PC Infection

borninthenorth · August 9, 2018

My system: Windows 10
My AV protection: Windows Defender + Malwarebytes

Hi! Yesterday I made a big error by downloading software from an unauthorized source (lesson learned). The software turned out to be a big package of trojans, adware and PUPs. The moment after the installation had been completed, Windows Defender notified me about a number of trojans it had quarantined. I turned off my WiFi antena the very same moment to block any traffic from my computer and run a deepest possible scan in Malwarebytes. After 14 hours of scanning, Malwarebytes has found 49 threats, some of which were found by machine learning and others were branded as "generic" trojans (that has worried me, because I assumed it means the package involved some threats not in the Malwarebytes database). Among the threats there was a rootkit, some bitcoin miners, keyloggers and some other stuff (some of the names I have identified: efa24d8.msi, ferrrr.exe, CRMsvc.exe, exe.xoferif.bat, the Runtime Broker process behaved weird). After I removed the threats identified by Malwarebytes, none of my browsers worked properly. Edge has been crushing just after the launch and Chrome could not connect to the web. As a result, I decided to use the built-in Windows recovery to reset the system WITH keeping my files. After the reset the system seems to be fine, nevertheless I want to run all the steps you have listed in the thread I attach. Afterwards, I plan to backup my most important files, format the entire disk and change all the passwords. Is my approach to the problem correct? I attach the Farbar Recovery Scan Tool report of the search I have conducted AFTER the reset.

Kind Regards

:

FRST.txt

Addition.txt

Edited August 9, 2018 by borninthenorth
additional information added

nasdaq · August 9, 2018

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10 - Immediately.
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Nothing is active in your logs. This is just to clean your dead entries.

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

fixlist.txt

borninthenorth · August 9, 2018

Hi nasdaq! Thank you for your awesome work here! I attached the fixlog you asked for.

Fixlog.txt

nasdaq · August 9, 2018

Hi,

Open Exlplorer and if found delete these .lnk file in bold.
The .bat files have already been deleted.

Shortcut: C:\Users\MJ Wysocki\Desktop\Tor Browser\St?rt ??r ?r?wser.lnk -> C:\Users\MJ Wysocki\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <==== Cyrillic
Shortcut: C:\Users\MJ Wysocki\Desktop\PHOTOS\St?rt ?or Brows?r.lnk -> C:\Users\MJ Wysocki\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <==== Cyrillic
Shortcut: C:\Users\MJ Wysocki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\St?rt Tor Br?ws?r.lnk -> C:\Users\MJ Wysocki\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <==== Cyrillic
Shortcut: C:\Users\MJ Wysocki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t E?plorer.lnk -> C:\Users\MJ Wysocki\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <==== Cyrillic
Shortcut: C:\Users\MJ Wysocki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G?ogle ?hrom?.lnk -> C:\Users\MJ Wysocki\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gle ?hrom?.lnk -> C:\Users\MJ Wysocki\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic

How is the computer running now?

borninthenorth · August 9, 2018

I have localised and deleted all the .lnk files except the last one. The computer seems fully functional, no suspicious start-up programmes appear in msconfig. Would you suggest a boot sectors scan and do you believe that a full-fledged format would be beneficial?

nasdaq · August 9, 2018

Hi,

If nothing is found on these scan you should not have to format and reinstall everything.

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS

Download TDSSKiller and save it to your Desktop.
Doubleclick on TDSSKiller.exe to run the application.
Then click on Start Scan.
If a suspicious file is detected, the default action will be Skip, click on Continue.
If an infected file is detected, the default action will be Cure, click on Continue.
Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.

Click the "Scan" button to start scan.
Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
Please paste the contents of that log in your next reply.

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

borninthenorth · August 9, 2018

The asw.MBR.exe causes a blue screen in the middle of the scan or when I click ''yes'' in the box asking me to use virtualization. I have repeated the scan 4 times, every time the result was the same. It is interesting that the TDSSKiller found a suspicious file only after 2 scans without threats. The report can be found below:

TDSSKiller:

