Page 8 of 15 FirstFirst ... 678910 ... LastLast

  1. Joined : Sep 2016
    Calgary
    Posts : 74
    Windows 10 Anniversary
       09 Oct 2016 #71

    simrick said: View Post
    Good move. It's difficult to try and fix an OS with an active infection.
    Feel free to post the logs for eval..
    Here we go.

    This is the first time I ran RKILL tonight. If you want I have other logs too.

    Code:
    Rkill 2.8.4 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2016 BleepingComputer.com
    More Information about Rkill can be found at this link:
     http://www.bleepingcomputer.com/forums/topic308364.html
    
    Program started at: 10/08/2016 06:34:04 PM in x64 mode.
    Windows Version: Windows 10 Home 
    
    Checking for Windows services to stop:
    
     * No malware services found to stop.
    
    Checking for processes to terminate:
    
     * No malware processes found to kill.
    
    Checking Registry for malware related settings:
    
     * No issues found in the Registry.
    
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    
    Performing miscellaneous checks:
    
     * No issues found.
    
    Checking Windows Service Integrity: 
    
     * Security Center (wscsvc) is not Running.
       Startup Type set to: Automatic (Delayed Start)
    
     * agp440 [Missing Service]
     * gagp30kx [Missing Service]
     * IEEtwCollectorService [Missing Service]
     * IoQos [Missing Service]
     * nv_agp [Missing Service]
     * TimeBroker [Missing Service]
     * uagp35 [Missing Service]
     * uliagpkx [Missing Service]
     * WcsPlugInService [Missing Service]
     * wpcfltr [Missing Service]
     * WSService [Missing Service]
    
     * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
     * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
    
     * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
     * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
    
    Searching for Missing Digital Signatures: 
    
     * No issues found.
    
    Checking HOSTS File: 
    
     * HOSTS file entries found: 
    
      0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
      0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
      0.0.0.0 media.opencandy.com
      0.0.0.0 cdn.opencandy.com
      0.0.0.0 tracking.opencandy.com
      0.0.0.0 api.opencandy.com
      0.0.0.0 api.recommendedsw.com
      0.0.0.0 installer.betterinstaller.com
      0.0.0.0 installer.filebulldog.com
      0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
      0.0.0.0 inno.bisrv.com
      0.0.0.0 nsis.bisrv.com
      0.0.0.0 cdn.file2desktop.com
      0.0.0.0 cdn.goateastcach.us
      0.0.0.0 cdn.guttastatdk.us
      0.0.0.0 cdn.inskinmedia.com
      0.0.0.0 cdn.insta.oibundles2.com
      0.0.0.0 cdn.insta.playbryte.com
      0.0.0.0 cdn.llogetfastcach.us
      0.0.0.0 cdn.montiera.com
    
      20 out of 35 HOSTS entries shown.
      Please review HOSTS file for further entries.


    This is TDSSkiller. I think I bottched this log, and is from the 2nd time I ran it. The first time it found an unsigned file called CHROME.EXE, and I just deleted it using the software. My son had installed the Chromium browser, it's probably harmless but IDK so I just wanted to report.

