A5801AFBD1 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
18:01:47.0886 4808  HomeGroupProvider - ok
18:01:47.0896 4808  HpSAMD - ok
18:01:47.0911 4808  HTTP - ok
18:01:47.0932 4808  HvHost - ok
18:01:48.0012 4808  [ 9F2CFC90306532866C62BDCDFD2532AA ] hvservice       C:\WINDOWS\system32\drivers\hvservice.sys
18:01:48.0014 4808  hvservice - ok
18:01:48.0054 4808  [ 3737FE486929AFC48F1D10677B698E52 ] HwNClx0101      C:\WINDOWS\system32\Drivers\mshwnclx.sys
18:01:48.0055 4808  HwNClx0101 - ok
18:01:48.0073 4808  hwpolicy - ok
18:01:48.0093 4808  hyperkbd - ok
18:01:48.0126 4808  HyperVideo - ok
18:01:48.0130 4808  i8042prt - ok
18:01:48.0134 4808  iagpio - ok
18:01:48.0138 4808  iai2c - ok
18:01:48.0151 4808  iaLPSS2i_GPIO2 - ok
18:01:48.0155 4808  iaLPSS2i_GPIO2_BXT_P - ok
18:01:48.0173 4808  iaLPSS2i_I2C - ok
18:01:48.0177 4808  iaLPSS2i_I2C_BXT_P - ok
18:01:48.0181 4808  iaLPSSi_GPIO - ok
18:01:48.0185 4808  iaLPSSi_I2C - ok
18:01:48.0231 4808  [ 62EECD3225EF2B5649780746928F5CF7 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
18:01:48.0238 4808  iaStorA - ok
18:01:48.0242 4808  iaStorAV - ok
18:01:48.0247 4808  iaStorV - ok
18:01:48.0263 4808  ibbus - ok
18:01:48.0295 4808  icssvc - ok
18:01:48.0518 4808  [ 0BE62DDF66932D1BC1FCB5DF74173680 ] igfx            C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igdkmd64.sys
18:01:48.0676 4808  igfx - ok
18:01:48.0709 4808  [ 2972D9B9B157025F988203DF6545401A ] igfxCUIService2.0.0.0 C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
18:01:48.0712 4808  igfxCUIService2.0.0.0 - ok
18:01:48.0729 4808  IKEEXT - ok
18:01:48.0763 4808  [ 42CAF6216A6E516DC56BA319ACC7EEC5 ] IndirectKmd     C:\WINDOWS\System32\drivers\IndirectKmd.sys
18:01:48.0764 4808  IndirectKmd - ok
18:01:48.0790 4808  InstallService - ok
18:01:48.0884 4808  [ D7B55FE6AF52974A28BD83F675103F00 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
18:01:48.0952 4808  IntcAzAudAddService - ok
18:01:48.0983 4808  [ A6087A824507CAB1ED568895F8081950 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
18:01:49.0005 4808  IntcDAud - ok
18:01:49.0101 4808  [ AE32376564771525DCDD2F0280619E1A ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
18:01:49.0124 4808  Intel® Capability Licensing Service TCP IP Interface - ok
18:01:49.0187 4808  [ 56BA2118E48D0BBB980ADAA830220C1D ] Intel® Security Assist C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
18:01:49.0190 4808  Intel® Security Assist - ok
18:01:49.0225 4808  intelide - ok
18:01:49.0254 4808  [ 327D9CCF5492543AEF3979F9EEAD02BE ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
18:01:49.0255 4808  intelpep - ok
18:01:49.0272 4808  intelppm - ok
18:01:49.0296 4808  invdimm - ok
18:01:49.0329 4808  [ E207078E0E1BB3524277DB9077E4148E ] iorate          C:\WINDOWS\system32\drivers\iorate.sys
18:01:49.0330 4808  iorate - ok
18:01:49.0365 4808  [ FD8F64B7B345E539F2EA7F72846F83B4 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:01:49.0367 4808  IpFilterDriver - ok
18:01:49.0404 4808  iphlpsvc - ok
18:01:49.0407 4808  IPMIDRV - ok
18:01:49.0433 4808  [ 7BEC2AF23F586EFF0DB4DBF4331B0C70 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
18:01:49.0436 4808  IPNAT - ok
18:01:49.0478 4808  [ 35A54F19E703D4FE5919F812F6CC5D0A ] IPT             C:\WINDOWS\System32\drivers\ipt.sys
18:01:49.0479 4808  IPT - ok
18:01:49.0511 4808  [ F6C47021C41F721B628161B64D7DECB9 ] IpxlatCfgSvc    C:\WINDOWS\System32\IpxlatCfg.dll
18:01:49.0515 4808  IpxlatCfgSvc - ok
18:01:49.0529 4808  irda - ok
18:01:49.0557 4808  [ F88664A2A82DDA456180FFF95A771765 ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
18:01:49.0559 4808  IRENUM - ok
18:01:49.0595 4808  [ 4F500A0171606B0E37964694140FCA16 ] irmon           C:\WINDOWS\System32\irmon.dll
18:01:49.0597 4808  irmon - ok
18:01:49.0621 4808  [ 8CA2C261AB69D0195BED81E58EDF167D ] isaHelperSvc    C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
18:01:49.0857 4808  isaHelperSvc - ok
18:01:49.0878 4808  isapnp - ok
18:01:49.0895 4808  iScsiPrt - ok
18:01:49.0941 4808  [ 2D9A7975B03A863F17B00FB688502F07 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
18:01:49.0943 4808  jhi_service - ok
18:01:49.0962 4808  kbdclass - ok
18:01:49.0972 4808  kbdhid - ok
18:01:49.0981 4808  kdnic - ok
18:01:50.0052 4808  KeyIso - ok
18:01:50.0096 4808  [ 16EED67699FC20629FFFF750B2EB2A48 ] Kingsoft_WPS_UpdateService C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdatesvr.exe
18:01:50.0098 4808  Kingsoft_WPS_UpdateService - ok
18:01:50.0119 4808  KSecDD - ok
18:01:50.0126 4808  KSecPkg - ok
18:01:50.0146 4808  ksthunk - ok
18:01:50.0189 4808  [ 6EAF246BC12DB548AC65A4CEFB14B547 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
18:01:50.0197 4808  KtmRm - ok
18:01:50.0210 4808  LanmanServer - ok
