Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Help with slow computer

  1. #1
    Junior Member
    Join Date
    Sep 2018
    Posts
    6

    Default Help with slow computer

    I suspect some malware effecting my performance.

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.09.2018
    Ran by khoa (15-09-2018 00:03:41)
    Running from C:\Users\admin\Desktop
    Windows 10 Home Version 1803 17134.285 (X64) (2018-05-14 12:35:33)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3228323692-928225871-3027623042-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3228323692-928225871-3027623042-503 - Limited - Disabled)
    Guest (S-1-5-21-3228323692-928225871-3027623042-501 - Limited - Disabled)
    khoa (S-1-5-21-3228323692-928225871-3027623042-1001 - Administrator - Enabled) => C:\Users\admin
    WDAGUtilityAccount (S-1-5-21-3228323692-928225871-3027623042-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
    Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
    Application Verifier x64 External Package (HKLM\...\{D9908CED-5ABB-FEE9-FC84-743F4D38637C}) (Version: 10.1.16299.15 - Microsoft) Hidden
    Atom (HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\atom) (Version: 1.22.1 - GitHub Inc.)
    AutoHotkey 1.1.26.01 (HKLM\...\AutoHotkey) (Version: 1.1.26.01 - Lexikos)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
    CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version: - dvd8n)
    Chromium (HKLM-x32\...\{D1DB391B-815B-E89B-30DB-981BE05B4B9B}) (Version: - )
    Chromium (HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\Chromium) (Version: 67.0.3396.62 - Chromium)
    CPUID CPU-Z 1.79.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION
    CPUID HWMonitor 1.31 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
    CS_Manager (HKLM-x32\...\CS_Manager_is1) (Version: 11.1 - CADSoftTools ®.)
    Cultris II (HKLM-x32\...\Cultris_0) (Version: - )
    DaVinci Resolve (HKLM\...\{0AD19E45-B885-4EB1-AC13-A481724BB52D}) (Version: 12.5.6017 - Blackmagic Design)
    DaVinci Resolve Panels (HKLM\...\{6A8DCCDF-BC76-4964-B429-D74E5FC11E98}) (Version: 1.1.1.0 - Blackmagic Design)
    DiagnosticsHub_CollectionService (HKLM\...\{5FC8BCBB-3408-48B0-BAF0-839490F7AE65}) (Version: 15.6.27309 - Microsoft Corporation) Hidden
    Discord (HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
    DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 398.36 - NVIDIA Corporation) Hidden
    Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
    Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
    Dropbox (HKLM-x32\...\Dropbox) (Version: 57.4.89 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.127.1 - Dropbox, Inc.) Hidden
    ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
    Epic Games Launcher (HKLM-x32\...\{6F15D7C1-3079-4135-B8E9-8D3EA033EE3A}) (Version: 1.1.129.0 - Epic Games, Inc.)
    Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
    Evernote v. 6.11.2 (HKLM-x32\...\{FC67AAF6-3477-11E8-B094-005056951CAD}) (Version: 6.11.2.7027 - Evernote Corp.)
    f.lux (HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\Flux) (Version: - f.lux Software LLC)
    FastStone Image Viewer 6.2 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.2 - FastStone Soft)
    FOMM 0.14.14.3 (HKLM-x32\...\{072C2AEF-16B2-46B7-BA7F-D0CAA7B4F89F}_is1) (Version: - niveuseverto)
    Fraps (HKLM-x32\...\Fraps) (Version: - )
    GIMP 2.8.20 (HKLM\...\GIMP-2_is1) (Version: 2.8.20 - The GIMP Team)
    Git version 2.15.1.2 (HKLM\...\Git_is1) (Version: 2.15.1.2 - The Git Development Community)
    GitHub Desktop (HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\GitHubDesktop) (Version: 1.0.9 - GitHub, Inc.)
    GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
    Google Chrome (HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
    Gwent (HKLM-x32\...\1971477531_is1) (Version: 0.9.24.3.432 - GOG.com)
    Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
    HF pAppLoc version 1.1.1 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.1.1 - Inquisitor)
    icecap_collection_neutral (HKLM-x32\...\{12C1EC05-F936-4A80-821E-7AAC64C4E6FF}) (Version: 15.6.27413 - Microsoft Corporation) Hidden
    icecap_collection_x64 (HKLM\...\{C8E22DF4-5498-4B61-93CF-3081BE95A1BA}) (Version: 15.6.27413 - Microsoft Corporation) Hidden
    icecap_collectionresources (HKLM-x32\...\{079302B9-1EF0-46D0-83FA-382C01ADF6E6}) (Version: 15.6.27406 - Microsoft Corporation) Hidden
    icecap_collectionresourcesx64 (HKLM-x32\...\{500E3263-4930-456B-AD78-E6D0ACC7ABB1}) (Version: 15.6.27406 - Microsoft Corporation) Hidden
    Intel Extreme Tuning Utility (HKLM-x32\...\{79E98F35-0524-446C-8EF5-4E863C4D87E2}) (Version: 6.2.0.24 - Intel Corporation) Hidden
    Intel Extreme Tuning Utility (HKLM-x32\...\{7afa48c7-9901-40fa-8f9b-f0707e2bc5b6}) (Version: 6.2.0.24 - Intel Corporation)
    Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)
    Intel(R) Wireless Bluetooth(R) 4.0 (HKLM-x32\...\{96C730E4-F055-4118-BDF3-6E071763853C}) (Version: 3.0.1342.02 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{7e493493-a430-4b7b-b8a2-48d61599e220}) (Version: 17.0.0 - Intel Corporation)
    IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.5.0.7 - IObit)
    IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
    Java 10.0.1 (64-bit) (HKLM\...\{D33DF729-38BB-5651-9D40-93BFEFB5DCED}) (Version: 10.0.1.0 - Oracle Corporation)
    Java SE Development Kit 8 Update 161 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180161}) (Version: 8.0.1610.12 - Oracle Corporation)
    Java(TM) SE Development Kit 9.0.4 (64-bit) (HKLM\...\{1EF87463-0B0F-5B2A-B167-22B5CD371ACD}) (Version: 9.0.4.0 - Oracle Corporation)
    JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
    John's Background Switcher 4.17 (HKLM-x32\...\{DD3DAD13-289E-440E-A5D3-3EFB25305018}_is1) (Version: 4.17 - johnsadventures.com)
    Kits Configuration Installer (HKLM-x32\...\{86E59C8F-61D5-1782-A3CE-60AE7E4D7791}) (Version: 10.1.16299.15 - Microsoft) Hidden
    K-Lite Codec Pack 13.8.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.8.0 - KLCP)
    Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
    Logitech Gaming Software 8.92 (HKLM\...\Logitech Gaming Software) (Version: 8.92.67 - Logitech Inc.)
    Magic The Gathering Online (HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\01641bea2c75c522) (Version: 3.4.104.2032 - Wizards of the Coast, LLC)
    Magic Transfer (HKLM\...\{AD2B2BD1-A1D7-4798-8FDD-B2A58FD94E68}) (Version: 1.1.1.11 - )
    Magic Transfer (HKLM-x32\...\InstallShield_{AD2B2BD1-A1D7-4798-8FDD-B2A58FD94E68}) (Version: 1.1.1.11 - Lenovo)
    Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
    Microsoft OneDrive (HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\OneDriveSetup.exe) (Version: 18.131.0701.0007 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2017 (HKLM\...\{EE99006A-F227-41BA-884C-C3AF9642D95A}) (Version: 14.0.3006.16 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2017 (HKLM-x32\...\{FBD0D997-4E36-4B10-8471-BD7CF42ECE7F}) (Version: 14.0.3006.16 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
    Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.15.3242.223 - Microsoft Corporation)
    Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
    Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
    Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.5.0 - Mozilla)
    Mozilla Thunderbird 52.9.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.9.1 (x86 en-US)) (Version: 52.9.1 - Mozilla)
    MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
    MSI Development Tools (HKLM-x32\...\{973CACA2-E018-065B-0580-F2784802E299}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
    MTGArena (HKLM-x32\...\{080698B4-A24E-43CE-9A9E-57A2CD3289DA}) (Version: 0.1.821.0 - Wizards of the Coast) Hidden
    MTGArena (HKLM-x32\...\MTGArena) (Version: 0.1.821.0 - Wizards of the Coast)
    NetBeans IDE 8.2 (HKLM-x32\...\nbi-nb-base-8.2.0.0.201609300101) (Version: 8.2 - NetBeans.org)
    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.65.2 - Black Tree Gaming)
    Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
    NVIDIA 3D Vision Driver 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 398.36 - NVIDIA Corporation)
    NVIDIA GeForce Experience 3.14.1.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.14.1.48 - NVIDIA Corporation)
    NVIDIA Graphics Driver 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 398.36 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
    osu! (HKLM-x32\...\{6f32e12f-2099-4754-b57c-badc1aea3028}) (Version: latest - ppy Pty Ltd)
    Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
    piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
    Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
    Python 3.6.0 (32-bit) (HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\{8ba65a8c-cb48-4716-bc24-47c148808015}) (Version: 3.6.150.0 - Python Software Foundation)
    Python 3.6.0 Core Interpreter (32-bit) (HKLM-x32\...\{FC638B75-E969-4496-A546-9D78EA7D8F35}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
    Python 3.6.0 Development Libraries (32-bit) (HKLM-x32\...\{F2A430F2-A7AC-4B46-808A-FC6E8419ABDE}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
    Python 3.6.0 Documentation (32-bit) (HKLM-x32\...\{A66771E3-430A-40A7-B00C-94A239396BEE}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
    Python 3.6.0 Executables (32-bit) (HKLM-x32\...\{3C182441-3C75-4113-A28D-D3AEAD85B320}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
    Python 3.6.0 pip Bootstrap (32-bit) (HKLM-x32\...\{1D427483-31FE-4ED4-AD39-AB78BBF7D22D}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
    Python 3.6.0 Standard Library (32-bit) (HKLM-x32\...\{4CB36E4F-EC00-479B-AA25-0B9EC5385B0C}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
    Python 3.6.0 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C7D63030-7738-499A-A0D2-8549174D2B70}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
    Python 3.6.0 Test Suite (32-bit) (HKLM-x32\...\{6EAD5F85-97EC-4AFB-84D2-D52AC41D3C66}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
    Python 3.6.0 Utility Scripts (32-bit) (HKLM-x32\...\{7C3DAC9E-E229-415C-A600-5974B5D9DE7F}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
    Python Launcher (HKLM-x32\...\{A674B2CB-13CA-437B-A215-9DD257959A49}) (Version: 3.6.5835.0 - Python Software Foundation)
    qBittorrent 3.3.10 (HKLM-x32\...\qBittorrent) (Version: 3.3.10 - The qBittorrent project)
    Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.413 - Razer Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
    RPG Maker 2000 1.05 (HKLM-x32\...\RPG Maker 2000 1.05) (Version: - )
    RPG MAKER VX Ace (HKLM-x32\...\RPGVXAce_E_is1) (Version: 1.01a - Enterbrain)
    RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
    RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
    RPGツクール2000 ランタイムパッケージ (HKLM-x32\...\{33F7A957-A66D-45A1-BADF-6576083B14E2}) (Version: - )
    RTP 1.32 Add-On for RM2k (HKLM-x32\...\RTP 1.32 Add-On for RM2k) (Version: - )
    SDK ARM Additions (HKLM-x32\...\{7922BB77-0B59-840A-AC80-D560A34D75C5}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
    SDK ARM Redistributables (HKLM-x32\...\{C87DF65C-A672-7E08-A083-E7D48FE8DB70}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
    Skype version 8.29 (HKLM-x32\...\Skype_is1) (Version: 8.29 - Skype Technologies S.A.)
    Slack (HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\slack) (Version: 3.0.0 - Slack Technologies)
    Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
    Spotify (HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\Spotify) (Version: 1.0.88.353.g15c26ea1 - Spotify AB)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Twitch (HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
    Twitch Leecher 1.3.9 (HKLM\...\{D0A445F8-4B09-4CF6-B28F-CBD0D4CF6758}) (Version: 1.3.9.0 - Fake Smile Revolution) Hidden
    Twitch Leecher 1.3.9 (HKLM-x32\...\{bb5c1e6e-1ab4-4481-9a44-946da06acb81}) (Version: 1.3.9.0 - Fake Smile Revolution)
    Universal CRT Extension SDK (HKLM-x32\...\{A5FA2886-1925-133F-0D41-B9A8ECEA0A2D}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
    Universal CRT Headers Libraries and Sources (HKLM-x32\...\{B739B4C5-EEEC-8E70-0276-38C4779AF398}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
    Universal CRT Redistributable (HKLM-x32\...\{A9D6F52C-694E-3E41-7AB8-5BEB644742A5}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
    Universal CRT Tools x64 (HKLM\...\{E053089E-7953-3219-814F-F485FC151C54}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
    Universal CRT Tools x86 (HKLM-x32\...\{B9424F08-0617-C4F6-A798-5A9250C1A738}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
    Universal General MIDI DLS Extension SDK (HKLM-x32\...\{D261CEA1-AB8D-9CFA-4407-BCEFC78661AC}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
    Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
    vcpp_crt.redist.clickonce (HKLM-x32\...\{B5789DA1-92FB-4760-BD23-44DDCAA94584}) (Version: 14.13.26020 - Microsoft Corporation) Hidden
    Visual Studio Community 2017 (HKLM-x32\...\6d9bd181) (Version: 15.6.27428.2002 - Microsoft Corporation)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
    VS Immersive Activate Helper (HKLM-x32\...\{8A2BDA07-3417-46C1-9058-CB32BC63E30E}) (Version: 16.0.76.0 - Microsoft Corporation) Hidden
    VS JIT Debugger (HKLM\...\{F8F52853-A1A7-42C7-A082-5A6D5853BB0B}) (Version: 16.0.76.0 - Microsoft Corporation) Hidden
    VS Script Debugging Common (HKLM\...\{0EE5749D-2DC0-460F-AB1C-06B3EDB42426}) (Version: 16.0.76.0 - Microsoft Corporation) Hidden
    vs_communitymsi (HKLM-x32\...\{C2749223-157E-48F0-9410-A510361D6803}) (Version: 15.6.27406 - Microsoft Corporation) Hidden
    vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
    vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
    vs_filehandler_amd64 (HKLM-x32\...\{02DD895F-089F-4A63-81A9-78D00142AF20}) (Version: 15.6.27406 - Microsoft Corporation) Hidden
    vs_filehandler_x86 (HKLM-x32\...\{E6A92308-33DF-494B-A91A-3B80FBC97F2B}) (Version: 15.6.27406 - Microsoft Corporation) Hidden
    vs_FileTracker_Singleton (HKLM-x32\...\{8EB2C670-04C2-482D-BACD-B4095E27FD39}) (Version: 15.6.27309 - Microsoft Corporation) Hidden
    vs_Graphics_Singletonx64 (HKLM\...\{B11D79C6-332C-47B6-B58C-2F88A4911C7C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
    vs_Graphics_Singletonx86 (HKLM-x32\...\{2497054A-0269-4F45-98AE-F469F89CC45F}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
    vs_minshellinteropmsi (HKLM-x32\...\{6B45EEA3-85F8-4B26-B952-6830A45F2688}) (Version: 15.6.27323 - Microsoft Corporation) Hidden
    vs_minshellmsi (HKLM-x32\...\{13E08AD0-D6AC-44C4-9F5B-0AE2EB56B105}) (Version: 15.6.27421 - Microsoft Corporation) Hidden
    vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
    vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
    WhatsApp (HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\WhatsApp) (Version: 0.2.9998 - WhatsApp)
    WinAppDeploy (HKLM-x32\...\{9690D51C-4435-1C20-7819-66CCAB0F03F9}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
    Windows SDK AddOn (HKLM-x32\...\{350F0ECD-0783-4529-8797-98F0AD33EAC0}) (Version: 10.1.0.0 - Microsoft Corporation)
    Windows Software Development Kit - Windows 10.0.16299.15 (HKLM-x32\...\{6195c203-b53c-4bb7-983a-6070a902e704}) (Version: 10.1.16299.15 - Microsoft Corporation)
    WinRT Intellisense Desktop - en-us (HKLM-x32\...\{385A1387-A488-9E90-3635-086129610034}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
    WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{D7DD3171-DA58-52A1-95B2-4769640855AF}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
    WinRT Intellisense IoT - en-us (HKLM-x32\...\{7336279F-8F8F-5530-A543-3BE963846C0A}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
    WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E414A474-0A87-4F66-C409-A4D9857CFD34}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
    WinRT Intellisense Mobile - en-us (HKLM-x32\...\{CE760B86-975B-F514-5673-0ED4332B801B}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
    WinRT Intellisense PPI - en-us (HKLM-x32\...\{5E67F8BE-D8D2-257F-CE19-419A2D5125C7}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
    WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{A2AA063E-AF50-A1F5-8925-A06EB1556644}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
    WinRT Intellisense UAP - en-us (HKLM-x32\...\{7D4C7F4A-02A9-E434-6451-C8787DF28C1F}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
    WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{BC467065-9374-5345-DA3F-FCF073304A25}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3228323692-928225871-3027623042-1001_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\admin\AppData\Local\Chromium\Application\67.0.3396.62\notification_helper.exe (The Chromium Authors) <==== ATTENTION
    CustomCLSID: HKU\S-1-5-21-3228323692-928225871-3027623042-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\admin\AppData\Local\Google\Chrome\Application\68.0.3440.106\notification_helper.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3228323692-928225871-3027623042-1001_Classes\CLSID\{C52B9871-E5E9-41FD-B84D-C5ACADBEC7AE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3228323692-928225871-3027623042-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3228323692-928225871-3027623042-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-11-27] ()
    ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
    ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
    ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
    ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-04-24] (Intel Corporation)
    ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2017-04-24] (Intel Corporation)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-06-24] (NVIDIA Corporation)
    ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {06DCA2A9-AC96-4AE4-BD11-BED1E3F343FB} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
    Task: {0B7F857D-6110-4557-A7FF-C6E00C3789A9} - System32\Tasks\{85C978F9-77D0-4D56-A80E-3342962ABEFD} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\admin\Desktop\qq\RM2K_105E\RM2K_105E.exe -d C:\Users\admin\Desktop\qq\RM2K_105E
    Task: {113E0AA4-835A-40FC-9958-13B11118F425} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
    Task: {1612A38F-3F93-455F-9ACC-BFC5FA10FD8B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {16C72F75-0C7F-4EAF-8407-365A4BBDB982} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
    Task: {29AA1AD5-99F2-4840-AA61-2EBBDDDAA512} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-29] (Dropbox, Inc.)
    Task: {29B93D0D-4EB8-4428-8449-AF4F28D8DBE3} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-07-19] (NVIDIA Corporation)
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
    Task: {3861AE51-367A-40C8-BA56-6B284E18801B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-09-11] (Adobe Systems Incorporated)
    Task: {38E0ECF2-6599-41F4-A22A-F808B2D23FD5} - \WPD\SqmUpload_S-1-5-21-3228323692-928225871-3027623042-1001 -> No File <==== ATTENTION
    Task: {3E53CE1D-0E0A-445F-9E3A-47B029C326E9} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-07-19] (NVIDIA Corporation)
    Task: {4CC87A8C-A569-4ED1-A073-52A63F412B31} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {5363CE7E-48AC-440F-9BFB-61E81DB46F99} - System32\Tasks\Microsoft\thunderbird => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2018-07-11] (Mozilla Corporation)
    Task: {54E3A33E-ABD5-41A4-BA95-BBFEEE9AD386} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {54FAE2F3-1223-4C3B-A432-CC60B6A0D508} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
    Task: {5921AD23-7946-4560-A525-F365D0101EA5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
    Task: {68750573-1480-4A1E-9E5D-AB0F98C78C47} - System32\Tasks\{3A2E666E-C483-4F93-9F49-6BB76F8B2262} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\admin\Desktop\qq\2000rtp.exe -d C:\Users\admin\Desktop\qq
    Task: {6CF769C7-D1ED-4B7B-82EF-491A88438AAF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3228323692-928225871-3027623042-1001Core1d2b3603b91e41e => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2016-12-28] (Google Inc.)
    Task: {6FA07EE8-7D72-4458-A0D9-7DE566C49F5C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
    Task: {70584C27-E763-44D0-BFD5-0EEC7420BD58} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-19] (NVIDIA Corporation)
    Task: {71D18D18-4099-4EBE-9E48-38AC954D2AF0} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-07-19] (NVIDIA Corporation)
    Task: {73C2E2FE-AAF0-4685-B11E-AA94A086AD09} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_pepper.exe [2018-09-11] (Adobe Systems Incorporated)
    Task: {806124B0-10B6-43BD-814F-5654BF77C479} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-07-19] (NVIDIA Corporation)
    Task: {832A1988-30E2-4F95-86AC-B8FE188CE6DD} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
    Task: {8816AB45-A501-4678-A306-A8767816A3A8} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2018-01-31] ()
    Task: {9902BBBF-CF58-4D9F-99C8-6A28BD68E6BB} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-19] (NVIDIA Corporation)
    Task: {9C474E89-4E47-47A0-98AC-533361E89311} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-11-20] (Intel Corporation)
    Task: {9E448A21-B267-4D1F-9DD6-8F11E692805E} - System32\Tasks\{A7EACB28-B1C6-470F-81B2-70CB6E81E5ED} => C:\WINDOWS\system32\pcalua.exe -a C:\WINDOWS\AppPatch\AppLoc.exe -d C:\Users\admin\Desktop\qq\2000rtp\RTP -c "C:\Users\admin\Desktop\qq\2000rtp\RTP\RPG2000RTP.exe" "/L0411"
    Task: {9E8CFE8F-1DB6-4AF9-9315-F30286767552} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
    Task: {A58B0A9A-758F-4B00-9BB3-3C8AFAAD240F} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-07-19] (NVIDIA Corporation)
    Task: {A63744FC-7072-4151-A64F-5D2DB9470664} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-07-19] (NVIDIA Corporation)
    Task: {A986AB2B-7911-4141-B554-E51B6961E9AE} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-03-26] (Oracle Corporation)
    Task: {AC96933A-EE69-44C4-8F67-864732F037CE} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-19] (NVIDIA Corporation)
    Task: {B2A4B40C-2F9D-4216-9516-35F2B850410B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-07-19] (NVIDIA Corporation)
    Task: {B77EC1AF-D5B8-4B69-9050-84AFD0CC59AB} - System32\Tasks\{6F932CB9-0ACA-4AA1-B7A9-EC4E3D12C797} => C:\WINDOWS\system32\pcalua.exe -a C:\WINDOWS\AppPatch\AppLoc.exe -d C:\Users\admin\Desktop\qq\2000rtp\RTP -c "C:\Users\admin\Desktop\qq\2000rtp\RTP\RPG2000RTP.exe" "/L0411"
    Task: {B7F138C4-9EAE-45FA-AE8F-558BCCBF8084} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3228323692-928225871-3027623042-1001UA1d2b3603b99c2c7 => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2016-12-28] (Google Inc.)
    Task: {BC3D7682-A6F7-4CA9-8886-D0A4E447FEF8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
    Task: {C09856B1-9AA4-4D64-97D1-9F1485F4F171} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3228323692-928225871-3027623042-1001UA => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2016-12-28] (Google Inc.)
    Task: {D06265A6-96D4-470A-80D5-BDA46DA836D5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-29] (Dropbox, Inc.)
    Task: {D4D3AFD0-BFD6-426A-ACC9-CE44827B2F08} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
    Task: {D9ABCCB7-96A9-432A-AC1D-9B1EF6253F2E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3228323692-928225871-3027623042-1001Core => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2016-12-28] (Google Inc.)
    Task: {DA8D4B38-6ED9-4617-B560-A6B800558D43} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-19] (NVIDIA Corporation)
    Task: {DCB6B70F-CD65-4825-B556-75FD3629BC27} - \{1A4570EA-61D8-2E4F-97ED-2020CA084230} -> No File <==== ATTENTION
    Task: {F35EAF6B-8B82-4835-BD89-CB3E2B45FB33} - System32\Tasks\{323CEC42-B62D-723B-058B-59E382A7D428} => C:\Users\admin\AppData\Local\Lobog\sync.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disk-cache-size=1048576000
    ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium Apps\Google Keep - notes and lists.lnk -> C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
    ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium Apps\Readium.lnk -> C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) -> --profile-directory=Default --app-id=fepbnnnkkadjhjahcafoaglimekefifl
    ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
    ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Readium.lnk -> C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fepbnnnkkadjhjahcafoaglimekefifl

    ==================== Loaded Modules (Whitelisted) ==============

    2018-04-11 19:34 - 2018-04-11 19:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
    2018-05-24 22:46 - 2018-07-19 16:20 - 001314856 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
    2016-09-24 19:20 - 2016-09-24 19:21 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    2014-07-24 23:23 - 2012-04-24 06:43 - 000390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2018-09-14 12:00 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2018-09-14 12:00 - 2018-04-30 12:54 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    2017-04-24 01:28 - 2017-04-24 01:28 - 000401912 _____ () C:\WINDOWS\system32\igfxTray.exe
    2018-04-11 19:34 - 2018-04-11 19:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
    2018-04-11 19:34 - 2018-04-11 19:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2018-09-12 21:32 - 2018-08-30 23:12 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2018-07-17 03:44 - 2018-07-17 03:44 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2018-07-17 03:44 - 2018-07-17 03:44 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2018-07-17 03:44 - 2018-07-17 03:44 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2018-07-17 03:44 - 2018-07-17 03:44 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
    2018-07-17 03:44 - 2018-07-17 03:44 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
    2015-03-06 20:07 - 2015-03-06 20:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
    2017-04-05 19:05 - 2017-04-05 19:05 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
    2015-03-06 20:07 - 2015-03-06 20:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
    2017-04-05 19:05 - 2017-04-05 19:05 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
    2015-06-04 13:20 - 2015-06-04 13:20 - 000133184 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
    2018-05-24 22:46 - 2018-07-19 16:19 - 095437352 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
    2018-05-24 22:46 - 2018-07-19 16:19 - 003029032 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll
    2018-05-24 22:46 - 2018-07-19 16:19 - 000149544 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll
    2018-06-01 23:08 - 2018-05-30 19:50 - 004625408 _____ () C:\Users\admin\AppData\Local\Chromium\Application\67.0.3396.62\libglesv2.dll
    2018-06-01 23:08 - 2018-05-30 19:50 - 000092672 _____ () C:\Users\admin\AppData\Local\Chromium\Application\67.0.3396.62\libegl.dll
    2018-08-29 22:28 - 2018-08-27 16:52 - 098006816 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
    2018-08-29 22:28 - 2018-09-05 16:14 - 001055520 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\SDL2.dll
    2018-08-29 22:28 - 2018-08-27 16:52 - 004443424 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
    2018-08-29 22:28 - 2018-08-27 16:52 - 000100128 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
    2018-08-29 22:30 - 2018-08-29 22:30 - 002926424 _____ () C:\Users\admin\AppData\Roaming\discord\0.0.301\modules\discord_hook\14\DiscordHook64.dll
    2017-01-05 14:50 - 2018-09-11 21:55 - 000449024 _____ () C:\Program Files (x86)\Overwatch\ErrorReporting\x64\CrashMailer_64.exe
    2018-07-27 14:42 - 2017-05-22 11:16 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
    2018-07-27 14:42 - 2017-05-22 11:16 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
    2018-07-27 14:42 - 2017-05-22 11:16 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
    2017-03-08 23:13 - 2012-08-23 14:38 - 000574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2017-03-08 23:13 - 2014-05-13 16:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2017-03-08 23:13 - 2014-05-13 16:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2017-03-08 23:13 - 2014-05-13 16:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2017-03-08 23:13 - 2012-04-03 21:06 - 000565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2017-06-01 18:45 - 2018-07-19 16:19 - 001032744 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
    2017-11-29 14:47 - 2017-11-29 14:47 - 000008704 _____ () C:\Users\admin\AppData\Roaming\Thunderbird\Profiles\8tg28dc7.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll
    2018-05-16 12:13 - 2018-05-16 12:13 - 000102912 _____ () C:\Users\admin\AppData\Roaming\Thunderbird\Profiles\8tg28dc7.default\extensions\jid1-OoNOA6XBjznvLQ@jetpack\resources\gnotifier\data\ToastNotification.dll
    2016-12-29 11:26 - 2018-09-05 16:14 - 000876320 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2016-12-29 11:26 - 2018-09-08 16:31 - 002646304 _____ () C:\Program Files (x86)\Steam\video.dll
    2016-12-29 11:26 - 2016-08-31 21:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
    2017-12-14 16:53 - 2017-12-19 21:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
    2017-12-14 16:53 - 2017-12-19 21:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
    2017-12-14 16:53 - 2017-12-19 21:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
    2017-12-14 16:53 - 2017-12-19 21:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
    2016-12-29 11:26 - 2016-08-31 21:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
    2017-12-14 16:53 - 2017-12-19 21:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
    2016-12-29 11:26 - 2016-08-31 21:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
    2016-12-29 11:26 - 2018-09-08 16:31 - 001015584 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2016-12-29 11:26 - 2016-07-04 18:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
    2018-09-11 21:49 - 2018-09-11 21:49 - 080193536 _____ () C:\Program Files (x86)\Battle.net\Battle.net.10532\libcef.dll
    2018-09-11 21:49 - 2018-09-11 21:49 - 000540336 _____ () C:\Program Files (x86)\Battle.net\Battle.net.10532\ortp.dll
    2018-09-11 21:49 - 2018-09-11 21:49 - 000079360 _____ () C:\Program Files (x86)\Battle.net\Battle.net.10532\libEGL.dll
    2018-09-11 21:49 - 2018-09-11 21:49 - 003289600 _____ () C:\Program Files (x86)\Battle.net\Battle.net.10532\libGLESv2.dll
    2018-07-27 14:42 - 2018-01-25 17:02 - 000899856 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
    2018-07-27 14:42 - 2018-01-25 17:01 - 000631568 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
    2018-07-27 14:42 - 2017-05-22 11:16 - 000524064 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\sqlite3.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\admin\Desktop\podcast_republic_podcasts.opml:com.dropbox.attributes [168]
    AlternateDataStreams: C:\ProgramData\Temp:B3503B59 [174]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7940 more sites.

    IE restricted site: HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\123simsen.com -> www.123simsen.com