    Code:
    22:09:31.0297 0x1808  TDSS rootkit removing tool 3.1.0.11 Aug  5 2016 12:13:31
    22:09:31.0885 0x1808  ============================================================
    22:09:31.0885 0x1808  Current date / time: 2016/10/08 22:09:31.0885
    22:09:31.0885 0x1808  SystemInfo:
    22:09:31.0885 0x1808  
    22:09:31.0885 0x1808  OS Version: 10.0.14393 ServicePack: 0.0
    22:09:31.0885 0x1808  Product type: Workstation
    22:09:31.0885 0x1808  ComputerName: LUKE
    22:09:31.0885 0x1808  UserName: Luke
    22:09:31.0885 0x1808  Windows directory: C:\WINDOWS
    22:09:31.0885 0x1808  System windows directory: C:\WINDOWS
    22:09:31.0885 0x1808  Running under WOW64
    22:09:31.0885 0x1808  Processor architecture: Intel x64
    22:09:31.0885 0x1808  Number of processors: 8
    22:09:31.0885 0x1808  Page size: 0x1000
    22:09:31.0885 0x1808  Boot type: Normal boot
    22:09:31.0885 0x1808  CodeIntegrityOptions = 0x00000001
    22:09:31.0885 0x1808  ============================================================
    22:09:31.0886 0x1808  KLMD ARK init status: drvProperties = 0xFFFF00, osBuild = 14393.206, osProperties = 0x19
    22:09:31.0886 0x1808  KLMD BG init status: drvProperties = 0xFFFF00, osBuild = 14393.206, osProperties = 0x19
    22:09:31.0886 0x1808  BG loaded
    22:09:32.0417 0x1808  System UUID: {DA477E8C-D607-F511-46A6-3D2F11A19AE5}
    22:09:32.0883 0x1808  Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 ( 223.57 Gb ), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:09:32.0896 0x1808  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:09:33.0616 0x1808  Drive \Device\Harddisk2\DR2 - Size: 0x1D4E28000 ( 7.33 Gb ), SectorSize: 0x200, Cylinders: 0x3BC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    22:09:33.0618 0x1808  ============================================================
    22:09:33.0618 0x1808  \Device\Harddisk0\DR0:
    22:09:33.0619 0x1808  MBR partitions:
    22:09:33.0619 0x1808  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000
    22:09:33.0619 0x1808  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0x1BD92800
    22:09:33.0619 0x1808  \Device\Harddisk1\DR1:
    22:09:33.0619 0x1808  MBR partitions:
    22:09:33.0619 0x1808  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
    22:09:33.0619 0x1808  \Device\Harddisk2\DR2:
    22:09:33.0619 0x1808  MBR partitions:
    22:09:33.0619 0x1808  \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEA51C0
    22:09:33.0619 0x1808  ============================================================
    22:09:33.0620 0x1808  C: <-> \Device\Harddisk0\DR0\Partition2
    22:09:33.0631 0x1808  Z: <-> \Device\Harddisk1\DR1\Partition1
    22:09:33.0631 0x1808  ============================================================
    22:09:33.0631 0x1808  Initialize success
    22:09:33.0631 0x1808  ============================================================
    22:10:02.0525 0x11e4  ============================================================
    22:10:02.0525 0x11e4  Scan started
    22:10:02.0525 0x11e4  Mode: Manual; SigCheck; TDLFS; 
    22:10:02.0525 0x11e4  ============================================================
    22:10:02.0525 0x11e4  KSN ping started
    22:10:02.0656 0x11e4  KSN ping finished: true
    22:10:03.0276 0x11e4  ================ Scan system memory ========================
    22:10:03.0276 0x11e4  System memory - ok
    22:10:03.0276 0x11e4  ================ Scan services =============================
    22:10:03.0307 0x11e4  [ A7901875F89D011C38CF52C98ACF5B29, 782141AB1DD7ACDE6EA08B5BAFDE8BADD05B81D38C18E097D6D9C46102056EB1 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
    22:10:03.0364 0x11e4  1394ohci - ok
    22:10:03.0371 0x11e4  [ EE1CCC54F75C24727A218F98FC5349DA, 0B0D26640BFA0F551B7087027E572D0BF2C5EAF50A4187C5A7D839180B7FF589 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
    22:10:03.0381 0x11e4  3ware - ok
    22:10:03.0400 0x11e4  [ 73C73E1AA0D4D727A04AAAB120B7F56A, 5D311F11022994410DF5C67914D38B1F0D813EFD181EA234750286A272D67A1A ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
    22:10:03.0420 0x11e4  ACPI - ok
    22:10:03.0423 0x11e4  [ 0935496EF9624B46B935CB35ECE1F205, A22A2A29195505A65E8626D60B00C86C23E0CABC1EB8345EA5ED523516CC21C0 ] AcpiDev         C:\WINDOWS\System32\drivers\AcpiDev.sys
    22:10:03.0433 0x11e4  AcpiDev - ok
    22:10:03.0441 0x11e4  [ D6794C31F4077B71433988787BAA926E, F16365C2F195AAE94D4740E6C3DF4C0CECEC6393CAD65425DCCD28CDBA6EC51A ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
    22:10:03.0450 0x11e4  acpiex - ok
    22:10:03.0456 0x11e4  [ FE5F656D6B35089DA39112E74EC6A85A, 5D81EE63998232A5B36DE47FE15B9D04D5BD02234CA133A2462AECA8C60A22ED ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
    22:10:03.0466 0x11e4  acpipagr - ok
    22:10:03.0468 0x11e4  [ 2F242941E4DFF69B883D77A16F039557, 45C388365317C720654A659A9326B2BC0E9D84929C704654985597D5D620101C ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
    22:10:03.0478 0x11e4  AcpiPmi - ok
    22:10:03.0490 0x11e4  [ C247E35A21682DA8D0DC3AF9F025FCC5, 455415EE3166B3043AD8A4DD50B688DB74242267FB555642441251EFA823E971 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
    22:10:03.0498 0x11e4  acpitime - ok
    22:10:03.0537 0x11e4  [ 8FC33A20D54FB5CC7FBBA814B4E42A22, 707F61F0CEB9467D9BD1782868403BD53DB46EAB0342772661F370E5174AAD8C ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
    22:10:03.0547 0x11e4  AdobeFlashPlayerUpdateSvc - ok
    22:10:03.0567 0x11e4  [ 49B9DB97AFC85DCCBDACDAB2E90085B7, 2A6C2A09F74EA15044F442CCFB54A0F24F105ADB915E5C78F02F59652DC29152 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
    22:10:03.0594 0x11e4  ADP80XX - ok
    22:10:03.0606 0x11e4  [ 983266DA83FFF73DBDDD3730A4712228, 433A2731DAC687C52FB7E23093B8E11D92CCCF4C35B493D73AC30C6A4A6D2A6C ] AFD             C:\WINDOWS\system32\drivers\afd.sys
    22:10:03.0622 0x11e4  AFD - ok
    22:10:03.0628 0x11e4  [ E44DB3F7225EC3E119560738B3619972, 32946FBC2BD74072F22E48D769A034183F6C3728FCCC3CF0DD561602511E39B2 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
    22:10:03.0644 0x11e4  ahcache - ok
    22:10:03.0647 0x11e4  [ D0905D4A945D01D4B28DB9E1BD5985F7, CF389CBCD3B99D1BAE34A42F723F1005C32213A394F691978076D3DF1727715C ] AJRouter        C:\WINDOWS\System32\AJRouter.dll
    22:10:03.0657 0x11e4  AJRouter - ok
    22:10:03.0661 0x11e4  [ 8FD51B3B35707A66080D7C8CB05E792D, FE52F3DC280D208FDDC75F6E3294B8D601E0D86F9BD3DB1ACC8FC296AC74C23B ] ALG             C:\WINDOWS\System32\alg.exe
    22:10:03.0672 0x11e4  ALG - ok
    22:10:03.0676 0x11e4  [ DF21E05E41E5AC3F13F304D91457649A, 7F48F2AD1DBE89A261113C76D7C23AD7D87D5599BCC31F8A558A8A10B81BF521 ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
    22:10:03.0688 0x11e4  AmdK8 - ok
    22:10:03.0709 0x11e4  [ 45D0AA4BB90B821DF92E8F19ABED0C5E, EA87A6E98DB3C5A88A844C04C6934E870B7004E783AA5211722115382A211B90 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
    22:10:03.0719 0x11e4  AmdPPM - ok
    22:10:03.0722 0x11e4  [ 74FFBC43B4B899C9A8CA06A892F2CE73, 8D599363C7F3D373F1859BAA4D06DD0F40BE78B56BE52B74DE6EA6EF99452004 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
    22:10:03.0731 0x11e4  amdsata - ok
    22:10:03.0737 0x11e4  [ AAB0F1D8D7E54761ABAB13AF161F1680, CF847990EFFA2828F5B1DB1A68F08A6C2C918E9612EDFFCF95C36BCABBBEA272 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
    22:10:03.0749 0x11e4  amdsbs - ok
    22:10:03.0752 0x11e4  [ F91BAAC4237C40352A807000F3B716F9, F7EFA08E5067C3D419C9D21EDB880BA08883A80DDF35F8B42EC3AB293FE5E03E ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
    22:10:03.0759 0x11e4  amdxata - ok
    22:10:03.0764 0x11e4  [ BC121C099C6C659126AD2102AFDFF8CF, 42B5EE293BDD7ADCE48173A01B30D8452564B9DA225EAF25E9292FE77C0FCF3E ] AppID           C:\WINDOWS\system32\drivers\appid.sys
    22:10:03.0773 0x11e4  AppID - ok
    22:10:03.0778 0x11e4  [ 74A24CF946279111D7F203B36569EC02, FD67D36804744B4FE3E20BA891852575E6C2DA6515643B2F4B4210118B0FCCDA ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
    22:10:03.0792 0x11e4  AppIDSvc - ok
    22:10:03.0797 0x11e4  [ 73FAA5517CCD1332F00192A303CF2026, 75636222BFF381A3EECA010752DF7DC1603A395B91FF7FBF92127B5CA8EFFEE5 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
    22:10:03.0811 0x11e4  Appinfo - ok
    22:10:03.0813 0x11e4  [ 68190E2BADF23BD782344970E5B5DE9E, 95D30EC12C7FDF5822CED8BC2F17669A6687A2FB262B4F0D15C8DCFF4E9AB33D ] applockerfltr   C:\WINDOWS\system32\drivers\applockerfltr.sys
    22:10:03.0828 0x11e4  applockerfltr - ok
    22:10:03.0864 0x11e4  [ 21DC11DA29484AE026E536F2EA7E79E5, 6E17B679494CB293DE13DFA18F79A9DFAFEEBAAE41943F95B5E1AE0720A5CA26 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
    22:10:03.0889 0x11e4  AppReadiness - ok
    22:10:03.0924 0x11e4  [ 92397A07CDAD0CB73957A305F33DB634, 57EB4A105AFB6E020FA59E671F3441CF310764C8CCCBE28C870CE3EC033FE57A ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
    22:10:03.0985 0x11e4  AppXSvc - ok
    22:10:03.0993 0x11e4  [ E6AB1F0B4C3D4E0D2A88332D76FECD03, 0D3003EB979DA4546DCDD055011E24F13E34F683F02C9801CAC564D1809F11D2 ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
    22:10:04.0002 0x11e4  arcsas - ok
    22:10:04.0018 0x11e4  [ BBF8F831C7720DD5135D8C4C8325187A, 2630C68200D7BD49A5772830D6B369C0EC337C2558A9562DD564DF042249ECC0 ] asComSvc        C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
    22:10:04.0039 0x11e4  asComSvc - ok
    22:10:04.0042 0x11e4  [ 798DE15F187C1F013095BBBEB6FB6197, 436CCAB6F62FA2D29827916E054ADE7ACAE485B3DE1D3E5C6C62D3DEBF1480E7 ] AsIO            C:\WINDOWS\syswow64\drivers\AsIO.sys
    22:10:04.0046 0x11e4  AsIO - ok
    22:10:04.0050 0x11e4  [ 61C5A480C43E7E8E49C42869F49D0D3E, E610F0E4315ABA1D90AD4A1D7A68ABA2ACBB7FCA89E9D1798470365D52592D55 ] AsyncMac        C:\WINDOWS\System32\drivers\asyncmac.sys
    22:10:04.0060 0x11e4  AsyncMac - ok
    22:10:04.0091 0x11e4  [ A10F989A812B57B9695F6C305907C9C6, E2B292610079AA1A10696138DE8130905A8A834B75A8DED7EBF8B6732B77A0F4 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
    22:10:04.0098 0x11e4  atapi - ok
    22:10:04.0101 0x11e4  [ 65DD42A358451920A703EEEC1AB4995B, 7690EFB12E928ECF3D3D3155F7D1F7A8FEEE742212ABE5319166EA8DB5601884 ] AthBTPort       C:\WINDOWS\system32\DRIVERS\btath_flt.sys
    22:10:04.0107 0x11e4  AthBTPort - ok
    22:10:04.0144 0x11e4  [ 8BCA409E11F511A527F373700F8B1765, BEA8FD936BE65B2064059E72099F9770CD80D59646BF82AC5ADC06DDAAD389D1 ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    22:10:04.0175 0x11e4  AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
    22:10:04.0472 0x11e4  Detect skipped due to KSN trusted
    22:10:04.0472 0x11e4  AtherosSvc - ok
    22:10:04.0532 0x11e4  [ 835E2C1A3D32492E2B90BD4FE5527CB6, DE129E570C85EE8AAE8084B40F4E32766B4B789A2EED81E46311712B0826053D ] athr            C:\WINDOWS\System32\drivers\athw8x.sys
    22:10:04.0628 0x11e4  athr - ok
    22:10:04.0638 0x11e4  [ 5D637DF654D6386487876ADF5AF301B3, 7B53356237369D892F5BBEA9C967B20DCA40FA2B6B3C5AF7A4304FFD00DF1BFC ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
    22:10:04.0655 0x11e4  AudioEndpointBuilder - ok
    22:10:04.0670 0x11e4  [ A0F7114A69A67316B9707F1809061F86, 3B501B6C9E48CD6DD38F2C9880BE9885E17D3477FFAD1207631CD9E31CD05B13 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
    22:10:04.0701 0x11e4  Audiosrv - ok
    22:10:04.0705 0x11e4  [ 6D90FDA2DC364B8EA1420F2F81585CC3, 10E6F23A213CFE49BE04BB7D366ADD4028D61D7114FEC67C30B5467DF6B36D4F ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
    22:10:04.0717 0x11e4  AxInstSV - ok
    22:10:04.0727 0x11e4  [ 61BAC67048CA5C1D08C48FCC8012B613, 71B2A466FC38DA1029B471FBD2541D8FE359751A7B212AE0F420DB3645916450 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
    22:10:04.0743 0x11e4  b06bdrv - ok
    22:10:04.0746 0x11e4  [ 68F72B05EBC6D1779C0D60A147C7CA0B, AA1C857BEE34865C6B901157FC22570D4CF45D950708BAD7AA333F120F2B474C ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
    22:10:04.0757 0x11e4  BasicDisplay - ok
    22:10:04.0759 0x11e4  [ 23156E7EDAF613D839E2839746B168D3, CAEF8F9C7D3A338BD747AC9D5BFBE730D77B911E87BCF532EBB75E1F80916AFA ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
    22:10:04.0768 0x11e4  BasicRender - ok
    22:10:04.0772 0x11e4  [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn           C:\WINDOWS\System32\drivers\bcmfn.sys
    22:10:04.0780 0x11e4  bcmfn - ok
    22:10:04.0782 0x11e4  [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
    22:10:04.0791 0x11e4  bcmfn2 - ok
    22:10:04.0799 0x11e4  [ 2B4D3AEAAD02954F8C191BC2D67949AD, 8237C9AD556CFAF7442FF60F78608104BC17CE3134C89D986D49C38CC60B1518 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
    22:10:04.0818 0x11e4  BDESVC - ok
    22:10:04.0821 0x11e4  [ 0A508274355745EEF01C6BE3198D02C4, E2DB08AEE2368FA95FDB357BB31EA4EBF31679C3E72E109DB3D7CD1B5F7B828E ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
    22:10:04.0829 0x11e4  Beep - ok
    22:10:04.0842 0x11e4  [ 5125CBB61AC81168366BEB290399CB8E, B2A3095D45E2114DE2BD0E5A3AE20B3CE95EE517A35B9E1EAD05E231F38DBDCF ] BFE             C:\WINDOWS\System32\bfe.dll
    22:10:04.0867 0x11e4  BFE - ok
    22:10:04.0886 0x11e4  [ BFDCC935236AAEBA39CD3DE9BC2F73DA, C7511FAB014F20FBECA56A9BA5880DFD8F020B8A33A7A30B12DBE961640F3FC9 ] BITS            C:\WINDOWS\System32\qmgr.dll
    22:10:04.0925 0x11e4  BITS - ok
    22:10:04.0935 0x11e4  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    22:10:04.0946 0x11e4  Bonjour Service - ok
    22:10:04.0950 0x11e4  [ EEBFAEB4702E1049ECD44B10485E6C0C, 8F4D31E36717101B6172D7346E86EBC77B9CDAA5CC14AA1379661C16A7FF05E2 ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
    22:10:04.0960 0x11e4  bowser - ok
    22:10:04.0973 0x11e4  [ BD33624B1F5C35F519E87B53DBC30B34, 3EFE680D7E9FCD89492DCF4E53980D01FC92DC1F63935DF16429B66DCA2AA865 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
    22:10:05.0001 0x11e4  BrokerInfrastructure - ok
    22:10:05.0006 0x11e4  [ B3F32C630DD3F2F6A6091B89CFF13641, 7A9C53EF9AB9FF1DC392FD711B194A101DB36CA5BC799E817BEB446741089B76 ] Browser         C:\WINDOWS\System32\browser.dll
    22:10:05.0018 0x11e4  Browser - ok
    22:10:05.0028 0x11e4  [ DF2AE7DE73DBBE108180342E1DB9DACD, 3B0393EEB95372602A5790F845E458B15CEC6A3446CB692E6A6D5411F58FF234 ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
    22:10:05.0053 0x11e4  BstHdAndroidSvc - ok
    22:10:05.0057 0x11e4  [ 855D36E349031B829B91CE642B71AF7B, AAD3F753421E880297C879A29D004E0BDB320BF226577BD0CE5F6EC1BF8DC10B ] BstHdDrv        C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
    22:10:05.0063 0x11e4  BstHdDrv - ok
    22:10:05.0071 0x11e4  [ 3440E75ED7E9471A12B1121E155CB997, 58D0247A99A0E75E270BAFD644C9C89160AAAC16C06BF6245B75D16C60897B4A ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
    22:10:05.0095 0x11e4  BstHdLogRotatorSvc - ok
    22:10:05.0103 0x11e4  [ 37CB830E8A4966B9DBB910045E966841, 372065B75C4864347E460C66965E4980B3FB0AF02B8CF72ED63F0410FA1C0AD4 ] BstHdPlusAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
    22:10:05.0128 0x11e4  BstHdPlusAndroidSvc - ok
    22:10:05.0143 0x11e4  [ 6015629BDB5A96D8E6459BE714774739, 97C5FD8C20F252FD20E270587A9819756B87B7BC35E8EBBC9F8E7BE0C8CFF1D7 ] BstHdUpdaterSvc C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
    22:10:05.0182 0x11e4  BstHdUpdaterSvc - ok
    22:10:05.0188 0x11e4  [ B6FC31F187DA42B7F3AB036030F82426, 0899A947589DD98B3169C54C3715E16731C2FF38CD159C55028C20741CB58E5E ] BstkDrv         C:\Program Files (x86)\BlueStacks\BstkDrv.sys
    22:10:05.0196 0x11e4  BstkDrv - ok
    22:10:05.0203 0x11e4  [ BCDB654338FA6C4BEE20A8EA47092171, CE0408F126F23E8C51CE59F3A56B41C78AB8918512FB9866F055077E5428EA37 ] BTATH_A2DP      C:\WINDOWS\system32\drivers\btath_a2dp.sys
    22:10:05.0212 0x11e4  BTATH_A2DP - ok
    22:10:05.0217 0x11e4  [ A71E33AEF3289BE2BA6CAD032BF9BFBA, A390F0BAC83143489F7191E4595973D8E1EA6CDF0937B4A441848CF7345C8808 ] btath_avdt      C:\WINDOWS\system32\drivers\btath_avdt.sys
    22:10:05.0222 0x11e4  btath_avdt - ok
    22:10:05.0226 0x11e4  [ C6978F7EBA6F37D626482AC6B9390630, B4BF939AB9962A61DE9518604C20347DC2A6FCDCEB3D8AEF295AF12E6F2CDCF3 ] BTATH_BUS       C:\WINDOWS\System32\drivers\btath_bus.sys
    22:10:05.0230 0x11e4  BTATH_BUS - ok
    22:10:05.0235 0x11e4  [ 4AF7C20F94DAC343C01ED671C82DCB99, 2AABD85D9D76461DE883E0F13F61C391BA81E6198FF88268B319474E25A196C8 ] BTATH_HCRP      C:\WINDOWS\System32\drivers\btath_hcrp.sys
    22:10:05.0241 0x11e4  BTATH_HCRP - ok
    22:10:05.0245 0x11e4  [ 785C38070043BEEE9E9D591DE4067244, 1C8D15B8A9E80A2799E7094C4AE111FEA9FBC6EAA4A61B13EFE59314C9794949 ] BTATH_LWFLT     C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys
    22:10:05.0249 0x11e4  BTATH_LWFLT - ok
    22:10:05.0253 0x11e4  [ 31EC5FC3FC5CB273F2709AAF4AD88ED4, 804401CEBBB24443AE0A304FCF5CB6B0D7679BA7FC5DC3BFF968B0B44FE34EC1 ] BTATH_RCP       C:\WINDOWS\System32\drivers\btath_rcp.sys
    22:10:05.0259 0x11e4  BTATH_RCP - ok
    22:10:05.0270 0x11e4  [ C8BF11D79B29BB23A461B65B58BA8593, 35AFAD5ED40304976287E6C982085DF7A91FF48F0320DAC32370FA039AA03C69 ] BtFilter        C:\WINDOWS\system32\DRIVERS\btfilter.sys
    22:10:05.0286 0x11e4  BtFilter - ok
    22:10:05.0289 0x11e4  [ 722036C26D2C4E50EC2A2EC5FD678846, 999468038AE01F0FF6881F4B2A2CB67BC636641188E95F10729E08ADBC3CB3DE ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
    22:10:05.0298 0x11e4  BthAvrcpTg - ok
    22:10:05.0303 0x11e4  [ 77630A51FAF6A07922FEE835F4DED8F6, E096A9DC12885FD19575346A9693A66D0DDFF96C3155AD2040F2BF4249D1D609 ] BthEnum         C:\WINDOWS\system32\DRIVERS\BthEnum.sys
    22:10:05.0322 0x11e4  BthEnum - ok
    22:10:05.0325 0x11e4  [ C2E31BE025D46D189E38DD1EDF07837A, 656528DCAAAF485EC57EE5C3021E96736634DE3B9C39CBCD2728E055ABD4C0A5 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
    22:10:05.0334 0x11e4  BthHFEnum - ok
    22:10:05.0337 0x11e4  [ F7CD605FC0B0B22F3F6F247595E3A655, 1CD9140DE5415DDBEACD8667E63E5C95FD64D693B56302A0474E693E578BEAB0 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
    22:10:05.0345 0x11e4  bthhfhid - ok
    22:10:05.0352 0x11e4  [ B157D72BDA6A6DD6E9DC6BF338CD0CF8, B2AC26AE214151E5AD93DED78256BC0295DBF0133C854E7DEE4CD776D9C9A349 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
    22:10:05.0367 0x11e4  BthHFSrv - ok
    22:10:05.0373 0x11e4  [ 0AB691736D4D4029444AF62DE59CFD37, C1C22EFBF67331B87AB261BBF9813009257437BA02F728EC2DFA1A49ECC5FABF ] BthLEEnum       C:\WINDOWS\System32\drivers\BthLEEnum.sys
    22:10:05.0392 0x11e4  BthLEEnum - ok
    22:10:05.0396 0x11e4  [ 535DC41A33630AE4C262406F9E981C03, 599332589AA28D04189E19B87A4AE6FEEB60B40A7BC6E3B11240DA363A981C29 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
    22:10:05.0405 0x11e4  BTHMODEM - ok
    22:10:05.0409 0x11e4  [ D2A121586B660311B09964D2A6DDF864, 539953D953D40014366918BB38FADD3F21417EF8ADA532E1ABD1824949B952D4 ] BthPan          C:\WINDOWS\System32\drivers\bthpan.sys
    22:10:05.0419 0x11e4  BthPan - ok
    22:10:05.0435 0x11e4  [ 7A167521DC7A190B2FC37D6AB660CBF1, 627E41713C3A381525327EA42FFE2EFDD35A0FFDD3C44FE9DB45258B1474EB3B ] BTHPORT         C:\WINDOWS\System32\drivers\BTHport.sys
    22:10:05.0469 0x11e4  BTHPORT - ok
    22:10:05.0475 0x11e4  [ 96932F631F5CB9F5D1C8F99A71568EF3, 5E4C8955A2EE9DC76B4EBC383653EB753D76D6B017E1A5DD553AC16094D7F12A ] bthserv         C:\WINDOWS\system32\bthserv.dll
    22:10:05.0488 0x11e4  bthserv - ok
    22:10:05.0491 0x11e4  [ DC5955E589C55E2313D69B64E1A183F3, 06D703246D0813DE53D62885C8B7381135783673FF4BDDD5CC38FEB54901BB76 ] BTHUSB          C:\WINDOWS\System32\drivers\BTHUSB.sys
    22:10:05.0507 0x11e4  BTHUSB - ok
    22:10:05.0511 0x11e4  [ 23F9EF739F685E07482116425E7879AA, 0EBDF96A49A319C0BCF6F51FB6C8C392C017E1738B950C19C91FF43E14D73143 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
    22:10:05.0521 0x11e4  buttonconverter - ok