18:01:50.0214 4808  LanmanWorkstation - ok
18:01:50.0240 4808  [ D81931EF9914A135F9ECF409DC826266 ] lfsvc           C:\WINDOWS\System32\lfsvc.dll
18:01:50.0244 4808  lfsvc - ok
18:01:50.0256 4808  LicenseManager - ok
18:01:50.0274 4808  lltdio - ok
18:01:50.0304 4808  [ 48199253D7F6119F88294F8845F0808D ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
18:01:50.0310 4808  lltdsvc - ok
18:01:50.0342 4808  lmhosts - ok
18:01:50.0385 4808  [ CCF5B57A38AC46A93F9A013AEDED2876 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
18:01:50.0389 4808  LMS - ok
18:01:50.0402 4808  LSI_SAS - ok
18:01:50.0411 4808  LSI_SAS2i - ok
18:01:50.0415 4808  LSI_SAS3i - ok
18:01:50.0419 4808  LSI_SSS - ok
18:01:50.0437 4808  LSM - ok
18:01:50.0452 4808  luafv - ok
18:01:50.0484 4808  [ 3520DE00ABC5EFF0DBAFD41129AD970F ] MapsBroker      C:\WINDOWS\System32\moshost.dll
18:01:50.0489 4808  MapsBroker - ok
18:01:50.0493 4808  mausbhost - ok
18:01:50.0498 4808  mausbip - ok
18:01:50.0525 4808  [ 30531264292DBC7507AA1FF4123F1F39 ] MBAMFarflt      C:\WINDOWS\system32\DRIVERS\farflt.sys
18:01:50.0527 4808  MBAMFarflt - ok
18:01:50.0564 4808  [ 0987B4BB03FA1F3C0C7D37347B707D4E ] MBAMProtection  C:\WINDOWS\system32\DRIVERS\mbam.sys
18:01:50.0566 4808  MBAMProtection - ok
18:01:50.0730 4808  [ F7265B7490428499F2FE409FA9247866 ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
18:01:50.0833 4808  MBAMService - ok
18:01:50.0858 4808  [ A2814DB0A52A490AE674AD06ECBDC4CF ] MBAMWebProtection C:\WINDOWS\system32\DRIVERS\mwac.sys
18:01:50.0861 4808  MBAMWebProtection - ok
18:01:50.0929 4808  [ 0327185087FDBD17FC1263DD9D20D450 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.11.766\McCHSvc.exe
18:01:50.0933 4808  McComponentHostService - ok
18:01:50.0947 4808  megasas - ok
18:01:50.0957 4808  megasas2i - ok
18:01:50.0960 4808  megasr - ok
18:01:50.0980 4808  [ 8EC6459491D8508BBA5E3CEC5C930914 ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
18:01:50.0989 4808  MEIx64 - ok
18:01:51.0064 4808  [ 573F228F046D12EBF33EF85C87DDE074 ] memudrv         D:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys
18:01:51.0066 4808  memudrv - ok
18:01:51.0095 4808  [ 5065E32F1DB2468678C81BC667628E6C ] MEmusvc         D:\Program Files\Microvirt\MEmu\MemuService.exe
18:01:51.0098 4808  MEmusvc - ok
18:01:51.0134 4808  [ 4965456A1B4B3039E4B9AB233F5E9B1E ] MessagingService C:\WINDOWS\System32\MessagingService.dll
18:01:51.0137 4808  MessagingService - ok
18:01:51.0147 4808  Suspicious service (Hidden): MessagingService_140c9e
18:01:51.0169 4808  mlx4_bus - ok
18:01:51.0176 4808  MMCSS - ok
18:01:51.0213 4808  [ A4467A5C080318F0CCCF5ED463821F8B ] Modem           C:\WINDOWS\system32\drivers\modem.sys
18:01:51.0214 4808  Modem - ok
18:01:51.0301 4808  [ 78BE85C1F1C7F3AF6C87BCE127007D5A ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
18:01:51.0303 4808  monitor - ok
18:01:51.0314 4808  mouclass - ok
18:01:51.0328 4808  mouhid - ok
18:01:51.0349 4808  mountmgr - ok
18:01:51.0354 4808  mpsdrv - ok
18:01:51.0360 4808  MpsSvc - ok
18:01:51.0412 4808  [ 215D672CB71987CD98EB2298EFB84DDC ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
18:01:51.0414 4808  MRxDAV - ok
18:01:51.0423 4808  mrxsmb - ok
18:01:51.0440 4808  mrxsmb20 - ok
18:01:51.0470 4808  [ 167408B38458ECAE545C57527BC99024 ] MsBridge        C:\WINDOWS\system32\drivers\bridge.sys
18:01:51.0472 4808  MsBridge - ok
18:01:51.0490 4808  [ D5778559A0F34EE0BF0457293C6B5F4F ] MSDTC           C:\WINDOWS\System32\msdtc.exe
18:01:51.0496 4808  MSDTC - ok
18:01:51.0530 4808  Msfs - ok
18:01:51.0563 4808  [ 6DDDFCAB646BBBCFC583135C4430E10F ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
18:01:51.0565 4808  msgpiowin32 - ok
18:01:51.0581 4808  mshidkmdf - ok
18:01:51.0612 4808  [ F65ABC7DE945047147F17330F79732CB ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
18:01:51.0614 4808  mshidumdf - ok
18:01:51.0638 4808  msisadrv - ok
18:01:51.0658 4808  MSiSCSI - ok
18:01:51.0662 4808  msiserver - ok
18:01:51.0678 4808  MSKSSRV - ok
18:01:51.0711 4808  [ C3F5EA6B9041A30B4F11BE2E7863E487 ] MsLldp          C:\WINDOWS\system32\drivers\mslldp.sys
18:01:51.0711 4808  MsLldp - ok
18:01:51.0717 4808  MSPCLOCK - ok
18:01:51.0727 4808  MSPQM - ok
18:01:51.0744 4808  MsRPC - ok
18:01:51.0757 4808  mssmbios - ok
18:01:51.0761 4808  MSTEE - ok
18:01:51.0764 4808  MTConfig - ok
18:01:51.0770 4808  Mup - ok
18:01:51.0776 4808  mvumis - ok
18:01:51.0789 4808  NativeWifiP - ok
18:01:51.0811 4808  NaturalAuthentication - ok
18:01:51.0860 4808  [ FBA9F5B9F59A665F248F70B905EDCE14 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
18:01:51.0869 4808  NcaSvc - ok
18:01:51.0883 4808  NcbService - ok
18:01:51.0911 4808  [ 3C7E074AE41D8DFB41A9E65904D8BF43 ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