22:17:36.0841 1344 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:17:36.0951 1344 UEFI system
22:17:38.0982 1344 ============================================================
22:17:38.0982 1344 Current date / time: 2018/08/09 22:17:38.0982
22:17:38.0982 1344 SystemInfo:
22:17:38.0982 1344
22:17:38.0982 1344 OS Version: 6.2.9200 ServicePack: 0.0
22:17:38.0982 1344 Product type: Workstation
22:17:38.0982 1344 ComputerName: DESKTOP-CICIGF2
22:17:38.0982 1344 UserName: MJ Wysocki
22:17:38.0982 1344 Windows directory: C:\WINDOWS
22:17:38.0982 1344 System windows directory: C:\WINDOWS
22:17:38.0982 1344 Running under WOW64
22:17:38.0982 1344 Processor architecture: Intel x64
22:17:38.0982 1344 Number of processors: 4
22:17:38.0982 1344 Page size: 0x1000
22:17:38.0982 1344 Boot type: Normal boot
22:17:38.0982 1344 ============================================================
22:17:48.0626 1344 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:17:48.0688 1344 ============================================================
22:17:48.0688 1344 \Device\Harddisk0\DR0:
22:17:48.0735 1344 GPT partitions:
22:17:48.0829 1344 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {D6B1EBDF-CF07-11E3-930A-0C54A5F57A0B}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x200000
22:17:48.0829 1344 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {D6B1EBE7-CF07-11E3-930A-0C54A5F57A0B}, Name: Basic data partition, StartLBA 0x200800, BlocksNum 0x32000
22:17:48.0829 1344 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {D6B1EBE9-CF07-11E3-930A-0C54A5F57A0B}, Name: Basic data partition, StartLBA 0x232800, BlocksNum 0x40000
22:17:48.0829 1344 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {D6B1EBF1-CF07-11E3-930A-0C54A5F57A0B}, Name: Basic data partition, StartLBA 0x272800, BlocksNum 0x55D0105F
22:17:48.0829 1344 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {A4C10BAA-5410-4989-B1B7-843A2B6BB2CE}, Name: , StartLBA 0x55F74000, BlocksNum 0x1DB800
22:17:48.0829 1344 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {7B3CCC94-E49A-11E3-A802-60029207CFCE}, Name: Basic data partition, StartLBA 0x5614F800, BlocksNum 0x13F6D6A
22:17:48.0829 1344 MBR partitions:
22:17:48.0829 1344 ============================================================
22:17:49.0063 1344 C: <-> \Device\Harddisk0\DR0\Partition4
22:17:49.0063 1344 ============================================================
22:17:49.0063 1344 Initialize success
22:17:49.0063 1344 ============================================================
22:17:53.0672 5588 ============================================================
22:17:53.0672 5588 Scan started
22:17:53.0672 5588 Mode: Manual;
22:17:53.0672 5588 ============================================================
22:18:02.0109 5588 ================ Scan system memory ========================
22:18:02.0109 5588 System memory - ok
22:18:02.0109 5588 ================ Scan services =============================
22:18:10.0093 5588 [ 4B45A2D37CCE3CC0F161B7C7286081A6 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
22:18:10.0390 5588 1394ohci - ok
22:18:10.0531 5588 [ F5E5BA493B7C497F1F769942E2EA4CE2 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
22:18:10.0546 5588 3ware - ok
22:18:10.0765 5588 55208851 - ok
22:18:11.0202 5588 [ CA51BB1B81F97E896E116C839B92D9D8 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
22:18:11.0218 5588 ACPI - ok
22:18:11.0390 5588 [ 75795E4B19BB3ED8D3C25A17CD15DC30 ] AcpiDev C:\WINDOWS\System32\drivers\AcpiDev.sys
22:18:11.0390 5588 AcpiDev - ok
22:18:11.0515 5588 [ DDA0FC1400A24988A7D3E746AEDF2C0F ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
22:18:11.0531 5588 acpiex - ok
22:18:11.0749 5588 [ 1F2EC25DA23D1DF3ADA12FE5A26D321C ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
22:18:11.0999 5588 acpipagr - ok
22:18:12.0312 5588 [ 6AFFD57803BBB6FBCB483F983900A5C4 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
22:18:12.0312 5588 AcpiPmi - ok
22:18:12.0374 5588 [ 0FC8673FAFC7D78C1CDC000F892CAC64 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
22:18:12.0390 5588 acpitime - ok
22:18:13.0249 5588 [ A3D4CF2F3A433BE18CD4AD3E6665DC63 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
22:18:13.0296 5588 ADP80XX - ok
22:18:13.0562 5588 [ 4DCCC3E02A22ED4A4ADB11386F226071 ] AFD C:\WINDOWS\system32\drivers\afd.sys
22:18:13.0765 5588 AFD - ok
22:18:13.0905 5588 [ F267095A11A461BEF39FB180750BE801 ] afunix C:\WINDOWS\system32\drivers\afunix.sys
22:18:13.0937 5588 afunix - ok
22:18:14.0124 5588 [ 0CD0F0C62414217DE9EA7EC8D425277E ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
22:18:14.0140 5588 ahcache - ok
22:18:14.0437 5588 [ 2BF4DA8EC5F1A0D88D2DDE1E6821076B ] AJRouter C:\WINDOWS\System32\AJRouter.dll
22:18:14.0437 5588 AJRouter - ok
22:18:14.0749 5588 [ 9E9D78D1C179EB2E3E2282A1DC409D93 ] ALG C:\WINDOWS\System32\alg.exe
22:18:14.0890 5588 ALG - ok
22:18:15.0233 5588 [ 6DF48AD26E6285FB137F11328B64A376 ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
22:18:15.0249 5588 AmdK8 - ok
22:18:15.0421 5588 [ D8804032BCDE4077A6D8D431D12AC6CC ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
22:18:15.0421 5588 AmdPPM - ok
22:18:15.0687 5588 [ A88F5E24B65228FB25F2051B3408A0E4 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
22:18:15.0687 5588 amdsata - ok
22:18:15.0968 5588 [ AECD39E51DABC2BF045B2857F02FA2BD ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
22:18:16.0030 5588 amdsbs - ok
22:18:16.0202 5588 [ B4CC9943230CAEB05B46CC30C220E141 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
22:18:16.0218 5588 amdxata - ok
22:18:16.0686 5588 [ 5211D575D59DC466697A7B3C7DAE3FDC ] AmPeStor C:\WINDOWS\system32\drivers\AmPeStor.sys
22:18:16.0686 5588 AmPeStor - ok
22:18:16.0874 5588 [ E4A18157BF5D8D714C05169A8A8D604C ] AppID C:\WINDOWS\system32\drivers\appid.sys
22:18:16.0890 5588 AppID - ok
22:18:17.0046 5588 [ F1A04835C7FA75C8215961C1095D5EBF ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
22:18:17.0046 5588 AppIDSvc - ok
22:18:17.0249 5588 [ 48EA4B4CCC920D130529A1EF85388B6A ] Appinfo C:\WINDOWS\System32\appinfo.dll
22:18:17.0249 5588 Appinfo - ok
22:18:17.0546 5588 [ 78FCF35BD83BECEE5E6B2182D7558AC4 ] applebmt C:\WINDOWS\System32\drivers\applebmt.sys
22:18:17.0593 5588 applebmt - ok
22:18:18.0296 5588 [ 769316CA5884FBBD02D45C28FE105922 ] applockerfltr C:\WINDOWS\system32\drivers\applockerfltr.sys
22:18:18.0296 5588 applockerfltr - ok
22:18:19.0296 5588 [ 636575088044E7271088BB8CFA382B45 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
22:18:19.0655 5588 AppReadiness - ok
22:18:22.0639 5588 [ 44F886F2595D02C41DE59C16F3B75E4D ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
22:18:23.0295 5588 AppXSvc - ok
22:18:23.0530 5588 [ 013E057DF3D13A4462AD912D7732E7E0 ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
22:18:23.0592 5588 arcsas - ok
22:18:23.0811 5588 [ B25ACCD9BE5F5798E9DD8FFB04D7BE4C ] AsyncMac C:\WINDOWS\System32\drivers\asyncmac.sys
22:18:23.0811 5588 AsyncMac - ok
22:18:24.0045 5588 [ 90AB4ED8EBD72A1C096A40CC35404B91 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
22:18:24.0248 5588 atapi - ok
22:18:25.0358 5588 [ 49C40F52EB06F9E9C8A14436F97AAEB8 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
22:18:25.0561 5588 AudioEndpointBuilder - ok
22:18:26.0467 5588 [ 50DE2E82D65B6006360660D085E80B8B ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
22:18:26.0529 5588 Audiosrv - ok
22:18:26.0890 5588 [ D7BFD86F7A9ABE39351199869D093110 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
22:18:26.0890 5588 AxInstSV - ok
22:18:27.0296 5588 [ F10E4C9444A9FC6DCBAB2C42F6999FA1 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
22:18:27.0468 5588 b06bdrv - ok
22:18:27.0765 5588 [ 982FAA5686F67BFEF3E6094705C2621F ] bam C:\WINDOWS\system32\drivers\bam.sys
22:18:27.0765 5588 bam - ok
22:18:28.0046 5588 [ FA4973E379E872C61D0CF4E39F807833 ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
22:18:28.0327 5588 BasicDisplay - ok
22:18:28.0905 5588 [ F024B80EA0076A318598DAB795F9C3D0 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
22:18:28.0905 5588 BasicRender - ok
22:18:30.0671 5588 [ 9C56ECDD63D4427B93E886947D2ADB38 ] BcastDVRUserService C:\WINDOWS\System32\BcastDVRUserService.dll
22:18:30.0843 5588 BcastDVRUserService - ok
22:18:31.0155 5588 [ 739D089777D2B66DBE7201E5EA4BA2D7 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
22:18:31.0296 5588 bcmfn2 - ok
22:18:31.0562 5588 [ 255D1EA1F4EDA1B7B28A88581F12A1CE ] BDESVC C:\WINDOWS\System32\bdesvc.dll
22:18:31.0671 5588 BDESVC - ok
22:18:31.0827 5588 [ 9B068DF7B7B3DDF768D06DFD69B49FD0 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:18:31.0827 5588 Beep - ok
22:18:32.0218 5588 [ 0B9B6D7A2F31FBD63301D19B1B08238E ] BFE C:\WINDOWS\System32\bfe.dll
22:18:32.0296 5588 BFE - ok
22:18:32.0390 5588 [ BC1E5F20251E0AFDB955E7D91093B619 ] bindflt C:\WINDOWS\system32\drivers\bindflt.sys
22:18:32.0405 5588 bindflt - ok
22:18:32.0811 5588 [ 97F4C0B9741E06BAC6AD2D93ABCEAED8 ] BITS C:\WINDOWS\System32\qmgr.dll
22:18:33.0046 5588 BITS - ok
22:18:33.0624 5588 [ 30D75769E23CCFBE13DB41FC54243BB1 ] BluetoothUserService C:\WINDOWS\System32\Microsoft.Bluetooth.UserService.dll
22:18:33.0905 5588 BluetoothUserService - ok
22:18:34.0343 5588 [ 00C33AC3096BB64BACD5554A55025F8F ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
22:18:34.0546 5588 bowser - ok
22:18:35.0311 5588 [ 0E1A0E81EF4B33FFDE8EDA46EE38F0D4 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
22:18:35.0343 5588 BrokerInfrastructure - ok
22:18:35.0702 5588 [ 3E4BF0145201239E0BBD0A937431C14C ] Browser C:\WINDOWS\System32\browser.dll
22:18:35.0764 5588 Browser - ok
22:18:36.0061 5588 [ 85F5808D19879E1803E46405090F29C8 ] BTAGService C:\WINDOWS\System32\BTAGService.dll
22:18:36.0092 5588 BTAGService - ok
22:18:36.0655 5588 [ 063E91CD2CB1C372459FD6FBC02509E7 ] BthAvctpSvc C:\WINDOWS\System32\BthAvctpSvc.dll
22:18:36.0702 5588 BthAvctpSvc - ok
22:18:37.0258 5588 [ E0121734C2492406034FA23E3D394EBD ] BthEnum C:\WINDOWS\System32\drivers\BthEnum.sys
22:18:37.0274 5588 BthEnum - ok
22:18:37.0602 5588 [ 02FEC31842DD153D966AC227B6DDF8BB ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
22:18:38.0211 5588 BthHFEnum - ok
22:18:38.0822 5588 [ 8EE632BFE4BABD4E7A299AF54476F9A5 ] BthLEEnum C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
22:18:38.0822 5588 BthLEEnum - ok
22:18:39.0087 5588 [ A0EC1D5C937995A2C5F1179538A8A6B4 ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
22:18:39.0087 5588 BTHMODEM - ok
22:18:39.0228 5588 [ B10E0CC936462BBA7BC659C0927617A0 ] BthPan C:\WINDOWS\System32\drivers\bthpan.sys
22:18:39.0244 5588 BthPan - ok
22:18:39.0572 5588 [ CEC858AC998DE405F079FEFD55924394 ] BTHPORT C:\WINDOWS\system32\DRIVERS\BTHport.sys
22:18:40.0228 5588 BTHPORT - ok
22:18:40.0462 5588 [ 1EB49C9E2716D4924460B2FAA295E313 ] bthserv C:\WINDOWS\system32\bthserv.dll
22:18:40.0478 5588 bthserv - ok
22:18:40.0619 5588 [ 0D5ECDF2601312025811F6AC413F851A ] BTHUSB C:\WINDOWS\system32\DRIVERS\BTHUSB.sys
22:18:40.0619 5588 BTHUSB - ok
22:18:40.0884 5588 [ E3786BEBB7E4003DE324A18069DDA081 ] bttflt C:\WINDOWS\system32\drivers\bttflt.sys
22:18:40.0900 5588 bttflt - ok
22:18:41.0009 5588 [ 03C13BB635635B9152DBF49AA07B728C ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
22:18:41.0025 5588 buttonconverter - ok
22:18:41.0119 5588 [ 9983FF8D9834F2E67787F4BDC42A8E36 ] CAD C:\WINDOWS\System32\drivers\CAD.sys
22:18:41.0119 5588 CAD - ok
22:18:41.0275 5588 [ B405F59CF690653105600F85C9B576B9 ] camsvc C:\WINDOWS\system32\CapabilityAccessManager.dll
22:18:41.0290 5588 camsvc - ok
22:18:41.0618 5588 [ 407B33DE151A3DFCF564AC4270E44B1D ] CapImg C:\WINDOWS\System32\drivers\capimg.sys
22:18:41.0618 5588 CapImg - ok
22:18:41.0665 5588 [ D3CBC6DE5955D014407C7BD1FFE80F00 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
22:18:41.0665 5588 cdfs - ok
22:18:41.0884 5588 [ 0942C87ED45B1E227032AD154105F79B ] CDPSvc C:\WINDOWS\System32\CDPSvc.dll
22:18:41.0900 5588 CDPSvc - ok
22:18:42.0087 5588 [ 9FBF5849A6F51E3B3F8AF2A4171648DA ] CDPUserSvc C:\WINDOWS\System32\CDPUserSvc.dll
22:18:42.0087 5588 CDPUserSvc - ok
22:18:42.0322 5588 [ 6834DBBA2A1DBA5B9B6360D0B9A3CBB5 ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
22:18:42.0353 5588 cdrom - ok
22:18:42.0525 5588 [ 620E4F2FDD04FFB70702676423F1C2AC ] CertPropSvc C:\WINDOWS\System32\certprop.dll
22:18:42.0525 5588 CertPropSvc - ok
22:18:42.0775 5588 [ 4A08B239F92B319AD31E3916D27AD4B9 ] cht4iscsi C:\WINDOWS\system32\drivers\cht4sx64.sys
22:18:42.0806 5588 cht4iscsi - ok
22:18:43.0212 5588 [ C8EA9376E4D284F9DF24B27AC6E3AB85 ] cht4vbd C:\WINDOWS\System32\drivers\cht4vx64.sys
22:18:43.0306 5588 cht4vbd - ok
22:18:43.0525 5588 [ 3AA86DA04A561E8162C2DBBF92D12074 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
22:18:43.0525 5588 circlass - ok
22:18:43.0806 5588 [ 5619FC2A3AE4F43D4B20D95472ED948E ] CldFlt C:\WINDOWS\system32\drivers\cldflt.sys
22:18:43.0806 5588 CldFlt - ok
22:18:43.0993 5588 [ DB26170CF6555B9AFF76CFA067ABCF90 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
22:18:43.0993 5588 CLFS - ok
22:18:44.0228 5588 [ 5BD85187D6A6A37D2A4563F33D7A76E4 ] ClipSVC C:\WINDOWS\System32\ClipSVC.dll
22:18:44.0446 5588 ClipSVC - ok
22:18:44.0775 5588 [ 66CBF6F8FE6F436B315D7FEAF5D2BB40 ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
22:18:44.0775 5588 CmBatt - ok
22:18:44.0946 5588 [ 4C4CE8285744371BEBAA0EE5F23585F7 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
22:18:45.0009 5588 CNG - ok
22:18:45.0134 5588 [ 037DCC7A71938729CB12E8174E03031C ] cnghwassist C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
22:18:45.0134 5588 cnghwassist - ok
22:18:48.0165 5588 [ E40C99A3E0FFF49687F2187BF3E3050D ] CompositeBus C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_bcb89b3386563bd7\CompositeBus.sys
22:18:48.0227 5588 CompositeBus - ok
22:18:48.0243 5588 COMSysApp - ok
22:18:48.0556 5588 [ 3799A9DFB162D9AAD6AC12CB8185FD19 ] condrv C:\WINDOWS\system32\drivers\condrv.sys
22:18:48.0587 5588 condrv - ok
22:18:48.0727 5588 [ AC89EC75D4E59CFF2E8BAFD70C6154AF ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
22:18:48.0759 5588 CoreMessagingRegistrar - ok
22:18:50.0274 5588 [ 485321069B39D7C2139C2CA1E17177A9 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
22:18:50.0290 5588 cphs - ok
22:18:50.0352 5588 [ 6C6073B45D65887A6035F1A8D073274A ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
22:18:50.0352 5588 CryptSvc - ok
22:18:50.0430 5588 [ 8711386E9B04357F8F58166760759F3A ] dam C:\WINDOWS\system32\drivers\dam.sys
22:18:50.0430 5588 dam - ok
22:18:50.0618 5588 [ 107661923943E9DC06ED2713AC5F7753 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:18:50.0868 5588 DcomLaunch - ok