    22:10:05.0525 0x11e4  [ 4C61113687EB66035A70A55EE9B7DB4A, 3339821A3853B90F3B468470493A813053D82014E2677E726C16E19AABE2A440 ] CapImg          C:\WINDOWS\System32\drivers\capimg.sys
    22:10:05.0535 0x11e4  CapImg - ok
    22:10:05.0539 0x11e4  [ F8FB51B9EF6372610E9B31A1D86B62FC, 7461584A8B39AC549AD7BAFFA509D4CD81EEE542808BC8EFC285863A0AE6432D ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
    22:10:05.0550 0x11e4  cdfs - ok
    22:10:05.0558 0x11e4  [ 2439A82EC0BB421FA2B21E0A1C6C997F, 1B1DF0B628BE796E046DBC5597DB09681DA1785A148F2FBEC96F3AE45AA0ECB2 ] CDPSvc          C:\WINDOWS\System32\CDPSvc.dll
    22:10:05.0577 0x11e4  CDPSvc - ok
    22:10:05.0585 0x11e4  [ 4279D54DD2273B06EEAD7006D6938813, 7DB1BC3424A72978375B9DE26103104213F3645DE0AD748EF431A2C858FAC1E1 ] CDPUserSvc      C:\WINDOWS\System32\CDPUserSvc.dll
    22:10:05.0601 0x11e4  CDPUserSvc - ok
    22:10:05.0607 0x11e4  [ 613D0137C269187FA298A157E3D14A18, 84BC268525F14BB27202CE242BF94D9E83BC91B50A0335908574F31B29A2F04D ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
    22:10:05.0618 0x11e4  cdrom - ok
    22:10:05.0624 0x11e4  [ 9450FA11E9DE6715FCB71A519A8FF90B, B7E341C6E4CE967FCDD0D17A497C07E8A1C6B0AACE8A6E8E5D6C21EF73F13E16 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
    22:10:05.0637 0x11e4  CertPropSvc - ok
    22:10:05.0644 0x11e4  [ 0AED948DA8D5F08B3D6F12E4E2089736, 95E538E81DDBC83492C5F3820C82C78F050B4D74ACF12D7970EC84F93581AE29 ] cht4iscsi       C:\WINDOWS\system32\drivers\cht4sx64.sys
    22:10:05.0656 0x11e4  cht4iscsi - ok
    22:10:05.0687 0x11e4  [ 0002A0FDE087C1657AB31CE73077539C, 4DD6210B67E9633AB3240371590869DC833A4C986C74FC12A5D4FFFFD361848A ] cht4vbd         C:\WINDOWS\System32\drivers\cht4vx64.sys
    22:10:05.0730 0x11e4  cht4vbd - ok
    22:10:05.0734 0x11e4  [ 6B4F90A287D75CCD78694F6790C911B2, 73D7C31E9F475FA3FD568FCA9A953F968729AA114F63C06F38BF5198DAD67BD8 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
    22:10:05.0743 0x11e4  circlass - ok
    22:10:05.0750 0x11e4  [ 09D0B94D3A06EFD1EB70189EC4B26DF7, 47E73C536C63F4C21E4ADBB122A152D3A291CF4EDD4CB4D07D09D14E1A9961F1 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
    22:10:05.0764 0x11e4  CLFS - ok
    22:10:05.0776 0x11e4  [ E133CFCBFABB3CB517BE9F42FEA5887C, DA699CDD5F3CC427354540C907BD24CCA7BAC3112C53918EB611CB4EEC7611DA ] ClipSVC         C:\WINDOWS\System32\ClipSVC.dll
    22:10:05.0796 0x11e4  ClipSVC - ok
    22:10:05.0800 0x11e4  [ EEC3A4A98AE1A337E3CD1483AD6F2E15, 764DA329984A95E092F5C15116DA34FA7FC27216C0862365D4BF10ADC97EC5C5 ] clreg           C:\WINDOWS\System32\drivers\registry.sys
    22:10:05.0810 0x11e4  clreg - ok
    22:10:05.0816 0x11e4  [ 429623E266EF067A44E8CF148E9DFB9B, A48AA85ACC52C7AD73DB2D6148B3F9FB5EAC33C8F8C5BB6D7D0A9D84B7C08E11 ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
    22:10:05.0824 0x11e4  CmBatt - ok
    22:10:05.0876 0x11e4  [ BC52C29F562125AE078B95A7C7158909, 5FFFAC73D38BAF94B6A8917D97373BD89BEAD89149E7F4ACD8EBB41DE2F47BD7 ] CMUSBDAC        C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys
    22:10:05.0956 0x11e4  CMUSBDAC - ok
    22:10:05.0971 0x11e4  [ 3E502EB1701CF54CF237B6250FBE38EA, E63F6F45D3990ACBCA96003F67C83697BA5B74B89F972C5E9CC45F90D05519FF ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
    22:10:05.0989 0x11e4  CNG - ok
    22:10:05.0992 0x11e4  [ 3DB10C59405931E2C72EFB82C1AF97D1, 100B5450A70988DB1C1F8A5FDBB3553AF1A0D47B42A5AC71460DB92E26010CE6 ] cnghwassist     C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
    22:10:05.0999 0x11e4  cnghwassist - ok
    22:10:06.0009 0x11e4  [ 34C935AF2A414572B412B3556586D783, 912981B88B0796576ECCD5EBE0C4728EC02D5D6A96B039447DCBA59B2583F25E ] CompositeBus    C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
    22:10:06.0018 0x11e4  CompositeBus - ok
    22:10:06.0020 0x11e4  COMSysApp - ok
    22:10:06.0023 0x11e4  [ 44EEEB2382F566999287E13F2067693C, 53A4A0C85EAD38030FF2078C67465E3710ECD03A08FF34E1E67B2E3E1CC70043 ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
    22:10:06.0030 0x11e4  condrv - ok
    22:10:06.0043 0x11e4  [ 03DCC01047713690E312B013C60881AE, B98174222DDFDA2A31BAC4795D99FA07D1D03107ABDB27BF5069FAFBBF00D278 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
    22:10:06.0062 0x11e4  CoreMessagingRegistrar - ok
    22:10:06.0068 0x11e4  [ 5F06CAC4B09250CDDDD0180A08162924, A2EB0A57225E65FC264CFC9FAD858D8B54A015CDAE3DC904B1C4E9AAB40B1F06 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
    22:10:06.0080 0x11e4  CryptSvc - ok
    22:10:06.0083 0x11e4  [ 68B1E0DA1BB1680494227E88CE821E2F, DE9AFCE4CC28F3484180D6A63FBBDA5B89F208E056BD17870C074094159ED6AF ] dam             C:\WINDOWS\system32\drivers\dam.sys
    22:10:06.0090 0x11e4  dam - ok
    22:10:06.0106 0x11e4  [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
    22:10:06.0133 0x11e4  DcomLaunch - ok
    22:10:06.0138 0x11e4  [ AE9F09F87755C18904656CB4F59F351D, B352A43B3B68B497D87B49C302AF3F37F36D56D49878AE3785C3D43597E5DC57 ] DcpSvc          C:\WINDOWS\system32\dcpsvc.dll
    22:10:06.0154 0x11e4  DcpSvc - ok
    22:10:06.0163 0x11e4  [ ABBD3EE724117242E28D31F19FBCFF03, 68EA91A969DD80A5DE28B0A8EAEB308837183713559C2C2FAEF991858C971393 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
    22:10:06.0186 0x11e4  defragsvc - ok
    22:10:06.0196 0x11e4  [ DD74F18227ACC837D9856E24282D446D, 6A760E44CD897952538CDFA8895FE11263D51AAA79CFF24C01F3862E919DA478 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
    22:10:06.0225 0x11e4  DeviceAssociationService - ok
    22:10:06.0229 0x11e4  [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
    22:10:06.0243 0x11e4  DeviceInstall - ok
    22:10:06.0247 0x11e4  [ CDF1B1B5C5951111791C236B2696C7F8, BF6C4BA545C8827B40DB69890DB4D2B2F9C583C5E3CFBDFD370B05891141458D ] DevQueryBroker  C:\WINDOWS\system32\DevQueryBroker.dll
    22:10:06.0256 0x11e4  DevQueryBroker - ok
    22:10:06.0261 0x11e4  [ 7EAFDEF51136E8F2452CEBD8D084F108, 88609DCB578D14BEBF7CF3C4D300FE2440BA0CF95189969247AB516059E9C284 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
    22:10:06.0272 0x11e4  Dfsc - ok
    22:10:06.0276 0x11e4  [ 9593475FBC857A05D93BFF4FA7323C2B, D2A958AF5EFDC6136A6ABB7F8D5FE1F84C967E79BEA96C5BE3661A0145DEB907 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
    22:10:06.0283 0x11e4  dg_ssudbus - ok
    22:10:06.0291 0x11e4  [ F0D4400BA0F08610D9A551B15BF10B76, 83EB8FB272FC2DD2CC0659C2FB90AD0DAE88A88AB3951E03BCD933A25B601E10 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
    22:10:06.0307 0x11e4  Dhcp - ok
    22:10:06.0312 0x11e4  [ CA7FEDDFCF61EF15A09C54DA2C07C49F, 346EF7709BA9E6BD48592B86FA46F9D956C847EF91F4980EEAD98269D0F0EF67 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    22:10:06.0322 0x11e4  diagnosticshub.standardcollector.service - ok
    22:10:06.0351 0x11e4  [ E866C3B273EC6AD4F9EB493A8293BDF8, B1B1B609E4488C8A4CB874618A3554E60FA0B562B5040AA7E4A954181B4ACE98 ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
    22:10:06.0404 0x11e4  DiagTrack - ok
    22:10:06.0411 0x11e4  [ 35B9D46560339A5A7F0CAC6ED702C817, F70480B01533B7029F90E2DE297E9E829660300DDE7A7D009B0AC2684E7691A7 ] disk            C:\WINDOWS\system32\drivers\disk.sys
    22:10:06.0419 0x11e4  disk - ok
    22:10:06.0428 0x11e4  [ 44A5CAF4E736BCD4360015BB3B841179, 8CD74620C3E163FF998CA8C09A999FED5C9EFDC88D07493192A57032D18CA973 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
    22:10:06.0448 0x11e4  DmEnrollmentSvc - ok
    22:10:06.0452 0x11e4  [ 815F45161A4571C2C44491564F3D5968, 32E7AE8414A178CE429C0CDFCF718E3C11C705FB3155EA5CA0EAD48AAE507B01 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
    22:10:06.0479 0x11e4  dmvsc - ok
    22:10:06.0483 0x11e4  [ 6E5EE6E420FECD64DE463C5F01CBFE71, F173C56895E80AA03D70CD78B3AB659C2EEAACFF43BE3B6EF3939D6F4AD4F62D ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
    22:10:06.0504 0x11e4  dmwappushservice - ok
    22:10:06.0511 0x11e4  [ 7F8A3ABF7750326E18CE953CCE262670, 5DBD159E8A455A42764FC73CF7DCAC849B5896848C5589B00BD36697804C0A3B ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
    22:10:06.0532 0x11e4  Dnscache - ok
    22:10:06.0540 0x11e4  [ 8F46B4C3F9BA19C26A26D0A11137B20B, BA0A66DBA98D77FD85A7CD2D4593F2B2A1A3B4D32BBECBCFFBEB5A54DCB0D8ED ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
    22:10:06.0557 0x11e4  dot3svc - ok
    22:10:06.0562 0x11e4  [ CA09EAEE92C6FDDC6B05057F11A0372D, 14DB5C186B69644AA93C445BF31CC9670204F95A47B77B6EACB19B4A316378AD ] DPS             C:\WINDOWS\system32\dps.dll
    22:10:06.0576 0x11e4  DPS - ok
    22:10:06.0580 0x11e4  [ AE6BD4C879A8C849E53947C92DF3B3A0, 8C29774CB2D30D901C54AAC0C8ACE709351EE40E5C8FB9951B2A18B4A03F28B7 ] drmkaud         C:\WINDOWS\system32\DRIVERS\drmkaud.sys
    22:10:06.0586 0x11e4  drmkaud - ok
    22:10:06.0593 0x11e4  [ 7433474BE77F065D2FA628671FE31A3E, 063ADDC68F48036749E6EC7B2F66284DB29F90F62E9468D16B4EF5A0FDC45E35 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
    22:10:06.0612 0x11e4  DsmSvc - ok
    22:10:06.0617 0x11e4  [ 5FCA45C24501DA7390065D3706A9FC3F, 093FD840F1502ECC6F05B9723CA523B3F15CF39A5D2B9106E1267739B3F2C52C ] DsSvc           C:\WINDOWS\System32\DsSvc.dll
    22:10:06.0631 0x11e4  DsSvc - ok
    22:10:06.0638 0x11e4  [ 6688B6F74C360CBC366B7AF948D9084D, 9ED4BEEB5E53D1BA9095D1C3F680FCB9FD8389C4AD7BE388786AC3CECC7EC98A ] DTSAudioSvc     C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
    22:10:06.0669 0x11e4  DTSAudioSvc - ok
    22:10:06.0709 0x11e4  [ D2EC2AD9C2F514AEECD5EC2B46107228, 478B9119285730D41929E4C3773A67C4DC3C5FE598728509ADFB933C1E259C7A ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
    22:10:06.0749 0x11e4  DXGKrnl - ok
    22:10:06.0761 0x11e4  [ 83E4A14F851341C933C3235BFB882ECA, 152EDEF6B566D010FE519FE4B046050A5281069B48AFF8A2395D7D2BD0519701 ] e1iexpress      C:\WINDOWS\System32\drivers\e1i63x64.sys
    22:10:06.0781 0x11e4  e1iexpress - ok
    22:10:06.0785 0x11e4  [ 9FCE4EF7D5E274F862D9A2526B5F4779, 81D42D5475C2801C8E0C233A0BA827569D8A70590017C91C665C8B232D9BFAA9 ] EapHost         C:\WINDOWS\System32\eapsvc.dll
    22:10:06.0799 0x11e4  EapHost - ok
    22:10:06.0846 0x11e4  [ 7EC6FC0266D74BD47ABB130A328B70EC, 3856790AF967AB03B1A89F97328DC4D5A6854ACDA6169681A9AFB03D7CF791F9 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
    22:10:06.0915 0x11e4  ebdrv - ok
    22:10:06.0922 0x11e4  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] EFS             C:\WINDOWS\System32\lsass.exe
    22:10:06.0929 0x11e4  EFS - ok
    22:10:06.0933 0x11e4  [ 8D74B8B5D6F7C5BC4C525BAF2B083FF1, DA5656F745B3911F96871887FDFDC40F4D9C820622A0AA27EFE4BA93662833CA ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
    22:10:06.0941 0x11e4  EhStorClass - ok
    22:10:06.0945 0x11e4  [ 2A9817B5A9260D8F60D52E36BEF10443, AC1A0203221AFAF584C71317FA07AA1B6E61BE619E918B3B1E4AD57CCED1CF03 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
    22:10:06.0954 0x11e4  EhStorTcgDrv - ok
    22:10:06.0958 0x11e4  [ 80A7999DE02CE678B865832E1CE78CD6, 2576EBB6E4D630A906DE724F125099E52A962B5B68B9F9BCA849A7B29D8C8689 ] embeddedmode    C:\WINDOWS\System32\embeddedmodesvc.dll
    22:10:06.0971 0x11e4  embeddedmode - ok
    22:10:06.0977 0x11e4  [ B4264DEF962801CDB83C008DE30758D1, 57886688102BE727450BA45932044A5A389B5822A0C1C08C2AFFBA380F70C3F3 ] EntAppSvc       C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
    22:10:06.0996 0x11e4  EntAppSvc - ok
    22:10:06.0998 0x11e4  [ 77B60DEC7DCB4233E4A69D3F52E5DB24, 3A5C905E37A93899051497C90E5BA8E1D003B56C6906CADFD2F1CDF52052D248 ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
    22:10:07.0007 0x11e4  ErrDev - ok
    22:10:07.0017 0x11e4  [ F89083AB8B9F51C0031C1CBD0A9A7E35, 9EE973A25134960E62D1A6A1E34AD9B3F7690E71C1AD31A23FA2081A73438754 ] EventSystem     C:\WINDOWS\system32\es.dll
    22:10:07.0035 0x11e4  EventSystem - ok
    22:10:07.0042 0x11e4  [ FCD2C63754C2E739A8EEAD9BC63F9DDC, C57A72ABA4C0BD71F914B9C8FF965DCFF585A205498F19A4584A4BAF7674839D ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
    22:10:07.0058 0x11e4  exfat - ok
    22:10:07.0066 0x11e4  [ C077AA74EDDAF69985EB27597BCB342A, 8CE48D37E39A6DFA3C8E959CA92A49029100446DC40044EE009D55FB9CDE378A ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
    22:10:07.0077 0x11e4  fastfat - ok
    22:10:07.0090 0x11e4  [ 77CE56471AF984800F318F3734D768C7, 72D540072374A56C2C497F0532A50705D3F0637F2C0C96B1D715F2EDFCA3AA2D ] Fax             C:\WINDOWS\system32\fxssvc.exe
    22:10:07.0113 0x11e4  Fax - ok
    22:10:07.0116 0x11e4  [ 99598ECA5E41996E005D5B9D9FF1EFA2, 91345CD50EF02431B69093505C1C5F5DC6A1AA6BF192EE9392ED4D5626B60462 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
    22:10:07.0125 0x11e4  fdc - ok
    22:10:07.0127 0x11e4  [ EF0DD43A4CBAB367BCA1AFBDC9971E4F, 73E161C45D63FDDE71EE2438137913724DC513860539D1E7F6BD861F5D1B33F3 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
    22:10:07.0139 0x11e4  fdPHost - ok
    22:10:07.0142 0x11e4  [ 34DAC585994CD3B4E910DE11C584EF3D, A6C6A4CB5413EA61F1A54E2D3AD71A311CEA2C26218544D2D2D4A5CFEC52DE8C ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
    22:10:07.0152 0x11e4  FDResPub - ok
    22:10:07.0156 0x11e4  [ B68DA1FE3CA2311AFD38DD6905CA7F71, 4B395DFB1B47D2507CA4D9DC996A70D0A3BDB1A245CD6DA6C42B2A299AFCCF37 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
    22:10:07.0169 0x11e4  fhsvc - ok
    22:10:07.0173 0x11e4  [ F44F666B0EACC3181544FFCF8CA0FFC7, 83F771CF9DAE1C504B30731EEC55355EA1253174252DA2192ADF1D228B3735C3 ] FileCrypt       C:\WINDOWS\system32\drivers\filecrypt.sys
    22:10:07.0183 0x11e4  FileCrypt - ok
    22:10:07.0187 0x11e4  [ 78A210DDFDF2C9EC884631D2DAA573F0, 5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BD ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
    22:10:07.0194 0x11e4  FileInfo - ok
    22:10:07.0197 0x11e4  [ 1A97DB5E701A186989F3795223C3BE39, F7982220D4DF7E104955E63CACE352394E2577DEF49506EA126127F820EB62DF ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
    22:10:07.0208 0x11e4  Filetrace - ok
    22:10:07.0211 0x11e4  [ 46626665F0E5906E45619B4EFD6186B8, 37FDD3B8AD49FD29E54DA5567EA77F28A53498AE56348F7A2628E5E5549D638B ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
    22:10:07.0220 0x11e4  flpydisk - ok
    22:10:07.0228 0x11e4  [ FDA72ACA14D516D18C33AFCD0FD9260F, 6509612DEC82EA74614B5C9A7B432305A1A468C97B88BED9E141DF2929B621B1 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
    22:10:07.0240 0x11e4  FltMgr - ok
    22:10:07.0268 0x11e4  [ 08B4B6F99095070EDAB121137C9E2D8B, 3A3ED4FC3B4F14C5666BB507AE7EE5539E2D8D00A0C2EB1AA04E224934DE9F4B ] FontCache       C:\WINDOWS\system32\FntCache.dll
    22:10:07.0318 0x11e4  FontCache - ok
    22:10:07.0324 0x11e4  [ 59241194DBDF30A2B4029E402F377900, 47A92E9CD8494C403B377799D395670A393766647E24CD83B15338CE2AA50266 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    22:10:07.0331 0x11e4  FontCache3.0.0.0 - ok
    22:10:07.0344 0x11e4  [ 136D6E6AC155A8347E5DC9FE39D3735A, ABD488075EAE2D2B7974EA6441615A9EDFF25B6B6C96BFD64EE70A15510C67B4 ] FrameServer     C:\WINDOWS\system32\FrameServer.dll
    22:10:07.0371 0x11e4  FrameServer - ok
    22:10:07.0375 0x11e4  [ D152CCBFC8251670BF0AAFE00D6BC782, 9DE82D8FC4E1DAF8FF23EE08C0B7CB5051A9224E64544D262CFA4996A41B04E1 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
    22:10:07.0382 0x11e4  FsDepends - ok
    22:10:07.0385 0x11e4  [ 6D6BB5C7363CD35FA715E826F3D029EE, C214F791EB39E8B25CE57ED9D6C1D56EE1AF6021BCB380980BD42A6338A6C9F7 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
    22:10:07.0392 0x11e4  Fs_Rec - ok
    22:10:07.0403 0x11e4  [ 8EEC4925C03E375C4EC496E45C44139A, 06C5C7BCC28D3E435675F0759A09CAB726E971DF4BFC1DC3DCF503EABCDCCCC6 ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
    22:10:07.0420 0x11e4  fvevol - ok
    22:10:07.0424 0x11e4  [ EF78034773CE506323655A868C949144, DF195BEEE6704FBCC6D2D9E1BF6723E52ED502A1459F495B7D18481E6A79B5BC ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
    22:10:07.0433 0x11e4  gencounter - ok
    22:10:07.0435 0x11e4  [ B55FEBC6A00DAA1FE074F020B6907516, 67071FBAC2ABA47AB71358A5F08E92E034A55343878F00137E90B3B1F7362976 ] genericusbfn    C:\WINDOWS\System32\drivers\genericusbfn.sys
    22:10:07.0444 0x11e4  genericusbfn - ok
    22:10:07.0462 0x11e4  [ C6E1E9A45C8BCFD073148B6A6B038C69, EB421C687BC3A3CF97685AA598EF0C671AA74DC801185D4E3C197C1B5B24EE02 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    22:10:07.0482 0x11e4  GfExperienceService - ok
    22:10:07.0488 0x11e4  [ DDD8A8CDDC7F13EF57D1DAAE71865936, 9D472A8689F72F24D40D5B94849690F53C67849FDF6162A94EF4FB330A3DA566 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
    22:10:07.0497 0x11e4  GPIOClx0101 - ok
    22:10:07.0516 0x11e4  [ 713A176494CEC107E663CAD6C2B27F77, 76871D8CFBA8FCD8CFF96208AE84C658EBEC60270D978898B90EE9451AA1BCE1 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
    22:10:07.0551 0x11e4  gpsvc - ok
    22:10:07.0554 0x11e4  [ 7ACD8F69B5D6EC97E6D2C006E19BED88, FC69214C9308EA64B88EF4C3C95800586DDBB44C8540846B79A161BAD8203B6E ] GpuEnergyDrv    C:\WINDOWS\system32\drivers\gpuenergydrv.sys
    22:10:07.0563 0x11e4  GpuEnergyDrv - ok
    22:10:07.0571 0x11e4  [ 217230B984AB2954E2FA5E36578D7B08, BB7B79EA7501A28EB2A0303FDF66FB9D59D567994C25A1523CD6D2081C403AF6 ] HdAudAddService C:\WINDOWS\system32\DRIVERS\HdAudio.sys
    22:10:07.0597 0x11e4  HdAudAddService - ok
    22:10:07.0600 0x11e4  [ 10E3515FE5DBA6656FA62C29342EC4A1, 2051F10F74ED712B1766EB61E87FADE25AB3D0970BABFD320600D1B0D6377F26 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
    22:10:07.0610 0x11e4  HDAudBus - ok
    22:10:07.0613 0x11e4  [ B90D284B97CD4CA9DE7430AAAD887A56, 2F14F985C39B7801ED64590979CF2114924E9547F5B11D2B37A74DBFFDD9E7C5 ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
    22:10:07.0619 0x11e4  HidBatt - ok
    22:10:07.0624 0x11e4  [ B2FE11643CC6ACDEE6C247DD36018FDB, 5796613C7DBF8B2A9E860E006FF1A245B6BE7D10E3F6685AD142B48E5C237B8C ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
    22:10:07.0634 0x11e4  HidBth - ok
    22:10:07.0638 0x11e4  [ D24355488A2D4D2323518EC1AC7A6D9E, ED2176A2093726087EDDA25B86E9CDD4BA35F4E748E3A6DE0B15C4C97646B5C7 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
    22:10:07.0645 0x11e4  hidi2c - ok
    22:10:07.0648 0x11e4  [ 0AF9ABBA4F3F55C6C803890D64BC3C29, D3DE6FA308F8E7CD4F16387F46AE4B2F7EC9BBA07BF87652B660A0D645710571 ] hidinterrupt    C:\WINDOWS\System32\drivers\hidinterrupt.sys
    22:10:07.0655 0x11e4  hidinterrupt - ok
    22:10:07.0658 0x11e4  [ CDBCF8E9AB06D88A1E1191D32F320C5D, F76963AB7CF2BAB3A220013879AECD3976BFD851CFB66B5A69A9EA2541048861 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
    22:10:07.0667 0x11e4  HidIr - ok
    22:10:07.0671 0x11e4  [ C900FE0DD6A1E2220084B8F1C427790C, 802194EBEDA1A50EDA300078B0888AAC1F17A42E67147B7B3B9C50AD8D4E5C89 ] hidserv         C:\WINDOWS\system32\hidserv.dll
    22:10:07.0680 0x11e4  hidserv - ok
    22:10:07.0683 0x11e4  [ D8536CB438CC4CCDAE047B768EED22B2, 4F666BFA3554F9ACA6B9D436BFA64474D5F30FB3E78F4E66068CCDF283D9867F ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
    22:10:07.0701 0x11e4  HidUsb - ok
    22:10:07.0708 0x11e4  [ 44D54C8356588525D7AD0FDCFDDA0811, 46963ADBF14FA8A9B0E6564106ADEA49BBD4EBD9E43DF389CCD31F9B9BD080D9 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
    22:10:07.0723 0x11e4  HomeGroupListener - ok
    22:10:07.0731 0x11e4  [ 86161A89F16851728802590EC7C92608, 3A3B05BB4E115410D27063B30C0EF3F18295F542050F329F1E466C81A9E23A46 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
    22:10:07.0749 0x11e4  HomeGroupProvider - ok
    22:10:07.0752 0x11e4  [ F5CA18197B4646E04DB9EB2D6642CC4D, 5BA3342DDF1BCB67E4156169FE9A33E7BC2641C729E9F1A80C0E80953C6AB114 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
    22:10:07.0759 0x11e4  HpSAMD - ok
    22:10:07.0776 0x11e4  [ BAFD8946905DF03E6ECDDB154A4BAA9C, FAD178FAFA5760132F3A9FC862C2726B337CA0CE1D66EA819CB5AFEB2D664618 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
