Jump to content
JCrocker

Conhost.exe taking over my laptop

Recommended Posts

I've tried Malwarebytes, Adwcleaner,  Hitman Pro, Superantispyware and McAffee but I can't stop it. Everytime I open a browser it starts running multiple hidden versions of Chrome or IExplorer and slowing everything to a crawl  .Please help! 

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Choose a File.
Navigate to the location of the File.
Click the file. It will appear in section.
Click the Saving button.

Wait for further instructions


 

Share this post


Link to post
Share on other sites

Thanks, Here they are:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.01.2019
Ran by kelly (administrator) on LAPTOP-5H1B9L6F (24-05-2019 08:57:02)
Running from C:\Users\kelly\Desktop
Loaded Profiles: kelly &  (Available Profiles: kelly)
Platform: Windows 10 Home Version 1803 17134.765 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
() C:\Program Files\Everything\Everything.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\servicehost.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_18_12\mcapexe.exe
(McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\3.1.160.0\McCSPServiceHost.exe
(McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\uihost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\Everything\Everything.exe
(f.lux Software LLC) C:\Users\kelly\AppData\Local\FluxSoftware\Flux\flux.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11904.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279328 2018-09-27] (Realtek Semiconductor)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [2199656 2018-02-08] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2565066577-4024063832-252566065-1001\...\Run: [f.lux] => C:\Users\kelly\AppData\Local\FluxSoftware\Flux\flux.exe [1378824 2019-04-29] (f.lux Software LLC)
HKU\S-1-5-21-2565066577-4024063832-252566065-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [9198512 2019-04-08] (SUPERAntiSpyware)
HKU\S-1-5-21-2565066577-4024063832-252566065-1001\...\Run: [DelayShred] => C:\Windows\System32\conhost.exe [625664 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2565066577-4024063832-252566065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05232019211632804\...\Run: [f.lux] => C:\Users\kelly\AppData\Local\FluxSoftware\Flux\flux.exe [1378824 2019-04-29] (f.lux Software LLC)
HKU\S-1-5-21-2565066577-4024063832-252566065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05232019211632804\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [9198512 2019-04-08] (SUPERAntiSpyware)
HKU\S-1-5-21-2565066577-4024063832-252566065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05232019211632804\...\Run: [DelayShred] => C:\Windows\System32\conhost.exe [625664 2018-04-11] (Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-21] (Google Inc.)
Startup: C:\Users\kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-01-13]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0a1d68e8-4e86-44b0-9931-70e755ff8a09}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{3527b631-ee67-46b8-a96f-c91c0cad1c0f}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{3527b631-ee67-46b8-a96f-c91c0cad1c0f}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{75dae74b-f1dd-11e7-993b-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9af277b1-55f1-4182-972d-abc0ec4d6b77}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9af277b1-55f1-4182-972d-abc0ec4d6b77}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{b5addf36-5134-484e-be4f-d4fe6c88c996}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{bd8c4499-6ef1-4eaf-9e55-19a5f1618659}: [NameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2565066577-4024063832-252566065-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2565066577-4024063832-252566065-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2565066577-4024063832-252566065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05232019211632804\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2565066577-4024063832-252566065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05232019211632804\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {5D619690-B1DF-4CD2-A40A-F702CBA17117} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {5D619690-B1DF-4CD2-A40A-F702CBA17117} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2565066577-4024063832-252566065-1001 -> {5D619690-B1DF-4CD2-A40A-F702CBA17117} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2565066577-4024063832-252566065-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05232019211632804 -> {5D619690-B1DF-4CD2-A40A-F702CBA17117} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2019-05-20] (McAfee, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-12-06] (HP Inc.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2019-05-20] (McAfee, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-12-06] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\mcsniepl64.dll [2019-02-15] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files (x86)\mcafee\msc\mcsniepl.dll [2019-02-15] (McAfee, Inc.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2019-05-20]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @mcafee.com/MSC,version=10 -> c:\program files\mcafee\msc\npmcsnffpl64.dll [2019-02-15] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\program files (x86)\mcafee\msc\npmcsnffpl.dll [2019-02-15] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google LLC)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2017-03-19] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11146824 2019-05-08] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-31] (McAfee, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-12-25] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-12-25] (Dropbox, Inc.)
R2 Everything; C:\Program Files\Everything\Everything.exe [2199656 2018-02-08] ()
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [139504 2019-05-22] (SurfRight B.V.)
S2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3394072 2017-03-01] (HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-04-03] (HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [899640 2019-05-20] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_18_12\McApExe.exe [745880 2019-01-23] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.1.160.0\\McCSPServiceHost.exe [2158952 2018-12-17] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [371840 2019-01-15] (McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [604216 2019-01-15] (McAfee, LLC)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [509728 2019-01-15] (McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1692552 2018-12-19] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1360384 2019-02-05] (McAfee, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [268128 2018-09-27] (Realtek Semiconductor)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269912 2017-08-24] (Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-26] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [27376 2017-04-17] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0312549.inf_amd64_d0c053e57e0c1fd8\atikmdag.sys [28753800 2017-04-17] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0312549.inf_amd64_d0c053e57e0c1fd8\atikmpag.sys [521608 2017-04-17] (Advanced Micro Devices, Inc.)
R1 amdpsp; C:\WINDOWS\system32\DRIVERS\amdpsp.sys [239976 2017-06-12] (Advanced Micro Devices, Inc. )
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (Apple Inc.)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77384 2019-01-22] (McAfee, LLC)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218408 2018-12-24] (McAfee, Inc.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-05-23] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [511024 2019-01-22] (McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [373808 2019-01-22] (McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [86136 2019-01-22] (McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [517168 2019-01-22] (McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [981032 2019-01-22] (McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [563728 2018-11-19] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109072 2018-11-19] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [117800 2019-01-22] (McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254024 2019-01-22] (McAfee, LLC)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [954368 2017-04-13] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-04-27] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [7904088 2018-04-20] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [45144 2017-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [46680 2017-08-24] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-04-26] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [344544 2019-04-26] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-26] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35568 2018-08-31] (HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (Created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-24 08:57 - 2019-05-24 08:58 - 000021065 _____ C:\Users\kelly\Desktop\FRST.txt
2019-05-24 08:56 - 2019-05-24 08:57 - 000000000 ____D C:\FRST
2019-05-24 08:56 - 2019-05-23 23:03 - 002427904 _____ (Farbar) C:\Users\kelly\Desktop\FRST64.exe
2019-05-23 21:19 - 2019-05-23 21:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2019-05-23 21:15 - 2019-05-23 21:15 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-05-23 21:15 - 2019-05-23 21:15 - 000000000 ___HD C:\ProgramData\temp
2019-05-23 21:10 - 2019-05-23 21:10 - 000003526 _____ C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn
2019-05-23 21:10 - 2019-05-23 21:10 - 000003520 _____ C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime
2019-05-23 17:57 - 2019-05-23 17:57 - 000000000 ____D C:\Users\kelly\AppData\Local\ESET
2019-05-23 13:45 - 2019-05-23 13:45 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\kelly\Desktop\rkill64-23152.exe
2019-05-22 21:57 - 2019-05-23 11:18 - 000000000 ____D C:\Program Files\Trojan Killer
2019-05-22 21:57 - 2019-05-22 21:57 - 000001781 _____ C:\Users\Public\Desktop\Reset Browser Settings.lnk
2019-05-22 21:57 - 2019-05-22 21:57 - 000000907 _____ C:\Users\Public\Desktop\Trojan Killer.lnk
2019-05-22 20:37 - 2019-05-22 20:37 - 000001548 _____ C:\WINDOWS\system32\.crusader
2019-05-22 20:30 - 2019-05-22 20:46 - 000001969 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2019-05-22 20:30 - 2019-05-22 20:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2019-05-22 20:30 - 2019-05-22 20:30 - 000000000 ____D C:\Program Files\HitmanPro
2019-05-22 20:29 - 2019-05-22 20:39 - 000000000 ____D C:\ProgramData\HitmanPro
2019-05-22 20:23 - 2019-05-22 20:25 - 000000000 ____D C:\AdwCleaner
2019-05-22 20:04 - 2019-05-22 20:04 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\kelly\Desktop\rkill64.exe
2019-05-22 20:03 - 2019-05-22 20:32 - 011535320 _____ (SurfRight B.V.) C:\Users\kelly\Desktop\HitmanPro_x64.exe
2019-05-22 20:03 - 2019-05-22 19:53 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\kelly\Desktop\rkill.exe
2019-05-22 20:03 - 2019-05-22 19:52 - 007025360 _____ (Malwarebytes) C:\Users\kelly\Desktop\AdwCleaner.exe
2019-05-22 07:36 - 2019-05-22 07:36 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-05-22 07:36 - 2019-05-22 07:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-05-22 07:36 - 2019-05-22 07:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-05-22 07:36 - 2019-05-22 07:36 - 000000000 ____D C:\Program Files\Malwarebytes
2019-05-22 07:36 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-05-22 07:36 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-05-22 07:22 - 2019-05-22 20:59 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-05-21 18:37 - 2019-05-21 18:37 - 000000000 ____D C:\SUPERDelete
2019-05-21 18:36 - 2019-05-21 19:58 - 000000542 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d8199961-fda0-4f33-ad12-3b75d1583960.job
2019-05-21 18:36 - 2019-05-21 19:58 - 000000542 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 0ab2d69a-07a1-45a9-90cf-5634302a38f5.job
2019-05-21 18:36 - 2019-05-21 18:36 - 000003782 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 0ab2d69a-07a1-45a9-90cf-5634302a38f5
2019-05-21 18:36 - 2019-05-21 18:36 - 000003700 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task d8199961-fda0-4f33-ad12-3b75d1583960
2019-05-21 18:36 - 2019-05-21 18:36 - 000000000 ____D C:\Users\kelly\AppData\Roaming\SUPERAntiSpyware.com
2019-05-21 18:35 - 2019-05-21 18:36 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2019-05-21 18:35 - 2019-05-21 18:35 - 000001856 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2019-05-21 18:35 - 2019-05-21 18:35 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2019-05-21 18:35 - 2019-05-21 18:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2019-05-21 18:35 - 2019-05-21 18:32 - 041050880 _____ (SUPERAntiSpyware) C:\Users\kelly\Desktop\SUPERAntiSpyware.exe
2019-05-21 13:51 - 2019-05-21 13:51 - 000267119 _____ C:\Users\kelly\Downloads\Malware Removal Tips for Computer Users_ Delete Conhost.exe Completely---Trojan Threat Removal.html
2019-05-21 13:51 - 2019-05-21 13:51 - 000000000 ____D C:\Users\kelly\Downloads\Malware Removal Tips for Computer Users_ Delete Conhost.exe Completely---Trojan Threat Removal_files
2019-05-21 12:52 - 2019-05-23 13:47 - 000001642 _____ C:\Users\kelly\Desktop\Rkill.txt
2019-05-21 12:52 - 2019-05-21 12:52 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\kelly\Downloads\iExplore.exe
2019-05-21 12:52 - 2019-05-21 12:52 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\kelly\Downloads\iExplore64.exe
2019-05-21 12:37 - 2019-05-21 12:37 - 000002340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-21 12:37 - 2019-05-21 12:37 - 000002299 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-21 10:43 - 2019-05-21 10:43 - 000000000 ____D C:\Users\kelly\AppData\Local\mbamtray
2019-05-21 10:43 - 2019-05-21 10:43 - 000000000 ____D C:\Users\kelly\AppData\Local\mbam
2019-05-21 10:39 - 2019-05-20 23:04 - 063413152 _____ (Malwarebytes ) C:\Users\kelly\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.586-1.0.10677.exe
2019-05-21 10:33 - 2007-12-29 16:03 - 345191605 _____ (Waves Ltd. ) C:\Users\kelly\Desktop\setup.exe
2019-05-20 12:00 - 2018-12-24 07:18 - 000218408 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2019-05-20 11:58 - 2019-05-20 22:53 - 000003316 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2019-05-20 11:57 - 2019-05-20 11:57 - 000000000 ____D C:\Program Files\McAfee.com
2019-05-20 11:56 - 2019-05-23 13:50 - 000000000 ____D C:\Program Files (x86)\McAfee
2019-05-20 11:56 - 2019-05-20 11:56 - 000003706 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2019-05-20 11:56 - 2019-05-20 11:56 - 000000000 ____D C:\Program Files\Common Files\AV
2019-05-20 11:52 - 2019-01-15 18:11 - 000509728 _____ (McAfee, LLC) C:\WINDOWS\system32\mfevtps.exe
2019-05-20 11:40 - 2019-05-20 11:40 - 000000000 ____D C:\ProgramData\zTAGkJwVt
2019-05-20 11:36 - 2019-05-20 11:36 - 000000000 ____D C:\WINDOWS\Minidump
2019-05-20 11:36 - 2019-05-20 11:36 - 000000000 _____ C:\WINDOWS\Minidump\052019-87500-01.dmp
2019-05-20 10:55 - 2019-05-20 10:55 - 002930176 _____ C:\WINDOWS\system32\dwbotghsvc.exe
2019-05-20 10:52 - 2019-05-20 10:52 - 000000000 ____D C:\ProgramData\AGData
2019-05-20 10:51 - 2019-05-20 10:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreamTrips
2019-05-20 10:50 - 2019-05-20 10:51 - 000000000 ____D C:\ProgramData\JV0O86JQLOHZQ33KYO4Y7PGAW
2019-05-20 10:50 - 2019-05-20 10:50 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2019-05-20 10:50 - 2019-05-20 10:50 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2019-05-20 10:50 - 2019-05-20 10:50 - 000000000 ____D C:\WINDOWS\SysWOW64\snsgctx
2019-05-20 10:50 - 2019-05-20 10:50 - 000000000 ____D C:\WINDOWS\system32\snsgctx
2019-05-20 10:47 - 2019-05-20 10:47 - 000000000 ____D C:\ProgramData\{DCD43F6E-8452-6934-2A99-B7E52A7EEEB4}
2019-05-20 10:47 - 2019-05-20 10:47 - 000000000 ____D C:\ProgramData\{7618AA10-112C-C3F8-540C-7B4F54EB221E}
2019-05-20 10:45 - 2019-05-20 10:45 - 000000012 _____ C:\WINDOWS\b82854619
2019-05-20 10:41 - 2019-05-20 10:51 - 000003372 _____ C:\WINDOWS\System32\Tasks\SearchTools
2019-05-20 10:41 - 2019-05-20 10:41 - 000000000 ____D C:\ProgramData\US-Media Capital
2019-05-20 10:39 - 2019-05-20 10:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2019-05-20 10:39 - 2019-05-20 10:39 - 000000000 ____D C:\Program Files\7-Zip
2019-05-20 10:37 - 2019-05-20 10:38 - 001447178 _____ (Igor Pavlov) C:\Users\kelly\Downloads\7z1900-x64.exe
2019-05-18 15:18 - 2019-05-18 15:18 - 000000108 ____H C:\Users\kelly\Desktop\.~lock.Fork biscuits.docx#
2019-05-17 21:51 - 2019-05-17 21:51 - 000002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-05-17 21:51 - 2019-05-17 21:51 - 000002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-05-17 21:51 - 2019-05-17 21:51 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-05-17 21:51 - 2019-05-17 21:51 - 000002422 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-05-17 21:51 - 2019-05-17 21:51 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-05-17 21:51 - 2019-05-17 21:51 - 000002410 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-05-17 21:51 - 2019-05-17 21:51 - 000002402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-05-17 21:51 - 2019-05-17 21:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-05-14 22:27 - 2019-05-02 23:31 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-05-14 22:27 - 2019-05-02 23:31 - 007519888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-05-14 22:27 - 2019-05-02 23:31 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-05-14 22:27 - 2019-05-02 23:18 - 006569344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-14 22:27 - 2019-05-02 23:12 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-05-14 22:27 - 2019-05-02 23:10 - 022017024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-05-14 22:27 - 2019-05-02 23:05 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-05-14 22:27 - 2019-05-02 22:56 - 005350912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-05-14 22:27 - 2019-05-02 22:54 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-05-14 22:26 - 2019-05-03 05:14 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-05-14 22:26 - 2019-05-03 05:13 - 001376472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-05-14 22:26 - 2019-05-03 04:51 - 003613696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-05-14 22:26 - 2019-05-03 04:51 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-05-14 22:26 - 2019-05-03 04:50 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-05-14 22:26 - 2019-05-03 04:50 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-05-14 22:26 - 2019-05-03 04:49 - 001288704 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-05-14 22:26 - 2019-05-03 04:43 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-05-14 22:26 - 2019-05-03 04:43 - 000662328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-05-14 22:26 - 2019-05-03 04:28 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-05-14 22:26 - 2019-05-03 04:25 - 004055040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-05-14 22:26 - 2019-05-03 04:25 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-05-14 22:26 - 2019-05-02 23:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-05-14 22:26 - 2019-05-02 23:33 - 005625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-05-14 22:26 - 2019-05-02 23:33 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-05-14 22:26 - 2019-05-02 23:33 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-05-14 22:26 - 2019-05-02 23:33 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-05-14 22:26 - 2019-05-02 23:32 - 000793640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-05-14 22:26 - 2019-05-02 23:32 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-05-14 22:26 - 2019-05-02 23:32 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-05-14 22:26 - 2019-05-02 23:31 - 002811192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-05-14 22:26 - 2019-05-02 23:31 - 002771256 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-05-14 22:26 - 2019-05-02 23:31 - 001459328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-05-14 22:26 - 2019-05-02 23:31 - 001260480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-05-14 22:26 - 2019-05-02 23:31 - 001141224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-05-14 22:26 - 2019-05-02 23:31 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-05-14 22:26 - 2019-05-02 23:31 - 000983632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-05-14 22:26 - 2019-05-02 23:31 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-05-14 22:26 - 2019-05-02 23:19 - 006043712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-05-14 22:26 - 2019-05-02 23:19 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-05-14 22:26 - 2019-05-02 23:18 - 002258640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-05-14 22:26 - 2019-05-02 23:18 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-05-14 22:26 - 2019-05-02 23:02 - 019401216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-05-14 22:26 - 2019-05-02 23:02 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-05-14 22:26 - 2019-05-02 23:01 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-05-14 22:26 - 2019-05-02 23:00 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-05-14 22:26 - 2019-05-02 23:00 - 003400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-05-14 22:26 - 2019-05-02 22:59 - 007593472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-05-14 22:26 - 2019-05-02 22:59 - 005788672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-05-14 22:26 - 2019-05-02 22:59 - 003710976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-05-14 22:26 - 2019-05-02 22:58 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-05-14 22:26 - 2019-05-02 22:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-05-14 22:26 - 2019-05-02 22:57 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-05-14 22:26 - 2019-05-02 22:57 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-05-14 22:26 - 2019-05-02 22:57 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-05-14 22:26 - 2019-05-02 22:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-05-14 22:26 - 2019-05-02 22:57 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-05-14 22:26 - 2019-05-02 22:57 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-05-14 22:26 - 2019-05-02 22:56 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-05-14 22:26 - 2019-05-02 22:56 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-05-14 22:26 - 2019-05-02 22:55 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-05-14 22:26 - 2019-05-02 22:55 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-05-14 22:26 - 2019-05-02 22:54 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-05-14 22:26 - 2019-05-02 22:54 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-05-14 22:26 - 2019-05-02 22:54 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-05-14 22:26 - 2019-05-02 22:54 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-05-14 22:26 - 2019-05-02 22:54 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-05-14 22:26 - 2019-05-02 22:54 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-05-14 22:26 - 2019-05-02 22:54 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-05-14 22:26 - 2019-05-02 22:54 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-05-14 22:26 - 2019-05-02 22:53 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-05-14 22:26 - 2019-05-02 22:53 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-05-14 22:26 - 2019-05-02 22:53 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-05-14 22:26 - 2019-05-02 22:53 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-05-14 22:26 - 2019-04-19 03:55 - 001634920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-05-14 22:26 - 2019-04-19 03:54 - 000720200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-05-14 22:26 - 2019-04-19 03:39 - 012754944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-05-14 22:26 - 2019-04-19 03:36 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-05-14 22:26 - 2019-04-19 03:34 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-05-14 22:26 - 2019-04-19 02:44 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-05-14 22:26 - 2019-04-19 02:37 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-05-14 22:26 - 2019-04-19 02:28 - 011940864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-05-14 22:26 - 2019-04-19 02:26 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-05-14 22:26 - 2019-04-18 22:07 - 000985400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-05-14 22:26 - 2019-04-18 22:06 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-05-14 22:26 - 2019-04-18 22:06 - 000798520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-05-14 22:26 - 2019-04-18 22:06 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-05-14 22:26 - 2019-04-18 22:06 - 000274232 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-05-14 22:26 - 2019-04-18 22:02 - 000831800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-05-14 22:26 - 2019-04-18 22:01 - 001982008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-05-14 22:26 - 2019-04-18 22:01 - 000576016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-05-14 22:26 - 2019-04-18 22:01 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-05-14 22:26 - 2019-04-18 21:43 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-05-14 22:26 - 2019-04-18 21:42 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-05-14 22:26 - 2019-04-18 21:40 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-14 22:26 - 2019-04-18 21:39 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-05-14 22:26 - 2019-04-18 21:39 - 000567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-05-14 22:26 - 2019-04-18 21:39 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-05-14 22:26 - 2019-04-18 21:38 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-05-14 22:26 - 2019-04-18 21:38 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-05-14 22:26 - 2019-04-18 21:38 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-05-14 22:26 - 2019-04-18 21:38 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-05-14 22:26 - 2019-04-18 21:37 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-05-14 22:26 - 2019-04-18 21:37 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-05-14 22:26 - 2019-04-18 21:37 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2019-05-14 22:26 - 2019-04-18 21:36 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-05-14 22:26 - 2019-04-18 21:36 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-05-14 22:26 - 2019-04-18 21:36 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-05-14 22:26 - 2019-04-18 21:36 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2019-05-14 22:26 - 2019-04-18 21:35 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-05-14 22:26 - 2019-04-18 21:35 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-05-14 22:26 - 2019-04-18 21:35 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-05-14 22:26 - 2019-04-18 21:35 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2019-05-14 22:26 - 2019-04-18 21:35 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-05-14 22:26 - 2019-04-18 21:35 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-05-14 22:26 - 2019-04-18 21:34 - 000935936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-05-14 22:26 - 2019-04-18 21:34 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-05-14 22:26 - 2019-04-18 21:34 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-05-14 22:26 - 2019-04-18 21:34 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2019-05-14 22:26 - 2019-04-18 20:18 - 000806360 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-05-14 22:26 - 2019-04-18 20:18 - 000806360 _____ C:\WINDOWS\system32\locale.nls
2019-05-14 22:26 - 2019-04-08 18:48 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-05-14 22:25 - 2019-05-03 05:13 - 000396088 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2019-05-14 22:25 - 2019-05-03 04:55 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-05-14 22:25 - 2019-05-03 04:54 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-05-14 22:25 - 2019-05-03 04:52 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-05-14 22:25 - 2019-05-03 04:49 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-05-14 22:25 - 2019-05-03 04:49 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-05-14 22:25 - 2019-05-03 04:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-05-14 22:25 - 2019-05-03 04:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-05-14 22:25 - 2019-05-03 04:28 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-05-14 22:25 - 2019-05-03 04:27 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-05-14 22:25 - 2019-05-03 04:26 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-05-14 22:25 - 2019-05-02 23:43 - 000177128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-05-14 22:25 - 2019-05-02 23:34 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-05-14 22:25 - 2019-05-02 23:33 - 000709720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-05-14 22:25 - 2019-05-02 23:33 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-05-14 22:25 - 2019-05-02 23:33 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-05-14 22:25 - 2019-05-02 23:33 - 000063072 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2019-05-14 22:25 - 2019-05-02 23:32 - 000438984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-05-14 22:25 - 2019-05-02 23:32 - 000209208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-05-14 22:25 - 2019-05-02 23:32 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-05-14 22:25 - 2019-05-02 23:32 - 000164664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-05-14 22:25 - 2019-05-02 23:31 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-05-14 22:25 - 2019-05-02 23:31 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-05-14 22:25 - 2019-05-02 23:20 - 000434704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-05-14 22:25 - 2019-05-02 23:20 - 000384976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-05-14 22:25 - 2019-05-02 23:20 - 000192016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-05-14 22:25 - 2019-05-02 23:20 - 000146920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-05-14 22:25 - 2019-05-02 23:19 - 000056288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2019-05-14 22:25 - 2019-05-02 23:00 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-14 22:25 - 2019-05-02 23:00 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2019-05-14 22:25 - 2019-05-02 22:59 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-05-14 22:25 - 2019-05-02 22:59 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-05-14 22:25 - 2019-05-02 22:59 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-05-14 22:25 - 2019-05-02 22:59 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-05-14 22:25 - 2019-05-02 22:59 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-05-14 22:25 - 2019-05-02 22:58 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-05-14 22:25 - 2019-05-02 22:58 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-05-14 22:25 - 2019-05-02 22:58 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-05-14 22:25 - 2019-05-02 22:58 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-05-14 22:25 - 2019-05-02 22:58 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-05-14 22:25 - 2019-05-02 22:57 - 001295872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-05-14 22:25 - 2019-05-02 22:56 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-05-14 22:25 - 2019-05-02 22:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-05-14 22:25 - 2019-05-02 22:55 - 000659968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-05-14 22:25 - 2019-05-02 22:54 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-05-14 22:25 - 2019-05-02 22:54 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-05-14 22:25 - 2019-05-02 22:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-05-14 22:25 - 2019-05-02 21:38 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-05-14 22:25 - 2019-04-23 00:13 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-05-14 22:25 - 2019-04-22 23:14 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-05-14 22:25 - 2019-04-19 03:40 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-05-14 22:25 - 2019-04-19 03:38 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDSPnf.exe
2019-05-14 22:25 - 2019-04-19 03:38 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfproc.dll
2019-05-14 22:25 - 2019-04-19 02:30 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfproc.dll
2019-05-14 22:25 - 2019-04-19 02:25 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-05-14 22:25 - 2019-04-18 22:06 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-05-14 22:25 - 2019-04-18 22:01 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-05-14 22:25 - 2019-04-18 21:41 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-05-14 22:25 - 2019-04-18 21:41 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\EduPrintProv.exe
2019-05-14 22:25 - 2019-04-18 21:40 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-05-14 22:25 - 2019-04-18 21:40 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-05-14 22:25 - 2019-04-18 21:40 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2019-05-14 22:25 - 2019-04-18 21:40 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2019-05-14 22:25 - 2019-04-18 21:39 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-05-14 22:25 - 2019-04-18 21:39 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll
2019-05-14 22:25 - 2019-04-18 21:39 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-05-14 22:25 - 2019-04-18 21:38 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-05-14 22:25 - 2019-04-18 21:38 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-05-14 22:25 - 2019-04-18 21:37 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-05-14 22:25 - 2019-04-18 21:37 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-05-14 22:25 - 2019-04-18 21:37 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-05-14 22:25 - 2019-04-18 21:37 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-05-14 22:25 - 2019-04-18 21:36 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2019-05-14 22:25 - 2019-04-18 21:36 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-05-14 22:25 - 2019-04-18 21:36 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-05-14 22:25 - 2019-04-18 21:35 - 001938944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2019-05-14 22:25 - 2019-04-18 21:35 - 000535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2019-05-14 22:25 - 2019-04-18 21:35 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-05-14 22:25 - 2019-04-18 21:34 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-05-14 22:25 - 2019-04-08 18:48 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-05-14 22:25 - 2019-04-08 18:48 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-05-14 22:25 - 2019-04-08 18:48 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-05-14 22:25 - 2019-04-08 18:48 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-05-11 11:37 - 2019-05-11 11:37 - 000041838 _____ C:\Users\kelly\Desktop\raffle letter.pdf
2019-05-11 11:35 - 2019-05-11 11:35 - 000035207 _____ C:\Users\kelly\Downloads\Raffle Letter PP.pdf
2019-04-28 21:11 - 2018-09-19 21:12 - 001483576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll

==================== One month (Modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-24 08:58 - 2018-11-21 18:56 - 000000000 ____D C:\Users\kelly\AppData\Local\Adobe
2019-05-24 08:54 - 2018-06-13 01:23 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-23 21:28 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-23 21:15 - 2018-06-13 01:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-05-23 21:13 - 2018-04-11 14:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-05-23 21:13 - 2017-10-31 12:32 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2019-05-23 21:12 - 2018-11-21 15:37 - 000000000 ____D C:\Users\kelly\AppData\Local\Everything
2019-05-23 21:12 - 2018-11-21 00:37 - 000000000 ____D C:\Users\kelly\AppData\Roaming\Everything
2019-05-23 17:44 - 2018-12-11 22:24 - 000007599 _____ C:\Users\kelly\AppData\Local\Resmon.ResmonCfg
2019-05-23 17:34 - 2018-06-13 01:53 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2019-05-23 17:30 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-23 14:41 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-23 13:57 - 2018-06-13 01:28 - 000931448 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-23 13:57 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
2019-05-23 09:49 - 2018-06-13 01:53 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2565066577-4024063832-252566065-1001
2019-05-23 09:48 - 2018-06-13 01:30 - 000002370 _____ C:\Users\kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-05-23 09:48 - 2017-12-25 22:27 - 000000000 ___RD C:\Users\kelly\OneDrive
2019-05-23 09:42 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-05-22 19:32 - 2018-06-13 01:30 - 000000000 ____D C:\Users\kelly
2019-05-22 07:36 - 2018-04-11 16:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-05-21 12:28 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-05-21 12:01 - 2017-10-31 12:43 - 000002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk
2019-05-21 11:54 - 2018-11-21 15:34 - 000000000 ____D C:\ProgramData\Cdes
2019-05-21 11:43 - 2018-04-11 16:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-05-20 22:55 - 2018-11-22 23:35 - 000000000 ____D C:\Program Files\Common Files\McAfee
2019-05-20 22:50 - 2017-10-31 12:47 - 000000000 ____D C:\ProgramData\mcafee
2019-05-20 22:46 - 2018-04-11 14:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-05-20 13:36 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-05-20 12:00 - 2017-10-31 12:47 - 000000000 ____D C:\Program Files\mcafee
2019-05-20 10:54 - 2018-11-21 00:51 - 000000000 ____D C:\Users\kelly\AppData\Roaming\Azureus
2019-05-20 10:43 - 2018-11-21 00:51 - 000000000 ____D C:\Users\kelly\Documents\Vuze Downloads
2019-05-17 21:49 - 2017-05-18 03:16 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-05-17 21:19 - 2018-04-11 14:04 - 018612224 _____ C:\WINDOWS\system32\config\HARDWARE
2019-05-17 21:18 - 2018-06-13 01:23 - 005137752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-05-17 21:09 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-05-17 21:09 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-05-17 21:09 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-05-17 21:09 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-05-16 20:56 - 2018-11-15 20:17 - 000000000 ____D C:\Program Files\rempl
2019-05-14 22:24 - 2017-12-26 20:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-14 22:15 - 2017-12-26 20:00 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-14 21:24 - 2018-06-13 01:53 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-14 21:24 - 2018-06-13 01:53 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-11 09:52 - 2018-11-23 00:23 - 000002163 _____ C:\Users\kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2019-05-03 16:53 - 2018-07-11 17:49 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-05-03 16:53 - 2018-07-11 17:49 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-01 22:10 - 2018-01-04 23:05 - 000000000 ____D C:\Users\kelly\AppData\Local\Packages
2019-04-26 11:23 - 2018-02-25 21:41 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

==================== Files in the root of some directories =======

2019-05-20 10:50 - 2019-05-20 10:50 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2019-05-20 10:50 - 2019-05-20 10:50 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2018-12-11 22:24 - 2019-05-23 17:44 - 000007599 _____ () C:\Users\kelly\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-13 01:23

==================== End of FRST.txt ============================

Addition.txt

Share this post


Link to post
Share on other sites

Hi,

Nothing suspicious was found in your logs.

--RogueKiller--

  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED  
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.


=======

Read carefully and follow these steps.
TDSS

  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

  • If an infected file is detected, the default action will be Cure, click on Continue.

  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.

  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


===
 

Share this post


Link to post
Share on other sites

Rogue Killer result:

 

RogueKiller Anti-Malware V13.2.1.0 (x64) [May 22 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17134) 64 bits
Started in : Normal mode
User : kelly [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190514_092255, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/05/24 11:35:41 (Duration : 00:23:08)
Switches : -refid 3

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] (ESET, spol. s r.o.) \EOSv3 Scheduler onLogOn -- C:\Users\kelly\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\esetonlinescanner_enu (1).exe [LOGON] -> Found
[Suspicious.Path (Potentially Malicious)] (ESET, spol. s r.o.) \EOSv3 Scheduler onTime -- C:\Users\kelly\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\esetonlinescanner_enu (1).exe [SCHED] -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.OnlineIO (Potentially Malicious)] (folder) AdvinstAnalytics -- C:\Users\kelly\AppData\Local\AdvinstAnalytics -> Found
[PUP.OnlineIO (Potentially Malicious)] (folder) AGData -- C:\ProgramData\AGData -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 

Share this post


Link to post
Share on other sites

TDSS Killer report:

 