18:01:51.0923 4808  NcdAutoSetup - ok
18:01:51.0926 4808  ndfltr - ok
18:01:51.0945 4808  NDIS - ok
18:01:51.0963 4808  [ 067AE5BA349CC35AF8975D22DC483DDF ] NdisCap         C:\WINDOWS\system32\drivers\ndiscap.sys
18:01:51.0973 4808  NdisCap - ok
18:01:51.0993 4808  [ 6FC4D7EB5D38CFB7966405036116F065 ] NdisImPlatform  C:\WINDOWS\system32\drivers\NdisImPlatform.sys
18:01:52.0006 4808  NdisImPlatform - ok
18:01:52.0043 4808  NdisTapi - ok
18:01:52.0062 4808  Ndisuio - ok
18:01:52.0078 4808  NdisVirtualBus - ok
18:01:52.0082 4808  NdisWan - ok
18:01:52.0086 4808  ndiswanlegacy - ok
18:01:52.0110 4808  ndproxy - ok
18:01:52.0144 4808  [ A791792DC412CCD83DA0AF6871682552 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
18:01:52.0144 4808  Ndu - ok
18:01:52.0156 4808  NetAdapterCx - ok
18:01:52.0174 4808  NetBIOS - ok
18:01:52.0188 4808  NetBT - ok
18:01:52.0195 4808  Netlogon - ok
18:01:52.0218 4808  Netman - ok
18:01:52.0264 4808  [ 79ED54CA41486399361778D533E55A99 ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
18:01:52.0283 4808  netprofm - ok
18:01:52.0300 4808  NetSetupSvc - ok
18:01:52.0385 4808  [ 97FF2186BBAA215727300404862D297B ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:01:52.0403 4808  NetTcpPortSharing - ok
18:01:52.0417 4808  netvsc - ok
18:01:52.0459 4808  [ E27ACE78CA1BDF4FBBF3323D6E9AFCDB ] NgcCtnrSvc      C:\WINDOWS\System32\NgcCtnrSvc.dll
18:01:52.0476 4808  NgcCtnrSvc - ok
18:01:52.0514 4808  [ A557C92583E81CA97D2C0F2467E7C2F9 ] NgcSvc          C:\WINDOWS\system32\ngcsvc.dll
18:01:52.0538 4808  NgcSvc - ok
18:01:52.0553 4808  NlaSvc - ok
18:01:52.0567 4808  Npfs - ok
18:01:52.0598 4808  [ 5CB8082E51DE7D19042F0FF8C517CB0D ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
18:01:52.0599 4808  npsvctrig - ok
18:01:52.0620 4808  nsi - ok
18:01:52.0630 4808  nsiproxy - ok
18:01:52.0648 4808  NTFS - ok
18:01:52.0652 4808  Null - ok
18:01:52.0712 4808  [ 070ECC7E30A6A02AD136EB26EA47C819 ] NvContainerLocalSystem C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
18:01:52.0716 4808  NvContainerLocalSystem - ok
18:01:52.0723 4808  [ 070ECC7E30A6A02AD136EB26EA47C819 ] NvContainerNetworkService C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
18:01:52.0725 4808  NvContainerNetworkService - ok
18:01:52.0748 4808  nvdimmn - ok
18:01:53.0033 4808  [ 60328FA27CB565D708CACAC8206037FB ] nvlddmkm        C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys
18:01:53.0224 4808  nvlddmkm - ok
18:01:53.0237 4808  nvraid - ok
18:01:53.0240 4808  nvstor - ok
18:01:53.0271 4808  [ 2233104E40673D290B35008F5BA515CF ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
18:01:53.0272 4808  NvStreamKms - ok
18:01:53.0316 4808  [ 85397430F424516BF8300FAAEF929366 ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
18:01:53.0350 4808  nvsvc - ok
18:01:53.0434 4808  [ 8EB60AC505E8D99AAB1B9DA1A5989CD9 ] NvTelemetryContainer C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
18:01:53.0437 4808  NvTelemetryContainer - ok
18:01:53.0454 4808  [ 644387C02C56E73DC1BC3843EFA2AC8A ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
18:01:53.0456 4808  nvvad_WaveExtensible - ok
18:01:53.0495 4808  [ B4BECC1004F648202E5903F5E8B6BA51 ] nvvhci          C:\WINDOWS\System32\drivers\nvvhci.sys
18:01:53.0497 4808  nvvhci - ok
18:01:53.0526 4808  OneSyncSvc - ok
18:01:53.0528 4808  Suspicious service (Hidden): OneSyncSvc_140c9e
18:01:53.0590 4808  [ 91ED1D1CB78794D10A1D506BC727868D ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:01:53.0592 4808  ose64 - ok
18:01:53.0615 4808  [ E0406C2951A24073AB920705A9CC9D59 ] osrss           C:\WINDOWS\system32\osrss.dll
18:01:53.0620 4808  osrss - ok
18:01:53.0639 4808  p2pimsvc - ok
18:01:53.0647 4808  p2psvc - ok
18:01:53.0671 4808  Parport - ok
18:01:53.0686 4808  partmgr - ok
18:01:53.0716 4808  PcaSvc - ok
18:01:53.0719 4808  pci - ok
18:01:53.0747 4808  pciide - ok
18:01:53.0751 4808  pcmcia - ok
18:01:53.0772 4808  pcw - ok
18:01:53.0776 4808  pdc - ok
18:01:53.0786 4808  PEAUTH - ok
18:01:53.0805 4808  percsas2i - ok
18:01:53.0811 4808  percsas3i - ok
18:01:53.0932 4808  PerfHost - ok
18:01:53.0984 4808  PhoneSvc - ok
18:01:54.0028 4808  PimIndexMaintenanceSvc - ok
18:01:54.0029 4808  Suspicious service (Hidden): PimIndexMaintenanceSvc_140c9e
18:01:54.0170 4808  [ 73B5A132EBF3A8075A7C68DFBB4DE719 ] pla             C:\WINDOWS\system32\pla.dll
18:01:54.0204 4808  pla - ok
18:01:54.0223 4808  PlugPlay - ok
18:01:54.0227 4808  pmem - ok
18:01:54.0260 4808  [ 59048555B59FD69287CFAB6022B5CC86 ] PNPMEM          C:\WINDOWS\System32\drivers\pnpmem.sys
18:01:54.0261 4808  PNPMEM - ok
18:01:54.0296 4808  [ 7815D5EEE3624640150B1365EB2E98C5 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