22:18:51.0040 5588 [ 7ECF8E55CAF04A8F7F7498C55A6EDAC5 ] defragsvc C:\WINDOWS\System32\defragsvc.dll
22:18:51.0040 5588 defragsvc - ok
22:18:51.0212 5588 [ 8DF502E8116C625387DD789936D7A0C2 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
22:18:51.0227 5588 DeviceAssociationService - ok
22:18:51.0399 5588 [ DBD6E8A5C358AAA3B4900EFD5CF94CC8 ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
22:18:51.0399 5588 DeviceInstall - ok
22:18:51.0602 5588 [ 38D6ED38A46F815C24C5656E8A5AB083 ] DevicePickerUserSvc C:\WINDOWS\System32\Windows.Devices.Picker.dll
22:18:51.0633 5588 DevicePickerUserSvc - ok
22:18:51.0930 5588 [ 372BD821867225F32DE87A6B3FEC8A2E ] DevicesFlowUserSvc C:\WINDOWS\System32\DevicesFlowBroker.dll
22:18:51.0962 5588 DevicesFlowUserSvc - ok
22:18:52.0040 5588 [ C48C4D6B8D9C53F0399DEDA402A6FAE5 ] DevQueryBroker C:\WINDOWS\system32\DevQueryBroker.dll
22:18:52.0055 5588 DevQueryBroker - ok
22:18:52.0149 5588 [ 8A1C10410FDA4287A76EC5A64371E221 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
22:18:52.0368 5588 Dfsc - ok
22:18:52.0508 5588 [ 85137571AEC8AC757D497B9DD30D544D ] dg_ssudbus C:\WINDOWS\System32\drivers\ssudbus.sys
22:18:52.0508 5588 dg_ssudbus - ok
22:18:52.0712 5588 [ 51D1F76C6EC94B0773D276C91B06A781 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
22:18:52.0727 5588 Dhcp - ok
22:18:52.0930 5588 [ FF05980EEE93D2B4AB1284BF21D7F12B ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
22:18:52.0930 5588 diagnosticshub.standardcollector.service - ok
22:18:53.0040 5588 [ 6EC6BB6EF31C85FD72D14BE4A1BD1B03 ] diagsvc C:\WINDOWS\system32\DiagSvc.dll
22:18:53.0040 5588 diagsvc - ok
22:18:53.0805 5588 [ E74FCFD1499A4F816A99D35E297CCE63 ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
22:18:53.0883 5588 DiagTrack - ok
22:18:53.0993 5588 [ A79FCB89805FA9EA9F48B671A4591D4E ] Disk C:\WINDOWS\system32\drivers\disk.sys
22:18:54.0008 5588 Disk - ok
22:18:54.0258 5588 [ EAA267FAABDBE6194985DC6A0AC96664 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
22:18:54.0321 5588 DmEnrollmentSvc - ok
22:18:54.0539 5588 [ F69D7A5D7EDEE16B85F08040836FB09C ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
22:18:54.0618 5588 dmvsc - ok
22:18:54.0727 5588 [ 8B3601E34BD1D693598F968D70361C37 ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
22:18:54.0727 5588 dmwappushservice - ok
22:18:54.0915 5588 [ E65844BC31FE3687A745C2E48C845CBC ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:18:54.0946 5588 Dnscache - ok
22:18:55.0180 5588 [ C79E79CD4DE45EC0EC0ECB5C76D6CB11 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
22:18:55.0180 5588 dot3svc - ok
22:18:55.0258 5588 [ 27069CFFF29B7F04F4B1BB10154BE52B ] dot4 C:\WINDOWS\System32\drivers\Dot4.sys
22:18:55.0274 5588 dot4 - ok
22:18:55.0289 5588 [ B7D595F2F464F7B628AD53F06547792C ] dot4usb C:\WINDOWS\System32\drivers\dot4usb.sys
22:18:55.0289 5588 dot4usb - ok
22:18:55.0383 5588 [ 5B1EF28DE7302A6BD5DF8459E2C598EF ] DPS C:\WINDOWS\system32\dps.dll
22:18:55.0383 5588 DPS - ok
22:18:55.0555 5588 [ AD1BEFBF96C0273925EDC9282557D984 ] drmkaud C:\WINDOWS\System32\drivers\drmkaud.sys
22:18:55.0555 5588 drmkaud - ok
22:18:55.0743 5588 [ E7D1636EEA6F9A941573CA426F214054 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
22:18:55.0743 5588 DsmSvc - ok
22:18:55.0899 5588 [ 4323DDFF8CB51FD74B241810CFA6CDBB ] DsSvc C:\WINDOWS\System32\DsSvc.dll
22:18:56.0102 5588 DsSvc - ok
22:18:56.0164 5588 [ 496C3C6BC3D930D0960C9E75AA30F4A7 ] dtlitescsibus C:\WINDOWS\System32\drivers\dtlitescsibus.sys
22:18:56.0164 5588 dtlitescsibus - ok
22:18:56.0289 5588 [ 974BC06C0EC847EA4DC8D9002D394FEB ] DusmSvc C:\WINDOWS\System32\dusmsvc.dll
22:18:56.0289 5588 DusmSvc - ok
22:18:56.0774 5588 [ 8FF323926AAF82B04CCE7DD4FAA17990 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
22:18:57.0024 5588 DXGKrnl - ok
22:18:57.0367 5588 [ 7E9A1608894297B133AF5EE18E404208 ] Eaphost C:\WINDOWS\System32\eapsvc.dll
22:18:57.0383 5588 Eaphost - ok
22:18:58.0055 5588 [ 75CA88887850A74DDAAAF92500B6D9B9 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
22:18:58.0164 5588 ebdrv - ok
22:18:58.0352 5588 [ 317340CD278A374BCEF6A30194557227 ] EFS C:\WINDOWS\System32\lsass.exe
22:18:58.0352 5588 EFS - ok
22:18:58.0492 5588 [ 7E838D857FC55535710C316441459C38 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
22:18:58.0524 5588 EhStorClass - ok
22:18:58.0586 5588 [ 49023DD6F646B8C70AE1C105415F3E2B ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
22:18:58.0603 5588 EhStorTcgDrv - ok
22:18:58.0728 5588 [ 80D5BD4804C587B21A121566549A63FB ] embeddedmode C:\WINDOWS\System32\embeddedmodesvc.dll
22:18:58.0728 5588 embeddedmode - ok
22:18:58.0962 5588 [ 8BDB4EB138A93B9C4242D5ADC068899A ] EntAppSvc C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
22:18:58.0978 5588 EntAppSvc - ok
22:18:59.0056 5588 [ 1DF19D7A941CB06F8EADF89FA0BF59AD ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
22:18:59.0072 5588 ErrDev - ok
22:18:59.0275 5588 [ 9B538A1E44E1D61FA80E80EA75A085FA ] EventSystem C:\WINDOWS\system32\es.dll
22:18:59.0275 5588 EventSystem - ok
22:18:59.0337 5588 [ B2858C386B99A68C3E3F0DFAB935C232 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
22:18:59.0353 5588 exfat - ok
22:18:59.0478 5588 [ CE38CED74D85849BB2C9894DCA712615 ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
22:18:59.0478 5588 fastfat - ok
22:18:59.0634 5588 [ BBD6407DA3DA4FC718710587E253C7BF ] Fax C:\WINDOWS\system32\fxssvc.exe
22:18:59.0650 5588 Fax - ok
22:18:59.0759 5588 [ 6701B9973DE98578A491721B4BDE0926 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
22:18:59.0759 5588 fdc - ok
22:18:59.0869 5588 [ A2037943CCC079307A383C5543607CEF ] fdPHost C:\WINDOWS\system32\fdPHost.dll
22:18:59.0869 5588 fdPHost - ok
22:18:59.0931 5588 [ C11A1A9CF331B7AA2F04974EE262EC07 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
22:18:59.0931 5588 FDResPub - ok
22:19:00.0025 5588 [ 71CECDA2DCF81E0AD8C30440C77966E2 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
22:19:00.0040 5588 fhsvc - ok
22:19:00.0181 5588 [ 9BC7FE262AF52B341048234809AA7D91 ] FileCrypt C:\WINDOWS\system32\drivers\filecrypt.sys
22:19:00.0181 5588 FileCrypt - ok
22:19:00.0259 5588 [ A0AF205465482EE0FC6261782629566B ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
22:19:00.0275 5588 FileInfo - ok
22:19:00.0322 5588 [ 01D83D284E6B37902DB3C4D4DB0649E0 ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
22:19:00.0322 5588 Filetrace - ok
22:19:00.0384 5588 [ CE9CB1DB00B5007ABFFF0717E748E919 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
22:19:00.0384 5588 flpydisk - ok
22:19:00.0540 5588 [ C5374BA2CAE89DE7269EC61A969EF5D5 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
22:19:00.0540 5588 FltMgr - ok
22:19:00.0915 5588 [ 8F528FD267C55ABE2A156C5F6EA6B867 ] FontCache C:\WINDOWS\system32\FntCache.dll
22:19:00.0978 5588 FontCache - ok
22:19:01.0415 5588 [ CE9456F925ADA70ED5A4158F103F9A26 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:19:01.0415 5588 FontCache3.0.0.0 - ok
22:19:01.0634 5588 [ B6BC6E6731FB1E02F0B3C73A87E1C35E ] FrameServer C:\WINDOWS\system32\FrameServer.dll
22:19:01.0650 5588 FrameServer - ok
22:19:01.0790 5588 [ 835F9C7193B6F9A796DE76897DC56968 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
22:19:01.0822 5588 FsDepends - ok
22:19:01.0869 5588 [ A01BA0506E07F316483E99D7AD9B6E75 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:19:01.0884 5588 Fs_Rec - ok
22:19:01.0962 5588 [ F00AA662A862BA1B5B0BB9FBDFAE2DFC ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
22:19:01.0994 5588 fvevol - ok
22:19:02.0212 5588 [ 71DBED7FB264DB60341BC796EC2E8135 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
22:19:02.0212 5588 gencounter - ok
22:19:02.0587 5588 [ EA5EE5EF9765A9157B346DF671952F18 ] genericusbfn C:\WINDOWS\System32\drivers\genericusbfn.sys
22:19:02.0587 5588 genericusbfn - ok
22:19:02.0993 5588 [ 6BE6550F1A32796A11EBC58BBC72C44D ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
22:19:03.0009 5588 GPIOClx0101 - ok
22:19:03.0400 5588 [ 3FC2377994D9D63FC128B6C48B22B68F ] gpsvc C:\WINDOWS\System32\gpsvc.dll
22:19:03.0478 5588 gpsvc - ok
22:19:03.0634 5588 [ 508614CAC7BF8AEE4FB9002A413919B1 ] GpuEnergyDrv C:\WINDOWS\system32\drivers\gpuenergydrv.sys
22:19:03.0634 5588 GpuEnergyDrv - ok
22:19:03.0775 5588 [ 248739BB0F3A1156A2C0AF51F39A9EA2 ] GraphicsPerfSvc C:\WINDOWS\System32\GraphicsPerfSvc.dll
22:19:03.0775 5588 GraphicsPerfSvc - ok
22:19:03.0884 5588 [ DED74127C7A2266715C0B8EA2EE75214 ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
22:19:03.0931 5588 HDAudBus - ok
22:19:03.0962 5588 [ 95888B85956AF97320D1F5C354632957 ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
22:19:03.0962 5588 HidBatt - ok
22:19:04.0071 5588 [ 33346BD26BB0AE4361DF1ED00D2876CF ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
22:19:04.0087 5588 HidBth - ok
22:19:04.0212 5588 [ 6D767FEB02DF712F783BEEFF09E06431 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
22:19:04.0212 5588 hidi2c - ok
22:19:04.0259 5588 [ 542AB7A14235C5227A9307ACF1636F0B ] hidinterrupt C:\WINDOWS\System32\drivers\hidinterrupt.sys
22:19:04.0603 5588 hidinterrupt - ok
22:19:04.0696 5588 [ 1553DF41F4EE4F60B4BEEEC62264BE71 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
22:19:04.0900 5588 HidIr - ok
22:19:04.0993 5588 [ D42E350C3F5B9DDCE7BDDB109B413109 ] hidkmdf C:\WINDOWS\System32\drivers\hidkmdf.sys
22:19:04.0993 5588 hidkmdf - ok
22:19:05.0056 5588 [ 3030F19C6A73367D6D5EEDD157F5D01A ] hidserv C:\WINDOWS\system32\hidserv.dll
22:19:05.0056 5588 hidserv - ok
22:19:05.0212 5588 [ 6E3FB2047B8AE72E1B5F1C00A5F3E475 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
22:19:05.0212 5588 HidUsb - ok
22:19:05.0353 5588 [ 621B1FFB2E4E4745484EA01B013BF1D2 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
22:19:05.0353 5588 HpSAMD - ok
22:19:05.0524 5588 [ B96A51E96768A56180EF4934A8613E54 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
22:19:05.0540 5588 HTTP - ok
22:19:05.0696 5588 [ 9E1F3BA540DB9F4942A3F50A92E5754F ] hvcrash C:\WINDOWS\System32\drivers\hvcrash.sys
22:19:05.0696 5588 hvcrash - ok
22:19:05.0821 5588 [ 64A94654E5703D2E8830AA2500D8F0A4 ] HvHost C:\WINDOWS\System32\hvhostsvc.dll
22:19:06.0087 5588 HvHost - ok
22:19:06.0196 5588 [ 621042C19113527CF8FA89F3454576BF ] hvservice C:\WINDOWS\system32\drivers\hvservice.sys
22:19:06.0243 5588 hvservice - ok
22:19:06.0306 5588 [ B149905CD7451160B6BFA2191A3F6182 ] HwNClx0101 C:\WINDOWS\system32\Drivers\mshwnclx.sys
22:19:06.0353 5588 HwNClx0101 - ok
22:19:06.0415 5588 [ FE36689912DEC37D45B7A6C6414046FE ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
22:19:06.0415 5588 hwpolicy - ok
22:19:06.0446 5588 [ A1133368F47D514D73DD7FB4C4FD2B75 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
22:19:06.0446 5588 hyperkbd - ok
22:19:06.0759 5588 [ B68252C53556FFB52CCE18FF30FACA99 ] HyperVideo C:\WINDOWS\System32\drivers\HyperVideo.sys
22:19:06.0759 5588 HyperVideo - ok
22:19:06.0821 5588 [ DA179667B8CEC22E4ECBBF4210DC0E35 ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
22:19:06.0821 5588 i8042prt - ok
22:19:06.0837 5588 [ B5EC43755E62591197DE5CBBDAA9FEB7 ] iagpio C:\WINDOWS\System32\drivers\iagpio.sys
22:19:06.0853 5588 iagpio - ok
22:19:06.0899 5588 [ D8CA23F9C5FEF44296FDE1E005C06EC0 ] iai2c C:\WINDOWS\System32\drivers\iai2c.sys
22:19:06.0899 5588 iai2c - ok
22:19:06.0962 5588 [ 7B769C9D19C013F94874C4B15D59A005 ] iaLPSS2i_GPIO2 C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys
22:19:06.0962 5588 iaLPSS2i_GPIO2 - ok
22:19:07.0040 5588 [ E0F1B3A2A70FABE3BE1C9140BB55E607 ] iaLPSS2i_GPIO2_BXT_P C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys
22:19:07.0040 5588 iaLPSS2i_GPIO2_BXT_P - ok
22:19:07.0149 5588 [ 89A869BCC0588A3009ECB875B09ECD39 ] iaLPSS2i_I2C C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
22:19:07.0149 5588 iaLPSS2i_I2C - ok
22:19:07.0415 5588 [ 2E693DF3C02A0859DB8DE25772751100 ] iaLPSS2i_I2C_BXT_P C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys
22:19:07.0431 5588 iaLPSS2i_I2C_BXT_P - ok
22:19:07.0571 5588 [ 16A10CCEDCF5AC4CAAE43DC9FC40392F ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
22:19:07.0571 5588 iaLPSSi_GPIO - ok
22:19:07.0681 5588 [ EB82A11613326691508D9ED9A4FE29E7 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
22:19:07.0696 5588 iaLPSSi_I2C - ok
22:19:07.0931 5588 [ 25555186E4FBDF0E30A5DBFC9B9A73F9 ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys
22:19:07.0931 5588 iaStorA - ok
22:19:08.0243 5588 [ 26405FA714257E449581DE5D6E6200E6 ] iaStorAVC C:\WINDOWS\system32\drivers\iaStorAVC.sys
22:19:08.0587 5588 iaStorAVC - ok
22:19:08.0790 5588 [ 11AC0355FE52CC8813EE6864DE7531E4 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
22:19:08.0790 5588 iaStorV - ok
22:19:08.0977 5588 [ 62CD9FA7394BCDF7784CCEFC9D00C9AA ] ibbus C:\WINDOWS\System32\drivers\ibbus.sys
22:19:08.0993 5588 ibbus - ok
22:19:09.0040 5588 ibtsiva - ok
22:19:09.0102 5588 [ EAD6C953C40FC06E8E56182D9C27C480 ] ibtusb C:\WINDOWS\system32\DRIVERS\ibtusb.sys
22:19:09.0118 5588 ibtusb - ok
22:19:09.0384 5588 [ F8CFDD8FED56E1261367A81A731BC1C0 ] icssvc C:\WINDOWS\System32\tetheringservice.dll
22:19:09.0415 5588 icssvc - ok
22:19:11.0149 5588 [ 78D5B095D62B07E92FF359F06EDEB79E ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
22:19:11.0352 5588 igfx - ok
22:19:11.0571 5588 [ AD39B05E659BF34D59FFE9BC97DB93B2 ] igfxCUIService2.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
22:19:11.0587 5588 igfxCUIService2.0.0.0 - ok
22:19:12.0149 5588 [ 25793D173BD83ACF8B248C97ABC3B860 ] IKEEXT C:\WINDOWS\System32\ikeext.dll
22:19:12.0180 5588 IKEEXT - ok
22:19:12.0243 5588 [ AA38C19A3D65E8228D822EB18037E19D ] IndirectKmd C:\WINDOWS\System32\drivers\IndirectKmd.sys
22:19:12.0243 5588 IndirectKmd - ok
22:19:12.0477 5588 [ 310C18A371002983E7BF25BEB0333480 ] InstallService C:\WINDOWS\system32\InstallService.dll
22:19:12.0680 5588 InstallService - ok
22:19:13.0258 5588 [ 622868E4BAE8FBCD22CB1A5901A2C824 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
22:19:13.0524 5588 IntcAzAudAddService - ok
22:19:13.0665 5588 [ E300D1E37B737ED14F7A08CD5604E5D9 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
22:19:13.0821 5588 IntcDAud - ok
22:19:13.0930 5588 [ F1B552F7ACDF6E3E4DDDB76118CAFDE3 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
22:19:13.0930 5588 intelide - ok
22:19:14.0008 5588 [ E6CC7C1E7CEDC81D6B15BF2CF4C99109 ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
22:19:14.0055 5588 intelpep - ok
22:19:14.0149 5588 [ 2CEF9DEB97B2CA327175EE8AD5F195A1 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
22:19:14.0165 5588 intelppm - ok