12:01:56.0749 11832  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:01:56.0749 11832  UEFI system
12:01:56.0950 11832  ============================================================
12:01:56.0950 11832  Current date / time: 2019/05/24 12:01:56.0950
12:01:56.0950 11832  SystemInfo:
12:01:56.0951 11832  
12:01:56.0951 11832  OS Version: 6.2.9200 ServicePack: 0.0
12:01:56.0951 11832  Product type: Workstation
12:01:56.0951 11832  ComputerName: LAPTOP-5H1B9L6F
12:01:56.0952 11832  UserName: kelly
12:01:56.0952 11832  Windows directory: C:\WINDOWS
12:01:56.0952 11832  System windows directory: C:\WINDOWS
12:01:56.0952 11832  Running under WOW64
12:01:56.0952 11832  Processor architecture: Intel x64
12:01:56.0952 11832  Number of processors: 4
12:01:56.0952 11832  Page size: 0x1000
12:01:56.0952 11832  Boot type: Normal boot
12:01:56.0952 11832  ============================================================
12:02:00.0666 11832  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:02:00.0698 11832  Drive \Device\Harddisk1\DR6 - Size: 0x76E480000 (29.72 Gb), SectorSize: 0x200, Cylinders: 0xF28, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:02:00.0704 11832  ============================================================
12:02:00.0704 11832  \Device\Harddisk0\DR0:
12:02:00.0705 11832  GPT partitions:
12:02:00.0705 11832  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {00770499-5004-4599-8F09-C3B73B56D199}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x82000
12:02:00.0706 11832  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {DCFDAFCF-B5A2-4577-97A7-4E1C5BC8C1A7}, Name: Microsoft reserved partition, StartLBA 0x82800, BlocksNum 0x8000
12:02:00.0706 11832  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {67D2E6BE-81D4-4A89-8764-07A2E8F3E2F4}, Name: Basic data partition, StartLBA 0x8A800, BlocksNum 0x3850E800
12:02:00.0706 11832  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {8F358493-95E1-4F76-BCB3-43B46D11465F}, Name: Basic data partition, StartLBA 0x38599000, BlocksNum 0x1EA000
12:02:00.0706 11832  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {C769A196-E7C6-4428-BA92-46543203C9EC}, Name: Basic data partition, StartLBA 0x38783000, BlocksNum 0x1C00000
12:02:00.0706 11832  MBR partitions:
12:02:00.0706 11832  \Device\Harddisk1\DR6:
12:02:00.0707 11832  MBR partitions:
12:02:00.0707 11832  \Device\Harddisk1\DR6\Partition1: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x3B70400
12:02:00.0707 11832  ============================================================
12:02:00.0777 11832 😄 <-> \Device\Harddisk0\DR0\Partition3
12:02:00.0859 11832  D: <-> \Device\Harddisk0\DR0\Partition5
12:02:00.0859 11832  ============================================================
12:02:00.0859 11832  Initialize success
12:02:00.0859 11832  ============================================================
12:02:08.0815 6600  ============================================================
12:02:08.0815 6600  Scan started
12:02:08.0815 6600  Mode: Manual; 
12:02:08.0815 6600  ============================================================
12:02:12.0538 6600  ================ Scan system memory ========================
12:02:12.0538 6600  System memory - ok
12:02:12.0539 6600  ================ Scan services =============================
12:02:12.0699 6600  [ 98E06CAC2C508118450095E581202230 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
12:02:12.0704 6600  !SASCORE - ok
12:02:13.0170 6600  1394ohci - ok
12:02:13.0179 6600  3ware - ok
12:02:13.0195 6600  ACPI - ok
12:02:13.0211 6600  AcpiDev - ok
12:02:13.0267 6600  acpiex - ok
12:02:13.0278 6600  acpipagr - ok
12:02:13.0314 6600  [ 6AFFD57803BBB6FBCB483F983900A5C4 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
12:02:13.0339 6600  AcpiPmi - ok
12:02:13.0348 6600  acpitime - ok
12:02:13.0401 6600  [ 22B7D262CABF7DEFA015EDE9E4591143 ] AdaptiveSleepService C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
12:02:13.0404 6600  AdaptiveSleepService - ok
12:02:13.0416 6600  ADP80XX - ok
12:02:13.0440 6600  AFD - ok
12:02:13.0489 6600  [ F267095A11A461BEF39FB180750BE801 ] afunix          C:\WINDOWS\system32\drivers\afunix.sys
12:02:13.0496 6600  afunix - ok
12:02:13.0543 6600  [ 0CD0F0C62414217DE9EA7EC8D425277E ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
12:02:13.0551 6600  ahcache - ok
12:02:13.0593 6600  [ 2BF4DA8EC5F1A0D88D2DDE1E6821076B ] AJRouter        C:\WINDOWS\System32\AJRouter.dll
12:02:13.0650 6600  AJRouter - ok
12:02:13.0678 6600  [ 9E9D78D1C179EB2E3E2282A1DC409D93 ] ALG             C:\WINDOWS\System32\alg.exe
12:02:13.0682 6600  ALG - ok
12:02:13.0732 6600  [ A14F2849549926A42730522D934BCABE ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
12:02:13.0791 6600  AMD External Events Utility - ok
12:02:13.0828 6600  [ 03D8DDCBAEE9DCF911EF372D8BCECCA1 ] AmdAS4          C:\WINDOWS\System32\drivers\AmdAS4.sys
12:02:13.0831 6600  AmdAS4 - ok
12:02:13.0854 6600  AmdK8 - ok
12:02:13.0908 6600  [ 704DDBC49CE4202978650410AC3D28B5 ] amdkmcsp        C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys
12:02:13.0912 6600  amdkmcsp - ok
12:02:14.0047 6600  amdkmdag - ok
12:02:14.0117 6600  [ 12C6961B209203E19AB103D1BE0CF80B ] amdkmdap        C:\WINDOWS\System32\DriverStore\FileRepository\c0312549.inf_amd64_d0c053e57e0c1fd8\atikmpag.sys
12:02:14.0126 6600  amdkmdap - ok
12:02:14.0142 6600  AmdPPM - ok
12:02:14.0169 6600  [ 83E2896CAA706FD821AF2B7CACB73994 ] amdpsp          C:\WINDOWS\system32\DRIVERS\amdpsp.sys
12:02:14.0172 6600  amdpsp - ok
12:02:14.0203 6600  amdsata - ok
12:02:14.0218 6600  amdsbs - ok
12:02:14.0227 6600  amdxata - ok
12:02:14.0367 6600  [ 2CCB04097E143C7F82333863343C838C ] AppHostSvc      C:\WINDOWS\system32\inetsrv\apphostsvc.dll
12:02:14.0426 6600  AppHostSvc - ok
12:02:14.0583 6600  AppID - ok
12:02:14.0626 6600  [ F1A04835C7FA75C8215961C1095D5EBF ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
12:02:14.0630 6600  AppIDSvc - ok
12:02:14.0679 6600  [ 48EA4B4CCC920D130529A1EF85388B6A ] Appinfo         C:\WINDOWS\System32\appinfo.dll
12:02:14.0683 6600  Appinfo - ok
12:02:14.0716 6600  [ 0122ECE34AEEC95212A211C016270937 ] AppleLowerFilter C:\WINDOWS\System32\drivers\AppleLowerFilter.sys
12:02:14.0719 6600  AppleLowerFilter - ok
12:02:14.0791 6600  [ 769316CA5884FBBD02D45C28FE105922 ] applockerfltr   C:\WINDOWS\system32\drivers\applockerfltr.sys
12:02:14.0794 6600  applockerfltr - ok
12:02:14.0830 6600  AppReadiness - ok
12:02:14.0871 6600  AppXSvc - ok
12:02:14.0893 6600  arcsas - ok
12:02:15.0119 6600  [ 9EDC7F9BB19D3F12EB05437BD5687C8A ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:02:15.0252 6600  aspnet_state - ok
12:02:15.0260 6600  AsyncMac - ok
12:02:15.0279 6600  atapi - ok
12:02:15.0329 6600  [ 482D2BAB840034F65046D0F2F42E2BEB ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdWT6.sys
12:02:15.0356 6600  AtiHDAudioService - ok
12:02:15.0395 6600  AudioEndpointBuilder - ok
12:02:15.0405 6600  Audiosrv - ok
12:02:15.0468 6600  [ D7BFD86F7A9ABE39351199869D093110 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
12:02:15.0690 6600  AxInstSV - ok
12:02:15.0719 6600  b06bdrv - ok
12:02:15.0764 6600  [ 982FAA5686F67BFEF3E6094705C2621F ] bam             C:\WINDOWS\system32\drivers\bam.sys
12:02:15.0767 6600  bam - ok
12:02:15.0800 6600  BasicDisplay - ok
12:02:15.0810 6600  BasicRender - ok
12:02:15.0856 6600  BcastDVRUserService - ok
12:02:16.0023 6600  bcmfn2 - ok
12:02:16.0034 6600  BDESVC - ok
12:02:16.0087 6600  [ 9B068DF7B7B3DDF768D06DFD69B49FD0 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
12:02:16.0090 6600  Beep - ok
12:02:16.0106 6600  BFE - ok
12:02:16.0125 6600  bindflt - ok
12:02:16.0185 6600  [ 97F4C0B9741E06BAC6AD2D93ABCEAED8 ] BITS            C:\WINDOWS\System32\qmgr.dll
12:02:17.0329 6600  BITS - ok
12:02:17.0411 6600  [ 30D75769E23CCFBE13DB41FC54243BB1 ] BluetoothUserService C:\WINDOWS\System32\Microsoft.Bluetooth.UserService.dll
12:02:17.0431 6600  BluetoothUserService - ok
12:02:17.0511 6600  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:02:17.0515 6600  Bonjour Service - ok
12:02:17.0527 6600  bowser - ok
12:02:17.0544 6600  BrokerInfrastructure - ok
12:02:17.0594 6600  [ 3E4BF0145201239E0BBD0A937431C14C ] Browser         C:\WINDOWS\System32\browser.dll
12:02:17.0600 6600  Browser - ok
12:02:17.0657 6600  BTAGService - ok
12:02:17.0683 6600  BthAvctpSvc - ok
12:02:17.0706 6600  BthHFEnum - ok
12:02:17.0753 6600  [ A0EC1D5C937995A2C5F1179538A8A6B4 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
12:02:17.0761 6600  BTHMODEM - ok
12:02:17.0788 6600  bthserv - ok
12:02:17.0820 6600  bttflt - ok
12:02:17.0829 6600  buttonconverter - ok
12:02:17.0876 6600  [ 9983FF8D9834F2E67787F4BDC42A8E36 ] CAD             C:\WINDOWS\System32\drivers\CAD.sys
12:02:17.0879 6600  CAD - ok
12:02:17.0939 6600  camsvc - ok
12:02:17.0953 6600  CapImg - ok
12:02:17.0966 6600  cdfs - ok
12:02:17.0982 6600  CDPSvc - ok
12:02:18.0032 6600  CDPUserSvc - ok
12:02:18.0056 6600  cdrom - ok
12:02:18.0102 6600  CertPropSvc - ok
12:02:18.0156 6600  [ 12585408FAF9E06CAFD409D8D79D396B ] cfwids          C:\WINDOWS\system32\drivers\cfwids.sys
12:02:18.0159 6600  cfwids - ok
12:02:18.0198 6600  cht4iscsi - ok
12:02:18.0214 6600  cht4vbd - ok
12:02:18.0241 6600  [ 3AA86DA04A561E8162C2DBBF92D12074 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
12:02:18.0259 6600  circlass - ok
12:02:18.0281 6600  CldFlt - ok
12:02:18.0308 6600  CLFS - ok
12:02:19.0319 6600  [ 2ECE761947E146AD72EA2EE2C488D80F ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
12:02:19.0378 6600  ClickToRunSvc - ok
12:02:19.0640 6600  [ 84B5DFEE574C64A2C9CC77C95BABFEC9 ] ClientAnalyticsService C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
12:02:19.0654 6600  ClientAnalyticsService - ok
12:02:19.0705 6600  [ 5BD85187D6A6A37D2A4563F33D7A76E4 ] ClipSVC         C:\WINDOWS\System32\ClipSVC.dll
12:02:19.0716 6600  ClipSVC - ok
12:02:19.0817 6600  CmBatt - ok
12:02:19.0832 6600  CNG - ok
12:02:20.0111 6600  [ 037DCC7A71938729CB12E8174E03031C ] cnghwassist     C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
12:02:20.0124 6600  cnghwassist - ok
12:02:20.0259 6600  [ E40C99A3E0FFF49687F2187BF3E3050D ] CompositeBus    C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_bcb89b3386563bd7\CompositeBus.sys
12:02:20.0261 6600  CompositeBus - ok
12:02:20.0269 6600  COMSysApp - ok
12:02:20.0291 6600  condrv - ok
12:02:20.0319 6600  CoreMessagingRegistrar - ok
12:02:20.0353 6600  CryptSvc - ok
12:02:20.0403 6600  [ 8711386E9B04357F8F58166760759F3A ] dam             C:\WINDOWS\system32\drivers\dam.sys
12:02:20.0408 6600  dam - ok
12:02:20.0558 6600  [ A1F58FFF448E4099297D6EE0641D4D0E ] dbupdate        C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
12:02:20.0561 6600  dbupdate - ok