18:01:54.0301 4808  PNRPAutoReg - ok
18:01:54.0304 4808  PNRPsvc - ok
18:01:54.0324 4808  PolicyAgent - ok
18:01:54.0338 4808  Power - ok
18:01:54.0352 4808  PptpMiniport - ok
18:01:54.0448 4808  [ FAA5FBD37C00DE72573F9BF6B6E64BAD ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
18:01:54.0505 4808  PrintNotify - ok
18:01:54.0549 4808  [ 8803D4F36F1CB2E2203F5EB59571E89C ] PrintWorkflowUserSvc C:\WINDOWS\System32\PrintWorkflowService.dll
18:01:54.0556 4808  PrintWorkflowUserSvc - ok
18:01:54.0557 4808  Suspicious service (Hidden): PrintWorkflowUserSvc_140c9e
18:01:54.0583 4808  Processor - ok
18:01:54.0615 4808  ProfSvc - ok
18:01:54.0639 4808  [ 5818FE76C3C6AE0CA723EBE483BF447F ] Psched          C:\WINDOWS\system32\drivers\pacer.sys
18:01:54.0642 4808  Psched - ok
18:01:54.0674 4808  [ D8EB393983B644879DE0546122CC16DF ] ptun0901        C:\WINDOWS\System32\drivers\ptun0901.sys
18:01:54.0675 4808  ptun0901 - ok
18:01:54.0704 4808  PushToInstall - ok
18:01:54.0742 4808  [ 034BA34ADFA10F9D7E4989273DDABA33 ] QWAVE           C:\WINDOWS\system32\qwave.dll
18:01:54.0766 4808  QWAVE - ok
18:01:54.0796 4808  [ 16F9A6B593B52EB18F7ECB9D251BDF7A ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
18:01:54.0799 4808  QWAVEdrv - ok
18:01:54.0815 4808  Ramdisk - ok
18:01:54.0834 4808  RasAcd - ok
18:01:54.0873 4808  RasAgileVpn - ok
18:01:54.0893 4808  RasAuto - ok
18:01:54.0896 4808  Rasl2tp - ok
18:01:54.0914 4808  RasMan - ok
18:01:54.0918 4808  RasPppoe - ok
18:01:54.0922 4808  RasSstp - ok
18:01:54.0951 4808  rdbss - ok
18:01:54.0963 4808  rdpbus - ok
18:01:54.0966 4808  RDPDR - ok
18:01:55.0027 4808  [ 4D1A63ACEC42A88E52AFC4E84A8CE9EE ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
18:01:55.0028 4808  RdpVideoMiniport - ok
18:01:55.0050 4808  rdyboost - ok
18:01:55.0071 4808  ReFS - ok
18:01:55.0075 4808  ReFSv1 - ok
18:01:55.0121 4808  [ 16884710EB4898CB49B18609EEE34C6C ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
18:01:55.0128 4808  RemoteAccess - ok
18:01:55.0158 4808  [ 9D82CD53B622A85A10B4DA8F4724A8E4 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
18:01:55.0177 4808  RemoteRegistry - ok
18:01:55.0213 4808  RetailDemo - ok
18:01:55.0249 4808  [ 5BF7698021DB13B55753FD921BEBE318 ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
18:01:55.0251 4808  RFCOMM - ok
18:01:55.0288 4808  [ BBC228CA2F96B784B01FE7F1C5E3CFBB ] rhproxy         C:\WINDOWS\System32\drivers\rhproxy.sys
18:01:55.0290 4808  rhproxy - ok
18:01:55.0325 4808  [ 665A51DE515A2E8B0BDB3D6917D47DD9 ] RmSvc           C:\WINDOWS\System32\RMapi.dll
18:01:55.0331 4808  RmSvc - ok
18:01:55.0354 4808  RpcEptMapper - ok
18:01:55.0389 4808  [ EB65907BD63871669C54D5E5BAE4DD34 ] RpcLocator      C:\WINDOWS\system32\locator.exe
18:01:55.0392 4808  RpcLocator - ok
18:01:55.0396 4808  RpcSs - ok
18:01:55.0475 4808  [ 27B80E5766B114621980F82FB78E912A ] rspndr          C:\WINDOWS\system32\drivers\rspndr.sys
18:01:55.0476 4808  rspndr - ok
18:01:55.0527 4808  [ 5FC48CA9FFB9FB56ABA925A85BAB0272 ] rt640x64        C:\WINDOWS\System32\drivers\rt640x64.sys
18:01:55.0550 4808  rt640x64 - ok
18:01:55.0585 4808  [ C42D09BCC1880A0AF8DE008EB7A806E1 ] RtkBtFilter     C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys
18:01:55.0609 4808  RtkBtFilter - ok
18:01:55.0636 4808  [ 2D3E7ED7119B65BCEE123281321125BF ] RtkBtManServ    C:\WINDOWS\RtkBtManServ.exe
18:01:55.0672 4808  RtkBtManServ - ok
18:01:55.0720 4808  [ 14190644E437A95B244BFC9B37ACDB61 ] RTL8192su       C:\WINDOWS\System32\drivers\RTL8192su.sys
18:01:55.0743 4808  RTL8192su - ok
18:01:55.0782 4808  [ B483E22E200D5428E675B07266A72F84 ] RTSUER          C:\WINDOWS\system32\Drivers\RtsUer.sys
18:01:55.0786 4808  RTSUER - ok
18:01:55.0913 4808  [ FD0DA24DCA6D12F5A3F0B34F137086C6 ] RTWlanE         C:\WINDOWS\System32\drivers\rtwlane.sys
18:01:56.0013 4808  RTWlanE - ok
18:01:56.0033 4808  s3cap - ok
18:01:56.0108 4808  SamSs - ok
18:01:56.0126 4808  sbp2port - ok
18:01:56.0146 4808  SCardSvr - ok
18:01:56.0180 4808  ScDeviceEnum - ok
18:01:56.0221 4808  [ 62A33CE69DB508BCEC63F4D3BFF400CE ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
18:01:56.0223 4808  scfilter - ok
18:01:56.0256 4808  Schedule - ok
18:01:56.0268 4808  scmbus - ok
18:01:56.0290 4808  SCPolicySvc - ok
18:01:56.0323 4808  sdbus - ok
18:01:56.0340 4808  [ 6D3853838864886B4F10B074282772E0 ] SDFRd           C:\WINDOWS\System32\drivers\SDFRd.sys
18:01:56.0351 4808  SDFRd - ok
18:01:56.0374 4808  [ 368180051766E4289E3D47AF21F2668C ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
18:01:56.0400 4808  SDRSVC - ok
18:01:56.0407 4808  sdstor - ok
18:01:56.0452 4808  [ 0356C85312D78F4C7F33C74B6000BB93 ] seclogon        C:\WINDOWS\system32\seclogon.dll
18:01:56.0464 4808  seclogon - ok