    There are 7941 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 09:25 - 2018-01-19 02:39 - 000454512 ____N C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    There are 15600 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\johnsadventures.com\Background Switcher\ActiveBackground.jpg
    DNS Servers: 10.0.30.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
    HKLM\...\StartupApproved\StartupFolder: => "$McRebootA5E6DEAA56$.lnk"
    HKLM\...\StartupApproved\Run: => "SecurityHealth"
    HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
    HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_DOLBYDRAGON"
    HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_MICPKEY"
    HKLM\...\StartupApproved\Run: => "ShadowPlay"
    HKLM\...\StartupApproved\Run: => "SamsungRapidApp"
    HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
    HKLM\...\StartupApproved\Run32: => "Dropbox"
    HKLM\...\StartupApproved\Run32: => "ETDCtrl"
    HKLM\...\StartupApproved\Run32: => "UpdateP2GShortCut"
    HKLM\...\StartupApproved\Run32: => "GrpConv"
    HKLM\...\StartupApproved\Run32: => "SpUninstallCleanUp"
    HKLM\...\StartupApproved\Run32: => "WindowsDefender"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "Malwarebytes TrayApp"
    HKLM\...\StartupApproved\Run32: => "SDTray"
    HKLM\...\StartupApproved\Run32: => "Razer Synapse"
    HKLM\...\StartupApproved\Run32: => "Arc"
    HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\StartupApproved\Run: => "Discord"
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\StartupApproved\Run: => "Google Update"
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_A822CA3D40D4B8944864CFEA751D8D57"
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\StartupApproved\Run: => "Steam"
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\StartupApproved\Run: => "Skype"
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\StartupApproved\Run: => "GalaxyClient"
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\StartupApproved\Run: => "AceStream"
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\StartupApproved\Run: => "Uninstall 17.3.7074.1023\amd64"
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\StartupApproved\Run: => "Uninstall 17.3.7074.1023"
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\StartupApproved\Run: => "Ad Muncher Reboot Required"
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\StartupApproved\Run: => "Spotify Web Helper"
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\StartupApproved\Run: => "com.squirrel.slack.slack"
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\StartupApproved\Run: => "Chromium"
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\StartupApproved\Run: => "EvolveClient"
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{A7E97C91-8909-424E-B1C9-C628409FA2CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
    FirewallRules: [{65433827-6AA5-46B0-A7EC-EDD8E91FF9EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
    FirewallRules: [UDP Query User{DBDA576E-025E-46D6-845F-05E4960BCD1C}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
    FirewallRules: [TCP Query User{42EBDFD9-5376-4CEB-B2EE-B6FA24168EC3}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
    FirewallRules: [UDP Query User{9B24696D-9B8B-4B0E-A080-DB75B8FEE95D}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [TCP Query User{60D74F41-E64E-49D7-8C66-EE1CF8E137B6}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [UDP Query User{B3A02D81-1311-4EF4-AD67-5B1A751A12A4}C:\users\admin\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\admin\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [TCP Query User{C3206312-3A4B-4A54-BD39-9380D7427CD9}C:\users\admin\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\admin\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [{78BC4B51-D72C-4BEC-8B3D-8A018CA25F27}] => (Allow) C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
    FirewallRules: [{2AB86969-DB01-4519-983B-7CAD312A3A54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
    FirewallRules: [{5A07519E-065B-4BCB-AA9D-6F2E3B30B315}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
    FirewallRules: [{F3DF3653-F146-4E0A-9D3D-BA8F096F6F7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{1E5C0CA1-AE00-4A06-9843-8FCEAD50788E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{2935DCE7-EC9D-4BC3-9B0B-F296173EFD27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{BAA3B081-B4D4-4185-A333-BD7863800C2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{0663BDE2-B5D1-41BD-8B1B-A3E48B2A831B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{E08365C6-6B88-4C63-A414-45CDEE5AF660}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{7F33CF84-6BE9-4CE0-AAAB-512777C614FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{0F20128E-52CD-468E-8901-72CDD5B2A71E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{359CAB7C-77D1-4053-B961-309737ADB721}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{D6775018-AC6D-4EE6-A57E-9DF0D1FAA05B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{F9304840-E857-4723-88C1-8FF7657E68C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{EED9D5D4-A068-460D-9B23-0C0D2FD427E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{EF4028FA-548A-4166-B828-6834661B48FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{55E3DE3F-4EA6-4B05-9A4E-A5E4164CE36D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{5B20C725-09A3-4104-8F9B-F2FBEA6A2868}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{6DE46E95-2A1E-43A2-AE02-3EFF2307F90F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{F194BF4E-1D9F-4E44-B98D-0D0905D1EC67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{8A3D88E3-570E-4CD6-B17A-407461D7AB73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{D8B5AAC3-A706-4D70-983E-0CC260AAABE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{D31E20A0-FA68-4F39-B0C7-F5DE753AE191}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{EDB418DC-E4BD-44D3-8DEE-85CBD7CE5EC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\McOsu\McEngine.exe
    FirewallRules: [{2F2B6061-408E-4A9A-A0A1-FC2946597BD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\McOsu\McEngine.exe
    FirewallRules: [{7F2140DB-6453-4B03-95EA-FE3851CA2F26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{FD10AA40-2083-46A1-A56D-7EF72CCEC8AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{F3FACB1F-66E6-447E-A501-38C9BC87A3B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{B5788E5E-3A81-41F9-877B-5CC0175539EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{37B80BC6-9EE6-4673-B5BC-ECD4BDDEBA57}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{96BE772B-1610-4E81-BE3B-C8B575BFE6F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{E64ADF44-6A0F-458C-9222-38B72AF05960}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{D98A8F57-9899-4BA5-A288-EA2E2115C739}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{EDD3B532-DD57-4044-8086-41827C221C02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{358DE806-C941-476E-86D0-1A4F66318BA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{A9BEA80C-6E52-418D-AB69-6378F2EF3F7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{3EDB9331-97AF-4A54-8145-9ACA494C8C69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{F2D30DD7-F29E-45E8-8D07-7008FEC0B5B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{332F2D15-CD0C-4765-881F-F413B9CA45A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{9214985D-096A-4263-B798-BB895F695481}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{F9C07AA3-4AD3-40E7-BD97-50AC94D2F197}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{DE225322-30DE-4E5F-85E2-2956421C7A04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{6B1FCBFB-481D-4EE4-ABC5-EA3C45BDA6ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{CEB7CE8D-2CD7-46D3-9A57-8294D96045ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{A9EEF2CA-7E75-429F-A533-27F5465BFADD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{B5767C30-4151-45B9-BDE3-52262944BC23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{7BF636D6-AFFE-47B3-A21E-1BFE18FCAE31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{FF5FFA6C-294F-4786-AA22-9C77EA1BF10B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{72682DF9-A601-441E-B27D-0248DF63F375}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{35154B88-E65A-443B-8D28-A6270B8D725B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{59B8A087-5EEC-4D02-8337-4800D2E45805}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{2F44B580-CB5C-469D-96A6-4EFF9C0B80C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{1B165D3B-E206-41CF-8ADE-46430FD039BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{BAA19DAF-05D6-4723-A7D3-DC5C9275B0FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{F7115CA8-4B5F-4404-84B7-424E5575AE88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{96E5E0F3-952F-4851-B2A3-5614FDE762B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{DF93802D-CAC5-4C19-A3D4-09A7EE38C667}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{AB99D492-04B0-4654-9A0D-DC0AF6FCCE05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{8D57ABCC-5DA6-4163-9A78-7FFF75C03490}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{AE94D9D9-7776-4DB7-A792-E6E8CAA3358D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{980D792F-67F3-442A-BC9D-EEB78E596DDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{1C60BC42-6A73-45F6-ABD5-1334865A7D6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{CFE20627-4BF5-49E4-BE40-1842F313387D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{C71F30A0-C5CD-4464-8270-FA38FC11AABB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{3E167154-BF6E-4648-8A65-67EE53715F4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{32094CA7-E07E-472C-816E-58582CF1C039}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{7BC7A887-6405-4675-9D46-9371264315D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{A5A808AC-7912-462C-8BFE-5900D72BF623}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{356C2D24-AF5C-41E6-A06D-B9475B7EDC46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{3788A3A0-16BB-41F8-A615-0BDEB9DA0B8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{C909EABD-02F1-471C-B4BE-BEF49FF39207}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{722934A9-10FF-4945-B4AF-6A6B47A9213D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{1911C0A4-FD27-4813-9B58-D42A59324DB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{03D8C9F9-1B34-4F37-9B0F-2341180EC3F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{B265FC5B-1CD3-4578-A50B-BD5317BFB657}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{DB01E9B0-2561-45A5-9EA1-A6BF0CD031DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{7C310786-3C33-4A32-BC11-288D8301821D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{6D7A098D-BB66-442E-866B-CC225BC3B95D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{7A7A4ED4-1394-4CD1-8308-81F5B7650237}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{8D18B5D9-4F6F-4D05-8021-030DD01A5BB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{D825624D-02D8-49EF-AC3E-8186E3E56922}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{D5A9EBA3-0EF7-42EA-99C4-380074CD0128}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{3E8C5C1B-BFE8-439A-A393-D50D5DE0A7F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{B91866E9-4B42-4DDF-829A-742F180E7E8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{4BDD3386-0FDB-4E56-A882-430971F41610}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{23174F00-97FE-4569-BDCD-43918D29B34F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{E615C3C7-D26A-4B7E-A803-DCF3E7CD8D94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{41B0AF9D-1B43-48EF-A7D0-1921369F73B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{BDD87870-F42E-4835-B099-C78965A9A341}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{A732BBD5-E1A5-42FE-A653-41EFEEF1BBCD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{500528FA-2E12-43BD-9644-B59E8BBD2266}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{D15931E1-EC54-4BB7-AB59-8E779B7A969B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{5CA28716-0CCD-48FD-A1F2-2ACC12379943}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{97FA58DC-D268-44A3-B371-90E6752E055B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{10112881-2059-4694-9E70-D63819579092}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{C17E67A4-8BDD-463C-B995-5A7BA1E4511C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{8ED4C6BF-4469-4924-A573-BF8851CCA302}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{882DCEC4-A08F-48E4-8D18-E9CC9005DE40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{31846F16-5116-48FC-899D-40D5455E2B38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{725C05AA-CCE3-4D82-AA74-F0C62F784A4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{9029434A-09D4-4EC8-8EB4-E6208FF6A704}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{C6CEFA98-DA2C-413C-83DC-22584D20D1CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{485C7D3D-7294-46E1-81D9-C2472E193A84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{D9DEAE19-B4F0-499C-B06B-2AA8CC723A84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{59B71771-5280-4618-8D32-2E05790A9183}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{3946177A-8646-4DBF-B3EE-4116FC3702F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{4A47CA4F-185E-4BFD-9001-DF1C0CC459A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{3275E8AC-E8B5-4EC3-A6F1-849D056E7005}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{90413210-04AE-4FD4-A106-8C1FF2C9E285}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{CA52FD51-0EE9-4228-A5B3-C62888FA003F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{E28587D2-6057-4858-94D0-DBB5B4259708}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{B3B7A9CF-E699-45A0-B48B-9465FB478BA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{6BB4B3A3-8FAF-44D8-9651-636F462A3BE9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{9CEEFCF8-5942-422D-B6FF-775849E294F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{C99C8817-A7F1-45FA-8548-F133135F8E37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{06811D26-F9A9-4D86-8AA3-5927218D5F71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{19747D95-422F-4121-90D9-169490749913}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{5858990B-EEF7-4963-8425-B75FBBE3696A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{18AE6F58-ACC4-44AA-B80E-C461619264DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{B76F1026-5F4D-47FA-807E-66E625E2B746}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{5F41AF55-4377-4401-9014-E7410A9654D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{59777568-2EAE-429B-AEBC-5B35262D7580}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{C6386ED9-F185-49A5-9F5B-4E3FB189EF54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{17933C6A-47ED-4344-AA5D-8ECA81BDAB59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{D71B4498-EDE7-4771-826A-92E372C23426}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{EE0D3C73-FA83-4B85-B0D3-11019B34E3A5}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
    FirewallRules: [{75E45F9C-5D21-4714-8592-676F86CE4C5D}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
    FirewallRules: [{F85EB92C-0EBA-45B8-A56D-8144F0B12246}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{F6AF2034-AACC-442E-8779-4F6F79D18779}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{8C7CCE0E-7C49-478B-89C0-1F1531223EF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{961B7CA4-2FAF-4BA2-A83E-50B30CCF50E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{09A019A9-FA27-4DEA-8CCF-B5308F9F216C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{504759A0-4166-4D17-A405-FA25E99182FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{A326690B-D40F-44F4-855A-4441DCD228C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{E950FA4F-B6DA-486C-919B-C3332531BF45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{650FB56D-D29E-4400-A261-F3B4FCF09C28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{5CFE895B-9372-4A54-801D-AF48150B5187}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{6E0D1001-59F7-4AD7-AB7C-327DDBB7FA1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{4D5A93AA-D797-4E74-BA12-18ED75FE4D63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{26C4E08C-7833-45A5-809A-9D611BBEEFC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{519655D0-3030-4B01-B9DC-4F4073B7F857}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{4371034B-12D0-49EB-9F70-8695DA0FD3C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{76B924BD-98A9-41F4-A6E0-5D92EB5A3459}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{F785CF3F-C78E-45B5-AAF2-B0598A3BCB64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{51F3FD01-28D2-4213-B570-B58850D429AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{F365362C-E571-473C-BB2F-53D3E567406B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{F98D8E2A-69BE-48AD-ABFC-33B3B0B38CF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{FD4A88F7-87D8-4C74-8B7D-9FB308537832}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{34DE91A3-C903-4898-9CBF-2D6C60F664BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{8F92E89F-071A-4226-A063-F0250D34B2FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{3C791992-4A09-4684-8B9A-58A681284044}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{134E597A-FEAE-47B5-9BD9-C1E5DE4AC90B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{46D0E58C-621F-4079-A172-24AF8F41F892}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{5A0BBCAD-DD98-471A-B9E6-C309CE6C38C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{9878027C-B4A4-4BE7-BFBC-2C480A008312}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{1BE60163-05AC-4F41-93CF-343E2564DE42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{C00C872C-9795-4D0B-A017-4D6AC8EC57D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{AB74CB52-50FE-4753-9000-A66D90071274}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{FE868FC4-3F5E-452E-B6FE-6EAAA54B56F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{7B85CB4A-91EA-4FAC-9332-F13784851286}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{4439609A-F069-4FDB-BB2F-8AB49D04FAE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{CB4E14DB-BE8A-43BC-AE93-383925EF809B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{18F22124-A398-44EE-9222-53BE8D03F4C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{EED08934-D8BB-4FC2-94C7-59684FE39F99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{BCC2277F-3E58-47AB-8457-CC4D8FB462FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{1EBC0B74-CA12-495E-BCAD-DA1CFC11A06E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{B978B7F6-3CE2-499C-BF20-63EC5AD9EB14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{10AC9BB6-0FA0-42C5-9C84-0039FDE51636}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{4BF22E02-C8E1-4FC2-8053-1A2DD415F89A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{26802902-5286-426B-9EF6-B852C675DF45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{1EF20A13-4464-41CF-9516-6F1D44860DF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{811433D2-A6A1-4EBA-97DD-1915796BA128}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{158F14EC-1324-4054-AF56-70EE30587A0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{AA20FECA-3C15-4560-8DB8-2872A528B9AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{F8EB7AD5-4148-4A99-A716-4FD66FE453E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{98A7E17A-0702-4CF4-BDCC-457D56506D6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{53E23195-33BA-46E7-8E57-81B38CC60D39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{8CA796C0-13AC-40CA-9189-84C95D2AFCF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{8C43548F-C21E-4A94-B381-95A6F1AF7A9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{4922D036-C6B7-42F4-87FA-9AE38578FE53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{0B5802AC-0F2E-4813-8DAC-8854D8D30DBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{11C0C94C-B2BB-4B0C-B928-1E6B177CAB04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{D8D5A484-274D-4DF5-B082-5CD20C93CC72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{E337BFD9-491D-4A1E-8469-B20F8A3F3326}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{DA0C842B-0F19-4F56-AE1A-1075E2A8DB8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{3E342BD9-B0B3-4116-869E-B0AEF84ABB11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{5C0A1C81-C76F-4911-A15A-06E9F95824C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{3DC4D5D1-4882-4468-847A-593702DEB096}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{E5DA3179-05DE-4C5B-BBE2-E3156024BB87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{073FD9A1-8E65-4303-8A98-DE0834707E07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{4E065F3A-DA71-4AF0-A97E-CEE2E6AD580F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{6D115765-7BE3-4A9E-AE50-D3CB00B33351}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{B48726D7-1B32-431A-B843-195899B4A7B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{62E7082D-A45C-41C1-8683-FF99760AD3BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{1A7015E4-22EC-4C48-94E9-006A51A6E23C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{D6622E04-1ABD-4709-87AF-31831E2B3EB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{8CD7212A-1247-4ABB-B02B-A502EC05983B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{9A773572-4C4F-4D31-89E5-D7AC47A45827}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{5B3B30BA-DE0C-4939-9270-404E683A0FFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{50556B6E-E975-4882-B08B-F0D7B5E43D31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{EA86C71D-DDBB-45FB-9ECD-5A3BAAA033EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{A5E95256-DB0D-4987-B428-EEF796990A13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{3E1B2886-7310-4ED3-82E9-4C7608B1A53C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{FEF0187F-E989-4D3C-9079-A7E45CE80F2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{2AA9B6A4-951F-4DDA-9DFC-CAE8DAE377C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{FF0AFBD5-2407-44FC-856A-038E7980B93A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{F153A6C5-CDEE-4273-A665-5C33B210EEFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{2E8FCAA6-D566-448C-8FC5-4B0448B6EEED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{3F4CF4CA-F56D-4E25-BC59-0ED57B09E6E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{84DCE08C-123F-46CF-ABF2-8D8483400599}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{0FC4AAF6-91CE-4C9E-A061-5F06C1508711}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{13C5769F-D346-4CCF-B7E0-2C00E3D0E04F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{85129441-3FE9-4356-99EC-4E93CEE8C649}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{2D6F2BBD-AADF-4423-8BE1-C59CFA04A058}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{ABA3DE56-D34B-4BD1-B8CB-EEEBE49FF1E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{005C3F2C-61DF-4FAB-90CE-8BF983179E56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{9BFB508A-941D-488C-9F8D-2A20DC254422}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{53560AFD-A18E-4AAF-8AD3-95025EE4B959}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{804541E0-965D-4ED0-B294-AD637620D3BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{51A619BF-1EB2-4F07-A004-370F8C90931C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{166B74D9-5930-4B14-86E1-0D3E9303E77E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{312167E2-02C8-465B-958F-F802C4028AF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{3B67AEF3-5256-4AE4-906E-77C53551766E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{0C7633C7-3018-45BD-B2E1-B389FE1FE4F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{3869A58E-A2FA-45A7-A98A-39520B082780}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{3D0DA22C-6C03-4BFB-9D61-BE4D0AF1859F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{70CB480D-E2AD-45AE-8A22-01FC16A3A7C9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{1C995D29-AA5B-4075-A0CD-45C905C0D35F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{3A131898-DED1-4E9D-ACDF-C42C18E05D8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{E976C5EC-7CC9-4BF7-813C-0C85E9198443}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{AE66182E-F53D-4818-B1CB-6AB7293F7D28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{6C210B75-809A-4971-ABC6-DECCA0415B06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{AB19896B-AAAA-495D-91CF-30B2A34C9C5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{D65F27F9-ACD3-4D39-8999-1FCAD930206B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{15BB6E03-56C3-4FF7-B8C6-D69D3DFECDDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{29CBC3D8-9DD8-4B39-9341-84927D0CA119}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{EFD347F5-1262-4323-8CA5-B4D44606DC5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{64EFFEA1-D20C-4CAF-B79E-7B7F2F745A98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{7E63D994-D092-42C8-980E-4B82DAE75FF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{905C9C88-6BD6-42C1-A7BF-4ABB67208883}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{6488723D-A67A-4789-B9EE-5F25F0A7E9C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{2E1517DC-B764-42B2-9728-9D96C19EF33E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{6F3551C3-361E-4F54-8FF7-D7FA8DE0CB3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{1CDC4C5A-485F-4C8E-88DF-F6CF9A670AA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{466E04FF-0B77-4C73-B00D-250B8C1E48C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{7D7F8CB8-9476-4247-AAC1-ABD543013089}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{D3A86D45-E69D-48A5-888F-8299B4CD7D04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{FCB01950-8FE9-49A1-A321-4151DDAB289E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{A6E24CDD-B049-4A78-80F3-D02BE033A978}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{8E3724A8-248B-4742-841D-003F4F10263A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{981C752B-5CAC-447B-B8B6-9076A23B5C2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{59BCC3C6-9713-4553-A605-372129CF478F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{413CFB01-B923-4168-958E-4AAC7AFB1B73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{436E7F7F-CD3F-49FD-A87C-2175A3CE245F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{A5F29298-585F-49AF-9009-CB856F27D1BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{2FC639A4-D0D8-4543-B7EB-DF5666DEA57A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{D2A29309-A6E6-42A4-B03F-B2D24F60AB3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{CE79846A-9583-4381-8349-085C03CFED83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{D180ABF2-0E05-4833-8215-DB495C3FB0A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{2F7EEC6A-20B0-4689-8225-4289EB35D30F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{F5F94555-98F9-4BEC-97A6-BA97A019BEF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{117FC870-1862-4DCF-A36A-6E1213E7030E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{161F711B-6B64-4DB8-81F6-F0A4F230AD95}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{96BA9182-C4FA-4649-B7F9-ECD443D8463B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{77F20B03-A433-4184-98DA-A148DC68FB27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{C8E17D60-53CF-443E-BAF6-DFD220B8B1B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{86A6C177-B474-4FD4-AE5D-68096BD3BCB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{9798D7FF-A65A-4DBF-94C0-C590C0A90BB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{49C4939A-2971-4C2F-B870-6F1D54A77B53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{DC9C67E1-67C9-4865-A3A6-98475DCBB35E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{6D3A096E-41D4-4B3A-AB15-96EEC3F9D6F9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{6DE17A03-BA93-4B4C-BA6E-B25230F20BE0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{6E01456D-9A0A-42C9-BD2A-109CF7D1A83F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{2A7FC496-2AA6-4E67-B3D0-848AC80DBB85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{0410118A-B5B7-480E-A497-8C152EA9156E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{DCCF8FC2-DAD6-48F6-96E0-F9EF2C25FDAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{050B7C64-3F5E-469D-8739-E0169FE8A752}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{22158A5A-5A9D-4A80-80F9-1AB86528DDF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{4A16EF9C-AE21-4A48-9CE0-4940E2308AB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{F11F1A40-774F-4472-B395-6F29E90E57D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{FE48A18C-4637-4D8A-83C4-F3DBE1AD6159}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{2184C198-106B-476B-89B3-C26A1ED93B5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{12E7776F-3797-4E6B-8DE7-28CF2F800318}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{1A64FCE0-17DF-4FD6-B938-15E42FEA20C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{DF64A80E-1DE9-43B9-914E-0DE1FABA8226}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{A935ADB4-559F-4D97-BA75-3942EA74163E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{56096D8F-37A7-4B08-96C1-1F9540896CCF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{39817723-2077-4EC7-B31D-8D55C9EE4C7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{67B4C112-FD68-4F9A-A234-1ACEED3578CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{46DBB31F-A629-4E0D-B5D3-A169999E053B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{D34FA7F7-33D1-4EC3-B455-E1F1DED2D2F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{54FC7308-22A0-4757-9470-29E231A92536}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{C1131B88-BCC1-445F-B7AE-2CBB81FBDF4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{87A437C5-83A3-4010-AAD4-6A35E7C7ADE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{0800DC85-0804-421D-B85F-B0DA1BA808B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{CEC26F2A-F9A0-4FF7-B563-F0401BC5EFC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{C622F10B-A630-4915-899C-2379CB2DE00E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{DC0918F7-0F87-4482-9F1E-0E5FAD67B59E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{0C4C670A-7E29-442D-B409-39DC2ACE9871}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{46C7807E-9EAA-4466-BF98-4C1EB8510FF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{F03761A0-BB53-4866-9631-EBF781381478}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{62BB97B9-4C72-4E81-B72B-D16592FDE597}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{56A4F830-5F70-427C-B22C-18B87D54D859}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{BDCC9363-FC4A-405F-A980-C043EDD349FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{4E185A5F-B7B5-45D2-81B0-C2DA45C46154}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{7433B37D-D25A-4F33-8F3B-DBBE20FBCCEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{3E668E5B-42E2-4EBE-9CA0-39263B9FC1E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{367A07D0-6E83-4FDA-94A8-3AE952B3737C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{A7C7EEEC-49CC-4551-85E5-A461916225BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{CAAEE61C-3133-49F7-9D28-9BF4CA6C56F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{40C6327D-E3F6-42EE-8D29-35C72F0FEAD7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{E88CC65B-C32E-41EB-AC5D-719030724595}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{785F5736-89EC-4F29-8DF2-41261FE50BEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{CB1D166B-8B63-44EB-A302-8B7279EC7C75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{46C2B997-E9C1-47D2-B632-6CD2531D7E5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{81C02659-6F58-4514-A5B3-89F0EEE8984E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{0AB1BDA8-5C51-419D-99E5-63AE5BBE6222}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{36E9D929-1503-42C5-A945-DF3AE08A369D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{53E6BD07-AEDD-44A8-AAE0-0EDB86A6A7E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{0DAA429C-EECB-4636-9BC3-042C87062F6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{A71BB291-6613-4619-AE41-E2DCA7F4124B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{5B87E581-9127-47E7-9305-588370B963EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{151BB00A-16DA-4A7D-8FD2-EFF2259476B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{DD797B6A-160C-458A-82AC-4710D7C9A0BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{B9D1BCB4-378E-43EE-BF2A-709F6AEFC97C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{AE0F04FF-71F3-4DF6-AAE4-608D32CAFD9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{396B07D7-5B65-4AA4-A197-E4410280388C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{6D77CFD7-3D05-432B-BC73-07A5B7FC728B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{43DD25BC-9673-4B04-AA38-E8E8FCBE8935}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{B082826B-0FB4-4F31-BEE8-EF3FA398D7AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{8320A31A-06D3-4914-A210-D37B91C0BAA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{7EF22E50-C7A0-4BC4-A305-1CE4FEE29960}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{27025C40-43D4-4F95-83B9-EA604BDFFF5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{0281E807-AA4E-4E39-872D-6DD66DFBF13B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{D8677DD9-736E-4828-BD01-ABD338D59083}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{32DD9E85-DCEA-459B-9148-08995102AADE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{083F99F6-0C7A-4B2F-BED2-BF654772EA07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{FE32F11E-8A08-4A6F-80CB-31F14877DE00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{5E55F197-17C8-4D1F-AD51-35B47D09666E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{FC1894C9-3ED5-4462-A097-E55D7FE4C99B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{FD744430-FA2B-4900-9578-AE61F002A89A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{A391342B-6570-45F0-B46E-16F64E08CD11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{9765B341-7DE5-40C1-A186-241F259BF726}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{F8D6587F-2018-4232-AE21-4544E7E0382F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{F9501CC8-BFBF-4F40-A3B9-90AD451BD1CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{036547EF-E0D6-433A-B6EE-19FC4AD31532}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{98B4790C-26DD-4FB7-90B9-52B41EEADBE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{53E99A56-EE7F-4028-BD17-02A656F73850}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{5748CFA6-0068-4C09-9C96-6D37AA65A726}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{6C7B0622-62F9-445B-8245-BF18B2C01435}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{A535917E-21E9-4BF6-ACCD-D21BF8E6000A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{A2426670-0298-4752-A340-01D093DBDC88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{F046B4B3-57A3-483F-98F0-6C26701EA14C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{BDB248CB-789E-469F-A092-8C36CBEEDD4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{C783E7D7-9771-432C-B686-E47AB7A259B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{C614705C-73A1-4E37-A851-ECE986D4EF81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{019B2E57-303A-45F3-A7CE-519D698D6E2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{8655A74E-841B-4390-BE84-A17F2D870A96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{0C250F86-D2A1-43F1-9295-E2C2F350000A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{FEB04025-9E2C-4F97-9E49-71913E1E48AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{F3E2ABBB-8AF7-44C4-8405-202252580F64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{4F24AF6F-DF5B-4620-8B5D-7DD2E0682228}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{226FB370-7DC2-4B76-B23B-99E6090AD003}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{CCE9FE90-CE74-44F3-A26F-E41CA03E4BDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Jackbox Party Pack 3\The Jackbox Party Pack 3.exe
    FirewallRules: [{3F795C37-4F95-48D3-B431-85BA917E4AA3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Jackbox Party Pack 3\The Jackbox Party Pack 3.exe
    FirewallRules: [{0764A1AF-89D8-47E7-88A6-B930366E1E5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{EE301422-7367-4462-BA4B-8C590CEE20C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{C9760DB3-DF91-4254-AC79-4A4A8A599F52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{BDC5F78B-01C3-4E46-9B7E-467E0D6804FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{50F856F2-1CE1-4EEC-8D17-62F47CA1D3BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{B4ACD601-826F-4DAF-91BA-3A7B86ED2B1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{A90C5CC8-6B27-4761-9353-A306087EA48A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{153ADE74-E508-48A4-B502-30D2047F4673}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{383703C7-82C6-4D2C-A8B6-0A1EFAF5C058}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{E2FCAE4E-516A-41DC-B98B-5DEAD2EE01D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{EB3F9DC6-BE61-4BF7-91FA-28180CA084A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{87E5BFEF-B628-4806-85A4-643973ED691D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{D85C1F06-69F4-49FC-9448-04E8B027AC79}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{310FC8F7-2B41-422F-9178-6C9F817BBB5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{EC99029B-2B0D-4FAE-959E-3BDE0FCC7A06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{307FBB39-0C8C-4D43-A830-C0F60ACCA9BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{5CA74AFE-5434-4586-B63A-D649EE24599E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{293D079D-0DAD-4F4A-A646-8780279F157B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{05CAEDBF-241F-49CB-9E53-5370457581E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{51534AA8-6C90-4137-A389-F4D4D633507C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{536F2D65-889A-4335-9BC9-A3F8BA693C77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{6700FD1B-7BA8-4907-9FB4-8F4DB04331D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{D2EC7BCC-73ED-4251-8F6C-C1D470052791}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{3AB662D4-BF43-4B20-AF39-6236DBB81979}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{0D62830A-7F97-4ABB-B032-CBAE109189C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{6EB32D56-C3E4-40B2-9D3C-F50293B90AAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{59FEABD2-443D-4EDD-BD64-2E2B67C30E3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{F2CB4B68-16A8-41F0-AC23-DC684186FF61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{66CB676F-8E3C-4CCE-9AD6-1F6DBE0A70CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{1445C59E-976A-4169-B9C7-EE27F91EE07E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{6AFB0930-94EB-455B-BF18-AE5FF6EB3DFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{2DD8453B-AB77-4143-B3BC-268E84F86677}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{912D77B3-24F3-43C2-8FB2-D3AD497B0B01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{B53F4E75-3B84-4A63-98A5-48ABC264CA44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{2B09D7A4-A6F4-41A7-B389-22FAA22DC09A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{36669A74-C117-4485-AE9A-28DA2653A3E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{CE6F8B9F-B0FD-4A54-9A77-F26563072EC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{535FEEC4-7F7B-41AA-A596-249B8A8479B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{B488A907-5B24-4E34-BB55-6883549868D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{542741CB-5C3C-48AC-8C49-A096E37DE3A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{B97D7CCD-8475-4CF9-9C89-EFC19CA452B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{D70AA199-797D-4365-BFA1-92A78AF9475E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{7CEAD104-CB2F-4EF8-B28A-07B5D676F281}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{CAE1E732-1AE5-4D49-A2FB-45B71EBD8929}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{8D79ACB6-EFB8-45E8-90AE-F09D20901C40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{975D9575-CE13-4489-A938-D3E3EDFAAFF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{CF4E4CC5-A33E-46AC-8460-F4ABB82CC6F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{1C371F60-660C-40BE-89C0-9A1132856498}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{ADCB7128-4E0B-46BA-93D1-C905F6CF67F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{FD4E3784-6F75-4AAB-B509-2584D7088186}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{28FFD143-3E54-41D6-A2B2-BD2095E7A87E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{5582C85D-2915-4420-9664-877D39C6E45D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{B5A938EF-3066-48E9-B7D7-DA2357255E5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{754937D9-0CE4-445F-8A2F-31A40910B81C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{78CAA3ED-041F-4287-A764-90B8309FE1BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{D33A6A57-0F49-4C99-A9DE-985B623FD140}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{EC4BE659-30F0-4DAC-8A96-1CFC4D56C18C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{1DE5675C-4451-4F3A-B1B4-C49089A8641F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{E3DCE53B-F5CC-4D6F-8AC6-F9D175458120}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
    FirewallRules: [{9E524873-B0E2-41F2-818A-5C34109358C9}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe
    FirewallRules: [{1DC7E1C2-12B7-47DF-B556-5DCCA111338F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe
    FirewallRules: [{C47D330B-1A54-4A23-A041-04A49A393578}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe
    FirewallRules: [{5F2D28F7-41DD-46D8-8DB1-8FB6188F3CED}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe
    FirewallRules: [{E930AD45-DB61-490F-B6F6-E7463936BBC9}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe
    FirewallRules: [{1EC37FB0-DA1F-4C51-B9B8-9F866DBBC051}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe
    FirewallRules: [{9DAB4070-F1E3-444F-B3D7-B755D549765E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{527022B4-0540-46D8-A7F3-C2C3F401CB23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{D5520AF1-17E9-4233-8D70-977AF6E7ACC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{4A523667-FB50-4D73-89F3-78B6093A9447}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{A3195E45-CD5A-48F6-8E7B-5B19D973F7D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{51DEE038-1A66-4BF7-A4AB-061932DAD555}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{3838B120-8202-48EE-B49F-1BBB11CD89E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{A0E8BDC2-962C-4212-B596-5100665C9AA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{F2974D8F-13C7-4B59-A93F-1B504BC4192B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{AF6E75E1-7200-4ECB-BCD3-B2089422385B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{FDC99C54-90A8-4FB7-8BA6-50B5365E935F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{9DA245E9-F03C-4D6A-9A81-A2EEE5E93AE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{A1D9B0A9-1FD1-44FC-BD16-6C9440F3C8C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{3E6FE79A-69CD-4223-8255-93E12993849A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{576918B9-1337-4EE8-80A2-FAB06DB5236D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{14528347-0C6C-4F6B-9340-5EDD43D22EE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{2C836D40-11F9-4262-BAFA-E15807735E33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{B8887883-E0A2-433F-A127-FDE6F70F4839}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{293A37C8-00AB-4094-B5DF-E067D228B4CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{593C7A61-67EA-4EB0-9EE2-7A9DEE82A667}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{C9190BD3-6659-4AD0-BD4B-993E182ADB1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{D1C54E3E-1218-4F02-A905-8554083D236A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{BB196468-EF30-426C-95ED-24AA5F05F6CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{9F2E5ECD-B1C9-44CB-9DAB-DBDDA64F9A86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{7377BACE-2640-4BE1-AE8F-A88EAFF91EFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{BACB4927-1F5A-4EFC-A0C4-E6043E82B2FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{38F28CEB-71D1-475A-B026-99A4F9938C6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{49EFAD34-AE44-4B15-BDFA-B00478ECD1BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{6A57D981-B37F-4F4E-B894-224A24028817}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{D434AC6A-1D9B-412D-A990-C8CCEEC90F2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{0F35A7D2-660F-4AF4-9D3E-AFC3B9767796}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{C6F9C02C-F1A6-4AD8-A6F6-66747BA6615B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{4D6455DE-028D-4A04-9079-60E95C43D08C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{BE0ABD1A-A1E9-4BD8-9DFF-D76C251B9D6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{B091CAFE-3FFC-4BC3-9ECA-F47D6756D3B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{E9410EEE-1227-4065-B728-BCD35C464C88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{78908DF5-3292-4FE5-BA88-FD92C0A320FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{BE9D7A08-9FB9-4090-8ADD-8F369D405A1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{5F04FA00-44FD-47E0-AFA5-4AEB22DC4BA3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{96AA0A08-B777-484D-B1E7-38E82B5B8573}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{0849B4A9-BEC9-4F7A-89E8-AF03B1E1D8D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{607F3C37-8BDD-4DE9-A2A7-E521BD558705}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{A3870205-F4ED-4463-A1B7-3BB6FACFCAB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{07814331-9106-40AE-A252-895912674F06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{DEA8E782-093C-451E-A89E-C1C0BA49424F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{78DA2FB4-AFF8-4EC5-BCD9-E0E1F43628C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{3EBF5CB8-23D2-43CD-93E2-3DFD3EF834EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{1FAB5192-0A5B-461B-B838-274909661778}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{01D77410-ABD1-4228-A647-C721AC7CDEF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{5386F935-AA52-4E69-8027-FC9B1AB82F36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{368A726D-0385-4647-84B3-A532893159F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{C59D0F60-165B-413A-AE91-ECF47D5619AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{4801FB77-ACBE-41F2-AD1E-218A4D5A5EE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{48C37331-7361-48D7-B925-566A75D1698D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{640BFDAF-F59E-4B85-9DE8-6F3765614836}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{EF6D3596-2330-433E-A3F2-4BBB80D4337E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{54287A95-5594-4033-A2F3-1CEE2B688218}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{3FDDDCCA-12C1-42A0-A043-4660383980C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{83FE6025-99DA-413D-82B1-52CFDA0812BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Drawful 2\Drawful 2.exe
    FirewallRules: [{580F22B9-8C63-43C2-A85A-27EC48C07526}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Drawful 2\Drawful 2.exe
    FirewallRules: [{180742A5-35D4-441B-9A62-1407C4BE0492}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{5EC8D5AC-E52A-4B6A-9842-F294A5B81075}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{38B5A58B-7A00-41BE-B172-929A7E61913A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{B72FEF40-A139-470B-A659-3A813E1047D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{DC8DA650-172B-4F7C-9D9E-0CF6BAF5BFF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{F0AC8126-8955-4CE4-AFBC-D2C61EF6DC83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{ABCF297C-56C4-4B86-8AA3-CF6C8D8E0FCD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{EA78E0B8-81AF-4A67-B5F4-AAA838EC9E43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{EDDEBE48-A897-416E-8FC6-6677920D6E26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{62B2BCF0-EDD4-472A-BD9A-DE5B1D859275}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{3CD47CA3-B22D-4B5B-9033-EC1278BEB289}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{2ADA7BB2-631E-43DE-A9D1-9794C20816C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{21A9D559-982E-4A06-A348-9D25AD419E8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{EBBF600C-07C6-49E3-A63E-5C547C4C6789}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{1BD8BFD2-CC31-40D3-8971-C141CE78B4D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{EED0C215-6ABB-45F3-B6C0-62F8DB424134}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{A13940B6-C986-4EC5-BB00-9DCAB2515D7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{866B3B52-704B-48DD-BEAC-2B5EE1BCCC5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{D4D7F0CC-083F-426C-A837-BB19CD73D561}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{37246007-BE6F-4CBE-92B5-3383A2CA56F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{65B90FC3-0F10-4B7A-9BCB-4B6363E7C0C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{F10617ED-5399-4DBC-AE74-8CD8971A46D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{40F963EC-20FC-4C38-8D61-8853883815BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{814C3E5B-1916-4792-B82B-F875CE55A519}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{42C59853-7403-42ED-BFF1-561E7DEA0643}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{E853E55E-37B3-4617-8CA7-1762A1502714}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{8DA96FDD-E84C-47A4-B8F3-0A3348A49F76}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{6DB842E5-CEBF-4F13-B478-4ECFFCBE31B7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{67D46358-AFEC-43B3-BA7B-4888A2B43E35}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{68A58CF5-9295-4839-9DFC-004FF02C5E1D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{014047E8-4122-4AE5-B158-3960CF8F4B27}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{4D89CD6C-8035-4C05-9CBD-BFB0617A79BA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{0ED2E4FF-1E94-4A90-B3D3-FF308F36E530}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{B3EC3994-8AA8-4FEB-B4A9-78E82CFA22AC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{6CEE59BE-C146-4FAD-8BB5-DC4A130DBF8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
    FirewallRules: [{51F38E4C-5755-42B0-847E-F05636F48596}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
    FirewallRules: [{D1D16618-BA1A-407F-998D-7840618FEF7C}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
    FirewallRules: [{971A8024-BE86-44E7-BE70-817D851081F2}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
    FirewallRules: [{45B88453-258D-4147-AF41-1C5443262D10}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    FirewallRules: [{729C6BFB-BDB1-4E00-9B02-CBF0F7B9276E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    FirewallRules: [{BC70714B-9EB4-4ACE-BEE9-A76A3A44F762}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
    FirewallRules: [{4DE4ABBF-4A4E-4CB1-B68E-BC0721EC84F8}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
    FirewallRules: [{12D115BF-651B-4F18-A338-2C73974EF8E0}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    02-09-2018 22:55:24 Windows Modules Installer
    04-09-2018 06:55:24 Windows Modules Installer
    05-09-2018 08:55:24 Windows Modules Installer
    06-09-2018 13:30:51 Windows Modules Installer
    07-09-2018 16:09:48 Windows Modules Installer
    08-09-2018 19:02:02 Windows Modules Installer
    10-09-2018 09:36:50 Windows Modules Installer
    11-09-2018 15:02:02 Windows Modules Installer
    12-09-2018 23:01:59 Windows Modules Installer
    14-09-2018 11:59:36 Windows Modules Installer

    ==================== Faulty Device Manager Devices =============

    Name: HID-compliant touch screen
    Description: HID-compliant touch screen
    Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
    Manufacturer: (Standard system devices)
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/14/2018 08:24:26 PM) (Source: Steam Client Service) (EventID: 1) (User: )
    Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

    Error: (09/14/2018 12:47:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 443172

    Error: (09/14/2018 12:47:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 443172

    Error: (09/14/2018 12:47:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (09/14/2018 12:40:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1563

    Error: (09/14/2018 12:40:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1563

    Error: (09/14/2018 12:40:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (09/14/2018 11:17:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Local Hostname abcd.local already in use; will try abcd-2.local instead


    System errors:
    =============
    Error: (09/14/2018 08:24:13 PM) (Source: DCOM) (EventID: 10016) (User: abcd)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user abcd\khoa SID (S-1-5-21-3228323692-928225871-3027623042-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (09/14/2018 08:23:04 PM) (Source: DCOM) (EventID: 10016) (User: abcd)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user abcd\khoa SID (S-1-5-21-3228323692-928225871-3027623042-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (09/14/2018 08:22:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (09/14/2018 03:18:36 PM) (Source: DCOM) (EventID: 10016) (User: abcd)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    and APPID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    to the user abcd\khoa SID (S-1-5-21-3228323692-928225871-3027623042-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

    Error: (09/14/2018 01:18:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (09/14/2018 11:20:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (09/14/2018 11:19:27 AM) (Source: DCOM) (EventID: 10016) (User: abcd)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user abcd\khoa SID (S-1-5-21-3228323692-928225871-3027623042-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (09/14/2018 11:18:06 AM) (Source: DCOM) (EventID: 10016) (User: abcd)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    and APPID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    to the user abcd\khoa SID (S-1-5-21-3228323692-928225871-3027623042-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.


    Windows Defender:
    ===================================
    Date: 2018-09-14 12:40:33.546
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {DB807C91-558E-4C0D-8FB1-4519D8A64062}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    CodeIntegrity:
    ===================================

    Date: 2018-09-15 00:02:55.832
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-09-15 00:02:55.830
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-09-15 00:02:55.807
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-09-15 00:02:55.804
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-09-14 12:01:07.356
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Users\admin\AppData\Local\Chromium\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-09-13 22:32:24.005
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-09-13 22:32:24.002
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-09-13 22:25:13.728
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Users\admin\AppData\Local\Chromium\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz
    Percentage of memory in use: 82%
    Total physical RAM: 8104.27 MB
    Available physical RAM: 1431.57 MB
    Total Virtual: 16296.27 MB
    Available Virtual: 4152.32 MB

    ==================== Drives ================================

    Drive c: (Windows8_OS) (Fixed) (Total:198.36 GB) (Free:17.64 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive z: (Data) (Fixed) (Total:31.86 GB) (Free:13.53 GB) NTFS

    \\?\Volume{cb8af5c9-cf19-11e6-8260-f8a963401a36}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.67 GB) NTFS
    \\?\Volume{230d61d9-49b9-4ea5-9681-f7df37742271}\ () (Fixed) (Total:0.81 GB) (Free:0.34 GB) NTFS
    \\?\Volume{dbdfc083-6c0c-4f77-9890-c14be770bfd3}\ () (Fixed) (Total:0.49 GB) (Free:0.48 GB) NTFS
    \\?\Volume{29fbbae0-b69c-4b0a-a160-3b37ef8c56cb}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 232.9 GB) (Disk ID: 2405794E)

    Partition: GPT.

    ==================== End of Addition.txt ============================

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.09.2018
    Ran by khoa (administrator) on ABCD (15-09-2018 00:02:32)
    Running from C:\Users\admin\Desktop
    Loaded Profiles: khoa (Available Profiles: khoa)
    Platform: Windows 10 Home Version 1803 17134.285 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: "C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe" -- "%1")
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (Apple Inc.) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
    (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
    (Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\NisSrv.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    () C:\Windows\System32\igfxTray.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
    (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
    (johnsadventures.com) C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
    (f.lux Software LLC) C:\Users\admin\AppData\Local\FluxSoftware\Flux\flux.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (The Chromium Authors) C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (The Chromium Authors) C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (The Chromium Authors) C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
    (The Chromium Authors) C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
    (The Chromium Authors) C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
    (The Chromium Authors) C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
    (The Chromium Authors) C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
    (The Chromium Authors) C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
    (The Chromium Authors) C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
    (The Chromium Authors) C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
    (The Chromium Authors) C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
    (The Chromium Authors) C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    (Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.exe
    (Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.6383\Agent.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    (Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (The Chromium Authors) C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
    (Google Inc.) C:\Users\admin\AppData\Local\Google\Update\1.3.33.17\GoogleCrashHandler.exe
    (Google Inc.) C:\Users\admin\AppData\Local\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
    (The Chromium Authors) C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
    (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
    (Blizzard Entertainment) C:\Program Files (x86)\Overwatch\Overwatch.exe
    () C:\Program Files (x86)\Overwatch\ErrorReporting\x64\CrashMailer_64.exe
    (Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
    (The Chromium Authors) C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
    (The Chromium Authors) C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
    (The Chromium Authors) C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (The Chromium Authors) C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
    (The Chromium Authors) C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
    (The Chromium Authors) C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
    (The Chromium Authors) C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
    HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17494136 2017-04-05] (Logitech Inc.)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-04] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
    HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
    HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-04-13] (Razer Inc.)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3753280 2018-09-11] (Dropbox, Inc.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653728 2018-03-26] (Oracle Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\Run: [Google Update] => C:\Users\admin\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-16] (Google Inc.)
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3207968 2018-09-08] (Valve Corporation)
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\Run: [Discord] => C:\Users\admin\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\Run: [BackgroundSwitcher] => C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe [124760 2018-05-15] (johnsadventures.com)
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\Run: [f.lux] => C:\Users\admin\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC)
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [6881864 2018-07-30] (GOG.com)
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\Run: [com.squirrel.slack.slack] => C:\Users\admin\AppData\Local\slack\Update.exe [1584656 2017-12-13] ()
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\Run: [Chromium] => c:\users\admin\appdata\local\chromium\application\chrome.exe [1511424 2018-05-30] (The Chromium Authors)
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32930704 2018-07-02] (Epic Games, Inc.)
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\MountPoints2: {cb8af030-cf19-11e6-8260-f8a963401a36} - "D:\VZW_Software_upgrade_assistant.exe"
    Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2018-05-13]
    ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk [2017-11-29]
    ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
    Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2018-05-20]
    ShortcutTarget: Twitch.lnk -> C:\Users\admin\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 10.0.30.1
    Tcpip\..\Interfaces\{7462757f-5a4e-4884-af30-a306c625573a}: [DhcpNameServer] 10.0.30.1
    Tcpip\..\Interfaces\{e86944bd-ce58-42fb-bd77-c6dd4025c3a2}: [DhcpNameServer] 10.0.30.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
    SearchScopes: HKLM -> DefaultScope {B28FBD81-A3C9-41CC-B503-547AF22B311E} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {B28FBD81-A3C9-41CC-B503-547AF22B311E} URL =
    SearchScopes: HKU\S-1-5-21-3228323692-928225871-3027623042-1001 -> DefaultScope {B28FBD81-A3C9-41CC-B503-547AF22B311E} URL =
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-01-25] (IObit)
    BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-10.0.1\bin\jp2ssv.dll [2018-05-20] (Oracle Corporation)
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2018-03-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

    Edge:
    ======
    Edge Extension: (AutoFormFill) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [2018-04-11]
    Edge Extension: (LearningTools) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [2018-04-11]

    FireFox:
    ========
    FF DefaultProfile: el03g9h9.default
    FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\el03g9h9.default [2018-09-13]
    FF Homepage: Mozilla\Firefox\Profiles\el03g9h9.default -> hxxps://www.malwarebytes.org/restorebrowser/s_18_03_mnn_jdnld2_17_49&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtAyEtDtC0AtAyCzzzz0AtBtN0D0Tzu0StBtBtDzztN1L2XzutAtFtAtBtFtCtFyBtBtN1L1Czu1M1Q1CtAyEtFyDtFtDtN1L1G1B1V1N2Y1L1Qzu2SyEyC0ByBtDtCzz0AtGyDyByByDtG0C0E0BtCtGtC0EtA0BtG0FtDzy0FtDyEtA0EtAtAtBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0FyCyByD0BtAyBtG0EzzyDtBtGyEyC0A0AtG0Bzyzy0BtG0A0CyByE0E0F0BtByB0A0DyD2QtN0A0LzuyEtN0D0T0S1P1RzutCyDtCyCtCyCzztAtAyD%26cr%3D1850636103%26a%3Dhdr_s_18_03_mnn_jdnld2_17_49%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    FF HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\admin\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
    FF Plugin: @java.com/DTPlugin,version=13.0.1.0 -> C:\Program Files\Java\jre-10.0.1\bin\dtplugin\npDeployJava1.dll [2018-05-20] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=13.0.1.0 -> C:\Program Files\Java\jre-10.0.1\bin\plugin2\npjp2.dll [2018-05-20] (Oracle Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-06-24] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-06-24] (NVIDIA Corporation)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin HKU\S-1-5-21-3228323692-928225871-3027623042-1001: @tools.google.com/Google Update;version=3 -> C:\Users\admin\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3228323692-928225871-3027623042-1001: @tools.google.com/Google Update;version=9 -> C:\Users\admin\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    StartMenuInternet: FIREFOX.EXE - firefox.exe