22:19:14.0227 5588 [ 917931A6116F03DB3CA56CFCE8634667 ] iorate C:\WINDOWS\system32\drivers\iorate.sys
22:19:14.0227 5588 iorate - ok
22:19:14.0305 5588 [ FB72A49FAD5C343C8C38948F92D87BBF ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:19:14.0321 5588 IpFilterDriver - ok
22:19:14.0555 5588 [ 9064A49C03F1CED42EAC2B4636C87192 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
22:19:14.0571 5588 iphlpsvc - ok
22:19:14.0602 5588 [ 5C58142E0F1F8AA379748CC123BA7527 ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
22:19:14.0649 5588 IPMIDRV - ok
22:19:14.0774 5588 [ 7408B83959A4B8271EF67FD06A6B366B ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
22:19:14.0789 5588 IPNAT - ok
22:19:14.0852 5588 [ 7BEA2228C81FB6E1EADDD54D615B4C7E ] IPT C:\WINDOWS\System32\drivers\ipt.sys
22:19:14.0852 5588 IPT - ok
22:19:14.0993 5588 [ AD0574F12AA812340BD39071FD30AD1E ] IpxlatCfgSvc C:\WINDOWS\System32\IpxlatCfg.dll
22:19:14.0993 5588 IpxlatCfgSvc - ok
22:19:15.0086 5588 [ 030AE3773151CFA728C67E38416FAD8D ] irda C:\WINDOWS\system32\drivers\irda.sys
22:19:15.0086 5588 irda - ok
22:19:15.0164 5588 [ 79D02DC54AB4F85D2C13A728A0E36193 ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
22:19:15.0180 5588 IRENUM - ok
22:19:15.0258 5588 [ 6ADE9DCAF71DCD888320CA47DB8B05EF ] irmon C:\WINDOWS\System32\irmon.dll
22:19:15.0258 5588 irmon - ok
22:19:15.0336 5588 [ 38A6EC08D0067DECF7B5BA4C871B846C ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
22:19:15.0336 5588 isapnp - ok
22:19:15.0414 5588 [ 5529131AAB75E07D9295B19E20C54DAE ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
22:19:15.0477 5588 iScsiPrt - ok
22:19:15.0555 5588 [ C35FD802C800F3CBB4FD426D5A542A22 ] ItSas35i C:\WINDOWS\system32\drivers\ItSas35i.sys
22:19:15.0571 5588 ItSas35i - ok
22:19:15.0696 5588 [ C2BC9AC9C6514230A481BDCA6A24BEFD ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys
22:19:15.0696 5588 iwdbus - ok
22:19:15.0758 5588 [ 17F3B012B28F27E7B813A7B037A3D790 ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
22:19:15.0774 5588 kbdclass - ok
22:19:15.0805 5588 [ 843B4BBD15DD0340C5C293CD419D4A76 ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
22:19:15.0821 5588 kbdhid - ok
22:19:15.0852 5588 [ 5BBB86F3F1700E0ACE1DF10F0EF7B227 ] kdnic C:\WINDOWS\System32\drivers\kdnic.sys
22:19:15.0852 5588 kdnic - ok
22:19:16.0039 5588 [ 317340CD278A374BCEF6A30194557227 ] KeyIso C:\WINDOWS\system32\lsass.exe
22:19:16.0039 5588 KeyIso - ok
22:19:16.0211 5588 [ 65EF1DBF0132AE84A71B555E97445D4E ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
22:19:16.0211 5588 KSecDD - ok
22:19:16.0274 5588 [ C15FB07656470AEC5828E934BFCEB1F2 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
22:19:16.0274 5588 KSecPkg - ok
22:19:16.0336 5588 [ 10F2EBC1F1C4549C355781715DE47B66 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
22:19:16.0352 5588 ksthunk - ok
22:19:16.0539 5588 [ C4151271434A490707B4FD4E6AAE9EED ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
22:19:16.0602 5588 KtmRm - ok
22:19:16.0774 5588 [ 081D030BC669BDEDC68B8FE81A67E6A7 ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
22:19:16.0836 5588 LanmanServer - ok
22:19:17.0242 5588 [ 514E8BD07F42D95667F54777D57403D0 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
22:19:17.0258 5588 LanmanWorkstation - ok
22:19:17.0508 5588 [ C2A49E8EEE7C3D06ECA80847A42F65D5 ] lfsvc C:\WINDOWS\System32\lfsvc.dll
22:19:17.0508 5588 lfsvc - ok
22:19:17.0602 5588 [ DB8F10ED986BFE0A5B663A1D067F2CCC ] LicenseManager C:\WINDOWS\system32\LicenseManagerSvc.dll
22:19:17.0617 5588 LicenseManager - ok
22:19:17.0680 5588 [ 3CF979AFF0196DF3DF5E54DFC049EB1F ] lltdio C:\WINDOWS\system32\drivers\lltdio.sys
22:19:17.0680 5588 lltdio - ok
22:19:17.0805 5588 [ D6DD748EAC3BC540CFE65C73FE20C099 ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
22:19:17.0821 5588 lltdsvc - ok
22:19:17.0914 5588 [ BD35F484DA59014D091736F8F10BFB42 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
22:19:17.0930 5588 lmhosts - ok
22:19:18.0024 5588 [ 48380096385DB46E43D85CD92B9500DB ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
22:19:18.0039 5588 LSI_SAS - ok
22:19:18.0117 5588 [ F708223E5829510DF0D5AF209D11C8B8 ] LSI_SAS2i C:\WINDOWS\system32\drivers\lsi_sas2i.sys
22:19:18.0133 5588 LSI_SAS2i - ok
22:19:18.0180 5588 [ B91BCC8F670F128A4BB826ACF2C2B9D5 ] LSI_SAS3i C:\WINDOWS\system32\drivers\lsi_sas3i.sys
22:19:18.0180 5588 LSI_SAS3i - ok
22:19:18.0258 5588 [ FA31CDF977CD31AF9AEAAA422966ACC1 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
22:19:18.0258 5588 LSI_SSS - ok
22:19:18.0477 5588 [ 52B6D805C60127F0456DF019775F5740 ] LSM C:\WINDOWS\System32\lsm.dll
22:19:18.0492 5588 LSM - ok
22:19:18.0539 5588 [ E86400D7B6E095E89CF63667D94D3F50 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
22:19:18.0539 5588 luafv - ok
22:19:18.0680 5588 [ 07514F5635999D7DDB5F3A62B5C5AEB3 ] LxpSvc C:\WINDOWS\System32\LanguageOverlayServer.dll
22:19:18.0695 5588 LxpSvc - ok
22:19:18.0805 5588 [ 1CA48E995EE9BDAE7EE3601C792D8DA4 ] MapsBroker C:\WINDOWS\System32\moshost.dll
22:19:18.0805 5588 MapsBroker - ok
22:19:18.0978 5588 [ BD3D311802427608403C5E73A8D6137D ] mausbhost C:\WINDOWS\System32\drivers\mausbhost.sys
22:19:18.0994 5588 mausbhost - ok
22:19:19.0072 5588 [ 61C2D9790943D8E3AD05AE35E4A313EF ] mausbip C:\WINDOWS\System32\drivers\mausbip.sys
22:19:19.0072 5588 mausbip - ok
22:19:20.0744 5588 [ F7265B7490428499F2FE409FA9247866 ] MBAMService C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
22:19:20.0775 5588 MBAMService - ok
22:19:20.0947 5588 [ 351BF8F77B0A15A7B5A2AE098C52A387 ] MBAMSwissArmy C:\WINDOWS\System32\Drivers\mbamswissarmy.sys
22:19:20.0994 5588 MBAMSwissArmy - ok
22:19:21.0087 5588 [ 61BCE12529E96E6F0335A2A8DEB83C61 ] megasas C:\WINDOWS\system32\drivers\megasas.sys
22:19:21.0119 5588 megasas - ok
22:19:21.0197 5588 [ CA22763F12783A9C81C512ED747CECDD ] megasas2i C:\WINDOWS\system32\drivers\MegaSas2i.sys
22:19:21.0228 5588 megasas2i - ok
22:19:21.0353 5588 [ FDB06D857FC43D654547BBB31D039DB4 ] megasas35i C:\WINDOWS\system32\drivers\megasas35i.sys
22:19:21.0369 5588 megasas35i - ok
22:19:21.0556 5588 [ 230361AF74DDB91705284E024A22DF4F ] megasr C:\WINDOWS\system32\drivers\megasr.sys
22:19:21.0556 5588 megasr - ok
22:19:21.0837 5588 [ EB1D78140D6634C32A46AB1006105EDC ] MEIx64 C:\WINDOWS\System32\drivers\TeeDriverx64.sys
22:19:21.0837 5588 MEIx64 - ok
22:19:21.0978 5588 [ 69259AFDF347B5F4AF06E900C4A1F62E ] MessagingService C:\WINDOWS\System32\MessagingService.dll
22:19:21.0978 5588 MessagingService - ok
22:19:22.0228 5588 [ A8931C3820D5F392D89176E0628E766E ] mlx4_bus C:\WINDOWS\System32\drivers\mlx4_bus.sys
22:19:22.0384 5588 mlx4_bus - ok
22:19:22.0462 5588 [ EB4D7C9354CB88DE4B085EA3EEA5BC76 ] MMCSS C:\WINDOWS\system32\drivers\mmcss.sys
22:19:22.0462 5588 MMCSS - ok
22:19:22.0525 5588 [ CA25F2D78FDD0D36E3F3071B4B317BD4 ] Modem C:\WINDOWS\system32\drivers\modem.sys
22:19:22.0525 5588 Modem - ok
22:19:22.0650 5588 [ 13142B3B30F633F407D5256B2FFCCEF0 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
22:19:22.0650 5588 monitor - ok
22:19:22.0728 5588 [ 66C9CCC6A100ACF7A4514BD3091CE566 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
22:19:22.0994 5588 mouclass - ok
22:19:23.0025 5588 [ 6BE61DAF4CDC0E13940096EAC4A9F490 ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
22:19:23.0025 5588 mouhid - ok
22:19:23.0040 5588 [ 2CFB54C638F75E39FBB22723401A8A56 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
22:19:23.0056 5588 mountmgr - ok
22:19:23.0447 5588 [ BF2513029E231BE96D82F7C3ABFF87F4 ] MpKsldfa9e384 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0CAA4AD8-9117-4DB7-8CBA-980CAD62079D}\MpKsldfa9e384.sys
22:19:23.0462 5588 Suspicious file (Forged): C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0CAA4AD8-9117-4DB7-8CBA-980CAD62079D}\MpKsldfa9e384.sys. Real md5: BF2513029E231BE96D82F7C3ABFF87F4, Fake md5: FD4BC5A31AE7C81B7D34BB8A78371B6D
22:19:23.0462 5588 MpKsldfa9e384 ( ForgedFile.Multi.Generic ) - warning
22:19:23.0462 5588 MpKsldfa9e384 - detected ForgedFile.Multi.Generic (1)
22:19:23.0556 5588 [ D78D87D9F0F6A0BB96A712DB3CD47440 ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
22:19:23.0697 5588 mpsdrv - ok
22:19:23.0868 5588 [ 9C7CE5CF0CDB6F41FDB96EF03754D283 ] mpssvc C:\WINDOWS\system32\mpssvc.dll
22:19:23.0931 5588 mpssvc - ok
22:19:24.0212 5588 [ C12373EC998C6F17C0FE2D6C3CBB9C04 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
22:19:24.0306 5588 MRxDAV - ok
22:19:24.0431 5588 [ 3C0FA2ED75875481D00F3D77B1A3E336 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:19:24.0447 5588 mrxsmb - ok
22:19:24.0571 5588 [ E59589471F58AF1413B18A6817769B15 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
22:19:24.0665 5588 mrxsmb10 - ok
22:19:24.0759 5588 [ 42FE3D84EFE835443151DC2A50D05643 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
22:19:24.0759 5588 mrxsmb20 - ok
22:19:24.0853 5588 [ F14DE177087F9E990EDE95ACE1F94662 ] MsBridge C:\WINDOWS\system32\drivers\bridge.sys
22:19:24.0868 5588 MsBridge - ok
22:19:24.0962 5588 [ 9A94F32C1DC90A7E5A35D0F820A8FB1D ] MSDTC C:\WINDOWS\System32\msdtc.exe
22:19:24.0978 5588 MSDTC - ok
22:19:25.0009 5588 [ 128E1D8C23F690DF1DD7AFDB214DB6ED ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:19:25.0009 5588 Msfs - ok
22:19:25.0150 5588 [ 5A5ABA987943317300A4E55A5C5EB8C4 ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
22:19:25.0181 5588 msgpiowin32 - ok
22:19:25.0228 5588 [ D727DEA75E316C80793C7098225D3F56 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
22:19:25.0228 5588 mshidkmdf - ok
22:19:25.0306 5588 [ E12A703CE10B068727499276340D5296 ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
22:19:25.0306 5588 mshidumdf - ok
22:19:25.0509 5588 [ 8E42D6B92CB4567467E29F58F2E31715 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
22:19:25.0509 5588 msisadrv - ok
22:19:25.0618 5588 [ C9930B9F2ABF42C732202813951A9A26 ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
22:19:25.0618 5588 MSiSCSI - ok
22:19:25.0634 5588 msiserver - ok
22:19:25.0712 5588 [ 2F3B9A23F8DEE9C3AD58CB3D966D83DD ] MSKSSRV C:\WINDOWS\System32\drivers\MSKSSRV.sys
22:19:25.0712 5588 MSKSSRV - ok
22:19:25.0790 5588 [ AECFFBE104D428E8A74BCABF5B3B9912 ] MsLldp C:\WINDOWS\system32\drivers\mslldp.sys
22:19:25.0790 5588 MsLldp - ok
22:19:25.0931 5588 [ 83364A92271339D8042C9DD5FD938A84 ] MSPCLOCK C:\WINDOWS\System32\drivers\MSPCLOCK.sys
22:19:25.0931 5588 MSPCLOCK - ok
22:19:25.0946 5588 [ AE5A4B89CDFF544B6481970BFD48A056 ] MSPQM C:\WINDOWS\System32\drivers\MSPQM.sys
22:19:25.0946 5588 MSPQM - ok
22:19:26.0134 5588 [ 999433544A4136A9B879C98049821EE6 ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
22:19:26.0149 5588 MsRPC - ok
22:19:26.0243 5588 [ 4566CB65F176CE5CD8FCA487D2E3A64B ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
22:19:26.0243 5588 mssmbios - ok
22:19:26.0384 5588 [ 8A11E03B32840C0B73C14D16794F1A8A ] MSTEE C:\WINDOWS\System32\drivers\MSTEE.sys
22:19:26.0384 5588 MSTEE - ok
22:19:26.0446 5588 [ 794285C4F166B8108292E63FEA3C41E3 ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
22:19:26.0478 5588 MTConfig - ok
22:19:26.0524 5588 [ EEB9D3E90B83546864211D63C1A0A74A ] Mup C:\WINDOWS\system32\Drivers\mup.sys
22:19:26.0524 5588 Mup - ok
22:19:26.0681 5588 [ 69CECA6726FAD321F5643B16A1FF3934 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
22:19:26.0681 5588 mvumis - ok
22:19:26.0774 5588 [ B66E5DDF484DE03D61B83118E45D5E11 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
22:19:26.0790 5588 NativeWifiP - ok
22:19:27.0274 5588 [ B281FAC1C60FE21ED3F635ECF673A981 ] NaturalAuthentication C:\WINDOWS\System32\NaturalAuth.dll
22:19:27.0368 5588 NaturalAuthentication - ok
22:19:27.0509 5588 [ 6FEC83EDC4A3D1E99039CA1D96AD720D ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
22:19:27.0524 5588 NcaSvc - ok
22:19:27.0681 5588 [ C3D3E2DFBD52C48EA787604F49060A5C ] NcbService C:\WINDOWS\System32\ncbservice.dll
22:19:27.0696 5588 NcbService - ok
22:19:27.0821 5588 [ 9AB04C4C14B32D127DB6E7D3DF79FF26 ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
22:19:27.0821 5588 NcdAutoSetup - ok
22:19:27.0853 5588 [ AB9EB3CADF4D415B598487397476A23A ] ndfltr C:\WINDOWS\System32\drivers\ndfltr.sys
22:19:27.0853 5588 ndfltr - ok
22:19:28.0102 5588 [ 5269DDC879DF5FEA2B7DB91AA4726CCA ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
22:19:28.0306 5588 NDIS - ok
22:19:28.0368 5588 [ AF73B18F3096B165A6F4417C5ED36B01 ] NdisCap C:\WINDOWS\system32\drivers\ndiscap.sys
22:19:28.0384 5588 NdisCap - ok
22:19:28.0493 5588 [ 1A9B1F5B8B131CE461A01C9424E149D7 ] NdisImPlatform C:\WINDOWS\system32\drivers\NdisImPlatform.sys
22:19:28.0493 5588 NdisImPlatform - ok
22:19:28.0509 5588 [ 4C8BBD7EE829CE9BFB8E21134AC477E0 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:19:28.0509 5588 NdisTapi - ok
22:19:28.0618 5588 [ 76DB7B344F90A29A16CB6B7C67B87CF6 ] Ndisuio C:\WINDOWS\system32\drivers\ndisuio.sys
22:19:28.0618 5588 Ndisuio - ok
22:19:28.0649 5588 [ A76D79B71300EB3FEDD3D12D4C6F1D76 ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
22:19:28.0649 5588 NdisVirtualBus - ok
22:19:28.0743 5588 [ DA9896F6ED9EAFDAC19177ADF99DD932 ] NdisWan C:\WINDOWS\System32\drivers\ndiswan.sys
22:19:28.0743 5588 NdisWan - ok
22:19:28.0774 5588 [ DA9896F6ED9EAFDAC19177ADF99DD932 ] ndiswanlegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:19:28.0774 5588 ndiswanlegacy - ok
22:19:28.0852 5588 [ 934E4A5CFD9CB891CD338052FA3467C6 ] ndproxy C:\WINDOWS\system32\DRIVERS\NDProxy.sys
22:19:28.0852 5588 ndproxy - ok
22:19:28.0946 5588 [ 0E3B0F3645D1BAE79397C66FE8AF6402 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
22:19:28.0946 5588 Ndu - ok
22:19:28.0993 5588 [ A704515CF3038668E9E2CA66E31A0700 ] NetAdapterCx C:\WINDOWS\system32\drivers\NetAdapterCx.sys
22:19:29.0009 5588 NetAdapterCx - ok
22:19:29.0071 5588 [ DD09E3115DF2CDB36FED21E67149EB91 ] NetBIOS C:\WINDOWS\system32\drivers\netbios.sys
22:19:29.0071 5588 NetBIOS - ok
22:19:29.0149 5588 [ 045A018E0BA5F9B75C5928A31C0E822C ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:19:29.0149 5588 NetBT - ok
22:19:29.0274 5588 [ 317340CD278A374BCEF6A30194557227 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:19:29.0274 5588 Netlogon - ok
22:19:29.0352 5588 [ C3D07481FDD607F9B66B2CF1D8E26EF0 ] Netman C:\WINDOWS\System32\netman.dll
22:19:29.0524 5588 Netman - ok
22:19:29.0712 5588 [ E9931F57F05696CBF53A086449D97BF6 ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
22:19:29.0727 5588 netprofm - ok
22:19:29.0837 5588 [ C8B1AF912319FEF251288BDD27E9576D ] NetSetupSvc C:\WINDOWS\System32\NetSetupSvc.dll
22:19:29.0852 5588 NetSetupSvc - ok