18:01:56.0534 4808  [ EA160DB2589350DFF52C7ACCD7763187 ] SecureLine      C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
18:01:56.0546 4808  SecureLine - ok
18:01:56.0572 4808  SecurityHealthService - ok
18:01:56.0630 4808  [ 859BA8C74932ADA8CF04FBF169BB1470 ] sedsvc          C:\Program Files\rempl\sedsvc.exe
18:01:56.0630 4808  sedsvc - ok
18:01:56.0655 4808  SEMgrSvc - ok
18:01:56.0685 4808  [ 62EDAD383010E037C4D3846C7C021A00 ] SENS            C:\WINDOWS\System32\sens.dll
18:01:56.0689 4808  SENS - ok
18:01:56.0760 4808  [ DDBBE9A08C79D3BB50D6053507F7777D ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
18:01:56.0794 4808  SensorDataService - ok
18:01:56.0824 4808  SensorService - ok
18:01:56.0856 4808  SensrSvc - ok
18:01:56.0871 4808  SerCx - ok
18:01:56.0875 4808  SerCx2 - ok
18:01:56.0879 4808  Serenum - ok
18:01:56.0884 4808  Serial - ok
18:01:56.0888 4808  sermouse - ok
18:01:56.0910 4808  SessionEnv - ok
18:01:56.0914 4808  sfloppy - ok
18:01:56.0940 4808  SharedAccess - ok
18:01:56.0995 4808  [ 63377493508564288721EF5421A216F5 ] SharedRealitySvc C:\WINDOWS\System32\SharedRealitySvc.dll
18:01:57.0013 4808  SharedRealitySvc - ok
18:01:57.0072 4808  [ 887458A234108B5B69038299BE7FAD88 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:01:57.0091 4808  ShellHWDetection - ok
18:01:57.0135 4808  [ 5ED18BE9FE76540A0596BB41C91719C6 ] shpamsvc        C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
18:01:57.0246 4808  shpamsvc - ok
18:01:57.0260 4808  SiSRaid2 - ok
18:01:57.0263 4808  SiSRaid4 - ok
18:01:57.0301 4808  smphost - ok
18:01:57.0329 4808  SmsRouter - ok
18:01:57.0364 4808  [ FDADDEC855034107E5FAD708B4E2424D ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
18:01:57.0368 4808  SNMPTRAP - ok
18:01:57.0393 4808  spaceport - ok
18:01:57.0435 4808  [ CCECE7E96B4F7B0E9F0FC82F6DADA917 ] SpatialGraphFilter C:\WINDOWS\system32\drivers\SpatialGraphFilter.sys
18:01:57.0436 4808  SpatialGraphFilter - ok
18:01:57.0449 4808  SpbCx - ok
18:01:57.0484 4808  spectrum - ok
18:01:57.0508 4808  Spooler - ok
18:01:57.0532 4808  sppsvc - ok
18:01:57.0585 4808  [ C386F811A5E2F87DCF3EA4A527A20AA6 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:01:57.0587 4808  SQLWriter - ok
18:01:57.0609 4808  srv2 - ok
18:01:57.0631 4808  srvnet - ok
18:01:57.0654 4808  SSDPSRV - ok
18:01:57.0678 4808  SstpSvc - ok
18:01:57.0716 4808  [ 592FF34A2FD6C6351B8A3AA76B2C0A9E ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
18:01:57.0719 4808  ssudmdm - ok
18:01:57.0747 4808  StateRepository - ok
18:01:57.0771 4808  stexstor - ok
18:01:57.0804 4808  [ 0690CE515A295BD101415C7E411C43F3 ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
18:01:57.0806 4808  StillCam - ok
18:01:57.0859 4808  [ 3B3F5D6BB8A6A6F3630194A471989069 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
18:01:57.0879 4808  stisvc - ok
18:01:57.0892 4808  storahci - ok
18:01:57.0903 4808  storflt - ok
18:01:57.0914 4808  stornvme - ok
18:01:57.0964 4808  storqosflt - ok
18:01:57.0975 4808  StorSvc - ok
18:01:57.0992 4808  storufs - ok
18:01:57.0996 4808  storvsc - ok
18:01:58.0011 4808  svsvc - ok
18:01:58.0026 4808  swenum - ok
18:01:58.0030 4808  swprv - ok
18:01:58.0064 4808  Synth3dVsc - ok
18:01:58.0081 4808  SysMain - ok
18:01:58.0096 4808  SystemEventsBroker - ok
18:01:58.0123 4808  [ 73F6476EE9F5448838B2883E0B710CD7 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
18:01:58.0131 4808  TabletInputService - ok
18:01:58.0181 4808  [ AC1AA61B04116E540C5AFD18F11F2697 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
18:01:58.0191 4808  TapiSrv - ok
18:01:58.0194 4808  Tcpip - ok
18:01:58.0199 4808  Tcpip6 - ok
18:01:58.0220 4808  [ 74A1BF4093FA7B7D6C9366A39911A78E ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
18:01:58.0222 4808  tcpipreg - ok
18:01:58.0247 4808  tdx - ok
18:01:58.0396 4808  [ D013AC1FB414C99FEEFB4C2AC1B82DEF ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
18:01:58.0477 4808  TeamViewer - ok
18:01:58.0509 4808  [ B4B68E1DB59456419D9E49645729502A ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
18:01:58.0511 4808  terminpt - ok
18:01:58.0552 4808  [ 96037700AEE1B4D5A6FFC62861E4FF8C ] TermService     C:\WINDOWS\System32\termsrv.dll
18:01:58.0575 4808  TermService - ok
18:01:58.0591 4808  [ E0F78207F33D6C10CBFB23E873837C87 ] Themes          C:\WINDOWS\system32\themeservice.dll
18:01:58.0597 4808  Themes - ok
18:01:58.0632 4808  [ B52BA61AB8E4BAA83EA86BAB312EE6ED ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
18:01:58.0639 4808  TieringEngineService - ok
18:01:58.0679 4808  [ BC834B233125DBB321B809972F2E270E ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
18:01:58.0698 4808  tiledatamodelsvc - ok
18:01:58.0729 4808  TimeBrokerSvc - ok