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3326235&octid=EB_ORIGINAL_CTID&ISID=M6A210000-5EDE-479E-9257-0A71743848C7&SearchSource=55&CUI=&UM=6&UP=SP9D223FA7-C8F2-4487-A39E-70D9C3324E2D&SSPV=
    CHR StartupUrls: Default -> "hxxp://dictionary.reference.com/","hxxp://www.westhartfordlibrary.org/","hxxp://www.google.com/","hxxps://us.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_18_03_mnn_jdnld2_17_49&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtAyEtDtC0AtAyCzzzz0AtBtN0D0Tzu0StBtBtDzztN1L2XzutAtFtAtBtFtCtFyBtBtN1L1Czu1M1Q1CtAyEtFyDtFtDtN1L1G1B1V1N2Y1L1Qzu2SyEyC0ByBtDtCzz0AtGyDyByByDtG0C0E0BtCtGtC0EtA0BtG0FtDzy0FtDyEtA0EtAtAtBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0FyCyByD0BtAyBtG0EzzyDtBtGyEyC0A0AtG0Bzyzy0BtG0A0CyByE0E0F0BtByB0A0DyD2QtN0A0LzuyEtN0D0T0S1P1RzutCyDtCyCtCyCzztAtAyD%26cr%3D1850636103%26a%3Dhdr_s_18_03_mnn_jdnld2_17_49%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&uref=chmm"
    CHR NewTab: Default -> Active:"chrome-extension://bhloflhklmhfpedakmangadcdofhnnoh/index.html"
    CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
    CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
    CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2018-09-13]
    CHR Extension: (Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
    CHR Extension: (BetterTTV) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2018-05-20]
    CHR Extension: (Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
    CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-28]
    CHR Extension: (Pesticide for Chrome) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bblbgcheenepgnnajgfpiicnbbdmmooh [2017-12-11]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2016-12-29]
    CHR Extension: (Earth View from Google Earth) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhloflhklmhfpedakmangadcdofhnnoh [2017-09-22]
    CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-30]
    CHR Extension: (Sad Panda) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohapeiooecafommnlaiccilacgmkaoc [2018-05-10]
    CHR Extension: (Adblock Plus) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-07-30]
    CHR Extension: (Ebates: The Free Cash Back Shopping Assistant) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2018-07-30]
    CHR Extension: (GAIN Fitness) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpompjlmddcnpijabjfcgnpmoibdffoc [2016-12-29]
    CHR Extension: (Tampermonkey) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-05-15]
    CHR Extension: (Pop Block) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpeahfambfpmkmjoobgmcbjhcbafepjc [2016-12-29]
    CHR Extension: (ICE Quick Stream) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpioikmjnfipgphjldakcaocbbpnfabl [2017-06-01]
    CHR Extension: (Proxy SwitchySharp) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm [2016-12-29]
    CHR Extension: (Dark Reader) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2018-08-28]
    CHR Extension: (Dictionary.com Extension) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\epkhgmlgiomobdlofllfmoejgjdojknn [2016-12-29]
    CHR Extension: (MyJDownloader Browser Extension) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2018-07-30]
    CHR Extension: (Sheets) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
    CHR Extension: (Readium) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2018-03-08]
    CHR Extension: (EditThisCookie) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2018-05-15]
    CHR Extension: (Falcon Proxy) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gchhimlnjdafdlkojbffdkogjhhkdepf [2016-12-29]
    CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-28]
    CHR Extension: (LinkedIn Sales Navigator) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin [2018-01-29]
    CHR Extension: (Google Keep - notes and lists) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2018-08-28]
    CHR Extension: (Reddit Enhancement Suite) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2018-06-25]
    CHR Extension: (Ace Script) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2017-09-11]
    CHR Extension: (Wikibuy) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2018-08-28]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
    CHR Extension: (Enhanced Steam) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2018-07-30]
    CHR Extension: (Visualping) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2017-08-22]
    CHR Extension: (Evernote Web Clipper) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2018-07-30]
    CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-28]
    CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-28]
    CHR HKU\S-1-5-21-3228323692-928225871-3027623042-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2017-08-15] (Apple Inc.)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-29] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-29] (Dropbox, Inc.)
    R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-09-11] (Dropbox, Inc.)
    S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-07-30] (EasyAntiCheat Ltd)
    R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
    S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [686664 2018-07-30] (GOG.com)
    S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8942664 2018-07-30] (GOG.com)
    R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [184064 2017-01-14] (Intel Corporation)
    R2 ibtsiva; C:\WINDOWS\SysWOW64\ibtsiva.exe [121288 2014-03-10] (Intel Corporation)
    R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2017-04-24] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
    R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206096 2018-01-25] (IObit)
    R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21304 2017-09-28] (Microsoft Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
    R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-07-24] (Lenovo(beijing) Limited)
    R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-04-05] (Logitech Inc.)
    R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
    R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764456 2018-07-19] (NVIDIA Corporation)
    S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764456 2018-07-19] (NVIDIA Corporation)
    R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
    S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
    S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
    S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [187904 2017-09-28] (Microsoft Corporation) [File not signed]
    S3 TESHelper; c:\Program Files\Common Files\Lenovo\Magic Transfer\x64\MagicTransferTESHelper.exe [104696 2014-07-24] (Lenovo)
    S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [142440 2017-12-14] (Microsoft Corporation)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-07-31] (Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-07-31] (Microsoft Corporation)
    R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18264 2017-02-23] (Intel(R) Corporation)
    R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
    R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes)
    R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [24904 2014-03-11] (ELAN Microelectronic Corp.)
    S3 EvolveVirtualAdapter; C:\WINDOWS\System32\drivers\evolve.sys [21656 2018-01-26] (Echobit, LLC)
    R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [231168 2017-01-14] (Intel Corporation)
    R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37064 2016-08-25] (Intel Corporation)
    R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [39904 2017-06-06] (IObit.com)
    R3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegProcessFilter.sys [40328 2018-01-10] (IObit.com)
    R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
    R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-04-05] (Logitech Inc.)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-09-14] (Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-09-14] (Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-09-14] (Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-09-14] (Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103648 2018-09-14] (Malwarebytes)
    R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2018-04-11] (Intel Corporation)
    R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_ef68fde814b24256\nvlddmkm.sys [17200392 2018-06-25] (NVIDIA Corporation)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30656 2018-07-12] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69544 2018-06-07] (NVIDIA Corporation)
    R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [65792 2018-04-24] (NVIDIA Corporation)
    R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [761600 2015-06-15] (Realsil Semiconductor Corporation)
    R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
    R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46584 2018-07-31] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-07-31] (Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-07-31] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-09-14 12:56 - 2018-09-14 13:00 - 000000000 ____D C:\Users\admin\.gimp-2.8
    2018-09-14 12:56 - 2018-09-14 12:56 - 000000000 ____D C:\Users\admin\AppData\Local\gegl-0.2
    2018-09-14 12:56 - 2018-09-14 12:56 - 000000000 ____D C:\Users\admin\AppData\Local\fontconfig
    2018-09-14 12:01 - 2018-09-14 21:27 - 000103648 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2018-09-14 12:01 - 2018-09-14 12:01 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2018-09-14 12:01 - 2018-09-14 12:01 - 000190696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2018-09-14 12:01 - 2018-09-14 12:01 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2018-09-14 12:01 - 2018-09-14 12:01 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2018-09-14 12:00 - 2018-09-14 12:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2018-09-14 12:00 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2018-09-13 22:35 - 2018-01-19 02:39 - 000454512 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20180913-223541.backup
    2018-09-13 22:31 - 2018-09-13 22:31 - 000033501 _____ C:\Users\admin\Downloads\q.txt
    2018-09-13 22:23 - 2018-09-13 22:23 - 000000000 ____D C:\Users\admin\Documents\ProcAlyzer Dumps
    2018-09-13 21:57 - 2018-09-13 21:59 - 000000000 ____D C:\AdwCleaner
    2018-09-13 21:51 - 2018-09-13 21:51 - 007567568 _____ (Malwarebytes) C:\Users\admin\Downloads\AdwCleaner.exe
    2018-09-13 21:48 - 2018-09-15 00:03 - 000032993 _____ C:\Users\admin\Desktop\FRST.txt
    2018-09-13 21:48 - 2018-09-13 21:49 - 000154368 _____ C:\Users\admin\Desktop\Addition.txt
    2018-09-13 21:47 - 2018-09-15 00:02 - 000000000 ____D C:\FRST
    2018-09-13 21:47 - 2018-09-13 21:47 - 002413568 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
    2018-09-13 20:33 - 2018-09-13 20:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2018-09-12 21:32 - 2018-08-31 03:46 - 000542504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
    2018-09-12 21:32 - 2018-08-31 03:45 - 000348328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
    2018-09-12 21:32 - 2018-08-31 03:43 - 001524152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2018-09-12 21:32 - 2018-08-31 03:42 - 001636232 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2018-09-12 21:32 - 2018-08-31 03:27 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
    2018-09-12 21:32 - 2018-08-31 03:27 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
    2018-09-12 21:32 - 2018-08-31 03:26 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
    2018-09-12 21:32 - 2018-08-31 03:25 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll
    2018-09-12 21:32 - 2018-08-31 03:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
    2018-09-12 21:32 - 2018-08-31 03:24 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
    2018-09-12 21:32 - 2018-08-31 03:24 - 000482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
    2018-09-12 21:32 - 2018-08-31 03:24 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2018-09-12 21:32 - 2018-08-31 03:23 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2018-09-12 21:32 - 2018-08-31 03:23 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
    2018-09-12 21:32 - 2018-08-31 03:22 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2018-09-12 21:32 - 2018-08-31 03:22 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2018-09-12 21:32 - 2018-08-31 02:55 - 001455960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2018-09-12 21:32 - 2018-08-31 02:53 - 001327504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2018-09-12 21:32 - 2018-08-31 02:41 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
    2018-09-12 21:32 - 2018-08-31 02:41 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
    2018-09-12 21:32 - 2018-08-31 02:40 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll
    2018-09-12 21:32 - 2018-08-31 02:37 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2018-09-12 21:32 - 2018-08-31 02:37 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
    2018-09-12 21:32 - 2018-08-31 02:37 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2018-09-12 21:32 - 2018-08-31 02:36 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2018-09-12 21:32 - 2018-08-30 23:50 - 000273720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
    2018-09-12 21:32 - 2018-08-30 23:50 - 000270648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
    2018-09-12 21:32 - 2018-08-30 23:44 - 001222440 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2018-09-12 21:32 - 2018-08-30 23:44 - 001064744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2018-09-12 21:32 - 2018-08-30 23:44 - 001030952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2018-09-12 21:32 - 2018-08-30 23:44 - 000568600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2018-09-12 21:32 - 2018-08-30 23:44 - 000136488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2018-09-12 21:32 - 2018-08-30 23:44 - 000076256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
    2018-09-12 21:32 - 2018-08-30 23:43 - 002719216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2018-09-12 21:32 - 2018-08-30 23:43 - 000722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
    2018-09-12 21:32 - 2018-08-30 23:42 - 009090016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2018-09-12 21:32 - 2018-08-30 23:42 - 007520064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2018-09-12 21:32 - 2018-08-30 23:42 - 007436192 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2018-09-12 21:32 - 2018-08-30 23:42 - 002824672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2018-09-12 21:32 - 2018-08-30 23:42 - 002461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2018-09-12 21:32 - 2018-08-30 23:42 - 001767064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
    2018-09-12 21:32 - 2018-08-30 23:42 - 001458552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2018-09-12 21:32 - 2018-08-30 23:42 - 001258352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2018-09-12 21:32 - 2018-08-30 23:42 - 001142000 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2018-09-12 21:32 - 2018-08-30 23:42 - 001097720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2018-09-12 21:32 - 2018-08-30 23:42 - 000983080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2018-09-12 21:32 - 2018-08-30 23:42 - 000885928 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2018-09-12 21:32 - 2018-08-30 23:42 - 000632296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
    2018-09-12 21:32 - 2018-08-30 23:42 - 000604640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2018-09-12 21:32 - 2018-08-30 23:42 - 000527328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2018-09-12 21:32 - 2018-08-30 23:42 - 000494472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
    2018-09-12 21:32 - 2018-08-30 23:42 - 000155112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2018-09-12 21:32 - 2018-08-30 23:28 - 006570040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2018-09-12 21:32 - 2018-08-30 23:28 - 006043680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2018-09-12 21:32 - 2018-08-30 23:28 - 001989496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2018-09-12 21:32 - 2018-08-30 23:28 - 001514352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
    2018-09-12 21:32 - 2018-08-30 23:28 - 001129728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2018-09-12 21:32 - 2018-08-30 23:28 - 000568568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2018-09-12 21:32 - 2018-08-30 23:28 - 000453104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
    2018-09-12 21:32 - 2018-08-30 23:28 - 000134936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2018-09-12 21:32 - 2018-08-30 23:26 - 025847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2018-09-12 21:32 - 2018-08-30 23:21 - 022008320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2018-09-12 21:32 - 2018-08-30 23:20 - 022715904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2018-09-12 21:32 - 2018-08-30 23:18 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2018-09-12 21:32 - 2018-08-30 23:17 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
    2018-09-12 21:32 - 2018-08-30 23:17 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll
    2018-09-12 21:32 - 2018-08-30 23:17 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\netevent.dll
    2018-09-12 21:32 - 2018-08-30 23:16 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2018-09-12 21:32 - 2018-08-30 23:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2018-09-12 21:32 - 2018-08-30 23:16 - 005746688 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
    2018-09-12 21:32 - 2018-08-30 23:16 - 004382720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2018-09-12 21:32 - 2018-08-30 23:15 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2018-09-12 21:32 - 2018-08-30 23:15 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2018-09-12 21:32 - 2018-08-30 23:15 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2018-09-12 21:32 - 2018-08-30 23:15 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2018-09-12 21:32 - 2018-08-30 23:15 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
    2018-09-12 21:32 - 2018-08-30 23:15 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
    2018-09-12 21:32 - 2018-08-30 23:14 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2018-09-12 21:32 - 2018-08-30 23:14 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2018-09-12 21:32 - 2018-08-30 23:14 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2018-09-12 21:32 - 2018-08-30 23:14 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2018-09-12 21:32 - 2018-08-30 23:14 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2018-09-12 21:32 - 2018-08-30 23:13 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
    2018-09-12 21:32 - 2018-08-30 23:13 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
    2018-09-12 21:32 - 2018-08-30 23:13 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
    2018-09-12 21:32 - 2018-08-30 23:12 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2018-09-12 21:32 - 2018-08-30 23:12 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netevent.dll
    2018-09-12 21:32 - 2018-08-30 23:11 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2018-09-12 21:32 - 2018-08-30 23:11 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
    2018-09-12 21:32 - 2018-08-30 23:11 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2018-09-12 21:32 - 2018-08-30 23:11 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
    2018-09-12 21:32 - 2018-08-30 23:11 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
    2018-09-12 21:32 - 2018-08-30 23:11 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2018-09-12 21:32 - 2018-08-30 23:11 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
    2018-09-12 21:32 - 2018-08-30 23:10 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2018-09-12 21:32 - 2018-08-30 23:10 - 004529664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
    2018-09-12 21:32 - 2018-08-30 23:10 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2018-09-12 21:32 - 2018-08-30 23:10 - 001375744 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2018-09-12 21:32 - 2018-08-30 23:10 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
    2018-09-12 21:32 - 2018-08-30 23:10 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2018-09-12 21:32 - 2018-08-30 23:10 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2018-09-12 21:32 - 2018-08-30 23:10 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2018-09-12 21:32 - 2018-08-30 23:10 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
    2018-09-12 21:32 - 2018-08-30 23:10 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
    2018-09-12 21:32 - 2018-08-30 23:09 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
    2018-09-12 21:32 - 2018-08-30 23:09 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2018-09-12 21:32 - 2018-08-30 23:08 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2018-09-12 21:32 - 2018-08-30 23:07 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2018-09-12 21:32 - 2018-08-30 23:07 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
    2018-09-12 21:32 - 2018-08-30 23:07 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
    2018-09-12 21:32 - 2018-08-30 23:06 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
    2018-09-12 21:32 - 2018-08-30 21:57 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim
    2018-09-12 21:32 - 2018-08-28 03:17 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
    2018-09-12 21:32 - 2018-08-28 02:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
    2018-09-12 21:32 - 2018-08-28 02:49 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
    2018-09-12 21:32 - 2018-08-28 02:48 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
    2018-09-12 21:32 - 2018-08-28 02:45 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
    2018-09-12 21:32 - 2018-08-28 01:51 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
    2018-09-12 21:32 - 2018-08-13 22:14 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
    2018-09-12 21:32 - 2018-08-13 22:14 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
    2018-09-12 21:32 - 2018-08-09 05:32 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
    2018-09-12 21:32 - 2018-08-09 05:31 - 001617728 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2018-09-12 21:32 - 2018-08-09 05:31 - 000766872 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
    2018-09-12 21:32 - 2018-08-09 05:31 - 000253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
    2018-09-12 21:32 - 2018-08-09 05:31 - 000236624 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
    2018-09-12 21:32 - 2018-08-09 05:17 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
    2018-09-12 21:32 - 2018-08-09 05:16 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
    2018-09-12 21:32 - 2018-08-09 05:14 - 012709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2018-09-12 21:32 - 2018-08-09 05:14 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
    2018-09-12 21:32 - 2018-08-09 05:14 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll
    2018-09-12 21:32 - 2018-08-09 05:14 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
    2018-09-12 21:32 - 2018-08-09 05:13 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2018-09-12 21:32 - 2018-08-09 05:13 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe
    2018-09-12 21:32 - 2018-08-09 05:13 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
    2018-09-12 21:32 - 2018-08-09 05:13 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
    2018-09-12 21:32 - 2018-08-09 05:12 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2018-09-12 21:32 - 2018-08-09 05:12 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
    2018-09-12 21:32 - 2018-08-09 05:12 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2018-09-12 21:32 - 2018-08-09 05:11 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2018-09-12 21:32 - 2018-08-09 05:11 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
    2018-09-12 21:32 - 2018-08-09 05:11 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
    2018-09-12 21:32 - 2018-08-09 05:11 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
    2018-09-12 21:32 - 2018-08-09 05:11 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
    2018-09-12 21:32 - 2018-08-09 05:10 - 001557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
    2018-09-12 21:32 - 2018-08-09 05:10 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2018-09-12 21:32 - 2018-08-09 05:10 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2018-09-12 21:32 - 2018-08-09 05:09 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
    2018-09-12 21:32 - 2018-08-09 05:09 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
    2018-09-12 21:32 - 2018-08-09 05:09 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
    2018-09-12 21:32 - 2018-08-09 04:36 - 000660896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
    2018-09-12 21:32 - 2018-08-09 04:36 - 000221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
    2018-09-12 21:32 - 2018-08-09 04:24 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2018-09-12 21:32 - 2018-08-09 04:24 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
    2018-09-12 21:32 - 2018-08-09 04:23 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
    2018-09-12 21:32 - 2018-08-09 04:23 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
    2018-09-12 21:32 - 2018-08-09 04:23 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll
    2018-09-12 21:32 - 2018-08-09 04:22 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
    2018-09-12 21:32 - 2018-08-09 04:22 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2018-09-12 21:32 - 2018-08-09 04:22 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
    2018-09-12 21:32 - 2018-08-09 04:22 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe
    2018-09-12 21:32 - 2018-08-09 04:21 - 002894848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2018-09-12 21:32 - 2018-08-09 04:21 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2018-09-12 21:32 - 2018-08-09 04:21 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
    2018-09-12 21:32 - 2018-08-09 04:21 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
    2018-09-12 21:32 - 2018-08-09 04:20 - 002401792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
    2018-09-12 21:32 - 2018-08-09 04:20 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
    2018-09-12 21:32 - 2018-08-09 04:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
    2018-09-12 21:32 - 2018-08-09 04:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
    2018-09-12 21:32 - 2018-08-09 04:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
    2018-09-12 21:32 - 2018-08-09 01:02 - 001035144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2018-09-12 21:32 - 2018-08-09 01:01 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
    2018-09-12 21:32 - 2018-08-09 00:55 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
    2018-09-12 21:32 - 2018-08-09 00:54 - 001019016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
    2018-09-12 21:32 - 2018-08-09 00:54 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2018-09-12 21:32 - 2018-08-09 00:54 - 000375704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2018-09-12 21:32 - 2018-08-09 00:54 - 000203568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
    2018-09-12 21:32 - 2018-08-09 00:54 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2018-09-12 21:32 - 2018-08-09 00:53 - 002765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2018-09-12 21:32 - 2018-08-09 00:53 - 001947720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2018-09-12 21:32 - 2018-08-09 00:53 - 001026456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2018-09-12 21:32 - 2018-08-09 00:53 - 000932136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2018-09-12 21:32 - 2018-08-09 00:53 - 000714792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2018-09-12 21:32 - 2018-08-09 00:53 - 000482480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
    2018-09-12 21:32 - 2018-08-09 00:53 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
    2018-09-12 21:32 - 2018-08-09 00:53 - 000125600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll
    2018-09-12 21:32 - 2018-08-09 00:30 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2018-09-12 21:32 - 2018-08-09 00:30 - 000183992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
    2018-09-12 21:32 - 2018-08-09 00:29 - 002253584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2018-09-12 21:32 - 2018-08-09 00:29 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2018-09-12 21:32 - 2018-08-09 00:29 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
    2018-09-12 21:32 - 2018-08-09 00:29 - 000581696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
    2018-09-12 21:32 - 2018-08-09 00:29 - 000099208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptxml.dll
    2018-09-12 21:32 - 2018-08-09 00:28 - 003395072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2018-09-12 21:32 - 2018-08-09 00:28 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
    2018-09-12 21:32 - 2018-08-09 00:27 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2018-09-12 21:32 - 2018-08-09 00:27 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
    2018-09-12 21:32 - 2018-08-09 00:27 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe
    2018-09-12 21:32 - 2018-08-09 00:26 - 000990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
    2018-09-12 21:32 - 2018-08-09 00:26 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
    2018-09-12 21:32 - 2018-08-09 00:26 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
    2018-09-12 21:32 - 2018-08-09 00:26 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2018-09-12 21:32 - 2018-08-09 00:26 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
    2018-09-12 21:32 - 2018-08-09 00:26 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
    2018-09-12 21:32 - 2018-08-09 00:26 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
    2018-09-12 21:32 - 2018-08-09 00:25 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2018-09-12 21:32 - 2018-08-09 00:25 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2018-09-12 21:32 - 2018-08-09 00:25 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
    2018-09-12 21:32 - 2018-08-09 00:25 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
    2018-09-12 21:32 - 2018-08-09 00:25 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
    2018-09-12 21:32 - 2018-08-09 00:25 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
    2018-09-12 21:32 - 2018-08-09 00:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
    2018-09-12 21:32 - 2018-08-09 00:24 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2018-09-12 21:32 - 2018-08-09 00:24 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2018-09-12 21:32 - 2018-08-09 00:23 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
    2018-09-12 21:32 - 2018-08-09 00:23 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2018-09-12 21:32 - 2018-08-09 00:23 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2018-09-12 21:32 - 2018-08-09 00:23 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2018-09-12 21:32 - 2018-08-09 00:22 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2018-09-12 21:32 - 2018-08-09 00:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2018-09-12 21:32 - 2018-08-09 00:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2018-09-12 21:32 - 2018-08-09 00:22 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
    2018-09-12 21:32 - 2018-08-09 00:21 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2018-09-12 21:32 - 2018-08-09 00:13 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
    2018-09-12 21:32 - 2018-08-09 00:13 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe
    2018-09-12 21:32 - 2018-08-09 00:12 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
    2018-09-12 21:32 - 2018-08-09 00:11 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2018-09-12 21:32 - 2018-08-09 00:11 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
    2018-09-12 21:32 - 2018-08-09 00:11 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
    2018-09-12 21:32 - 2018-08-09 00:11 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
    2018-09-12 21:32 - 2018-08-09 00:11 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsAuth.dll
    2018-09-12 21:32 - 2018-08-09 00:11 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll
    2018-09-12 21:32 - 2018-08-09 00:11 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
    2018-09-12 21:32 - 2018-08-09 00:10 - 002893824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
    2018-09-12 21:32 - 2018-08-09 00:10 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2018-09-12 21:32 - 2018-08-09 00:10 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2018-09-12 21:32 - 2018-08-09 00:09 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2018-09-12 21:32 - 2018-08-09 00:09 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2018-09-12 21:32 - 2018-08-09 00:08 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
    2018-09-12 21:32 - 2018-08-08 23:08 - 000806416 _____ C:\WINDOWS\SysWOW64\locale.nls
    2018-09-12 21:32 - 2018-08-08 23:08 - 000806416 _____ C:\WINDOWS\system32\locale.nls
    2018-09-11 07:54 - 2018-09-11 07:54 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
    2018-09-11 07:54 - 2018-09-11 07:54 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
    2018-09-11 07:54 - 2018-09-11 07:54 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
    2018-09-11 07:54 - 2018-09-11 07:54 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
    2018-09-08 17:01 - 2018-09-10 09:54 - 000000000 ____D C:\WINDOWS\Minidump
    2018-09-02 16:43 - 2018-09-02 16:43 - 000059312 _____ C:\Users\admin\Downloads\Black Lotus Sources.pdf
    2018-09-01 21:50 - 2018-09-01 21:51 - 016961887 _____ (Ben Wallis ) C:\Users\admin\Downloads\filtration_0.20_setup.exe
    2018-09-01 21:36 - 2018-09-02 14:28 - 000000000 ____D C:\Users\admin\Downloads\##POE-TradeMacro
    2018-09-01 21:35 - 2018-09-01 21:35 - 000000000 ____D C:\Users\admin\Downloads\##POE-TradeMacro_backup
    2018-09-01 20:04 - 2018-09-01 20:04 - 002697075 _____ C:\Users\admin\Desktop\1535844586031.webm
    2018-08-28 20:35 - 2018-08-28 20:35 - 021900864 _____ C:\Users\admin\Desktop\LBP6030_V2110_W64_us_EN_2.exe
    2018-08-28 20:35 - 2018-08-28 20:35 - 000000000 ____D C:\Users\admin\Desktop\LBP6030_V2110_W64_us_EN_2
    2018-08-28 20:16 - 2018-08-28 20:16 - 000000749 _____ C:\Users\admin\Desktop\Printerdiagnostic10.diagcab
    2018-08-27 15:23 - 2018-08-27 15:23 - 002213378 _____ C:\Users\admin\Desktop\1535175066705.webm
    2018-08-27 15:15 - 2018-08-27 15:15 - 001834565 _____ C:\Users\admin\Desktop\1535171177093.webm
    2018-08-25 16:53 - 2018-08-25 16:53 - 000000000 ____D C:\Users\admin\Downloads\inside-o-chapter-1-to-6
    2018-08-24 21:42 - 2018-08-25 17:05 - 000000000 ____D C:\Users\admin\Downloads\House120-dc1436caabd86979
    2018-08-24 21:33 - 2018-08-24 22:01 - 000000000 ____D C:\Users\admin\Downloads\FILF-062b-pc
    2018-08-21 11:15 - 2018-08-21 11:15 - 000002184 _____ C:\Users\Public\Desktop\MTGArenaLauncher.lnk
    2018-08-21 11:14 - 2018-08-21 11:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTGArena
    2018-08-16 22:55 - 2018-09-03 22:07 - 000001390 _____ C:\Users\Public\Desktop\Skype.lnk

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-09-14 23:54 - 2016-12-29 15:27 - 000000000 ____D C:\Users\admin\AppData\Local\Battle.net
    2018-09-14 22:01 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2018-09-14 20:54 - 2016-12-29 11:24 - 000000000 ____D C:\Program Files (x86)\Steam
    2018-09-14 20:24 - 2016-12-29 15:26 - 000000000 ____D C:\Program Files (x86)\Battle.net
    2018-09-14 20:23 - 2017-01-02 20:20 - 000000000 ____D C:\ProgramData\NVIDIA
    2018-09-14 20:22 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
    2018-09-14 20:22 - 2017-05-15 17:51 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2018-09-14 20:22 - 2017-01-01 20:45 - 000000000 ____D C:\Users\admin\AppData\LocalLow\Mozilla
    2018-09-14 15:30 - 2018-05-14 08:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2018-09-14 12:56 - 2018-05-14 08:30 - 000000000 ____D C:\Users\admin
    2018-09-14 12:37 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2018-09-13 22:24 - 2017-03-09 06:33 - 000000000 ____D C:\Users\admin\AppData\Local\CrashDumps
    2018-09-13 22:05 - 2018-05-14 08:37 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2018-09-13 22:05 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
    2018-09-13 21:59 - 2018-05-14 08:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2018-09-13 21:59 - 2018-04-11 17:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2018-09-13 21:45 - 2017-06-13 05:56 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guildwork
    2018-09-13 21:45 - 2014-07-24 22:58 - 000000000 ____D C:\ProgramData\Package Cache
    2018-09-13 21:36 - 2017-04-28 12:31 - 000000000 ____D C:\Program Files (x86)\Rags Game
    2018-09-13 20:33 - 2016-12-29 13:26 - 000000000 ____D C:\Program Files (x86)\Dropbox
    2018-09-13 20:31 - 2017-03-08 23:13 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2018-09-13 18:06 - 2017-01-03 18:28 - 000000000 ____D C:\Program Files (x86)\Overwatch
    2018-09-13 15:31 - 2018-05-14 08:26 - 000290336 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
    2018-09-13 15:31 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
    2018-09-13 15:31 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput
    2018-09-13 15:31 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
    2018-09-13 15:31 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\oobe
    2018-09-13 15:31 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr
    2018-09-13 15:31 - 2018-04-11 17:04 - 000000000 ____D C:\WINDOWS\system32\Dism
    2018-09-12 23:15 - 2018-07-27 14:43 - 000000000 ____D C:\ProgramData\ProductData
    2018-09-11 15:35 - 2017-01-01 12:13 - 000000000 ____D C:\Users\admin\AppData\Roaming\RenPy
    2018-09-11 14:01 - 2018-05-14 08:35 - 000004528 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
    2018-09-11 14:01 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2018-09-11 14:01 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2018-09-11 13:55 - 2017-02-14 20:38 - 000000000 ____D C:\Users\admin\AppData\Local\KADOKAWA
    2018-09-11 13:50 - 2016-12-30 12:50 - 000000000 ____D C:\WINDOWS\system32\MRT
    2018-09-11 13:48 - 2016-12-30 12:49 - 139184408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2018-09-10 09:37 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2018-09-08 18:28 - 2017-06-27 23:28 - 000000000 ___RD C:\Users\admin\Desktop\kk
    2018-09-08 17:02 - 2017-01-03 04:14 - 000000000 ____D C:\Users\admin\AppData\Local\ElevatedDiagnostics
    2018-09-08 16:57 - 2017-09-24 16:14 - 000000000 ____D C:\Users\admin\AppData\Roaming\Spotify
    2018-09-08 16:27 - 2017-09-24 16:14 - 000000000 ____D C:\Users\admin\AppData\Local\Spotify
    2018-09-07 19:33 - 2018-03-08 22:41 - 000000000 ____D C:\Users\admin\Desktop\MCC
    2018-09-07 16:09 - 2016-12-29 13:26 - 000000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
    2018-09-07 16:09 - 2016-12-29 13:26 - 000000912 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
    2018-09-04 19:04 - 2018-04-11 19:41 - 000835144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2018-09-04 19:04 - 2018-04-11 19:41 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2018-09-03 22:07 - 2018-07-23 13:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2018-09-02 14:28 - 2017-03-03 23:47 - 000000000 ____D C:\Users\admin\Documents\PoE-TradeMacro
    2018-09-01 19:05 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2018-08-31 23:40 - 2018-05-15 15:07 - 000000000 ____D C:\Users\admin\AppData\Local\D3DSCache
    2018-08-31 08:58 - 2016-12-29 13:30 - 000000000 ___RD C:\Users\admin\Dropbox
    2018-08-25 22:26 - 2017-12-08 12:51 - 000000000 ____D C:\Users\admin\AppData\Local\JDownloader v2.0
    2018-08-22 20:39 - 2018-03-15 00:59 - 000000000 ____D C:\Users\admin\Desktop\MTG
    2018-08-22 20:25 - 2018-05-14 08:35 - 000003976 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
    2018-08-22 20:25 - 2018-05-14 08:35 - 000003744 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
    2018-08-21 11:16 - 2018-07-27 14:42 - 000000000 ____D C:\Users\admin\AppData\Roaming\IObit
    2018-08-21 11:14 - 2018-07-27 14:47 - 000000000 ____D C:\Program Files (x86)\Wizards of the Coast

    ==================== Files in the root of some directories =======

    2017-12-09 01:51 - 2018-01-17 01:51 - 000000327 _____ () C:\Users\admin\AppData\Roaming\WB.CFG
    2018-02-07 01:19 - 2018-05-13 23:40 - 000005632 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2017-12-12 17:50 - 2017-12-15 18:50 - 000000068 _____ () C:\Users\admin\AppData\Local\KBspmjgdaX
    2017-12-21 01:51 - 2017-12-21 17:52 - 000000072 _____ () C:\Users\admin\AppData\Local\ov26ahov26
    2017-06-15 05:35 - 2017-06-15 05:35 - 000007593 _____ () C:\Users\admin\AppData\Local\Resmon.ResmonCfg

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-05-14 08:26

    ==================== End of FRST.txt ============================

    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.3.0
    # -------------------------------
    # Build: 08-30-2018
    # Database: 2018-09-14.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 09-15-2018
    # Duration: 00:01:42
    # OS: Windows 10 Home
    # Scanned: 41927
    # Detected: 170


    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    No malicious folders found.

    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    Adware.StartPage HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\search123forme.com
    Adware.StartPage HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\search123forme.com
    Adware.StartPage HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\search123forme.com
    PUP.Optional.Bettersearch HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bettersearch.biz
    PUP.Optional.Bettersearch HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bettersearch.biz
    PUP.Optional.Bettersearch HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bettersearch.biz
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mywebsearch.net
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mywebsearch.net
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mywebsearch.net
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\oneclicksearches.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\oneclicksearches.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\oneclicksearches.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\lineroyalruby.net
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\gamezroyalruby.net
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\lineroyalruby.net
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\gamezroyalruby.net
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\lineroyalruby.net
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\gamezroyalruby.net
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\searchnow.ws
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\livesearchnow.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\searchnow.ws
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\livesearchnow.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\searchnow.ws
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\livesearchnow.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\youfindall.net
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\youfindall.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\youfindall.net
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\youfindall.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\youfindall.net
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\youfindall.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mysearchdialcdn.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mysearchdialcdn.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mysearchdialcdn.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\istarthere.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\istarthere.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\istarthere.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\hotbar.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\hotbar.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\hotbar.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\imesh2008.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\downloadimesh.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\imesh2008.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\downloadimesh.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\imesh2008.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\downloadimesh.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\gedichteoma.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\gedichteoma.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\gedichteoma.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\eazel.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\eazel.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\eazel.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\yoursearchspace.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\whatsyoursearch.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\helpyoursearch.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\yoursearchspace.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\whatsyoursearch.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\helpyoursearch.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\yoursearchspace.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\whatsyoursearch.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\helpyoursearch.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicemoviejokes.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicecodec.net
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicecodec.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nice-movie-jokes.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\codecnice.net
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicemoviejokes.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicecodec.net
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicecodec.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nice-movie-jokes.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\codecnice.net
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicemoviejokes.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicecodec.net
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicecodec.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nice-movie-jokes.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\codecnice.net
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\buenosearch.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\buenosearch.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\buenosearch.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\certified-toolbar.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\certified-toolbar.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\certified-toolbar.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\findit-now.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\findit-now.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\findit-now.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mp3bearshare.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\free-bearshares.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearsharepro2007.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearsharepro-download.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearsharelive.co.uk
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-usa.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-uk.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-music-downloads.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-downloads.net
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-download.org
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-d0wnload.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mp3bearshare.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\free-bearshares.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearsharepro2007.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearsharepro-download.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearsharelive.co.uk
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-usa.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-uk.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-music-downloads.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-downloads.net
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-download.org
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-d0wnload.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mp3bearshare.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\free-bearshares.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearsharepro2007.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearsharepro-download.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearsharelive.co.uk
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-usa.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-uk.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-music-downloads.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-downloads.net
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-download.org
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-d0wnload.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\adanak.net
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\adanak.net
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\adanak.net
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mediaactivextask.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mediaactivextask.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mediaactivextask.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\peoplesearchengine.info
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\peoplesearchengine.info
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\peoplesearchengine.info
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\aartemis.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\aartemis.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\aartemis.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\you-search.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\you-search.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\you-search.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bestcrawler.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bestcrawler.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bestcrawler.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\startsear.ch
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\startsear.ch
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\startsear.ch
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\sweetim.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\sweetim.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\sweetim.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\tangounion.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\tangounion.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\tangounion.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\favorit-network.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\favorit-network.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\favorit-network.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\digistreamsa.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\digistreamsa.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\digistreamsa.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\180searchassistant.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\180searchassistant.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\180searchassistant.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\directsearchzone.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\directsearchzone.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\directsearchzone.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\easy-search.net
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\easy-search.net
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\easy-search.net
    PUP.Optional.Photor HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\photorepositary.com
    PUP.Optional.Photor HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\photorepositary.com
    PUP.Optional.Photor HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\photorepositary.com
    PUP.Optional.SweetPacks HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\sweetpacks.com
    PUP.Optional.SweetPacks HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\sweetpacks.com
    PUP.Optional.SweetPacks HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\sweetpacks.com

    ***** [ Chromium (and derivatives) ] *****

    PUP.Optional.InfoAtoms hhbgpoakplhahbklhkcfbpicgjcaoglk
    PUP.Optional.MySearch Search Manager
    PUP.Optional.SearchManager Search Manager

    ***** [ Chromium URLs ] *****

    PUP.Optional.Legacy http://www.trovi.com/?gd=&ctid=CT332...C3324E2D&SSPV=
    PUP.Optional.Trovi http://www.trovi.com/?gd=&ctid=CT332...C3324E2D&SSPV=

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.


    AdwCleaner[S00].txt - [10799 octets] - [13/09/2018 21:58:43]
    AdwCleaner[C00].txt - [9446 octets] - [13/09/2018 21:59:04]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
    Last edited by tashi; 2018-09-16 at 02:38. Reason: Removed duplicate topic

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,750

    Default

    Welcome

    Peer to Peer (P2P) Warning
    Going over your logs I noticed that you have Peer 2 Peer (qBittorrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

    Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
    They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.