    22:10:07.0798 0x11e4  HTTP - ok
    22:10:07.0802 0x11e4  [ 0C84C250F80EAEC2C9768464CC1A9626, 212E1003B78F9B98FEB084FD1FDB59B26A9DE4C9120F24D4361FBBF0F3C035E7 ] HvHost          C:\WINDOWS\System32\hvhostsvc.dll
    22:10:07.0812 0x11e4  HvHost - ok
    22:10:07.0815 0x11e4  [ 74FC79C52395B10FFD0B55CF22CF88FC, 94D977DA2092EE8C2A598AC48758A84BB22CB6378BD114C2D3B4172A07A9CACC ] hvservice       C:\WINDOWS\system32\drivers\hvservice.sys
    22:10:07.0823 0x11e4  hvservice - ok
    22:10:07.0826 0x11e4  [ 771EDDA9830A3079F996F34D681FB6E5, F452AD656872A1C8B2D6DCE232CE01EBD456C46F4934A7601E78470F2A2CBF38 ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
    22:10:07.0832 0x11e4  hwpolicy - ok
    22:10:07.0834 0x11e4  [ 3B9F315E7FA72CC25228EB097DD9C694, B26F1E494428EF197A0C97645C05BB3CA093827A005D35C987F1D6778BC4E52C ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
    22:10:07.0842 0x11e4  hyperkbd - ok
    22:10:07.0847 0x11e4  [ B54B30992620C97230013A74461C8517, CAF09BDCDD6DE2A39CB8AE2C65E6F8FE12D8E93D84BBEF6C6A98F872BF54A4E3 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
    22:10:07.0858 0x11e4  i8042prt - ok
    22:10:07.0861 0x11e4  [ C6B8743B213F06AA60943D8366FE968F, 758954F70B810063914B243115B2C753B2BCE40190F95C30ACBA0BF04EBD5B33 ] iagpio          C:\WINDOWS\System32\drivers\iagpio.sys
    22:10:07.0868 0x11e4  iagpio - ok
    22:10:07.0872 0x11e4  [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c           C:\WINDOWS\System32\drivers\iai2c.sys
    22:10:07.0881 0x11e4  iai2c - ok
    22:10:07.0884 0x11e4  [ 5A0E850F8CD17791A3E6A3CF81D0CA28, 10A965A49D53360DD250E0758B6BB142872298A21C732EB026ACB93492C5C6CF ] iaLPSS2i_GPIO2  C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys
    22:10:07.0893 0x11e4  iaLPSS2i_GPIO2 - ok
    22:10:07.0898 0x11e4  [ 7508F1096803385D6376BFD0BD473AC4, 1F32EC23CDC94DCB9710E6663B5C3BD83568545DDC2C741CFC13550A4E4DD2BE ] iaLPSS2i_I2C    C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
    22:10:07.0906 0x11e4  iaLPSS2i_I2C - ok
    22:10:07.0909 0x11e4  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
    22:10:07.0914 0x11e4  iaLPSSi_GPIO - ok
    22:10:07.0918 0x11e4  [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
    22:10:07.0928 0x11e4  iaLPSSi_I2C - ok
    22:10:07.0940 0x11e4  [ FA4C48E36F0B24E7E33D3E7E1844B9C9, F61F448B8E305DEFDDA5D4A6FC4E57C798C11ED4DA0ACB885847DC8A9A7B4E98 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
    22:10:07.0953 0x11e4  iaStorA - ok
    22:10:07.0965 0x11e4  [ 97E553D03219D3D51705C7235D9EAEBD, 5D4578C8804AF32D1DC0868E34D6538138DC15F9568CA7E21051B1C82C0D8D55 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
    22:10:07.0984 0x11e4  iaStorAV - ok
    22:10:07.0987 0x11e4  [ D5854F77CEEAFC5A8405F8ECCBEC09DF, 06D94EAF55787F807FB40E95011E90B0A719AC1A1529C2C110C1EABC5BE02C5B ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    22:10:07.0991 0x11e4  IAStorDataMgrSvc - ok
    22:10:07.0999 0x11e4  [ 8350FE3BCDE3428BC040877BB7E9EAEB, 77F9456351CA640C6B7862907C0580627E761EC807B551976A95657EB4D6CC20 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
    22:10:08.0013 0x11e4  iaStorV - ok
    22:10:08.0023 0x11e4  [ 3BA03F7C7700DDF4C383DDE9252F5817, 3E90F69D0010E7764349D9AE865D577E431FEBC67DA554B400BC808DD286E203 ] ibbus           C:\WINDOWS\System32\drivers\ibbus.sys
    22:10:08.0040 0x11e4  ibbus - ok
    22:10:08.0044 0x11e4  [ C1010ADD3DDAE1196ED21057AF7B2AAE, 68196851855AD395008D7F29FCEB28BA4BEB1F062B1844A60813E7DD102ACB1C ] ICCWDT          C:\WINDOWS\System32\drivers\ICCWDT.sys
    22:10:08.0048 0x11e4  ICCWDT - ok
    22:10:08.0053 0x11e4  [ 937AC47F7356554DA05D9722C356EB55, 9EABC9F19B4E1193B669D2674967F5C6F03FAD348EDF0615E3F78554FF9A83CC ] icssvc          C:\WINDOWS\System32\tetheringservice.dll
    22:10:08.0067 0x11e4  icssvc - ok
    22:10:08.0082 0x11e4  [ F2934208C0E50C0B971A7981AB90BED2, B936BFBBD71E731CC2CDB8B47D262F2EF09726FF921C2DA0841910CA2401423D ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
    22:10:08.0111 0x11e4  IKEEXT - ok
    22:10:08.0114 0x11e4  [ 2A01C96DF5802D3434634E55C91232D8, A3ABEF36E2FD2CF5C371ADBF92566A09669A1D990ABE4677370F57F2EEAF8121 ] IndirectKmd     C:\WINDOWS\System32\drivers\IndirectKmd.sys
    22:10:08.0123 0x11e4  IndirectKmd - ok
    22:10:08.0193 0x11e4  [ 3A2D6740F51BE48C0FD01AD907329DEE, 4FD899CD6E3B3D5C9803E52CB72F002B6CFC144D524FAF6845CF6D115EC6E059 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
    22:10:08.0259 0x11e4  IntcAzAudAddService - ok
    22:10:08.0277 0x11e4  [ DDA8E5AD97231AB50B81FED04C28F64C, 5C9E8F7CC45A9AE7FF12A02641562E271D84894DFA7C50218AC2AAA298251B60 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
    22:10:08.0772 0x11e4  Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
    22:10:08.0976 0x11e4  Detect skipped due to KSN trusted
    22:10:08.0976 0x11e4  Intel(R) Capability Licensing Service Interface - ok
    22:10:08.0991 0x11e4  [ 86FE509640D77FB0998FC8B1FF5523C6, 13E895DEB9B84379251699D7E52C5E3FD888994425DE01B6C4634F9E959D5584 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    22:10:09.0505 0x11e4  Intel(R) Capability Licensing Service TCP IP Interface - ok
    22:10:09.0511 0x11e4  [ EA83415296F905D11651B9AF26FB7EBD, 0A37449E8EF0190A088720EE727EA46B7E8BE376801C4EBC8173A012B2A476FD ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
    22:10:09.0518 0x11e4  Intel(R) PROSet Monitoring Service - ok
    22:10:09.0521 0x11e4  [ 9F7E87F6595D065A8A200A291043045E, 6944F72F73EADC6C9B7691F2C1C6DF1898F22C88EFA78EC0BA8CB5FFD9CE057B ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
    22:10:09.0527 0x11e4  intelide - ok
    22:10:09.0530 0x11e4  [ A6BD2E20AE1BC5CB2776C87C28E4F4CA, BD8BE67CED9A4982D785CE9ECBEFE868C3A2E37DF7F9592B9F9049B807A1554B ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
    22:10:09.0537 0x11e4  intelpep - ok
    22:10:09.0541 0x11e4  [ 2A48DA39542636DB0FA3BA915385D1B3, 6CA0916F5F4B1E81AE6A6233276320599BFA7C129267177703E3BB6468FB4683 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
    22:10:09.0551 0x11e4  intelppm - ok
    22:10:09.0554 0x11e4  [ 4A922CAB4AB5F29F1BECC9D95B4B7F05, 7C1006799E26A0B4DF49373A4D0509748C602588CFB3C1CBB409E335F5DF9593 ] iorate          C:\WINDOWS\system32\drivers\iorate.sys
    22:10:09.0561 0x11e4  iorate - ok
    22:10:09.0565 0x11e4  [ FE85D0A86CA7A5A99CF8CD04DE7F80AE, 544C01FC01EE728EB5667158207E5F4418FE77A88BA318192A834722DB766F4E ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    22:10:09.0575 0x11e4  IpFilterDriver - ok
    22:10:09.0591 0x11e4  [ 89548E57FD0A7BC703541C69C0286B13, 261698B302DF5B80C57FC4257E0A0AABC8DEFFED16D8CD142AD8E7CB51AF2007 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
    22:10:09.0619 0x11e4  iphlpsvc - ok
    22:10:09.0624 0x11e4  [ 450DBDD716C7911F83E05F78EE18BFA2, 43C0DA172F632131898F315A53DEDD1AE99FB0620AB32B3A5B99FEC498C9AAE5 ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
    22:10:09.0631 0x11e4  IPMIDRV - ok
    22:10:09.0637 0x11e4  [ F1DAECC3B3D6399875D4F10529D6A77C, 6533D2F858816BE6570C998510919FCA2904EC6EF806F61C1FD325E88133111B ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
    22:10:09.0649 0x11e4  IPNAT - ok
    22:10:09.0653 0x11e4  [ 7475A2903BB704B446AA6309E34D3362, C94643A1626A9716015EBA7041A1224098501EB7DAA704CBFCAD3DC6F3CFC6AF ] irda            C:\WINDOWS\system32\drivers\irda.sys
    22:10:09.0664 0x11e4  irda - ok
    22:10:09.0667 0x11e4  [ 9725E7F0C64CE9916A5CDABE8D6E13C3, 04AF9E48FEF208A2850DF28352E8FDCBF4018982C72C0F67EE12C048C4070116 ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
    22:10:09.0676 0x11e4  IRENUM - ok
    22:10:09.0679 0x11e4  [ 8C604213A2E73088BFFE6CD2E6F1AE53, B4C4FEE4D398A29F72EC27D5668071D7E68CD943FFFC38624DD5DF5BEBDF46D3 ] irmon           C:\WINDOWS\System32\irmon.dll
    22:10:09.0688 0x11e4  irmon - ok
    22:10:09.0690 0x11e4  [ 58040898883A96160D41739C80328BBF, 7F85C91C905811416E266A263DDEFCDCB0B45376AAE51B551AB636C16577DB9F ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
    22:10:09.0697 0x11e4  isapnp - ok
    22:10:09.0703 0x11e4  [ C9FD02D62E09337B67B0C61EC8CA38CC, DC77E935ECC8474BE9018F0937CB11C137073582B20A0EE107CE247FD9E1F9C1 ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
    22:10:09.0714 0x11e4  iScsiPrt - ok
    22:10:09.0720 0x11e4  [ BF5D3A2624177C413680DEF19A465AF8, B9909D3E6CB6F9971293116387865AD15CB9D47513C7FAA9C36BE4D2847A41EB ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    22:10:09.0726 0x11e4  jhi_service - ok
    22:10:09.0730 0x11e4  [ 210808437570BDDEE71A43535E3A2D30, EF5DE6EE4FF58F44CDE4D4E7F298ABBC9086EC05CC3AE4903060DA878115AC1E ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
    22:10:09.0737 0x11e4  kbdclass - ok
    22:10:09.0740 0x11e4  [ 0B779E9FC426CA2268D28181FA6C222F, 83292023A688C3044D096F22242EB954B7F7511BE8341D45FF0AFBD9CB9BCB4E ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
    22:10:09.0757 0x11e4  kbdhid - ok
    22:10:09.0760 0x11e4  [ 813BA3EB2CE038F2A5382DDD75CAD60B, 99FA444027CAC247B54317730D54AB0C4C000AE076B97E47470FDA9834594312 ] kdnic           C:\WINDOWS\System32\drivers\kdnic.sys
    22:10:09.0769 0x11e4  kdnic - ok
    22:10:09.0773 0x11e4  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] KeyIso          C:\WINDOWS\system32\lsass.exe
    22:10:09.0780 0x11e4  KeyIso - ok
    22:10:09.0784 0x11e4  [ 705C0F8BCCEF6E7CB704CCB454192D7E, FC608C708E2C3BF7A66E57B95E19E71E5F5C87EF359D8BC1A817500B45DF9338 ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
    22:10:09.0794 0x11e4  KSecDD - ok
    22:10:09.0799 0x11e4  [ 55AD13E2BAFC5AB53A10F8C271F5D242, 058BEF14DCB95574BCAB985F04737BA89483937E8D8A74F7B4CEAFB7400C2397 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
    22:10:09.0808 0x11e4  KSecPkg - ok
    22:10:09.0810 0x11e4  [ 4ED115CD1A1099705F56B5E0FFF97CC6, 9CC49DF2CD6AAAE405BA661D13EFC1E05111D1DE3D1E50C39C425AF1F075610B ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
    22:10:09.0822 0x11e4  ksthunk - ok
    22:10:09.0830 0x11e4  [ 8125BDF7ADC261F75EF0CAD92456E350, 184797AA1D58C4FF743BA60D48590B88B781EE7779205E45E0679DEC79F3E185 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
    22:10:09.0847 0x11e4  KtmRm - ok
    22:10:09.0854 0x11e4  [ 8CCAB08815B50AD78B823DB3F96C8604, 265E6D582EB7207B5CC577D61CB7BC3646F613047F168CD69BB776C37780EBF5 ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
    22:10:09.0869 0x11e4  LanmanServer - ok
    22:10:09.0876 0x11e4  [ B581907FD94F1FF148BF695331F67612, 05D1FFA456557A291566D788B8DE2485552E361EC3C0F63EA1A710BE940A5398 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
    22:10:09.0894 0x11e4  LanmanWorkstation - ok
    22:10:09.0898 0x11e4  [ F8EBAA1FE6D3BF84752931DE1BFA0E2A, 2F3C512712BA709BBBBD779D9E792DBE324876C402CDCEF0345B8B7ABE1D232A ] lfsvc           C:\WINDOWS\System32\lfsvc.dll
    22:10:09.0907 0x11e4  lfsvc - ok
    22:10:09.0910 0x11e4  [ A6F294B38F3DFB67D6B6E1D1E60A402A, 11C51B35DB2A3510258F3B722C12326BF068360CFA1E81FF552BA0BD19DE38E8 ] LGBusEnum       C:\WINDOWS\system32\drivers\LGBusEnum.sys
    22:10:09.0915 0x11e4  LGBusEnum - ok
    22:10:09.0918 0x11e4  [ 2D7F1C02B94D6F0F3E10107E5EA8E141, 93B266F38C3C3EAAB475D81597ABBD7CC07943035068BB6FD670DBBE15DE0131 ] LGCoreTemp      C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys
    22:10:09.0922 0x11e4  LGCoreTemp - ok
    22:10:09.0925 0x11e4  [ 2A9F60E6531F42B31874618743037719, BFD61AD03ADEF69421ECB07820EDB79D425048EC01A65A0D1E8A4527699196DC ] LGJoyXlCore     C:\WINDOWS\system32\drivers\LGJoyXlCore.sys
    22:10:09.0930 0x11e4  LGJoyXlCore - ok
    22:10:09.0934 0x11e4  [ 94AF1384A67B9FCF5651E70BC9D4C526, 9C025F7BBB5BBE9DAF3DEF2F6385CE77C8F413912C4D16930814F6D19B62B367 ] LGSHidFilt      C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys
    22:10:09.0938 0x11e4  LGSHidFilt - ok
    22:10:09.0941 0x11e4  [ FA59A7421049F5852C1182345A4B8C4F, 6E7DFBF8382187E01CA0AE9CB7A175B563DA6807909A8A7E67779C045F290A06 ] LGVirHid        C:\WINDOWS\system32\drivers\LGVirHid.sys
    22:10:09.0946 0x11e4  LGVirHid - ok
    22:10:09.0949 0x11e4  [ 5A23E4BE0CCF49663C4CF7EB74C20278, 9DF91014B13B7CED1C3D409F90858FD03EFC5C4347C98901B4DF0AFF2B77845D ] LicenseManager  C:\WINDOWS\system32\LicenseManagerSvc.dll
    22:10:09.0977 0x11e4  LicenseManager - ok
    22:10:09.0980 0x11e4  [ 5933A6673F00D8255C52957E40C2D601, 0AA1281F8B3F97E360592D1B35EE7D3D614F1AB46007F9884CFFB1C5E647575E ] lltdio          C:\WINDOWS\system32\drivers\lltdio.sys
    22:10:09.0989 0x11e4  lltdio - ok
    22:10:09.0996 0x11e4  [ 88A3C935725FA6EA1A228DCC26CF9C6F, 9B1F70644EEFA1EE7CE151A8A970430087339B7A6345F2E0252370929D4AFAC6 ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
    22:10:10.0010 0x11e4  lltdsvc - ok
    22:10:10.0013 0x11e4  [ 3F858E28AEE6545FA1B64134DFD5C2CE, FFD7B4FB0A7B61BC6B76A172134673842F2CF00E96FA3ED4A8273DC525B6BB92 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
    22:10:10.0023 0x11e4  lmhosts - ok
    22:10:10.0030 0x11e4  [ 3EA307C51069BC72DD74A4964F2A30A9, EB8F9C936AE43B7E31CB6C46F76FB918509D529E897C0E82B865A2854458996A ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    22:10:10.0039 0x11e4  LMS - ok
    22:10:10.0044 0x11e4  [ 102E0AA783836F31D44212D2F2BCC0AB, 95E948EDD4EBC5ABB42481FD3A98BBE9797AAB1753AF88EAD213FC6526BDC58A ] LogiRegistryService C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
    22:10:10.0051 0x11e4  LogiRegistryService - ok
    22:10:10.0055 0x11e4  [ 8E1B0946948CCC0BC1FA3CB70374A795, 0B894C129A35E223FF9594725AC90916CBD597FAD2211A18FC2AE03EA8679597 ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
    22:10:10.0064 0x11e4  LSI_SAS - ok
    22:10:10.0068 0x11e4  [ 4F68163FC04C973500DC4DA0946917B0, DF060C29109EB3978CEDFE781999B0C4C1E8C0FDB133428058D8400C53315EEC ] LSI_SAS2i       C:\WINDOWS\system32\drivers\lsi_sas2i.sys
    22:10:10.0075 0x11e4  LSI_SAS2i - ok
    22:10:10.0079 0x11e4  [ E5AC5F2815938651CDCC27F425474673, 3AF0598982153C36A766506FA088F7B84333CC96FEBB050402547AFC613AF9F7 ] LSI_SAS3i       C:\WINDOWS\system32\drivers\lsi_sas3i.sys
    22:10:10.0087 0x11e4  LSI_SAS3i - ok
    22:10:10.0091 0x11e4  [ CCF6EC9FB9B8F18E05B4253E81013E48, EBE8D77FEE8B99BD8C29702404774D554673C96DF3FDF3DCEA9C99E22C2709FC ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
    22:10:10.0098 0x11e4  LSI_SSS - ok
    22:10:10.0110 0x11e4  [ 06276381A0797FD417E7068C1210FA06, 204144E9792216F952CED869ECB6B26FB466BF730B8A73FA4799B1EBC1A630AB ] LSM             C:\WINDOWS\System32\lsm.dll
    22:10:10.0135 0x11e4  LSM - ok
    22:10:10.0139 0x11e4  [ C9579D32219E5B936AC3A48D470117EC, E61A77191B6BA25D29B1221FEBBE826BBC11F825C0E35A72B4CEFFF8B7FE59A8 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
    22:10:10.0151 0x11e4  luafv - ok
    22:10:10.0158 0x11e4  [ A0A527569856B9814E8920F52EBB67F5, 4347277C84B47E4CC048850BDEFB258CFB3B476AA99FD503FD71FBB70FFF5ACF ] lvrs64          C:\WINDOWS\system32\DRIVERS\lvrs64.sys
    22:10:10.0167 0x11e4  lvrs64 - ok
    22:10:10.0243 0x11e4  [ 415E344294D1C0D04627B29146F68481, B4A1A05BDF07E8F226A98E51F62BE18BE2C046A084C495BD8A95CABC79FD0614 ] LVUVC64         C:\WINDOWS\system32\DRIVERS\lvuvc64.sys
    22:10:10.0310 0x11e4  LVUVC64 - ok
    22:10:10.0318 0x11e4  [ ED5B42D75F3DEE93040B3930DA9F3009, E919DA20E46FE1C81CB76090B799DD858DD4771DB0EBDE4545DB4681A0AFFE8E ] MapsBroker      C:\WINDOWS\System32\moshost.dll
    22:10:10.0338 0x11e4  MapsBroker - ok
    22:10:10.0341 0x11e4  [ C3CDCCF07486BD2616A7B82946E07AC0, 1EF95DAB2DA856BC7D7573B2EB2D9006DF337F827F0B56A161D0C97F45DB755E ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
    22:10:10.0348 0x11e4  megasas - ok
    22:10:10.0359 0x11e4  [ FADB2FE017E69EECE0E1BA78661C2E8C, BE99B49031D8B4B670B6F6B6E829E54406779CF6F1D8AFE8AB79A73E6764AB2F ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
    22:10:10.0375 0x11e4  megasr - ok
    22:10:10.0380 0x11e4  [ 84178491109A97D0A0CFF0840A644CD9, B822A9F7C9623764430435DBCE1380386D0A0D9784779DDD3A7A2E59FC29AFF6 ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
    22:10:10.0403 0x11e4  MEIx64 - ok
    22:10:10.0424 0x11e4  [ 55A417C3E41F2A98666CF929EC19108E, A38C262B2863C87E4151525BF26D6AC16E7982D370E2C6998EB15C88C4BC8254 ] MessagingService C:\WINDOWS\System32\MessagingService.dll
    22:10:10.0433 0x11e4  MessagingService - ok
    22:10:10.0448 0x11e4  [ FD60818B66B2E8A5415EA840E99A9D8F, 5D2F22909354534B821D958FBEF6A40EB4F642F53C7B509D00949096EF716F36 ] mlx4_bus        C:\WINDOWS\System32\drivers\mlx4_bus.sys
    22:10:10.0471 0x11e4  mlx4_bus - ok
    22:10:10.0476 0x11e4  [ 68F6977F1CFBAAC770D940A8C0326FA1, 90EE1E7DAC680EAA5AD50E9B0B9FD8FCE8DD6A02D5EF941B5AA5084CBD40BB80 ] MMCSS           C:\WINDOWS\system32\drivers\mmcss.sys
    22:10:10.0485 0x11e4  MMCSS - ok
    22:10:10.0488 0x11e4  [ D842ADDB5911945D51F61A0B1C8F36E3, 5EB93A1FD2D2D9FAB6121356E1AB18F2ADE9550D3033274AF7CA8F7FD51E59ED ] Modem           C:\WINDOWS\system32\drivers\modem.sys
    22:10:10.0496 0x11e4  Modem - ok
    22:10:10.0499 0x11e4  [ 9CCCB7FC3EDADEBA461D78615A6011A6, C120B58F25E8CCFD971EB78645C0682F367AD56DC15F2D8C1980CE75B04719DF ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
    22:10:10.0508 0x11e4  monitor - ok
    22:10:10.0511 0x11e4  [ 27A07B2FB2E3057DA8DAEA4F25D843C7, 09D2B39E6B9AAEC879E5871DD6BCFF2AEF0B894F3B44649665A685F8B3CA6F27 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
    22:10:10.0518 0x11e4  mouclass - ok
    22:10:10.0522 0x11e4  [ 7BD6E7F7C9001AB21B8362CFFEE80B25, C470C3363EEF3A60409A5934988BFB9B72AE7C2BB63CC2C2D006D7EB1C797F6A ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
    22:10:10.0537 0x11e4  mouhid - ok
    22:10:10.0541 0x11e4  [ F5BDAEE4B7D369D4C74668DCFBA3FF10, 100F39288E56AFE0D39D1CC235BDC9F3727C873CD3114E092DA7A08810BD3EB2 ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
    22:10:10.0549 0x11e4  mountmgr - ok
    22:10:10.0552 0x11e4  [ 30844BD376F9D01E62C820BEF446F1F8, 910D672EDB544A20AEB4450B4D89830F46EDD28CE0021156176315C5D068A1B4 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
    22:10:10.0562 0x11e4  mpsdrv - ok
    22:10:10.0576 0x11e4  [ 779CFDB17EA07A6D26FEBBAC95B65772, 74D9542E8DCCD07396A45A45D2F500AA6F9DCC1DB785A6153EB3067E42F576A4 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
    22:10:10.0604 0x11e4  MpsSvc - ok
    22:10:10.0609 0x11e4  [ 50C2389CD04C5B8632E3DC2D733EF15D, 0F83A8A5F405BC6F401B5A75D45F6D07C61C0CA692D2A77C63E742622F5BF921 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
    22:10:10.0622 0x11e4  MRxDAV - ok
    22:10:10.0631 0x11e4  [ E671EDAB0726E05ECEF4058B4CD73C4D, 9F4C50E635CE2204E3291C8D3D7F658A969E80722B8B6F0304228D9B434C20EA ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    22:10:10.0644 0x11e4  mrxsmb - ok
    22:10:10.0650 0x11e4  [ 200E4A385F5F370D8866BAE25B0D9D32, 114AD45000A0C74EAE26C3075BBFEF80B9386C69D58CE4436CAFCF13613EAEFA ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
    22:10:10.0674 0x11e4  mrxsmb10 - ok
    22:10:10.0680 0x11e4  [ F7C22604CD8AFB9AF1C1E3CE39A5A09F, 3F7B39336F8A72525C667D45C9300CA6D017BDE17A6E23EF794BA59D2F3C78F3 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
    22:10:10.0690 0x11e4  mrxsmb20 - ok
    22:10:10.0694 0x11e4  [ 74C9D21523DAE0C18F413C196DF0058A, 3DB4B8CA368D9DD82FAE2C2BC828A21142C8D29780A7C8667188C447519FF702 ] MsBridge        C:\WINDOWS\system32\drivers\bridge.sys
    22:10:10.0705 0x11e4  MsBridge - ok
    22:10:10.0710 0x11e4  [ 308F08347923DEEDE7BC03EC7D485841, 72DB45CA11FE635DF9F8273C38CBEFB8DF5362ADA0CBF6D2B1E570365DC700C0 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
    22:10:10.0721 0x11e4  MSDTC - ok
    22:10:10.0726 0x11e4  [ F01B849D9D4A8CEAF32D4FDBD0B83C92, D2473AC4C6E6C03DEF13EA73EC78FB878BDC95C047651BF79A16C9DEA82AD046 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
    22:10:10.0735 0x11e4  Msfs - ok