18:01:58.0753 4808  TokenBroker - ok
18:01:58.0779 4808  TPM - ok
18:01:58.0834 4808  [ 1F9EE31770782886A3A3CF7C174765AF ] Tran_Process_Proc C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe
18:01:58.0835 4808  Tran_Process_Proc - ok
18:01:58.0876 4808  [ 39187852984778424A0EFD6B01FAB272 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
18:01:58.0882 4808  TrkWks - ok
18:01:58.0933 4808  TrustedInstaller - ok
18:01:58.0969 4808  [ 8D811209E34358EAD3FD8E40F657E59C ] tsusbflt        C:\WINDOWS\system32\drivers\TsUsbFlt.sys
18:01:58.0971 4808  tsusbflt - ok
18:01:59.0011 4808  [ 68DE1735FB020AE8948BD7B60F2EBD3B ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
18:01:59.0014 4808  TsUsbGD - ok
18:01:59.0076 4808  [ 5EAE7CDD32076AB06563FB1B5680B8E4 ] TTDrv           D:\KOPLAYER\vbox\TTDrv.sys
18:01:59.0183 4808  TTDrv - ok
18:01:59.0220 4808  [ ACD39B0E5CFDA7B1AB7DF33FC5CC0E46 ] tunnel          C:\WINDOWS\System32\drivers\tunnel.sys
18:01:59.0222 4808  tunnel - ok
18:01:59.0256 4808  [ D5E68FCEDE15214BDB5D986D5B50E0BF ] tzautoupdate    C:\WINDOWS\system32\tzautoupdate.dll
18:01:59.0263 4808  tzautoupdate - ok
18:01:59.0283 4808  UASPStor - ok
18:01:59.0308 4808  UcmCx0101 - ok
18:01:59.0336 4808  [ 950A3E42167904CAB9AA64863C31CEB5 ] UcmTcpciCx0101  C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
18:01:59.0338 4808  UcmTcpciCx0101 - ok
18:01:59.0358 4808  UcmUcsi - ok
18:01:59.0362 4808  Ucx01000 - ok
18:01:59.0366 4808  UdeCx - ok
18:01:59.0371 4808  udfs - ok
18:01:59.0376 4808  UEFI - ok
18:01:59.0409 4808  [ 58447F28E697A93521DD20530A8D50ED ] Ufx01000        C:\WINDOWS\system32\drivers\ufx01000.sys
18:01:59.0414 4808  Ufx01000 - ok
18:01:59.0429 4808  UfxChipidea - ok
18:01:59.0432 4808  ufxsynopsys - ok
18:01:59.0467 4808  [ B26729B378282F72241859C13326E3E8 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
18:01:59.0473 4808  UI0Detect - ok
18:01:59.0495 4808  umbus - ok
18:01:59.0524 4808  UmPass - ok
18:01:59.0564 4808  [ E6B6BDA0412D3C56275E662A5A1937FD ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
18:01:59.0574 4808  UmRdpService - ok
18:01:59.0608 4808  UnistoreSvc - ok
18:01:59.0609 4808  Suspicious service (Hidden): UnistoreSvc_140c9e
18:01:59.0653 4808  [ D2931E3F67A990328DE5CE7E43F4467C ] upnphost        C:\WINDOWS\System32\upnphost.dll
18:01:59.0662 4808  upnphost - ok
18:01:59.0693 4808  [ ACE4C3B4C7D17B154FFC5BBE5F7A9835 ] UrsChipidea     C:\WINDOWS\System32\drivers\urschipidea.sys
18:01:59.0695 4808  UrsChipidea - ok
18:01:59.0717 4808  UrsCx01000 - ok
18:01:59.0746 4808  [ EB738F830D3E7EA62A218F101EF91FD4 ] UrsSynopsys     C:\WINDOWS\System32\drivers\urssynopsys.sys
18:01:59.0748 4808  UrsSynopsys - ok
18:01:59.0765 4808  usbaudio - ok
18:01:59.0771 4808  usbccgp - ok
18:01:59.0804 4808  [ 1080D80B5F6D249F23BAE1C0C36233A4 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
18:01:59.0817 4808  usbcir - ok
18:01:59.0822 4808  usbehci - ok
18:01:59.0826 4808  usbhub - ok
18:01:59.0847 4808  USBHUB3 - ok
18:01:59.0851 4808  usbohci - ok
18:01:59.0886 4808  [ EEF26F9034F0608B93D4D239534BB0BA ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
18:01:59.0888 4808  usbprint - ok
18:01:59.0911 4808  usbrndis6 - ok
18:01:59.0924 4808  usbser - ok
18:01:59.0928 4808  USBSTOR - ok
18:01:59.0932 4808  usbuhci - ok
18:01:59.0967 4808  [ 68788AE61B2E6A7D97CAD73B632F5BF5 ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
18:01:59.0970 4808  usbvideo - ok
18:01:59.0985 4808  USBXHCI - ok
18:02:00.0008 4808  UserDataSvc - ok
18:02:00.0009 4808  Suspicious service (Hidden): UserDataSvc_140c9e
18:02:00.0013 4808  UserManager - ok
18:02:00.0075 4808  [ FCB8DD20046D231611EC4D3E466BAD45 ] uSHAREitSvc     C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe
18:02:00.0076 4808  uSHAREitSvc - ok
18:02:00.0093 4808  UsoSvc - ok
18:02:00.0097 4808  VaultSvc - ok
18:02:00.0103 4808  vdrvroot - ok
18:02:00.0116 4808  vds - ok
18:02:00.0127 4808  VerifierExt - ok
18:02:00.0145 4808  vhdmp - ok
18:02:00.0149 4808  vhf - ok
18:02:00.0154 4808  vmbus - ok
18:02:00.0167 4808  VMBusHID - ok
18:02:00.0172 4808  vmgid - ok
18:02:00.0188 4808  vmicguestinterface - ok
18:02:00.0191 4808  vmicheartbeat - ok
18:02:00.0195 4808  vmickvpexchange - ok
18:02:00.0217 4808  vmicrdv - ok
18:02:00.0222 4808  vmicshutdown - ok
18:02:00.0227 4808  vmictimesync - ok
18:02:00.0230 4808  vmicvmsession - ok
18:02:00.0235 4808  vmicvss - ok
18:02:00.0240 4808  vnvdimm - ok
18:02:00.0244 4808  volmgr - ok
18:02:00.0249 4808  volmgrx - ok
18:02:00.0265 4808  volsnap - ok
18:02:00.0269 4808  volume - ok
18:02:00.0274 4808  vpci - ok
18:02:00.0279 4808  vsmraid - ok
18:02:00.0283 4808  VSS - ok
18:02:00.0287 4808  VSTXRAID - ok
18:02:00.0318 4808  vwifibus - ok