    Need to uninstall

    CPUID CPU-Z 1.79.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION
    Chromium (HKLM-x32\...\{D1DB391B-815B-E89B-30DB-981BE05B4B9B}) (Version: - )
    Chromium (HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\Chromium) (Version: 67.0.3396.62 - Chromium)
    IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.5.0.7 - IObit)


    ~~

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::

    Start::
    CloseProcesses:
    CreateRestorePoint:
    CustomCLSID: HKU\S-1-5-21-3228323692-928225871-3027623042-1001_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\admin\AppData\Local\Chromium\Application\67.0.3396.62\notification_helper.exe (The Chromium Authors) <==== ATTENTION
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    Task: {38E0ECF2-6599-41F4-A22A-F808B2D23FD5} - \WPD\SqmUpload_S-1-5-21-3228323692-928225871-3027623042-1001 -> No File <==== ATTENTION
    Task: {5921AD23-7946-4560-A525-F365D0101EA5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {DCB6B70F-CD65-4825-B556-75FD3629BC27} - \{1A4570EA-61D8-2E4F-97ED-2020CA084230} -> No File <==== ATTENTION
    ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disk-cache-size=1048576000
    ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium Apps\Google Keep - notes and lists.lnk -> C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
    ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium Apps\Readium.lnk -> C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) -> --profile-directory=Default --app-id=fepbnnnkkadjhjahcafoaglimekefifl
    ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
    ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Readium.lnk -> C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fepbnnnkkadjhjahcafoaglimekefifl
    AlternateDataStreams: C:\Users\admin\Desktop\podcast_republic_podcasts.opml:com.dropbox.attributes [168]
    AlternateDataStreams: C:\ProgramData\Temp:B3503B59 [174]
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\StartupApproved\Run: => "Chromium"
    C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
    C:\Users\admin\AppData\Local\Chromium
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\Run: [Chromium] => c:\users\admin\appdata\local\chromium\application\chrome.exe [1511424 2018-05-30] (The Chromium Authors)
    SearchScopes: HKLM -> DefaultScope {B28FBD81-A3C9-41CC-B503-547AF22B311E} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {B28FBD81-A3C9-41CC-B503-547AF22B311E} URL =
    SearchScopes: HKU\S-1-5-21-3228323692-928225871-3027623042-1001 -> DefaultScope {B28FBD81-A3C9-41CC-B503-547AF22B311E} URL =
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-01-25] (IObit)
    BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
    CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3326235&octid=EB_ORIGINAL_CTID&ISID=M6A210000-5EDE-479E-9257-0A71743848C7&SearchSource=55&CUI=&UM=6&UP=SP9D223FA7-C8F2-4487-A39E-70D9C3324E2D&SSPV=
    CHR StartupUrls: Default -> "hxxp://dictionary.reference.com/","hxxp://www.westhartfordlibrary.org/","hxxp://www.google.com/","hxxps://us.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_18_03_mnn_jdnld2_17_49&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtAyEtDtC0AtAyCzzzz0AtBtN0D0Tzu0StBtBtDzztN1L2XzutAtFtAtBtFtCtFyBtBtN1L1Czu1M1Q1CtAyEtFyDtFtDtN1L1G1B1V1N2Y1L1Qzu2SyEyC0ByBtDtCzz0AtGyDyByByDtG0C0E0BtCtGtC0EtA0BtG0FtDzy0FtDyEtA0EtAtAtBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0FyCyByD0BtAyBtG0EzzyDtBtGyEyC0A0AtG0Bzyzy0BtG0A0CyByE0E0F0BtByB0A0DyD2QtN0A0LzuyEtN0D0T0S1P1RzutCyDtCyCtCyCzztAtAyD%26cr%3D1850636103%26a%3Dhdr_s_18_03_mnn_jdnld2_17_49%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&uref=chmm"
    CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
    CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
    C:\Windows\Temp\*.*
    Emptytemp:
    End::

    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Please open and run AdwCleaner again
    • then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


    ~~~
    RogueKiller
    • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
    • Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
    • Wait for the scan to complete
    • On completion, the results will be displayed
    • Check every single entry (threat found), and click on the Remove Selected button
    • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
    • This will open the report in Notepad. Copy/paste its content in your next reply


    created by Aura

    ~~
    Your next reply(ies) should therefore contain:
    • Copy/pasted Fixlog.txt
    • Copy/pasted AdwCleaner clean log
    • Copy/pasted RogueKiller clean log
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Sep 2018
    Posts
    6

    Default

    Fix result of Farbar Recovery Scan Tool (x64) Version: 15.09.2018
    Ran by khoa (16-09-2018 21:16:18) Run:1
    Running from C:\Users\admin\Desktop
    Loaded Profiles: khoa (Available Profiles: khoa)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    CustomCLSID: HKU\S-1-5-21-3228323692-928225871-3027623042-1001_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\admin\AppData\Local\Chromium\Application\67.0.3396.62\notification_helper.exe (The Chromium Authors) <==== ATTENTION
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    Task: {38E0ECF2-6599-41F4-A22A-F808B2D23FD5} - \WPD\SqmUpload_S-1-5-21-3228323692-928225871-3027623042-1001 -> No File <==== ATTENTION
    Task: {5921AD23-7946-4560-A525-F365D0101EA5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {DCB6B70F-CD65-4825-B556-75FD3629BC27} - \{1A4570EA-61D8-2E4F-97ED-2020CA084230} -> No File <==== ATTENTION
    ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disk-cache-size=1048576000
    ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium Apps\Google Keep - notes and lists.lnk -> C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
    ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium Apps\Readium.lnk -> C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) -> --profile-directory=Default --app-id=fepbnnnkkadjhjahcafoaglimekefifl
    ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
    ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Readium.lnk -> C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fepbnnnkkadjhjahcafoaglimekefifl
    AlternateDataStreams: C:\Users\admin\Desktop\podcast_republic_podcasts.opml:com.dropbox.attributes [168]
    AlternateDataStreams: C:\ProgramData\Temp:B3503B59 [174]
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\StartupApproved\Run: => "Chromium"
    C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
    C:\Users\admin\AppData\Local\Chromium
    HKU\S-1-5-21-3228323692-928225871-3027623042-1001\...\Run: [Chromium] => c:\users\admin\appdata\local\chromium\application\chrome.exe [1511424 2018-05-30] (The Chromium Authors)
    SearchScopes: HKLM -> DefaultScope {B28FBD81-A3C9-41CC-B503-547AF22B311E} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {B28FBD81-A3C9-41CC-B503-547AF22B311E} URL =
    SearchScopes: HKU\S-1-5-21-3228323692-928225871-3027623042-1001 -> DefaultScope {B28FBD81-A3C9-41CC-B503-547AF22B311E} URL =
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-01-25] (IObit)
    BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
    CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3326235&octid=EB_ORIGINAL_CTID&ISID=M6A210000-5EDE-479E-9257-0A71743848C7&SearchSource=55&CUI=&UM=6&UP=SP9D223FA7-C8F2-4487-A39E-70D9C3324E2D&SSPV=
    CHR StartupUrls: Default -> "hxxp://dictionary.reference.com/","hxxp://www.westhartfordlibrary.org/","hxxp://www.google.com/","hxxps://us.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_18_03_mnn_jdnld2_17_49&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtAyEtDtC0AtAyCzzzz0AtBtN0D0Tzu0StBtBtDzztN1L2XzutAtFtAtBtFtCtFyBtBtN1L1Czu1M1Q1CtAyEtFyDtFtDtN1L1G1B1V1N2Y1L1Qzu2SyEyC0ByBtDtCzz0AtGyDyByByDtG0C0E0BtCtGtC0EtA0BtG0FtDzy0FtDyEtA0EtAtAtBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0FyCyByD0BtAyBtG0EzzyDtBtGyEyC0A0AtG0Bzyzy0BtG0A0CyByE0E0F0BtByB0A0DyD2QtN0A0LzuyEtN0D0T0S1P1RzutCyDtCyCtCyCzztAtAyD%26cr%3D1850636103%26a%3Dhdr_s_18_03_mnn_jdnld2_17_49%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&uref=chmm"
    CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
    CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
    C:\Windows\Temp\*.*
    Emptytemp:

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    "HKU\S-1-5-21-3228323692-928225871-3027623042-1001_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}" => removed successfully
    "HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
    HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38E0ECF2-6599-41F4-A22A-F808B2D23FD5}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38E0ECF2-6599-41F4-A22A-F808B2D23FD5}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-3228323692-928225871-3027623042-1001" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5921AD23-7946-4560-A525-F365D0101EA5}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5921AD23-7946-4560-A525-F365D0101EA5}" => removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCB6B70F-CD65-4825-B556-75FD3629BC27}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCB6B70F-CD65-4825-B556-75FD3629BC27}" => removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1A4570EA-61D8-2E4F-97ED-2020CA084230} => not found
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium Apps\Google Keep - notes and lists.lnk => Shortcut argument removed successfully
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium Apps\Readium.lnk => Shortcut argument removed successfully
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk => Shortcut argument removed successfully
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Readium.lnk => Shortcut argument removed successfully
    "C:\Users\admin\Desktop\podcast_republic_podcasts.opml" => ":com.dropbox.attributes" ADS not found.
    C:\ProgramData\Temp => ":B3503B59" ADS removed successfully
    "HKU\S-1-5-21-3228323692-928225871-3027623042-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Chromium" => removed successfully
    "HKU\S-1-5-21-3228323692-928225871-3027623042-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Chromium" => removed successfully
    C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe => moved successfully
    C:\Users\admin\AppData\Local\Chromium => moved successfully
    "HKU\S-1-5-21-3228323692-928225871-3027623042-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium" => not found
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    "HKU\S-1-5-21-3228323692-928225871-3027623042-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => not found
    HKLM\Software\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => not found
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => removed successfully
    HKLM\Software\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => not found
    "Chrome HomePage" => removed successfully
    "Chrome StartupUrls" => removed successfully
    "Chrome DefaultSearchURL" => not found
    "Chrome DefaultSuggestURL" => not found

    =========== "C:\Windows\Temp\*.*" ==========

    C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
    C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
    C:\Windows\Temp\MpCmdRun.log => moved successfully
    C:\Windows\Temp\MpSigStub.log => moved successfully
    C:\Windows\Temp\tempstate.dat => moved successfully
    C:\Windows\Temp\TSpybotUpdaterThread.log => moved successfully
    C:\Windows\Temp\{959BE669-B333-4C26-8F79-C86863798380}-DropboxClient_57.4.89.exe => moved successfully

    ========= End -> "C:\Windows\Temp\*.*" ========


    =========== EmptyTemp: ==========

    BITS transfer queue => 7888896 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27264949 B
    Java, Flash, Steam htmlcache => 243487373 B
    Windows/system/drivers => 0 B
    Edge => 293 B
    Chrome => 667929101 B
    Firefox => 22818906 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 0 B
    LocalService => 0 B
    NetworkService => 25244 B
    NetworkService => 0 B
    admin => 304301833 B

    RecycleBin => 21932946 B
    EmptyTemp: => 1.2 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 21:17:11 ====

    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.3.0
    # -------------------------------
    # Build: 08-30-2018
    # Database: 2018-09-14.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 09-16-2018
    # Duration: 00:00:01
    # OS: Windows 10 Home
    # Cleaned: 165
    # Failed: 3


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\search123forme.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\search123forme.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\search123forme.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bettersearch.biz
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bettersearch.biz
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bettersearch.biz
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mywebsearch.net
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mywebsearch.net
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mywebsearch.net
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\oneclicksearches.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\oneclicksearches.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\oneclicksearches.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\lineroyalruby.net
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\gamezroyalruby.net
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\lineroyalruby.net
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\gamezroyalruby.net
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\lineroyalruby.net
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\gamezroyalruby.net
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\searchnow.ws
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\livesearchnow.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\searchnow.ws
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\livesearchnow.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\searchnow.ws
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\livesearchnow.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\youfindall.net
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\youfindall.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\youfindall.net
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\youfindall.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\youfindall.net
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\youfindall.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mysearchdialcdn.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mysearchdialcdn.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mysearchdialcdn.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\istarthere.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\istarthere.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\istarthere.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\hotbar.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\hotbar.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\hotbar.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\imesh2008.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\downloadimesh.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\imesh2008.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\downloadimesh.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\imesh2008.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\downloadimesh.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\gedichteoma.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\gedichteoma.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\gedichteoma.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\eazel.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\eazel.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\eazel.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\yoursearchspace.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\whatsyoursearch.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\helpyoursearch.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\yoursearchspace.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\whatsyoursearch.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\helpyoursearch.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\yoursearchspace.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\whatsyoursearch.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\helpyoursearch.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicemoviejokes.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicecodec.net
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicecodec.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nice-movie-jokes.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\codecnice.net
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicemoviejokes.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicecodec.net
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicecodec.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nice-movie-jokes.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\codecnice.net
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicemoviejokes.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicecodec.net
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicecodec.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nice-movie-jokes.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\codecnice.net
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\buenosearch.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\buenosearch.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\buenosearch.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\certified-toolbar.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\certified-toolbar.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\certified-toolbar.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\findit-now.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\findit-now.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\findit-now.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mp3bearshare.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\free-bearshares.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearsharepro2007.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearsharepro-download.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearsharelive.co.uk
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-usa.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-uk.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-music-downloads.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-downloads.net
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-download.org
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-d0wnload.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mp3bearshare.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\free-bearshares.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearsharepro2007.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearsharepro-download.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearsharelive.co.uk
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-usa.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-uk.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-music-downloads.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-downloads.net
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-download.org
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-d0wnload.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mp3bearshare.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\free-bearshares.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearsharepro2007.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearsharepro-download.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearsharelive.co.uk
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-usa.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-uk.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-music-downloads.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-downloads.net
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-download.org
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bearshare-d0wnload.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\adanak.net
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\adanak.net
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\adanak.net
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mediaactivextask.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mediaactivextask.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mediaactivextask.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\peoplesearchengine.info
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\peoplesearchengine.info
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\peoplesearchengine.info
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\aartemis.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\aartemis.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\aartemis.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\you-search.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\you-search.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\you-search.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bestcrawler.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bestcrawler.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bestcrawler.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\startsear.ch
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\startsear.ch
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\startsear.ch
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\sweetim.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\sweetim.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\sweetim.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\tangounion.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\tangounion.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\tangounion.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\favorit-network.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\favorit-network.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\favorit-network.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\digistreamsa.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\digistreamsa.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\digistreamsa.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\180searchassistant.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\180searchassistant.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\180searchassistant.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\directsearchzone.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\directsearchzone.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\directsearchzone.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\easy-search.net
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\easy-search.net
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\easy-search.net
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\photorepositary.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\photorepositary.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\photorepositary.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\sweetpacks.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\sweetpacks.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\sweetpacks.com

    ***** [ Chromium (and derivatives) ] *****

    Not Deleted hhbgpoakplhahbklhkcfbpicgjcaoglk

    ***** [ Chromium URLs ] *****

    Not Deleted http://www.trovi.com/?gd=&ctid=CT332...C3324E2D&SSPV=
    Not Deleted http://www.trovi.com/?gd=&ctid=CT332...C3324E2D&SSPV=

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [10799 octets] - [13/09/2018 21:58:43]
    AdwCleaner[C00].txt - [9446 octets] - [13/09/2018 21:59:04]
    AdwCleaner[S01].txt - [24484 octets] - [15/09/2018 15:22:23]
    AdwCleaner[S02].txt - [24450 octets] - [16/09/2018 21:21:37]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

    RogueKiller V12.13.0.0 (x64) [Sep 10 2018] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.17134) 64 bits version
    Started in : Normal mode
    User : khoa [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 09/16/2018 21:31:32 (Duration : 00:42:39)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 7 ¤¤¤
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3228323692-928225871-3027623042-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo13.msn.com/?pc=LCJB -> Replaced (http://www.microsoft.com/isapi/redir...r=6&ar=msnhome)
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3228323692-928225871-3027623042-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo13.msn.com/?pc=LCJB -> Replaced (http://www.microsoft.com/isapi/redir...r=6&ar=msnhome)
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.30.1 ([]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7462757f-5a4e-4884-af30-a306c625573a} | DhcpNameServer : 10.0.30.1 ([]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e86944bd-ce58-42fb-bd77-c6dd4025c3a2} | DhcpNameServer : 10.0.30.1 ([]) -> Replaced ()
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Replaced (2)
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected

    ¤¤¤ Tasks : 1 ¤¤¤
    [Suspicious.Path] \{323CEC42-B62D-723B-058B-59E382A7D428} -- C:\Users\admin\AppData\Local\Lobog\sync.exe (/Check) -> Deleted

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 6 ¤¤¤
    [PUP.Gen0][Chrome:Addon] Default : MyJDownloader Browser Extension [fbcohnmimjicjdomonkcbcpbpnhggkip] -> Deleted
    [PUM.HomePage][Firefox:Config] el03g9h9.default : user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/s_18_03_mnn_jdnld2_17_49&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtAyEtDtC0AtAyCzzzz0AtBtN0D0Tzu0StBtBtDzztN1L2XzutAtFtAtBtFtCtFyBtBtN1L1Czu1M1Q1CtAyEtFyDtFtDtN1L1G1B1V1N2Y1L1Qzu2SyEyC0ByBtDtCzz0AtGyDyByByDtG0C0E0BtCtGtC0EtA0BtG0FtDzy0FtDyEtA0EtAtAtBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0FyCyByD0BtAyBtG0EzzyDtBtGyEyC0A0AtG0Bzyzy0BtG0A0CyByE0E0F0BtByB0A0DyD2QtN0A0LzuyEtN0D0T0S1P1RzutCyDtCyCtCyCzztAtAyD%26cr%3D1850636103%26a%3Dhdr_s_18_03_mnn_jdnld2_17_49%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome"); -> Replaced (about:home)
    [PUM.SearchEngine][Firefox:Config] el03g9h9.default : user_pref("browser.search.selectedEngine", "YHS"); -> Deleted
    [PUM.SearchEngine][Firefox:Config] el03g9h9.default : user_pref("browser.search.defaultenginename", "YHS"); -> Deleted
    [PUP.Ask|PUP.Gen1|PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://www.trovi.com/?gd=&ctid=CT332...3324E2D&SSPV=] -> Deleted
    [PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://dictionary.reference.com/|htt...hestercc.edu/] -> Deleted

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Samsung SSD 850 EVO 250GB +++++
    --- User ---
    [MBR] 435b5a8b151d3ce0993f2da05d250063
    [BSP] f619c0817a1e7a710f7a618dad6190ef : Empty|VT.Unknown MBR Code
    Partition table:
    0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1000 MB
    1 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2050049 | Size: 260 MB
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2582530 | Size: 128 MB
    3 - Basic data partition | Offset (sectors): 2844675 | Size: 203124 MB
    4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 418844672 | Size: 831 MB
    5 - Basic data partition | Offset (sectors): 420548608 | Size: 32626 MB
    6 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 487368704 | Size: 502 MB
    User = LL1 ... OK
    User = LL2 ... OK

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,750

    Default

    Open Malwarebytes Anti-Malware
    • Right click and select "Run as Administrator"
    • After the installation IS complete let it update if it asks.
    • Under SETTINGS.....APPLICATIONS leave everything at default
    • Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.
    • Then go to the Dashboard and click on SCAN NOW
    • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
      Upon completion of the scan (or after the reboot), click the Reports tab.
      Double-click the Scan Log.
      At the bottom click Export and choose Text file.

      Save the file to your desktop and include its content in your next reply.

      You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here
    • Then click on POST
    • Exit Malwarebytes

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    Emsisoft Emergency Kit - Fix Mode
    Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
    • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
    • Once the extraction is complete, the EEK folder will open. Right-click on start emergency kit scanner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
    • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
    • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
    • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
    • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
    • After the restart, open EEK again (in the C:\EEK folder);
    • This time, click on Logs;
    • From there, go under the Quarantine Log tab, and click on the Export button;
    • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

    Please post these 2 logs when finished.

    Also, tell me how the computer is now.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Junior Member
    Join Date
    Sep 2018
    Posts
    6

    Default

    I don't notice a huge difference yet. I sometimes get high latency spikes but that may just be my connection or internet.
    im just happy getting help to get rid of these malwares.

    Emsisoft Emergency Kit 2018.6.0.8742 stable [en-us]
    OS: Windows 10 (Version 10.0, Build 17134, 64-bit Edition)

    Forensics log

    Date Component Action Details
    9/18/2018 1:59:43 PM User ABCD\KHOA Infection quarantined High risk Malware "Trojan.GenericKD.30364691 (B)" in "Hook.dll".
    9/18/2018 1:59:38 PM Scanner Scan finished Found 1 object , user to decide on further actions.
    9/18/2018 1:55:51 PM Scanner Detection High risk Malware "Trojan.GenericKD.30364691 (B)" in "Hook.dll" (SHA1: 50ea3ce5b5475cd25f49569169b94ac906704ee1)
    9/18/2018 1:54:47 PM User ABCD\khoa Scan started Malware Scan
    9/18/2018 1:33:01 PM Scanner Scan finished Found 1 object , user to decide on further actions.
    9/18/2018 1:23:29 PM Scanner Detection High risk Malware "Trojan.GenericKD.30364691 (B)" in "Hook.dll" (SHA1: 50ea3ce5b5475cd25f49569169b94ac906704ee1)
    9/18/2018 1:21:19 PM User ABCD\khoa Scan started Malware Scan
    9/18/2018 1:21:17 PM User ABCD\khoa Setting modified "Detect PUPs" has been changed to "Enabled".
    9/18/2018 1:20:26 PM User ABCD\khoa Setting modified "Recommended readings & news" has been changed to "Enabled".
    9/18/2018 1:20:25 PM User Update Downloaded and installed 73 files (9543 kb) (26 sec.).
    9/18/2018 1:20:20 PM User ABCD\khoa Setting modified "Recommended readings & news" has been changed to "Disabled".
    9/18/2018 1:19:59 PM Core Notification "Recommended Reading:5 ways to protect yourself against encrypted email attachment malware".
    9/18/2018 1:19:54 PM User Update Failed with error "Server returned error" (0 sec.).

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 18/09/2018
    Scan Time: 12:55
    Log File: 980f6404-bb63-11e8-81ae-f8a963401a36.json
    Administrator: Yes

    -Software Information-
    Version: 3.5.1.2522
    Components Version: 1.0.365
    Update Package Version: 1.0.6893
    Licence: Trial

    -System Information-
    OS: Windows 10 (Build 17134.285)
    CPU: x64
    File System: NTFS
    User: abcd\khoa

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 352428
    Threats Detected: 6
    Threats Quarantined: 4
    Time Elapsed: 3 min, 41 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 6
    PUP.Optional.WinYahoo, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [230], [454803],1.0.6893
    PUP.Optional.WinYahoo, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [230], [454803],1.0.6893
    PUP.Optional.Trovi, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [391], [454808],1.0.6893
    PUP.Optional.Trovi, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Removal Failed, [391], [454808],1.0.6893
    PUP.Optional.WinYahoo, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [230], [454803],1.0.6893
    PUP.Optional.WinYahoo, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Removal Failed, [230], [454803],1.0.6893

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,750

    Default

    Couple of things I'd like for you to do

    reset Google preferences because of Chrome Sync that is enabled, Malwarebytes doesn't really delete the Chrome Secure Preferences file when a detection occurs
    Please follow the below instructions
    https://forums.malwarebytes.com/topi...ys-comes-back/

    ~~~~~~~~~~~~~~~~~~~

    TDSSKiller
    • Download TDSSKiller from BleepingComputer, then move the executable file on your Desktop;
    • Right-click on tdsskiller.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
    • Accept the End User Licence Agreement (EULA) and the KSN Statement;
    • Once the application is done initializing, click on the Change parameters button;
    • In addition to the current checked boxes, check these two as well:
      • Verify file digital signature;
      • Detect TDLFS file system;
    • Once done, click on Ok then click on Start scan;
    • After the scan is complete, click on the Report button, in the top right corner;
    • A report window will open with the scan log. Copy and paste it in your next reply;
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Junior Member
    Join Date
    Sep 2018
    Posts
    6