12:02:20.0604 6600  [ A1F58FFF448E4099297D6EE0641D4D0E ] dbupdatem       C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
12:02:20.0606 6600  dbupdatem - ok
12:02:20.0623 6600  DcomLaunch - ok
12:02:20.0655 6600  defragsvc - ok
12:02:20.0663 6600  DeviceAssociationService - ok
12:02:20.0686 6600  DeviceInstall - ok
12:02:20.0726 6600  [ 38D6ED38A46F815C24C5656E8A5AB083 ] DevicePickerUserSvc C:\WINDOWS\System32\Windows.Devices.Picker.dll
12:02:20.0993 6600  DevicePickerUserSvc - ok
12:02:21.0098 6600  [ 372BD821867225F32DE87A6B3FEC8A2E ] DevicesFlowUserSvc C:\WINDOWS\System32\DevicesFlowBroker.dll
12:02:21.0110 6600  DevicesFlowUserSvc - ok
12:02:21.0205 6600  [ C48C4D6B8D9C53F0399DEDA402A6FAE5 ] DevQueryBroker  C:\WINDOWS\system32\DevQueryBroker.dll
12:02:21.0213 6600  DevQueryBroker - ok
12:02:21.0231 6600  Dfsc - ok
12:02:21.0260 6600  Dhcp - ok
12:02:21.0332 6600  diagnosticshub.standardcollector.service - ok
12:02:21.0389 6600  [ 6EC6BB6EF31C85FD72D14BE4A1BD1B03 ] diagsvc         C:\WINDOWS\system32\DiagSvc.dll
12:02:21.0398 6600  diagsvc - ok
12:02:21.0423 6600  DiagTrack - ok
12:02:21.0437 6600  Disk - ok
12:02:21.0474 6600  DmEnrollmentSvc - ok
12:02:21.0497 6600  dmvsc - ok
12:02:21.0542 6600  [ 8B3601E34BD1D693598F968D70361C37 ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
12:02:21.0549 6600  dmwappushservice - ok
12:02:21.0578 6600  Dnscache - ok
12:02:21.0614 6600  [ C79E79CD4DE45EC0EC0ECB5C76D6CB11 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
12:02:21.0623 6600  dot3svc - ok
12:02:21.0668 6600  [ 5B1EF28DE7302A6BD5DF8459E2C598EF ] DPS             C:\WINDOWS\system32\dps.dll
12:02:21.0677 6600  DPS - ok
12:02:21.0704 6600  drmkaud - ok
12:02:21.0743 6600  DsmSvc - ok
12:02:21.0767 6600  DsSvc - ok
12:02:21.0793 6600  DusmSvc - ok
12:02:21.0810 6600  DXGKrnl - ok
12:02:21.0820 6600  Eaphost - ok
12:02:21.0833 6600  ebdrv - ok
12:02:21.0894 6600  EFS - ok
12:02:21.0904 6600  EhStorClass - ok
12:02:21.0912 6600  EhStorTcgDrv - ok
12:02:21.0955 6600  [ 80D5BD4804C587B21A121566549A63FB ] embeddedmode    C:\WINDOWS\System32\embeddedmodesvc.dll
12:02:21.0965 6600  embeddedmode - ok
12:02:21.0994 6600  EntAppSvc - ok
12:02:22.0007 6600  ErrDev - ok
12:02:22.0101 6600  [ 9B538A1E44E1D61FA80E80EA75A085FA ] EventSystem     C:\WINDOWS\system32\es.dll
12:02:22.0112 6600  EventSystem - ok
12:02:22.0251 6600  [ 0A02476BD4A0E3F367A7922A3D456626 ] Everything      C:\Program Files\Everything\Everything.exe
12:02:22.0265 6600  Everything - ok
12:02:22.0284 6600  exfat - ok
12:02:22.0295 6600  fastfat - ok
12:02:22.0361 6600  [ BBD6407DA3DA4FC718710587E253C7BF ] Fax             C:\WINDOWS\system32\fxssvc.exe
12:02:22.0375 6600  Fax - ok
12:02:22.0414 6600  fdc - ok
12:02:22.0455 6600  [ A2037943CCC079307A383C5543607CEF ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
12:02:22.0464 6600  fdPHost - ok
12:02:22.0499 6600  [ C11A1A9CF331B7AA2F04974EE262EC07 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
12:02:22.0507 6600  FDResPub - ok
12:02:22.0554 6600  [ 71CECDA2DCF81E0AD8C30440C77966E2 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
12:02:22.0563 6600  fhsvc - ok
12:02:22.0599 6600  [ 9BC7FE262AF52B341048234809AA7D91 ] FileCrypt       C:\WINDOWS\system32\drivers\filecrypt.sys
12:02:22.0656 6600  FileCrypt - ok
12:02:22.0670 6600  FileInfo - ok
12:02:22.0679 6600  Filetrace - ok
12:02:22.0686 6600  flpydisk - ok
12:02:22.0696 6600  FltMgr - ok
12:02:22.0722 6600  FontCache - ok
12:02:22.0855 6600  FontCache3.0.0.0 - ok
12:02:22.0909 6600  FrameServer - ok
12:02:22.0947 6600  FsDepends - ok
12:02:22.0955 6600  Fs_Rec - ok
12:02:22.0970 6600  fvevol - ok
12:02:23.0013 6600  [ 71DBED7FB264DB60341BC796EC2E8135 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
12:02:23.0169 6600  gencounter - ok
12:02:23.0187 6600  genericusbfn - ok
12:02:23.0350 6600  [ B896566BEFE1F8C000EB1194A562C962 ] GoogleChromeElevationService C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\elevation_service.exe
12:02:23.0364 6600  GoogleChromeElevationService - ok
12:02:23.0425 6600  GPIOClx0101 - ok
12:02:23.0437 6600  gpsvc - ok
12:02:23.0489 6600  [ 508614CAC7BF8AEE4FB9002A413919B1 ] GpuEnergyDrv    C:\WINDOWS\system32\drivers\gpuenergydrv.sys
12:02:23.0498 6600  GpuEnergyDrv - ok
12:02:23.0533 6600  [ 248739BB0F3A1156A2C0AF51F39A9EA2 ] GraphicsPerfSvc C:\WINDOWS\System32\GraphicsPerfSvc.dll
12:02:23.0543 6600  GraphicsPerfSvc - ok
12:02:23.0626 6600  [ 605CCC9CE1839BC5583017DF7CAE27A6 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:02:23.0629 6600  gupdate - ok
12:02:23.0653 6600  [ 605CCC9CE1839BC5583017DF7CAE27A6 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:02:23.0655 6600  gupdatem - ok
12:02:23.0679 6600  HDAudBus - ok
12:02:23.0708 6600  HidBatt - ok
12:02:23.0734 6600  HidBth - ok
12:02:23.0744 6600  hidi2c - ok
12:02:23.0753 6600  hidinterrupt - ok
12:02:23.0810 6600  [ 1553DF41F4EE4F60B4BEEEC62264BE71 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
12:02:23.0814 6600  HidIr - ok
12:02:23.0829 6600  hidserv - ok
12:02:23.0875 6600  HidUsb - ok
12:02:23.0936 6600  [ DDAD80C1B748C91F22BB23D66CB028A1 ] HipShieldK      C:\WINDOWS\system32\drivers\HipShieldK.sys
12:02:23.0940 6600  HipShieldK - ok
12:02:24.0095 6600  [ D17B3E10A40FC076BFACBD775209A586 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
12:02:24.0098 6600  HitmanProScheduler - ok
12:02:24.0191 6600  [ 8002A736D30BACEDB23AD7A3B96A0BC3 ] HP Comm Recover C:\Program Files\HPCommRecovery\HPCommRecovery.exe
12:02:24.0201 6600  HP Comm Recover - ok
12:02:24.0335 6600  [ 0CD116D0D77D70E5AB02411AF19467AE ] HP Orbit Service C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
12:02:24.0404 6600  HP Orbit Service - ok
12:02:24.0524 6600  [ 490D62566FE7CBEA42C7BEBF7218EEDC ] HPJumpStartBridge c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
12:02:24.0532 6600  HPJumpStartBridge - ok
12:02:24.0619 6600  [ 0E0E87820BB4431B176A00FB95B5503F ] hpqcaslwmiex    C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
12:02:24.0630 6600  hpqcaslwmiex - ok
12:02:24.0666 6600  HpSAMD - ok
12:02:24.0754 6600  [ 517DF0B5228DBA34D8A81DE3B14F5EBA ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
12:02:24.0760 6600  HPSupportSolutionsFrameworkService - ok
12:02:24.0795 6600  [ C4D7622FCFD3FB08FA5E04CBFDC69936 ] HPWMISVC        c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
12:02:24.0807 6600  HPWMISVC - ok
12:02:24.0826 6600  HTTP - ok
12:02:24.0892 6600  [ 9E1F3BA540DB9F4942A3F50A92E5754F ] hvcrash         C:\WINDOWS\System32\drivers\hvcrash.sys
12:02:24.0895 6600  hvcrash - ok
12:02:24.0925 6600  HvHost - ok
12:02:24.0944 6600  hvservice - ok
12:02:24.0991 6600  [ B149905CD7451160B6BFA2191A3F6182 ] HwNClx0101      C:\WINDOWS\system32\Drivers\mshwnclx.sys
12:02:24.0996 6600  HwNClx0101 - ok
12:02:25.0004 6600  hwpolicy - ok
12:02:25.0032 6600  hyperkbd - ok
12:02:25.0038 6600  HyperVideo - ok
12:02:25.0047 6600  i8042prt - ok
12:02:25.0055 6600  iagpio - ok
12:02:25.0063 6600  iai2c - ok
12:02:25.0076 6600  iaLPSS2i_GPIO2 - ok
12:02:25.0082 6600  iaLPSS2i_GPIO2_BXT_P - ok
12:02:25.0091 6600  iaLPSS2i_I2C - ok
12:02:25.0104 6600  iaLPSS2i_I2C_BXT_P - ok
12:02:25.0113 6600  iaLPSSi_GPIO - ok
12:02:25.0133 6600  iaLPSSi_I2C - ok
12:02:25.0143 6600  iaStorAVC - ok
12:02:25.0157 6600  iaStorV - ok
12:02:25.0165 6600  ibbus - ok
12:02:25.0216 6600  icssvc - ok
12:02:25.0249 6600  IKEEXT - ok
12:02:25.0295 6600  [ AA38C19A3D65E8228D822EB18037E19D ] IndirectKmd     C:\WINDOWS\System32\drivers\IndirectKmd.sys
12:02:25.0298 6600  IndirectKmd - ok
12:02:25.0357 6600  InstallService - ok
12:02:25.0724 6600  [ 56F8B3D5503ADEA78D473BAAA0826DC3 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
12:02:25.0929 6600  IntcAzAudAddService - ok
12:02:26.0261 6600  intelide - ok
12:02:26.0304 6600  intelpep - ok
12:02:26.0327 6600  intelppm - ok
12:02:26.0352 6600  iorate - ok
12:02:26.0411 6600  [ FB72A49FAD5C343C8C38948F92D87BBF ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:02:26.0414 6600  IpFilterDriver - ok
12:02:26.0510 6600  [ 9064A49C03F1CED42EAC2B4636C87192 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
12:02:26.0529 6600  iphlpsvc - ok
12:02:26.0564 6600  IPMIDRV - ok
12:02:26.0676 6600  [ 7408B83959A4B8271EF67FD06A6B366B ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
12:02:26.0681 6600  IPNAT - ok
12:02:26.0745 6600  [ 7BEA2228C81FB6E1EADDD54D615B4C7E ] IPT             C:\WINDOWS\System32\drivers\ipt.sys
12:02:26.0750 6600  IPT - ok
12:02:26.0813 6600  [ AD0574F12AA812340BD39071FD30AD1E ] IpxlatCfgSvc    C:\WINDOWS\System32\IpxlatCfg.dll
12:02:26.0825 6600  IpxlatCfgSvc - ok
12:02:26.0893 6600  [ 030AE3773151CFA728C67E38416FAD8D ] irda            C:\WINDOWS\system32\drivers\irda.sys
12:02:26.0900 6600  irda - ok
12:02:26.0963 6600  [ 79D02DC54AB4F85D2C13A728A0E36193 ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
12:02:26.0966 6600  IRENUM - ok
12:02:27.0030 6600  [ 6ADE9DCAF71DCD888320CA47DB8B05EF ] irmon           C:\WINDOWS\System32\irmon.dll
12:02:27.0040 6600  irmon - ok
12:02:27.0085 6600  isapnp - ok
12:02:27.0122 6600  iScsiPrt - ok
12:02:27.0155 6600  ItSas35i - ok
12:02:27.0195 6600  kbdclass - ok
12:02:27.0232 6600  kbdhid - ok
12:02:27.0242 6600  kdnic - ok
12:02:27.0251 6600  KeyIso - ok
12:02:27.0341 6600  KSecDD - ok
12:02:27.0385 6600  KSecPkg - ok
12:02:27.0421 6600  ksthunk - ok
12:02:27.0504 6600  [ C4151271434A490707B4FD4E6AAE9EED ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
12:02:27.0520 6600  KtmRm - ok
12:02:27.0575 6600  LanmanServer - ok
12:02:27.0611 6600  LanmanWorkstation - ok
12:02:27.0705 6600  [ C2A49E8EEE7C3D06ECA80847A42F65D5 ] lfsvc           C:\WINDOWS\System32\lfsvc.dll
12:02:27.0716 6600  lfsvc - ok
12:02:27.0812 6600  [ DB8F10ED986BFE0A5B663A1D067F2CCC ] LicenseManager  C:\WINDOWS\system32\LicenseManagerSvc.dll
12:02:28.0166 6600  LicenseManager - ok
12:02:28.0238 6600  [ 3CF979AFF0196DF3DF5E54DFC049EB1F ] lltdio          C:\WINDOWS\system32\drivers\lltdio.sys
12:02:28.0242 6600  lltdio - ok
12:02:28.0288 6600  [ D6DD748EAC3BC540CFE65C73FE20C099 ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
12:02:28.0302 6600  lltdsvc - ok
12:02:28.0370 6600  lmhosts - ok
12:02:28.0484 6600  LSI_SAS - ok
12:02:28.0492 6600  LSI_SAS2i - ok
12:02:28.0503 6600  LSI_SAS3i - ok
12:02:28.0583 6600  LSI_SSS - ok
12:02:28.0657 6600  LSM - ok
12:02:28.0712 6600  luafv - ok
12:02:28.0784 6600  [ 07514F5635999D7DDB5F3A62B5C5AEB3 ] LxpSvc          C:\WINDOWS\System32\LanguageOverlayServer.dll
12:02:28.0798 6600  LxpSvc - ok
12:02:28.0897 6600  MapsBroker - ok
12:02:28.0939 6600  mausbhost - ok
12:02:28.0952 6600  mausbip - ok
12:02:29.0006 6600  [ 31E4AC0C3D3BAC32082304BD43560760 ] MbamElam        C:\WINDOWS\system32\DRIVERS\MbamElam.sys
12:02:29.0194 6600  MbamElam - ok
12:02:29.0906 6600  [ 4223C695C09CC3027B839803BB0359A1 ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