18:02:00.0323 4808  vwififlt - ok
18:02:00.0339 4808  vwifimp - ok
18:02:00.0357 4808  W32Time - ok
18:02:00.0361 4808  WacomPen - ok
18:02:00.0398 4808  [ 451D40C28E7D1CF51A980B83FDEFF498 ] WalletService   C:\WINDOWS\system32\WalletService.dll
18:02:00.0408 4808  WalletService - ok
18:02:00.0432 4808  wanarp - ok
18:02:00.0436 4808  wanarpv6 - ok
18:02:00.0466 4808  [ E3B4C37F1F3D8078AA2AFBEE7F5468CF ] WarpJITSvc      C:\WINDOWS\System32\Windows.WARP.JITService.dll
18:02:00.0475 4808  WarpJITSvc - ok
18:02:00.0483 4808  wbengine - ok
18:02:00.0503 4808  WbioSrvc - ok
18:02:00.0519 4808  wcifs - ok
18:02:00.0525 4808  Wcmsvc - ok
18:02:00.0552 4808  wcncsvc - ok
18:02:00.0559 4808  wcnfs - ok
18:02:00.0619 4808  [ CD8A7398D8E0710CD3AA316A4427C56B ] WdBoot          C:\WINDOWS\system32\drivers\wd\WdBoot.sys
18:02:00.0631 4808  WdBoot - ok
18:02:00.0652 4808  [ A556768CC1FA4F36022BEE2F0EDE2566 ] WDC_SAM         C:\WINDOWS\System32\drivers\wdcsam64.sys
18:02:00.0751 4808  WDC_SAM - ok
18:02:00.0756 4808  Wdf01000 - ok
18:02:00.0800 4808  [ 58B452788C0051C6C6E62F188EFEE438 ] WdFilter        C:\WINDOWS\system32\drivers\wd\WdFilter.sys
18:02:00.0803 4808  WdFilter - ok
18:02:00.0836 4808  [ AB406F30BE98CDB7AA7171336EF031BA ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
18:02:00.0844 4808  WdiServiceHost - ok
18:02:00.0848 4808  [ AB406F30BE98CDB7AA7171336EF031BA ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
18:02:00.0855 4808  WdiSystemHost - ok
18:02:00.0879 4808  wdiwifi - ok
18:02:00.0886 4808  [ 65081A53DB730D2347AD66AF7187795A ] WdNisDrv        C:\WINDOWS\system32\drivers\wd\WdNisDrv.sys
18:02:00.0886 4808  WdNisDrv - ok
18:02:01.0039 4808  [ 71C846A2F98CFC9F2E426890523AC276 ] WdNisSvc        C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe
18:02:01.0088 4808  WdNisSvc - ok
18:02:01.0151 4808  [ DF58AA71FBA55E15F572C93447696DEC ] wdnsfltr        C:\WINDOWS\system32\drivers\wdnsfltr.sys
18:02:01.0160 4808  wdnsfltr - ok
18:02:01.0163 4808  WebClient - ok
18:02:01.0202 4808  [ 7997BC2386A9976C0645A28FA8A6E7EA ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
18:02:01.0209 4808  Wecsvc - ok
18:02:01.0235 4808  [ CEA146E0D096A491B265CD2340C2E31D ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
18:02:01.0250 4808  WEPHOSTSVC - ok
18:02:01.0269 4808  [ 40610BA98D5830FB14C3695B3BCA647A ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
18:02:01.0285 4808  wercplsupport - ok
18:02:01.0302 4808  WerSvc - ok
18:02:01.0342 4808  [ 86B816E9D24625287BDE9784953A5E86 ] WFDSConMgrSvc   C:\WINDOWS\System32\wfdsconmgrsvc.dll
18:02:01.0364 4808  WFDSConMgrSvc - ok
18:02:01.0371 4808  WFPLWFS - ok
18:02:01.0408 4808  [ F78A2731EC972312C4C998174A9BB325 ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
18:02:01.0415 4808  WiaRpc - ok
18:02:01.0449 4808  WIMMount - ok
18:02:01.0487 4808  [ DD752ECFDEC95581A00D62A8B00591EC ] WinDefend       C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe
18:02:01.0488 4808  WinDefend - ok
18:02:01.0531 4808  WindowsTrustedRT - ok
18:02:01.0559 4808  [ 813EE0F4D4B8D599DB1968682D080732 ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
18:02:01.0561 4808  WindowsTrustedRTProxy - ok
18:02:01.0593 4808  WinHttpAutoProxySvc - ok
18:02:01.0622 4808  [ BC67C1E4B36063968E54C3B2E4DB8978 ] WinisoCDBus     C:\WINDOWS\system32\drivers\WinisoCDBus.sys
18:02:01.0624 4808  WinisoCDBus - ok
18:02:01.0639 4808  WinMad - ok
18:02:01.0682 4808  Winmgmt - ok
18:02:01.0698 4808  WinNat - ok
18:02:01.0759 4808  [ C2A88E382CD48E4772A5570D66BF1A90 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
18:02:01.0837 4808  WinRM - ok
18:02:01.0883 4808  [ E92F3539C4758F6A9F4B80CBAC75B3E6 ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
18:02:01.0886 4808  WINUSB - ok
18:02:01.0889 4808  WinVerbs - ok
18:02:01.0901 4808  wisvc - ok
18:02:01.0935 4808  WlanSvc - ok
18:02:01.0958 4808  wlidsvc - ok
18:02:01.0995 4808  [ 56E1A46DD1C5D28B10F02E21D077EBF6 ] wlpasvc         C:\WINDOWS\System32\lpasvc.dll
18:02:02.0018 4808  wlpasvc - ok
18:02:02.0029 4808  WmiAcpi - ok
18:02:02.0068 4808  wmiApSrv - ok
18:02:02.0088 4808  WMPNetworkSvc - ok
18:02:02.0122 4808  [ 8D6E6F6C233AF450C50FA615530B44D2 ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
18:02:02.0126 4808  Wof - ok
18:02:02.0189 4808  [ 1431D184691F7FA9AAC2064EB0EC6C96 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
18:02:02.0234 4808  workfolderssvc - ok
18:02:02.0275 4808  [ AE9793230B219113DE1163138645E5AE ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
18:02:02.0283 4808  WPDBusEnum - ok
18:02:02.0319 4808  [ 9EAE1EF282864674355B4B81DF6AE935 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
18:02:02.0321 4808  WpdUpFltr - ok