    22:10:10.0739 0x11e4  [ 22ECD8F5D1DFADF2011BBB1700CB871D, 8F9EFF51137394EFA5471B8A29C541710063B65806B075B4925A84D5B6BC3BBB ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
    22:10:10.0746 0x11e4  msgpiowin32 - ok
    22:10:10.0748 0x11e4  [ FD870F6968A145E4D2BA8A8842686B03, 34B8F601F3B5E42B4D0A41E2AF7DB4EB4E5B627DA8DA9A2A2D46B153AF23AEB1 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
    22:10:10.0757 0x11e4  mshidkmdf - ok
    22:10:10.0759 0x11e4  [ 30364757963A028CE5DF0FBAAC270173, C72588A6A52FF8E418A15D2C407A4DB7EA768585423720145F8253D5CA519DC2 ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
    22:10:10.0767 0x11e4  mshidumdf - ok
    22:10:10.0769 0x11e4  [ 6BB0FEDDAE7135FA37FFAFF4D9E0E876, B41A3C0FFDFC493D6325ED493445AFCED04EC9DFF2B38125616FC5419AD1ACC4 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
    22:10:10.0776 0x11e4  msisadrv - ok
    22:10:10.0781 0x11e4  [ 07E3E54734B14F43A4A95A849C0A0DE2, 314AA02EA84D267B32DBAEBEA6C1AC1A266DED1E8D35A17B41D1D2AC75E8049E ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
    22:10:10.0792 0x11e4  MSiSCSI - ok
    22:10:10.0795 0x11e4  msiserver - ok
    22:10:10.0798 0x11e4  [ 13D614E6B51ECF36746C48CE829FA7F6, CAD63C0A4F7110093F84C58252C5803F14E3FC46584B79DA17EC86D49FEAEA64 ] MSKSSRV         C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys
    22:10:10.0810 0x11e4  MSKSSRV - ok
    22:10:10.0813 0x11e4  [ 642CDE46351D5D2D90311E77072AB46D, B2D3033E607BA2F6E6B9CFB1CBF154CD0CE910EA473C56343EC81B9B94044CCA ] MsLldp          C:\WINDOWS\system32\drivers\mslldp.sys
    22:10:10.0823 0x11e4  MsLldp - ok
    22:10:10.0825 0x11e4  [ F2302A5CE63CA7673200FAFCEEEDB6AF, B8C44FC2DC0332183DE325CDBF511101F3307225295EDD428CE575A8DE15C223 ] MSPCLOCK        C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys
    22:10:10.0837 0x11e4  MSPCLOCK - ok
    22:10:10.0839 0x11e4  [ 6114512EA26E835BA522C63635429DB5, 0F91CE41B4555316A79AEF3047C152D538CC9C7C329987C9FD0E3D961AFC87C8 ] MSPQM           C:\WINDOWS\system32\DRIVERS\MSPQM.sys
    22:10:10.0851 0x11e4  MSPQM - ok
    22:10:10.0858 0x11e4  [ AA538E16E644D00E3BA5349BBA9598EC, 64A68B06883FE7ED34E04AB119BA819753F1222923EDD4E802C35D402B89D075 ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
    22:10:10.0870 0x11e4  MsRPC - ok
    22:10:10.0875 0x11e4  [ 0543BEFD41EC4D25C7F7CF36409CEC7D, 631622CFEC49952C0470531B23FFFFF483DC0EFFEF7A97B1179A600392C05DDD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
    22:10:10.0881 0x11e4  mssmbios - ok
    22:10:10.0883 0x11e4  [ C1569E4DB8EFE3617847BF041A3C842F, 99ADE5E7F50E04CAEC737F7F90741CCA8EE628996BA5EB6C6BC62184884429B6 ] MSTEE           C:\WINDOWS\system32\DRIVERS\MSTEE.sys
    22:10:10.0895 0x11e4  MSTEE - ok
    22:10:10.0898 0x11e4  [ 130B16970154BA9876B09E5C4BAC63BE, BE3AF8FC5A26AB9C9DBA9C015C2E1FD3C4CD9CB423A2BBDABA91428BF8620553 ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
    22:10:10.0906 0x11e4  MTConfig - ok
    22:10:10.0911 0x11e4  [ 15D987C8F6CCD4AC94E070C5986762CB, 452FB0C48B86C7F8F53794CC2DDBF2B900B03A0383B2DE8F6A830F8CB0AFBAD8 ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
    22:10:10.0927 0x11e4  Mup - ok
    22:10:10.0930 0x11e4  [ 3D2C5B4995CA0751D32DEA0DE9FDFE44, A26958785FD9E05E2CA97078C9BB277CD44222BF5F7D9E8DC2F3F6AAAFFC6483 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
    22:10:10.0937 0x11e4  mvumis - ok
    22:10:10.0948 0x11e4  [ DB31EBB04C871F422C36A0962DA7D38B, B1BC2344744F537FB2C7D07B415F860195B7795E185253F05C0817A3764FEC10 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
    22:10:10.0971 0x11e4  NativeWifiP - ok
    22:10:10.0975 0x11e4  [ C3D9870E680D9D843B18F4626C3858FE, 43596CAC9FB488F810FBA954C52BC4D13F7D32028C40ACFE33DFD7EE36A65C17 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
    22:10:10.0988 0x11e4  NcaSvc - ok
    22:10:10.0995 0x11e4  [ 04CE2C0F0759EACD886BA4B658B60D5D, E34D0976FC5936C8629800D826DB127072D1DFC3D350EFACA3AA1B8119551762 ] NcbService      C:\WINDOWS\System32\ncbservice.dll
    22:10:11.0011 0x11e4  NcbService - ok
    22:10:11.0015 0x11e4  [ E6094065008FE423377294050E7CEA2D, 86E200227256407530E2C28243DEFBC3CB6E9497644404D9AD79DA242286DF7B ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
    22:10:11.0033 0x11e4  NcdAutoSetup - ok
    22:10:11.0037 0x11e4  [ 629CB21AC49C8867E0F29DF1C16DB7B4, 20663E68C69D0A1A2FE99A0C2A9DEFABF49786A1DC8F7F4E1699458AF57D7E79 ] ndfltr          C:\WINDOWS\System32\drivers\ndfltr.sys
    22:10:11.0045 0x11e4  ndfltr - ok
    22:10:11.0063 0x11e4  [ C1294D97AAD475701EB35DF8422D6E15, 5183C051D01D090CCA73BF0C0D40CC2F1A0E0CE58ED6C2F7C3B826808F6822E0 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
    22:10:11.0090 0x11e4  NDIS - ok
    22:10:11.0094 0x11e4  [ 6DD605338FAAF6BA17662AA874E0D162, 636607829F5D7C3B7A4683C0A2DD594360D72F2AA3F8710153BE32575AE34A15 ] NdisCap         C:\WINDOWS\system32\drivers\ndiscap.sys
    22:10:11.0103 0x11e4  NdisCap - ok
    22:10:11.0108 0x11e4  [ E34196F285F8B8879E1FF36C31F7179E, 77A4F24F995D4C0689C43F9956E08DCEC62517E4F8B1B9EAA1852B5293DB5B9A ] NdisImPlatform  C:\WINDOWS\system32\drivers\NdisImPlatform.sys
    22:10:11.0121 0x11e4  NdisImPlatform - ok
    22:10:11.0124 0x11e4  [ 1FAD2398673F30CEC616B89C46B7DCBA, 70302049E6AE2BC6B3A7A9DE54D3F940AD6A9771CC2EBCCEC65994E67A25ECB5 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    22:10:11.0135 0x11e4  NdisTapi - ok
    22:10:11.0138 0x11e4  [ AEB8ECBE66CC46854066CB1F5623E179, 2F650A85A9DAE38887610C0B876621035616CEDB65D4BBBD7F1405616D218AAF ] Ndisuio         C:\WINDOWS\system32\drivers\ndisuio.sys
    22:10:11.0147 0x11e4  Ndisuio - ok
    22:10:11.0150 0x11e4  [ 7340104C2BF2F126714F7CDE85E63610, 45B64EC6F3A4C43F7D74806789067658C6EF0D44D36B841F4D26E1EBC95AF66C ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
    22:10:11.0158 0x11e4  NdisVirtualBus - ok
    22:10:11.0163 0x11e4  [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] NdisWan         C:\WINDOWS\System32\drivers\ndiswan.sys
    22:10:11.0179 0x11e4  NdisWan - ok
    22:10:11.0183 0x11e4  [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] ndiswanlegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    22:10:11.0198 0x11e4  ndiswanlegacy - ok
    22:10:11.0201 0x11e4  [ 78A12E3DF035B5D054986949B19BE43C, AD9B34F89B9F27D473BD5FCE6694A40FCCB808B61ABEDD6F70F1AF6C7E73ABF8 ] ndproxy         C:\WINDOWS\system32\DRIVERS\NDProxy.sys
    22:10:11.0214 0x11e4  ndproxy - ok
    22:10:11.0217 0x11e4  [ 04C8859355C1DC9C0FA198D1894D71C2, E7C67E73009341B5D402470C686781B3C7BBE2531CE26665E08E711B990B1A77 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
    22:10:11.0231 0x11e4  Ndu - ok
    22:10:11.0235 0x11e4  [ 6C76780A01FC2B885BD6E957B5C36B02, DB7834F03A765F65C773E772D8051AFADB22CA4B5074180AA397857A0C47A068 ] NetAdapterCx    C:\WINDOWS\system32\drivers\NetAdapterCx.sys
    22:10:11.0245 0x11e4  NetAdapterCx - ok
    22:10:11.0248 0x11e4  [ 5D1513BD6430307C9DB86C6E351372ED, D2AB709CF7CFA5B857B084AFC821914A975B7DDDCE154229981F19448973BD6D ] NetBIOS         C:\WINDOWS\system32\drivers\netbios.sys
    22:10:11.0255 0x11e4  NetBIOS - ok
    22:10:11.0262 0x11e4  [ 6FEBB0A847FFD5F057B9AC8889F1B9A7, 558BCC64C59079E6569F61CCE1219A124B3313FC4E6CB5CBCC94124D202FF19D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
    22:10:11.0276 0x11e4  NetBT - ok
    22:10:11.0279 0x11e4  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] Netlogon        C:\WINDOWS\system32\lsass.exe
    22:10:11.0287 0x11e4  Netlogon - ok
    22:10:11.0294 0x11e4  [ D3BF2DA9216A4CF22A97820A50A67EFF, D00CBE0A7ECFB449D9B48967A01EE56141404EBE229893D5A1710781AD5F2551 ] Netman          C:\WINDOWS\System32\netman.dll
    22:10:11.0309 0x11e4  Netman - ok
    22:10:11.0318 0x11e4  [ F2645D51DD8AABC8BC72358409410437, 8CB97628923D6CEA6EFAD7E666BE92C154060BD108C28D46287A520A14B18ADA ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
    22:10:11.0338 0x11e4  netprofm - ok
    22:10:11.0345 0x11e4  [ 724EA060EF56BAB4DED8F731FA56279B, E07FFE11D7B5C94D6B56940C6423ACB85910F6E8789E788EC91EEEE1C02B247F ] NetSetupSvc     C:\WINDOWS\System32\NetSetupSvc.dll
    22:10:11.0358 0x11e4  NetSetupSvc - ok
    22:10:11.0364 0x11e4  [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:10:11.0373 0x11e4  NetTcpPortSharing - ok
    22:10:11.0381 0x11e4  [ B996DE26A2E16053C9485F5905B05320, 30EB2CEB466A4F05A44F7CBFCDFD8CC3C27B5FCF1269C1B9410C48AB362D2A75 ] NgcCtnrSvc      C:\WINDOWS\System32\NgcCtnrSvc.dll
    22:10:11.0398 0x11e4  NgcCtnrSvc - ok
    22:10:11.0413 0x11e4  [ A5A60483329D5A48A795DD614DE67585, 6C9CF49D4C38D458A17F314146C721B7896C5FF0A0FF9599A59606D1CC723194 ] NgcSvc          C:\WINDOWS\system32\ngcsvc.dll
    22:10:11.0445 0x11e4  NgcSvc - ok
    22:10:11.0453 0x11e4  [ 0B5083278F195C26FE9E0140AEAEDCBE, B4D505963D5EBA14EC80E6D0BB8B862D96D1D1C3A57F4744AEBA3FF4BFB1997A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
    22:10:11.0471 0x11e4  NlaSvc - ok
    22:10:11.0475 0x11e4  [ 9265FFCA085272EE0D30D2D4A3C1AF6F, 47DABD13409F96AA0201EACB573EA59F8E0366EB4494ADF25722980D92D0E8A6 ] nldrv           C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys
    22:10:11.0493 0x11e4  nldrv - ok
    22:10:11.0499 0x11e4  [ 0455298B81CB7F10AFB5D372F3BDA3C7, 9B1C400C2C85FAFA3C20B6111AC9D1B224BEA09CA6F888F8C8B12AA9620A4AB2 ] nlsvc           C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
    22:10:11.0524 0x11e4  nlsvc - ok
    22:10:11.0528 0x11e4  [ 001CBD7A2CD45C4EB39C01C3C677EF73, F4AAF4D60DB1232921C7811A62287B55C7C098B7A1FF9A40D88AF58A5ABECBA2 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
    22:10:11.0536 0x11e4  Npfs - ok
    22:10:11.0539 0x11e4  [ 90F5DC9802AAA00CD0B6E2AD9E7FFADC, 71C0777829299DECA6ACD42F38802DBE3C29A42CFBD8A396F39DFA44D1F55B6C ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
    22:10:11.0548 0x11e4  npsvctrig - ok
    22:10:11.0551 0x11e4  [ 1993C85962692EF7024501E7FE92D466, F5BCAA8308495EBF8BB061C2015E07C202A779668D171364D7E312975BC18B10 ] nsi             C:\WINDOWS\system32\nsisvc.dll
    22:10:11.0560 0x11e4  nsi - ok
    22:10:11.0563 0x11e4  [ 0C6218321A09A7B51BA7FFAFBA4CCB21, 330B3FA793A78410B28DFC8250BBF24442E3BB80434A7938BB96F02337614E0D ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
    22:10:11.0571 0x11e4  nsiproxy - ok
    22:10:11.0604 0x11e4  [ 5DD8CB01C0394F8D052763D2E3C6E684, BF58C1586A2402576B91D7F862861974F7BDB38704E88F4974FF3F1D1B481386 ] NTFS            C:\WINDOWS\system32\drivers\NTFS.sys
    22:10:11.0649 0x11e4  NTFS - ok
    22:10:11.0653 0x11e4  [ 6E6DD6F9DD2A034CF85E94047DBDB992, 63D0A0756F551B7668D1CBAB24B29FD462C706E8A81690BC248D6C92061FE215 ] Null            C:\WINDOWS\system32\drivers\Null.sys
    22:10:11.0661 0x11e4  Null - ok
    22:10:11.0663 0x11e4  NVHDA - ok
    22:10:11.0861 0x11e4  [ E65D6A80252ED289A1E381FE10C8CE3B, 9A71250A42ACE14A0E14F27A519A09114F9061AC05F57A732EED1CE8A7E196DC ] nvlddmkm        C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b07608b795ac4102\nvlddmkm.sys
    22:10:12.0054 0x11e4  nvlddmkm - ok
    22:10:12.0094 0x11e4  [ A6102293847A7A2DF01E7BF7AC1C1F12, 14E4E75711C00DA826136FB531E9AD53787502F441103386C5CD37EEFCE27AFC ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    22:10:12.0123 0x11e4  NvNetworkService - ok
    22:10:12.0130 0x11e4  [ D261DF41F0840F734856A2B4F5E072C7, 2E703556D0C919375D0B7770513456844B13362190643D5524663EC8546E0FF5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
    22:10:12.0139 0x11e4  nvraid - ok
    22:10:12.0144 0x11e4  [ 23B702B555EB0436B9DAA0BC63DA65CE, D454F80D9657CFEC852F022C12D7B2C1A2D7D247ECC591EDB07B9369DFD8C99E ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
    22:10:12.0154 0x11e4  nvstor - ok
    22:10:12.0157 0x11e4  [ 99D42078C9596A20A7B3419159265A25, E9F5380E6597C79B26B2CBAAC534F31C5027F32AAA0FD5876CF7E9BB6658F30C ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
    22:10:12.0162 0x11e4  NvStreamKms - ok
    22:10:12.0211 0x11e4  [ E6A64322EB213AEACBB61584AA6FB032, FA91C89B81DD7F3EC22DF71FFC3A506AD40AE76EC91F1115CCAB6ED39431369D ] NvStreamNetworkSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    22:10:12.0264 0x11e4  NvStreamNetworkSvc - ok
    22:10:12.0304 0x11e4  [ A8213BF32D2E75ADD362E118AD164749, 6F35210ED11088FE64F13DD63053FFDA4628A5F6397DA33A345970962AB83499 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    22:10:12.0342 0x11e4  NvStreamSvc - ok
    22:10:12.0366 0x11e4  [ 1D97F4D3B6D1F64E6419317EF0DA5768, B06D07D5757BF0760EAC2F2DF6FA3E841FF20C25E21D28E76DFB16187A385A46 ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
    22:10:12.0391 0x11e4  nvsvc - ok
    22:10:12.0395 0x11e4  [ F37FE6B15A987AEEC08EEF531F2FAED7, CC768E7DE80C7A8CB2392F9BC528212B8A3A35A30A222ED0B0B959051E6F8065 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
    22:10:12.0400 0x11e4  nvvad_WaveExtensible - ok
    22:10:12.0407 0x11e4  [ 17997DC2441F7E29CDFC6458E0392764, 636CCE2DA1EF8195B33F8D6D5C8CC151D58EBF08DC9AD8ACCCE7ABD41A69639F ] OneSyncSvc      C:\WINDOWS\System32\APHostService.dll
    22:10:12.0424 0x11e4  OneSyncSvc - ok
    22:10:12.0459 0x11e4  [ 94F4247BB74CE835705EE4013118181A, 7412CFEBFAD1EBB39B91F2C42E4DD560EDF0B1CE0FA05D9506B16BE7CDD51BD2 ] OverwolfUpdater C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
    22:10:12.0483 0x11e4  OverwolfUpdater - ok
    22:10:12.0491 0x11e4  [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
    22:10:12.0508 0x11e4  p2pimsvc - ok
    22:10:12.0516 0x11e4  [ 2BBCED66D7AFC968BDBB0E4D8524DF0A, 762D916390F9DE69B3EA1D31244224F910645F8E5CEF4C505B76B215BFDFCD9A ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
    22:10:12.0534 0x11e4  p2psvc - ok
    22:10:12.0538 0x11e4  [ 6B81BF7853D161DB8AC62CD8B9C2DE6B, B2DC06D135FD2501217DDA7349556EB873309E02188D4C3901807BA24FAB30C7 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
    22:10:12.0549 0x11e4  Parport - ok
    22:10:12.0554 0x11e4  [ 9DB326B54C03EF2892E7551D8B354036, 64CD77E8A4425E80CFB61DEE33C1A677A4044C6FC0614D74B20BDDD7C5D5334D ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
    22:10:12.0562 0x11e4  partmgr - ok
    22:10:12.0571 0x11e4  [ CE515B2C6E2EA50053A8862398646B38, C85D370E5250AFCF44796CE274B5A100C6829DC28BF1D4C6991EF61DE46FD10A ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
    22:10:12.0586 0x11e4  PcaSvc - ok
    22:10:12.0593 0x11e4  [ D723D2C98598B0DF5832427740B2825D, C2B26A1F4FA2B43D842954403F134908D77892FF4BF7F320D692E685846D5C97 ] pci             C:\WINDOWS\system32\drivers\pci.sys
    22:10:12.0605 0x11e4  pci - ok
    22:10:12.0608 0x11e4  [ 214DCC87E3898F738075D1341252A552, E721FBBC3510DDB848A8CAEA3B6031EE988F42252DBC3BF7BDB6ABD9A0D9FABD ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
    22:10:12.0614 0x11e4  pciide - ok
    22:10:12.0618 0x11e4  [ AED76A3333B3A31536E430020E0226FC, EC255B79B0908E3C142D92E35B79D90A3F2594BA012CA2B1B04A6A8745153430 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
    22:10:12.0626 0x11e4  pcmcia - ok
    22:10:12.0630 0x11e4  [ E63FB38B6E75B39467492FBAD2CD512A, DB406C92BA2460C833A49B98EB5BD58348E868F643A0123B0C9B5315FFC6A124 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
    22:10:12.0636 0x11e4  pcw - ok
    22:10:12.0641 0x11e4  [ 9EA203A07EFA6D74F07F32EF0DAB5CA6, D851F1CC748B4CD0E263931668FFF2FE20D5778267F4FF2237D565CFC171B5AF ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
    22:10:12.0648 0x11e4  pdc - ok
    22:10:12.0661 0x11e4  [ 1509A77F840AA9E72CF8247D0CF2FBDE, 2D47AD4D8F5C2D871E603FB6D72D25EFD0E63FA3A542DAADAB9D82ED074C0E0B ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
    22:10:12.0688 0x11e4  PEAUTH - ok
    22:10:12.0692 0x11e4  [ 540116170E2135FCD5DDE77702166B67, CBEC51C2D47532F1781B3255040F303263420B204C2F8BB2B5D1EC342F57B285 ] percsas2i       C:\WINDOWS\system32\drivers\percsas2i.sys
    22:10:12.0699 0x11e4  percsas2i - ok
    22:10:12.0703 0x11e4  [ 8356F87553BF49C703CF382033815898, 245EB941566D848F134629690BF271B1CBEAB6440771D3D8D7AED3756835354E ] percsas3i       C:\WINDOWS\system32\drivers\percsas3i.sys
    22:10:12.0710 0x11e4  percsas3i - ok
    22:10:12.0723 0x11e4  [ CB5343FF52A702A9ACFAAE6BE972FE09, EAA5362D91D05D382DF4EBBAA3FD575456F23CAD531CC6F1270F8254892DBF02 ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
    22:10:12.0737 0x11e4  PerfHost - ok
    22:10:12.0753 0x11e4  [ D0D57322ABC7473E54472D8374169CC5, BD14A13D6908C8669E56EF9401FD8A3D7C618E8B6556B36E634864E733BCA4B2 ] PhoneSvc        C:\WINDOWS\System32\PhoneService.dll
    22:10:12.0790 0x11e4  PhoneSvc - ok
    22:10:12.0796 0x11e4  [ B4AB2C0177715FFAED88A1223212043A, 1920792ADC78DD51EF98B6A9634D686EAED0848FB7EF74A0DCD3AEBA5AF41EC6 ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
    22:10:12.0812 0x11e4  PimIndexMaintenanceSvc - ok
    22:10:12.0835 0x11e4  [ F931F21E4287FE3ECCF09B54A232BBA2, CEB7AB3236E5F30214027092B7B695ED35F7A1E007DF4046797D1E4DFEF49EC8 ] pla             C:\WINDOWS\system32\pla.dll
    22:10:12.0877 0x11e4  pla - ok
    22:10:12.0883 0x11e4  [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
    22:10:12.0897 0x11e4  PlugPlay - ok
    22:10:12.0900 0x11e4  [ 56D7A89423325121C4A9BD5C326414F3, 649048C23D1973C3504E26B35362AC99DFE9BF31FFE73F45B43306A212AEA34C ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
    22:10:12.0909 0x11e4  PNRPAutoReg - ok
    22:10:12.0917 0x11e4  [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
    22:10:12.0932 0x11e4  PNRPsvc - ok
    22:10:12.0940 0x11e4  [ F70CAC34B455D05EAA04B2F8FB58E1CB, 295BFFB3DA03C5CE5462C11D3240024B68AC06E8DEA9062A739BE2CCEE19EB5D ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
    22:10:12.0957 0x11e4  PolicyAgent - ok
    22:10:12.0962 0x11e4  [ 60C8376B48BA96F07AEA536527433D44, EB988C119C3E71169B91ED2A744C71933DD35447DC4A8249E80EC24E9E7077D4 ] Power           C:\WINDOWS\system32\umpo.dll
    22:10:12.0973 0x11e4  Power - ok
    22:10:12.0977 0x11e4  [ 5645B9D9788CCA2C88B9534996ED2D6D, 4988942DF163DB5B9B1A08CE6B628D2C47C2E2EAA30AEAE4EFE21C8CF4C8DC5D ] PptpMiniport    C:\WINDOWS\System32\drivers\raspptp.sys
    22:10:12.0992 0x11e4  PptpMiniport - ok
    22:10:13.0040 0x11e4  [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
    22:10:13.0127 0x11e4  PrintNotify - ok
    22:10:13.0133 0x11e4  [ 372913E12677A8CBBBABDD8311894F9D, A5233D95A0D22D2A9DB214E7CB79A99D389B67189FF6A87D0AD4610A333A637F ] Processor       C:\WINDOWS\System32\drivers\processr.sys
    22:10:13.0144 0x11e4  Processor - ok
    22:10:13.0151 0x11e4  [ 1F115AF75EFBAC28479B4F94A3F8D4A3, BE8D8C50D985F6AF9DDC0F13BDBE2D55D600E1F5E344982536538B14EC484AA6 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
    22:10:13.0171 0x11e4  ProfSvc - ok
    22:10:13.0176 0x11e4  [ FC98407B85A31161851FDE245517574F, 2CCD706CF243934FCDA32B24CE0C385EA2E67F206E0306FA584496F583A20CD1 ] Psched          C:\WINDOWS\system32\drivers\pacer.sys
    22:10:13.0184 0x11e4  Psched - ok
    22:10:13.0191 0x11e4  [ 7A68710BAC9B6809314B86C0CB1CBC4A, C02D97993D1F6FE6EFBA5B1366B3A4FE8CE1136A95F3A2DA07BA59554C163501 ] QWAVE           C:\WINDOWS\system32\qwave.dll
    22:10:13.0206 0x11e4  QWAVE - ok
    22:10:13.0209 0x11e4  [ 819602BBBFDB0BD46DEA3715BF0DD452, D4007FF1E5296316B53436CA3598D6B1CF4F60AB77D5B02F3E595081EDD5D879 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
    22:10:13.0218 0x11e4  QWAVEdrv - ok
    22:10:13.0220 0x11e4  [ CDF47037A0939F56D11F699629C276AD, A63F2A3FE80FB8084E3870E907505694B79EE1D9E56E292C01D481FEFD2534B0 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
    22:10:13.0228 0x11e4  RasAcd - ok
    22:10:13.0232 0x11e4  [ 28C2EA278070EE12701D0EDF8CB0EC36, F10288C1C6835840026DB30285345EF892DE989F43C948E7F4760B8895FF675F ] RasAgileVpn     C:\WINDOWS\System32\drivers\AgileVpn.sys
    22:10:13.0245 0x11e4  RasAgileVpn - ok
    22:10:13.0249 0x11e4  [ 7B82197BF35CC3BE59AEF8B706AB8A16, AB0216164A548A48CD21F5F035E57E867584A96890B9887EC08F8DABDD89F990 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
    22:10:13.0260 0x11e4  RasAuto - ok