22:19:30.0665 5588 [ 7EC8B56348F9298BCCA7A745C7F70E2C ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:19:30.0680 5588 NetTcpPortSharing - ok
22:19:31.0024 5588 [ DA8548D75434CE421BF921BAAC0916D9 ] netvsc C:\WINDOWS\System32\drivers\netvsc.sys
22:19:31.0024 5588 netvsc - ok
22:19:31.0821 5588 [ 82CB9A9C54B561549F7EE11987607C3A ] NETwNb64 C:\WINDOWS\system32\DRIVERS\Netwbw02.sys
22:19:31.0946 5588 NETwNb64 - ok
22:19:32.0337 5588 [ 162A571ABAF9546339EE0BB482FF6AE7 ] NgcCtnrSvc C:\WINDOWS\System32\NgcCtnrSvc.dll
22:19:32.0337 5588 NgcCtnrSvc - ok
22:19:32.0571 5588 [ 6084A17157D6F80EAD0413152DEF6185 ] NgcSvc C:\WINDOWS\system32\ngcsvc.dll
22:19:32.0587 5588 NgcSvc - ok
22:19:32.0774 5588 [ BF69FF80C3975B1D1E9428A689A16CB1 ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
22:19:32.0790 5588 NlaSvc - ok
22:19:32.0883 5588 [ 7190932DB00BE83B57C01B5EAC4D746B ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:19:32.0883 5588 Npfs - ok
22:19:32.0915 5588 [ 218DB396170D77BB94F69B526CC51B8F ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
22:19:32.0915 5588 npsvctrig - ok
22:19:32.0977 5588 [ 457DAC0D0978F5391E0742ADCB4C2E28 ] nsi C:\WINDOWS\system32\nsisvc.dll
22:19:32.0993 5588 nsi - ok
22:19:33.0024 5588 [ A4952889D7C5804F17ABB9F454A371C2 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
22:19:33.0024 5588 nsiproxy - ok
22:19:33.0836 5588 [ FCEFE8F8E6F5D46BB4BFA6DDEF6392E6 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:19:33.0899 5588 Ntfs - ok
22:19:33.0993 5588 [ C029E5408EEE26C3B4E5BA5D29738DB8 ] Null C:\WINDOWS\system32\drivers\Null.sys
22:19:33.0993 5588 Null - ok
22:19:34.0086 5588 [ 189E5FCB96ABFEA84239A16062256EE4 ] nvdimm C:\WINDOWS\System32\drivers\nvdimm.sys
22:19:34.0149 5588 nvdimm - ok
22:19:34.0180 5588 [ 1F50ED95984009BF3634D6BD1A16FA5B ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
22:19:34.0180 5588 nvraid - ok
22:19:34.0258 5588 [ D6C14906B78F235461EEF96A886830D4 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
22:19:34.0274 5588 nvstor - ok
22:19:34.0540 5588 [ 9DBC464AB85AA48C9760C6C2E591E2D3 ] OneSyncSvc C:\WINDOWS\System32\APHostService.dll
22:19:34.0555 5588 OneSyncSvc - ok
22:19:34.0665 5588 [ CD5ECD6470B6B235B73569A091150299 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
22:19:34.0665 5588 p2pimsvc - ok
22:19:34.0790 5588 [ CCD10679BA0D9EF549F80C458C2AD1C4 ] p2psvc C:\WINDOWS\system32\p2psvc.dll
22:19:34.0805 5588 p2psvc - ok
22:19:34.0930 5588 [ 13B175715A4391E4E5D2AB2EBC8CDBB5 ] Parport C:\WINDOWS\System32\drivers\parport.sys
22:19:34.0977 5588 Parport - ok
22:19:35.0071 5588 [ 428B9FAFB0EE6EF66EAAB7B49A96487A ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
22:19:35.0071 5588 partmgr - ok
22:19:35.0211 5588 [ 646118D521C8131F6940E8BD808246A0 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
22:19:35.0227 5588 PcaSvc - ok
22:19:35.0399 5588 [ 7B6C0AFE5029A791F23B03EB13194797 ] pci C:\WINDOWS\system32\drivers\pci.sys
22:19:35.0399 5588 pci - ok
22:19:35.0477 5588 [ C447CDA030A3415711E4E940D2E9B399 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
22:19:35.0477 5588 pciide - ok
22:19:35.0555 5588 [ 753174DF234EA8BBF732986D5F78FCE7 ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
22:19:35.0586 5588 pcmcia - ok
22:19:35.0633 5588 [ 1D05B6DE437515281CD91A16C16529E6 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
22:19:35.0805 5588 pcw - ok
22:19:35.0930 5588 [ F5F1A092463D6E46E71CC709A65403D1 ] pdc C:\WINDOWS\system32\drivers\pdc.sys
22:19:35.0930 5588 pdc - ok
22:19:36.0118 5588 [ 42B12A76D3C98AE69C97727E3BEC7D8A ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
22:19:36.0133 5588 PEAUTH - ok
22:19:36.0243 5588 [ CD9BA1C279BE0E92E971C2B45A7F3D9B ] percsas2i C:\WINDOWS\system32\drivers\percsas2i.sys
22:19:36.0243 5588 percsas2i - ok
22:19:36.0352 5588 [ 6D5EA79E82A48B181E18C2C39416E8C8 ] percsas3i C:\WINDOWS\system32\drivers\percsas3i.sys
22:19:36.0352 5588 percsas3i - ok
22:19:39.0180 5588 [ 185100798FBD23C849DC1C00ED43D99D ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
22:19:39.0211 5588 PerfHost - ok
22:19:39.0449 5588 [ 1206779B445417A29B33FCC7230CD28C ] PhoneSvc C:\WINDOWS\System32\PhoneService.dll
22:19:39.0574 5588 PhoneSvc - ok
22:19:39.0715 5588 [ 807ED476A62E79935315342BD3FAA046 ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
22:19:39.0730 5588 PimIndexMaintenanceSvc - ok
22:19:40.0059 5588 [ 4E614DBE28B5857F70DEBCC804629E67 ] pla C:\WINDOWS\system32\pla.dll
22:19:40.0137 5588 pla - ok
22:19:40.0293 5588 [ DBD6E8A5C358AAA3B4900EFD5CF94CC8 ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
22:19:40.0293 5588 PlugPlay - ok
22:19:40.0402 5588 [ E8BE4041A69023B6A4D1096EE8436347 ] pmem C:\WINDOWS\System32\drivers\pmem.sys
22:19:40.0402 5588 pmem - ok
22:19:40.0527 5588 [ 99ECEDA6B2E1FDB6892FBD5AED1E5D99 ] PNPMEM C:\WINDOWS\System32\drivers\pnpmem.sys
22:19:40.0527 5588 PNPMEM - ok
22:19:40.0605 5588 [ 75690F495CEDBEF3D5989828AEEAE832 ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
22:19:40.0605 5588 PNRPAutoReg - ok
22:19:40.0683 5588 [ CD5ECD6470B6B235B73569A091150299 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
22:19:40.0699 5588 PNRPsvc - ok
22:19:40.0840 5588 [ 9744ADAF8DD679D64A33D828FABA39E1 ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
22:19:40.0855 5588 PolicyAgent - ok
22:19:40.0965 5588 [ F39D3876C731BB01BFE8F574188837C8 ] Power C:\WINDOWS\system32\umpo.dll
22:19:40.0980 5588 Power - ok
22:19:41.0199 5588 [ 1FB09FD846D5030B82EB345E9970A105 ] PptpMiniport C:\WINDOWS\System32\drivers\raspptp.sys
22:19:41.0199 5588 PptpMiniport - ok
22:19:43.0590 5588 [ AD62FCEC1CB8ECD7C0E3DFD2FA79FDE4 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
22:19:44.0480 5588 PrintNotify - ok
22:19:44.0621 5588 [ A60202AE474E2173ED91118DD73ADAAD ] PrintWorkflowUserSvc C:\WINDOWS\System32\PrintWorkflowService.dll
22:19:44.0636 5588 PrintWorkflowUserSvc - ok
22:19:44.0730 5588 [ E0E55CDA29C80A9520FCFC78D7F8A73D ] Processor C:\WINDOWS\System32\drivers\processr.sys
22:19:44.0730 5588 Processor - ok
22:19:44.0902 5588 [ C974AC54A9D34AF4899E98ECC1784E03 ] ProfSvc C:\WINDOWS\system32\profsvc.dll
22:19:44.0918 5588 ProfSvc - ok
22:19:44.0996 5588 [ E4BF8BE7B3711BCBBC95EE983C0236F4 ] Psched C:\WINDOWS\system32\drivers\pacer.sys
22:19:45.0011 5588 Psched - ok
22:19:45.0183 5588 [ 29F12CD3F77B65C7E37F8517395B13D2 ] PushToInstall C:\WINDOWS\system32\PushToInstall.dll
22:19:45.0199 5588 PushToInstall - ok
22:19:45.0277 5588 [ 8AB5F41584C98047ABEF490FC1E31F7E ] QWAVE C:\WINDOWS\system32\qwave.dll
22:19:45.0293 5588 QWAVE - ok
22:19:45.0402 5588 [ 00F72861538B6C4E925A21BAE397A49D ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
22:19:45.0402 5588 QWAVEdrv - ok
22:19:45.0464 5588 [ 0FFABEB2D06CD74DDE0BCA510EEAEEBC ] Ramdisk C:\WINDOWS\system32\DRIVERS\ramdisk.sys
22:19:45.0464 5588 Ramdisk - ok
22:19:45.0480 5588 [ B834761352403111D0113284D8736025 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:19:45.0480 5588 RasAcd - ok
22:19:45.0746 5588 [ FA99CE309B66586A0AA6EF9CFF7BC467 ] RasAgileVpn C:\WINDOWS\System32\drivers\AgileVpn.sys
22:19:45.0746 5588 RasAgileVpn - ok
22:19:45.0839 5588 [ C7CCE345D0010B3B9AC5067578436BFE ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:19:45.0839 5588 RasAuto - ok
22:19:45.0949 5588 [ 775ED7E51B58CF9EB415A1DBA540DACF ] Rasl2tp C:\WINDOWS\System32\drivers\rasl2tp.sys
22:19:45.0949 5588 Rasl2tp - ok
22:19:46.0371 5588 [ 032D13E37743DA2559E586D5BBDCB895 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:19:46.0527 5588 RasMan - ok
22:19:46.0621 5588 [ E2433A620ABF4083157944E4692C500D ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:19:46.0902 5588 RasPppoe - ok
22:19:46.0933 5588 [ EE5D1D51FA74ECCE57CF2DB8F6A417D8 ] RasSstp C:\WINDOWS\System32\drivers\rassstp.sys
22:19:46.0933 5588 RasSstp - ok
22:19:46.0980 5588 [ 5F7027A2F16AFF56DA68D996FAFDAAD8 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:19:46.0980 5588 rdbss - ok
22:19:47.0089 5588 [ 206AB796793FDBD518B82E2F308A7176 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
22:19:47.0089 5588 rdpbus - ok
22:19:47.0167 5588 [ 3DE4216324BE32FC3AF7667AE2406EE5 ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
22:19:47.0214 5588 RDPDR - ok
22:19:47.0402 5588 [ 0600DF60EF88FD10663EC84709E5E245 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
22:19:47.0527 5588 RdpVideoMiniport - ok
22:19:47.0667 5588 [ 65652EFAAF4A8A59E60A2D7BE15317E8 ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
22:19:47.0683 5588 rdyboost - ok
22:19:48.0230 5588 [ 3DCB3FAFE46B9FE41C9065EBBED97724 ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys
22:19:48.0308 5588 ReFS - ok
22:19:48.0730 5588 [ B76350D40A46DBA17205F8373528FD83 ] ReFSv1 C:\WINDOWS\system32\drivers\ReFSv1.sys
22:19:48.0870 5588 ReFSv1 - ok
22:19:49.0042 5588 [ 980F60634FAF9C58FC468AF9AA609D68 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:19:49.0058 5588 RemoteAccess - ok
22:19:49.0323 5588 [ 106E630F1B2A8BF2BBD4508D9B166406 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:19:49.0339 5588 RemoteRegistry - ok
22:19:49.0714 5588 [ 53BE6D9C36A9CB95A1568C24D44A8A34 ] RetailDemo C:\WINDOWS\system32\RDXService.dll
22:19:49.0792 5588 RetailDemo - ok
22:19:50.0089 5588 [ 59F600BDA5B6EE591802945F1D8388D5 ] RFCOMM C:\WINDOWS\System32\drivers\rfcomm.sys
22:19:50.0089 5588 RFCOMM - ok
22:19:50.0167 5588 [ 3D4F4CCE0364CD3F1B539D2630686F24 ] rhproxy C:\WINDOWS\System32\drivers\rhproxy.sys
22:19:50.0183 5588 rhproxy - ok
22:19:50.0464 5588 [ ADA13EBD9C23C51876A5B2EADF7F2E29 ] RmSvc C:\WINDOWS\System32\RMapi.dll
22:19:50.0480 5588 RmSvc - ok
22:19:50.0558 5588 [ 3CD63AE6A9A1DE4CD5831AE15221C861 ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
22:19:50.0573 5588 RpcEptMapper - ok
22:19:50.0636 5588 [ 19EC4D05E01FE350B3494CEA122D64EB ] RpcLocator C:\WINDOWS\system32\locator.exe
22:19:50.0777 5588 RpcLocator - ok
22:19:51.0011 5588 [ 107661923943E9DC06ED2713AC5F7753 ] RpcSs C:\WINDOWS\system32\rpcss.dll
22:19:51.0026 5588 RpcSs - ok
22:19:51.0214 5588 [ FFFB16EF6E0B8B5F7F19B425923E7D12 ] rspndr C:\WINDOWS\system32\drivers\rspndr.sys
22:19:51.0230 5588 rspndr - ok
22:19:51.0417 5588 [ D9C5260772FDA64AB729C0B4822F11E3 ] RTL8168 C:\WINDOWS\System32\drivers\Rt630x64.sys
22:19:51.0573 5588 RTL8168 - ok
22:19:51.0683 5588 [ A2939E69027B97105014434BFBFF7195 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
22:19:51.0683 5588 s3cap - ok
22:19:51.0792 5588 [ 317340CD278A374BCEF6A30194557227 ] SamSs C:\WINDOWS\system32\lsass.exe
22:19:51.0808 5588 SamSs - ok
22:19:52.0089 5588 [ 04C51BBD8C9F54E5F2C5D831B03B11E3 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
22:19:52.0339 5588 sbp2port - ok
22:19:52.0448 5588 [ D48F36EA4B4E8237B24E33B18D76EB2A ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
22:19:52.0464 5588 SCardSvr - ok
22:19:52.0605 5588 [ 1B1FB3D8403E621F2B9201EF414E21D9 ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
22:19:52.0605 5588 ScDeviceEnum - ok
22:19:52.0667 5588 [ 0070C2DC6563C48EDA63A282748F3FCD ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
22:19:52.0667 5588 scfilter - ok
22:19:52.0901 5588 [ 9D13410D7B4D76AA2EA73EC8CA0E0190 ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:19:52.0917 5588 Schedule - ok
22:19:53.0105 5588 [ 6538E939E55B589AA4F5BC22D35A6B36 ] scmbus C:\WINDOWS\system32\drivers\scmbus.sys
22:19:53.0120 5588 scmbus - ok
22:19:53.0323 5588 [ 620E4F2FDD04FFB70702676423F1C2AC ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
22:19:53.0339 5588 SCPolicySvc - ok
22:19:53.0526 5588 [ 495273177E87B0C34D7E431E9254FA23 ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
22:19:53.0526 5588 sdbus - ok
22:19:53.0620 5588 [ 9EF09DE84CE20B787C02395394AC2A7E ] SDFRd C:\WINDOWS\System32\drivers\SDFRd.sys
22:19:53.0620 5588 SDFRd - ok
22:19:53.0714 5588 [ 01607A2FAB0068450A06C90AF755D57E ] SDRSVC C:\WINDOWS\System32\SDRSVC.dll
22:19:53.0714 5588 SDRSVC - ok
22:19:53.0776 5588 [ F80D6C03FEA2F7DEE14023B7229DA8C2 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
22:19:53.0776 5588 sdstor - ok
22:19:53.0901 5588 [ 44B1F4F200B4D3AE8B53290101148AFC ] seclogon C:\WINDOWS\system32\seclogon.dll
22:19:53.0917 5588 seclogon - ok
22:19:54.0089 5588 [ 927AEFF824C08AD5E22BB27E4A1D50AA ] SecurityHealthService C:\WINDOWS\system32\SecurityHealthService.exe
22:19:54.0089 5588 SecurityHealthService - ok
22:19:54.0292 5588 [ 7D7ED932B6417D8687D1D972989B310B ] SEMgrSvc C:\WINDOWS\system32\SEMgrSvc.dll
22:19:54.0401 5588 SEMgrSvc - ok
22:19:54.0479 5588 [ CA614C9FBC8307AB1DC937F3393899E2 ] SENS C:\WINDOWS\System32\sens.dll
22:19:54.0495 5588 SENS - ok
22:19:54.0714 5588 [ 46AEFFC68BEAF89805B95CC6F9529C2E ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
22:19:54.0776 5588 SensorDataService - ok
22:19:55.0042 5588 [ 2B81117E9C3E20BBAA2CB5467D000F77 ] SensorService C:\WINDOWS\system32\SensorService.dll
22:19:55.0120 5588 SensorService - ok
22:19:55.0214 5588 [ DF94FAAEC4CDAA3886A0169E660C984B ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
22:19:55.0292 5588 SensrSvc - ok
22:19:55.0323 5588 [ C5CF2941AA9E417B3A224601255C002E ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
22:19:55.0339 5588 SerCx - ok
22:19:55.0401 5588 [ B9C113BD9FCA4F3E23F03708A7DA07CC ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
22:19:55.0401 5588 SerCx2 - ok
22:19:55.0479 5588 [ 1845736FA47A1DFBBB642FE21095B4E0 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
22:19:55.0479 5588 Serenum - ok
22:19:55.0526 5588 [ F1BABF50469041797ED9928C31318832 ] Serial C:\WINDOWS\System32\drivers\serial.sys
22:19:55.0526 5588 Serial - ok
22:19:55.0589 5588 [ 340116988930B07629A2D0C2B380A365 ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
22:19:55.0589 5588 sermouse - ok
22:19:55.0729 5588 [ 87340BC77470B34F11A9E558B591DB08 ] SessionEnv C:\WINDOWS\system32\sessenv.dll
22:19:55.0761 5588 SessionEnv - ok
22:19:55.0979 5588 [ 77FF0A5BA023D8E8C82EACCD54EA5C78 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
22:19:55.0979 5588 sfloppy - ok
22:19:56.0089 5588 [ 1941F5CA54C469E16957587FD56ED842 ] SgrmAgent C:\WINDOWS\system32\drivers\SgrmAgent.sys
22:19:56.0104 5588 SgrmAgent - ok
22:19:56.0198 5588 [ D3170A3F3A9626597EEE1888686E3EA6 ] SgrmBroker C:\WINDOWS\system32\SgrmBroker.exe
22:19:56.0214 5588 SgrmBroker - ok
22:19:56.0417 5588 [ AC1D97F89F2EC7E334A406603A686973 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:19:56.0526 5588 SharedAccess - ok
22:19:56.0823 5588 [ 0BE15FDA358837ABD88DC72AA75C75CD ] SharedRealitySvc C:\WINDOWS\System32\SharedRealitySvc.dll
22:19:56.0948 5588 SharedRealitySvc - ok
22:19:57.0042 5588 [ 63B104867F70F0D81125C37989146960 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:19:57.0073 5588 ShellHWDetection - ok