    Default

    16:14:22.0883 0x2890 TDSS rootkit removing tool 3.1.0.17 Apr 20 2018 12:12:17
    16:14:22.0883 0x2890 UEFI system
    16:14:27.0108 0x2890 ============================================================
    16:14:27.0108 0x2890 Current date / time: 2018/09/20 16:14:27.0108
    16:14:27.0108 0x2890 SystemInfo:
    16:14:27.0108 0x2890
    16:14:27.0108 0x2890 OS Version: 10.0.17134 ServicePack: 0.0
    16:14:27.0108 0x2890 Product type: Workstation
    16:14:27.0109 0x2890 ComputerName: ABCD
    16:14:27.0109 0x2890 UserName: khoa
    16:14:27.0109 0x2890 Windows directory: C:\WINDOWS
    16:14:27.0109 0x2890 System windows directory: C:\WINDOWS
    16:14:27.0109 0x2890 Running under WOW64
    16:14:27.0109 0x2890 Processor architecture: Intel x64
    16:14:27.0109 0x2890 Number of processors: 8
    16:14:27.0109 0x2890 Page size: 0x1000
    16:14:27.0109 0x2890 Boot type: Normal boot
    16:14:27.0109 0x2890 CodeIntegrityOptions = 0x00000001
    16:14:27.0109 0x2890 ============================================================
    16:14:27.0578 0x2890 KLMD registered as C:\WINDOWS\system32\drivers\66669351.sys
    16:14:27.0579 0x2890 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 17134.1, osProperties = 0x19
    16:14:27.0664 0x2890 System UUID: {5DC37226-4CF5-11A9-EA9A-7754C7E7165E}
    16:14:27.0905 0x2890 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    16:14:27.0910 0x2890 ============================================================
    16:14:27.0910 0x2890 \Device\Harddisk0\DR0:
    16:14:27.0910 0x2890 GPT partitions:
    16:14:27.0911 0x2890 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {CB8AF5C9-CF19-11E6-8260-F8A963401A36}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1F4001
    16:14:27.0911 0x2890 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {29FBBAE0-B69C-4B0A-A160-3B37EF8C56CB}, Name: EFI system partition, StartLBA 0x1F4801, BlocksNum 0x82001
    16:14:27.0911 0x2890 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {CB8AF5CB-CF19-11E6-8260-F8A963401A36}, Name: Microsoft reserved partition, StartLBA 0x276802, BlocksNum 0x40001
    16:14:27.0911 0x2890 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {CB8AF5CC-CF19-11E6-8260-F8A963401A36}, Name: Basic data partition, StartLBA 0x2B6803, BlocksNum 0x18CBA29C
    16:14:27.0911 0x2890 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {230D61D9-49B9-4EA5-9681-F7DF37742271}, Name: , StartLBA 0x18F71000, BlocksNum 0x19F800
    16:14:27.0911 0x2890 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {CE3425EE-0B83-41BF-A67E-F74242CF562E}, Name: Basic data partition, StartLBA 0x19111000, BlocksNum 0x3FB9000
    16:14:27.0911 0x2890 \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {DBDFC083-6C0C-4F77-9890-C14BE770BFD3}, Name: , StartLBA 0x1D0CA800, BlocksNum 0xFB000
    16:14:27.0911 0x2890 MBR partitions:
    16:14:27.0911 0x2890 ============================================================
    16:14:27.0912 0x2890 C: <-> \Device\Harddisk0\DR0\Partition4
    16:14:27.0913 0x2890 Z: <-> \Device\Harddisk0\DR0\Partition6
    16:14:27.0913 0x2890 ============================================================
    16:14:27.0914 0x2890 Initialize success
    16:14:27.0914 0x2890 ============================================================
    16:14:53.0483 0x09ac ============================================================
    16:14:53.0483 0x09ac Scan started
    16:14:53.0483 0x09ac Mode: Manual; SigCheck; TDLFS;
    16:14:53.0483 0x09ac ============================================================
    16:14:53.0483 0x09ac KSN ping started
    16:14:53.0738 0x09ac KSN ping finished: true
    16:14:54.0269 0x09ac ================ Scan system memory ========================
    16:14:54.0269 0x09ac System memory - ok
    16:14:54.0270 0x09ac ================ Scan services =============================
    16:14:54.0299 0x09ac [ 4B45A2D37CCE3CC0F161B7C7286081A6, DF4EBAA12E083AE45411AABD3EDE916E2CC6963FBA664861AC9B2351B5E042DC ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
    16:14:54.0359 0x09ac 1394ohci - ok
    16:14:54.0369 0x09ac [ F5E5BA493B7C497F1F769942E2EA4CE2, 4AD54DA24142BCE49FB64CFF2CB28764FAA93827E7DB02925090B68F8C73B1FB ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
    16:14:54.0384 0x09ac 3ware - ok
    16:14:54.0531 0x09ac [ 82C04C901073AD926985BE45912F5487, B992A2C34B0AA72A00C99109C2F2ED78C4D02FCA51304A7D91A8A9C49F038894 ] a2AntiMalware C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    16:14:54.0725 0x09ac a2AntiMalware - ok
    16:14:54.0747 0x09ac [ CA51BB1B81F97E896E116C839B92D9D8, 09F73D8FB93EA524D3C9A9C264F62340560DC7042589597A318626A0A198F91F ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
    16:14:54.0773 0x09ac ACPI - ok
    16:14:54.0777 0x09ac [ 75795E4B19BB3ED8D3C25A17CD15DC30, 22A13064E0B472A0A2258D61A889B73EE3F537DA7796CCE39DF973AFA8FA1567 ] AcpiDev C:\WINDOWS\System32\drivers\AcpiDev.sys
    16:14:54.0793 0x09ac AcpiDev - ok
    16:14:54.0798 0x09ac [ DDA0FC1400A24988A7D3E746AEDF2C0F, 3A703A204FDE46C67017C274CA1F50F591D909EE182A82697E89442D4A5569CE ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
    16:14:54.0813 0x09ac acpiex - ok
    16:14:54.0816 0x09ac [ 1F2EC25DA23D1DF3ADA12FE5A26D321C, B165D72949E43F04312C95BF0FF5C25CFE5CA0CDF43415E01AB2B1550D06C737 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
    16:14:54.0831 0x09ac acpipagr - ok
    16:14:54.0834 0x09ac [ 6AFFD57803BBB6FBCB483F983900A5C4, A3A87984E70C8B47F919D2633E6378F3AACCBF3E74DB3B35BB2E15D036DB36E2 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
    16:14:54.0849 0x09ac AcpiPmi - ok
    16:14:54.0852 0x09ac [ 0FC8673FAFC7D78C1CDC000F892CAC64, 33FB109ABD18FBF4DA5047BAA9FAF63E88D5BA1826442DB02F9130DAD11D15F2 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
    16:14:54.0866 0x09ac acpitime - ok
    16:14:54.0870 0x09ac [ 596048CA2BE9EA0489B352CCE8C0714A, 3F6732982A7DE0451DF04E9FDAD89019009A67E72D998432413B0BC0BF89918C ] ACPIVPC C:\WINDOWS\System32\drivers\AcpiVpc.sys
    16:14:54.0882 0x09ac ACPIVPC - ok
    16:14:54.0898 0x09ac [ 6FCD8763EDDD8F7290663A3D91725423, 238350F608C3F50132C57DE9BB9A6D594FD663D5132FEE932D8A03B099B317AF ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    16:14:54.0916 0x09ac AdobeFlashPlayerUpdateSvc - ok
    16:14:54.0939 0x09ac [ A3D4CF2F3A433BE18CD4AD3E6665DC63, 9D62A7E2DDA15B2E75490CCB9C8E10A41030F496A93631EDED5F1003DF368290 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
    16:14:54.0975 0x09ac ADP80XX - ok
    16:14:54.0990 0x09ac [ 4DCCC3E02A22ED4A4ADB11386F226071, 40BB183049DE3ADCC7A5B1B269620C8534291BB7A956157434C857DE249559EE ] AFD C:\WINDOWS\system32\drivers\afd.sys
    16:14:55.0016 0x09ac AFD - ok
    16:14:55.0020 0x09ac [ F267095A11A461BEF39FB180750BE801, CF90798C46892FF5225155D2C7BCC469A4A631E22919CBEDA2F4FEEF4F05E301 ] afunix C:\WINDOWS\system32\drivers\afunix.sys
    16:14:55.0038 0x09ac afunix - ok
    16:14:55.0045 0x09ac [ 0CD0F0C62414217DE9EA7EC8D425277E, FD211157B85B841D0C94B36776572FADC7425F1B0B49EACC910D3E175208A7EC ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
    16:14:55.0067 0x09ac ahcache - ok
    16:14:55.0071 0x09ac [ 2BF4DA8EC5F1A0D88D2DDE1E6821076B, B9F4D499DB4CB91576ACE4847B96F2FC770B9BCC223B5E2261B2DEC22D7651E7 ] AJRouter C:\WINDOWS\System32\AJRouter.dll
    16:14:55.0088 0x09ac AJRouter - ok
    16:14:55.0093 0x09ac [ 9E9D78D1C179EB2E3E2282A1DC409D93, EA7486B4425A87FDDD60542AAF0812A8DB868F569886B894883702B362A05D2C ] ALG C:\WINDOWS\System32\alg.exe
    16:14:55.0113 0x09ac ALG - ok
    16:14:55.0119 0x09ac [ 6DF48AD26E6285FB137F11328B64A376, 76FF9A753C262065E819E862E7950127472C5E6AB7E97B57977C6DCE6180760A ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
    16:14:55.0139 0x09ac AmdK8 - ok
    16:14:55.0147 0x09ac [ D8804032BCDE4077A6D8D431D12AC6CC, F017A3FEAB2919A9662A9BFEF31AE7B7EC19F1136C9D0DC6C48A415B540A8062 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
    16:14:55.0167 0x09ac AmdPPM - ok
    16:14:55.0171 0x09ac [ A88F5E24B65228FB25F2051B3408A0E4, C124B486839EA15D6806EB51E91EBF99401CD7D226541320A7A4934A8477DCEF ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
    16:14:55.0185 0x09ac amdsata - ok
    16:14:55.0193 0x09ac [ AECD39E51DABC2BF045B2857F02FA2BD, 83E2AC3200B6EA1586E4E0204D81CEAF303D7C9EBE7E5D1273A41A4EC1390E56 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
    16:14:55.0210 0x09ac amdsbs - ok
    16:14:55.0214 0x09ac [ B4CC9943230CAEB05B46CC30C220E141, 013716E6911136EB0916A1D592198DD7953800549DA0C885093D2BA3CC9BA2A7 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
    16:14:55.0227 0x09ac amdxata - ok
    16:14:55.0233 0x09ac [ C3ECF8840E4EAF09A4F2AE0174D6F36A, F810A2158FAA4C6B086259125691E163696C67698BD447FE403E740131815F0B ] AppID C:\WINDOWS\system32\drivers\appid.sys
    16:14:55.0249 0x09ac AppID - ok
    16:14:55.0253 0x09ac [ F1A04835C7FA75C8215961C1095D5EBF, 45D153404E601C0CE247058B78F328DD9F7F4F6A9480132F7CE6D9A7092F63CF ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
    16:14:55.0272 0x09ac AppIDSvc - ok
    16:14:55.0278 0x09ac [ 48EA4B4CCC920D130529A1EF85388B6A, 31F69543682E70DF0A6B2A70FC7553ECEE643C554E7F8FF18A2DD09359360F8E ] Appinfo C:\WINDOWS\System32\appinfo.dll
    16:14:55.0299 0x09ac Appinfo - ok
    16:14:55.0303 0x09ac [ 769316CA5884FBBD02D45C28FE105922, 117168BFB2D8DBF1258EBA53DCE09E74000B35B7B7460251B4C46BDB9CEA709A ] applockerfltr C:\WINDOWS\system32\drivers\applockerfltr.sys
    16:14:55.0319 0x09ac applockerfltr - ok
    16:14:55.0333 0x09ac [ 636575088044E7271088BB8CFA382B45, DCD2CAD626E66AF98D31B9339A4A92FD94E99F335B48649529AC327B7AF52B9A ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
    16:14:55.0367 0x09ac AppReadiness - ok
    16:14:55.0423 0x09ac [ 42DB42E8E93B4610214FF8F1D5602C8F, 8298FC83B6FB0A93DF742250869293EB37F736B4B627DFA3FD594ED38BD786B6 ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
    16:14:55.0532 0x09ac AppXSvc - ok
    16:14:55.0541 0x09ac [ 013E057DF3D13A4462AD912D7732E7E0, 7C89AD5799091D17EAED682058559DBAE882D0E18C347B5AECE7BCCFD0E2D21C ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
    16:14:55.0554 0x09ac arcsas - ok
    16:14:55.0558 0x09ac [ B25ACCD9BE5F5798E9DD8FFB04D7BE4C, 87577AD2E4A47518B8101C67F1025CB3CD2ABBA678774A5926192FCD56EF1350 ] AsyncMac C:\WINDOWS\System32\drivers\asyncmac.sys
    16:14:55.0575 0x09ac AsyncMac - ok
    16:14:55.0578 0x09ac [ 90AB4ED8EBD72A1C096A40CC35404B91, C343466D439552D154BBD1A5F9D391CDD3FA298A712594EA27C3049E3516D1AF ] atapi C:\WINDOWS\system32\drivers\atapi.sys
    16:14:55.0590 0x09ac atapi - ok
    16:14:55.0604 0x09ac [ 49C40F52EB06F9E9C8A14436F97AAEB8, F98E04CD9674C99BA1D1C63177AA81C628D505AED1DE4110500FC33A5C494864 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
    16:14:55.0639 0x09ac AudioEndpointBuilder - ok
    16:14:55.0670 0x09ac [ 50DE2E82D65B6006360660D085E80B8B, C279E90A975D71E193048BA324C99685CFF977A0D3B171B6BDFBDEF7FF7A084B ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
    16:14:55.0732 0x09ac Audiosrv - ok
    16:14:55.0739 0x09ac [ D7BFD86F7A9ABE39351199869D093110, 90BB2C0A8185D3982FEFAC7C1E18783AF949EBECA3B9E44DCF89E2FD5FD6AA0C ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
    16:14:55.0756 0x09ac AxInstSV - ok
    16:14:55.0769 0x09ac [ F10E4C9444A9FC6DCBAB2C42F6999FA1, 4238B6DD49CBADFE2C737AC1B211AE045F458DDF1693EE54608455C1ECE1BCCA ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
    16:14:55.0791 0x09ac b06bdrv - ok
    16:14:55.0795 0x09ac [ 982FAA5686F67BFEF3E6094705C2621F, 02456312B0FD0ABE7B7EEC0FB385268AF34DDB5F13AF934F96FCA7C32EA51447 ] bam C:\WINDOWS\system32\drivers\bam.sys
    16:14:55.0808 0x09ac bam - ok
    16:14:55.0812 0x09ac [ FA4973E379E872C61D0CF4E39F807833, 3320FAB0CF16BB1ABBBA222CC31D20B5AC7A4259DE4323B109A8F2FECC28C8A4 ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
    16:14:55.0827 0x09ac BasicDisplay - ok
    16:14:55.0831 0x09ac [ F024B80EA0076A318598DAB795F9C3D0, 6225A5FCD2B750A0E4FFFCCB1CDF49BAA7809A4B4AD7AB625A585CF4971CDE25 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
    16:14:55.0846 0x09ac BasicRender - ok
    16:14:55.0871 0x09ac [ 4EFC6A0587B2CF74EE4F91380EE6A123, DC4E0EED62F0369ABF8B5FF09DE070A6AF8A682705C10FC3321C09E1F53EB83B ] BcastDVRUserService C:\WINDOWS\System32\BcastDVRUserService.dll
    16:14:55.0925 0x09ac BcastDVRUserService - ok
    16:14:55.0931 0x09ac [ 739D089777D2B66DBE7201E5EA4BA2D7, 9AD12E18A042C5B8EFB19297BC2E7BD1FEF75A138FEFB64C6BF0261FD3E53AB1 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
    16:14:55.0946 0x09ac bcmfn2 - ok
    16:14:55.0956 0x09ac [ 255D1EA1F4EDA1B7B28A88581F12A1CE, 5B2D7F2EFA7BB539719890CF2E45568C544DD0EECEC44BBA56CCECB792E8BC44 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
    16:14:55.0982 0x09ac BDESVC - ok
    16:14:55.0985 0x09ac [ 9B068DF7B7B3DDF768D06DFD69B49FD0, DC2CD3A70506AEB1BCEB207A9B06657806E72C5432FA605FF9C6F11516F38132 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    16:14:56.0002 0x09ac Beep - ok
    16:14:56.0018 0x09ac [ 0B9B6D7A2F31FBD63301D19B1B08238E, 7EF63C87FB2B9E0971B633BC86F99B12F8BBE188D53E0B105E44766A0657A67E ] BFE C:\WINDOWS\System32\bfe.dll
    16:14:56.0053 0x09ac BFE - ok
    16:14:56.0058 0x09ac [ BC1E5F20251E0AFDB955E7D91093B619, 5642E6B6CA6DBC8585834790A70CFF54252A631A9EA06D28F28EF7430FA42BE5 ] bindflt C:\WINDOWS\system32\drivers\bindflt.sys
    16:14:56.0072 0x09ac bindflt - ok
    16:14:56.0097 0x09ac [ 97F4C0B9741E06BAC6AD2D93ABCEAED8, 25FD58F4BA2F8EC99241A580352D1EC49924829C61D89353B30CCEEE2CEBADE7 ] BITS C:\WINDOWS\System32\qmgr.dll
    16:14:56.0155 0x09ac BITS - ok
    16:14:56.0167 0x09ac [ 30D75769E23CCFBE13DB41FC54243BB1, 4ED018F1DB103D3F354D8EF7DFE797028DBDF22294D355F6D38DF9C6AF61B69E ] BluetoothUserService C:\WINDOWS\System32\Microsoft.Bluetooth.UserService.dll
    16:14:56.0197 0x09ac BluetoothUserService - ok
    16:14:56.0209 0x09ac [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
    16:14:56.0226 0x09ac Bonjour Service - ok
    16:14:56.0231 0x09ac [ 85B874696CC64AFE22DEAD2B87498621, 7832A2CB92BB743C4EA855A2BC1AB2E129FFA723D71E98C2A81E7A4267F25A99 ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
    16:14:56.0249 0x09ac bowser - ok
    16:14:56.0265 0x09ac [ 0E1A0E81EF4B33FFDE8EDA46EE38F0D4, F92E7FC14264F58EF79A10025D8375B7455A339B556AEE72A32FFE29278FAF23 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
    16:14:56.0304 0x09ac BrokerInfrastructure - ok
    16:14:56.0310 0x09ac [ 3E4BF0145201239E0BBD0A937431C14C, 1DDC27C89B16ADD9346EB30AA9E17330FE0181BE96DC6F06C455493FBDCB1113 ] Browser C:\WINDOWS\System32\browser.dll
    16:14:56.0329 0x09ac Browser - ok
    16:14:56.0340 0x09ac [ 85F5808D19879E1803E46405090F29C8, E22E73BCE3B76BFBAC712DF1E5D7D38E189B80D1CE6E9A9AB3C94733CF18F04B ] BTAGService C:\WINDOWS\System32\BTAGService.dll
    16:14:56.0371 0x09ac BTAGService - ok
    16:14:56.0383 0x09ac [ 063E91CD2CB1C372459FD6FBC02509E7, 29319290F73D8D87323584D938FBC86400AB37455E7E058A543A77F9BBF4579D ] BthAvctpSvc C:\WINDOWS\System32\BthAvctpSvc.dll
    16:14:56.0410 0x09ac BthAvctpSvc - ok
    16:14:56.0414 0x09ac [ 02FEC31842DD153D966AC227B6DDF8BB, 90EEEA049212E5FE8EFA2ACED45DFB6ABAFEA6D40FB4E1E2681F65A417237163 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
    16:14:56.0434 0x09ac BthHFEnum - ok
    16:14:56.0438 0x09ac [ A0EC1D5C937995A2C5F1179538A8A6B4, CBFBDF2D8305BD72FFF64AAAB31EB5D5B8ADE537C35AC63DC3F6ADCBF96B3659 ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
    16:14:56.0455 0x09ac BTHMODEM - ok
    16:14:56.0476 0x09ac [ 13886C871293423C2DBADA5082C72977, 15B5B1994BDE83C43C02F77B34A921F6C492DFBE653C7189B63B3786796BEE6B ] BTHPORT C:\WINDOWS\System32\drivers\BTHport.sys
    16:14:56.0519 0x09ac BTHPORT - ok
    16:14:56.0526 0x09ac [ 1EB49C9E2716D4924460B2FAA295E313, B96D39479BFD2ABCD3A3BB8897EAD7C5A03DFFD7266E82A1FBA0E7FEAF73E4B8 ] bthserv C:\WINDOWS\system32\bthserv.dll
    16:14:56.0547 0x09ac bthserv - ok
    16:14:56.0552 0x09ac [ 0D5ECDF2601312025811F6AC413F851A, B7E99CF02C6B511BD643E7F8BB59E983D8B65073D9B55ED44457EDC2BBBBC419 ] BTHUSB C:\WINDOWS\System32\drivers\BTHUSB.sys
    16:14:56.0569 0x09ac BTHUSB - ok
    16:14:56.0573 0x09ac [ E3786BEBB7E4003DE324A18069DDA081, 4DDA70CCB011D74811BA51686E6ED9A404EBE549AE6B3CE0DDBCB83D09E8AABA ] bttflt C:\WINDOWS\system32\drivers\bttflt.sys
    16:14:56.0585 0x09ac bttflt - ok
    16:14:56.0588 0x09ac [ 03C13BB635635B9152DBF49AA07B728C, F6141576EB54EFE5E329762EC548C7D256EFB57C42A46BB3426B779413F0C975 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
    16:14:56.0605 0x09ac buttonconverter - ok
    16:14:56.0609 0x09ac [ 9983FF8D9834F2E67787F4BDC42A8E36, 85260F4A657D657ACD394339DFDDE814AD6BCA65712EAD943833BE7AB0937C8D ] CAD C:\WINDOWS\System32\drivers\CAD.sys
    16:14:56.0621 0x09ac CAD - ok
    16:14:56.0629 0x09ac [ B405F59CF690653105600F85C9B576B9, BEB313DF7D343B2A421EF76E908FCDB64C62AB2ABB7A3188F48A6CACA9644D97 ] camsvc C:\WINDOWS\system32\CapabilityAccessManager.dll
    16:14:56.0650 0x09ac camsvc - ok
    16:14:56.0655 0x09ac [ 407B33DE151A3DFCF564AC4270E44B1D, 8B1419FEDDCEF9F9F239B4C1A629F4F2748FC09CF3E38CA01D8D6D1D32252346 ] CapImg C:\WINDOWS\System32\drivers\capimg.sys
    16:14:56.0671 0x09ac CapImg - ok
    16:14:56.0676 0x09ac [ D3CBC6DE5955D014407C7BD1FFE80F00, 9D185AED383FCBF16EE63192452DE888D8485D7BD9C0257BF92A68C42120A1B8 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
    16:14:56.0695 0x09ac cdfs - ok
    16:14:56.0708 0x09ac [ 0942C87ED45B1E227032AD154105F79B, A0A40589B9C399061C1C46247609CA514DCD21DDF1E7FCEE19F0CE75D0FC7996 ] CDPSvc C:\WINDOWS\System32\CDPSvc.dll
    16:14:56.0742 0x09ac CDPSvc - ok
    16:14:56.0752 0x09ac [ 9FBF5849A6F51E3B3F8AF2A4171648DA, 7422BC5C87075F5008E6364C8AFAA794AB17CA2DC238DC00F377B942B6FCDC11 ] CDPUserSvc C:\WINDOWS\System32\CDPUserSvc.dll
    16:14:56.0780 0x09ac CDPUserSvc - ok
    16:14:56.0787 0x09ac [ 6834DBBA2A1DBA5B9B6360D0B9A3CBB5, 637331058347D94FBDEE0D47E56723C98BDBBE8E044A225CCE7B3592AA562021 ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
    16:14:56.0820 0x09ac cdrom - ok
    16:14:56.0828 0x09ac [ 620E4F2FDD04FFB70702676423F1C2AC, 25A19FFA966605C229F5BFBCBBBEE36695FC673C7814CF13E79EE4A9B3D8CBE2 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
    16:14:56.0851 0x09ac CertPropSvc - ok
    16:14:56.0860 0x09ac [ 4A08B239F92B319AD31E3916D27AD4B9, 948772689F14090E9E096CF7423CE5D994E3F9964775AD5B2F78C37A987EE980 ] cht4iscsi C:\WINDOWS\system32\drivers\cht4sx64.sys
    16:14:56.0879 0x09ac cht4iscsi - ok
    16:14:56.0910 0x09ac [ C8EA9376E4D284F9DF24B27AC6E3AB85, DAD3B00A37797E7C80E0C359BA735B65BBBE5DC25480910737D86D2711A6FF8C ] cht4vbd C:\WINDOWS\System32\drivers\cht4vx64.sys
    16:14:56.0962 0x09ac cht4vbd - ok
    16:14:56.0968 0x09ac [ 3AA86DA04A561E8162C2DBBF92D12074, 9CB67299BEC25F2B357DDAA5A36B3464193B8BDAB4DCFAE0CD4315911027E409 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
    16:14:56.0983 0x09ac circlass - ok
    16:14:56.0993 0x09ac [ 4C9CDDE070A9A005CC11CF17483720A4, F2F95125A52B13F34A9DC5473CEF777D6D85C4D810FA0102553EBF72560F6CAA ] CldFlt C:\WINDOWS\system32\drivers\cldflt.sys
    16:14:57.0020 0x09ac CldFlt - ok
    16:14:57.0030 0x09ac [ DB26170CF6555B9AFF76CFA067ABCF90, A066E89267783A5E54A36D1CF193916218BE2E1D177F0ACA82E2B86211629806 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
    16:14:57.0050 0x09ac CLFS - ok
    16:14:57.0069 0x09ac [ 5BD85187D6A6A37D2A4563F33D7A76E4, 6FF434BE93259229E0EA64EC1B6E09B1B814C2A467FC2859B94C79549E2F114C ] ClipSVC C:\WINDOWS\System32\ClipSVC.dll
    16:14:57.0104 0x09ac ClipSVC - ok
    16:14:57.0113 0x09ac [ 66CBF6F8FE6F436B315D7FEAF5D2BB40, 0F6AE6412EF73C74EF0EB1866E8CD85AACE4373D5C24F3D0121F5A7420E5A03B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
    16:14:57.0128 0x09ac CmBatt - ok
    16:14:57.0143 0x09ac [ F41CC720F267B6C1CF53A0F4898A4671, 25656D92E8D5C6D4A97C9BE38653F7E09D4DE5724775F881E9320023F324EDBC ] CNG C:\WINDOWS\system32\Drivers\cng.sys
    16:14:57.0170 0x09ac CNG - ok
    16:14:57.0174 0x09ac [ 037DCC7A71938729CB12E8174E03031C, 1BA2F74F639BF8D5BB38AA658A6D847BAE8D85CF72C4AD5F13BBA1D53145789F ] cnghwassist C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
    16:14:57.0186 0x09ac cnghwassist - ok
    16:14:57.0203 0x09ac [ E40C99A3E0FFF49687F2187BF3E3050D, 30723EC5767C3F6FAA3CF299440B71B5973F890FB54B9737B96FA0359E7D90FA ] CompositeBus C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_bcb89b3386563bd7\CompositeBus.sys
    16:14:57.0218 0x09ac CompositeBus - ok
    16:14:57.0220 0x09ac COMSysApp - ok
    16:14:57.0226 0x09ac [ 3799A9DFB162D9AAD6AC12CB8185FD19, 942F2777049166EC43F93177F0084EA08B06CE9107AF55337124FE25CCB158C4 ] condrv C:\WINDOWS\system32\drivers\condrv.sys
    16:14:57.0239 0x09ac condrv - ok
    16:14:57.0257 0x09ac [ 07DA5C92EE9781158A07FC28AF83EE1A, BEBBB489C62DCEF6D068A7D87D6F6C8C12E9FA5E4B086FAAFE210CAC9AFC84C9 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
    16:14:57.0286 0x09ac CoreMessagingRegistrar - ok
    16:14:57.0305 0x09ac [ C17E6193CF8FBB50626C4995E9FE4F29, BBCA75600CFB22CB4B74B29EF70828C0E25F9DF4BEDA19B39042A33C29EAD73F ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
    16:14:57.0329 0x09ac cphs - ok
    16:14:57.0338 0x09ac [ 6C6073B45D65887A6035F1A8D073274A, F002B25E05D0894CD12BA3D046E11D4AD6F0BCE8796618B0EE54851223A65C15 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
    16:14:57.0360 0x09ac CryptSvc - ok
    16:14:57.0364 0x09ac [ 8711386E9B04357F8F58166760759F3A, 8912CFD220645002C9D3F9E49717D8B0B98704380B45F53D45D5674537B496FF ] dam C:\WINDOWS\system32\drivers\dam.sys
    16:14:57.0378 0x09ac dam - ok
    16:14:57.0385 0x09ac [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdate C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    16:14:57.0397 0x09ac dbupdate - ok
    16:14:57.0401 0x09ac [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdatem C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    16:14:57.0413 0x09ac dbupdatem - ok
    16:14:57.0417 0x09ac [ 8A6F51A5349EAF68AB2389C8F6E7D12F, 5ABFC27B422591EEB59CA0B7B27FDB2B920AF422508A1C75EB0BFE3B57B9F95E ] DbxSvc C:\WINDOWS\system32\DbxSvc.exe
    16:14:57.0427 0x09ac DbxSvc - ok
    16:14:57.0450 0x09ac [ 107661923943E9DC06ED2713AC5F7753, 2B311E9BD635F1CEB222EF798C5523447AAF63E2331377804884572D7512F299 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    16:14:57.0499 0x09ac DcomLaunch - ok
    16:14:57.0512 0x09ac [ 94FC38FADA032862E579044C123C0D58, C4A7DF6EE20BE3F2784FE66AF37AC01D0DBBD8A6C15BF03A6AC78CA9D2403F3D ] defragsvc C:\WINDOWS\System32\defragsvc.dll
    16:14:57.0541 0x09ac defragsvc - ok
    16:14:57.0552 0x09ac [ 8DF502E8116C625387DD789936D7A0C2, D42661E068F401199FAEA012C200EEF02C1409A09DACD30E6B08E3FBE4149BFA ] DeviceAssociationService C:\WINDOWS\system32\das.dll
    16:14:57.0582 0x09ac DeviceAssociationService - ok
    16:14:57.0587 0x09ac [ DBD6E8A5C358AAA3B4900EFD5CF94CC8, C8261CBE358562B3F31ADA0567723E0118A8687DFC8939FABC65E61C38BFE20B ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
    16:14:57.0610 0x09ac DeviceInstall - ok
    16:14:57.0620 0x09ac [ 38D6ED38A46F815C24C5656E8A5AB083, 730DD6D85771A60E5C089BF5D810E3AEA335BF7DD14FD72924A1A4FCF021A59D ] DevicePickerUserSvc C:\WINDOWS\System32\Windows.Devices.Picker.dll
    16:14:57.0650 0x09ac DevicePickerUserSvc - ok
    16:14:57.0667 0x09ac [ 372BD821867225F32DE87A6B3FEC8A2E, 20389A1861B5A451EE3383F68FC59B3C9A75D3123B2DF1669CBB5CC37A0128B0 ] DevicesFlowUserSvc C:\WINDOWS\System32\DevicesFlowBroker.dll
    16:14:57.0707 0x09ac DevicesFlowUserSvc - ok
    16:14:57.0713 0x09ac [ C48C4D6B8D9C53F0399DEDA402A6FAE5, 25FBE2A51DCF7DB95AD2707502F8A9661B94FC61DFC405DA5BF23BED1BA123D2 ] DevQueryBroker C:\WINDOWS\system32\DevQueryBroker.dll
    16:14:57.0731 0x09ac DevQueryBroker - ok
    16:14:57.0737 0x09ac [ 8A1C10410FDA4287A76EC5A64371E221, 66CE271DDAD9CD82D2DF220247D91CCB906FA4B5508ABE0DC4A56D1C0C008BCA ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
    16:14:57.0756 0x09ac Dfsc - ok
    16:14:57.0761 0x09ac [ 9593475FBC857A05D93BFF4FA7323C2B, D2A958AF5EFDC6136A6ABB7F8D5FE1F84C967E79BEA96C5BE3661A0145DEB907 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
    16:14:57.0773 0x09ac dg_ssudbus - ok
    16:14:57.0783 0x09ac [ A25AA328816454FA5CCD054343CADAFC, BA2524E443213DF65DF923C58D5C6A99681F102917C1AFD94B31196F4838DB8A ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
    16:14:57.0808 0x09ac Dhcp - ok
    16:14:57.0814 0x09ac [ 1A468A999C05ACA23C8F5A52C996AEDA, 84A4FF952516CB2F3A40378D530710E00AF9161A736A8F3877E2F66BDDE32BEE ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    16:14:57.0831 0x09ac diagnosticshub.standardcollector.service - ok
    16:14:57.0838 0x09ac [ 6EC6BB6EF31C85FD72D14BE4A1BD1B03, E027124AD492ED22F0D604030CB0E2C3778331879FC73A614644FA8C8606ADD3 ] diagsvc C:\WINDOWS\system32\DiagSvc.dll
    16:14:57.0861 0x09ac diagsvc - ok
    16:14:57.0911 0x09ac [ E74FCFD1499A4F816A99D35E297CCE63, 9C6D75200A8D0932CA77F68D78F11B89B0A45441ABB1662BE69567FE13138D19 ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
    16:14:58.0009 0x09ac DiagTrack - ok
    16:14:58.0016 0x09ac [ A79FCB89805FA9EA9F48B671A4591D4E, 13CA8B9CB35DF9F8EFFF8E6ECC0F65E4F179FA9BEF4B68F3382CA4A6BF14FA54 ] Disk C:\WINDOWS\system32\drivers\disk.sys
    16:14:58.0029 0x09ac Disk - ok
    16:14:58.0047 0x09ac [ EAA267FAABDBE6194985DC6A0AC96664, 604908384B503AD7E14F15776C1B3DC58A278149145C2811B5B5300EA597A50C ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
    16:14:58.0086 0x09ac DmEnrollmentSvc - ok
    16:14:58.0090 0x09ac [ F69D7A5D7EDEE16B85F08040836FB09C, 944730FA6CA6ED0ECA85848A2F00EE1E647F7DD4CC37E557A812ECE8A92B3999 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
    16:14:58.0107 0x09ac dmvsc - ok
    16:14:58.0110 0x09ac [ 8B3601E34BD1D693598F968D70361C37, 897C5AEB5ED6AC9DAB2E8E638A42FF588AF3A94EE4C731E97DFAB89BD3B658BC ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
    16:14:58.0129 0x09ac dmwappushservice - ok
    16:14:58.0137 0x09ac [ E65844BC31FE3687A745C2E48C845CBC, 826845A9FC00E4D68CDE5FA5C293DF6D41DB0E8D15B43647A1335F0A79AFD4D6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    16:14:58.0161 0x09ac Dnscache - ok
    16:14:58.0170 0x09ac [ C79E79CD4DE45EC0EC0ECB5C76D6CB11, C1AFCA79A104EDF5C59C3E6A113467C7F73E84AACEDE97A22BCBA5B25563E163 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
    16:14:58.0193 0x09ac dot3svc - ok
    16:14:58.0199 0x09ac [ 5B1EF28DE7302A6BD5DF8459E2C598EF, F2292B8ED8FBFFA681942D5566BF1932D1E9B4F44C2D13329B60E5A8B9386CC9 ] DPS C:\WINDOWS\system32\dps.dll
    16:14:58.0219 0x09ac DPS - ok
    16:14:58.0223 0x09ac [ AD1BEFBF96C0273925EDC9282557D984, E23B1B043E9EE25054DCEFB10C1C69009DCB1E12675DAE60B00A646735B03D99 ] drmkaud C:\WINDOWS\System32\drivers\drmkaud.sys
    16:14:58.0234 0x09ac drmkaud - ok
    16:14:58.0241 0x09ac [ E7D1636EEA6F9A941573CA426F214054, 7730C82E808C80BAFB59A6AD140B11C2269A62F2396783CB063E58D8EA624BDD ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
    16:14:58.0261 0x09ac DsmSvc - ok
    16:14:58.0267 0x09ac [ 4323DDFF8CB51FD74B241810CFA6CDBB, D9CDE22055C6D139DC3E21C3D92112704426D60F5EF83E3E338B68D885BD3D30 ] DsSvc C:\WINDOWS\System32\DsSvc.dll
    16:14:58.0286 0x09ac DsSvc - ok
    16:14:58.0295 0x09ac [ 974BC06C0EC847EA4DC8D9002D394FEB, 4952FEADD7A3EF541FD537EBBCD56ED573D712755798C42428E78267E50BAB34 ] DusmSvc C:\WINDOWS\System32\dusmsvc.dll
    16:14:58.0322 0x09ac DusmSvc - ok
    16:14:58.0370 0x09ac [ 8EC28D640F768EBFA543E1C87BF4D93B, 1C39C57D0ECA7E866B8ED942EDCA7C83081A37AF86A7DA1B882B4B531A7A58C7 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
    16:14:58.0440 0x09ac DXGKrnl - ok
    16:14:58.0447 0x09ac [ 7E9A1608894297B133AF5EE18E404208, 9E2E4B4F6133375DB8E490337594BEFB86BA964223FB272A23ADD02FA8065253 ] Eaphost C:\WINDOWS\System32\eapsvc.dll
    16:14:58.0467 0x09ac Eaphost - ok
    16:14:58.0470 0x09ac EasyAntiCheat - ok
    16:14:58.0528 0x09ac [ 75CA88887850A74DDAAAF92500B6D9B9, 1C413719D0E659E20C66B0762B2FC708E55536961A1D9F21906ADBE9CF431489 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
    16:14:58.0610 0x09ac ebdrv - ok
    16:14:58.0617 0x09ac [ 317340CD278A374BCEF6A30194557227, 593DA57CDD02F4CC3A5125CE5707C222DD922F2936D16492BA21AC6C345EC6B0 ] EFS C:\WINDOWS\System32\lsass.exe
    16:14:58.0631 0x09ac EFS - ok
    16:14:58.0635 0x09ac [ 7E838D857FC55535710C316441459C38, C4673014D3ED3E68E02DB5BE6DB53E45B1E4A3CE2B04B15BFD507AF703A60134 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
    16:14:58.0648 0x09ac EhStorClass - ok
    16:14:58.0653 0x09ac [ 49023DD6F646B8C70AE1C105415F3E2B, 16EC2920A2CB71C17BFA7A0E22EDAE1C0E7004C986BEBCA9435F6FDB5D8E64CF ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
    16:14:58.0667 0x09ac EhStorTcgDrv - ok
    16:14:58.0672 0x09ac [ 80D5BD4804C587B21A121566549A63FB, 9BDC1DEB8805E06851F2E2A8B8762265FDC6B12B873D391BFCB8300BDF425B36 ] embeddedmode C:\WINDOWS\System32\embeddedmodesvc.dll
    16:14:58.0693 0x09ac embeddedmode - ok
    16:14:58.0701 0x09ac [ 8BDB4EB138A93B9C4242D5ADC068899A, 528C0D16CE5D9A69EA75C43DC53D14F7BD2D8BB0B0B0F32BB1F36AC6659C6A27 ] EntAppSvc C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
    16:14:58.0725 0x09ac EntAppSvc - ok
    16:14:58.0732 0x09ac [ 6700D4CC19FBC29D5C225C6E7032D2FD, 05A58B54DE6799CA7F749B62A89AA2AB0B8E501CAE02FF9372DDC20C3A4C6690 ] epp C:\Program Files\Emsisoft Anti-Malware\epp.sys
    16:14:58.0745 0x09ac epp - ok
    16:14:58.0749 0x09ac [ 5F3BDD9B9535D71D2C01C33695F9FF1A, 588ACEF4773857FE8F3E621D0DB4E5F9E2220C2001F17630177845A4F112AFB9 ] eppdisk C:\WINDOWS\system32\drivers\eppdisk.sys
    16:14:58.0761 0x09ac eppdisk - ok
    16:14:58.0764 0x09ac [ 1DF19D7A941CB06F8EADF89FA0BF59AD, 0A8891AD73AF277B764FA5CF163E6BC29DFFA0E35388A941AE27E001289C0A4A ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
    16:14:58.0779 0x09ac ErrDev - ok
    16:14:58.0786 0x09ac [ 082F9D1ADB6DF9E5DB30EB52A34FCF0A, DC62F2E7D81B4D3C266855A64A575563A31D894B19F23E841B6C8A552FAF81CC ] ESProtectionDriver C:\WINDOWS\system32\drivers\mbae64.sys
    16:14:58.0798 0x09ac ESProtectionDriver - ok
    16:14:58.0811 0x09ac [ 6BD85B39B7B23F03B24CF641ED29147B, 850F21750BB39E5239B1584E1117844CAAAF6A5C58E79366552309F917675CE5 ] ETD C:\WINDOWS\system32\DRIVERS\ETD.sys
    16:14:58.0830 0x09ac ETD - ok
    16:14:58.0835 0x09ac [ 8916EACF1256E1C5A3AF81FD39C747E7, FF28FB95E9F9287C1005CF0D9EB84F7CA3D137689862860C9848398504E1EFFF ] ETDService C:\Program Files\Elantech\ETDService.exe
    16:14:58.0847 0x09ac ETDService - ok
    16:14:58.0851 0x09ac [ 55B118414B7E0C6AE26A268438CF9A27, 33EFE2965EC297AEA8EB3B7B01BE6CACB062B7CD1DC9404E6661170CCB408325 ] ETDSMBus C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys
    16:14:58.0862 0x09ac ETDSMBus - ok
    16:14:58.0875 0x09ac [ 9B538A1E44E1D61FA80E80EA75A085FA, 6431BBC533895BD466879C407B9BE7EB50345D666FEE69CAB0813283F07DBE82 ] EventSystem C:\WINDOWS\system32\es.dll
    16:14:58.0903 0x09ac EventSystem - ok
    16:14:58.0907 0x09ac [ A0539478593A00AA64E600CF7E19F195, BD835D70F3EE9BFEFFABE747AD65BC97C73AD8042F653BF93535277FB0CBD4CE ] EvolveVirtualAdapter C:\WINDOWS\System32\drivers\evolve.sys
    16:14:58.0917 0x09ac EvolveVirtualAdapter - ok
    16:14:58.0926 0x09ac [ D31158A3876110ABAC5E479B49661140, 174147E19D04CF08D2CF8250D0F71702E901263BB3CA62F821E8DCCA5D99CC0F ] exfat C:\WINDOWS\system32\drivers\exfat.sys
    16:14:58.0951 0x09ac exfat - ok
    16:14:58.0961 0x09ac [ F1FBBADF0D7F4B6D56E3202C987BA525, 408FB3085A905EA22BE535CE9CFA3E218BC4CB489F8CC496A91E17402034E02F ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
    16:14:58.0980 0x09ac fastfat - ok
    16:14:58.0994 0x09ac [ BBD6407DA3DA4FC718710587E253C7BF, 8C9995A86EF9FC1FB47ADA1367A67A9829E0E3CE191D11E0AFB0F85E325D48DC ] Fax C:\WINDOWS\system32\fxssvc.exe
    16:14:59.0028 0x09ac Fax - ok
    16:14:59.0032 0x09ac [ 6701B9973DE98578A491721B4BDE0926, 48D07092E6B44CAA529559DF620BDAA4DFCC16430DBA8178B461E556AC526DE1 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
    16:14:59.0048 0x09ac fdc - ok
    16:14:59.0052 0x09ac [ A2037943CCC079307A383C5543607CEF, 2FAC5F76526A8E4D7D7FAE80F9A0AF31D37DD12FF597769C87912B973C339BF4 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
    16:14:59.0068 0x09ac fdPHost - ok
    16:14:59.0072 0x09ac [ C11A1A9CF331B7AA2F04974EE262EC07, AA1C79FCCDEC3C7236B7BE73E6888D7DD5642EB16E13B4633C98EE34CB72A644 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
    16:14:59.0090 0x09ac FDResPub - ok
    16:14:59.0094 0x09ac [ 71CECDA2DCF81E0AD8C30440C77966E2, E26313CD895579A9F3380A648E6FC271EFED0E82C0FCFB287049C5C2D0CC35A9 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