    22:10:13.0264 0x11e4  [ 17E565710172ED71B8531D8822E1C5D1, 0CA39ABD9E544DDAD9D9D7D1FC50444274C31E18F9BF73069051D9F62833698F ] Rasl2tp         C:\WINDOWS\System32\drivers\rasl2tp.sys
    22:10:13.0279 0x11e4  Rasl2tp - ok
    22:10:13.0290 0x11e4  [ 3C0A10FFC3CB95D249CA64D62BC912EF, 8A75398EF3FF4BBE822031B3D1C63BFC75ABE11AB35BC0451DFF3B1D56477D97 ] RasMan          C:\WINDOWS\System32\rasmans.dll
    22:10:13.0316 0x11e4  RasMan - ok
    22:10:13.0320 0x11e4  [ 9387DF155233D45D4E010F4F2FB52A57, CABC25DA4E512809AED0085767BDD94BF3C1DA792BFF8A009B5465D9110E7060 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    22:10:13.0330 0x11e4  RasPppoe - ok
    22:10:13.0333 0x11e4  [ F0F4EEDEEBEE7A4244FAFB96A16B5712, F64717E601BD5EB674003009507B8CDD6F69F00E8670D6895EC64786166A0E8D ] RasSstp         C:\WINDOWS\System32\drivers\rassstp.sys
    22:10:13.0346 0x11e4  RasSstp - ok
    22:10:13.0354 0x11e4  [ EDAF0E161BE98CCC4FC9671481600745, 50DB73C341086E346F6EF57E40A7C3A8F6279E5EBB53A67F9B71B7877EB75734 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
    22:10:13.0367 0x11e4  rdbss - ok
    22:10:13.0376 0x11e4  [ 79A415E6FA915EFC00297DAB16EC2635, 47BB49F6D756214193D38A4AB182B541AAC180381C3111FF7F9B0AD4C44D8733 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
    22:10:13.0436 0x11e4  rdpbus - ok
    22:10:13.0441 0x11e4  [ 7135785C21CA79D270D11037C43D3F19, 654A3C65CF891ED8C82A740D10CF607FC7D709185E664DE03288CEB5B25F03A6 ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
    22:10:13.0453 0x11e4  RDPDR - ok
    22:10:13.0458 0x11e4  [ 97A61A3CB2B5CB4FC32B3224EF333448, E4F2E8BCEE3639BE57BBC8A8E67FDE42C3A5158F1204684B0ECD216F4AA044A3 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
    22:10:13.0465 0x11e4  RdpVideoMiniport - ok
    22:10:13.0471 0x11e4  [ 69BB204AE07EE84ECFAB1BF13C4BD04B, 1CA832CBF4AE4821EEA2A19F9519C2D1D00406B8CCE2A86FE3B33A5F293DB218 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
    22:10:13.0483 0x11e4  rdyboost - ok
    22:10:13.0499 0x11e4  [ 940D6F5A2B0A61EE4170DF84F6C95C20, F8EE846DC8015EDFE7CB5BEEDC977EAA9C586BAC2216DE69D8ECCBDBC7408649 ] ReFSv1          C:\WINDOWS\system32\drivers\ReFSv1.sys
    22:10:13.0521 0x11e4  ReFSv1 - ok
    22:10:13.0531 0x11e4  [ 13F6B64235C60167052364BF7D99E4CA, BC12EE00775F7456FB922FBD684BF3F0CFABA5BEBB6E162C23B41DED5C20A978 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
    22:10:13.0553 0x11e4  RemoteAccess - ok
    22:10:13.0558 0x11e4  [ 3183B161B1F05333F6C325577FEF3596, D6A89B2A021377B6F371E5B9EFC36FF018822B28F0ED41F8CD2F00C5C8605707 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
    22:10:13.0573 0x11e4  RemoteRegistry - ok
    22:10:13.0584 0x11e4  [ FA62C4E1D753B489832DD0A7033665EE, BB0B59ABC79CEFA949632179239D711944C29E93EBCE60E629DE75AF2C3268B2 ] RetailDemo      C:\WINDOWS\system32\RDXService.dll
    22:10:13.0610 0x11e4  RetailDemo - ok
    22:10:13.0615 0x11e4  [ E82F3B1918C6A5FE6EB761CDF1E772AF, 0C993FCB7BFD6E01B70A1821E0DEAFA2CB241AF8C2E6D4CC120F59C1B5F6FF5F ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
    22:10:13.0627 0x11e4  RFCOMM - ok
    22:10:13.0632 0x11e4  [ 5DAA644F17780FC4E3F4820A46D38FEC, 32C27FFA0A4608B164F4E709CD0D998AB73CA9713BE3E47F9DBC7B3D1B6C7453 ] RmSvc           C:\WINDOWS\System32\RMapi.dll
    22:10:13.0643 0x11e4  RmSvc - ok
    22:10:13.0647 0x11e4  [ 672724C8B21B7DC56646045DE4D5B860, 79986E80A92C949C543959F1E35647A9788DAB2892AC20B6DEA5C0BBC0CEDE9E ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
    22:10:13.0657 0x11e4  RpcEptMapper - ok
    22:10:13.0660 0x11e4  [ 109C1D609951E886D3643B15C1EDD1C2, 347D8E7C50EC7F96217C7421D9BC8A42C9DF50B94169CB58DCF857A63C33C2EA ] RpcLocator      C:\WINDOWS\system32\locator.exe
    22:10:13.0667 0x11e4  RpcLocator - ok
    22:10:13.0682 0x11e4  [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
    22:10:13.0710 0x11e4  RpcSs - ok
    22:10:13.0714 0x11e4  [ 5FF28F097C9699097B473F8FC7C1AA7D, 695560F1DBD85073F3D6CB1FF16F16504CA044EA62E940E463A16BBA8B86E2FA ] rspndr          C:\WINDOWS\system32\drivers\rspndr.sys
    22:10:13.0724 0x11e4  rspndr - ok
    22:10:13.0726 0x11e4  [ B5DAEE69BACA64D2BB004568E22D8756, C0072CF6B438ED756435A182D55AC55F3AD356ACBD483DE06A94893D3CA8CCC5 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
    22:10:13.0733 0x11e4  s3cap - ok
    22:10:13.0737 0x11e4  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] SamSs           C:\WINDOWS\system32\lsass.exe
    22:10:13.0744 0x11e4  SamSs - ok
    22:10:13.0748 0x11e4  [ 5E73FB63E2DBC75FE0C17DEB0010CE0E, 9DAC47486262397D03BC01F7438CAB62CF33BD7B5283F5B9548C770A3D6D0ADC ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
    22:10:13.0756 0x11e4  sbp2port - ok
    22:10:13.0762 0x11e4  [ 3CD0130FFDEAEACF0905B482F3934EA3, 1EC355B63135FD2563093EBB206741C0C4CCE0551A662F6DC86C875146A88B06 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
    22:10:13.0776 0x11e4  SCardSvr - ok
    22:10:13.0782 0x11e4  [ 9EE060D6560FFBFBDB2ED5D6ED192294, 14387B69CD26D12BE31A23251B6AA8EDFC4D6CDE4FA558F0950DE91D2DD03946 ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
    22:10:13.0796 0x11e4  ScDeviceEnum - ok
    22:10:13.0799 0x11e4  [ 3D9A82B03C92D1FEC42CB171D6F57778, DC027F02F5EB5F1D10DB6F405FB0C15D4D5C922445F5F3C916624113278AF072 ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
    22:10:13.0809 0x11e4  scfilter - ok
    22:10:13.0824 0x11e4  [ D4DB6B318A0A0C74A90260725A228C0B, 57BA2EF9D880488C785C806ABF9EE753A48E589129442D72F815CD6EFFA07B22 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
    22:10:13.0854 0x11e4  Schedule - ok
    22:10:13.0858 0x11e4  [ 9055ADDFBA4C8B914C914CE693B55C0A, DB213AC36E14D856B81D2AFE46815402537A2ABEEA15032A9FF436F953129441 ] scmbus          C:\WINDOWS\system32\drivers\scmbus.sys
    22:10:13.0866 0x11e4  scmbus - ok
    22:10:13.0870 0x11e4  [ B6F2363584E62960846F7C3F00124A4F, 252189FF9D623CF69BF415FF7C7FE74B0BBF756B632420578BFAFF6595616CF7 ] scmdisk0101     C:\WINDOWS\System32\drivers\scmdisk0101.sys
    22:10:13.0881 0x11e4  scmdisk0101 - ok
    22:10:13.0886 0x11e4  [ 9450FA11E9DE6715FCB71A519A8FF90B, B7E341C6E4CE967FCDD0D17A497C07E8A1C6B0AACE8A6E8E5D6C21EF73F13E16 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
    22:10:13.0898 0x11e4  SCPolicySvc - ok
    22:10:13.0905 0x11e4  [ 2A8832563C2826665517B91195085476, 1472BDF9ACACA105F9A67662131DC5A18BDBFE4656C33F6900E791C51A62DD90 ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
    22:10:13.0915 0x11e4  sdbus - ok
    22:10:13.0920 0x11e4  [ F3714DBAA42C15F78FFCDFE4273214EB, 2D018970B92C5F0744FAE10A2FC298F3DCEA5C2EDEB760F4F0651337B9878ABF ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
    22:10:13.0933 0x11e4  SDRSVC - ok
    22:10:13.0937 0x11e4  [ 120DFCB71D6C502613A9E2D50E16850C, 2C294010AD1C9C380CD5221A37720544178B7358C8C8553AF44055E4CEE5DAF5 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
    22:10:13.0945 0x11e4  sdstor - ok
    22:10:13.0948 0x11e4  [ EFD644DD091E1D94555FC3BBC95EA66D, FBDDA6680BEC378CCF12A32D9186020E884DA15A1E789D1531B1E687FC7B54B1 ] seclogon        C:\WINDOWS\system32\seclogon.dll
    22:10:13.0958 0x11e4  seclogon - ok
    22:10:13.0961 0x11e4  [ F48535714BED7DD784853889B4594B26, 9B4AB7E7293E79A8F6CC46C84F23E62AD3BD6E958FCE078CDBB125A69FAC7E50 ] SENS            C:\WINDOWS\System32\sens.dll
    22:10:13.0974 0x11e4  SENS - ok
    22:10:13.0994 0x11e4  [ 2B4E090D06C60853C5C00CF255F9E02A, 4D4DBA7B04519622612BD4A4F28318CA2F5646C84CAFF8C5ACC9BF4C6031894E ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
    22:10:14.0044 0x11e4  SensorDataService - ok
    22:10:14.0053 0x11e4  [ C09A42163878A082C3F0D0A3DFE95714, 8033DC38D0EDED3758DA6BF8C1955BE5FFE48863C079C589660B37D0E461300F ] SensorService   C:\WINDOWS\system32\SensorService.dll
    22:10:14.0074 0x11e4  SensorService - ok
    22:10:14.0079 0x11e4  [ E6F00415DADCEEC860E7AB42BFD19A65, 274CAF22F93D43B6DB6953730E3DF8DA94776B24EEE74B80AB4CD780BC1366A9 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
    22:10:14.0092 0x11e4  SensrSvc - ok
    22:10:14.0096 0x11e4  [ 401D706DDC0A7AF18C3DD228ADF74551, 27C0B38D7C2E3F6FF06201124E63483931F6071954B2B99EC0143C464238C0B7 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
    22:10:14.0103 0x11e4  SerCx - ok
    22:10:14.0107 0x11e4  [ 7084D11083F0CDCA8B5C76F9846ABF5D, F639920882B0E784D8CFAF0D4C0F0C411937B6831E5DD99B0ABFBFE06BA4742F ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
    22:10:14.0116 0x11e4  SerCx2 - ok
    22:10:14.0119 0x11e4  [ 3FF478A8ED32A83C36581425F6282B6C, 787646A17098EA7CF36064D0A950C1D470D4A280C8C5AC40023D566E53860EAE ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
    22:10:14.0127 0x11e4  Serenum - ok
    22:10:14.0130 0x11e4  [ 92509187AA171A80521528B36F753E1D, FE0DA272B8A155ECC161E99586C4AE7EE17B1C84BC330DA1566C83B8E03FA825 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
    22:10:14.0139 0x11e4  Serial - ok
    22:10:14.0142 0x11e4  [ 433D38FF6D08B993847EA2A10EB8CB52, 29BA75DB6D1AC761BBDFB5AC8874FC7D763E1CD10D290E369063B34CE951270F ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
    22:10:14.0150 0x11e4  sermouse - ok
    22:10:14.0161 0x11e4  [ 82CF273F0E8F243789683DEB40757569, 5433D93A41C4BF04494E6158931C6AC3154888F7CD3A417253EC02FF7EA6D00E ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
    22:10:14.0180 0x11e4  SessionEnv - ok
    22:10:14.0183 0x11e4  [ 697D3EE0740AEAB62B66ABCA1C83D13B, FCF54A0071ED04AD3FC8551C67FE5FD49089DC0510F753052CAC5972A65C9E3D ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
    22:10:14.0191 0x11e4  sfloppy - ok
    22:10:14.0201 0x11e4  [ 3D0069B8F0C2FB1B0F13DBDB57593DAD, 4CEC91BC45A51C4E445D2DD8A13AC97719D5AAC1DBA8EA9166D2A354E7857378 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
    22:10:14.0225 0x11e4  SharedAccess - ok
    22:10:14.0237 0x11e4  [ 482E6BE8A07832E824080D352075ACA1, 4123A76C8E805AF4FE229C53E9C174095C0937913BA81A63FE9B45C44AA5B15F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    22:10:14.0261 0x11e4  ShellHWDetection - ok
    22:10:14.0267 0x11e4  [ CF3BDF9EAD8D3EF671E9339B44B185BA, C17EC6D5B00F49D9C8B5B6C262A85F34ED71C58450659F006B3632AA84F68E23 ] shpamsvc        C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
    22:10:14.0280 0x11e4  shpamsvc - ok
    22:10:14.0283 0x11e4  [ A34CE1830E45DA98932295FDE4B7908A, FC553ECF4D64B4B10B7FDE5352707785517A18D487A80665BAFC7261E3F35CDC ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
    22:10:14.0290 0x11e4  SiSRaid2 - ok
    22:10:14.0293 0x11e4  [ A7B5C670770E908DA5FEF5BF1136E933, 8D3BB6FF65E631C34BE8EA766481B2FDB2E1E916A4FD67F86705A8975A136E6C ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
    22:10:14.0300 0x11e4  SiSRaid4 - ok
    22:10:14.0308 0x11e4  [ 4E6FAEE3F259DAC82213D935785991FB, ADA019AD261BBEAE78495B508B4D375BEC1005DF119F20897D29C3C613A0CA46 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
    22:10:14.0318 0x11e4  SkypeUpdate - ok
    22:10:14.0321 0x11e4  [ A8C6A350A6B9C60E1EA53B6D4A4A01A6, 048CEE39BC1BDD8C4CBAE0AB7785787D033005B10F34626679F76165609B196C ] SmbDrvI         C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
    22:10:14.0326 0x11e4  SmbDrvI - ok
    22:10:14.0329 0x11e4  [ D233EAE2A9D48485321816486ED635EF, 03AB49BE9CF15EB7EDC50C400E673B4DF0E5BFDA9A7811E157F2AF2F3CF38D49 ] smphost         C:\WINDOWS\System32\smphost.dll
    22:10:14.0341 0x11e4  smphost - ok
    22:10:14.0351 0x11e4  [ 0B217141AC1283655402CDB356577735, 6EFA4CA46CFC8B7156CE7E5CA89B7F7073E16D66C2FC13F4DB95FEB78CCF698F ] SmsRouter       C:\WINDOWS\system32\SmsRouterSvc.dll
    22:10:14.0375 0x11e4  SmsRouter - ok
    22:10:14.0380 0x11e4  [ 6F4CE07D420FB657B5936F71101ABD41, CEC52984C56E578E0FFE12BE1B8148335F788B7D1751F2D0E79B944A41113C20 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
    22:10:14.0388 0x11e4  SNMPTRAP - ok
    22:10:14.0399 0x11e4  [ 43AC4C5CC233BCE9D7C46DA0E7EC0676, DC41B118A43A5B8401FA4848DD113976077A32147944FD948AA61AFDF6639E5B ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
    22:10:14.0414 0x11e4  spaceport - ok
    22:10:14.0418 0x11e4  [ E03264C4C25B568F92ED1656AD541E64, D42942BFFBC7213D204FAF84F4FE015FC23A6ACB29B5E752834EDBC17A3AC20D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
    22:10:14.0426 0x11e4  SpbCx - ok
    22:10:14.0439 0x11e4  [ 63F12E1361F06E5395EDABB587CE093A, BE66550AD4273D2F7118F06084C947628C99BD58F53ACF4FAA50849801B1B11C ] Spooler         C:\WINDOWS\System32\spoolsv.exe
    22:10:14.0467 0x11e4  Spooler - ok
    22:10:14.0549 0x11e4  [ 3DFC1881AEE1C606333E9E82B4343C79, FBC6A6DEE8333D908A944E56877B2E8B007D745EFECB03EA714589C8DB67B26B ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
    22:10:14.0657 0x11e4  sppsvc - ok
    22:10:14.0670 0x11e4  [ E83830BB74AE8CBECEA0ECD94DE436F9, 4A34569A34260324EBD629039E1BF45A3527FC75B22D9A3DB6360A6EB365483A ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
    22:10:14.0693 0x11e4  srv - ok
    22:10:14.0706 0x11e4  [ 1312896CAE6AF0D4557DB7B37283C116, 9E3701DBBF0F45368A217549A7DFDA2543C4AB3AC9CCF65A73E1FE27CC4A278E ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
    22:10:14.0732 0x11e4  srv2 - ok
    22:10:14.0739 0x11e4  [ F13EE0DB1FB1D6946AC3228D7EFCFC8F, 109A809F0338FAB0F4045FA5EE33C6F0A994A9F586B2FBD8920A6AABA0E0EF66 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
    22:10:14.0760 0x11e4  srvnet - ok
    22:10:14.0766 0x11e4  [ 44758105AB3EA34E815D4B6CA1153311, 7F223A20D2538C123BAC6F75BE0E126876A116F09502FD980C05B8916E26E1B7 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
    22:10:14.0779 0x11e4  SSDPSRV - ok
    22:10:14.0784 0x11e4  [ B97C7EC07218A8002323718202BF5E77, 39D3254383E3F49FD3E2DFF8212F4B5744D8D5E0A6BB320516C5EE525AD211EB ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
    22:10:14.0798 0x11e4  SstpSvc - ok
    22:10:14.0803 0x11e4  [ 592FF34A2FD6C6351B8A3AA76B2C0A9E, 152B7472DE531AC45492F562DD470B2CE33F1EEF13BC78F26046AE5ABF54E32F ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
    22:10:14.0810 0x11e4  ssudmdm - ok
    22:10:14.0866 0x11e4  [ 503E713F77489EBA9B5DF7073B3D39E6, B89CCE2613782C89A0B363AF5C499FF037862C6B64F5C0833540F625D3706531 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
    22:10:14.0962 0x11e4  StateRepository - ok
    22:10:14.0987 0x11e4  [ E06AA279D85877268E34E9A9BC41F560, 6EFE7E3850CD19B919053293B6D8CB61CC638D3B1626BB62594C681625132689 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    22:10:15.0014 0x11e4  Steam Client Service - ok
    22:10:15.0018 0x11e4  [ 29D26E1347AE1BBD4201014E19880B2C, 9E2153AD96CE4F189EEE43BB02515532C619FB1CA02D8F6DEF517AC3347AAA14 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
    22:10:15.0025 0x11e4  stexstor - ok
    22:10:15.0036 0x11e4  [ 91CB95B35481155BFE29C217CD237F27, CA66957DF1441D991453BEF02D768D44E5D9A484BC23C8874E8A7AC20904CB06 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
    22:10:15.0059 0x11e4  stisvc - ok
    22:10:15.0064 0x11e4  [ 53EB8CE34B55A1EE63424C8DB7388BFC, 5AB59117BA8A2844EB8693CCC19B217AE039B28C87519F96E1C845FE9BF456C2 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
    22:10:15.0072 0x11e4  storahci - ok
    22:10:15.0075 0x11e4  [ C5E0ACE4771F5575D9D5B457ABF3AD03, 365880BC5AC313F25C313EFB7758301F98D9B2BF4C5FC9499F98C2B7F8407D96 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
    22:10:15.0082 0x11e4  storflt - ok
    22:10:15.0086 0x11e4  [ B66D8C75C9BC59D637177AB3B1C569A6, 76252A631F03EEBF5FDC7693F6B0A5E73838CDBE3157114CC96B8BBE88B476BF ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
    22:10:15.0094 0x11e4  stornvme - ok
    22:10:15.0097 0x11e4  [ BEBF85EB4D90E6996047DA027D0ED26E, DF109CF0F07CDD1B9B702C2A076D4DD5366DAAD971CC9359AF0358E79981706F ] storqosflt      C:\WINDOWS\system32\drivers\storqosflt.sys
    22:10:15.0107 0x11e4  storqosflt - ok
    22:10:15.0116 0x11e4  [ 6C982BC7E4DB161530A0D831718D7113, B0FAEACC91023031E53A161ECEFCF62764C96B8705E9089B4A7B4F7A2F3B6BAA ] StorSvc         C:\WINDOWS\system32\storsvc.dll
    22:10:15.0173 0x11e4  StorSvc - ok
    22:10:15.0177 0x11e4  [ 8E73037A6F8938475692FFCC26EBF385, F78C5CD1A3CD17AA831EEC82426B14006B4DDBC9085A4814E04E8C37FD6B05F7 ] storufs         C:\WINDOWS\system32\drivers\storufs.sys
    22:10:15.0184 0x11e4  storufs - ok
    22:10:15.0187 0x11e4  [ 9D9DED47DA10E845EFF2DD57C94C809B, 520D0CE7A867051B80C8141E351FE5A5BCE3C99776093F234DB77D3407B1F104 ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
    22:10:15.0193 0x11e4  storvsc - ok
    22:10:15.0196 0x11e4  [ 224C92E442B1B8C20C274332F1ACF00D, CDE5DCFB7A21089464A6E2ABB29BBE08B184C3433C218756AA5902A8F67C0B2C ] svsvc           C:\WINDOWS\system32\svsvc.dll
    22:10:15.0207 0x11e4  svsvc - ok
    22:10:15.0209 0x11e4  [ 505E0C40B5D0ADDCBB414640F59BD2E0, DF4B5E65FE6FF2224F298A2A2FAC9B648C082DFF8463148633647580A9FAD34D ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
    22:10:15.0216 0x11e4  swenum - ok
    22:10:15.0225 0x11e4  [ 2EE27411B5904C63D723BEA391819F58, C88C11D460E90398E16011B8A2CED5EE5626084F24790EA6115532F8F70060C6 ] swprv           C:\WINDOWS\System32\swprv.dll
    22:10:15.0246 0x11e4  swprv - ok
    22:10:15.0250 0x11e4  [ 32F46FB0F290D16DAA452B289C985795, 73F88AAAA6026DB4C27F1D054145216DCC3F1960946FB2A7A90518DD1D5737CB ] Synth3dVsc      C:\WINDOWS\System32\drivers\Synth3dVsc.sys
    22:10:15.0259 0x11e4  Synth3dVsc - ok
    22:10:15.0274 0x11e4  [ FED48B19D6F55D7A3AB498D85729D1BA, FA5E0E02BC2E2DE108C55991E3B063CC947072228B53539F42F922661510DE7C ] SysMain         C:\WINDOWS\system32\sysmain.dll
    22:10:15.0304 0x11e4  SysMain - ok
    22:10:15.0313 0x11e4  [ D9FEA79BF6AF136F8E656AE045C2FEC8, E6F08A93348E035185F0F1C6B6277E636F4F25D1136E3ACCA63488DAEEC7114B ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
    22:10:15.0330 0x11e4  SystemEventsBroker - ok
    22:10:15.0334 0x11e4  [ 86E7FD5C8DBEC1EB51C4368561402B75, 86EE61414CD5854E39E33F67BF5DA4377B569B3ED4D18882C470BC6784891DA1 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
    22:10:15.0347 0x11e4  TabletInputService - ok
    22:10:15.0353 0x11e4  [ 3929C8FC134AC672C4F3F85160956257, CD3195CA58BA6F55EA0DDA2BE6AB58280AD1CA488D7AAA1539DD05FB99374F36 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
    22:10:15.0369 0x11e4  TapiSrv - ok
    22:10:15.0405 0x11e4  [ B705D8E3011268160833518FBD80FBCE, 28EE5D3D49CC2C88BEEC4A4AF76EC58ED707D6AD353A7700CE92D61AF1264507 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
    22:10:15.0455 0x11e4  Tcpip - ok
    22:10:15.0492 0x11e4  [ B705D8E3011268160833518FBD80FBCE, 28EE5D3D49CC2C88BEEC4A4AF76EC58ED707D6AD353A7700CE92D61AF1264507 ] Tcpip6          C:\WINDOWS\system32\drivers\tcpip.sys
    22:10:15.0538 0x11e4  Tcpip6 - ok
    22:10:15.0545 0x11e4  [ 8DBB1BE20C36E6D19BCC89EEA00B953C, 8B97A7E53E1D77363AFF6A5AAEAD89EBAE28DCB8D82753C804FD7CD5646500AF ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
    22:10:15.0555 0x11e4  tcpipreg - ok
    22:10:15.0560 0x11e4  [ 9D2DD64A0B51C56285512DC9454340F6, ABB90CE6A55269F71AFB08E04969CF9A4EFD93F7A7189AF920EEE3E005214DDD ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
    22:10:15.0568 0x11e4  tdx - ok
    22:10:15.0571 0x11e4  [ 06130AFFECEB94525FC2352936576B70, 10EBE2C8FDC087D29E2FFB328F0F7905A5374AB8CC9FAE8699E7676DBC8CBF91 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
    22:10:15.0578 0x11e4  terminpt - ok
    22:10:15.0593 0x11e4  [ FB68E5F02316C42BE7282DA492351C6F, AC31D841FEA58B776127E138DB20F8D48E26FD8C00CE2FA9695EA14EBF159A0A ] TermService     C:\WINDOWS\System32\termsrv.dll
    22:10:15.0628 0x11e4  TermService - ok
    22:10:15.0632 0x11e4  [ 2AF438EC0D361A7BBB70E604A686602C, 4BE6A0461EB2CB94288614434A1CEC81C2ED46241721FD5BBD8ABE0680F7C804 ] Themes          C:\WINDOWS\system32\themeservice.dll
    22:10:15.0646 0x11e4  Themes - ok
    22:10:15.0658 0x11e4  [ 1482B8ED5CACA87992A882B853B83CEE, 613247F0E362A109090E8563D977DECC50C64D45D6962905FA84A2D59329045C ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
    22:10:15.0675 0x11e4  TieringEngineService - ok