12:02:30.0032 6600  MBAMService - ok
12:02:30.0072 6600  [ 303F8C619D472C98754B369E582F8E17 ] MBAMSwissArmy   C:\WINDOWS\System32\Drivers\mbamswissarmy.sys
12:02:30.0079 6600  MBAMSwissArmy - ok
12:02:30.0361 6600  [ EB8C42FF8EA450C99B65184B710A02D2 ] McAfee WebAdvisor C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
12:02:30.0369 6600  McAfee WebAdvisor - ok
12:02:30.0561 6600  [ 8C8D32AA58783C078C2D650567AA0C63 ] McAPExe         C:\Program Files\Common Files\McAfee\VSCore_18_12\McApExe.exe
12:02:30.0567 6600  McAPExe - ok
12:02:30.0818 6600  [ 442006E6AF1AD64B9A51B2E189BF389E ] mccspsvc        C:\Program Files\Common Files\McAfee\CSP\3.1.160.0\\McCSPServiceHost.exe
12:02:30.0887 6600  mccspsvc - ok
12:02:30.0900 6600  megasas - ok
12:02:30.0925 6600  megasas2i - ok
12:02:30.0936 6600  megasas35i - ok
12:02:30.0977 6600  megasr - ok
12:02:31.0015 6600  [ 69259AFDF347B5F4AF06E900C4A1F62E ] MessagingService C:\WINDOWS\System32\MessagingService.dll
12:02:31.0028 6600  MessagingService - ok
12:02:31.0071 6600  [ D535BB1F87554BB036397476936E1F4C ] mfeaack         C:\WINDOWS\system32\drivers\mfeaack.sys
12:02:31.0187 6600  mfeaack - ok
12:02:31.0249 6600  [ 37BC79B94FCA941648D07DA4DF5E8199 ] mfeavfk         C:\WINDOWS\system32\drivers\mfeavfk.sys
12:02:31.0256 6600  mfeavfk - ok
12:02:31.0302 6600  [ 15182B93EA3713BF716A0D6CC1677968 ] mfeelamk        C:\WINDOWS\system32\drivers\mfeelamk.sys
12:02:31.0305 6600  mfeelamk - ok
12:02:31.0426 6600  [ 6DDD9C5032FF09E05EAB8476BE97E148 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
12:02:31.0430 6600  mfefire - ok
12:02:31.0471 6600  [ 6BB12981B9D5095C64BDB7EC0542828E ] mfefirek        C:\WINDOWS\system32\drivers\mfefirek.sys
12:02:31.0480 6600  mfefirek - ok
12:02:31.0542 6600  [ F648B37BFE39683D40833140CF129A8E ] mfehidk         C:\WINDOWS\system32\drivers\mfehidk.sys
12:02:31.0553 6600  mfehidk - ok
12:02:31.0615 6600  [ 1C999CA344493B907AE73FE5F4A2611D ] mfemms          C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
12:02:31.0620 6600  mfemms - ok
12:02:31.0676 6600  [ A7CB5EA5C2C89DD17435756FBBE2A6C9 ] mfencbdc        C:\WINDOWS\system32\DRIVERS\mfencbdc.sys
12:02:31.0684 6600  mfencbdc - ok
12:02:31.0724 6600  [ BF4AB0F590DA0480568ACA2B629FE0F3 ] mfencrk         C:\WINDOWS\system32\DRIVERS\mfencrk.sys
12:02:31.0730 6600  mfencrk - ok
12:02:31.0782 6600  [ D1919A1B0166C44413C3A167D3F8F7A0 ] mfeplk          C:\WINDOWS\system32\drivers\mfeplk.sys
12:02:31.0789 6600  mfeplk - ok
12:02:31.0828 6600  [ 6303F5A3D0EB2DFCA717B35023A16A06 ] mfevtp          C:\WINDOWS\system32\mfevtps.exe
12:02:31.0843 6600  mfevtp - ok
12:02:31.0881 6600  [ 9BF88B90B3C682CAFAC41A728EB1336C ] mfewfpk         C:\WINDOWS\system32\drivers\mfewfpk.sys
12:02:31.0886 6600  mfewfpk - ok
12:02:31.0912 6600  mlx4_bus - ok
12:02:31.0932 6600  MMCSS - ok
12:02:31.0964 6600  [ CA25F2D78FDD0D36E3F3071B4B317BD4 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
12:02:31.0970 6600  Modem - ok
12:02:32.0268 6600  [ 834DFDC5522EA27FEBD534D5C8895ADF ] ModuleCoreService C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
12:02:32.0278 6600  ModuleCoreService - ok
12:02:32.0403 6600  [ 13142B3B30F633F407D5256B2FFCCEF0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
12:02:32.0406 6600  monitor - ok
12:02:32.0445 6600  mouclass - ok
12:02:32.0459 6600  mouhid - ok
12:02:32.0466 6600  mountmgr - ok
12:02:32.0486 6600  mpsdrv - ok
12:02:32.0506 6600  mpssvc - ok
12:02:32.0578 6600  MRxDAV - ok
12:02:32.0615 6600  mrxsmb - ok
12:02:32.0634 6600  mrxsmb10 - ok
12:02:32.0656 6600  mrxsmb20 - ok
12:02:32.0670 6600  MsBridge - ok
12:02:32.0716 6600  [ 9A94F32C1DC90A7E5A35D0F820A8FB1D ] MSDTC           C:\WINDOWS\System32\msdtc.exe
12:02:32.0730 6600  MSDTC - ok
12:02:32.0744 6600  Msfs - ok
12:02:32.0807 6600  [ 5A5ABA987943317300A4E55A5C5EB8C4 ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
12:02:32.0811 6600  msgpiowin32 - ok
12:02:32.0833 6600  mshidkmdf - ok
12:02:32.0869 6600  [ E12A703CE10B068727499276340D5296 ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
12:02:32.0879 6600  mshidumdf - ok
12:02:32.0886 6600  msisadrv - ok
12:02:32.0905 6600  MSiSCSI - ok
12:02:32.0913 6600  msiserver - ok
12:02:32.0934 6600  MSKSSRV - ok
12:02:32.0980 6600  [ AECFFBE104D428E8A74BCABF5B3B9912 ] MsLldp          C:\WINDOWS\system32\drivers\mslldp.sys
12:02:32.0985 6600  MsLldp - ok
12:02:32.0997 6600  MSPCLOCK - ok
12:02:33.0005 6600  MSPQM - ok
12:02:33.0091 6600  MsRPC - ok
12:02:33.0122 6600  mssmbios - ok
12:02:33.0136 6600  MSTEE - ok
12:02:33.0144 6600  MTConfig - ok
12:02:33.0159 6600  Mup - ok
12:02:33.0170 6600  mvumis - ok
12:02:33.0205 6600  NativeWifiP - ok
12:02:33.0259 6600  [ B281FAC1C60FE21ED3F635ECF673A981 ] NaturalAuthentication C:\WINDOWS\System32\NaturalAuth.dll
12:02:33.0278 6600  NaturalAuthentication - ok
12:02:33.0318 6600  [ 6FEC83EDC4A3D1E99039CA1D96AD720D ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
12:02:33.0333 6600  NcaSvc - ok
12:02:33.0380 6600  [ C3D3E2DFBD52C48EA787604F49060A5C ] NcbService      C:\WINDOWS\System32\ncbservice.dll
12:02:33.0396 6600  NcbService - ok
12:02:33.0427 6600  [ 9AB04C4C14B32D127DB6E7D3DF79FF26 ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
12:02:33.0440 6600  NcdAutoSetup - ok
12:02:33.0455 6600  ndfltr - ok
12:02:33.0491 6600  NDIS - ok
12:02:33.0533 6600  [ AF73B18F3096B165A6F4417C5ED36B01 ] NdisCap         C:\WINDOWS\system32\drivers\ndiscap.sys
12:02:33.0537 6600  NdisCap - ok
12:02:33.0577 6600  [ 1A9B1F5B8B131CE461A01C9424E149D7 ] NdisImPlatform  C:\WINDOWS\system32\drivers\NdisImPlatform.sys
12:02:33.0582 6600  NdisImPlatform - ok
12:02:33.0613 6600  NdisTapi - ok
12:02:33.0621 6600  Ndisuio - ok
12:02:33.0633 6600  NdisVirtualBus - ok
12:02:33.0652 6600  NdisWan - ok
12:02:33.0661 6600  ndiswanlegacy - ok
12:02:33.0672 6600  ndproxy - ok
12:02:33.0720 6600  [ 0E3B0F3645D1BAE79397C66FE8AF6402 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
12:02:33.0724 6600  Ndu - ok
12:02:33.0733 6600  NetAdapterCx - ok
12:02:33.0749 6600  NetBIOS - ok
12:02:33.0783 6600  NetBT - ok
12:02:33.0793 6600  Netlogon - ok
12:02:33.0809 6600  Netman - ok
12:02:33.0848 6600  netprofm - ok
12:02:33.0868 6600  NetSetupSvc - ok
12:02:34.0042 6600  [ 7EC8B56348F9298BCCA7A745C7F70E2C ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:02:34.0187 6600  NetTcpPortSharing - ok
12:02:34.0209 6600  netvsc - ok
12:02:34.0267 6600  [ 162A571ABAF9546339EE0BB482FF6AE7 ] NgcCtnrSvc      C:\WINDOWS\System32\NgcCtnrSvc.dll
12:02:34.0283 6600  NgcCtnrSvc - ok
12:02:34.0294 6600  NgcSvc - ok
12:02:34.0318 6600  NlaSvc - ok
12:02:34.0334 6600  Npfs - ok
12:02:34.0362 6600  npsvctrig - ok
12:02:34.0388 6600  nsi - ok
12:02:34.0403 6600  nsiproxy - ok
12:02:34.0429 6600  Ntfs - ok
12:02:34.0439 6600  Null - ok
12:02:34.0454 6600  nvdimm - ok
12:02:34.0487 6600  nvraid - ok
12:02:34.0496 6600  nvstor - ok
12:02:34.0541 6600  [ 9DBC464AB85AA48C9760C6C2E591E2D3 ] OneSyncSvc      C:\WINDOWS\System32\APHostService.dll
12:02:34.0547 6600  OneSyncSvc - ok
12:02:34.0721 6600  [ C15EC095B3EF67609052E09A40EA866C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:02:34.0724 6600  ose - ok
12:02:34.0766 6600  [ CD5ECD6470B6B235B73569A091150299 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
12:02:34.0783 6600  p2pimsvc - ok
12:02:34.0821 6600  [ CCD10679BA0D9EF549F80C458C2AD1C4 ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
12:02:34.0839 6600  p2psvc - ok
12:02:34.0865 6600  Parport - ok
12:02:34.0873 6600  partmgr - ok
12:02:34.0908 6600  PcaSvc - ok
12:02:34.0927 6600  pci - ok
12:02:34.0936 6600  pciide - ok
12:02:34.0945 6600  pcmcia - ok
12:02:34.0953 6600  pcw - ok
12:02:34.0963 6600  pdc - ok
12:02:35.0022 6600  [ 42B12A76D3C98AE69C97727E3BEC7D8A ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
12:02:35.0030 6600  PEAUTH - ok
12:02:35.0231 6600  [ 73960532E38C1E663D558E248A6DC073 ] PEFService      C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
12:02:35.0245 6600  PEFService - ok
12:02:35.0264 6600  percsas2i - ok
12:02:35.0278 6600  percsas3i - ok
12:02:35.0564 6600  [ 185100798FBD23C849DC1C00ED43D99D ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
12:02:35.0639 6600  PerfHost - ok
12:02:35.0682 6600  PhoneSvc - ok
12:02:35.0725 6600  [ 807ED476A62E79935315342BD3FAA046 ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
12:02:35.0742 6600  PimIndexMaintenanceSvc - ok
12:02:35.0820 6600  [ 4E614DBE28B5857F70DEBCC804629E67 ] pla             C:\WINDOWS\system32\pla.dll
12:02:35.0846 6600  pla - ok
12:02:35.0863 6600  PlugPlay - ok
12:02:35.0908 6600  pmem - ok
12:02:35.0953 6600  [ 99ECEDA6B2E1FDB6892FBD5AED1E5D99 ] PNPMEM          C:\WINDOWS\System32\drivers\pnpmem.sys
12:02:35.0964 6600  PNPMEM - ok
12:02:36.0009 6600  [ 75690F495CEDBEF3D5989828AEEAE832 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
12:02:36.0023 6600  PNRPAutoReg - ok
12:02:36.0053 6600  [ CD5ECD6470B6B235B73569A091150299 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
12:02:36.0069 6600  PNRPsvc - ok
12:02:36.0090 6600  PolicyAgent - ok
12:02:36.0107 6600  Power - ok
12:02:36.0127 6600  PptpMiniport - ok
12:02:36.0313 6600  [ AD62FCEC1CB8ECD7C0E3DFD2FA79FDE4 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
12:02:36.0381 6600  PrintNotify - ok
12:02:36.0453 6600  [ A60202AE474E2173ED91118DD73ADAAD ] PrintWorkflowUserSvc C:\WINDOWS\System32\PrintWorkflowService.dll
12:02:36.0469 6600  PrintWorkflowUserSvc - ok
12:02:36.0500 6600  Processor - ok
12:02:36.0520 6600  ProfSvc - ok
12:02:36.0566 6600  [ E4BF8BE7B3711BCBBC95EE983C0236F4 ] Psched          C:\WINDOWS\system32\drivers\pacer.sys
12:02:36.0571 6600  Psched - ok
12:02:36.0602 6600  PushToInstall - ok
12:02:36.0653 6600  [ 8AB5F41584C98047ABEF490FC1E31F7E ] QWAVE           C:\WINDOWS\system32\qwave.dll
12:02:36.0670 6600  QWAVE - ok
12:02:36.0706 6600  [ 00F72861538B6C4E925A21BAE397A49D ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
12:02:36.0710 6600  QWAVEdrv - ok
12:02:36.0826 6600  Ramdisk - ok
12:02:36.0843 6600  RasAcd - ok
12:02:36.0875 6600  RasAgileVpn - ok
12:02:36.0894 6600  RasAuto - ok
12:02:36.0901 6600  Rasl2tp - ok
12:02:36.0911 6600  RasMan - ok
12:02:36.0918 6600  RasPppoe - ok
12:02:36.0928 6600  RasSstp - ok
12:02:36.0954 6600  rdbss - ok
12:02:36.0996 6600  [ 206AB796793FDBD518B82E2F308A7176 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
12:02:37.0005 6600  rdpbus - ok
12:02:37.0033 6600  RDPDR - ok
12:02:37.0122 6600  [ 0600DF60EF88FD10663EC84709E5E245 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
12:02:37.0127 6600  RdpVideoMiniport - ok
12:02:37.0189 6600  [ 65652EFAAF4A8A59E60A2D7BE15317E8 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
12:02:37.0195 6600  rdyboost - ok
12:02:37.0252 6600  ReFS - ok