    16:14:59.0113 0x09ac fhsvc - ok
    16:14:59.0117 0x09ac [ 9BC7FE262AF52B341048234809AA7D91, DF95BBEB59821357C69797AC659380C9F27C11B8A60A599C9A2C5623B7CBB6DB ] FileCrypt C:\WINDOWS\system32\drivers\filecrypt.sys
    16:14:59.0132 0x09ac FileCrypt - ok
    16:14:59.0136 0x09ac [ A0AF205465482EE0FC6261782629566B, E0C0E9EB327F4DEEDF3E32EB5573A74436829078331A8EA1B795438892EE81B8 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
    16:14:59.0149 0x09ac FileInfo - ok
    16:14:59.0153 0x09ac [ 01D83D284E6B37902DB3C4D4DB0649E0, 4376F872575013DE87CA8173FABAD367FFF907086864C106A4C82933EF9DA308 ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
    16:14:59.0170 0x09ac Filetrace - ok
    16:14:59.0174 0x09ac [ CE9CB1DB00B5007ABFFF0717E748E919, 314E1FA6B0CD9416894EED93ADF3DCB273FF37F6E56EF64C9E7B55E174EB3226 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
    16:14:59.0188 0x09ac flpydisk - ok
    16:14:59.0197 0x09ac [ C5374BA2CAE89DE7269EC61A969EF5D5, 520D7A4C50A9FFF308599C6EADDCADD3D9E398718786D82F02F7EE5C30E7D6A2 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    16:14:59.0217 0x09ac FltMgr - ok
    16:14:59.0252 0x09ac [ 8F528FD267C55ABE2A156C5F6EA6B867, 540A852F250783553E042FC31D3F2D695DADA4777FF31F1BA8B60E3407333277 ] FontCache C:\WINDOWS\system32\FntCache.dll
    16:14:59.0322 0x09ac FontCache - ok
    16:14:59.0328 0x09ac [ CE9456F925ADA70ED5A4158F103F9A26, 89753CCCB2E8B1553F077B8F13C63FBEC2EABE7093A6B847477542483347C827 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    16:14:59.0341 0x09ac FontCache3.0.0.0 - ok
    16:14:59.0355 0x09ac [ B6BC6E6731FB1E02F0B3C73A87E1C35E, D9CA56006C1D995568A557E53DCCD7802D152CADE535BDB5DBBFC66F3F2EE236 ] FrameServer C:\WINDOWS\system32\FrameServer.dll
    16:14:59.0388 0x09ac FrameServer - ok
    16:14:59.0393 0x09ac [ 835F9C7193B6F9A796DE76897DC56968, 62D6CF40CD6B798E79FF3274DB156DAB17724EDEEC85F6602F3C0EDCDD2DBA11 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
    16:14:59.0406 0x09ac FsDepends - ok
    16:14:59.0410 0x09ac [ A01BA0506E07F316483E99D7AD9B6E75, B2CFB3AAE0E49C539C743A7F416CFC0DE2E0CFC2D5AE685F8B1BECBDB95C4308 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    16:14:59.0421 0x09ac Fs_Rec - ok
    16:14:59.0436 0x09ac [ F00AA662A862BA1B5B0BB9FBDFAE2DFC, 1DBEA358E58370C1BD8D5797382FD22A19E92BA171AB70868359CF921F324CA7 ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
    16:14:59.0464 0x09ac fvevol - ok
    16:14:59.0482 0x09ac [ 2613F0B09453BDC460A9ABE869987EFF, C10F7D69A6903739FFF0D5DB2903ECAD95CAAE7F3B81E83CA2ACAA967EE141D7 ] GalaxyClientService C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe
    16:14:59.0505 0x09ac GalaxyClientService - ok
    16:14:59.0645 0x09ac [ B9DD53CE9862D7AD9A972F9E951780B3, 65758A21CDEF24ECE09351B14A4F5E437B41B3EDB6BA3F94DD52E60E6ADDD9EE ] GalaxyCommunication C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
    16:14:59.0816 0x09ac GalaxyCommunication - ok
    16:14:59.0828 0x09ac [ 71DBED7FB264DB60341BC796EC2E8135, DBD29794A45AEFB16A5765D03962B311CB061D1EB8A281C5F34DABF39C66A3B2 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
    16:14:59.0843 0x09ac gencounter - ok
    16:14:59.0847 0x09ac [ EA5EE5EF9765A9157B346DF671952F18, FD0A8DBA6EA3E47D454B877CEC74B7B6BEC8B7A98BE37E9E1110D867009D9EA1 ] genericusbfn C:\WINDOWS\System32\drivers\genericusbfn.sys
    16:14:59.0863 0x09ac genericusbfn - ok
    16:14:59.0869 0x09ac [ 6BE6550F1A32796A11EBC58BBC72C44D, 99DC4058EC1B3BF316F1470BF1208F0A2FC72A508BCC9E7548D91BB0FF04376A ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
    16:14:59.0884 0x09ac GPIOClx0101 - ok
    16:14:59.0909 0x09ac [ 3FC2377994D9D63FC128B6C48B22B68F, B47D6BE6FF596A23BBDB7261B1CA9CA67CD138CBF89AEA7A68882E62C0087561 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
    16:14:59.0960 0x09ac gpsvc - ok
    16:14:59.0964 0x09ac [ 508614CAC7BF8AEE4FB9002A413919B1, F60DE0236B0453FC99473A09A7FAC1140831E581C08F3F5C440F5EFCD30943AB ] GpuEnergyDrv C:\WINDOWS\system32\drivers\gpuenergydrv.sys
    16:14:59.0980 0x09ac GpuEnergyDrv - ok
    16:14:59.0985 0x09ac [ 248739BB0F3A1156A2C0AF51F39A9EA2, A94C43658BCCC88C2D229F40F5C03CA5839A2EAFD57CA088E3E85EB9264CCA3E ] GraphicsPerfSvc C:\WINDOWS\System32\GraphicsPerfSvc.dll
    16:15:00.0004 0x09ac GraphicsPerfSvc - ok
    16:15:00.0008 0x09ac [ DED74127C7A2266715C0B8EA2EE75214, 999507BECB4BAAC61317D98311962D446844CAC6271BFFE181F6CD6DFE221465 ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
    16:15:00.0024 0x09ac HDAudBus - ok
    16:15:00.0028 0x09ac [ 95888B85956AF97320D1F5C354632957, C0218271A17897D4682192AB431658523EC87CB13551B2BDA40576BF766BB26C ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
    16:15:00.0040 0x09ac HidBatt - ok
    16:15:00.0046 0x09ac [ 33346BD26BB0AE4361DF1ED00D2876CF, 1777169606573646F7E7D54E01E421F62479DF57FAE86005B1EEFDC06F4898B7 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
    16:15:00.0065 0x09ac HidBth - ok
    16:15:00.0069 0x09ac [ 6D767FEB02DF712F783BEEFF09E06431, AB64C61E5729FB27BF9564CA8308D895CFFB992CE8606FDC31EFF01BB1FF8FFE ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
    16:15:00.0087 0x09ac hidi2c - ok
    16:15:00.0091 0x09ac [ 542AB7A14235C5227A9307ACF1636F0B, E54C4C4511727F4E70CB1C9259C56D4AC62E70BAB2F42E9AB402C1DF4AF3FA25 ] hidinterrupt C:\WINDOWS\System32\drivers\hidinterrupt.sys
    16:15:00.0103 0x09ac hidinterrupt - ok
    16:15:00.0107 0x09ac [ 1553DF41F4EE4F60B4BEEEC62264BE71, 46AE8357E8038D35ADB82A51ED421293D7AB18C926C713F19149B97400D4C65E ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
    16:15:00.0135 0x09ac HidIr - ok
    16:15:00.0139 0x09ac [ 3030F19C6A73367D6D5EEDD157F5D01A, B1F13C2AE334C8CDF15BD96B70E92A81487308D841196A29AE3D1164CDAF9AA2 ] hidserv C:\WINDOWS\system32\hidserv.dll
    16:15:00.0157 0x09ac hidserv - ok
    16:15:00.0162 0x09ac [ 6E3FB2047B8AE72E1B5F1C00A5F3E475, A5F791BECA43925D410751C114BCF2FC4A46D7A44BE80B02CD3259C6E271FF31 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
    16:15:00.0179 0x09ac HidUsb - ok
    16:15:00.0185 0x09ac [ 621B1FFB2E4E4745484EA01B013BF1D2, 6F6761922EF931DB95D6597A5884DEB3CC127FB9D763A5A27369F7881DE64B8D ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
    16:15:00.0199 0x09ac HpSAMD - ok
    16:15:00.0219 0x09ac [ 87B74C28D0A841D920B05184554C41BB, 5E51CCBFD5E7F00E9DB9A1322B99C50C0AC62150ED1E3FBBD6CCACB5494C5778 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
    16:15:00.0253 0x09ac HTTP - ok
    16:15:00.0257 0x09ac [ 9E1F3BA540DB9F4942A3F50A92E5754F, 3FF53B60DC52886D6F2EC7F9D8C12009A4BECE5A046D827BC8C941E7401ED000 ] hvcrash C:\WINDOWS\System32\drivers\hvcrash.sys
    16:15:00.0269 0x09ac hvcrash - ok
    16:15:00.0274 0x09ac [ EBFCD9B6431859F529CE9BB66E723D37, 2D693E8B44D0A9564CF515A00F6079F4D06B2E2E3C297A048E40B20CFCC0F7B1 ] HvHost C:\WINDOWS\System32\hvhostsvc.dll
    16:15:00.0289 0x09ac HvHost - ok
    16:15:00.0293 0x09ac [ E4316FAD6BED282E4BD5ED122BC6BF72, D1CC583044300D34EA5BBF9A95B52FE4EEC61026B49DBDBBF4004E99439A6C44 ] hvservice C:\WINDOWS\system32\drivers\hvservice.sys
    16:15:00.0307 0x09ac hvservice - ok
    16:15:00.0311 0x09ac [ B149905CD7451160B6BFA2191A3F6182, A706E4F12963A20F9767D8730973282B5830D97A087ADA8CA9B7D219513C127F ] HwNClx0101 C:\WINDOWS\system32\Drivers\mshwnclx.sys
    16:15:00.0327 0x09ac HwNClx0101 - ok
    16:15:00.0331 0x09ac [ FE36689912DEC37D45B7A6C6414046FE, 3AE4E52B4ECD50ABEF67DCD1E30E409908F53624D9854BDD472352E8B280F19D ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
    16:15:00.0344 0x09ac hwpolicy - ok
    16:15:00.0348 0x09ac [ A1133368F47D514D73DD7FB4C4FD2B75, 6019DABCAB9E2941D76EC62F4352FA76DDCD964671C490730BF725CA2234CA3D ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
    16:15:00.0363 0x09ac hyperkbd - ok
    16:15:00.0367 0x09ac [ B68252C53556FFB52CCE18FF30FACA99, 0463FB8661A9EF338EFBBE43EE76C63DE170510D0E9B612D62009D7D85669365 ] HyperVideo C:\WINDOWS\System32\drivers\HyperVideo.sys
    16:15:00.0382 0x09ac HyperVideo - ok
    16:15:00.0389 0x09ac [ DA179667B8CEC22E4ECBBF4210DC0E35, 70CDB592E1775919B9AB1810A7BA18FE4851FBD493E4772741F36FC11A4CA47E ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
    16:15:00.0411 0x09ac i8042prt - ok
    16:15:00.0416 0x09ac [ B5EC43755E62591197DE5CBBDAA9FEB7, 1B4E0EAB677B09A050925879ECDA311404270DCF020AAD390692427198C73C9F ] iagpio C:\WINDOWS\System32\drivers\iagpio.sys
    16:15:00.0434 0x09ac iagpio - ok
    16:15:00.0440 0x09ac [ D8CA23F9C5FEF44296FDE1E005C06EC0, 0D7B03EF9E19B9B2A28C3318560488B3F9573CF364A533A9B4A2CD0A7FFA4F84 ] iai2c C:\WINDOWS\System32\drivers\iai2c.sys
    16:15:00.0458 0x09ac iai2c - ok
    16:15:00.0463 0x09ac [ 7B769C9D19C013F94874C4B15D59A005, 53A15F0480AEC43B5A01CFB17360188885B6ECBFFF6E566D27E5B6D4C7737243 ] iaLPSS2i_GPIO2 C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys
    16:15:00.0481 0x09ac iaLPSS2i_GPIO2 - ok
    16:15:00.0485 0x09ac [ E0F1B3A2A70FABE3BE1C9140BB55E607, 34E5B055619F3A26B7BB6054EA49D40B7D6DAFE234F57F358FE7C8EE83E10618 ] iaLPSS2i_GPIO2_BXT_P C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys
    16:15:00.0502 0x09ac iaLPSS2i_GPIO2_BXT_P - ok
    16:15:00.0510 0x09ac [ 89A869BCC0588A3009ECB875B09ECD39, 5ECC2C6E661B326511682D8EA1C82F942C63835890687285FEF455C5C9DC2476 ] iaLPSS2i_I2C C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
    16:15:00.0531 0x09ac iaLPSS2i_I2C - ok
    16:15:00.0537 0x09ac [ 2E693DF3C02A0859DB8DE25772751100, 3EFFDA44B247E04258429ADC85E88E23F926FD487A3A85BF879E6E5802197B3F ] iaLPSS2i_I2C_BXT_P C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys
    16:15:00.0563 0x09ac iaLPSS2i_I2C_BXT_P - ok
    16:15:00.0571 0x09ac [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
    16:15:00.0583 0x09ac iaLPSSi_GPIO - ok
    16:15:00.0590 0x09ac [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
    16:15:00.0616 0x09ac iaLPSSi_I2C - ok
    16:15:00.0636 0x09ac [ 26405FA714257E449581DE5D6E6200E6, 1C3055AF6BB53308B7E6268A11929881263767619FF524674C51C03B7990C0A8 ] iaStorAVC C:\WINDOWS\system32\drivers\iaStorAVC.sys
    16:15:00.0667 0x09ac iaStorAVC - ok
    16:15:00.0680 0x09ac [ 11AC0355FE52CC8813EE6864DE7531E4, 4D77C451C230395E03B3DB592B1BDCDB8B2142961906A25F0FD070D3A8B670EB ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
    16:15:00.0699 0x09ac iaStorV - ok
    16:15:00.0712 0x09ac [ 62CD9FA7394BCDF7784CCEFC9D00C9AA, 2A09A921EBD998EC45470675FC8D803EAE5F9E2E16B9313591987AA574835CFE ] ibbus C:\WINDOWS\System32\drivers\ibbus.sys
    16:15:00.0734 0x09ac ibbus - ok
    16:15:00.0737 0x09ac ibtsiva - ok
    16:15:00.0744 0x09ac [ C5547F54E191D36AFD3A3654CBA65806, FC4EA1FFE2077FE17C536C0674CBC61EFDA138BC145346DA67742C15A93D9C1A ] ibtusb C:\WINDOWS\system32\DRIVERS\ibtusb.sys
    16:15:00.0758 0x09ac ibtusb - ok
    16:15:00.0764 0x09ac [ D8808F658B310B89EEA036FA618A3BD4, FD43C69FC6110614ED5542210F7BC3326A09B73C67144B84194591247844A021 ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    16:15:00.0777 0x09ac ICCS - ok
    16:15:00.0781 0x09ac [ 1B904E09172A2D63CB728F56B9DC72AA, E83D8A55319B378EB76A88EF778F69F560C8F2541BBD58151754509008D1A2C5 ] ICCWDT C:\WINDOWS\System32\drivers\ICCWDT.sys
    16:15:00.0792 0x09ac ICCWDT - ok
    16:15:00.0799 0x09ac [ F8CFDD8FED56E1261367A81A731BC1C0, 408187B2E7B403B47AF0D4BF089439D9BA3B3090A430983F77A55DEF2AB381DB ] icssvc C:\WINDOWS\System32\tetheringservice.dll
    16:15:00.0823 0x09ac icssvc - ok
    16:15:00.0980 0x09ac [ 29518D8973FA7F6F7F43F0B37A612281, 135DC1971587FD5DB4C7F1F326AA358CD7A7BCBC605452E2040B8EC4BF1CE4ED ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
    16:15:01.0144 0x09ac igfx - ok
    16:15:01.0162 0x09ac [ 16D2096DC8911F0DD731196BBA7CC9FB, 951C018278DEF36F3B6A0F97082EDD1AE6845F55403B1BEA208A36AD9E55DA96 ] igfxCUIService2.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
    16:15:01.0180 0x09ac igfxCUIService2.0.0.0 - ok
    16:15:01.0200 0x09ac [ 37D673A961E21BFF0143AE43C3E41DAC, 8F049E0CBCE994C17D12A6BE4EBBF2D0BF47FB96BA40C482232E9D77BBF6F88A ] IKEEXT C:\WINDOWS\System32\ikeext.dll
    16:15:01.0258 0x09ac IKEEXT - ok
    16:15:01.0263 0x09ac [ AA38C19A3D65E8228D822EB18037E19D, 54943929E398C67A5A9C72EA65F0FD7A06BB43F03A2291CAEA29443CD10C5169 ] IndirectKmd C:\WINDOWS\System32\drivers\IndirectKmd.sys
    16:15:01.0282 0x09ac IndirectKmd - ok
    16:15:01.0315 0x09ac [ 310C18A371002983E7BF25BEB0333480, 2A251FDD552F2757059B49441BD6AC683FAEB254D828A792EA382B0D4070F1F8 ] InstallService C:\WINDOWS\system32\InstallService.dll
    16:15:01.0384 0x09ac InstallService - ok
    16:15:01.0461 0x09ac [ 7EF2C326CFE5BD1E7F5A69F0B4ED67E9, C0B9748BC2B047F941FBB7F439C0CEA458A8C6E9BF017C01C365A8B4BCE8EF0B ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
    16:15:01.0553 0x09ac IntcAzAudAddService - ok
    16:15:01.0569 0x09ac [ E300D1E37B737ED14F7A08CD5604E5D9, 5C1135081E29D7F4A97D5CAA2C8FBE1DD04EC7A3D8E648E69F2AA9EBDD88EBBB ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
    16:15:01.0589 0x09ac IntcDAud - ok
    16:15:01.0604 0x09ac [ DAE6C3099D291EED8922A65C29ABCF52, AD0A932345382824122F84AF97A8609BAE1B916A3B9FD608779A1411E37D3643 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
    16:15:01.0632 0x09ac Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
    16:15:01.0778 0x09ac Detect skipped due to KSN trusted
    16:15:01.0778 0x09ac Intel(R) Capability Licensing Service Interface - ok
    16:15:01.0794 0x09ac [ D45226E3E7A25F1E7CE8DF8FD0A2A098, 7BD74E9E3CB0A83D26BA3FD8177C6B9BA46A8695B6569CF7887FDC87947DA2D6 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    16:15:01.0820 0x09ac Intel(R) Capability Licensing Service TCP IP Interface - ok
    16:15:01.0825 0x09ac [ 57739E742ABC085C2A4340D4404B4A8B, B4B85C35AC96D11F5940AFCB15A2B2A41D70E3C392E1D4D9353899FA140FF281 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    16:15:01.0836 0x09ac Intel(R) ME Service - ok
    16:15:01.0839 0x09ac [ F1B552F7ACDF6E3E4DDDB76118CAFDE3, C4047BAAECF6FA3B73EB684F53C7F81A08AA39F42F8DC7C31BF35DFA93B7C647 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
    16:15:01.0851 0x09ac intelide - ok
    16:15:01.0857 0x09ac [ E6CC7C1E7CEDC81D6B15BF2CF4C99109, 1B181F55CD2E500468FE07C9BA6F20B207FA4B601C4971D1551B80A480D42EBD ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
    16:15:01.0875 0x09ac intelpep - ok
    16:15:01.0881 0x09ac [ 2CEF9DEB97B2CA327175EE8AD5F195A1, 1D6A3B47A844A235B73F8DC2BF872A943FE980480480843EDD5935307C115B3E ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
    16:15:01.0899 0x09ac intelppm - ok
    16:15:01.0904 0x09ac [ 1619EE2C1FC5684C526D6F0D7DD40F50, B771ED85A4596A5C3D137AA440FB1B1F12CA8091E5304C741B8840C24DF1B35F ] iocbios2 C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys
    16:15:01.0914 0x09ac iocbios2 - ok
    16:15:01.0918 0x09ac [ 917931A6116F03DB3CA56CFCE8634667, 27B661B6143F4AE94BF28DE1133001F95A451C18804F6DFED1D7D1F36B5E5350 ] iorate C:\WINDOWS\system32\drivers\iorate.sys
    16:15:01.0930 0x09ac iorate - ok
    16:15:01.0935 0x09ac [ FB72A49FAD5C343C8C38948F92D87BBF, 3947D9393D6F4F104D2D07D5FBA61041A8D6006BE2497F2A6337462F8B04A124 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    16:15:01.0952 0x09ac IpFilterDriver - ok
    16:15:01.0968 0x09ac [ 9064A49C03F1CED42EAC2B4636C87192, CF388E05EA782BC0645FD0B42A41C9334C074BE6D7C193FA4F9819905CBCEA9C ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
    16:15:02.0007 0x09ac iphlpsvc - ok
    16:15:02.0012 0x09ac [ 5C58142E0F1F8AA379748CC123BA7527, 1D6D42F2595DF3C0EE8FEF751F13119951A2D040D2B22A7F0CBD6083B49F8A37 ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
    16:15:02.0025 0x09ac IPMIDRV - ok
    16:15:02.0032 0x09ac [ 7408B83959A4B8271EF67FD06A6B366B, C22DDB76AC3351A50B889AD7D2756EF8612450AC8EE72C88A1044691A0071BE5 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
    16:15:02.0054 0x09ac IPNAT - ok
    16:15:02.0057 0x09ac [ 22896D7BC9E2B0027DF0CA860E9547C8, 50607E9B752B03289893EF9F4882A10C560E8A3413A237D890697FC25545DFC5 ] IpOverUsbSvc C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
    16:15:02.0068 0x09ac IpOverUsbSvc - ok
    16:15:02.0072 0x09ac [ 7BEA2228C81FB6E1EADDD54D615B4C7E, 8640865C98F951B1B8D99E841D9A3FDC6E0251AFAC6B02F815DC409627A50112 ] IPT C:\WINDOWS\System32\drivers\ipt.sys
    16:15:02.0086 0x09ac IPT - ok
    16:15:02.0090 0x09ac [ AD0574F12AA812340BD39071FD30AD1E, 765F1EDFEDEA1F2728108D7A1187A468F529A883886006F74DB9EAD0BFE7B1B6 ] IpxlatCfgSvc C:\WINDOWS\System32\IpxlatCfg.dll
    16:15:02.0108 0x09ac IpxlatCfgSvc - ok
    16:15:02.0113 0x09ac [ 030AE3773151CFA728C67E38416FAD8D, 167E698035F2F07E822B430B31F02FABF3997BAC93039786747053344CE6E6D3 ] irda C:\WINDOWS\system32\drivers\irda.sys
    16:15:02.0132 0x09ac irda - ok
    16:15:02.0136 0x09ac [ 79D02DC54AB4F85D2C13A728A0E36193, 3B6BA678ED269195D506D29EBD9E070603F02AC0FAA92364E7C553B8856C3EDB ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
    16:15:02.0152 0x09ac IRENUM - ok
    16:15:02.0156 0x09ac [ 6ADE9DCAF71DCD888320CA47DB8B05EF, 6FA1EBB3D025546AAD14D968DF7CABD3002598F2F561CCC1D4F07A9B0322DE02 ] irmon C:\WINDOWS\System32\irmon.dll
    16:15:02.0173 0x09ac irmon - ok
    16:15:02.0176 0x09ac [ 38A6EC08D0067DECF7B5BA4C871B846C, 0FAB8EACA2BB4A0BF3895B6BB7CA9BCF74447CF640535A57998C6A4A35EAC030 ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
    16:15:02.0188 0x09ac isapnp - ok
    16:15:02.0196 0x09ac [ 5529131AAB75E07D9295B19E20C54DAE, C2F2C7D33945C13DDC5EF540581772CEF73EFB23F19E6BCDBB6A99D8C96A302B ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
    16:15:02.0214 0x09ac iScsiPrt - ok
    16:15:02.0220 0x09ac [ C35FD802C800F3CBB4FD426D5A542A22, B2325956DB68222C5FBB43DFA0BF5EEC073470010E13997F2A5635CC89D66872 ] ItSas35i C:\WINDOWS\system32\drivers\ItSas35i.sys
    16:15:02.0235 0x09ac ItSas35i - ok
    16:15:02.0237 0x09ac IUFileFilter - ok
    16:15:02.0243 0x09ac [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    16:15:02.0255 0x09ac jhi_service - ok
    16:15:02.0259 0x09ac [ 17F3B012B28F27E7B813A7B037A3D790, DADE75BB016438B7E0A11A1CF1FFA596C27246EF7F4E04D96366029C9F65F0C5 ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
    16:15:02.0273 0x09ac kbdclass - ok
    16:15:02.0276 0x09ac [ 843B4BBD15DD0340C5C293CD419D4A76, F6D17CCE13697669DA4EF1F83E394F5496C437496E0E09307F8B615DE3216CC5 ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
    16:15:02.0294 0x09ac kbdhid - ok
    16:15:02.0297 0x09ac [ 5BBB86F3F1700E0ACE1DF10F0EF7B227, 348FE61522F8C24F407F87D2966F62BD816DF27CD824AC103699CA66EE799640 ] kdnic C:\WINDOWS\System32\drivers\kdnic.sys
    16:15:02.0316 0x09ac kdnic - ok
    16:15:02.0322 0x09ac [ 317340CD278A374BCEF6A30194557227, 593DA57CDD02F4CC3A5125CE5707C222DD922F2936D16492BA21AC6C345EC6B0 ] KeyIso C:\WINDOWS\system32\lsass.exe
    16:15:02.0335 0x09ac KeyIso - ok
    16:15:02.0341 0x09ac [ 65EF1DBF0132AE84A71B555E97445D4E, 5B48E8E469EA81B58DA11AF79006752A689089467320E5CC19E9DAFFFB60A6DD ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
    16:15:02.0357 0x09ac KSecDD - ok
    16:15:02.0362 0x09ac [ 1F185416D44C2659BB57B0D828797ECB, B3F61A235437ECCB49B93F64A9130E18365F228FEFEE3C33B8FBC9B3D03990FB ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
    16:15:02.0379 0x09ac KSecPkg - ok
    16:15:02.0382 0x09ac [ 10F2EBC1F1C4549C355781715DE47B66, 9D23CBA56245532D88396DF99C62A26E71A7EEEF7CD8BA98FFF9FD2804DDF946 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
    16:15:02.0398 0x09ac ksthunk - ok
    16:15:02.0409 0x09ac [ C4151271434A490707B4FD4E6AAE9EED, DDB809D002039645CDED08322B9CDCA04C483A119380098FF9EBA998A1A3811D ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
    16:15:02.0436 0x09ac KtmRm - ok
    16:15:02.0444 0x09ac [ 081D030BC669BDEDC68B8FE81A67E6A7, B5C1FA89ACAE1683A524CD14E2D7D6C3C1FAE0ABCD330841D493FC6DB0843798 ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
    16:15:02.0471 0x09ac LanmanServer - ok
    16:15:02.0479 0x09ac [ 514E8BD07F42D95667F54777D57403D0, 3D024A18F7AC70A846FAB3255AA1048F8DD1DC4301F1B70B647B71F5E7A1AA24 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
    16:15:02.0507 0x09ac LanmanWorkstation - ok
    16:15:02.0514 0x09ac [ 031199B929009F268A478F0283E1CE32, B7BFB848A03535C16798085D489AB294935955F2982330B39190B2074BF9122B ] LenovoWiFiHotspotSvr C:\Windows\System32\LenovoWiFiHotspotSvr.exe
    16:15:02.0528 0x09ac LenovoWiFiHotspotSvr - ok
    16:15:02.0532 0x09ac [ C2A49E8EEE7C3D06ECA80847A42F65D5, E1559EF96E6F2146E4AC0BE46CBFF5FA29829812A64A6F09803C00E3E0AAB1F0 ] lfsvc C:\WINDOWS\System32\lfsvc.dll
    16:15:02.0550 0x09ac lfsvc - ok
    16:15:02.0554 0x09ac [ A6F294B38F3DFB67D6B6E1D1E60A402A, 11C51B35DB2A3510258F3B722C12326BF068360CFA1E81FF552BA0BD19DE38E8 ] LGBusEnum C:\WINDOWS\system32\drivers\LGBusEnum.sys
    16:15:02.0565 0x09ac LGBusEnum - ok
    16:15:02.0568 0x09ac [ 2D7F1C02B94D6F0F3E10107E5EA8E141, 93B266F38C3C3EAAB475D81597ABBD7CC07943035068BB6FD670DBBE15DE0131 ] LGCoreTemp C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys
    16:15:02.0577 0x09ac LGCoreTemp - ok
    16:15:02.0581 0x09ac [ 2A9F60E6531F42B31874618743037719, BFD61AD03ADEF69421ECB07820EDB79D425048EC01A65A0D1E8A4527699196DC ] LGJoyXlCore C:\WINDOWS\system32\drivers\LGJoyXlCore.sys
    16:15:02.0592 0x09ac LGJoyXlCore - ok
    16:15:02.0595 0x09ac [ FA59A7421049F5852C1182345A4B8C4F, 6E7DFBF8382187E01CA0AE9CB7A175B563DA6807909A8A7E67779C045F290A06 ] LGVirHid C:\WINDOWS\system32\drivers\LGVirHid.sys
    16:15:02.0606 0x09ac LGVirHid - ok
    16:15:02.0610 0x09ac [ DB8F10ED986BFE0A5B663A1D067F2CCC, 88EE540F545C8838E9F855094A2A4AAC096BD24F77103E06464CCD77C3FCFFFD ] LicenseManager C:\WINDOWS\system32\LicenseManagerSvc.dll
    16:15:02.0628 0x09ac LicenseManager - ok
    16:15:02.0632 0x09ac [ 3CF979AFF0196DF3DF5E54DFC049EB1F, FEA82EF2AA4222171E80548EB00A4F0FBD27363B84AA9E6B8F82147C568BADEE ] lltdio C:\WINDOWS\system32\drivers\lltdio.sys
    16:15:02.0650 0x09ac lltdio - ok
    16:15:02.0659 0x09ac [ D6DD748EAC3BC540CFE65C73FE20C099, 8A79E1F1834D949D027B4D3471297ADFB539B9282DE5DF5FDBE60AE171F3CFFC ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
    16:15:02.0684 0x09ac lltdsvc - ok
    16:15:02.0688 0x09ac [ BD35F484DA59014D091736F8F10BFB42, 7004408EEE281BA707248369910483928A15F3304F4A8F594EA2E04D43929926 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
    16:15:02.0707 0x09ac lmhosts - ok
    16:15:02.0713 0x09ac [ 409BCD64FCA0147614E6B0DD14C071FA, E498B8F86232456577BAD44CFA04B5D869C1B9D5C07DB413AFB294C032FF7BE1 ] LogiRegistryService C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
    16:15:02.0727 0x09ac LogiRegistryService - ok
    16:15:02.0733 0x09ac [ 48380096385DB46E43D85CD92B9500DB, D93F4FDAA5A665E09004F7676E821AEAD0ED059F0E006FF73F02BB8FF1C0F9FC ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
    16:15:02.0747 0x09ac LSI_SAS - ok
    16:15:02.0754 0x09ac [ F708223E5829510DF0D5AF209D11C8B8, DE82ACC6D04092C22BA4E63CF527814467870A10B93D7E9B061DBA23CEF9424B ] LSI_SAS2i C:\WINDOWS\system32\drivers\lsi_sas2i.sys
    16:15:02.0769 0x09ac LSI_SAS2i - ok
    16:15:02.0774 0x09ac [ B91BCC8F670F128A4BB826ACF2C2B9D5, D905232E3E49EA6CACE04CDB241D12CA9E84F106D15340C921B980610C1080FB ] LSI_SAS3i C:\WINDOWS\system32\drivers\lsi_sas3i.sys
    16:15:02.0788 0x09ac LSI_SAS3i - ok
    16:15:02.0793 0x09ac [ FA31CDF977CD31AF9AEAAA422966ACC1, 705761786930A2534CD1B797F5F16F56F58647192175F5D19E13642A89462CAA ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
    16:15:02.0806 0x09ac LSI_SSS - ok
    16:15:02.0821 0x09ac [ 52B6D805C60127F0456DF019775F5740, 3005C49349072EDD68DBFC6DBF884FC75E060920EA3FA90A60C39F5A83939595 ] LSM C:\WINDOWS\System32\lsm.dll
    16:15:02.0855 0x09ac LSM - ok
    16:15:02.0862 0x09ac [ E86400D7B6E095E89CF63667D94D3F50, 4E30374B82FB1D8904B9803109C4557C565023FA94C7AE61BB2ADAAACAE0E179 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
    16:15:02.0881 0x09ac luafv - ok
    16:15:02.0888 0x09ac [ 07514F5635999D7DDB5F3A62B5C5AEB3, D3717437D14C36873E2D0C1AA65F29EB9A5DB1DE60A7EE86A093FD126B7EBC05 ] LxpSvc C:\WINDOWS\System32\LanguageOverlayServer.dll
    16:15:02.0911 0x09ac LxpSvc - ok
    16:15:02.0915 0x09ac [ 1CA48E995EE9BDAE7EE3601C792D8DA4, DC4EE789810D3993343F7085DBCFBE1E74B10A31B32C60964582E2F27B5D716B ] MapsBroker C:\WINDOWS\System32\moshost.dll
    16:15:02.0935 0x09ac MapsBroker - ok
    16:15:02.0946 0x09ac [ BD3D311802427608403C5E73A8D6137D, C85DCB557E931E302AF90270731C3F5AA820CDF14D7DBACA95284FD9E4BF5F3D ] mausbhost C:\WINDOWS\System32\drivers\mausbhost.sys
    16:15:02.0969 0x09ac mausbhost - ok
    16:15:02.0974 0x09ac [ 61C2D9790943D8E3AD05AE35E4A313EF, 96BBA5333F4AEEE41FAD28124DD448CFECD8111F931758CAB60FCB1DAA05E239 ] mausbip C:\WINDOWS\System32\drivers\mausbip.sys
    16:15:02.0986 0x09ac mausbip - ok
    16:15:02.0992 0x09ac [ AD4D827A76EFC23FD0967D45597EA1C6, 5322BAEE2261AE6B9CF80DB4E735944E30ECA790E7B5788D65E984C6F8B03794 ] MBAMChameleon C:\WINDOWS\System32\Drivers\MbamChameleon.sys
    16:15:03.0006 0x09ac MBAMChameleon - ok
    16:15:03.0011 0x09ac [ 369D0CAFA432F291DB747B047CD423B4, 7665EB71659D153610ADF1C30F6958EDEBC8034DF0560A35F79A9123F800A603 ] MBAMFarflt C:\WINDOWS\system32\DRIVERS\farflt.sys
    16:15:03.0022 0x09ac MBAMFarflt - ok
    16:15:03.0026 0x09ac [ 3EB8C2CDA87FF8F8AB94B0E7845115F2, 44A0BDF13CBE1F9EB3855BBD9B6C10C7D6997468F3ECFE0AFA6A0DDD67528AF9 ] MBAMProtection C:\WINDOWS\system32\DRIVERS\mbam.sys
    16:15:03.0037 0x09ac MBAMProtection - ok
    16:15:03.0139 0x09ac [ ECB760B2391608BA4E0A7987ADA70CCF, 03B39EA56CD46666CFA8467AA246A63924C0F4AACD27E51FD5E1192000B4A577 ] MBAMService C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    16:15:03.0253 0x09ac MBAMService - ok
    16:15:03.0266 0x09ac [ 7CE9DEB496E666174498F7DF681E977E, 665D146303C39985E136C38F5F04C5FAE3BCCCB914F9AE75E541E09B28EC639E ] MBAMSwissArmy C:\WINDOWS\System32\Drivers\mbamswissarmy.sys
    16:15:03.0280 0x09ac MBAMSwissArmy - ok
    16:15:03.0285 0x09ac [ EE952B5245F97B7DA18FF2CB7E4B337C, 9767EDC7205C821841885787F7293BECD886ADB5A6F3E1CCB9BE5FD76BFA2B13 ] MBAMWebProtection C:\WINDOWS\system32\DRIVERS\mwac.sys
    16:15:03.0297 0x09ac MBAMWebProtection - ok
    16:15:03.0301 0x09ac [ 61BCE12529E96E6F0335A2A8DEB83C61, BFDD1E52736311CF53AE9C778C664D37B5B711B544BC41BDFB137F7A9789AD2A ] megasas C:\WINDOWS\system32\drivers\megasas.sys
    16:15:03.0314 0x09ac megasas - ok
    16:15:03.0319 0x09ac [ CA22763F12783A9C81C512ED747CECDD, 8D2403364D5479D89479FA0C23BB9511A4360F51504F78AA1675220CDCD21398 ] megasas2i C:\WINDOWS\system32\drivers\MegaSas2i.sys
    16:15:03.0333 0x09ac megasas2i - ok
    16:15:03.0338 0x09ac [ FDB06D857FC43D654547BBB31D039DB4, 4CBE0F0FBDD88A5DB4F333466BB4E1C886E0742D41B4ED418587B40C4F59B307 ] megasas35i C:\WINDOWS\system32\drivers\megasas35i.sys
    16:15:03.0351 0x09ac megasas35i - ok
    16:15:03.0364 0x09ac [ 230361AF74DDB91705284E024A22DF4F, 82F13E3E4A8B3CB6AE65C1C9F878702D16D101B0DCC79B9FF8368F9B87E0F285 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
    16:15:03.0388 0x09ac megasr - ok
    16:15:03.0395 0x09ac [ 86F565B0D41EBCCE7256B812F3A0442B, BACB5753D4501679B0C3D5D6B2D2D5233EC6B5BF76D0C2BD616EC460D5B9918F ] MEIx64 C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
    16:15:03.0413 0x09ac MEIx64 - ok
    16:15:03.0417 0x09ac [ 69259AFDF347B5F4AF06E900C4A1F62E, 167FF155F3E1B362A5D5FDB010A5F539F5E13CAD7E64E6F105CC770DA3639EEB ] MessagingService C:\WINDOWS\System32\MessagingService.dll
    16:15:03.0437 0x09ac MessagingService - ok
    16:15:03.0456 0x09ac [ A8931C3820D5F392D89176E0628E766E, 0F035833B1CBABDF9E5142F3E5EB6413DC7DDBF3A0562170018A8EBA20992CA4 ] mlx4_bus C:\WINDOWS\System32\drivers\mlx4_bus.sys
    16:15:03.0486 0x09ac mlx4_bus - ok
    16:15:03.0490 0x09ac [ EB4D7C9354CB88DE4B085EA3EEA5BC76, DD842967ED5A9232AF34E68548C98F9760487D5626C9628A44598A97B28F24D3 ] MMCSS C:\WINDOWS\system32\drivers\mmcss.sys
    16:15:03.0508 0x09ac MMCSS - ok
    16:15:03.0513 0x09ac [ CA25F2D78FDD0D36E3F3071B4B317BD4, 21B5902EF802FAFA7DC6FD737CE9888C74526983FDCE31CDFAB11630E1476FD1 ] Modem C:\WINDOWS\system32\drivers\modem.sys
    16:15:03.0529 0x09ac Modem - ok
    16:15:03.0533 0x09ac [ 13142B3B30F633F407D5256B2FFCCEF0, 0A8DD229FD752E8B7E1D11E1A066BCF8B3E2023068AD731FF23ACBF4D182D23D ] monitor C:\WINDOWS\System32\drivers\monitor.sys
    16:15:03.0549 0x09ac monitor - ok
    16:15:03.0553 0x09ac [ 66C9CCC6A100ACF7A4514BD3091CE566, 1423EC39D4203D717B79BF2E5F4A89A0541CCEA2162351A670EA46AA69A0859D ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
    16:15:03.0566 0x09ac mouclass - ok
    16:15:03.0570 0x09ac [ 6BE61DAF4CDC0E13940096EAC4A9F490, 954DA0C9FE3881030EC0B9A428C2C2BBC86353EC9421009AC48FDC047315160F ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
    16:15:03.0587 0x09ac mouhid - ok
    16:15:03.0593 0x09ac [ 2CFB54C638F75E39FBB22723401A8A56, 5E4B1107534AF4ADCD031FC4931B6819B8371720A3D68B5C9788C2AB34DA2C21 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
    16:15:03.0607 0x09ac mountmgr - ok
    16:15:03.0612 0x09ac [ 30813D30C0F03BB6D2B584C665C83F25, F341D30E503F18CA36041F05C8613AB88FF84CD0710CB5AF081F2F07F76FE8F5 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    16:15:03.0626 0x09ac MozillaMaintenance - ok
    16:15:03.0631 0x09ac [ BC7C041E5AB2D7F157731456188BFCF5, 8E2FDB34BD25A0D92692F584AD30419E54DE4349DC2ECF9B1FB15DB6C475A7C1 ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
    16:15:03.0648 0x09ac mpsdrv - ok
    16:15:03.0667 0x09ac [ 9C7CE5CF0CDB6F41FDB96EF03754D283, A9A8B755EAF20C13FA32240FF71134020F21EF1EB7F033F385AA1F7FDB3CEF14 ] mpssvc C:\WINDOWS\system32\mpssvc.dll
    16:15:03.0706 0x09ac mpssvc - ok
    16:15:03.0713 0x09ac [ C12373EC998C6F17C0FE2D6C3CBB9C04, 5F41757D6774B2DCADB340430B26C2C1BA93D7A47948DA92023622B66BB7B482 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
    16:15:03.0731 0x09ac MRxDAV - ok
    16:15:03.0743 0x09ac [ 3C0FA2ED75875481D00F3D77B1A3E336, 031E1A6F826CEDB44D9FAAA1615872087B822F7A4E0731D3023AEF1CFCD10A2F ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    16:15:03.0765 0x09ac mrxsmb - ok
    16:15:03.0774 0x09ac [ 42FE3D84EFE835443151DC2A50D05643, 3582EA0CAA2A02AA9A6FDECF9DE0F962BF10FB1C2E7E804A3F0D62C4A4C365B1 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
    16:15:03.0791 0x09ac mrxsmb20 - ok
    16:15:03.0797 0x09ac [ F14DE177087F9E990EDE95ACE1F94662, E0B8C7DAF8C13CAD08B974D681981038E33ED8871717C550477EDCFD05A3B96D ] MsBridge C:\WINDOWS\system32\drivers\bridge.sys
    16:15:03.0817 0x09ac MsBridge - ok
    16:15:03.0822 0x09ac [ 9A94F32C1DC90A7E5A35D0F820A8FB1D, 4CAFCE804D9135BE9CBF80307D570F24E4A102890DAB504E3DEFF3B335C9B80E ] MSDTC C:\WINDOWS\System32\msdtc.exe
    16:15:03.0842 0x09ac MSDTC - ok
    16:15:03.0848 0x09ac [ 128E1D8C23F690DF1DD7AFDB214DB6ED, 9A04B77E91956B76B2FA2FE5F192C794E0C1DA708AE99B64B3B3D39902452E39 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    16:15:03.0864 0x09ac Msfs - ok
    16:15:03.0868 0x09ac [ 5A5ABA987943317300A4E55A5C5EB8C4, 9AC863F537BBB2D776C3F240B510DEE94BD84A7675C695D1270770609E77F65B ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
    16:15:03.0880 0x09ac msgpiowin32 - ok
    16:15:03.0884 0x09ac [ D727DEA75E316C80793C7098225D3F56, F6E7F01DDDED03E29BE64796873875A4CC7215B3C8152192A465EE2E76FFC8A1 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
    16:15:03.0899 0x09ac mshidkmdf - ok
    16:15:03.0902 0x09ac [ E12A703CE10B068727499276340D5296, 67F513A83D896DBF014D7446D66F1A1F9F0D03ADB23B57FD1A3CCC880ED50299 ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
    16:15:03.0918 0x09ac mshidumdf - ok
    16:15:03.0921 0x09ac [ 8E42D6B92CB4567467E29F58F2E31715, F1EEB6811526C079EF8C3702A535B23FA14C5A33CA2B14C9A65BAE136568B724 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
    16:15:03.0932 0x09ac msisadrv - ok
    16:15:03.0938 0x09ac [ C9930B9F2ABF42C732202813951A9A26, FFCE4E4FEC9F8393C75828C1D5CC380A666D4606891789D3A6923CE6701D5D99 ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
    16:15:03.0959 0x09ac MSiSCSI - ok
    16:15:03.0962 0x09ac msiserver - ok
    16:15:03.0965 0x09ac [ 2F3B9A23F8DEE9C3AD58CB3D966D83DD, C030A6376B392AA2D9CB8FF16196A4F71F4E7A3E32124B4B30D714D75B6583B2 ] MSKSSRV C:\WINDOWS\System32\drivers\MSKSSRV.sys
    16:15:03.0983 0x09ac MSKSSRV - ok
    16:15:03.0987 0x09ac [ AECFFBE104D428E8A74BCABF5B3B9912, EA94A7FA1F9BE357311E411293F4D3CC8F80ED1523BFE362DA56A3C2AC65DF58 ] MsLldp C:\WINDOWS\system32\drivers\mslldp.sys
    16:15:04.0004 0x09ac MsLldp - ok
    16:15:04.0008 0x09ac [ 83364A92271339D8042C9DD5FD938A84, 23B9A90411DEF1ABA0A9EBFA6CC39F7EA2BFABD578F3783AD398551816AFEC2A ] MSPCLOCK C:\WINDOWS\System32\drivers\MSPCLOCK.sys