    These is the AdwCleaner log that came up after reboot;

    Code:
    # AdwCleaner v6.021 - Logfile created 08/10/2016 at 21:44:54
    # Updated on 06/10/2016 by ToolsLib
    # Database : 2016-10-07.1 [Server]
    # Operating System : Windows 10 Home  (X64)
    # Username : Luke - LUKE
    # Running from : Z:\FIREFOX DOWNLOADS\ANTI-MALWARE ETC\adwcleaner_6.021.exe
    # Mode: Clean
    # Support : https://toolslib.net/forum
    
    
    
    ***** [ Services ] *****
    
    [-] Service deleted: rtop
    
    
    ***** [ Folders ] *****
    
    [-] Folder deleted: C:\Program Files\ByteFence
    [-] Folder deleted: C:\ProgramData\ByteFence
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\ByteFence
    
    
    ***** [ Files ] *****
    
    [-] File deleted: C:\END
    
    
    ***** [ DLL ] *****
    
    
    
    ***** [ WMI ] *****
    
    
    
    ***** [ Shortcuts ] *****
    
    
    
    ***** [ Scheduled Tasks ] *****
    
    
    
    ***** [ Registry ] *****
    
    [-] Key deleted: HKU\S-1-5-21-4232256137-3942767270-2832098513-1001\Software\ByteFence
    [#] Key deleted on reboot: HKCU\Software\ByteFence
    [-] Key deleted: HKLM\SOFTWARE\ByteFence
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
    [#] Key deleted on reboot: [x64] HKCU\Software\ByteFence
    [-] Key deleted: [x64] HKLM\SOFTWARE\ByteFence
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
    
    
    ***** [ Web browsers ] *****
    
    [-] Chrome preferences cleaned: "browser.search.defaultenginename" -  "Yahoo! Powered"
    [-] Chrome preferences cleaned: "browser.search.selectedEngine" -  "Yahoo! Powered"
    
    
    *************************
    
    :: "Tracing" keys deleted
    :: Winsock settings cleared
    
    *************************
    
    C:\AdwCleaner\AdwCleaner[C0].txt - [3012 Bytes] - [19/09/2016 22:10:49]
    C:\AdwCleaner\AdwCleaner[C2].txt - [1206 Bytes] - [23/09/2016 20:37:33]
    C:\AdwCleaner\AdwCleaner[C3].txt - [2823 Bytes] - [25/09/2016 22:23:03]
    C:\AdwCleaner\AdwCleaner[C4].txt - [2107 Bytes] - [08/10/2016 21:44:54]
    C:\AdwCleaner\AdwCleaner[S0].txt - [3946 Bytes] - [19/09/2016 18:11:45]
    C:\AdwCleaner\AdwCleaner[S1].txt - [2894 Bytes] - [19/09/2016 22:09:18]
    C:\AdwCleaner\AdwCleaner[S2].txt - [1342 Bytes] - [23/09/2016 20:37:20]
    C:\AdwCleaner\AdwCleaner[S3].txt - [2493 Bytes] - [25/09/2016 22:22:02]
    C:\AdwCleaner\AdwCleaner[S4].txt - [1649 Bytes] - [01/10/2016 00:24:26]
    C:\AdwCleaner\AdwCleaner[S5].txt - [1722 Bytes] - [01/10/2016 00:25:48]
    C:\AdwCleaner\AdwCleaner[S6].txt - [2815 Bytes] - [08/10/2016 21:42:23]
    
    ########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [2691 Bytes] ########


    OK, now Anti-Malware Bytes. I ran this 2x (because I ran the cleaners out of order the first time and wanted to ensure it cleaned correctly. Seems like it was a good plan because if found stuff both times.

    1st RUN
    Code:
    Malwarebytes Anti-Malware
    www.malwarebytes.org
    
    Scan Date: 10/8/2016
    Scan Time: 6:24 PM
    Logfile: MAL-ANTIMAL.txt
    Administrator: Yes
    
    Version: 2.2.1.1043
    Malware Database: v2016.10.08.07
    Rootkit Database: v2016.09.26.02
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled
    
    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: Luke
    
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 314277
    Time Elapsed: 7 min, 3 sec
    
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
    
    Processes: 1
    Trojan.Dropper, C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe, 2852, , [12b5494da5f5d75f796b1ad024e0d828]
    
    Modules: 0
    (No malicious items detected)
    
    Registry Keys: 8
    Trojan.Dropper, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\rtop, , [12b5494da5f5d75f796b1ad024e0d828], 
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [0cbb0096f7a3d16576eaf1d8897933cd], 
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [36916036a1f981b54b1592379c66bb45], 
    PUP.Optional.InstallCore, HKU\S-1-5-21-4232256137-3942767270-2832098513-1001\SOFTWARE\csastats, , [3e893b5b693104323947d1293dc67f81], 
    PUP.Optional.WinYahoo, HKU\S-1-5-21-4232256137-3942767270-2832098513-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [ecdbf1a51b7f0f271f4049802ad86898], 
    PUP.Optional.ProductSetup, HKU\S-1-5-21-4232256137-3942767270-2832098513-1001\SOFTWARE\PRODUCTSETUP, , [7c4b12844d4de551b00dc5eb27dc6f91], 
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\winsearch, , [ac1bc4d27822a0968dc17924af552dd3], 
    PUP.Optional.WinYahoo, HKU\S-1-5-21-4232256137-3942767270-2832098513-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Chromium, , [ac1bc4d27822a0968dc17924af552dd3], 
    
    Registry Values: 7
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f[f3d4d0c6afebd462aeebdede19eb24dc]D1%26b[f3d4d0c6afebd462aeebdede19eb24dc]DIE%26cc[f3d4d0c6afebd462aeebdede19eb24dc]Dca%26pa[f3d4d0c6afebd462aeebdede19eb24dc]Dwincy%26cd[f3d4d0c6afebd462aeebdede19eb24dc]D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr[f3d4d0c6afebd462aeebdede19eb24dc]D1897231198%26a[f3d4d0c6afebd462aeebdede19eb24dc]Dwbf_lvrms_16_40%26os_ver[f3d4d0c6afebd462aeebdede19eb24dc]D10.0%26os[f3d4d0c6afebd462aeebdede19eb24dc]DWindowsB10BHome, %4, %5
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, https://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f[0cbb0096f7a3d16576eaf1d8897933cd]D4%26b[0cbb0096f7a3d16576eaf1d8897933cd]DIE%26cc[0cbb0096f7a3d16576eaf1d8897933cd]Dca%26pa[0cbb0096f7a3d16576eaf1d8897933cd]Dwincy%26cd[0cbb0096f7a3d16576eaf1d8897933cd]D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr[0cbb0096f7a3d16576eaf1d8897933cd]D1897231198%26a[0cbb0096f7a3d16576eaf1d8897933cd]Dwbf_lvrms_16_40%26os_ver[0cbb0096f7a3d16576eaf1d8897933cd]D10.0%26os[0cbb0096f7a3d16576eaf1d8897933cd]DWindowsB10BHome&p={searchTerms}, %4, %5
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f[289f4f47f8a2cf6708913c8036ce5ba5]D1%26b[289f4f47f8a2cf6708913c8036ce5ba5]DIE%26cc[289f4f47f8a2cf6708913c8036ce5ba5]Dca%26pa[289f4f47f8a2cf6708913c8036ce5ba5]Dwincy%26cd[289f4f47f8a2cf6708913c8036ce5ba5]D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr[289f4f47f8a2cf6708913c8036ce5ba5]D1897231198%26a[289f4f47f8a2cf6708913c8036ce5ba5]Dwbf_lvrms_16_40%26os_ver[289f4f47f8a2cf6708913c8036ce5ba5]D10.0%26os[289f4f47f8a2cf6708913c8036ce5ba5]DWindowsB10BHome, %4, %5
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, https://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f[36916036a1f981b54b1592379c66bb45]D4%26b[36916036a1f981b54b1592379c66bb45]DIE%26cc[36916036a1f981b54b1592379c66bb45]Dca%26pa[36916036a1f981b54b1592379c66bb45]Dwincy%26cd[36916036a1f981b54b1592379c66bb45]D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr[36916036a1f981b54b1592379c66bb45]D1897231198%26a[36916036a1f981b54b1592379c66bb45]Dwbf_lvrms_16_40%26os_ver[36916036a1f981b54b1592379c66bb45]D10.0%26os[36916036a1f981b54b1592379c66bb45]DWindowsB10BHome&p={searchTerms}, %4, %5
    PUP.Optional.WinYahoo, HKU\S-1-5-21-4232256137-3942767270-2832098513-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f[a6213a5cfb9f73c351492b916d9759a7]D1%26b[a6213a5cfb9f73c351492b916d9759a7]DIE%26cc[a6213a5cfb9f73c351492b916d9759a7]Dca%26pa[a6213a5cfb9f73c351492b916d9759a7]Dwincy%26cd[a6213a5cfb9f73c351492b916d9759a7]D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr[a6213a5cfb9f73c351492b916d9759a7]D1897231198%26a[a6213a5cfb9f73c351492b916d9759a7]Dwbf_lvrms_16_40%26os_ver[a6213a5cfb9f73c351492b916d9759a7]D10.0%26os[a6213a5cfb9f73c351492b916d9759a7]DWindowsB10BHome, %4, %5
    PUP.Optional.WinYahoo, HKU\S-1-5-21-4232256137-3942767270-2832098513-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, https://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f[ecdbf1a51b7f0f271f4049802ad86898]D4%26b[ecdbf1a51b7f0f271f4049802ad86898]DIE%26cc[ecdbf1a51b7f0f271f4049802ad86898]Dca%26pa[ecdbf1a51b7f0f271f4049802ad86898]Dwincy%26cd[ecdbf1a51b7f0f271f4049802ad86898]D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr[ecdbf1a51b7f0f271f4049802ad86898]D1897231198%26a[ecdbf1a51b7f0f271f4049802ad86898]Dwbf_lvrms_16_40%26os_ver[ecdbf1a51b7f0f271f4049802ad86898]D10.0%26os[ecdbf1a51b7f0f271f4049802ad86898]DWindowsB10BHome&p={searchTerms}, %4, %5
    PUP.Optional.ProductSetup, HKU\S-1-5-21-4232256137-3942767270-2832098513-1001\SOFTWARE\PRODUCTSETUP|tb, 0G2O2W1R0C1R1H, , [7c4b12844d4de551b00dc5eb27dc6f91]
    
    Registry Data: 3
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=fBad: (https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr%3D1897231198%26a%3Dwbf_lvrms_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),,[11b64353dac0f541112918619a6ac937]D1%26bBad: (https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr%3D1897231198%26a%3Dwbf_lvrms_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),,[11b64353dac0f541112918619a6ac937]DIE%26ccBad: (https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr%3D1897231198%26a%3Dwbf_lvrms_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),,[11b64353dac0f541112918619a6ac937]Dca%26paBad: (https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr%3D1897231198%26a%3Dwbf_lvrms_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),,[11b64353dac0f541112918619a6ac937]Dwincy%26cdBad: (https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr%3D1897231198%26a%3Dwbf_lvrms_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),,[11b64353dac0f541112918619a6ac937]D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26crBad: (https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr%3D1897231198%26a%3Dwbf_lvrms_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),,[11b64353dac0f541112918619a6ac937]D1897231198%26aBad: (https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr%3D1897231198%26a%3Dwbf_lvrms_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),,[11b64353dac0f541112918619a6ac937]Dwbf_lvrms_16_40%26os_verBad: (https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr%3D1897231198%26a%3Dwbf_lvrms_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),,[11b64353dac0f541112918619a6ac937]D10.0%26osBad: (https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr%3D1897231198%26a%3Dwbf_lvrms_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),,[11b64353dac0f541112918619a6ac937]DWindowsGood: (www.google.com)B10Good: (www.google.com)BHome, %4, %5
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=fBad: (https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr%3D1897231198%26a%3Dwbf_lvrms_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),,[24a3b7df52488babd06ab3c67193d828]D1%26bBad: (https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr%3D1897231198%26a%3Dwbf_lvrms_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),,[24a3b7df52488babd06ab3c67193d828]DIE%26ccBad: (https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr%3D1897231198%26a%3Dwbf_lvrms_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),,[24a3b7df52488babd06ab3c67193d828]Dca%26paBad: (https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr%3D1897231198%26a%3Dwbf_lvrms_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),,[24a3b7df52488babd06ab3c67193d828]Dwincy%26cdBad: (https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr%3D1897231198%26a%3Dwbf_lvrms_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),,[24a3b7df52488babd06ab3c67193d828]D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26crBad: (https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr%3D1897231198%26a%3Dwbf_lvrms_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),,[24a3b7df52488babd06ab3c67193d828]D1897231198%26aBad: (https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr%3D1897231198%26a%3Dwbf_lvrms_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),,[24a3b7df52488babd06ab3c67193d828]Dwbf_lvrms_16_40%26os_verBad: (https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr%3D1897231198%26a%3Dwbf_lvrms_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),,[24a3b7df52488babd06ab3c67193d828]D10.0%26osBad: (https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr%3D1897231198%26a%3Dwbf_lvrms_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),,[24a3b7df52488babd06ab3c67193d828]DWindowsGood: (www.google.com)B10Good: (www.google.com)BHome, %4, %5
    PUP.Optional.WinYahoo, HKU\S-1-5-21-4232256137-3942767270-2832098513-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=fBad: (https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr%3D1897231198%26a%3Dwbf_lvrms_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),,[a32471250b8ff04622166118c44018e8]D1%26bBad: (https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr%3D1897231198%26a%3Dwbf_lvrms_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),,[a32471250b8ff04622166118c44018e8]DIE%26ccBad: (https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr%3D1897231198%26a%3Dwbf_lvrms_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),,[a32471250b8ff04622166118c44018e8]Dca%26paBad: (https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr%3D1897231198%26a%3Dwbf_lvrms_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),,[a32471250b8ff04622166118c44018e8]Dwincy%26cdBad: (https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr%3D1897231198%26a%3Dwbf_lvrms_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),,[a32471250b8ff04622166118c44018e8]D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26crBad: (https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr%3D1897231198%26a%3Dwbf_lvrms_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),,[a32471250b8ff04622166118c44018e8]D1897231198%26aBad: (https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr%3D1897231198%26a%3Dwbf_lvrms_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),,[a32471250b8ff04622166118c44018e8]Dwbf_lvrms_16_40%26os_verBad: (https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr%3D1897231198%26a%3Dwbf_lvrms_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),,[a32471250b8ff04622166118c44018e8]D10.0%26osBad: (https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_lvrms_16_40&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutByEtD0AyCyEtC0CzytCyD0CtAyDzy0DtN0D0Tzu0StCyBtAzztN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtAzytCyDyEtGtB0EtA0BtG0E0E0B0DtGyBtC0DzztGyEtCyD0DtAyD0D0D0B0E0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0EyDyBtC0A0EtG0AyD0BzztGyE0AyE0CtG0A0BtBtCtG0BtAyC0EyDyByC0D0ByBtA0A2QtN0A0LzuyE%26cr%3D1897231198%26a%3Dwbf_lvrms_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),,[a32471250b8ff04622166118c44018e8]DWindowsGood: (www.google.com)B10Good: (www.google.com)BHome, %4, %5
    