22:19:57.0354 5588 [ F6D90D09D2BCFA2B5E492BFECA40EDE4 ] shpamsvc C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
22:19:57.0370 5588 shpamsvc - ok
22:19:57.0526 5588 [ 1443CF919C2A3207CE7724E0A31686A2 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
22:19:57.0526 5588 SiSRaid2 - ok
22:19:57.0573 5588 [ C0B1EAD6CC127CAE4E84EBF54105B3B8 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
22:19:57.0589 5588 SiSRaid4 - ok
22:19:57.0682 5588 [ 9A88D522D3AD3B99E3ECE61AC310C0A6 ] SmbDrv C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys
22:19:57.0729 5588 SmbDrv - ok
22:19:57.0792 5588 [ E7684DD0A5868DFAD7DC567292A06C29 ] SmbDrvI C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys
22:19:57.0979 5588 SmbDrvI - ok
22:19:58.0026 5588 [ B7C6144293CFAD2DEDCD022C44735DC2 ] smphost C:\WINDOWS\System32\smphost.dll
22:19:58.0026 5588 smphost - ok
22:19:58.0245 5588 [ A3BEF2736E902B9DCA68554F4E10E08C ] SmsRouter C:\WINDOWS\system32\SmsRouterSvc.dll
22:19:58.0370 5588 SmsRouter - ok
22:19:58.0604 5588 [ 577EC13EB5215325E9B9FC51FB56A974 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
22:19:58.0620 5588 SNMPTRAP - ok
22:19:58.0901 5588 [ 5E70A578D27BCC7E37E16055669F2836 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
22:19:58.0901 5588 spaceport - ok
22:19:59.0010 5588 [ FE1776E587227120DC04EAEC45473245 ] SpatialGraphFilter C:\WINDOWS\system32\drivers\SpatialGraphFilter.sys
22:19:59.0010 5588 SpatialGraphFilter - ok
22:19:59.0057 5588 [ D05EB2BB52EC6B665D1631EC33241B80 ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
22:19:59.0073 5588 SpbCx - ok
22:19:59.0385 5588 [ 52A4B8C04C345434C974B9A949521BAE ] spectrum C:\WINDOWS\system32\spectrum.exe
22:19:59.0432 5588 spectrum - ok
22:19:59.0651 5588 [ C05A19A38D7D203B738771FD1854656F ] Spooler C:\WINDOWS\System32\spoolsv.exe
22:19:59.0713 5588 Spooler - ok
22:20:00.0745 5588 [ 95EBCA251177AD13238FF0DC15C3202C ] sppsvc C:\WINDOWS\system32\sppsvc.exe
22:20:00.0885 5588 sppsvc - ok
22:20:01.0182 5588 [ 3EB4023AC700182D84CB6761D3727394 ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
22:20:01.0198 5588 srv2 - ok
22:20:01.0307 5588 [ 93DF24D0C33F2894429D4180145CBDA7 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
22:20:01.0401 5588 srvnet - ok
22:20:01.0479 5588 [ 1AEA66706573E8CCD6038369FE37F237 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:20:01.0479 5588 SSDPSRV - ok
22:20:01.0682 5588 [ 5EE518DFADC18573E681BB78833E93FA ] ssh-agent C:\WINDOWS\System32\OpenSSH\ssh-agent.exe
22:20:01.0760 5588 ssh-agent - ok
22:20:01.0885 5588 [ C7DF51E24DD853E7E2D3C0BCDCE57D6C ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
22:20:01.0963 5588 SstpSvc - ok
22:20:02.0041 5588 [ 3267933B06415A5801FE888B203C2046 ] ssudqcfilter C:\WINDOWS\System32\drivers\ssudqcfilter.sys
22:20:02.0041 5588 ssudqcfilter - ok
22:20:03.0166 5588 [ B9E4174DFBDCA9979A92D17C2E67890E ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
22:20:03.0307 5588 StateRepository - ok
22:20:03.0494 5588 [ DA82903F26AE12034CC5229F61098948 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
22:20:03.0510 5588 stexstor - ok
22:20:03.0588 5588 [ EB2C25A3700309F3F67D9334CF33A36C ] stisvc C:\WINDOWS\System32\wiaservc.dll
22:20:03.0697 5588 stisvc - ok
22:20:03.0807 5588 [ F2D1983C7BEF5E3AB8978A7796C59A75 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
22:20:03.0807 5588 storahci - ok
22:20:03.0932 5588 [ 76C9E2AA3400C22FC7091AD2F2999F95 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
22:20:03.0932 5588 storflt - ok
22:20:04.0166 5588 [ 701078F20919BD635EA25F691880F651 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
22:20:04.0166 5588 stornvme - ok
22:20:04.0323 5588 [ 47CE4211A40C2C023A8138E18757F3D2 ] storqosflt C:\WINDOWS\system32\drivers\storqosflt.sys
22:20:04.0323 5588 storqosflt - ok
22:20:04.0494 5588 [ DEA7BB6D3724F2FD9E61ED085E69DFA7 ] StorSvc C:\WINDOWS\system32\storsvc.dll
22:20:04.0541 5588 StorSvc - ok
22:20:04.0635 5588 [ 25D7B79F80F3C2CD97D797C14D470165 ] storufs C:\WINDOWS\system32\drivers\storufs.sys
22:20:04.0635 5588 storufs - ok
22:20:04.0729 5588 [ 1FC7B7BE58A29DF27F5E6F6C2F061FA3 ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
22:20:04.0729 5588 storvsc - ok
22:20:04.0854 5588 [ 0B154B033AD7F9215DED11E0CFC80A25 ] svsvc C:\WINDOWS\system32\svsvc.dll
22:20:04.0854 5588 svsvc - ok
22:20:05.0869 5588 [ 54255DF324C621A97220EBFA832237D2 ] swenum C:\WINDOWS\System32\DriverStore\FileRepository\swenum.inf_amd64_ea7b19c04e7a8136\swenum.sys
22:20:05.0869 5588 swenum - ok
22:20:06.0025 5588 [ B3C113C9B784A4D296C7A7BA515F74BF ] swprv C:\WINDOWS\System32\swprv.dll
22:20:06.0072 5588 swprv - ok
22:20:06.0244 5588 [ A2A42A570524C975259E3B81C4D80DCA ] Synth3dVsc C:\WINDOWS\System32\drivers\Synth3dVsc.sys
22:20:06.0244 5588 Synth3dVsc - ok
22:20:06.0385 5588 [ 99DBF9676B5C0CF869183E90A3991DF6 ] SynTP C:\WINDOWS\System32\drivers\SynTP.sys
22:20:06.0494 5588 SynTP - ok
22:20:07.0260 5588 [ 5BCE33D2D217A00C66C2D1019B4FFCE8 ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
22:20:07.0353 5588 SynTPEnhService - ok
22:20:07.0525 5588 [ 62492FAAC26223E8A21E79A2331A3F10 ] SysMain C:\WINDOWS\system32\sysmain.dll
22:20:07.0557 5588 SysMain - ok
22:20:07.0900 5588 [ 607143646829B70F7C60F4CF499AD41D ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
22:20:07.0900 5588 SystemEventsBroker - ok
22:20:08.0025 5588 [ CE9975A9E0DFBEFECECE218D2674C1CD ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
22:20:08.0119 5588 TabletInputService - ok
22:20:08.0213 5588 [ E38C7C4D57B1438F70A1B913870E8665 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:20:08.0213 5588 TapiSrv - ok
22:20:08.0635 5588 [ 85F08C04631954B48D4F65BEDB72282E ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
22:20:08.0713 5588 Tcpip - ok
22:20:09.0025 5588 [ 85F08C04631954B48D4F65BEDB72282E ] Tcpip6 C:\WINDOWS\system32\drivers\tcpip.sys
22:20:09.0025 5588 Tcpip6 - ok
22:20:09.0103 5588 [ 085F8A5F09E64CC27309AF160EF4F9BA ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
22:20:09.0103 5588 tcpipreg - ok
22:20:09.0181 5588 [ 16071C42E21CE3378FA449322FB9AB1D ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
22:20:09.0197 5588 tdx - ok
22:20:09.0322 5588 [ B2C4D7CB291293CAC636748E695D111E ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
22:20:09.0338 5588 terminpt - ok
22:20:09.0541 5588 [ 10ADC3589E50B1ED8452C86E0CBE8248 ] TermService C:\WINDOWS\System32\termsrv.dll
22:20:09.0603 5588 TermService - ok
22:20:09.0697 5588 [ 1A0A0F6A139148AFDC4622046D4B3CBD ] Themes C:\WINDOWS\system32\themeservice.dll
22:20:09.0713 5588 Themes - ok
22:20:09.0775 5588 [ 04F4382FF6CF40F4DB99EF01448AAAF5 ] Thotkey C:\WINDOWS\System32\drivers\Thotkey.sys
22:20:09.0775 5588 Thotkey - ok
22:20:09.0900 5588 [ 811910E891A6DB4A864AE119EB71218C ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
22:20:09.0900 5588 TieringEngineService - ok
22:20:10.0197 5588 [ 8BF5E2FD72E939CF68D617E273034793 ] TimeBrokerSvc C:\WINDOWS\System32\TimeBrokerServer.dll
22:20:10.0197 5588 TimeBrokerSvc - ok
22:20:10.0275 5588 [ 1FD998EEF7CBDBC71C0FCA164B01864F ] TokenBroker C:\WINDOWS\System32\TokenBroker.dll
22:20:10.0322 5588 TokenBroker - ok
22:20:10.0416 5588 [ 3D69A41021DEA17019CBC8AE6271DD47 ] tosrfec C:\WINDOWS\System32\drivers\tosrfec.sys
22:20:10.0416 5588 tosrfec - ok
22:20:10.0541 5588 [ BF705C64C1522646BF00E72393DC5D6F ] TPM C:\WINDOWS\System32\drivers\tpm.sys
22:20:10.0541 5588 TPM - ok
22:20:10.0619 5588 [ A5C0F857C38278A90E953A24E1701196 ] TrkWks C:\WINDOWS\System32\trkwks.dll
22:20:10.0619 5588 TrkWks - ok
22:20:10.0759 5588 [ 4578046C54A954C917BB393B70BA0AEB ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
22:20:10.0759 5588 TrustedInstaller - ok
22:20:10.0838 5588 [ 0D721F40C179EC5737C15E551F22C69B ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
22:20:10.0978 5588 TsUsbFlt - ok
22:20:10.0994 5588 [ DE1296871208D1F13B7AC57C4B1FA46C ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
22:20:10.0994 5588 TsUsbGD - ok
22:20:11.0072 5588 [ BC938ABBF586272BD4063CA51F09149F ] tunnel C:\WINDOWS\system32\drivers\tunnel.sys
22:20:11.0088 5588 tunnel - ok
22:20:11.0197 5588 [ 878D283B927B790B1D5685F723150A87 ] TVALZ C:\WINDOWS\system32\drivers\TVALZ.SYS
22:20:11.0197 5588 TVALZ - ok
22:20:11.0322 5588 [ E94996BB8F323AF02860196C1400AD30 ] tzautoupdate C:\WINDOWS\system32\tzautoupdate.dll
22:20:11.0338 5588 tzautoupdate - ok
22:20:11.0400 5588 [ BDFACE024EFF2398214797143AD76C87 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
22:20:11.0416 5588 UASPStor - ok
22:20:11.0463 5588 [ 00C4396DE1CD3502884BB2E2B6D6861C ] UcmCx0101 C:\WINDOWS\system32\Drivers\UcmCx.sys
22:20:11.0478 5588 UcmCx0101 - ok
22:20:11.0666 5588 [ ED9CBD1541C8AFDAA9B8255A384E2B53 ] UcmTcpciCx0101 C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
22:20:11.0806 5588 UcmTcpciCx0101 - ok
22:20:11.0947 5588 [ F58F1BC6A6972437CE18516F8ACCEB9F ] UcmUcsi C:\WINDOWS\System32\drivers\UcmUcsi.sys
22:20:11.0947 5588 UcmUcsi - ok
22:20:12.0088 5588 [ EE62D07172014C8BBE7C80A3AAF56E8F ] Ucx01000 C:\WINDOWS\system32\drivers\ucx01000.sys
22:20:12.0088 5588 Ucx01000 - ok
22:20:12.0150 5588 [ 12E2B6B642360E66396502B62B048694 ] UdeCx C:\WINDOWS\system32\drivers\udecx.sys
22:20:12.0150 5588 UdeCx - ok
22:20:12.0244 5588 [ 6A442723D4D05D9F15D24C9942CDA00D ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
22:20:12.0259 5588 udfs - ok
22:20:12.0353 5588 [ D30AF38971B6670C222250AC2CBB6227 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
22:20:12.0353 5588 UEFI - ok
22:20:12.0509 5588 [ 588B9212DEE84F5192C09A147AA5C316 ] Ufx01000 C:\WINDOWS\system32\drivers\ufx01000.sys
22:20:12.0759 5588 Ufx01000 - ok
22:20:12.0947 5588 [ 78B5C069C9AA1463ACC833FD7E2A3BD5 ] UfxChipidea C:\WINDOWS\System32\drivers\UfxChipidea.sys
22:20:12.0947 5588 UfxChipidea - ok
22:20:13.0134 5588 [ 533BF4F456A1C6E7581E8C0A4EC59300 ] ufxsynopsys C:\WINDOWS\System32\drivers\ufxsynopsys.sys
22:20:13.0166 5588 ufxsynopsys - ok
22:20:13.0259 5588 [ 360FEE6F687D98EFFE46A5433FE6182E ] umbus C:\WINDOWS\System32\drivers\umbus.sys
22:20:13.0306 5588 umbus - ok
22:20:13.0384 5588 [ F6F1A9D91F684AA02951B96EE8127DAE ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
22:20:13.0384 5588 UmPass - ok
22:20:13.0494 5588 [ 0D806415E1F86E7C1C192261C247EF0D ] UmRdpService C:\WINDOWS\System32\umrdp.dll
22:20:13.0556 5588 UmRdpService - ok
22:20:13.0775 5588 [ EAEC69961D9D8B39FEA44D56F7FB259D ] UnistoreSvc C:\WINDOWS\System32\unistore.dll
22:20:14.0056 5588 UnistoreSvc - ok
22:20:14.0275 5588 [ 2362D5C18120FAB9CE5BD1F73EE33758 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:20:14.0306 5588 upnphost - ok
22:20:14.0478 5588 [ 49A5E1B43C59DC0E363AD9C2D7D10BE4 ] UrsChipidea C:\WINDOWS\System32\drivers\urschipidea.sys
22:20:14.0478 5588 UrsChipidea - ok
22:20:14.0540 5588 [ 53F1DA2D92D1D8CE4BB9D33E58D7DF01 ] UrsCx01000 C:\WINDOWS\system32\drivers\urscx01000.sys
22:20:14.0540 5588 UrsCx01000 - ok
22:20:14.0712 5588 [ 09518A324B95BBC0B472BD5A472CB916 ] UrsSynopsys C:\WINDOWS\System32\drivers\urssynopsys.sys
22:20:14.0837 5588 UrsSynopsys - ok
22:20:14.0884 5588 [ CD03479F2DA26500B203ED075C146A7A ] USBAAPL64 C:\WINDOWS\System32\Drivers\usbaapl64.sys
22:20:14.0931 5588 USBAAPL64 - ok
22:20:15.0087 5588 [ B7211393225AB05324C52BA47B31FEB4 ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
22:20:15.0087 5588 usbccgp - ok
22:20:15.0181 5588 [ 250D21958EE5F45CD13FE6BE3788EE70 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
22:20:15.0181 5588 usbcir - ok
22:20:15.0259 5588 [ 4269DE1EB8029D55B3BB3A8A330FCF90 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
22:20:15.0259 5588 usbehci - ok
22:20:15.0415 5588 [ D67AABAE0C9EBAC9BBA2E20E0AF52EF1 ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
22:20:15.0431 5588 usbhub - ok
22:20:15.0603 5588 [ D1F6348F41DFCE25AA918E38F02E80FD ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
22:20:15.0650 5588 USBHUB3 - ok
22:20:15.0665 5588 [ A547E7B1B3FB2228259AA85AC7E82698 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
22:20:15.0681 5588 usbohci - ok
22:20:15.0775 5588 [ 692C0BA4109C8F78392A299369F51129 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
22:20:15.0790 5588 usbprint - ok
22:20:15.0947 5588 [ 45A9E57185B79420EFEA5A4AED655809 ] usbser C:\WINDOWS\System32\drivers\usbser.sys
22:20:15.0947 5588 usbser - ok
22:20:16.0040 5588 [ C03DA998E412D69D18DD11D835229AF0 ] UsbserFilt C:\WINDOWS\System32\drivers\usbser_lowerfltjx64.sys
22:20:16.0197 5588 UsbserFilt - ok
22:20:16.0306 5588 [ CEF7527514EC49EBE0C760D784643EF0 ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
22:20:16.0306 5588 USBSTOR - ok
22:20:16.0368 5588 [ A4124036C4FD2B94C6157C4588EEB4E3 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
22:20:16.0384 5588 usbuhci - ok
22:20:16.0540 5588 [ 9431F7E997A8750139517709B04D8629 ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys
22:20:16.0587 5588 usbvideo - ok
22:20:16.0806 5588 [ 9F4CCFCD4B4C6008C940510E43D54AEC ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
22:20:16.0806 5588 USBXHCI - ok
22:20:17.0087 5588 [ CE0E3BA8FC974BEE5BE20E4F43A1C583 ] UserDataSvc C:\WINDOWS\System32\userdataservice.dll
22:20:17.0181 5588 UserDataSvc - ok
22:20:17.0525 5588 [ B8D1D74FEF1F190BA4DA7E7A72D5D9CE ] UserManager C:\WINDOWS\System32\usermgr.dll
22:20:17.0540 5588 UserManager - ok
22:20:17.0837 5588 [ C6C17BECA29DB0D6F6FF6D45EB65FF80 ] UsoSvc C:\WINDOWS\system32\usocore.dll
22:20:17.0900 5588 UsoSvc - ok
22:20:18.0056 5588 [ 3E283D06357616CD4117CC15BDB7C4C3 ] VacSvc C:\WINDOWS\System32\vac.dll
22:20:18.0056 5588 VacSvc - ok
22:20:18.0165 5588 [ 317340CD278A374BCEF6A30194557227 ] VaultSvc C:\WINDOWS\system32\lsass.exe
22:20:18.0165 5588 VaultSvc - ok
22:20:18.0228 5588 [ 8DCB7E5A9497C030484E5AD9E541B85C ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
22:20:18.0243 5588 vdrvroot - ok
22:20:18.0446 5588 [ 4940B49502323905B66039D0D1AB4613 ] vds C:\WINDOWS\System32\vds.exe
22:20:18.0478 5588 vds - ok
22:20:18.0665 5588 [ 5C25C1A89650C95D15F7988D71487B08 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
22:20:18.0681 5588 VerifierExt - ok
22:20:18.0853 5588 [ E8E5F722A699EF037891D735CB588F8D ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
22:20:18.0993 5588 vhdmp - ok
22:20:19.0134 5588 [ 209A34F4BE17B0A56328C86F8CCC5577 ] vhf C:\WINDOWS\System32\drivers\vhf.sys
22:20:19.0134 5588 vhf - ok
22:20:19.0275 5588 [ 44F4ED5D8FC0CFA7C3755D44C575D994 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
22:20:19.0275 5588 vmbus - ok
22:20:19.0368 5588 [ E2D57FB1A62F0BB7F70570806A09CE2B ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