    16:15:04.0023 0x09ac MSPCLOCK - ok
    16:15:04.0026 0x09ac [ AE5A4B89CDFF544B6481970BFD48A056, 6BE9ABE33305387AA61B29AB075C2C72CCFC01A7E86C573B6BE9B4A0FFA9D3EC ] MSPQM C:\WINDOWS\System32\drivers\MSPQM.sys
    16:15:04.0044 0x09ac MSPQM - ok
    16:15:04.0053 0x09ac [ 999433544A4136A9B879C98049821EE6, 757B1EEE1BE010E06140D3F99F755F482782940D829BD7E00877775D9263C534 ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
    16:15:04.0074 0x09ac MsRPC - ok
    16:15:04.0079 0x09ac [ 4566CB65F176CE5CD8FCA487D2E3A64B, C058E431ED6D3F83A6C923648A79664A61A25F8797DA83C4AE25B491CC195F30 ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
    16:15:04.0092 0x09ac mssmbios - ok
    16:15:04.0096 0x09ac [ 8A11E03B32840C0B73C14D16794F1A8A, A003C44F5234522454E285D388E506B7880CCE5FCE5622618F97C2DFFC6EA9DB ] MSTEE C:\WINDOWS\System32\drivers\MSTEE.sys
    16:15:04.0116 0x09ac MSTEE - ok
    16:15:04.0120 0x09ac [ 794285C4F166B8108292E63FEA3C41E3, 69BB7DDB7D6F3D21395432384FB06E114B2C343664CD62A5DE1A95FBC0F5AEDD ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
    16:15:04.0135 0x09ac MTConfig - ok
    16:15:04.0140 0x09ac [ EEB9D3E90B83546864211D63C1A0A74A, E67118F7B91A192B50C9C2DC159B4276BBD8BF9CC935ABADA459E4DF4191066A ] Mup C:\WINDOWS\system32\Drivers\mup.sys
    16:15:04.0155 0x09ac Mup - ok
    16:15:04.0159 0x09ac [ 69CECA6726FAD321F5643B16A1FF3934, 8F43BEC668DD0A1D65D3B545B78AF4324AE36DCC3524B7CF3385FE2B19CB6B07 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
    16:15:04.0172 0x09ac mvumis - ok
    16:15:04.0187 0x09ac [ 84E984CE780DDAFDC1460C0DDBDE0DF3, DDDACF273B2D2FCF4D64E44149CBBD1437FB4545F86A11CDC6DCBCCB75C8D8C5 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
    16:15:04.0219 0x09ac NativeWifiP - ok
    16:15:04.0236 0x09ac [ B281FAC1C60FE21ED3F635ECF673A981, 6641CCBD38AEF3FA5D9EDD24F01AAB6509AD6D3927371CD7938C04B3BBC92FD1 ] NaturalAuthentication C:\WINDOWS\System32\NaturalAuth.dll
    16:15:04.0275 0x09ac NaturalAuthentication - ok
    16:15:04.0283 0x09ac [ 6FEC83EDC4A3D1E99039CA1D96AD720D, F6DB011FBED10EAF8CCDC9EDDCB47F728B6B17A6A3CA5D6DB5DE50EEFE7DDD4D ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
    16:15:04.0304 0x09ac NcaSvc - ok
    16:15:04.0313 0x09ac [ C3D3E2DFBD52C48EA787604F49060A5C, 0F5E3C9E63F6421398154EF942182FE67CCCCE6DE25B1EE2A30A8E6E3C17145A ] NcbService C:\WINDOWS\System32\ncbservice.dll
    16:15:04.0341 0x09ac NcbService - ok
    16:15:04.0346 0x09ac [ 9AB04C4C14B32D127DB6E7D3DF79FF26, DAC84CBDF605C43657CDA1B95A86DC0D55E236A75BFDA3041472C5D6222EB025 ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
    16:15:04.0365 0x09ac NcdAutoSetup - ok
    16:15:04.0370 0x09ac [ AB9EB3CADF4D415B598487397476A23A, EA48BC5CCD9814F6CA50485818BA150A1066D462306764C197935A926DF0565E ] ndfltr C:\WINDOWS\System32\drivers\ndfltr.sys
    16:15:04.0383 0x09ac ndfltr - ok
    16:15:04.0408 0x09ac [ B789E690ECC436F61F91BD7160C2115C, A8EE584CEAEF48BA549AC32C5DCB09D459555BCA74FA12C0738B27225EC2BC97 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
    16:15:04.0448 0x09ac NDIS - ok
    16:15:04.0453 0x09ac [ AF73B18F3096B165A6F4417C5ED36B01, B0FA9E52D7208F756103E2E853F1D17F594C9FDD2E76304743C581613E612449 ] NdisCap C:\WINDOWS\system32\drivers\ndiscap.sys
    16:15:04.0470 0x09ac NdisCap - ok
    16:15:04.0475 0x09ac [ 1A9B1F5B8B131CE461A01C9424E149D7, 66E3F49308DF111B5D5DBF57F11A05E0B9492530587E37C6729C46AED17647D3 ] NdisImPlatform C:\WINDOWS\system32\drivers\NdisImPlatform.sys
    16:15:04.0494 0x09ac NdisImPlatform - ok
    16:15:04.0498 0x09ac [ 4C8BBD7EE829CE9BFB8E21134AC477E0, ED8E0D603AFFA4BD7C7057B7B10FEB811B89CB8C6D66EC8212AC24062D58CEDB ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    16:15:04.0515 0x09ac NdisTapi - ok
    16:15:04.0520 0x09ac [ 76DB7B344F90A29A16CB6B7C67B87CF6, 921E6AF5B22CF3A9E153F6A6F5E3FFE64BE49959AD705F865D2734B0F8A07517 ] Ndisuio C:\WINDOWS\system32\drivers\ndisuio.sys
    16:15:04.0539 0x09ac Ndisuio - ok
    16:15:04.0543 0x09ac [ A76D79B71300EB3FEDD3D12D4C6F1D76, 9B20C3716DDD9EECCDDFA2C4F1A9ACA512B612A8CDFC8C22B2F867280AE51A3B ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
    16:15:04.0559 0x09ac NdisVirtualBus - ok
    16:15:04.0565 0x09ac [ DA9896F6ED9EAFDAC19177ADF99DD932, A89EA83567059A59058C0330951B292C1FD98A829276618703570293C73E2FFE ] NdisWan C:\WINDOWS\System32\drivers\ndiswan.sys
    16:15:04.0587 0x09ac NdisWan - ok
    16:15:04.0593 0x09ac [ DA9896F6ED9EAFDAC19177ADF99DD932, A89EA83567059A59058C0330951B292C1FD98A829276618703570293C73E2FFE ] ndiswanlegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    16:15:04.0613 0x09ac ndiswanlegacy - ok
    16:15:04.0618 0x09ac [ 934E4A5CFD9CB891CD338052FA3467C6, 0D7C1709E6C818E2DA969220C888BF3A28D0952E73322EDDFF66AFEEB03A3103 ] ndproxy C:\WINDOWS\system32\DRIVERS\NDProxy.sys
    16:15:04.0636 0x09ac ndproxy - ok
    16:15:04.0642 0x09ac [ 0E3B0F3645D1BAE79397C66FE8AF6402, 6568FD9646FE7C7D61D280C26097583EFA2FB9F59D43340A7283BEAD3A5CC206 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
    16:15:04.0662 0x09ac Ndu - ok
    16:15:04.0669 0x09ac [ A704515CF3038668E9E2CA66E31A0700, 0F5A75AC5FF8E021D15D89ACE4C4D215825D931097E1BB633F46177E36F40157 ] NetAdapterCx C:\WINDOWS\system32\drivers\NetAdapterCx.sys
    16:15:04.0693 0x09ac NetAdapterCx - ok
    16:15:04.0697 0x09ac [ DD09E3115DF2CDB36FED21E67149EB91, F2FAD5091F456E593FB25843026C5F2440D3605E5355F5FEFBFEF5E9E70DDED6 ] NetBIOS C:\WINDOWS\system32\drivers\netbios.sys
    16:15:04.0709 0x09ac NetBIOS - ok
    16:15:04.0719 0x09ac [ A6C01E478CD9ED26F6FB7ABCF9A2C773, 9524D6BC0F3360311A8C887B7987949BC1B24606BCAB92532C59AA61B364F0D7 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    16:15:04.0744 0x09ac NetBT - ok
    16:15:04.0749 0x09ac [ 317340CD278A374BCEF6A30194557227, 593DA57CDD02F4CC3A5125CE5707C222DD922F2936D16492BA21AC6C345EC6B0 ] Netlogon C:\WINDOWS\system32\lsass.exe
    16:15:04.0762 0x09ac Netlogon - ok
    16:15:04.0770 0x09ac [ C3D07481FDD607F9B66B2CF1D8E26EF0, 5B20EAE39884B103F83A36E9AA55BA8932432344C7BADB11D8B827C07C7999E4 ] Netman C:\WINDOWS\System32\netman.dll
    16:15:04.0793 0x09ac Netman - ok
    16:15:04.0805 0x09ac [ 9D7149C9E3487CA71036D21FE153CADF, 479E887E067319537331735AB2E29169038F61A4A3E4E58C084897DC78DF9E22 ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
    16:15:04.0837 0x09ac netprofm - ok
    16:15:04.0846 0x09ac [ C8B1AF912319FEF251288BDD27E9576D, 0A8C2CDE353C23F076F6ED8609F3074116179B3C8BF7700324250689FDB2331C ] NetSetupSvc C:\WINDOWS\System32\NetSetupSvc.dll
    16:15:04.0873 0x09ac NetSetupSvc - ok
    16:15:04.0882 0x09ac [ 7EC8B56348F9298BCCA7A745C7F70E2C, F677CBD94ABE25AECF08ECFBBDA063A9C032C678327A0D105CB6B3E587C44C19 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:15:04.0895 0x09ac NetTcpPortSharing - ok
    16:15:04.0901 0x09ac [ DA8548D75434CE421BF921BAAC0916D9, 3A7E1D5EC02D6D4FD3321A1B8ADB20E99DD556E2D5FE1C98633F06EE6A023A23 ] netvsc C:\WINDOWS\System32\drivers\netvsc.sys
    16:15:04.0922 0x09ac netvsc - ok
    16:15:04.0979 0x09ac [ 1F91B1E5FD41BDC3DF8AFFB81C8AA277, B8CB13863C1F0C589C008E191A393DF241F3067DD7CADE02B3B7D36B28BBA2ED ] NETwNb64 C:\WINDOWS\System32\drivers\Netwbw02.sys
    16:15:05.0086 0x09ac NETwNb64 - ok
    16:15:05.0102 0x09ac [ 162A571ABAF9546339EE0BB482FF6AE7, E6E590B628AA65D161D7A87C9CF360D905FCC858E73EE1C4723FE217E8A91EA2 ] NgcCtnrSvc C:\WINDOWS\System32\NgcCtnrSvc.dll
    16:15:05.0136 0x09ac NgcCtnrSvc - ok
    16:15:05.0152 0x09ac [ 6084A17157D6F80EAD0413152DEF6185, 2018FAC7A18DCEEA2095E76832BD38CF884C0E093B8743053B1EE1057612CA92 ] NgcSvc C:\WINDOWS\system32\ngcsvc.dll
    16:15:05.0188 0x09ac NgcSvc - ok
    16:15:05.0199 0x09ac [ BF69FF80C3975B1D1E9428A689A16CB1, 670016D59D2169B44E2EF4CBDE281A34C4E868D2465362B09FA2DBFA393A2804 ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
    16:15:05.0226 0x09ac NlaSvc - ok
    16:15:05.0230 0x09ac [ 7190932DB00BE83B57C01B5EAC4D746B, A3C7C87874620E042EFCDF64332450ACEDD4FAB7F6C1B2DE97A1C6EDA2DA3055 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    16:15:05.0248 0x09ac Npfs - ok
    16:15:05.0251 0x09ac [ 218DB396170D77BB94F69B526CC51B8F, 6AACC3C38E22061A210918771D3B087903CB7024AFBD013827864C02CD75A3F9 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
    16:15:05.0270 0x09ac npsvctrig - ok
    16:15:05.0275 0x09ac [ 457DAC0D0978F5391E0742ADCB4C2E28, AD53F2FC597E90AFF0795655A36192BA803AD1E737C86FD216CD39E2EC4F9C36 ] nsi C:\WINDOWS\system32\nsisvc.dll
    16:15:05.0292 0x09ac nsi - ok
    16:15:05.0296 0x09ac [ A4952889D7C5804F17ABB9F454A371C2, 0FCE2AD4F705805D95993337915607F74CE2AA9EC92919DDE3D2569D6B9B5C13 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
    16:15:05.0312 0x09ac nsiproxy - ok
    16:15:05.0354 0x09ac [ 277F1B33E2D9915169A8155BF63DA5D7, A9B476C4E06349FBDD2DEE2ED327DC65BD5D3F2B93FE33729158EA01DF90C5AF ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    16:15:05.0416 0x09ac Ntfs - ok
    16:15:05.0422 0x09ac [ C029E5408EEE26C3B4E5BA5D29738DB8, 8463A19A690304DC757E7698FCB59902B6305A0E9C48BF2FB2DF24C1EFA4A6EC ] Null C:\WINDOWS\system32\drivers\Null.sys
    16:15:05.0439 0x09ac Null - ok
    16:15:05.0447 0x09ac [ 189E5FCB96ABFEA84239A16062256EE4, F3233B1B14363CD4CD032F43368FD10A42C0BE665F4B13A7E253C327C2B832DB ] nvdimm C:\WINDOWS\System32\drivers\nvdimm.sys
    16:15:05.0463 0x09ac nvdimm - ok
    16:15:05.0738 0x09ac [ EABD1586205A5F09D8EDF48D4D996561, 5D0F06BED2D4194994E00F86594964F631FFA883F24FB38673D0F51EA7BAB867 ] nvlddmkm C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_ef68fde814b24256\nvlddmkm.sys
    16:15:06.0065 0x09ac nvlddmkm - ok
    16:15:06.0089 0x09ac [ 1F50ED95984009BF3634D6BD1A16FA5B, 650A25B2419331D95B1E4C26DE253AC3500374EDEFC5DB55CD5D5884A26783F0 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
    16:15:06.0103 0x09ac nvraid - ok
    16:15:06.0109 0x09ac [ D6C14906B78F235461EEF96A886830D4, 5D0EDE46EB9965C494B994F7071696C91C0C01352D1B000501E7B55F54F11952 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
    16:15:06.0123 0x09ac nvstor - ok
    16:15:06.0128 0x09ac [ 7205B1942F895B5597A0DD9164CCDD8C, 182B411F92BFEE76BD71C6DA3223397478055DEB02B8A1105B80B768447F8DF1 ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
    16:15:06.0137 0x09ac NvStreamKms - ok
    16:15:06.0152 0x09ac [ CAD1F6AEB2DBB0095323D2BCC1826B32, E9D93E34174C11BDD70B2A695D39E3B8A2ABDBA57CEE7057E17AE8EBB1E00744 ] NvTelemetryContainer C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    16:15:06.0174 0x09ac NvTelemetryContainer - ok
    16:15:06.0179 0x09ac [ 31A62118FFA56D758D3CA4D00EAEA430, 397F7A3F1F1349CF7BA8EF6A417F87C101B1A6C4A0DF08466B50E3CB6F5B5C37 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
    16:15:06.0190 0x09ac nvvad_WaveExtensible - ok
    16:15:06.0194 0x09ac [ 05524B29F19E0BB19FA0297880D788B0, 99934B2DB97E21B7BDA6AF011F1A7D6703008A231B9A2DC71870283AEE505063 ] nvvhci C:\WINDOWS\System32\drivers\nvvhci.sys
    16:15:06.0205 0x09ac nvvhci - ok
    16:15:06.0214 0x09ac [ 9DBC464AB85AA48C9760C6C2E591E2D3, C9D718F8BE838E13F7488F1E8DAA79809340235A5BA5BF206C1C3DBF0A5DDB48 ] OneSyncSvc C:\WINDOWS\System32\APHostService.dll
    16:15:06.0238 0x09ac OneSyncSvc - ok
    16:15:06.0249 0x09ac [ CD5ECD6470B6B235B73569A091150299, FAAE20B0F2F15ADA5B3F5F2BBBFEA000A95EC8A64B37C9364145CE04EE204352 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
    16:15:06.0275 0x09ac p2pimsvc - ok
    16:15:06.0286 0x09ac [ CCD10679BA0D9EF549F80C458C2AD1C4, 7B433FEE4BEA69C28A98F4BFBE5FA603DB2CE1DFCF229EBB4D9B7A0FD159FF04 ] p2psvc C:\WINDOWS\system32\p2psvc.dll
    16:15:06.0314 0x09ac p2psvc - ok
    16:15:06.0319 0x09ac [ 13B175715A4391E4E5D2AB2EBC8CDBB5, 12BA91A586C5A31FBECEB2D4842E52F79EDD3E2AD4DB169C902B9A120AEC0201 ] Parport C:\WINDOWS\System32\drivers\parport.sys
    16:15:06.0336 0x09ac Parport - ok
    16:15:06.0342 0x09ac [ 428B9FAFB0EE6EF66EAAB7B49A96487A, 90892AC924B529B86B42D011B2B2F0556E204650C890FDACABD8051AD6EDB631 ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
    16:15:06.0357 0x09ac partmgr - ok
    16:15:06.0370 0x09ac [ AD76927E104E38A38B7C71296E85F849, A0FE13453458532735017A12B7D3C24DC5E6A5404778166DB6C463CEEAC30CF7 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
    16:15:06.0399 0x09ac PcaSvc - ok
    16:15:06.0408 0x09ac [ 2F6ABEFAC455D4A5AE116CD45086E736, 4719F9C9EF0C9B475D8A09AD56EFF4F02EC4FCF6DDADEFF88903937F82A1F76B ] pci C:\WINDOWS\system32\drivers\pci.sys
    16:15:06.0427 0x09ac pci - ok
    16:15:06.0431 0x09ac [ C447CDA030A3415711E4E940D2E9B399, 292888AE9D44013D8B12BB1D8803988EFF64957DE682B64FDC82E100646390DA ] pciide C:\WINDOWS\system32\drivers\pciide.sys
    16:15:06.0442 0x09ac pciide - ok
    16:15:06.0447 0x09ac [ 753174DF234EA8BBF732986D5F78FCE7, 6BE93B24DA2161DAE5ECBE393729BD4661F04CD0CDEBEBF6D92E9E212FA89D71 ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
    16:15:06.0461 0x09ac pcmcia - ok
    16:15:06.0465 0x09ac [ 1D05B6DE437515281CD91A16C16529E6, 0FC581E40AF55D916CF428ECF4387C1E909C3361426F1D9F723F9497C9B025D8 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
    16:15:06.0477 0x09ac pcw - ok
    16:15:06.0484 0x09ac [ F5F1A092463D6E46E71CC709A65403D1, 9EEB499D54842667B4ECF1036E28926C8AD20515333373D2965C57BC2C7EAD4C ] pdc C:\WINDOWS\system32\drivers\pdc.sys
    16:15:06.0498 0x09ac pdc - ok
    16:15:06.0513 0x09ac [ 42B12A76D3C98AE69C97727E3BEC7D8A, C878A05A9817F62514432685FAA795737F628EF7258EC5C7846045E1CAB2DF6E ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
    16:15:06.0548 0x09ac PEAUTH - ok
    16:15:06.0553 0x09ac [ CD9BA1C279BE0E92E971C2B45A7F3D9B, EC6546868718771EE45D07E9E856E5F33DD4339C1115E4479D7DEF4394D141D0 ] percsas2i C:\WINDOWS\system32\drivers\percsas2i.sys
    16:15:06.0565 0x09ac percsas2i - ok
    16:15:06.0569 0x09ac [ 6D5EA79E82A48B181E18C2C39416E8C8, 4F5EF24FFFABB82B1E9D98DE3275508D458589F729C4976FDB3C2EC51549D414 ] percsas3i C:\WINDOWS\system32\drivers\percsas3i.sys
    16:15:06.0583 0x09ac percsas3i - ok
    16:15:06.0595 0x09ac [ 185100798FBD23C849DC1C00ED43D99D, 10895ADE339744BBABDFB50BE6025217C02C76B1911C2C8740A57912385B38DE ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
    16:15:06.0620 0x09ac PerfHost - ok
    16:15:06.0642 0x09ac [ 1206779B445417A29B33FCC7230CD28C, FCC61CF4F27F0585F267D37324CBCDE2DE20C3EB34E87256F59997F0984C8EDE ] PhoneSvc C:\WINDOWS\System32\PhoneService.dll
    16:15:06.0684 0x09ac PhoneSvc - ok
    16:15:06.0692 0x09ac [ 807ED476A62E79935315342BD3FAA046, FF56FC79C6B6043A10C123CF85A8DDA0B8564E03D49AD5811DDCBB99823C4836 ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
    16:15:06.0715 0x09ac PimIndexMaintenanceSvc - ok
    16:15:06.0744 0x09ac [ 4E614DBE28B5857F70DEBCC804629E67, B93C42FB96BBA0577CB892274905352AE4A6DE257F676D6A23CE0297F945D7E7 ] pla C:\WINDOWS\system32\pla.dll
    16:15:06.0802 0x09ac pla - ok
    16:15:06.0809 0x09ac [ DBD6E8A5C358AAA3B4900EFD5CF94CC8, C8261CBE358562B3F31ADA0567723E0118A8687DFC8939FABC65E61C38BFE20B ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
    16:15:06.0828 0x09ac PlugPlay - ok
    16:15:06.0834 0x09ac [ E8BE4041A69023B6A4D1096EE8436347, 133BAA21852D077EA600F0A09C112F6511ACB792757472891E71185E94135D5B ] pmem C:\WINDOWS\System32\drivers\pmem.sys
    16:15:06.0852 0x09ac pmem - ok
    16:15:06.0855 0x09ac [ 99ECEDA6B2E1FDB6892FBD5AED1E5D99, C970DDDBDB4AF8C6A1AA92D780B82920B4922304649509075CF14A2AB86C3CCF ] PNPMEM C:\WINDOWS\System32\drivers\pnpmem.sys
    16:15:06.0870 0x09ac PNPMEM - ok
    16:15:06.0874 0x09ac [ 75690F495CEDBEF3D5989828AEEAE832, 3257E7261DF8F39CA4988BBED3060B9E8A5988978F66A4B1409E08F65B262FED ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
    16:15:06.0890 0x09ac PNRPAutoReg - ok
    16:15:06.0899 0x09ac [ CD5ECD6470B6B235B73569A091150299, FAAE20B0F2F15ADA5B3F5F2BBBFEA000A95EC8A64B37C9364145CE04EE204352 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
    16:15:06.0922 0x09ac PNRPsvc - ok
    16:15:06.0934 0x09ac [ 9744ADAF8DD679D64A33D828FABA39E1, AE820E529697A2F308E6A24127B3D4A7F02C406DA46A6CB65243EC3F6B400950 ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
    16:15:06.0963 0x09ac PolicyAgent - ok
    16:15:06.0971 0x09ac [ F39D3876C731BB01BFE8F574188837C8, 51CB5E89397D6A150A05BDD53CC9B90B419A040BE1828C2E7BBD6684FE371588 ] Power C:\WINDOWS\system32\umpo.dll
    16:15:06.0994 0x09ac Power - ok
    16:15:07.0000 0x09ac [ 1FB09FD846D5030B82EB345E9970A105, 871D38DD966EDD919B2E0C51125E1834A15A0222E2452605988BFD7E7B37C5C1 ] PptpMiniport C:\WINDOWS\System32\drivers\raspptp.sys
    16:15:07.0019 0x09ac PptpMiniport - ok
    16:15:07.0078 0x09ac [ AD62FCEC1CB8ECD7C0E3DFD2FA79FDE4, 6372FC5E78A2DDB8AE6EB73BEB5C0D4056FB6BE9F231A36BAC37AE970F5EB247 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
    16:15:07.0184 0x09ac PrintNotify - ok
    16:15:07.0194 0x09ac [ A60202AE474E2173ED91118DD73ADAAD, 6AE315E1DD9E3B03E48B8848FCB0CDD506080F0012DE478BA99D102F91E968E6 ] PrintWorkflowUserSvc C:\WINDOWS\System32\PrintWorkflowService.dll
    16:15:07.0215 0x09ac PrintWorkflowUserSvc - ok
    16:15:07.0223 0x09ac [ E0E55CDA29C80A9520FCFC78D7F8A73D, 9DE15A73643D71183E568F8F4DD8776D935786BE46F15BFE2DFD607378FC9E58 ] Processor C:\WINDOWS\System32\drivers\processr.sys
    16:15:07.0243 0x09ac Processor - ok
    16:15:07.0254 0x09ac [ F96AA93B40D4670016DAF8C8F0D1BCB5, E8B77B271FDD6036F44EB9F7B7D270E754E69914F91E19512BF038FC3EDAC04F ] ProfSvc C:\WINDOWS\system32\profsvc.dll
    16:15:07.0281 0x09ac ProfSvc - ok
    16:15:07.0287 0x09ac [ E4BF8BE7B3711BCBBC95EE983C0236F4, A71C09D83034C96F7ED4DB58F7388F8A13C7FD1A3F41FE8EEC553C42B65DFFC6 ] Psched C:\WINDOWS\system32\drivers\pacer.sys
    16:15:07.0301 0x09ac Psched - ok
    16:15:07.0309 0x09ac [ 114C1662EBF3C52B0FF52EAB1D9787BB, 6EB1871F69EF4CB1A8FBFA9D73050E5253861D4BF8DC8999B652EAAFB04DD10D ] PushToInstall C:\WINDOWS\system32\PushToInstall.dll
    16:15:07.0333 0x09ac PushToInstall - ok
    16:15:07.0342 0x09ac [ 8AB5F41584C98047ABEF490FC1E31F7E, F8480F9D9C1A60901975C529CC0911ED592834AB1068FADD88B15E6497A59221 ] QWAVE C:\WINDOWS\system32\qwave.dll
    16:15:07.0367 0x09ac QWAVE - ok
    16:15:07.0371 0x09ac [ 00F72861538B6C4E925A21BAE397A49D, 6847E2332CC8573850428CC7E3A73B2DA0274977F53BDDF7DBA68D223A501CC4 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
    16:15:07.0388 0x09ac QWAVEdrv - ok
    16:15:07.0392 0x09ac [ 0FFABEB2D06CD74DDE0BCA510EEAEEBC, 8598F39D312754C92A3776104D596F0C0312712D934B9994B2711F95FA6FE0AE ] Ramdisk C:\WINDOWS\system32\DRIVERS\ramdisk.sys
    16:15:07.0405 0x09ac Ramdisk - ok
    16:15:07.0408 0x09ac [ B834761352403111D0113284D8736025, 444D05D5F4CED956AFE48CA29CD59420BDB2B14336D19BE2A28612A851EACF4E ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    16:15:07.0424 0x09ac RasAcd - ok
    16:15:07.0430 0x09ac [ FA99CE309B66586A0AA6EF9CFF7BC467, 4684EB05828C2153FE94468E7A9A75D8C81F90E700B437C5990BC9451AD39AC7 ] RasAgileVpn C:\WINDOWS\System32\drivers\AgileVpn.sys
    16:15:07.0449 0x09ac RasAgileVpn - ok
    16:15:07.0454 0x09ac [ C7CCE345D0010B3B9AC5067578436BFE, 4473E7D0492B7F0214576861A6AD90363D7F826B5E0DE15A56E93DA94BBF19E7 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    16:15:07.0474 0x09ac RasAuto - ok
    16:15:07.0480 0x09ac [ 775ED7E51B58CF9EB415A1DBA540DACF, A3035A8A299D35B7A24A347FB8A2DB6B5892FD2A181D90F64CCD4806EA154395 ] Rasl2tp C:\WINDOWS\System32\drivers\rasl2tp.sys
    16:15:07.0499 0x09ac Rasl2tp - ok
    16:15:07.0519 0x09ac [ 157D149DB0061CBE44C29D3EAB43A4FF, F2263B448307F9CE33B202D366D3AF40494B579738483C0801EAD04D40C5D90C ] RasMan C:\WINDOWS\System32\rasmans.dll
    16:15:07.0562 0x09ac RasMan - ok
    16:15:07.0568 0x09ac [ E2433A620ABF4083157944E4692C500D, 126CA9F9D38FB4FA312A82FEA24C13D0693407384B1BCD55A0CBEFA8E52E1D8A ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    16:15:07.0586 0x09ac RasPppoe - ok
    16:15:07.0591 0x09ac [ EE5D1D51FA74ECCE57CF2DB8F6A417D8, CC295366C60CAECA7CC32903E3A983635B55A5F5FD6E6BC4FEFE997B8154345C ] RasSstp C:\WINDOWS\System32\drivers\rassstp.sys
    16:15:07.0609 0x09ac RasSstp - ok
    16:15:07.0616 0x09ac [ 5753CD9159718444F6D9E1634B984BF5, A4D6FB6583724F3DDDBA768D7786EB7E3AB1C8074F66DA9462BBB159CDFA2868 ] Razer Game Scanner Service C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    16:15:07.0629 0x09ac Razer Game Scanner Service - ok
    16:15:07.0640 0x09ac [ 5F7027A2F16AFF56DA68D996FAFDAAD8, E1DC1CC818E7ED8B107386CD55EFF38B663FD3F9A2ACDD0919F5AF3591638D1F ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    16:15:07.0660 0x09ac rdbss - ok
    16:15:07.0667 0x09ac [ 206AB796793FDBD518B82E2F308A7176, ED0DBDE7106970F217F4FB1FB184B6795A16356C879C17E0910840F64F292809 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
    16:15:07.0683 0x09ac rdpbus - ok
    16:15:07.0689 0x09ac [ 3DE4216324BE32FC3AF7667AE2406EE5, B2E3C47983C58B32E07E251FF729670B5D481249EEDFD3A3EFB0F8734673F1F6 ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
    16:15:07.0709 0x09ac RDPDR - ok
    16:15:07.0717 0x09ac [ 0600DF60EF88FD10663EC84709E5E245, 48572DC0C644E13BD1713E29E522763EB4E00337ACA64D1392960D17EAF8923A ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
    16:15:07.0731 0x09ac RdpVideoMiniport - ok
    16:15:07.0739 0x09ac [ 65652EFAAF4A8A59E60A2D7BE15317E8, 83A9A8506EF4769625EF0EF43B93906A6FBD9133E52C12B17A68B89DAC68D026 ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
    16:15:07.0756 0x09ac rdyboost - ok
    16:15:07.0791 0x09ac [ 3DCB3FAFE46B9FE41C9065EBBED97724, AEB08C8C1E6AB6181A5F2B540F913B59A1256AF0E6D5355C4AC7DDBA0BF0F20B ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys
    16:15:07.0843 0x09ac ReFS - ok
    16:15:07.0865 0x09ac [ B76350D40A46DBA17205F8373528FD83, A599A9B1297B5D70632A9EF23E9771BA646672A1B0E323144EDE906CCA172EB7 ] ReFSv1 C:\WINDOWS\system32\drivers\ReFSv1.sys
    16:15:07.0897 0x09ac ReFSv1 - ok
    16:15:07.0911 0x09ac [ 980F60634FAF9C58FC468AF9AA609D68, 7BA03FE851F78D5DC9062ACEADF194ACB4F8F56C9D496B17D846CE1E4373B404 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    16:15:07.0941 0x09ac RemoteAccess - ok
    16:15:07.0947 0x09ac [ 106E630F1B2A8BF2BBD4508D9B166406, FAFBE21EC61B97B4B825285EBA0F661382A95119E1740EE4FB9A1F6FB3C0F5F7 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    16:15:07.0969 0x09ac RemoteRegistry - ok
    16:15:07.0984 0x09ac [ 53BE6D9C36A9CB95A1568C24D44A8A34, DD8245F87B9D4203F56595D6ABF9F1E74EA071D4B7BB0469A293CA9E20BDA246 ] RetailDemo C:\WINDOWS\system32\RDXService.dll
    16:15:08.0021 0x09ac RetailDemo - ok
    16:15:08.0028 0x09ac [ 3D4F4CCE0364CD3F1B539D2630686F24, 620EFC53D6F5279AEF4748FAE22F7239E7855D1F5C79B85F6CB54EF51C516408 ] rhproxy C:\WINDOWS\System32\drivers\rhproxy.sys
    16:15:08.0045 0x09ac rhproxy - ok
    16:15:08.0056 0x09ac [ FBA61BB4C484A01A655AFB18FF86C417, D53B2110CB09D0A909C4E330C468351BFE076BB056CCDDCB8ADA2FB91E96352E ] RichVideo64 C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    16:15:08.0073 0x09ac RichVideo64 - ok
    16:15:08.0079 0x09ac [ ADA13EBD9C23C51876A5B2EADF7F2E29, D08E6A907DE5DC6F51CA71CBF7886FE7D8C6FB09154B633D86CDBE9C311361A0 ] RmSvc C:\WINDOWS\System32\RMapi.dll
    16:15:08.0100 0x09ac RmSvc - ok
    16:15:08.0105 0x09ac [ 3CD63AE6A9A1DE4CD5831AE15221C861, CB8B5FDA48D9D4E5A9F26F67859105E2769AF82B2CA1B0B35D9BFBA611445CC0 ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
    16:15:08.0127 0x09ac RpcEptMapper - ok
    16:15:08.0131 0x09ac [ 19EC4D05E01FE350B3494CEA122D64EB, 09FF60A8F22D66796257E33F4CFD6059D4A11A3173A7691718E9FE841E15ABA2 ] RpcLocator C:\WINDOWS\system32\locator.exe
    16:15:08.0148 0x09ac RpcLocator - ok
    16:15:08.0170 0x09ac [ 107661923943E9DC06ED2713AC5F7753, 2B311E9BD635F1CEB222EF798C5523447AAF63E2331377804884572D7512F299 ] RpcSs C:\WINDOWS\system32\rpcss.dll
    16:15:08.0213 0x09ac RpcSs - ok
    16:15:08.0219 0x09ac [ FFFB16EF6E0B8B5F7F19B425923E7D12, 27C2882AC7B27BAC5A4051C2C9326A6D289F297158DE7A3A93E8B09378DC91AA ] rspndr C:\WINDOWS\system32\drivers\rspndr.sys
    16:15:08.0237 0x09ac rspndr - ok
    16:15:08.0254 0x09ac [ CFE738C524F35B6E523A4D0F54840C30, 73E051DEA744EEC5202693C11EDABB36DE2D086160648D4E41F1F299CBAD8409 ] RTL8168 C:\WINDOWS\System32\drivers\Rt630x64.sys
    16:15:08.0279 0x09ac RTL8168 - ok
    16:15:08.0296 0x09ac [ BE7E1D29CD6DAF79EF08A24A03E10D38, 6DD736E4AFFA8C2237990C3BB2B0313A2A18A77745198F847891128A1BA4D9FD ] RTSPER C:\WINDOWS\system32\DRIVERS\RtsPer.sys
    16:15:08.0320 0x09ac RTSPER - ok
    16:15:08.0325 0x09ac [ 30A186D6A2A2853EEFAD7011E212E41B, 367B8FCCF29470C9237FC1F0EAEB59AE51E33778BC9914A2730AC7DDBC84942B ] rzpmgrk C:\WINDOWS\system32\drivers\rzpmgrk.sys
    16:15:08.0336 0x09ac rzpmgrk - ok
    16:15:08.0343 0x09ac [ B4598C05D5440250633E25933FFF42B0, A66D2FB7EF7350EA74D4290C57FB62BC59C6EA93F759D4CA93C3FEBCA7AEB512 ] rzpnk C:\WINDOWS\system32\drivers\rzpnk.sys
    16:15:08.0355 0x09ac rzpnk - ok
    16:15:08.0359 0x09ac [ A2939E69027B97105014434BFBFF7195, 9DC09BE94415564D0E80431223BDA1C59E3555AB5267DD3F64E71D4A18C8553A ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
    16:15:08.0375 0x09ac s3cap - ok
    16:15:08.0380 0x09ac [ 317340CD278A374BCEF6A30194557227, 593DA57CDD02F4CC3A5125CE5707C222DD922F2936D16492BA21AC6C345EC6B0 ] SamSs C:\WINDOWS\system32\lsass.exe
    16:15:08.0393 0x09ac SamSs - ok
    16:15:08.0399 0x09ac [ 04C51BBD8C9F54E5F2C5D831B03B11E3, 15AD9F224CBBCAFB117574F03C6F1C02639928A95BC4533453EBAFB20F7AE671 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
    16:15:08.0413 0x09ac sbp2port - ok
    16:15:08.0422 0x09ac [ D48F36EA4B4E8237B24E33B18D76EB2A, 128E754F15FDB00D218FB23431BF0FBDC65D64EEF294D72535B0C07EB5472136 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
    16:15:08.0449 0x09ac SCardSvr - ok
    16:15:08.0455 0x09ac [ 1B1FB3D8403E621F2B9201EF414E21D9, 5EFBEA5DC09CD5F151EF224BE2FF2C985D19301B17E5C16F5D00CB2852DAF8BF ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
    16:15:08.0481 0x09ac ScDeviceEnum - ok
    16:15:08.0485 0x09ac [ 0070C2DC6563C48EDA63A282748F3FCD, 12C8505DDD05994641B2B19666D7A54E12A21F6894913342A9BA5D148F193BE0 ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
    16:15:08.0503 0x09ac scfilter - ok
    16:15:08.0521 0x09ac [ 645FC62D31FBAE0A0A51EA90D7EF637E, A8670AEDFF2824A6E2837A5CAAEDCFBA5902B2D6FBCE7604587529866F85857D ] Schedule C:\WINDOWS\system32\schedsvc.dll
    16:15:08.0561 0x09ac Schedule - ok
    16:15:08.0568 0x09ac [ A61C34A8B6BA61E61C612CAD636C369F, 9966C5D2B4B60555BE9B9533DA62E0806767226B55EEC31030FB230DEBEC2650 ] scmbus C:\WINDOWS\system32\drivers\scmbus.sys
    16:15:08.0582 0x09ac scmbus - ok
    16:15:08.0589 0x09ac [ 620E4F2FDD04FFB70702676423F1C2AC, 25A19FFA966605C229F5BFBCBBBEE36695FC673C7814CF13E79EE4A9B3D8CBE2 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
    16:15:08.0611 0x09ac SCPolicySvc - ok
    16:15:08.0619 0x09ac [ 495273177E87B0C34D7E431E9254FA23, 61116DA77622F5A0E931F5033C1B870A22AD3438C056FD1F320F857908E4124B ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
    16:15:08.0636 0x09ac sdbus - ok
    16:15:08.0640 0x09ac [ 9EF09DE84CE20B787C02395394AC2A7E, 17019B74506D26707EBC342365008A9BB5AACA381FB60ABA85F34D153FB0682C ] SDFRd C:\WINDOWS\System32\drivers\SDFRd.sys
    16:15:08.0652 0x09ac SDFRd - ok
    16:15:08.0658 0x09ac [ 01607A2FAB0068450A06C90AF755D57E, 9615261063475045CBC99F17BD3A4919198D0F77CA9E4EC7B13826E514BC8543 ] SDRSVC C:\WINDOWS\System32\SDRSVC.dll
    16:15:08.0678 0x09ac SDRSVC - ok
    16:15:08.0711 0x09ac [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    16:15:08.0752 0x09ac SDScannerService - ok
    16:15:08.0759 0x09ac [ F80D6C03FEA2F7DEE14023B7229DA8C2, B62AFCFCDE9C1BA0A5D80BAAC3D3D95546DB2E532C04C765FF85B27D1CBD5B8D ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
    16:15:08.0773 0x09ac sdstor - ok
    16:15:08.0840 0x09ac [ 94653C9CFDC15B30EEECD94BA7219654, 59F54AC9BC79C1BFBEA84992181C58AF434A3DDDF473C9BE942D3462875A8375 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    16:15:09.0011 0x09ac SDUpdateService - detected UnsignedFile.Multi.Generic ( 1 )
    16:15:09.0135 0x09ac Detect skipped due to KSN trusted
    16:15:09.0136 0x09ac SDUpdateService - ok
    16:15:09.0143 0x09ac [ A7C46DA2D7C25DAA810E1DE4B14D1478, 4A995EFBBB7B192CC25B24286D4864160692F4D16EA13E7138D17272B495ED6B ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    16:15:09.0170 0x09ac SDWSCService - detected UnsignedFile.Multi.Generic ( 1 )
    16:15:09.0298 0x09ac Detect skipped due to KSN trusted
    16:15:09.0298 0x09ac SDWSCService - ok
    16:15:09.0302 0x09ac [ 44B1F4F200B4D3AE8B53290101148AFC, 34F18FEDE525BB398371329CA9F93BD3D88C30E23FCA576978D94EC67513228C ] seclogon C:\WINDOWS\system32\seclogon.dll
    16:15:09.0320 0x09ac seclogon - ok
    16:15:09.0336 0x09ac [ 0F67F777705C6DC33FFE0FF459762957, 16BE999DCEC6C2C4F799025ACBFDE04CCE66B39160B6186A00F4BCFA2A1E41AA ] SecurityHealthService C:\WINDOWS\system32\SecurityHealthService.exe
    16:15:09.0365 0x09ac SecurityHealthService - ok
    16:15:09.0391 0x09ac [ 7D7ED932B6417D8687D1D972989B310B, A5DF3B6CEE97DD110FD1BC542CC5A5313B2F447E5FCC40DF6EFB9D7D49CD792C ] SEMgrSvc C:\WINDOWS\system32\SEMgrSvc.dll
    16:15:09.0442 0x09ac SEMgrSvc - ok
    16:15:09.0449 0x09ac [ CA614C9FBC8307AB1DC937F3393899E2, 4833CC631FA30E4D4B45BBC2CE41DE72B332B6A1FFD23B7DBFD6EDD6BC1A2ED8 ] SENS C:\WINDOWS\System32\sens.dll
    16:15:09.0469 0x09ac SENS - ok
    16:15:09.0493 0x09ac [ 46AEFFC68BEAF89805B95CC6F9529C2E, 7A6A38A329E82F684191561479604142BBB35121822A5CDD828819C606F2A60A ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
    16:15:09.0544 0x09ac SensorDataService - ok
    16:15:09.0560 0x09ac [ 2B81117E9C3E20BBAA2CB5467D000F77, AC0DF8E635908026EE43EE0444DEF61481E211737A85A473D64EC8BB214D1135 ] SensorService C:\WINDOWS\system32\SensorService.dll
    16:15:09.0596 0x09ac SensorService - ok
    16:15:09.0603 0x09ac [ DF94FAAEC4CDAA3886A0169E660C984B, 54BB09459D59B5DDA24D72821840FA7A71A194EA464E09DFDE021B24CB27FCAD ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
    16:15:09.0625 0x09ac SensrSvc - ok
    16:15:09.0630 0x09ac [ C5CF2941AA9E417B3A224601255C002E, 31E2988E13D9BB3630980E8B71AE5FB244EFB15970623C1FE76B7ACA25A4A2F2 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
    16:15:09.0643 0x09ac SerCx - ok
    16:15:09.0649 0x09ac [ B9C113BD9FCA4F3E23F03708A7DA07CC, 0A070BDDA956B1869D58A173B56ABA011E1F7A3C5D258343D0AEDC1EC87F4B53 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
    16:15:09.0664 0x09ac SerCx2 - ok
    16:15:09.0667 0x09ac [ 1845736FA47A1DFBBB642FE21095B4E0, 057E8750E8695F6B72A33BBF1C5CFCCD6BFC992E6B99A487A07F5A4921004791 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
    16:15:09.0682 0x09ac Serenum - ok
    16:15:09.0687 0x09ac [ F1BABF50469041797ED9928C31318832, 1A8C75F4696D4D2AA47EA33BC96069A394466953EBC3CFB2B3D6B961B8B5875A ] Serial C:\WINDOWS\System32\drivers\serial.sys
    16:15:09.0703 0x09ac Serial - ok
    16:15:09.0707 0x09ac [ 340116988930B07629A2D0C2B380A365, EBAAC3DF2E8DABFB477340E79FC8E3A8B74340C389D73E51D64A97A332664113 ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
    16:15:09.0723 0x09ac sermouse - ok
    16:15:09.0739 0x09ac [ 87340BC77470B34F11A9E558B591DB08, FD91561FE5951B4F59FEE23707E1ACE31293E508EF734A5CDB0F34D332EFDDF7 ] SessionEnv C:\WINDOWS\system32\sessenv.dll
    16:15:09.0766 0x09ac SessionEnv - ok
    16:15:09.0770 0x09ac [ 77FF0A5BA023D8E8C82EACCD54EA5C78, A4A88A550419C347E369DDD29D4EB5C1BC4D980FBA9C655DF787A166FCA2497D ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
    16:15:09.0786 0x09ac sfloppy - ok
    16:15:09.0791 0x09ac [ 1941F5CA54C469E16957587FD56ED842, D356547A9702A50AEB5F7765AC44668EEA913563A422ABBD0427EC22833A5B78 ] SgrmAgent C:\WINDOWS\system32\drivers\SgrmAgent.sys
    16:15:09.0804 0x09ac SgrmAgent - ok
    16:15:09.0811 0x09ac [ D3170A3F3A9626597EEE1888686E3EA6, 9321991C441B095DF15D24C8AE58F87EE5A3242532E8C023D0F78B2F96FEE6B7 ] SgrmBroker C:\WINDOWS\system32\SgrmBroker.exe
    16:15:09.0831 0x09ac SgrmBroker - ok
    16:15:09.0844 0x09ac [ AC1D97F89F2EC7E334A406603A686973, D230059C1CB400CCA62438603356F058B40E17DE4C7BD4DADDBB981E4F5E4C9C ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    16:15:09.0877 0x09ac SharedAccess - ok
    16:15:09.0895 0x09ac [ 7C5348D398340B5C2A77543FA966C0D3, E111E2AB4DA47C7A15797DDA2499EF93D26BB0D9103EAAF81A244C9545FC10B4 ] SharedRealitySvc C:\WINDOWS\System32\SharedRealitySvc.dll
    16:15:09.0933 0x09ac SharedRealitySvc - ok
    16:15:09.0947 0x09ac [ 63B104867F70F0D81125C37989146960, 468431098DD9B91F1C58551CEB4DBE6E1C456FFE845E302571B970EF05AE03A8 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    16:15:09.0984 0x09ac ShellHWDetection - ok