    Folders: 2
    PUP.Optional.WinYahoo, C:\Users\Luke Berger\AppData\Local\{6B375D6B-4F9F-31D3-2207-143B066FE8A3}\HowToRemove, , [ac1bc4d27822a0968dc17924af552dd3], 
    PUP.Optional.WinYahoo, C:\Users\Luke Berger\AppData\Local\{6B375D6B-4F9F-31D3-2207-143B066FE8A3}, , [ac1bc4d27822a0968dc17924af552dd3], 
    
    Files: 29
    Trojan.Dropper, C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe, , [12b5494da5f5d75f796b1ad024e0d828], 
    PUP.Optional.DownLoadAdmin, C:\$Recycle.Bin\S-1-5-21-4232256137-3942767270-2832098513-1001\$RPYGLZR.exe, , [b90edfb7e7b33006362dd22940c48a76], 
    PUP.Optional.WinYahoo, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk, , [cdfaa1f5e8b2d85ebeee667a53b03cc4], 
    PUP.Optional.WinYahoo, C:\Windows\Tasks\Yahoo! Powered fisad.job, , [8d3a940298025ed84cc9c2f224e00000], 
    PUP.Optional.WinYahoo, C:\Users\Luke Berger\AppData\Local\{6B375D6B-4F9F-31D3-2207-143B066FE8A3}\HowToRemove\HowToRemove.html, , [ac1bc4d27822a0968dc17924af552dd3], 
    PUP.Optional.WinYahoo, C:\Users\Luke Berger\AppData\Local\{6B375D6B-4F9F-31D3-2207-143B066FE8A3}\HowToRemove\chromium-min.jpg, , [ac1bc4d27822a0968dc17924af552dd3], 
    PUP.Optional.WinYahoo, C:\Users\Luke Berger\AppData\Local\{6B375D6B-4F9F-31D3-2207-143B066FE8A3}\HowToRemove\control panel-min-min.JPG, , [ac1bc4d27822a0968dc17924af552dd3], 
    PUP.Optional.WinYahoo, C:\Users\Luke Berger\AppData\Local\{6B375D6B-4F9F-31D3-2207-143B066FE8A3}\HowToRemove\down.png, , [ac1bc4d27822a0968dc17924af552dd3], 
    PUP.Optional.WinYahoo, C:\Users\Luke Berger\AppData\Local\{6B375D6B-4F9F-31D3-2207-143B066FE8A3}\HowToRemove\ff menu.JPG, , [ac1bc4d27822a0968dc17924af552dd3], 
    PUP.Optional.WinYahoo, C:\Users\Luke Berger\AppData\Local\{6B375D6B-4F9F-31D3-2207-143B066FE8A3}\HowToRemove\ff search engine-min.png, , [ac1bc4d27822a0968dc17924af552dd3], 
    PUP.Optional.WinYahoo, C:\Users\Luke Berger\AppData\Local\{6B375D6B-4F9F-31D3-2207-143B066FE8A3}\HowToRemove\hp-min ff.png, , [ac1bc4d27822a0968dc17924af552dd3], 
    PUP.Optional.WinYahoo, C:\Users\Luke Berger\AppData\Local\{6B375D6B-4F9F-31D3-2207-143B066FE8A3}\HowToRemove\hp-min ie.png, , [ac1bc4d27822a0968dc17924af552dd3], 
    PUP.Optional.WinYahoo, C:\Users\Luke Berger\AppData\Local\{6B375D6B-4F9F-31D3-2207-143B066FE8A3}\HowToRemove\search engine.gif, , [ac1bc4d27822a0968dc17924af552dd3], 
    PUP.Optional.WinYahoo, C:\Users\Luke Berger\AppData\Local\{6B375D6B-4F9F-31D3-2207-143B066FE8A3}\HowToRemove\setup pages.gif, , [ac1bc4d27822a0968dc17924af552dd3], 
    PUP.Optional.WinYahoo, C:\Users\Luke Berger\AppData\Local\{6B375D6B-4F9F-31D3-2207-143B066FE8A3}\HowToRemove\sp-min.png, , [ac1bc4d27822a0968dc17924af552dd3], 
    PUP.Optional.WinYahoo, C:\Users\Luke Berger\AppData\Local\{6B375D6B-4F9F-31D3-2207-143B066FE8A3}\HowToRemove\start-min.jpg, , [ac1bc4d27822a0968dc17924af552dd3], 
    PUP.Optional.WinYahoo, C:\Users\Luke Berger\AppData\Local\{6B375D6B-4F9F-31D3-2207-143B066FE8A3}\HowToRemove\up.png, , [ac1bc4d27822a0968dc17924af552dd3], 
    PUP.Optional.WinYahoo, C:\Users\Luke Berger\AppData\Local\{6B375D6B-4F9F-31D3-2207-143B066FE8A3}\bapi_ff.dat, , [ac1bc4d27822a0968dc17924af552dd3], 
    PUP.Optional.WinYahoo, C:\Users\Luke Berger\AppData\Local\{6B375D6B-4F9F-31D3-2207-143B066FE8A3}\bapi_ie.dat, , [ac1bc4d27822a0968dc17924af552dd3], 
    PUP.Optional.WinYahoo, C:\Users\Luke Berger\AppData\Local\{6B375D6B-4F9F-31D3-2207-143B066FE8A3}\cete, , [ac1bc4d27822a0968dc17924af552dd3], 
    PUP.Optional.WinYahoo, C:\Users\Luke Berger\AppData\Local\{6B375D6B-4F9F-31D3-2207-143B066FE8A3}\install.log, , [ac1bc4d27822a0968dc17924af552dd3], 
    PUP.Optional.WinYahoo, C:\Users\Luke Berger\AppData\Local\{6B375D6B-4F9F-31D3-2207-143B066FE8A3}\mifa, , [ac1bc4d27822a0968dc17924af552dd3], 
    PUP.Optional.WinYahoo, C:\Users\Luke Berger\AppData\Local\{6B375D6B-4F9F-31D3-2207-143B066FE8A3}\sace, , [ac1bc4d27822a0968dc17924af552dd3], 
    PUP.Optional.WinYahoo, C:\Users\Luke Berger\AppData\Local\{6B375D6B-4F9F-31D3-2207-143B066FE8A3}\sara.dat, , [ac1bc4d27822a0968dc17924af552dd3], 
    PUP.Optional.WinYahoo, C:\Users\Luke Berger\AppData\Local\{6B375D6B-4F9F-31D3-2207-143B066FE8A3}\Sqlite3.dll, , [ac1bc4d27822a0968dc17924af552dd3], 
    PUP.Optional.WinYahoo, C:\Users\Luke Berger\AppData\Local\{6B375D6B-4F9F-31D3-2207-143B066FE8A3}\tane.cfg, , [ac1bc4d27822a0968dc17924af552dd3], 
    PUP.Optional.WinYahoo, C:\Users\Luke Berger\AppData\Local\{6B375D6B-4F9F-31D3-2207-143B066FE8A3}\uninst.dat, , [ac1bc4d27822a0968dc17924af552dd3], 
    PUP.Optional.WinYahoo, C:\Users\Luke Berger\AppData\Local\{6B375D6B-4F9F-31D3-2207-143B066FE8A3}\uninst.exe, , [ac1bc4d27822a0968dc17924af552dd3], 
    PUP.Optional.WinYahoo, C:\Users\Luke Berger\AppData\Roaming\Mozilla\Firefox\Profiles\5i3ghlif.default\searchplugins\yahoo! powered.xml, , [bc0b1581f8a2a39316416c3157ad6898], 
    
    Physical Sectors: 0
    (No malicious items detected)
    
    
    (end)

    2nd Run

    Code:
    Malwarebytes Anti-Malware
    www.malwarebytes.org
    
    Scan Date: 10/8/2016
    Scan Time: 10:19 PM
    Logfile: 
    Administrator: Yes
    
    Version: 2.2.1.1043
    Malware Database: v2016.10.09.02
    Rootkit Database: v2016.09.26.02
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled
    
    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: Luke
    
    Scan Type: Custom Scan
    Result: Completed
    Objects Scanned: 548382
    Time Elapsed: 51 min, 10 sec
    
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
    
    Processes: 0
    (No malicious items detected)
    
    Modules: 0
    (No malicious items detected)
    
    Registry Keys: 0
    (No malicious items detected)
    
    Registry Values: 0
    (No malicious items detected)
    
    Registry Data: 0
    (No malicious items detected)
    
    Folders: 0
    (No malicious items detected)
    
    Files: 2
    Trojan.Dropper, C:\AdwCleaner\quarantine\files\xaygjlobjwhsjguhkeodugixgwxmzheg\rtop\bin\rtop_svc.exe, , [bf670790e6b4be784b99cd1d8a7af808], 
    PUP.Optional.DownLoadAdmin, Z:\FIREFOX DOWNLOADS\Paper Mario-176058345.exe, , [9b8bb2e5aceed4626ff4b04b3fc5966a], 
    
    Physical Sectors: 0
    (No malicious items detected)
    
    
    (end)
    Ran the rest, and everything was clean. finished up with CC Cleaner. Should I now proceed with the next step? Sorry to have to go back to this again, what a nightmare.
    Last edited by LAPS; 09 Oct 2016 at 00:52.
      My System SpecsSystem Spec


  2. Joined : Apr 2015
    Posts : 9,117
    W10Prox64
       09 Oct 2016 #72

    CHROME.EXE unsigned could be indication of a Poweliks infection.
    Please scroll halfway down this page and download and run the ESET Poweliks removal tool.
    How to remove the Poweliks Trojan (Removal Guide)

    Regarding Bytefence
    https://www.virustotal.com/en/file/0...is/1456755826/

    rtop_svc.exe is part of bytefence, and identified as a trojan.

    Regarding castplatform:
    https://www.threatcrowd.org/domain.p...stplatform.com

    We need the results of the ESET Poweliks scan first before we do anything else please. It's fast.

    If positive, please download and run the SCAN of FRST Farbar Recovery Scan Tool

    Post the 2 logs it puts in the same directory as where it is run from. (I think they are frst.txt and addition.txt.)

    Thanks.
    Last edited by simrick; 09 Oct 2016 at 11:22.
      My System SpecsSystem Spec


  3. Joined : Sep 2016
    Calgary
    Posts : 74
    Windows 10 Anniversary
       09 Oct 2016 #73

    Oh yeah, 1 more thing. I never noticed this one before but last night when I was running Malwarebytes-Anti Mal, Windows defender came up with this. Seems it's been coming back for awhile. Could this be root of the problem?Click image for larger version. 

Name:	WINDEF.PNG 
Views:	2 
Size:	94.3 KB 
ID:	105119


    I'll do those other checks right now.
      My System SpecsSystem Spec


  4. Joined : Sep 2016
    Calgary
    Posts : 74
    Windows 10 Anniversary
       09 Oct 2016 #74

    simrick said: View Post
    CHROME.EXE unsigned could be indication of a Poweliks infection.
    Please scroll halfway down this page and download and run the ESET Poweliks removal tool.
    How to remove the Poweliks Trojan (Removal Guide)

    Regarding Bytefence
    https://www.virustotal.com/en/file/0...is/1456755826/

    rtop_svc.exe is part of bytefence, and identified as a trojan.

    Regarding castplatform:
    https://www.threatcrowd.org/domain.p...stplatform.com

    We need the results of the ESET Poweliks scan first before we do anything else please. It's fast.

    If positive, please download and run the SCAN of FRST Farbar Recovery Scan Tool

    Post the 2 logs it puts in the same directory as where it is run from. (I think they are frst.txt and addition.txt.)

    Thanks.

    Ran the ESET Poweliks removal tool.

    It says that I don't ESET Poweliks in my system.
      My System SpecsSystem Spec


  5. Joined : Apr 2015
    Posts : 9,117
    W10Prox64
       09 Oct 2016 #75

    LAPS said: View Post
    Oh yeah, 1 more thing. I never noticed this one before but last night when I was running Malwarebytes-Anti Mal, Windows defender came up with this. Seems it's been coming back for awhile. Could this be root of the problem?Click image for larger version. 

Name:	WINDEF.PNG 
Views:	2 
Size:	94.3 KB 
ID:	105119


    I'll do those other checks right now.
    TechBrolo.a is a type of rogue malware which ransoms your system, telling you to call a number to have it fixed of infections. Luckily, it doesn't automatically encrypt all your files. Once you call the number, the scammers remote into your system and wreak all kinds of havoc, then demand a credit card payment to fix things. They also have been installing a SysKey password to prevent Windows from loading.
    Rogue:JS/TechBrolo.A


    LAPS said: View Post
    Ran the ESET Poweliks removal tool.

    It says that I don't ESET Poweliks in my system.
    That's good news.
    Please go back into Defender, scroll down the detections, make sure they are all the same. If they're not, please let me know what else was detected. Then, select all those quarantined items and select Delete.

    EDIT: Please try to uninstall ByteFence from installed programs, if you can.


    Then, run TDSSKiller, selecting all boxes (from bottom to top), and let it reboot to properly run the scan. Let me know if it finds anything/post the log.

    Then please download and run the Sophos Virus Removal Tool.
    Sophos Virus Removal Tool Download

    Let me know if it finds anything. This is a thorough scan and will take quite some time. Be sure your external drive(s) is attached so it is scanned as well, as the scanner doesn't give you options.
      My System SpecsSystem Spec


  6. Joined : Apr 2015
    Posts : 9,117
    W10Prox64
       09 Oct 2016 #76

    Please be sure you see the EDIT in the above post. Thanks.
      My System SpecsSystem Spec


  7. Joined : Sep 2016
    Calgary
    Posts : 74
    Windows 10 Anniversary
       09 Oct 2016 #77

    TechBrolo.a is a type of rogue malware which ransoms your system, telling you to call a number to have it fixed of infections. Luckily, it doesn't automatically encrypt all your files. Once you call the number, the scammers remote into your system and wreak all kinds of havoc, then demand a credit card payment to fix things. They also have been installing a SysKey password to prevent Windows from loading.
    Rogue:JS/TechBrolo.A
    Ok. Good to know.


    Please go back into Defender, scroll down the detections, make sure they are all the same. If they're not, please let me know what else was detected. Then, select all those quarantined items and select Delete.
    That entry was the only one. 5-6 of exactly the same thing.. No other detections.



    EDIT: Please try to uninstall ByteFence from installed programs, if you can.


    I tried both Add/Remove programs and CCleaner. Nothing to uninstall.


    Then, run TDSSKiller, selecting all boxes (from bottom to top), and let it reboot to properly run the scan. Let me know if it finds anything/post the log.
    Did this last night and again today. Clean as a whistle.


    Then please download and run the Sophos Virus Removal Tool.
    Sophos Virus Removal Tool Download
    Clean



    What do you think? Ready to proceed to the repair tool?
      My System SpecsSystem Spec


  8. Joined : Sep 2016
    Calgary
    Posts : 74
    Windows 10 Anniversary
       09 Oct 2016 #78

    simrick said: View Post
    I just downloaded and ran it on a system with ESET installed, no issues.
    See the note on the download page

    But, to be sure, here are the hashes for you to check the zipped download file:
    MD5
    B287904D431C89751AF8D00CDDE4AA7C
    SHA-1
    427A56D660C478FBD3C3A861ED6D31DC3046EE5E
    SHA-256
    CEFA9E883B3605086B1BA5EE47DEC70792D77DE8FBD227D2B99463337206D184
    SHA-512
    B357D10A82F0B54158773B362DDC4180CF74E049BDCD6170832E0156029F7AF164456209AFFEC814BB9C16910B15BAEF800B 5D05A9735028AD8B2FBA080A8375

    MD5 & SHA Checksum Utility
    Just ran this one too. Everything matched
      My System SpecsSystem Spec


  9. Joined : Apr 2015
    Posts : 9,117
    W10Prox64
       09 Oct 2016 #79

    LAPS said: View Post
    Ok. Good to know.

    That entry was the only one. 5-6 of exactly the same thing.. No other detections.

    I tried both Add/Remove programs and CCleaner. Nothing to uninstall.

    Did this last night and again today. Clean as a whistle.

    Clean

    What do you think? Ready to proceed to the repair tool?
    Yep! Let's do this!
      My System SpecsSystem Spec


  10. Joined : Sep 2016
    Calgary
    Posts : 74
    Windows 10 Anniversary
       10 Oct 2016 #80

    Windows Repair Tool by Tweaking.com
    When installing, select "make shortcuts available to all users" and "create desktop icon" (default).
    Let the program open, to make sure it's installed properly.


    • All data is backed up right?
    • Disconnect all external peripherals from the system; nothing but mouse, keyboard and monitor connected (wired preferred).
    • Verify there are no bangs in Device Manager.
    • Verify Fast Startup is OFF.
    • Create a restore point if able. (At this point, you would normally make a Macrium system image of the entire drive, so you can go back and start over if things go south. In your case, however, a clean install is next on the list, so a system image is not necessary.)
    • Reboot to Safe Mode.
    Done


    Once in safe mode, run the System File Checker:



    Advise the results. The preferred result is “No integrity violations found”.
    Complete. NO INTEGRITY VIOLATIONS FOUND



    Go to Step 3, and check the disk for errors.




    If a chkdsk is required, go ahead and schedule it for next boot. Then reboot the machine and let it run.
    Results came back. No errors on the drives.

    Back in Safe Mode:

    Go to tab Step 2, and open the Pre-Scan.




    Click Start Scan. When it’s finished, save the results and post them in the thread using CODE tags (# button).
    Here are the results
    Code:
    ┌────────────────────────────────────────────────────────────────────────────────┐
    │ Tweaking.com - Windows Repair v3.9.12 - Pre-Scan
    │ Computer: LUKE (Windows 10 Home 10.0.14393.222 ) (64-bit)
    │ [Started Scan - 10/9/2016 10:54:02 PM]
    └────────────────────────────────────────────────────────────────────────────────┘
    ┌────────────────────────────────────────────────────────────────────────────────┐
    │ Scanning Windows Packages Files.
    │ Started at (10/9/2016 10:54:02 PM)
    │ 
    │ No problems were found with the Packages Files.
    │ 
    │ Files Checked & Verified: 7,316
    │ 
    │ Done Scanning Windows Packages Files.(10/9/2016 10:54:35 PM)
    └────────────────────────────────────────────────────────────────────────────────┘
    ┌────────────────────────────────────────────────────────────────────────────────┐
    │ Scanning Reparse Points.
    │ Started at (10/9/2016 10:54:35 PM)
    │ 
    │ Missing Default Reparse Point: (Original Path: C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files) (Target Path: C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache)
    │ A Default Reparse Point is missing and this can cause problems on the system.
    │ 
    │ Missing Default Reparse Point: (Original Path: C:\Users\Default\Cookies) (Target Path: C:\Users\Default\AppData\Local\Microsoft\Windows\INetCookies)
    │ A Default Reparse Point is missing and this can cause problems on the system.
    │ 
    │ Problems were found with the Reparse Points.
    │ You can use the Repair Reparse Points Tool at the bottom of this Window to try and fix these problems.
    │ 
    │ Files & Folders Searched: 219,894
    │ Reparse Points Found: 52
    │ 
    │ Done Scanning Reparse Points.(10/9/2016 10:54:44 PM)
    └────────────────────────────────────────────────────────────────────────────────┘
    ┌────────────────────────────────────────────────────────────────────────────────┐
    │ Checking Environment Variables.
    │ Started at (10/9/2016 10:54:44 PM)
    │ 
    │ No problems were found with the Environment Variables.
    │ 
    │ Done Checking Environment Variables. (10/9/2016 10:54:44 PM)
    └────────────────────────────────────────────────────────────────────────────────┘
    ┌────────────────────────────────────────────────────────────────────────────────┐
    │ [Finished Scan - 10/9/2016 10:54:44 PM]
    │ 
    │ [x] Scan Complete - Problems Found!
    │ [x] 
    │ [x] You can use the Repair Reparse Points or Repair Environment Variables tools at the bottom of this Window if needed.
    │ [x] 
    │ [x] While problems have been found, you can still run the repairs in the program.
    │ [x] But for the best results it is recommended to fix the problems reported in this scan if possible.
    └────────────────────────────────────────────────────────────────────────────────┘


    Stop here and report the results. I will make another post with repair steps to run, but don't run them until we've determined if this scan shows repairs needed, and what they are, and decide if we should do them or not.[/QUOTE]
      My System SpecsSystem Spec


 
Page 8 of 15 FirstFirst ... 678910 ... LastLast


Similar Threads
Thread Forum
How to get the Windows 10 Anniversary Update
760521668653518849 Source: How to get the Windows 10 Anniversary Update | Windows Experience Blog Download Windows 10 Anniversary ISO (32-bit 3.14 GB) (64-bit=4.07 GB):
Windows 10 News
Cannot Update to Windows 10 Anniversary Update (Freeze during Update)
Search Results I am trying to update from Windows 10 OS Build 10586.589 to the Anniversary Update but my computer freezes at 1% progress. I have tried everything I can think of including: Unplugging all extra SATA drives except my main SSD,...
Windows Updates and Activation
Windows Update does not download and install the anniversary update.
I am downloading the update manually. Have others had the same issue with windows update not showing the update? I'm not sure my WU is working because of this.
Windows Updates and Activation
First one with windows 10 anniversary update
Who will it be? With no glitches. What time? Where are you located? What do you really notice improved over old 10? If you are a paying customer, did you get your monies worth? Are loading times (software and boot speeds). Add your questions if you...
General Support
Windows 10 Anniversary Update SDK Now Available!
Source: Windows 10 Anniversary Update SDK Now Available! Windows Store Open for Submissions | Building Apps for Windows
Windows 10 News
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 06:35.
Find Us
Twitter Facebook Google+



Windows 10 Forums