12:02:37.0276 6600  ReFSv1 - ok
12:02:37.0347 6600  [ 980F60634FAF9C58FC468AF9AA609D68 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
12:02:37.0361 6600  RemoteAccess - ok
12:02:37.0409 6600  [ 106E630F1B2A8BF2BBD4508D9B166406 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
12:02:37.0427 6600  RemoteRegistry - ok
12:02:37.0472 6600  [ 53BE6D9C36A9CB95A1568C24D44A8A34 ] RetailDemo      C:\WINDOWS\system32\RDXService.dll
12:02:37.0494 6600  RetailDemo - ok
12:02:37.0549 6600  [ 3D4F4CCE0364CD3F1B539D2630686F24 ] rhproxy         C:\WINDOWS\System32\drivers\rhproxy.sys
12:02:37.0558 6600  rhproxy - ok
12:02:37.0588 6600  RmSvc - ok
12:02:37.0615 6600  RpcEptMapper - ok
12:02:37.0662 6600  [ 19EC4D05E01FE350B3494CEA122D64EB ] RpcLocator      C:\WINDOWS\system32\locator.exe
12:02:37.0673 6600  RpcLocator - ok
12:02:37.0699 6600  RpcSs - ok
12:02:37.0754 6600  [ FFFB16EF6E0B8B5F7F19B425923E7D12 ] rspndr          C:\WINDOWS\system32\drivers\rspndr.sys
12:02:37.0759 6600  rspndr - ok
12:02:37.0834 6600  [ 7E1E1E54562396926F4A6C7353C02B47 ] rt640x64        C:\WINDOWS\System32\drivers\rt640x64.sys
12:02:37.0844 6600  rt640x64 - ok
12:02:37.0974 6600  [ C3A8F8464226A037D2811A06955DF039 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
12:02:37.0978 6600  RtkAudioService - ok
12:02:38.0021 6600  [ 4EB99484BA0119B13BDCE8EFFAD7B6E2 ] RTSUER          C:\WINDOWS\system32\Drivers\RtsUer.sys
12:02:38.0028 6600  RTSUER - ok
12:02:38.0404 6600  [ 58BA32C491E5DC6130EC5F0B4FDF9EF6 ] RTWlanE         C:\WINDOWS\System32\drivers\rtwlane.sys
12:02:38.0543 6600  RTWlanE - ok
12:02:38.0578 6600  [ A2939E69027B97105014434BFBFF7195 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
12:02:38.0582 6600  s3cap - ok
12:02:38.0615 6600  SamSs - ok
12:02:38.0725 6600  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:02:38.0726 6600  SASDIFSV - ok
12:02:38.0754 6600  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:02:38.0756 6600  SASKUTIL - ok
12:02:38.0793 6600  sbp2port - ok
12:02:38.0825 6600  SCardSvr - ok
12:02:38.0869 6600  [ 1B1FB3D8403E621F2B9201EF414E21D9 ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
12:02:38.0886 6600  ScDeviceEnum - ok
12:02:38.0945 6600  [ 0070C2DC6563C48EDA63A282748F3FCD ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
12:02:38.0951 6600  scfilter - ok
12:02:38.0979 6600  Schedule - ok
12:02:38.0999 6600  scmbus - ok
12:02:39.0017 6600  SCPolicySvc - ok
12:02:39.0047 6600  sdbus - ok
12:02:39.0092 6600  [ 9EF09DE84CE20B787C02395394AC2A7E ] SDFRd           C:\WINDOWS\System32\drivers\SDFRd.sys
12:02:39.0101 6600  SDFRd - ok
12:02:39.0159 6600  [ 01607A2FAB0068450A06C90AF755D57E ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
12:02:39.0176 6600  SDRSVC - ok
12:02:39.0203 6600  sdstor - ok
12:02:39.0230 6600  seclogon - ok
12:02:39.0261 6600  SecurityHealthService - ok
12:02:39.0317 6600  [ 438B4BFB5DE4BF40789A4264F1886CE0 ] sedsvc          C:\Program Files\rempl\sedsvc.exe
12:02:39.0321 6600  sedsvc - ok
12:02:39.0378 6600  [ 7D7ED932B6417D8687D1D972989B310B ] SEMgrSvc        C:\WINDOWS\system32\SEMgrSvc.dll
12:02:39.0405 6600  SEMgrSvc - ok
12:02:39.0458 6600  [ CA614C9FBC8307AB1DC937F3393899E2 ] SENS            C:\WINDOWS\System32\sens.dll
12:02:39.0472 6600  SENS - ok
12:02:39.0532 6600  [ 46AEFFC68BEAF89805B95CC6F9529C2E ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
12:02:39.0555 6600  SensorDataService - ok
12:02:39.0622 6600  [ 2B81117E9C3E20BBAA2CB5467D000F77 ] SensorService   C:\WINDOWS\system32\SensorService.dll
12:02:39.0642 6600  SensorService - ok
12:02:39.0692 6600  SensrSvc - ok
12:02:39.0700 6600  SerCx - ok
12:02:39.0722 6600  SerCx2 - ok
12:02:39.0736 6600  Serenum - ok
12:02:39.0744 6600  Serial - ok
12:02:39.0753 6600  sermouse - ok
12:02:39.0807 6600  [ 87340BC77470B34F11A9E558B591DB08 ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
12:02:39.0823 6600  SessionEnv - ok
12:02:39.0829 6600  sfloppy - ok
12:02:39.0878 6600  [ 1941F5CA54C469E16957587FD56ED842 ] SgrmAgent       C:\WINDOWS\system32\drivers\SgrmAgent.sys
12:02:39.0885 6600  SgrmAgent - ok
12:02:39.0952 6600  [ D3170A3F3A9626597EEE1888686E3EA6 ] SgrmBroker      C:\WINDOWS\system32\SgrmBroker.exe
12:02:39.0971 6600  SgrmBroker - ok
12:02:40.0068 6600  [ AC1D97F89F2EC7E334A406603A686973 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
12:02:40.0081 6600  SharedAccess - ok
12:02:40.0137 6600  SharedRealitySvc - ok
12:02:40.0221 6600  [ 63B104867F70F0D81125C37989146960 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:02:40.0242 6600  ShellHWDetection - ok
12:02:40.0338 6600  [ F6D90D09D2BCFA2B5E492BFECA40EDE4 ] shpamsvc        C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
12:02:40.0441 6600  shpamsvc - ok
12:02:40.0454 6600  SiSRaid2 - ok
12:02:40.0479 6600  SiSRaid4 - ok
12:02:40.0509 6600  [ C701307B172F22E9D1EC831927BF7D59 ] SmbDrv          C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys
12:02:40.0520 6600  SmbDrv - ok
12:02:40.0565 6600  [ F5E52B8F45E60F566BE3D55D2468D6CF ] SmbDrvI         C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys
12:02:40.0569 6600  SmbDrvI - ok
12:02:40.0600 6600  smphost - ok
12:02:40.0652 6600  [ A3BEF2736E902B9DCA68554F4E10E08C ] SmsRouter       C:\WINDOWS\system32\SmsRouterSvc.dll
12:02:40.0674 6600  SmsRouter - ok
12:02:40.0704 6600  [ 577EC13EB5215325E9B9FC51FB56A974 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
12:02:40.0720 6600  SNMPTRAP - ok
12:02:40.0752 6600  spaceport - ok
12:02:40.0800 6600  [ FE1776E587227120DC04EAEC45473245 ] SpatialGraphFilter C:\WINDOWS\system32\drivers\SpatialGraphFilter.sys
12:02:40.0807 6600  SpatialGraphFilter - ok
12:02:40.0831 6600  SpbCx - ok
12:02:40.0882 6600  spectrum - ok
12:02:40.0934 6600  [ C05A19A38D7D203B738771FD1854656F ] Spooler         C:\WINDOWS\System32\spoolsv.exe
12:02:40.0954 6600  Spooler - ok
12:02:40.0991 6600  sppsvc - ok
12:02:41.0014 6600  srv2 - ok
12:02:41.0026 6600  srvnet - ok
12:02:41.0063 6600  [ 1AEA66706573E8CCD6038369FE37F237 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
12:02:41.0082 6600  SSDPSRV - ok
12:02:41.0183 6600  [ 5EE518DFADC18573E681BB78833E93FA ] ssh-agent       C:\WINDOWS\System32\OpenSSH\ssh-agent.exe
12:02:41.0192 6600  ssh-agent - ok
12:02:41.0233 6600  SstpSvc - ok
12:02:41.0285 6600  StateRepository - ok
12:02:41.0312 6600  stexstor - ok
12:02:41.0389 6600  [ EB2C25A3700309F3F67D9334CF33A36C ] stisvc          C:\WINDOWS\System32\wiaservc.dll
12:02:41.0410 6600  stisvc - ok
12:02:41.0455 6600  storahci - ok
12:02:41.0465 6600  storflt - ok
12:02:41.0486 6600  stornvme - ok
12:02:41.0504 6600  storqosflt - ok
12:02:41.0525 6600  StorSvc - ok
12:02:41.0547 6600  storufs - ok
12:02:41.0578 6600  storvsc - ok
12:02:41.0621 6600  svsvc - ok
12:02:41.0819 6600  swenum - ok
12:02:41.0828 6600  swprv - ok
12:02:41.0914 6600  [ A2A42A570524C975259E3B81C4D80DCA ] Synth3dVsc      C:\WINDOWS\System32\drivers\Synth3dVsc.sys
12:02:41.0920 6600  Synth3dVsc - ok
12:02:41.0985 6600  [ 878BB527E0C83CA26F108D949284F3D5 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:02:41.0995 6600  SynTP - ok
12:02:42.0050 6600  [ E439BCBF6DBC996951AE22033FE97EAB ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
12:02:42.0062 6600  SynTPEnhService - ok
12:02:42.0085 6600  SysMain - ok
12:02:42.0114 6600  SystemEventsBroker - ok
12:02:42.0175 6600  [ CE9975A9E0DFBEFECECE218D2674C1CD ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
12:02:42.0193 6600  TabletInputService - ok
12:02:42.0245 6600  [ E38C7C4D57B1438F70A1B913870E8665 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
12:02:42.0263 6600  TapiSrv - ok
12:02:42.0283 6600  Tcpip - ok
12:02:42.0291 6600  Tcpip6 - ok
12:02:42.0522 6600  [ 085F8A5F09E64CC27309AF160EF4F9BA ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
12:02:42.0580 6600  tcpipreg - ok
12:02:42.0640 6600  tdx - ok
12:02:42.0733 6600  [ B2C4D7CB291293CAC636748E695D111E ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
12:02:42.0736 6600  terminpt - ok
12:02:42.0772 6600  TermService - ok
12:02:42.0849 6600  [ 1A0A0F6A139148AFDC4622046D4B3CBD ] Themes          C:\WINDOWS\system32\themeservice.dll
12:02:43.0239 6600  Themes - ok
12:02:43.0332 6600  [ 811910E891A6DB4A864AE119EB71218C ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
12:02:43.0356 6600  TieringEngineService - ok
12:02:43.0437 6600  TimeBrokerSvc - ok
12:02:43.0495 6600  TokenBroker - ok
12:02:43.0566 6600  TPM - ok
12:02:43.0674 6600  [ A5C0F857C38278A90E953A24E1701196 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
12:02:43.0690 6600  TrkWks - ok
12:02:43.0754 6600  [ 0D5A09B08568760AE85A801FCBC0F83D ] TrueSight       C:\Windows\System32\drivers\truesight.sys
12:02:43.0765 6600  TrueSight - ok
12:02:43.0966 6600  TrustedInstaller - ok
12:02:44.0100 6600  [ 0D721F40C179EC5737C15E551F22C69B ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
12:02:44.0106 6600  TsUsbFlt - ok
12:02:44.0209 6600  [ DE1296871208D1F13B7AC57C4B1FA46C ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
12:02:44.0213 6600  TsUsbGD - ok
12:02:44.0298 6600  [ BC938ABBF586272BD4063CA51F09149F ] tunnel          C:\WINDOWS\system32\drivers\tunnel.sys
12:02:44.0302 6600  tunnel - ok
12:02:44.0351 6600  tzautoupdate - ok
12:02:44.0429 6600  UASPStor - ok
12:02:44.0492 6600  [ 00C4396DE1CD3502884BB2E2B6D6861C ] UcmCx0101       C:\WINDOWS\system32\Drivers\UcmCx.sys
12:02:44.0496 6600  UcmCx0101 - ok
12:02:44.0545 6600  [ ED9CBD1541C8AFDAA9B8255A384E2B53 ] UcmTcpciCx0101  C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
12:02:44.0551 6600  UcmTcpciCx0101 - ok
12:02:44.0620 6600  [ F58F1BC6A6972437CE18516F8ACCEB9F ] UcmUcsi         C:\WINDOWS\System32\drivers\UcmUcsi.sys
12:02:44.0625 6600  UcmUcsi - ok
12:02:44.0668 6600  Ucx01000 - ok
12:02:44.0715 6600  UdeCx - ok
12:02:44.0761 6600  udfs - ok
12:02:44.0795 6600  UEFI - ok
12:02:44.0927 6600  [ 588B9212DEE84F5192C09A147AA5C316 ] Ufx01000        C:\WINDOWS\system32\drivers\ufx01000.sys
12:02:44.0933 6600  Ufx01000 - ok
12:02:44.0984 6600  UfxChipidea - ok
12:02:44.0994 6600  ufxsynopsys - ok
12:02:45.0045 6600  umbus - ok
12:02:45.0062 6600  UmPass - ok
12:02:45.0174 6600  [ 0D806415E1F86E7C1C192261C247EF0D ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
12:02:45.0195 6600  UmRdpService - ok
12:02:45.0293 6600  [ EAEC69961D9D8B39FEA44D56F7FB259D ] UnistoreSvc     C:\WINDOWS\System32\unistore.dll
12:02:45.0320 6600  UnistoreSvc - ok
12:02:45.0580 6600  [ 2362D5C18120FAB9CE5BD1F73EE33758 ] upnphost        C:\WINDOWS\System32\upnphost.dll
12:02:45.0601 6600  upnphost - ok
12:02:45.0679 6600  [ 49A5E1B43C59DC0E363AD9C2D7D10BE4 ] UrsChipidea     C:\WINDOWS\System32\drivers\urschipidea.sys
12:02:45.0684 6600  UrsChipidea - ok
12:02:45.0756 6600  [ 53F1DA2D92D1D8CE4BB9D33E58D7DF01 ] UrsCx01000      C:\WINDOWS\system32\drivers\urscx01000.sys