22:20:19.0368 5588 VMBusHID - ok
22:20:19.0540 5588 [ C9F69EBA06A703CE726CC6FC0AEFB5E9 ] vmgid C:\WINDOWS\System32\drivers\vmgid.sys
22:20:19.0540 5588 vmgid - ok
22:20:19.0681 5588 [ E4F5E83951810583FE8C2423772171DF ] vmicguestinterface C:\WINDOWS\System32\icsvc.dll
22:20:19.0696 5588 vmicguestinterface - ok
22:20:19.0712 5588 [ E4F5E83951810583FE8C2423772171DF ] vmicheartbeat C:\WINDOWS\System32\icsvc.dll
22:20:19.0712 5588 vmicheartbeat - ok
22:20:19.0978 5588 [ E4F5E83951810583FE8C2423772171DF ] vmickvpexchange C:\WINDOWS\System32\icsvc.dll
22:20:19.0993 5588 vmickvpexchange - ok
22:20:20.0321 5588 [ DB7FB1DA7E1564EACBADD436191309C5 ] vmicrdv C:\WINDOWS\System32\icsvcext.dll
22:20:20.0337 5588 vmicrdv - ok
22:20:20.0493 5588 [ E4F5E83951810583FE8C2423772171DF ] vmicshutdown C:\WINDOWS\System32\icsvc.dll
22:20:20.0509 5588 vmicshutdown - ok
22:20:20.0603 5588 [ E4F5E83951810583FE8C2423772171DF ] vmictimesync C:\WINDOWS\System32\icsvc.dll
22:20:20.0618 5588 vmictimesync - ok
22:20:21.0009 5588 [ E4F5E83951810583FE8C2423772171DF ] vmicvmsession C:\WINDOWS\System32\icsvc.dll
22:20:21.0024 5588 vmicvmsession - ok
22:20:21.0259 5588 [ DB7FB1DA7E1564EACBADD436191309C5 ] vmicvss C:\WINDOWS\System32\icsvcext.dll
22:20:21.0259 5588 vmicvss - ok
22:20:21.0744 5588 [ 708410755721F94FC8939673893C2E2B ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
22:20:21.0760 5588 volmgr - ok
22:20:22.0198 5588 [ 1514506CA7462A64DC38C48108DDBB45 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
22:20:22.0213 5588 volmgrx - ok
22:20:22.0682 5588 [ F0EE4E6028CCA58BEA9A04E7BEAB7DB4 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
22:20:22.0760 5588 volsnap - ok
22:20:23.0213 5588 [ 77FD1607F2C371ABD241EC7699C58884 ] volume C:\WINDOWS\system32\drivers\volume.sys
22:20:23.0463 5588 volume - ok
22:20:23.0979 5588 [ CB90DACF9194DD9D60A2C1DBFBC1E0D1 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
22:20:24.0557 5588 vpci - ok
22:20:24.0666 5588 [ ED0B3436E1DE601C6C8EB86789AC8BAB ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
22:20:24.0666 5588 vsmraid - ok
22:20:24.0869 5588 [ C7053D974A35EAB81F153FF33C883613 ] VSS C:\WINDOWS\system32\vssvc.exe
22:20:25.0119 5588 VSS - ok
22:20:25.0432 5588 [ 3D706FBED35DF3B17809C6714F31F9B0 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
22:20:25.0557 5588 VSTXRAID - ok
22:20:25.0572 5588 [ 0B11DBB8173AD374D67893D54EBEE9F3 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
22:20:25.0572 5588 vwifibus - ok
22:20:25.0650 5588 [ 95540F74893235C189409C98643D7A77 ] vwififlt C:\WINDOWS\system32\drivers\vwififlt.sys
22:20:25.0650 5588 vwififlt - ok
22:20:25.0682 5588 [ 60A14582772A4DF0D0BE27B3F873BE6B ] vwifimp C:\WINDOWS\System32\drivers\vwifimp.sys
22:20:25.0682 5588 vwifimp - ok
22:20:25.0900 5588 [ 4F904ADE8BECDFB48CBA3F44FC0676A1 ] W32Time C:\WINDOWS\system32\w32time.dll
22:20:25.0916 5588 W32Time - ok
22:20:26.0166 5588 [ 1C8447EFBC2B36B1CFE889E519F46A6E ] WaaSMedicSvc C:\WINDOWS\System32\WaaSMedicSvc.dll
22:20:26.0354 5588 WaaSMedicSvc - ok
22:20:26.0604 5588 [ A212A4F5D2BB731F9CC6E2C546A0B464 ] WacHidRouter C:\WINDOWS\System32\drivers\wachidrouter.sys
22:20:26.0604 5588 WacHidRouter - ok
22:20:26.0666 5588 [ 87A01F65BD16C9FCCDD1B65F56CB93B0 ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
22:20:26.0666 5588 WacomPen - ok
22:20:26.0728 5588 [ E722E0C28881186D1B7E09A66C4D4DA5 ] wacomrouterfilter C:\WINDOWS\System32\drivers\wacomrouterfilter.sys
22:20:26.0728 5588 wacomrouterfilter - ok
22:20:26.0869 5588 [ 25FAB8A2CFFA21FDB472AB3AE6C17A57 ] WalletService C:\WINDOWS\system32\WalletService.dll
22:20:26.0900 5588 WalletService - ok
22:20:26.0978 5588 [ 85E187443F68F285DB78BD2279AE3701 ] wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:20:27.0057 5588 wanarp - ok
22:20:27.0072 5588 [ 85E187443F68F285DB78BD2279AE3701 ] wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:20:27.0072 5588 wanarpv6 - ok
22:20:27.0197 5588 [ 395447583F42FD840520EE87AE439D74 ] WarpJITSvc C:\WINDOWS\System32\Windows.WARP.JITService.dll
22:20:27.0228 5588 WarpJITSvc - ok
22:20:27.0432 5588 [ 6E235F75DF84C387388D23D697D6540B ] wbengine C:\WINDOWS\system32\wbengine.exe
22:20:27.0463 5588 wbengine - ok
22:20:27.0666 5588 [ 4A9F35F16FDC5FEED34E10F02697CA1F ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
22:20:27.0713 5588 WbioSrvc - ok
22:20:27.0885 5588 [ 8A304D6CDC067922448CBA1EBB9FFCA8 ] wcifs C:\WINDOWS\system32\drivers\wcifs.sys
22:20:27.0885 5588 wcifs - ok
22:20:28.0088 5588 [ 24E96C02CBCCFFDE8D5CB9E7509DE374 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
22:20:28.0103 5588 Wcmsvc - ok
22:20:28.0197 5588 [ B797B163EDCA46B5244F4E083BE7A7E7 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
22:20:28.0213 5588 wcncsvc - ok
22:20:28.0322 5588 [ FCA1B5465213EF4DE373A1F7E76D260E ] wcnfs C:\WINDOWS\system32\drivers\wcnfs.sys
22:20:28.0463 5588 wcnfs - ok
22:20:28.0572 5588 [ E6B9D4C5BB2C8B7BA7946EC54392B14E ] WdBoot C:\WINDOWS\system32\drivers\wd\WdBoot.sys
22:20:28.0681 5588 WdBoot - ok
22:20:28.0822 5588 [ 152926023B401D1F5F8852929572F5C3 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
22:20:28.0822 5588 Wdf01000 - ok
22:20:28.0947 5588 [ C0100756EBE0B8CCC9517949A0809893 ] WdFilter C:\WINDOWS\system32\drivers\wd\WdFilter.sys
22:20:28.0994 5588 WdFilter - ok
22:20:29.0072 5588 [ 067D1A81B4708CA97523709FDF57B728 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
22:20:29.0072 5588 WdiServiceHost - ok
22:20:29.0088 5588 [ 067D1A81B4708CA97523709FDF57B728 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
22:20:29.0103 5588 WdiSystemHost - ok
22:20:29.0306 5588 [ 5DDA2C4B9AAED51E73DD6D580406F07A ] wdiwifi C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
22:20:29.0760 5588 wdiwifi - ok
22:20:30.0041 5588 [ EAF4FB729E94561EE31BDE5BEF869C65 ] WdmCompanionFilter C:\WINDOWS\system32\drivers\WdmCompanionFilter.sys
22:20:30.0041 5588 WdmCompanionFilter - ok
22:20:30.0119 5588 [ CF07A18380EBA6609F66002B82BE2E84 ] WdNisDrv C:\WINDOWS\system32\drivers\wd\WdNisDrv.sys
22:20:30.0119 5588 WdNisDrv - ok
22:20:30.0650 5588 [ C748A3C5E6222847FAA853465A4FFAFA ] WdNisSvc C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe
22:20:30.0713 5588 WdNisSvc - ok
22:20:30.0806 5588 [ BDCC510E85F7AF152E2DFF030A526EA2 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:20:30.0869 5588 WebClient - ok
22:20:31.0025 5588 [ 506F0A1CCABF4428733CF854BCBB6832 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
22:20:31.0025 5588 Wecsvc - ok
22:20:31.0134 5588 [ D8D727E8311C86B2A993A9006A453BAC ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
22:20:31.0134 5588 WEPHOSTSVC - ok
22:20:31.0306 5588 [ 30B4568D058E17500E7BF88AECEDF3F1 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
22:20:31.0322 5588 wercplsupport - ok
22:20:31.0541 5588 [ 5DDB06B07A60E7AEA69837931373C159 ] WerSvc C:\WINDOWS\System32\WerSvc.dll
22:20:31.0556 5588 WerSvc - ok
22:20:31.0697 5588 [ 0427A785512BB39BEA530DC5367A9A03 ] WFDSConMgrSvc C:\WINDOWS\System32\wfdsconmgrsvc.dll
22:20:31.0713 5588 WFDSConMgrSvc - ok
22:20:31.0869 5588 [ EB0B154F12F78DE232F38EF61BCDEEA2 ] WFPLWFS C:\WINDOWS\system32\drivers\wfplwfs.sys
22:20:31.0869 5588 WFPLWFS - ok
22:20:32.0119 5588 [ 752F5931696914DF2EC0B27275C38458 ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
22:20:32.0166 5588 WiaRpc - ok
22:20:32.0369 5588 [ 3AE28A996C9EB8A6F2AC12BC55035126 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
22:20:32.0369 5588 WIMMount - ok
22:20:32.0509 5588 [ CEDC4E5155D9D48F2922C21EC02419B7 ] WinDefend C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe
22:20:32.0509 5588 WinDefend - ok
22:20:32.0759 5588 [ 2BB82BABE32D41F430D290239ABC0E87 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
22:20:32.0837 5588 WindowsTrustedRT - ok
22:20:33.0119 5588 [ 5F0EDDA201630E132C2251BC9DA85023 ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
22:20:33.0119 5588 WindowsTrustedRTProxy - ok
22:20:33.0634 5588 [ 939AA47A32AFE2BC17EB39FB2ED1DDC2 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
22:20:33.0712 5588 WinHttpAutoProxySvc - ok
22:20:33.0916 5588 [ 762D8D839C44C5A0BE0449AA84034522 ] WinMad C:\WINDOWS\System32\drivers\winmad.sys
22:20:33.0931 5588 WinMad - ok
22:20:35.0181 5588 [ 72D83880FEF0C788C5F305F330744208 ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:20:35.0197 5588 Winmgmt - ok
22:20:35.0306 5588 [ 48194110C410B335AC985D9194275A1C ] WinNat C:\WINDOWS\system32\drivers\winnat.sys
22:20:35.0306 5588 WinNat - ok
22:20:36.0743 5588 [ C57185CC62AA13E4F5A989D904CC9A16 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
22:20:37.0509 5588 WinRM - ok
22:20:37.0650 5588 [ 6FA3D810FE082001B16ADE19829F1E8E ] WINUSB C:\WINDOWS\System32\drivers\winusb.sys
22:20:37.0665 5588 WINUSB - ok
22:20:37.0884 5588 [ D2D6DB37E06608A5AF5B68D8E677B219 ] WinVerbs C:\WINDOWS\System32\drivers\winverbs.sys
22:20:37.0884 5588 WinVerbs - ok
22:20:38.0384 5588 [ 08BEB7851B4B8AA07325C23A657233F1 ] wisvc C:\WINDOWS\system32\flightsettings.dll
22:20:38.0415 5588 wisvc - ok
22:20:39.0103 5588 [ 2490E373EC18869BA4FE435CFDE3ADEE ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
22:20:39.0321 5588 WlanSvc - ok
22:20:40.0009 5588 [ 28A32E1F7A46A833DE104EF43E389F5F ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
22:20:40.0103 5588 wlidsvc - ok
22:20:40.0603 5588 [ 59F6A50CD336D0ADD22E3F1FC0D73957 ] wlpasvc C:\WINDOWS\System32\lpasvc.dll
22:20:40.0665 5588 wlpasvc - ok
22:20:40.0743 5588 [ EAEF2A087812BB7110C744446AB731D5 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
22:20:40.0743 5588 WmiAcpi - ok
22:20:40.0837 5588 [ ABAC310F5E01CBA9B33AE694F99D0977 ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
22:20:40.0837 5588 wmiApSrv - ok
22:20:41.0009 5588 WMPNetworkSvc - ok
22:20:41.0337 5588 [ E122AD60BF4D7E4B28CCBABF33B28C1F ] Wof C:\WINDOWS\system32\drivers\Wof.sys
22:20:41.0352 5588 Wof - ok
22:20:43.0024 5588 [ 0D3303BDBC591ECF113601D7853A1AA7 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
22:20:43.0134 5588 workfolderssvc - ok
22:20:44.0275 5588 [ 58DA02D34C964C00AF9140C07CCFF8F0 ] WpcMonSvc C:\WINDOWS\System32\WpcDesktopMonSvc.dll
22:20:44.0447 5588 WpcMonSvc - ok
22:20:44.0588 5588 [ 7412ECE8BD5590881FA9780B68BD70C5 ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
22:20:44.0689 5588 WPDBusEnum - ok
22:20:45.0013 5588 [ 15C1131EA0216F799C86B03EDAE0BE45 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
22:20:45.0013 5588 WpdUpFltr - ok
22:20:45.0169 5588 [ 096969606BB5C4822AB020081EA07FC5 ] WpnService C:\WINDOWS\system32\WpnService.dll
22:20:45.0189 5588 WpnService - ok
22:20:45.0302 5588 [ 8B694BC50D2D2B98311283CFE5B40EE6 ] WpnUserService C:\WINDOWS\System32\WpnUserService.dll
22:20:45.0319 5588 WpnUserService - ok
22:20:45.0379 5588 [ C1C2E769FCD3B00A59FF876FB2AD4336 ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
22:20:45.0379 5588 ws2ifsl - ok
22:20:45.0479 5588 [ DCB549367EB94CD8AFAA28E3F77F6493 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
22:20:45.0499 5588 wscsvc - ok
22:20:45.0512 5588 WSearch - ok
22:20:46.0059 5588 [ 63C79AD0202728F4608757340B7D602B ] wuauserv C:\WINDOWS\system32\wuaueng.dll
22:20:46.0179 5588 wuauserv - ok
22:20:46.0249 5588 [ 813DC18CC654CFB1875074139B0FEFD3 ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
22:20:46.0249 5588 WudfPf - ok
22:20:46.0349 5588 [ FB64BAD6DEDB27EA39B03685AC0A8EB4 ] WUDFRd C:\WINDOWS\system32\drivers\WudfRd.sys
22:20:46.0349 5588 WUDFRd - ok
22:20:46.0837 5588 [ FAFE3B08208AA28C82BC42731B4EEBE8 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
22:20:46.0949 5588 WwanSvc - ok
22:20:47.0038 5588 [ 51D3A1E2285E2E931A553281BBA10E81 ] xbgm C:\WINDOWS\system32\xbgmsvc.exe
22:20:47.0038 5588 xbgm - ok
22:20:47.0189 5588 [ DB952AD196A9548CF5235A71E5197F3F ] XblAuthManager C:\WINDOWS\System32\XblAuthManager.dll
22:20:47.0331 5588 XblAuthManager - ok
22:20:47.0637 5588 [ 8C0DD7BFFF5A81AEC26AD720057F5451 ] XblGameSave C:\WINDOWS\System32\XblGameSave.dll
22:20:47.0742 5588 XblGameSave - ok
22:20:47.0869 5588 [ 93352403D9E6B71C275996690672488F ] xboxgip C:\WINDOWS\System32\drivers\xboxgip.sys
22:20:47.0999 5588 xboxgip - ok
22:20:48.0072 5588 [ C7FEC5C0377E5598BA919B29731CA45F ] XboxGipSvc C:\WINDOWS\System32\XboxGipSvc.dll
22:20:48.0079 5588 XboxGipSvc - ok
22:20:48.0503 5588 [ 3A94BD93CD2D9C34725D924230B502A5 ] XboxNetApiSvc C:\WINDOWS\system32\XboxNetApiSvc.dll
22:20:48.0702 5588 XboxNetApiSvc - ok
22:20:48.0949 5588 [ CE1F78B5C1F14F74242008B2B3153FA2 ] xinputhid C:\WINDOWS\System32\drivers\xinputhid.sys
22:20:49.0439 5588 xinputhid - ok
22:20:49.0439 5588 ================ Scan global ===============================
22:20:49.0659 5588 [ 44D259E3B8F950D123CBE21893CEF1AB ] C:\WINDOWS\system32\basesrv.dll
22:20:49.0739 5588 [ 1C346B5D7E5336246604A9FCFCB092BC ] C:\WINDOWS\system32\winsrv.dll
22:20:49.0929 5588 [ FE8D1AB6D6711BE791A01C17EDEBD0D6 ] C:\WINDOWS\system32\sxssrv.dll
22:20:50.0112 5588 [ E2F4C75AFA20E742DE1B70372F15DCD7 ] C:\WINDOWS\system32\services.exe
22:20:50.0253 5588 [Global] - ok
22:20:50.0253 5588 ================ Scan MBR ==================================
22:20:50.0309 5588 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
22:20:50.0399 5588 \Device\Harddisk0\DR0 - ok
22:20:50.0399 5588 ================ Scan VBR ==================================
22:20:50.0440 5588 [ 05431543AF5E6B4B69D95EF6B20C1E87 ] \Device\Harddisk0\DR0\Partition1
22:20:50.0619 5588 \Device\Harddisk0\DR0\Partition1 - ok
22:20:50.0659 5588 [ 25E5B8E13F710C7BD49B1B6499EC9693 ] \Device\Harddisk0\DR0\Partition2
22:20:50.0689 5588 \Device\Harddisk0\DR0\Partition2 - ok
22:20:50.0732 5588 [ 1C9D43BAAAFEDAADB154FCC6C6776FEF ] \Device\Harddisk0\DR0\Partition3
22:20:50.0740 5588 \Device\Harddisk0\DR0\Partition3 - ok
22:20:50.0761 5588 [ 4E7C94235765CBDCC26465FB485279D9 ] \Device\Harddisk0\DR0\Partition4
22:20:50.0829 5588 \Device\Harddisk0\DR0\Partition4 - ok
22:20:51.0309 5588 [ 30C5F9A08EBD1AAC3635FAF7BC098678 ] \Device\Harddisk0\DR0\Partition5
22:20:51.0379 5588 \Device\Harddisk0\DR0\Partition5 - ok
22:20:51.0419 5588 [ FD3D57E8AFD5D198181F16A9E6D7E719 ] \Device\Harddisk0\DR0\Partition6
22:20:51.0419 5588 \Device\Harddisk0\DR0\Partition6 - ok
22:20:51.0429 5588 ============================================================
22:20:51.0429 5588 Scan finished
22:20:51.0429 5588 ============================================================
22:20:51.0469 4812 Detected object count: 1
22:20:51.0469 4812 Actual detected object count: 1
22:22:06.0920 4812 MpKsldfa9e384 ( ForgedFile.Multi.Generic ) - skipped by user
22:22:06.0920 4812 MpKsldfa9e384 ( ForgedFile.Multi.Generic ) - User select action: Skip