18:02:02.0358 4808  [ C75B59E441206A572CC64BBB60EE54B3 ] WpnService      C:\WINDOWS\system32\WpnService.dll
18:02:02.0369 4808  WpnService - ok
18:02:02.0397 4808  [ 07F4AF1730D55567EACE7ADDEA28FE48 ] WpnUserService  C:\WINDOWS\System32\WpnUserService.dll
18:02:02.0405 4808  WpnUserService - ok
18:02:02.0407 4808  Suspicious service (Hidden): WpnUserService_140c9e
18:02:02.0417 4808  ws2ifsl - ok
18:02:02.0431 4808  wscsvc - ok
18:02:02.0467 4808  [ 7B44553610A89F2011CF69BEA9AFD4CB ] WSDPrintDevice  C:\WINDOWS\System32\drivers\WSDPrint.sys
18:02:02.0469 4808  WSDPrintDevice - ok
18:02:02.0501 4808  [ 8068DC839C3729FFC70821FBEF05D5ED ] WSDScan         C:\WINDOWS\system32\DRIVERS\WSDScan.sys
18:02:02.0503 4808  WSDScan - ok
18:02:02.0506 4808  WSearch - ok
18:02:02.0545 4808  wuauserv - ok
18:02:02.0585 4808  [ BD5E68B369DF3453A0A87663C6C5476D ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
18:02:02.0588 4808  WudfPf - ok
18:02:02.0626 4808  [ A86A249314FD0A780214028B0C31A386 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
18:02:02.0629 4808  WUDFRd - ok
18:02:02.0635 4808  [ A86A249314FD0A780214028B0C31A386 ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
18:02:02.0637 4808  WUDFWpdFs - ok
18:02:02.0642 4808  [ A86A249314FD0A780214028B0C31A386 ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
18:02:02.0646 4808  WUDFWpdMtp - ok
18:02:02.0659 4808  WwanSvc - ok
18:02:02.0682 4808  [ 42C738ED1552FE168F6EE1BAE8ACFCAC ] xbgm            C:\WINDOWS\system32\xbgmsvc.exe
18:02:02.0722 4808  xbgm - ok
18:02:02.0767 4808  [ A03C4D4D71304087820A0EF18FCF7582 ] XblAuthManager  C:\WINDOWS\System32\XblAuthManager.dll
18:02:02.0800 4808  XblAuthManager - ok
18:02:02.0853 4808  [ 77ADC2F5DBE303EF8B8D2D08AEE3F3DB ] XblGameSave     C:\WINDOWS\System32\XblGameSave.dll
18:02:02.0887 4808  XblGameSave - ok
18:02:02.0917 4808  [ 2244A4CEFE8F9C74091369ACE2E9EBC6 ] xboxgip         C:\WINDOWS\System32\drivers\xboxgip.sys
18:02:02.0921 4808  xboxgip - ok
18:02:02.0957 4808  [ 1A9550D746B8604D37A90436EF686777 ] XboxGipSvc      C:\WINDOWS\System32\XboxGipSvc.dll
18:02:02.0963 4808  XboxGipSvc - ok
18:02:03.0011 4808  [ 4951DD543AA2710760D90A58261ED665 ] XboxNetApiSvc   C:\WINDOWS\system32\XboxNetApiSvc.dll
18:02:03.0033 4808  XboxNetApiSvc - ok
18:02:03.0064 4808  [ 4A91B49C6B1E41151D47CB919ADF013A ] xinputhid       C:\WINDOWS\System32\drivers\xinputhid.sys
18:02:03.0066 4808  xinputhid - ok
18:02:03.0069 4808  ================ Scan global ===============================
18:02:03.0181 4808  [Global] - ok
18:02:03.0181 4808  ================ Scan MBR ==================================
18:02:03.0190 4808  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
18:02:03.0198 4808  \Device\Harddisk0\DR0 - ok
18:02:03.0199 4808  ================ Scan VBR ==================================
18:02:03.0212 4808  [ 0F8B600347611D0EB00F93BF519B8534 ] \Device\Harddisk0\DR0\Partition1
18:02:03.0213 4808  \Device\Harddisk0\DR0\Partition1 - ok
18:02:03.0222 4808  [ 494C8CC71311C136DFDA0E9135EF2DC7 ] \Device\Harddisk0\DR0\Partition2
18:02:03.0222 4808  \Device\Harddisk0\DR0\Partition2 - ok
18:02:03.0233 4808  [ 1DE551B005C1F09A5450AAD94534BA78 ] \Device\Harddisk0\DR0\Partition3
18:02:03.0234 4808  \Device\Harddisk0\DR0\Partition3 - ok
18:02:03.0253 4808  [ 036731A291B2C571EB1E1D36D22EC1E7 ] \Device\Harddisk0\DR0\Partition4
18:02:03.0255 4808  \Device\Harddisk0\DR0\Partition4 - ok
18:02:03.0266 4808  [ BB3978CB3B8D3678786285A8AAE36CF9 ] \Device\Harddisk0\DR0\Partition5
18:02:03.0267 4808  \Device\Harddisk0\DR0\Partition5 - ok
18:02:03.0267 4808  ============================================================
18:02:03.0267 4808  Scan finished
18:02:03.0267 4808  ============================================================
18:02:03.0277 5556  Detected object count: 0
18:02:03.0277 5556  Actual detected object count: 0
18:02:26.0329 1760  Deinitialize success

Attached Files



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:42 AM

Posted 27 July 2018 - 06:51 AM

Hi,

TDSKiller did the clean up.

To reset the registry it may have take a few restart but it worked.

Use the computer for a new days. If the problem returns please let me know.

The BSOd was possibly caused by a program written in "C"
https://stackoverflow.com/questions/14711633/my-c-sharp-application-is-returning-0xe0434352-to-windows-task-scheduler-but-it

I will leave this topic open for 7 days.

#11 ranncloud45

ranncloud45
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 PM

Posted 27 July 2018 - 07:10 AM

Thank you so much for the help. Yes I will see to it and if it ever comes up again I will let you know. Thumbs up 😊😊👍👍

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:42 AM

Posted 02 August 2018 - 07:39 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users