12:02:45.0762 6600  UrsCx01000 - ok
12:02:46.0000 6600  [ 09518A324B95BBC0B472BD5A472CB916 ] UrsSynopsys     C:\WINDOWS\System32\drivers\urssynopsys.sys
12:02:46.0004 6600  UrsSynopsys - ok
12:02:46.0058 6600  usbccgp - ok
12:02:46.0151 6600  [ 250D21958EE5F45CD13FE6BE3788EE70 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
12:02:46.0155 6600  usbcir - ok
12:02:46.0194 6600  usbehci - ok
12:02:46.0207 6600  usbhub - ok
12:02:46.0218 6600  USBHUB3 - ok
12:02:46.0249 6600  usbohci - ok
12:02:46.0367 6600  [ 692C0BA4109C8F78392A299369F51129 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
12:02:46.0556 6600  usbprint - ok
12:02:46.0581 6600  usbser - ok
12:02:46.0595 6600  USBSTOR - ok
12:02:46.0904 6600  usbuhci - ok
12:02:46.0965 6600  [ 9431F7E997A8750139517709B04D8629 ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
12:02:46.0977 6600  usbvideo - ok
12:02:47.0001 6600  USBXHCI - ok
12:02:47.0161 6600  [ CE0E3BA8FC974BEE5BE20E4F43A1C583 ] UserDataSvc     C:\WINDOWS\System32\userdataservice.dll
12:02:47.0190 6600  UserDataSvc - ok
12:02:47.0214 6600  UserManager - ok
12:02:47.0234 6600  UsoSvc - ok
12:02:47.0283 6600  [ 3E283D06357616CD4117CC15BDB7C4C3 ] VacSvc          C:\WINDOWS\System32\vac.dll
12:02:47.0303 6600  VacSvc - ok
12:02:47.0336 6600  VaultSvc - ok
12:02:47.0359 6600  vdrvroot - ok
12:02:47.0376 6600  vds - ok
12:02:47.0385 6600  VerifierExt - ok
12:02:47.0404 6600  vhdmp - ok
12:02:47.0420 6600  vhf - ok
12:02:47.0442 6600  vmbus - ok
12:02:47.0450 6600  VMBusHID - ok
12:02:47.0478 6600  vmgid - ok
12:02:47.0522 6600  [ E4F5E83951810583FE8C2423772171DF ] vmicguestinterface C:\WINDOWS\System32\icsvc.dll
12:02:47.0534 6600  vmicguestinterface - ok
12:02:47.0544 6600  [ E4F5E83951810583FE8C2423772171DF ] vmicheartbeat   C:\WINDOWS\System32\icsvc.dll
12:02:47.0552 6600  vmicheartbeat - ok
12:02:47.0576 6600  [ E4F5E83951810583FE8C2423772171DF ] vmickvpexchange C:\WINDOWS\System32\icsvc.dll
12:02:47.0586 6600  vmickvpexchange - ok
12:02:47.0640 6600  [ DB7FB1DA7E1564EACBADD436191309C5 ] vmicrdv         C:\WINDOWS\System32\icsvcext.dll
12:02:47.0653 6600  vmicrdv - ok
12:02:47.0688 6600  [ E4F5E83951810583FE8C2423772171DF ] vmicshutdown    C:\WINDOWS\System32\icsvc.dll
12:02:47.0698 6600  vmicshutdown - ok
12:02:47.0710 6600  [ E4F5E83951810583FE8C2423772171DF ] vmictimesync    C:\WINDOWS\System32\icsvc.dll
12:02:47.0718 6600  vmictimesync - ok
12:02:47.0728 6600  [ E4F5E83951810583FE8C2423772171DF ] vmicvmsession   C:\WINDOWS\System32\icsvc.dll
12:02:47.0736 6600  vmicvmsession - ok
12:02:47.0762 6600  [ DB7FB1DA7E1564EACBADD436191309C5 ] vmicvss         C:\WINDOWS\System32\icsvcext.dll
12:02:47.0770 6600  vmicvss - ok
12:02:47.0787 6600  volmgr - ok
12:02:47.0800 6600  volmgrx - ok
12:02:47.0808 6600  volsnap - ok
12:02:47.0825 6600  volume - ok
12:02:47.0841 6600  vpci - ok
12:02:47.0856 6600  vsmraid - ok
12:02:47.0886 6600  VSS - ok
12:02:47.0898 6600  VSTXRAID - ok
12:02:47.0906 6600  vwifibus - ok
12:02:47.0952 6600  vwififlt - ok
12:02:47.0961 6600  vwifimp - ok
12:02:47.0980 6600  W32Time - ok
12:02:48.0098 6600  [ 244BA3FE721EAF5377634A4A39EB323D ] w3logsvc        C:\WINDOWS\system32\inetsrv\w3logsvc.dll
12:02:48.0100 6600  w3logsvc - ok
12:02:48.0129 6600  WaaSMedicSvc - ok
12:02:48.0147 6600  WacomPen - ok
12:02:48.0195 6600  [ 25FAB8A2CFFA21FDB472AB3AE6C17A57 ] WalletService   C:\WINDOWS\system32\WalletService.dll
12:02:48.0216 6600  WalletService - ok
12:02:48.0238 6600  wanarp - ok
12:02:48.0247 6600  wanarpv6 - ok
12:02:48.0299 6600  [ 395447583F42FD840520EE87AE439D74 ] WarpJITSvc      C:\WINDOWS\System32\Windows.WARP.JITService.dll
12:02:48.0352 6600  WarpJITSvc - ok
12:02:48.0388 6600  [ 1C62EBBF82DE40E65B1B34D384C96403 ] WAS             C:\WINDOWS\system32\inetsrv\iisw3adm.dll
12:02:48.0394 6600  WAS - ok
12:02:48.0435 6600  wbengine - ok
12:02:48.0458 6600  WbioSrvc - ok
12:02:48.0472 6600  wcifs - ok
12:02:48.0484 6600  Wcmsvc - ok
12:02:48.0502 6600  wcncsvc - ok
12:02:48.0519 6600  wcnfs - ok
12:02:48.0570 6600  WdBoot - ok
12:02:48.0599 6600  Wdf01000 - ok
12:02:48.0608 6600  WdFilter - ok
12:02:48.0654 6600  [ 067D1A81B4708CA97523709FDF57B728 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
12:02:48.0674 6600  WdiServiceHost - ok
12:02:48.0682 6600  [ 067D1A81B4708CA97523709FDF57B728 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
12:02:48.0703 6600  WdiSystemHost - ok
12:02:48.0718 6600  wdiwifi - ok
12:02:48.0757 6600  [ EAF4FB729E94561EE31BDE5BEF869C65 ] WdmCompanionFilter C:\WINDOWS\system32\drivers\WdmCompanionFilter.sys
12:02:48.0819 6600  WdmCompanionFilter - ok
12:02:48.0847 6600  WdNisDrv - ok
12:02:49.0132 6600  WdNisSvc - ok
12:02:49.0186 6600  [ BDCC510E85F7AF152E2DFF030A526EA2 ] WebClient       C:\WINDOWS\System32\webclnt.dll
12:02:49.0206 6600  WebClient - ok
12:02:49.0236 6600  [ 506F0A1CCABF4428733CF854BCBB6832 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
12:02:49.0258 6600  Wecsvc - ok
12:02:49.0299 6600  [ D8D727E8311C86B2A993A9006A453BAC ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
12:02:49.0318 6600  WEPHOSTSVC - ok
12:02:49.0363 6600  wercplsupport - ok
12:02:49.0376 6600  WerSvc - ok
12:02:49.0407 6600  WFDSConMgrSvc - ok
12:02:49.0419 6600  WFPLWFS - ok
12:02:49.0460 6600  [ 752F5931696914DF2EC0B27275C38458 ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
12:02:49.0480 6600  WiaRpc - ok
12:02:49.0512 6600  WIMMount - ok
12:02:49.0546 6600  WinDefend - ok
12:02:49.0609 6600  WindowsTrustedRT - ok
12:02:49.0675 6600  [ 5F0EDDA201630E132C2251BC9DA85023 ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
12:02:49.0679 6600  WindowsTrustedRTProxy - ok
12:02:49.0720 6600  WinHttpAutoProxySvc - ok
12:02:49.0745 6600  WinMad - ok
12:02:49.0804 6600  Winmgmt - ok
12:02:49.0817 6600  WinNat - ok
12:02:49.0937 6600  [ C57185CC62AA13E4F5A989D904CC9A16 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
12:02:50.0035 6600  WinRM - ok
12:02:50.0081 6600  [ 6FA3D810FE082001B16ADE19829F1E8E ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
12:02:50.0085 6600  WINUSB - ok
12:02:50.0093 6600  WinVerbs - ok
12:02:50.0128 6600  [ F8B6E9135486AFF0BE73DAACB2C12FFA ] WirelessButtonDriver64 C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys
12:02:50.0132 6600  WirelessButtonDriver64 - ok
12:02:50.0160 6600  wisvc - ok
12:02:50.0196 6600  WlanSvc - ok
12:02:50.0226 6600  wlidsvc - ok
12:02:50.0235 6600  wlpasvc - ok
12:02:50.0255 6600  WmiAcpi - ok
12:02:50.0272 6600  wmiApSrv - ok
12:02:50.0358 6600  WMPNetworkSvc - ok
12:02:50.0407 6600  [ E122AD60BF4D7E4B28CCBABF33B28C1F ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
12:02:50.0414 6600  Wof - ok
12:02:50.0518 6600  [ 0D3303BDBC591ECF113601D7853A1AA7 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
12:02:50.0553 6600  workfolderssvc - ok
12:02:50.0579 6600  WpcMonSvc - ok
12:02:50.0631 6600  WPDBusEnum - ok
12:02:50.0680 6600  [ 15C1131EA0216F799C86B03EDAE0BE45 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
12:02:50.0685 6600  WpdUpFltr - ok
12:02:50.0732 6600  [ 096969606BB5C4822AB020081EA07FC5 ] WpnService      C:\WINDOWS\system32\WpnService.dll
12:02:50.0757 6600  WpnService - ok
12:02:50.0792 6600  [ 8B694BC50D2D2B98311283CFE5B40EE6 ] WpnUserService  C:\WINDOWS\System32\WpnUserService.dll
12:02:50.0814 6600  WpnUserService - ok
12:02:50.0829 6600  ws2ifsl - ok
12:02:50.0867 6600  [ DCB549367EB94CD8AFAA28E3F77F6493 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
12:02:50.0887 6600  wscsvc - ok
12:02:50.0896 6600  WSearch - ok
12:02:50.0913 6600  wuauserv - ok
12:02:50.0961 6600  [ 813DC18CC654CFB1875074139B0FEFD3 ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
12:02:50.0966 6600  WudfPf - ok
12:02:51.0024 6600  [ FB64BAD6DEDB27EA39B03685AC0A8EB4 ] WUDFRd          C:\WINDOWS\system32\drivers\WudfRd.sys
12:02:51.0030 6600  WUDFRd - ok
12:02:51.0043 6600  [ FB64BAD6DEDB27EA39B03685AC0A8EB4 ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
12:02:51.0048 6600  WUDFWpdFs - ok
12:02:51.0057 6600  [ FB64BAD6DEDB27EA39B03685AC0A8EB4 ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
12:02:51.0062 6600  WUDFWpdMtp - ok
12:02:51.0083 6600  WwanSvc - ok
12:02:51.0132 6600  [ 51D3A1E2285E2E931A553281BBA10E81 ] xbgm            C:\WINDOWS\system32\xbgmsvc.exe
12:02:51.0153 6600  xbgm - ok
12:02:51.0204 6600  [ DB952AD196A9548CF5235A71E5197F3F ] XblAuthManager  C:\WINDOWS\System32\XblAuthManager.dll
12:02:51.0231 6600  XblAuthManager - ok
12:02:51.0324 6600  [ 8C0DD7BFFF5A81AEC26AD720057F5451 ] XblGameSave     C:\WINDOWS\System32\XblGameSave.dll
12:02:51.0354 6600  XblGameSave - ok
12:02:51.0373 6600  xboxgip - ok
12:02:51.0430 6600  [ C7FEC5C0377E5598BA919B29731CA45F ] XboxGipSvc      C:\WINDOWS\System32\XboxGipSvc.dll
12:02:51.0452 6600  XboxGipSvc - ok
12:02:51.0541 6600  [ 3A94BD93CD2D9C34725D924230B502A5 ] XboxNetApiSvc   C:\WINDOWS\system32\XboxNetApiSvc.dll
12:02:51.0572 6600  XboxNetApiSvc - ok
12:02:51.0641 6600  [ CE1F78B5C1F14F74242008B2B3153FA2 ] xinputhid       C:\WINDOWS\System32\drivers\xinputhid.sys
12:02:51.0646 6600  xinputhid - ok
12:02:51.0673 6600  ================ Scan global ===============================
12:02:51.0775 6600  [Global] - ok
12:02:51.0776 6600  ================ Scan MBR ==================================
12:02:51.0816 6600  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
12:02:51.0843 6600  \Device\Harddisk0\DR0 - ok
12:02:52.0744 6600  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR6
12:02:52.0751 6600  \Device\Harddisk1\DR6 - ok
12:02:52.0752 6600  ================ Scan VBR ==================================
12:02:52.0800 6600  [ B6453E0C7F08D08F2834D74DA2492D82 ] \Device\Harddisk0\DR0\Partition1
12:02:52.0802 6600  \Device\Harddisk0\DR0\Partition1 - ok
12:02:52.0818 6600  [ 590493A71057E71D114BA49AD3E8EC93 ] \Device\Harddisk0\DR0\Partition2
12:02:52.0827 6600  \Device\Harddisk0\DR0\Partition2 - ok
12:02:52.0841 6600  [ 767192A22CCC27470CB7E1C9B096F7B6 ] \Device\Harddisk0\DR0\Partition3
12:02:52.0863 6600  \Device\Harddisk0\DR0\Partition3 - ok
12:02:52.0911 6600  [ DC0F5F6CFEC357AEB8512F3E3BA3DFC5 ] \Device\Harddisk0\DR0\Partition4
12:02:52.0914 6600  \Device\Harddisk0\DR0\Partition4 - ok
12:02:52.0982 6600  [ 14728C4A1549FA4B66B1D8F7FB08E69A ] \Device\Harddisk0\DR0\Partition5
12:02:52.0985 6600  \Device\Harddisk0\DR0\Partition5 - ok
12:02:52.0994 6600  [ 016E35938BE020FC713C3AD143E1F3F5 ] \Device\Harddisk1\DR6\Partition1
12:02:52.0995 6600  \Device\Harddisk1\DR6\Partition1 - ok
12:02:52.0995 6600  ============================================================
12:02:52.0996 6600  Scan finished
12:02:52.0996 6600  ============================================================
12:02:53.0012 8660  Detected object count: 0
12:02:53.0012 8660  Actual detected object count: 0
 