borninthenorth · August 9, 2018

Update: After ticking off ''Trace disk IO calls'', the awsMBR finally works properly. I attach the requested files.

MBR.zip

aswMBR.txt

nasdaq · August 10, 2018

Hi,

Run the TDSSKiller and fix these items.

22:19:23.0447 5588 [ BF2513029E231BE96D82F7C3ABFF87F4 ] MpKsldfa9e384 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0CAA4AD8-9117-4DB7-8CBA-980CAD62079D}\MpKsldfa9e384.sys
22:19:23.0462 5588 Suspicious file (Forged): C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0CAA4AD8-9117-4DB7-8CBA-980CAD62079D}\MpKsldfa9e384.sys. Real md5: BF2513029E231BE96D82F7C3ABFF87F4, Fake md5: FD4BC5A31AE7C81B7D34BB8A78371B6D
22:19:23.0462 5588 MpKsldfa9e384 ( ForgedFile.Multi.Generic ) - warning
22:19:23.0462 5588 MpKsldfa9e384 - detected ForgedFile.Multi.Generic (1)
===

When completed run the aswMBR and click the FIX button.

Restart the computer normally.

p.s.
The proper file is listed in your FRST.TXT log and it's good.
R1 MpKsl368512a8; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{31375440-4B22-4F8D-860D-AB001A7E7F3E}\MpKsl368512a8.sys [58120 2018-08-09] (Microsoft Corporation)

Let me know of any problems.

borninthenorth · August 11, 2018

I cannot execute option fixMBR. The program says: Disk 0 MBR Fix Error. The Fix option is not available after the scan.

nasdaq · August 11, 2018

Select the other fix button if available?

Did run the TDSSKiller tool to delete the items?

Has your problem been solved?

borninthenorth · August 11, 2018

TDSSKiller cannot find the threat this time. In aswMBR neither of fix buttons work.

nasdaq · August 11, 2018

Then the problems have been solved?

borninthenorth · August 11, 2018

I think the aswMBR still detects the file in windows defender, since it is highlighted in yellow, however it cannot fix it. Should I delete the file manually?

nasdaq · August 11, 2018

Yes!.

If the file is in use, the boot to Safe Mode and delete it.

borninthenorth · August 13, 2018

I think the file was replaced by an update of Windows Defender, since it was not there. The aswMBR does not detect the file anymore. However, the ADWcleaner has detected 7 PUPs, all of them were generic registry entries concerning firewall. This made me doubt if my PC is truly virus free. Since majority of the detected threats were branded as "generic", I am afraid that my PC might have been infected by a zero-day malware. Which steps I should take to ensure that my computer is clean?

Edited August 13, 2018 by borninthenorth

nasdaq · August 14, 2018

Next time you run the AdwCleaner post the logs so that I can see what we are dealing with.

borninthenorth · August 15, 2018

Here is the log of the scan.

AdwCleaner[S00].txt

nasdaq · August 15, 2018

Hi,

Lets see what we can find in the Registry.

Farbar Recovery Scan Tool (FRST) - Registry Search
Follow the instructions below to download and execute a Registry search on your system with FRST, and provide the log in your next reply.

Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
In the Search text area, copy and paste the following:

AdvancedSetup · September 1, 2018

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

PC Infection

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information