Share this post


Link to post
Share on other sites

Hi,

I have reviewed your logs and admit that I was fooled by these entries.

Will remove the registry entries but keep the conhost.exe which is good.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Malwarebytes your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.

IMPORTANT

  • If you click the Clean button all items listed in the report will be removed.

If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep. <- this time remove everyghing that will be reported.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).


===

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Share this post


Link to post
Share on other sites

Unfortunately, the problem persists. When I open Chrome or iExplorer 10-20 hidden versions (visible in Task Manager) open and use all the memory. The word 'broker' appears a lot. Also, Cortana, Edge and Skype seem to be affected

AdwCleaner[S03].txt Fixlog.txt

Share this post


Link to post
Share on other sites

Hi,

Lets see what we can find in the Registry.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
DelayShred;conhost.exe
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====

Now lets find out what versions of conhost.exe file is available on the computer.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
conhost.exe
Once done, click on the Search File search button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
===

Share this post


Link to post
Share on other sites

SearcReg:

Farbar Recovery Scan Tool (x64) Version: 19-05.2019
Ran by kelly (26-05-2019 09:02:50)
Running from C:\Users\kelly\Desktop
Boot Mode: Normal

================== Search Registry: "DelayShred;conhost.exe" ===========


===================== Search result for "DelayShred" ==========

[HKEY_USERS\S-1-5-21-2565066577-4024063832-252566065-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"DelayShred"="0x020000000000000000000000"


===================== Search result for "conhost.exe" ==========

====== End of Search ======

Share this post


Link to post
Share on other sites

Search Files:

Farbar Recovery Scan Tool (x64) Version: 19-05.2019
Ran by kelly (26-05-2019 09:05:44)
Running from C:\Users\kelly\Desktop
Boot Mode: Normal

================== Search Files: "conhost.exe" =============

C:\Windows\WinSxS\amd64_microsoft-onecore-console-host-core_31bf3856ad364e35_10.0.17134.1_none_5316cfc78d5f777e\conhost.exe
[2019-05-23 09:41][2018-04-10 21:07] 000625664 _____ (Microsoft Corporation) EA777DEEA782E8B4D7C7C33BBF8A4496 [File is digitally signed]

C:\Windows\System32\conhost.exe
[2018-04-11 16:34][2018-04-11 16:34] 000625664 _____ (Microsoft Corporation) EA777DEEA782E8B4D7C7C33BBF8A4496 [File is digitally signed]


====== End of Search ======

Share this post


Link to post
Share on other sites
Posted (edited)

Hi,

 

This will not work. Please see the next post.

 

Quote


Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-2565066577-4024063832-252566065-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"DelayShred"=-

Restart the computer when completed.

You can delete the fixme.reg file when done.

How is the computer running now?

Edited by nasdaq

Share this post


Link to post
Share on other sites

Hi,

Copy all the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.
 

Quote

 

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-2565066577-4024063832-252566065-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"DelayShred"=-

 

Restart the computer when completed.

You can delete the fixme.reg file when done.

How is the computer running now?
 

Share this post


Link to post
Share on other sites

After clicking Merge, I get:

Quote

 

Registry Error

Cannot import C:/Users\kelly\Desktop\fixme.reg: Error accessing the registry

 

 

Share this post


Link to post
Share on other sites

So, I went into regedit to see if zeroing the value of that string manually would work. It didn't, but I noticed two other suspicious looking entries there: gwdkw and hnehyw. A quick google search shows these are virus related.  Any ideas? 

Thank you so much for your time and advice so far!

 

 

Share this post


Link to post
Share on other sites

I should add, I was able clear the Delayshred key in regedit, it just didn't get rid of the malware problems.

Share this post


Link to post
Share on other sites

Hi,

I did find this but nothing about gwdkw
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'hnehyw' = 'rundll32.exe "<LS_APPDATA>\hnehyw.dll",hnehyw'
https://vms.drweb-av.pl/virus/?i=17669524


gwdkw and hnehyw

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
gwdkw;hnehyw
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====

I need to know exacly what we are dealing with.

p.s.

The reason for this error Cannot import C:/Users\kelly\Desktop\fixme.reg: Error accessing the registry is possibly due to the fact that you did not add this line to the fixme.reg file.

Windows Registry Editor Version 5.00 as suggested.

===

Open the the Run key in the Current User and if any other random  entries are found let me know what they are.

HKCU>\Software\Microsoft\Windows\CurrentVersion\Run

Share this post


Link to post
Share on other sites

Nothing else suspitious...

 

Farbar Recovery Scan Tool (x64) Version: 19-05.2019
Ran by kelly (27-05-2019 10:50:12)
Running from C:\Users\kelly\Desktop
Boot Mode: Normal

================== Search Registry: "gwdkw;hnehyw" ===========


===================== Search result for "gwdkw" ==========

[HKEY_USERS\S-1-5-21-2565066577-4024063832-252566065-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"gwdkw"="0x03000000E67BF2F6BE8ED401"


===================== Search result for "hnehyw" ==========

[HKEY_USERS\S-1-5-21-2565066577-4024063832-252566065-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"hnehyw"="0x030000004CD8291BBF8ED401"

====== End of Search ======

Share this post


Link to post
Share on other sites

Hi,

Copy all the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.

Quote

 

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-2565066577-4024063832-252566065-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"gwdkw"=-

[HKEY_USERS\S-1-5-21-2565066577-4024063832-252566065-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"hnehyw"=-

 

Restart the computer when completed.

You can delete the fixme.reg file when done.

Any remaining issues?

Share this post


Link to post
Share on other sites

That seems to have helped for IExplorer (is it normal for Edge to run a dozen or more processes?). Chrome is still continuing to have an issue, however. I uninstalled and reinstalled, but no difference.

 

Also, I noticed in [HKEY_USERS\S-1-5-21-2565066577-4024063832-252566065-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartFolder] two weird sounding keys: floridian.lnk and floridianfloridian.lnk

 

I'm wondering if I should save what I can and completely reinstall Windows

Share this post


Link to post
Share on other sites

Hi,

Quote

Also, I noticed in [HKEY_USERS\S-1-5-21-2565066577-4024063832-252566065-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartFolder] two weird sounding keys: floridian.lnk and floridianfloridian.lnk

These are from shortcuts.

I need to see what file(s) is being referenced.

Run the Farbar program and just mark the  box to create a shortcut list.

Post it for my review.

Share this post


Link to post
Share on other sites

Hi,

These lnk are not in your shortcut list.

Lets see what we can find in the Registry.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
floridian.lnk;floridianfloridian.lnk
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.