    16:15:09.0991 0x09ac [ F6D90D09D2BCFA2B5E492BFECA40EDE4, 7B427335943C1EFDE482D59F3A23149FCD45BB014643BEF620A708720383C4A8 ] shpamsvc C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
    16:15:10.0013 0x09ac shpamsvc - ok
    16:15:10.0018 0x09ac [ 1443CF919C2A3207CE7724E0A31686A2, 3F0ECC565F67638A57A23BF69C399AD638DA9F81F1660CF3E027DC057E990EA4 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
    16:15:10.0031 0x09ac SiSRaid2 - ok
    16:15:10.0036 0x09ac [ C0B1EAD6CC127CAE4E84EBF54105B3B8, 86F5C937D9DC61F262FF00B45249162F4087B6A1CA0FC24EF7950E4E77FEF26B ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
    16:15:10.0050 0x09ac SiSRaid4 - ok
    16:15:10.0055 0x09ac [ B7C6144293CFAD2DEDCD022C44735DC2, 75F26A8F43EED45764D50B2CCE44C453BFBBD0FA56B6AF1F2B4B8B3665C3961E ] smphost C:\WINDOWS\System32\smphost.dll
    16:15:10.0073 0x09ac smphost - ok
    16:15:10.0087 0x09ac [ A3BEF2736E902B9DCA68554F4E10E08C, 5C7590D8F2D637B6D4A5F68945D8350B1C3D48EBE1B2C36658361900C9425611 ] SmsRouter C:\WINDOWS\system32\SmsRouterSvc.dll
    16:15:10.0121 0x09ac SmsRouter - ok
    16:15:10.0130 0x09ac [ 577EC13EB5215325E9B9FC51FB56A974, 1D7A0245A3C474BCD4EC69704040FB50C0E086DB1711C5B7FC4D9C4A7909DAB9 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
    16:15:10.0149 0x09ac SNMPTRAP - ok
    16:15:10.0163 0x09ac [ 5E70A578D27BCC7E37E16055669F2836, 7713A750902E1B9BA70C9F9EE8977E7C591AAE80D155657370E63FA2CEDACCAC ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
    16:15:10.0189 0x09ac spaceport - ok
    16:15:10.0195 0x09ac [ FE1776E587227120DC04EAEC45473245, 9DEBD997D275065481EEEDD2310479F2021D53B64AA6D5CEEA70E9BB8C9856C7 ] SpatialGraphFilter C:\WINDOWS\system32\drivers\SpatialGraphFilter.sys
    16:15:10.0208 0x09ac SpatialGraphFilter - ok
    16:15:10.0213 0x09ac [ D05EB2BB52EC6B665D1631EC33241B80, 29598FC180020515254A9FAE7BE8077549C656EDB425059691007EEC0F9346F9 ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
    16:15:10.0226 0x09ac SpbCx - ok
    16:15:10.0246 0x09ac [ 52A4B8C04C345434C974B9A949521BAE, 5FAA7E1BECD6FA28E4BA53E9B3301328B6E8516867BD7D76202A73B8CD530BC5 ] spectrum C:\WINDOWS\system32\spectrum.exe
    16:15:10.0289 0x09ac spectrum - ok
    16:15:10.0307 0x09ac [ C05A19A38D7D203B738771FD1854656F, 3A832F3CBA33682EAA18ABB721BF2D5A6FE9AC853038C684C264700DEB52AA65 ] Spooler C:\WINDOWS\System32\spoolsv.exe
    16:15:10.0345 0x09ac Spooler - ok
    16:15:10.0418 0x09ac [ 3F4408EC9A2B29B5D7DFEC60D2E73906, E423496A4E7762BA57EF916BC12443A082F5BDD41380513E1B89F8145876F84E ] sppsvc C:\WINDOWS\system32\sppsvc.exe
    16:15:10.0525 0x09ac sppsvc - ok
    16:15:10.0539 0x09ac [ ED80563D25C600CA00523D5ACD63F96F, 0B8672D44AE2284FA1F9944894D21C12C8F196B946B77376504944F2782814A6 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
    16:15:10.0565 0x09ac srv - ok
    16:15:10.0581 0x09ac [ D9EFD1D7829994F16141DA4FB6ACAABC, 513C5446DAEA4797049E052E95CBB798DCD8D457A8D8F4999741261150BCDE3B ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
    16:15:10.0615 0x09ac srv2 - ok
    16:15:10.0624 0x09ac [ 93DF24D0C33F2894429D4180145CBDA7, 763F05818AD5F348887C297FA14FB77B6F54B9A5C3C1D70CF2B7B0692961950C ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
    16:15:10.0645 0x09ac srvnet - ok
    16:15:10.0653 0x09ac [ 1AEA66706573E8CCD6038369FE37F237, A62CAFE205D5B4C9F8528EDDA4E20BA4E2D1E231F2B183FE70EFE6458B2D5460 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    16:15:10.0676 0x09ac SSDPSRV - ok
    16:15:10.0689 0x09ac [ 5EE518DFADC18573E681BB78833E93FA, E98CCD3E2ADA265D6E3CF48CDBFE5C3067E0546F179F23B77C267F65CEB978EE ] ssh-agent C:\WINDOWS\System32\OpenSSH\ssh-agent.exe
    16:15:10.0719 0x09ac ssh-agent - ok
    16:15:10.0726 0x09ac [ C7DF51E24DD853E7E2D3C0BCDCE57D6C, D1BFDC89F00C5B8388EB233290B6D540C246D0267B1C192C51645004A8CD8C62 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
    16:15:10.0748 0x09ac SstpSvc - ok
    16:15:10.0755 0x09ac [ 592FF34A2FD6C6351B8A3AA76B2C0A9E, 152B7472DE531AC45492F562DD470B2CE33F1EEF13BC78F26046AE5ABF54E32F ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
    16:15:10.0767 0x09ac ssudmdm - ok
    16:15:10.0847 0x09ac [ B9E4174DFBDCA9979A92D17C2E67890E, 1717A6B7CADDDFCA8879B293C29617E194437E049308BCEDF3D07007C41FE39F ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
    16:15:10.0966 0x09ac StateRepository - ok
    16:15:11.0000 0x09ac [ C5B4926809C549D988D9C1420D58834C, 1BC3DA8556905FF5CD1214F179CE0EEBAE6C728C10454AF5D75D9B1A7AEE2CE0 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    16:15:11.0040 0x09ac Steam Client Service - ok
    16:15:11.0046 0x09ac [ DA82903F26AE12034CC5229F61098948, E7B5CA27C864BE95EC109D0692F44BE9F5F56AB6173AB1811F4E83A3EB5F26CA ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
    16:15:11.0058 0x09ac stexstor - ok
    16:15:11.0071 0x09ac [ EB2C25A3700309F3F67D9334CF33A36C, 9262778566EEEA810AD32CD660DEA841797BD9F874252CC5445D917FF159280B ] stisvc C:\WINDOWS\System32\wiaservc.dll
    16:15:11.0105 0x09ac stisvc - ok
    16:15:11.0112 0x09ac [ F2D1983C7BEF5E3AB8978A7796C59A75, 39B2005F7CCEC95D2F67AE5F69C3768FEFA04AABC0723BAD8A986A036AF0629B ] storahci C:\WINDOWS\system32\drivers\storahci.sys
    16:15:11.0126 0x09ac storahci - ok
    16:15:11.0130 0x09ac [ 76C9E2AA3400C22FC7091AD2F2999F95, 0015CF42CBA603448DFD85909D5047D5F9BE9153972C3832B1CF4B92A6BF0D01 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
    16:15:11.0143 0x09ac storflt - ok
    16:15:11.0148 0x09ac [ 701078F20919BD635EA25F691880F651, 6D56027007EF92A72C20B9B8024FDD96E03E2B8746F39D57BD1F7CAD2FC80DB2 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
    16:15:11.0162 0x09ac stornvme - ok
    16:15:11.0167 0x09ac [ 47CE4211A40C2C023A8138E18757F3D2, D684D2A7DECC23418A685358EA9B4F6EB3A68C690D5ED8E82F4B4639DF022775 ] storqosflt C:\WINDOWS\system32\drivers\storqosflt.sys
    16:15:11.0185 0x09ac storqosflt - ok
    16:15:11.0205 0x09ac [ DEA7BB6D3724F2FD9E61ED085E69DFA7, 5047F184894E79C31739D3C9632E43E8D2ABD70AA674DE82D6D2D0FDA137BF3F ] StorSvc C:\WINDOWS\system32\storsvc.dll
    16:15:11.0247 0x09ac StorSvc - ok
    16:15:11.0253 0x09ac [ 25D7B79F80F3C2CD97D797C14D470165, 5425F98A66741BB2BC7BDC8B21C3AF859A503596D983010883BF5BE4FD999D9D ] storufs C:\WINDOWS\system32\drivers\storufs.sys
    16:15:11.0266 0x09ac storufs - ok
    16:15:11.0270 0x09ac [ 1FC7B7BE58A29DF27F5E6F6C2F061FA3, D8CD6D1BD0ACA4B851DBC85F898CB5DA8715C5AB3D62D7B0D6BBFEADC0382A8E ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
    16:15:11.0283 0x09ac storvsc - ok
    16:15:11.0287 0x09ac [ 0B154B033AD7F9215DED11E0CFC80A25, 383D7BF361D75A3B78E4C8E3F616E487FA6172F860AE364B1AC73F75BE38944F ] svsvc C:\WINDOWS\system32\svsvc.dll
    16:15:11.0306 0x09ac svsvc - ok
    16:15:11.0318 0x09ac [ 54255DF324C621A97220EBFA832237D2, 27BAB2018BE66C67D6C2BBAA8E849E89B4150B8C81E7350DB0A1D14BEEB965D9 ] swenum C:\WINDOWS\System32\DriverStore\FileRepository\swenum.inf_amd64_ea7b19c04e7a8136\swenum.sys
    16:15:11.0329 0x09ac swenum - ok
    16:15:11.0341 0x09ac [ B3C113C9B784A4D296C7A7BA515F74BF, 0D20281B8AA9ED6C89E10122F3A153C2E21464686E5A3D2F907224584E6B5BCF ] swprv C:\WINDOWS\System32\swprv.dll
    16:15:11.0372 0x09ac swprv - ok
    16:15:11.0376 0x09ac [ A2A42A570524C975259E3B81C4D80DCA, 4B2A6295E46DD2042B3C741D9519A0376687B30711F2DA8B9B81A039E46229F9 ] Synth3dVsc C:\WINDOWS\System32\drivers\Synth3dVsc.sys
    16:15:11.0394 0x09ac Synth3dVsc - ok
    16:15:11.0415 0x09ac [ A8D839012996A00F3071116C529FF5D5, 9C2828C8F645F9F44B65FAC50CACD7D2699634059585DDE84D11C7F06F244060 ] SysMain C:\WINDOWS\system32\sysmain.dll
    16:15:11.0458 0x09ac SysMain - ok
    16:15:11.0467 0x09ac [ 607143646829B70F7C60F4CF499AD41D, 00746AA3D0ECE27BC04FCAB4955A199C5E040F850D0129865EC8F03DD202EF7A ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
    16:15:11.0493 0x09ac SystemEventsBroker - ok
    16:15:11.0501 0x09ac [ CE9975A9E0DFBEFECECE218D2674C1CD, 20ABA9B78FF40C89A757ED2B4AE2F8BE5F4C6C257AA00A324849D68ACA59A264 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
    16:15:11.0525 0x09ac TabletInputService - ok
    16:15:11.0534 0x09ac [ E38C7C4D57B1438F70A1B913870E8665, EEBE640E31F3D9126FD2F58EB93051FE4EEA591223DFAB9E918DEBE879718B95 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    16:15:11.0561 0x09ac TapiSrv - ok
    16:15:11.0607 0x09ac [ 38F735ADC4D7F4A2A8FC6400E98F6B60, 5247061D331B8DDFC8B767CF522D5FB2462C0B7BCD613C4C5D015E35640D2572 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
    16:15:11.0677 0x09ac Tcpip - ok
    16:15:11.0724 0x09ac [ 38F735ADC4D7F4A2A8FC6400E98F6B60, 5247061D331B8DDFC8B767CF522D5FB2462C0B7BCD613C4C5D015E35640D2572 ] Tcpip6 C:\WINDOWS\system32\drivers\tcpip.sys
    16:15:11.0786 0x09ac Tcpip6 - ok
    16:15:11.0795 0x09ac [ 085F8A5F09E64CC27309AF160EF4F9BA, DB3DFD3059836A9FB26FE924E9F2B960E454F4B20D8862266DFDA3168D610FD8 ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
    16:15:11.0812 0x09ac tcpipreg - ok
    16:15:11.0820 0x09ac [ 16071C42E21CE3378FA449322FB9AB1D, 44CA7FD91275546492EEF0A59261E2B1C924613515D45EFD2EF0442023B2CBE5 ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
    16:15:11.0834 0x09ac tdx - ok
    16:15:11.0841 0x09ac [ 7D87A129A6F4FA468244F0D812B1D0A5, E5F09091CC28C0F26B2D229ABEF29026B1A73ABCDDA819AE9A9B4D329C5E4D4D ] Te.Service C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe
    16:15:11.0855 0x09ac Te.Service - detected UnsignedFile.Multi.Generic ( 1 )
    16:15:11.0984 0x09ac Detect skipped due to KSN trusted
    16:15:11.0984 0x09ac Te.Service - ok
    16:15:11.0989 0x09ac [ B2C4D7CB291293CAC636748E695D111E, 5E0AA8147EFDA5D21CEE8AE254F74A974B0ADAF298F569CAA73AC4E3B758438A ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
    16:15:12.0002 0x09ac terminpt - ok
    16:15:12.0022 0x09ac [ 10ADC3589E50B1ED8452C86E0CBE8248, BE82341A12EA83D9EFADC9AC35CF16D327F8499C99107DCDE88DD0F5DF84523C ] TermService C:\WINDOWS\System32\termsrv.dll
    16:15:12.0068 0x09ac TermService - ok
    16:15:12.0075 0x09ac [ D56D575F4CE7C9FBB6D66EF81AA9D198, 7277516BC764C62E47A4226A6B203D350E48828B0DC03914AA192D80BAD25334 ] TESHelper c:\Program Files\Common Files\Lenovo\Magic Transfer\x64\MagicTransferTESHelper.exe
    16:15:12.0086 0x09ac TESHelper - ok
    16:15:12.0093 0x09ac [ 1A0A0F6A139148AFDC4622046D4B3CBD, 8FC2FB99B70A3A5B2F1D757A2F0E3085B1D242B792A35070E1DB3871A275329E ] Themes C:\WINDOWS\system32\themeservice.dll
    16:15:12.0114 0x09ac Themes - ok
    16:15:12.0123 0x09ac [ 811910E891A6DB4A864AE119EB71218C, 2CBB6159E2ACAE4BA73892A4F7F8A3981C159083C29F1A1D548C59FB713B9D74 ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
    16:15:12.0152 0x09ac TieringEngineService - ok
    16:15:12.0158 0x09ac [ 8BF5E2FD72E939CF68D617E273034793, EE27D070E1C4EFE902BE173C5561F5601499F835762278CC1E5987886BD8A4D1 ] TimeBrokerSvc C:\WINDOWS\System32\TimeBrokerServer.dll
    16:15:12.0182 0x09ac TimeBrokerSvc - ok
    16:15:12.0208 0x09ac [ 992E10F3A16C90436DFEDD3B787DE729, 4794CE27547E8CAEC1C2E3BDA7E3EAB518FF6CCC0AA3CF55B96A65C915C6D987 ] TokenBroker C:\WINDOWS\System32\TokenBroker.dll
    16:15:12.0263 0x09ac TokenBroker - ok
    16:15:12.0274 0x09ac [ 330F5AA122A302F0244D918B9C92C9D1, 62D513B7357AC8CFC649BCEB4EB682B7493219957A1264BAD4E5C26086BD8F3D ] TPM C:\WINDOWS\System32\drivers\tpm.sys
    16:15:12.0291 0x09ac TPM - ok
    16:15:12.0297 0x09ac [ A5C0F857C38278A90E953A24E1701196, 1A646E47013946CCE41C798A494C6D266AEFC8A8D6EB65CD8848E72106687E38 ] TrkWks C:\WINDOWS\System32\trkwks.dll
    16:15:12.0318 0x09ac TrkWks - ok
    16:15:12.0325 0x09ac [ 4578046C54A954C917BB393B70BA0AEB, 2DFE9DE656B415CF7D81F583F33A20A74CD54C07DB8C3196AA2102431F42F74F ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
    16:15:12.0345 0x09ac TrustedInstaller - ok
    16:15:12.0351 0x09ac [ 0D721F40C179EC5737C15E551F22C69B, BBA04E11C3D9150C60F74D8B1A3F444BDE0C19857BB7C45D58448F641082DE1A ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
    16:15:12.0368 0x09ac TsUsbFlt - ok
    16:15:12.0374 0x09ac [ DE1296871208D1F13B7AC57C4B1FA46C, D18709F65E372A47AE114ECFD6A45E6736089B4A8E719E2FB5D831D9415E995D ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
    16:15:12.0388 0x09ac TsUsbGD - ok
    16:15:12.0395 0x09ac [ BC938ABBF586272BD4063CA51F09149F, 06EB662948D212ACDF930C3CD01C6381A6FB152AC0F1628C86764F0973ABA1CB ] tunnel C:\WINDOWS\system32\drivers\tunnel.sys
    16:15:12.0414 0x09ac tunnel - ok
    16:15:12.0420 0x09ac [ E94996BB8F323AF02860196C1400AD30, DE605439FC5B59C1064DF05F63C94D7C275482C1C66BEC74FA4A83F61C2051FC ] tzautoupdate C:\WINDOWS\system32\tzautoupdate.dll
    16:15:12.0442 0x09ac tzautoupdate - ok
    16:15:12.0447 0x09ac [ BDFACE024EFF2398214797143AD76C87, EF9B6CB1F6EAE4786BBDE1E0946BECC5BD2AA493FC32A8F779A757BA57238EC9 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
    16:15:12.0460 0x09ac UASPStor - ok
    16:15:12.0467 0x09ac [ 00C4396DE1CD3502884BB2E2B6D6861C, 39F6BF25096ACE29CAF964DCA15078F47986F645DF49FB502A2CDF2C05C89AAB ] UcmCx0101 C:\WINDOWS\system32\Drivers\UcmCx.sys
    16:15:12.0486 0x09ac UcmCx0101 - ok
    16:15:12.0494 0x09ac [ ED9CBD1541C8AFDAA9B8255A384E2B53, D970F5E976CEBE0BCDF07B9E155EDB5B3C225812991779748CD04A9C4852DF3D ] UcmTcpciCx0101 C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
    16:15:12.0514 0x09ac UcmTcpciCx0101 - ok
    16:15:12.0519 0x09ac [ F58F1BC6A6972437CE18516F8ACCEB9F, 2C619D1E2E80662FA463EE48E3D41C8437A81B0F68EE67A0839A93DEDCD2E0B2 ] UcmUcsi C:\WINDOWS\System32\drivers\UcmUcsi.sys
    16:15:12.0543 0x09ac UcmUcsi - ok
    16:15:12.0551 0x09ac [ 017FB9532F54B28EFC1E37A91DB9ECC5, B753A114C644E57E3A4754836F29A6974BAADE547D3114D783070E7CDAA7CE1D ] Ucx01000 C:\WINDOWS\system32\drivers\ucx01000.sys
    16:15:12.0569 0x09ac Ucx01000 - ok
    16:15:12.0575 0x09ac [ 12E2B6B642360E66396502B62B048694, C9AC86BF767ED4ACE0F58BA3720369A2758BA154AFFE10CAAD5A2C4C259BA50A ] UdeCx C:\WINDOWS\system32\drivers\udecx.sys
    16:15:12.0591 0x09ac UdeCx - ok
    16:15:12.0601 0x09ac [ 6A442723D4D05D9F15D24C9942CDA00D, 4A60D6CF7214A3891877AC6E5A49AE49D056567162D6355C0D893510F0241DA7 ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
    16:15:12.0625 0x09ac udfs - ok
    16:15:12.0630 0x09ac [ D30AF38971B6670C222250AC2CBB6227, 52C1C7AC29D06C701DA0E2772294CED0C1790EC7FCBD5074238B54BEB951E9D0 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
    16:15:12.0642 0x09ac UEFI - ok
    16:15:12.0651 0x09ac [ 588B9212DEE84F5192C09A147AA5C316, 80C70FD489D72015FCF8AFBE649F6C77F40B613882A1F031A2DAE088B9B4F67B ] Ufx01000 C:\WINDOWS\system32\drivers\ufx01000.sys
    16:15:12.0669 0x09ac Ufx01000 - ok
    16:15:12.0674 0x09ac [ 78B5C069C9AA1463ACC833FD7E2A3BD5, A44BAB6AB5E071537BD37A26DAF6D0D69BBFFFF686C183BFAAB04286DD3B81BB ] UfxChipidea C:\WINDOWS\System32\drivers\UfxChipidea.sys
    16:15:12.0688 0x09ac UfxChipidea - ok
    16:15:12.0694 0x09ac [ 533BF4F456A1C6E7581E8C0A4EC59300, E5AE7EB4A8E6CE410F465C48F102797806172B5881C2CF570A9851CCDFE656FD ] ufxsynopsys C:\WINDOWS\System32\drivers\ufxsynopsys.sys
    16:15:12.0708 0x09ac ufxsynopsys - ok
    16:15:12.0717 0x09ac [ 360FEE6F687D98EFFE46A5433FE6182E, 1A35569DC29F45F78D705BCEDE850CAF86FD27D6253977497EB3B000CAAE0B27 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
    16:15:12.0733 0x09ac umbus - ok
    16:15:12.0737 0x09ac [ F6F1A9D91F684AA02951B96EE8127DAE, 351139331041BC123C9FEE3A5CE4965AFC4CDCA488080338D98C5EB85D5843D4 ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
    16:15:12.0752 0x09ac UmPass - ok
    16:15:12.0763 0x09ac [ 0D806415E1F86E7C1C192261C247EF0D, 640CB73D9ACC3B6E0F2A2A5A4587375F05A7519081BEC510B926A8A4A496C3B9 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
    16:15:12.0788 0x09ac UmRdpService - ok
    16:15:12.0812 0x09ac [ EAEC69961D9D8B39FEA44D56F7FB259D, 43FEB15A32B353B6F3C8E5F1072FF9507F2FA7799A414F30FEA0B8C47999D969 ] UnistoreSvc C:\WINDOWS\System32\unistore.dll
    16:15:12.0864 0x09ac UnistoreSvc - ok
    16:15:12.0879 0x09ac [ 2362D5C18120FAB9CE5BD1F73EE33758, D9AB5D5BEAF95F62A204CE8A3B8B3B6C9C1E85FB5425CA2AADCBB4770EDCDF30 ] upnphost C:\WINDOWS\System32\upnphost.dll
    16:15:12.0909 0x09ac upnphost - ok
    16:15:12.0914 0x09ac [ 49A5E1B43C59DC0E363AD9C2D7D10BE4, B903C1C24DAF316AF9D8C1770687DE0A24ACDA4EFE47845E13BE99985609B7CE ] UrsChipidea C:\WINDOWS\System32\drivers\urschipidea.sys
    16:15:12.0927 0x09ac UrsChipidea - ok
    16:15:12.0932 0x09ac [ 53F1DA2D92D1D8CE4BB9D33E58D7DF01, CD3F4B92EDA042FE696C59D67BEB711C7AF0EB5979AD5F4110297C47454EBBFA ] UrsCx01000 C:\WINDOWS\system32\drivers\urscx01000.sys
    16:15:12.0945 0x09ac UrsCx01000 - ok
    16:15:12.0950 0x09ac [ 09518A324B95BBC0B472BD5A472CB916, B3C6BF8C84268C02CC43E5C6B37648F9691B6038D275F4BEBA7B5E9ECA046181 ] UrsSynopsys C:\WINDOWS\System32\drivers\urssynopsys.sys
    16:15:12.0962 0x09ac UrsSynopsys - ok
    16:15:12.0969 0x09ac [ B7211393225AB05324C52BA47B31FEB4, 3FFB7F1C1CA5001B95026D30ECD1991747DDAFFBE3B4929CAEDFA90E169A28AE ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
    16:15:12.0984 0x09ac usbccgp - ok
    16:15:12.0990 0x09ac [ 250D21958EE5F45CD13FE6BE3788EE70, C0EF097EE2ED91950BD3A6881AB08698E85C4ABABC4F7520F7E92E70CA454D4E ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
    16:15:13.0006 0x09ac usbcir - ok
    16:15:13.0012 0x09ac [ 4269DE1EB8029D55B3BB3A8A330FCF90, 5D9081A07F91AF704D27EEE60516D6E1E0A106D1656CEF0C5C50E51C23E17F61 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
    16:15:13.0026 0x09ac usbehci - ok
    16:15:13.0039 0x09ac [ D67AABAE0C9EBAC9BBA2E20E0AF52EF1, FE51895BB81E5320F66C433378469092D39F325D310543AFE28A5603FA9B4F08 ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
    16:15:13.0061 0x09ac usbhub - ok
    16:15:13.0075 0x09ac [ E9ED46769676537049BAAEC4543C7BA6, FEE591F28648E4D0D78247BC1E8604AA3F426F4EE57ADCCB4C53F3C7A24634EB ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
    16:15:13.0098 0x09ac USBHUB3 - ok
    16:15:13.0103 0x09ac [ A547E7B1B3FB2228259AA85AC7E82698, AB18BBE30A2D149A0E10621DC8497A72DFB841B09F4E4B47FED21843C0F88D92 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
    16:15:13.0119 0x09ac usbohci - ok
    16:15:13.0124 0x09ac [ 692C0BA4109C8F78392A299369F51129, A675E11CD4794693D0B65A06E85F264199506A4C6EDBB68503163EED389B8D1F ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
    16:15:13.0139 0x09ac usbprint - ok
    16:15:13.0144 0x09ac [ 45A9E57185B79420EFEA5A4AED655809, 91D4BDBBAF1D06C404AC926357C3F20D780CF5C858B223930D69CFB17D81F3D3 ] usbser C:\WINDOWS\System32\drivers\usbser.sys
    16:15:13.0160 0x09ac usbser - ok
    16:15:13.0165 0x09ac [ CEF7527514EC49EBE0C760D784643EF0, 2A4E49C5C906339C31F0A646E53773297F4B4CEAFD94CE653C37556AE243E104 ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
    16:15:13.0179 0x09ac USBSTOR - ok
    16:15:13.0183 0x09ac [ A4124036C4FD2B94C6157C4588EEB4E3, 595C8BFB5E63AEA2F7DF2745F7C7CE45938B091470C921E3064E766A0E12851F ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
    16:15:13.0200 0x09ac usbuhci - ok
    16:15:13.0208 0x09ac [ 9431F7E997A8750139517709B04D8629, 250DE2A461DD3E6D40BD7A21041BF451D954D5BC14A9BC4D819955A135FC34F4 ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys
    16:15:13.0225 0x09ac usbvideo - ok
    16:15:13.0236 0x09ac [ 9F4CCFCD4B4C6008C940510E43D54AEC, CD6082E95EBA618490A2A97E258875440B3440E721B21E81608804B90DEF0D20 ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
    16:15:13.0257 0x09ac USBXHCI - ok
    16:15:13.0284 0x09ac [ CE0E3BA8FC974BEE5BE20E4F43A1C583, E19DE81559FD92D1F7B0ADB4297926E6971F7FCB642E11758D361FC2A22C33BB ] UserDataSvc C:\WINDOWS\System32\userdataservice.dll
    16:15:13.0346 0x09ac UserDataSvc - ok
    16:15:13.0370 0x09ac [ B8D1D74FEF1F190BA4DA7E7A72D5D9CE, F467F39EE09DDC7750BF42C3FF317E0DC324897589268B4C7B63F8E176445820 ] UserManager C:\WINDOWS\System32\usermgr.dll
    16:15:13.0416 0x09ac UserManager - ok
    16:15:13.0444 0x09ac [ C245BED652C5CD1C7A9EA27875854DD9, 4059A85BEF0833B05D6F33C164DE2222B67668E07A7060BB741CD59AC01785A4 ] UsoSvc C:\WINDOWS\system32\usocore.dll
    16:15:13.0498 0x09ac UsoSvc - ok
    16:15:13.0511 0x09ac [ 3E283D06357616CD4117CC15BDB7C4C3, ACE50702EE61C9F93855720037898F19E509D45982F9173643EDA455F54FB9E7 ] VacSvc C:\WINDOWS\System32\vac.dll
    16:15:13.0534 0x09ac VacSvc - ok
    16:15:13.0541 0x09ac [ 317340CD278A374BCEF6A30194557227, 593DA57CDD02F4CC3A5125CE5707C222DD922F2936D16492BA21AC6C345EC6B0 ] VaultSvc C:\WINDOWS\system32\lsass.exe
    16:15:13.0554 0x09ac VaultSvc - ok
    16:15:13.0560 0x09ac [ 8DCB7E5A9497C030484E5AD9E541B85C, 1170E5C190E2B6F2966076EFF11B8476CC03D924F43144C2936E11314A89ACA6 ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
    16:15:13.0571 0x09ac vdrvroot - ok
    16:15:13.0586 0x09ac [ 4940B49502323905B66039D0D1AB4613, 963BFD563B5A79F0AE81EB9708E85901A545545D4F25FCF37A17295EE9EDA514 ] vds C:\WINDOWS\System32\vds.exe
    16:15:13.0621 0x09ac vds - ok
    16:15:13.0629 0x09ac [ 5C25C1A89650C95D15F7988D71487B08, EC42E586309B46CF51EC5DC00362ABA82A503545292CACE7B3D23BB0F5E687B9 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
    16:15:13.0645 0x09ac VerifierExt - ok
    16:15:13.0660 0x09ac [ E8E5F722A699EF037891D735CB588F8D, 66D0C76C668DBD5BCE2B30B1936486EC21455BE293203C41B8E3B031ED012A22 ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
    16:15:13.0688 0x09ac vhdmp - ok
    16:15:13.0693 0x09ac [ 209A34F4BE17B0A56328C86F8CCC5577, 58F8A57233FC7DD220A6EF64FD48C2A5756B21AB30644FF6919847D13FF44F16 ] vhf C:\WINDOWS\System32\drivers\vhf.sys
    16:15:13.0710 0x09ac vhf - ok
    16:15:13.0716 0x09ac [ AD63BC4A11A4FD436ED23208BB8D1A9C, 079718B9B2F57716FC50119E9893AABF2AAC6223764E8C2ACAE1016A53E069E5 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
    16:15:13.0731 0x09ac vmbus - ok
    16:15:13.0735 0x09ac [ E2D57FB1A62F0BB7F70570806A09CE2B, DCF1699488D913C9E94E2C74CD8606BDAFF69B995B2E3B7DE7F2E9C4D2E6ECF2 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
    16:15:13.0749 0x09ac VMBusHID - ok
    16:15:13.0754 0x09ac [ 7D778F1E82EBA9F5A4DD392CFD3C4224, E81D71E88C472B1631758E3C5D22A214450480C2E2DA010FDE21EC1B129C5FAD ] vmgid C:\WINDOWS\System32\drivers\vmgid.sys
    16:15:13.0769 0x09ac vmgid - ok
    16:15:13.0778 0x09ac [ E4F5E83951810583FE8C2423772171DF, B2C7D44AA3F578C8E5B0A6FD8002BA554BAA4492FDFCFAED9D581C3ACD05D620 ] vmicguestinterface C:\WINDOWS\System32\icsvc.dll
    16:15:13.0802 0x09ac vmicguestinterface - ok
    16:15:13.0810 0x09ac [ E4F5E83951810583FE8C2423772171DF, B2C7D44AA3F578C8E5B0A6FD8002BA554BAA4492FDFCFAED9D581C3ACD05D620 ] vmicheartbeat C:\WINDOWS\System32\icsvc.dll
    16:15:13.0832 0x09ac vmicheartbeat - ok
    16:15:13.0839 0x09ac [ E4F5E83951810583FE8C2423772171DF, B2C7D44AA3F578C8E5B0A6FD8002BA554BAA4492FDFCFAED9D581C3ACD05D620 ] vmickvpexchange C:\WINDOWS\System32\icsvc.dll
    16:15:13.0861 0x09ac vmickvpexchange - ok
    16:15:13.0870 0x09ac [ DB7FB1DA7E1564EACBADD436191309C5, B567DFB5828D64A2A199C16538F3557696C3381B858420F23EABC757FDC341C2 ] vmicrdv C:\WINDOWS\System32\icsvcext.dll
    16:15:13.0895 0x09ac vmicrdv - ok
    16:15:13.0903 0x09ac [ E4F5E83951810583FE8C2423772171DF, B2C7D44AA3F578C8E5B0A6FD8002BA554BAA4492FDFCFAED9D581C3ACD05D620 ] vmicshutdown C:\WINDOWS\System32\icsvc.dll
    16:15:13.0925 0x09ac vmicshutdown - ok
    16:15:13.0932 0x09ac [ E4F5E83951810583FE8C2423772171DF, B2C7D44AA3F578C8E5B0A6FD8002BA554BAA4492FDFCFAED9D581C3ACD05D620 ] vmictimesync C:\WINDOWS\System32\icsvc.dll
    16:15:13.0954 0x09ac vmictimesync - ok
    16:15:13.0962 0x09ac [ E4F5E83951810583FE8C2423772171DF, B2C7D44AA3F578C8E5B0A6FD8002BA554BAA4492FDFCFAED9D581C3ACD05D620 ] vmicvmsession C:\WINDOWS\System32\icsvc.dll
    16:15:13.0983 0x09ac vmicvmsession - ok
    16:15:13.0992 0x09ac [ DB7FB1DA7E1564EACBADD436191309C5, B567DFB5828D64A2A199C16538F3557696C3381B858420F23EABC757FDC341C2 ] vmicvss C:\WINDOWS\System32\icsvcext.dll
    16:15:14.0014 0x09ac vmicvss - ok
    16:15:14.0019 0x09ac [ 708410755721F94FC8939673893C2E2B, C8516DDE667614545DA076A9D034A7941D3E03953CB41576A979199363AB7A99 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
    16:15:14.0032 0x09ac volmgr - ok
    16:15:14.0043 0x09ac [ 1514506CA7462A64DC38C48108DDBB45, DEE5D7B79962D9EB6D92FCF870CA1B06FE68CE6AE25F82A5B449445C99E76D2A ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
    16:15:14.0062 0x09ac volmgrx - ok
    16:15:14.0073 0x09ac [ F0EE4E6028CCA58BEA9A04E7BEAB7DB4, 628D0E3D60256B914E46C26BCE8F512DFE0409C34EA603EB0A20C80EB469A4D2 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
    16:15:14.0092 0x09ac volsnap - ok
    16:15:14.0097 0x09ac [ 77FD1607F2C371ABD241EC7699C58884, A6FE00D76C615DC641A667EB9B6824C992ED752A31A89AE3FE43BAE5462F3EB7 ] volume C:\WINDOWS\system32\drivers\volume.sys
    16:15:14.0108 0x09ac volume - ok
    16:15:14.0113 0x09ac [ A8E3A6BA6A1B4D1DFEC5E8D5CFF786DF, DEAE1C20AF6BBE419FDE432288C7A45B29AADA8D9E416BC428A4C2BF428D2861 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
    16:15:14.0126 0x09ac vpci - ok
    16:15:14.0132 0x09ac [ ED0B3436E1DE601C6C8EB86789AC8BAB, 0CD186B09903A1D3748A3258D8B84557F3674DA04FEB8EFA24AE81FFE376265C ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
    16:15:14.0147 0x09ac vsmraid - ok
    16:15:14.0174 0x09ac [ C7053D974A35EAB81F153FF33C883613, 9D89DC644971F93931D0E59D42ADE0A4AB49A5490709B46FCBBC309041C5432D ] VSS C:\WINDOWS\system32\vssvc.exe
    16:15:14.0234 0x09ac VSS - ok
    16:15:14.0241 0x09ac [ 516907EE74BDF7EEA09BA0FC5DC96C8E, 70A59A472AE1B7184D3EE7FD6E10A49E2403D08D89108E5353D632372BE89A0B ] VSStandardCollectorService150 C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe
    16:15:14.0254 0x09ac VSStandardCollectorService150 - ok
    16:15:14.0263 0x09ac [ 3D706FBED35DF3B17809C6714F31F9B0, BBC337479DEB628721E651FC165EA01D986E31950189F1A81534922667101487 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
    16:15:14.0281 0x09ac VSTXRAID - ok
    16:15:14.0286 0x09ac [ 0B11DBB8173AD374D67893D54EBEE9F3, AB8B6FC81244729157E59D062FCC234FD7E818804D94AA6B7BF81E01B7922395 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
    16:15:14.0301 0x09ac vwifibus - ok
    16:15:14.0306 0x09ac [ 95540F74893235C189409C98643D7A77, 4F041301C95F55C8448C3CC5825ED9E631E770BA35BEC8498A0ABB3563584AAE ] vwififlt C:\WINDOWS\system32\drivers\vwififlt.sys
    16:15:14.0323 0x09ac vwififlt - ok
    16:15:14.0328 0x09ac [ 60A14582772A4DF0D0BE27B3F873BE6B, 93DB43D2F4B985A3FF1A152ADEDBB52567CCC29B899F96F8BA0FA9558EF2DF6D ] vwifimp C:\WINDOWS\System32\drivers\vwifimp.sys
    16:15:14.0343 0x09ac vwifimp - ok
    16:15:14.0357 0x09ac [ 4F904ADE8BECDFB48CBA3F44FC0676A1, 2C3D619E9AD0D0DAEC0D170795FD6E5B7FE3FC667C947660320A9BC671B55736 ] W32Time C:\WINDOWS\system32\w32time.dll
    16:15:14.0390 0x09ac W32Time - ok
    16:15:14.0401 0x09ac [ A513D44421D6556FF08CF791FDAF11FC, 0D29306CEF2AEA216088BFDA350F859317F40DF053C657F289A153F035749664 ] WaaSMedicSvc C:\WINDOWS\System32\WaaSMedicSvc.dll
    16:15:14.0428 0x09ac WaaSMedicSvc - ok
    16:15:14.0433 0x09ac [ 87A01F65BD16C9FCCDD1B65F56CB93B0, E84B46DB67F2FCB22DB7130570FE7211FC96A806AC9D1D69D187899C93785CB2 ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
    16:15:14.0448 0x09ac WacomPen - ok
    16:15:14.0459 0x09ac [ 25FAB8A2CFFA21FDB472AB3AE6C17A57, C97E651111643F32FD5B94BEDA31D62E6FF83CA0644FFE8BA98463EC9EA6EF9B ] WalletService C:\WINDOWS\system32\WalletService.dll
    16:15:14.0490 0x09ac WalletService - ok
    16:15:14.0495 0x09ac [ 85E187443F68F285DB78BD2279AE3701, FAC03A162CF07FCC6BDB4E45F5EDF16D48BE10D95F73A74E9BADA62EC7F24B53 ] wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    16:15:14.0512 0x09ac wanarp - ok
    16:15:14.0516 0x09ac [ 85E187443F68F285DB78BD2279AE3701, FAC03A162CF07FCC6BDB4E45F5EDF16D48BE10D95F73A74E9BADA62EC7F24B53 ] wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
    16:15:14.0534 0x09ac wanarpv6 - ok
    16:15:14.0539 0x09ac [ 395447583F42FD840520EE87AE439D74, 984AE1EE8BA3B8926C6FC94BC22DE9061C90C15135EA56D0F16C1D3C4EF8DAF8 ] WarpJITSvc C:\WINDOWS\System32\Windows.WARP.JITService.dll
    16:15:14.0558 0x09ac WarpJITSvc - ok
    16:15:14.0587 0x09ac [ 6E235F75DF84C387388D23D697D6540B, 7113DD02243E9368EF3265CF5A7F991F9B4D69CAB70B1A446062F8DD714AFC8E ] wbengine C:\WINDOWS\system32\wbengine.exe
    16:15:14.0645 0x09ac wbengine - ok
    16:15:14.0668 0x09ac [ 9F5B8D32B72A7D5DA392628EAB09EC53, E3B823A23C716EECF5F86C122D8C49A7DDE8DD24D979A2D626173BF99DF5BCAF ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
    16:15:14.0710 0x09ac WbioSrvc - ok
    16:15:14.0717 0x09ac [ 8A304D6CDC067922448CBA1EBB9FFCA8, DE40DD3A32DFF22C477F38B5E2224D55B8CCF2499EFFE0A8E9923728295BAEC1 ] wcifs C:\WINDOWS\system32\drivers\wcifs.sys
    16:15:14.0733 0x09ac wcifs - ok
    16:15:14.0753 0x09ac [ C479E8EC94A23112B7EF14D5F1DF83CE, 0F40594FF9C329090A9980F31795C90850C2D2F819236ABD680D27C98FE9BC97 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
    16:15:14.0796 0x09ac Wcmsvc - ok
    16:15:14.0809 0x09ac [ B797B163EDCA46B5244F4E083BE7A7E7, 18D977A8015380A87EC9962273B90806145186A69F3455B3445A0FE1FE431219 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
    16:15:14.0839 0x09ac wcncsvc - ok
    16:15:14.0845 0x09ac [ FCA1B5465213EF4DE373A1F7E76D260E, 2548A9D11027871AD0290FDADF1E42E828E6120ECE925B12BAB3F09E25172489 ] wcnfs C:\WINDOWS\system32\drivers\wcnfs.sys
    16:15:14.0862 0x09ac wcnfs - ok
    16:15:14.0867 0x09ac [ E6B9D4C5BB2C8B7BA7946EC54392B14E, 3EC126095A98E76E003EE0F8CE71E44B1CD9CA6EF63FF94A84981CB763B4E2A6 ] WdBoot C:\WINDOWS\system32\drivers\wd\WdBoot.sys
    16:15:14.0878 0x09ac WdBoot - ok
    16:15:14.0897 0x09ac [ 152926023B401D1F5F8852929572F5C3, 61D0FDB0E3A4D16FFA6852174B3824F6294502E331BB0831BCF99F049B09C328 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
    16:15:14.0926 0x09ac Wdf01000 - ok
    16:15:14.0936 0x09ac [ C0100756EBE0B8CCC9517949A0809893, 7E510269FE9984CDAB42A6C053F18C9B65A3DAD431D3050F83192995E83FDF7C ] WdFilter C:\WINDOWS\system32\drivers\wd\WdFilter.sys
    16:15:14.0952 0x09ac WdFilter - ok
    16:15:14.0958 0x09ac [ 067D1A81B4708CA97523709FDF57B728, CA331223250B37E7D2D8B04640EDF279F7FD7336017181ECF2D3E4F82E370F97 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
    16:15:14.0979 0x09ac WdiServiceHost - ok
    16:15:14.0983 0x09ac [ 067D1A81B4708CA97523709FDF57B728, CA331223250B37E7D2D8B04640EDF279F7FD7336017181ECF2D3E4F82E370F97 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
    16:15:15.0005 0x09ac WdiSystemHost - ok
    16:15:15.0022 0x09ac [ 5DDA2C4B9AAED51E73DD6D580406F07A, 5C103E442ED4A9CC3C4E81D6C4E6BEE2FD14E4DBE57EC46DA0EF4C539D42756B ] wdiwifi C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
    16:15:15.0059 0x09ac wdiwifi - ok
    16:15:15.0064 0x09ac [ EAF4FB729E94561EE31BDE5BEF869C65, 73290250B565E0A3F453BC45E69FF16A1D964E372A15401A2D3E2CDEB4670B38 ] WdmCompanionFilter C:\WINDOWS\system32\drivers\WdmCompanionFilter.sys
    16:15:15.0077 0x09ac WdmCompanionFilter - ok
    16:15:15.0082 0x09ac [ CF07A18380EBA6609F66002B82BE2E84, 1470438EE0996C2614CB879415884DB610B219D965AED45D1DB8B2F84863B20B ] WdNisDrv C:\WINDOWS\system32\drivers\wd\WdNisDrv.sys
    16:15:15.0095 0x09ac WdNisDrv - ok
    16:15:15.0161 0x09ac [ C748A3C5E6222847FAA853465A4FFAFA, 81021BB03E97425B6B5780C76925D906F181DAD3F50F039BD87E8F2A0E775D4B ] WdNisSvc C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe
    16:15:15.0245 0x09ac WdNisSvc - ok
    16:15:15.0256 0x09ac [ BDCC510E85F7AF152E2DFF030A526EA2, 67830B42DE20EBB30DD33093F30FBA166B27D3C1F25B52DABE1BC436671A1882 ] WebClient C:\WINDOWS\System32\webclnt.dll
    16:15:15.0279 0x09ac WebClient - ok
    16:15:15.0287 0x09ac [ 506F0A1CCABF4428733CF854BCBB6832, 859A7E21ABB93A0AD538AAF93D32E31B961EA6012C24567B4C76A9ED8FD4AD46 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
    16:15:15.0309 0x09ac Wecsvc - ok
    16:15:15.0314 0x09ac [ D8D727E8311C86B2A993A9006A453BAC, AD6C93F5ED51C621841DF68A25D5932578FADB83689FB668D056F316A8AA749D ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
    16:15:15.0332 0x09ac WEPHOSTSVC - ok
    16:15:15.0339 0x09ac [ 30B4568D058E17500E7BF88AECEDF3F1, 612597DFAF63E55ACB80789483CBCF0E5AC5FF7607C478C61E5A86D77B169E9E ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
    16:15:15.0360 0x09ac wercplsupport - ok
    16:15:15.0367 0x09ac [ 5DDB06B07A60E7AEA69837931373C159, 4E0A3260058B19F414B5053701C4723C27735818212AB3D297F896BF4C39E536 ] WerSvc C:\WINDOWS\System32\WerSvc.dll
    16:15:15.0393 0x09ac WerSvc - ok
    16:15:15.0409 0x09ac [ 690537B9569F770ED81CE9C19FD7358A, FF780EBCD8C0B91E99BB2451F08D7826130781136E08FCB4571C3DD0C01B616F ] WFDSConMgrSvc C:\WINDOWS\System32\wfdsconmgrsvc.dll
    16:15:15.0444 0x09ac WFDSConMgrSvc - ok
    16:15:15.0452 0x09ac [ EB0B154F12F78DE232F38EF61BCDEEA2, D4BC28969C94F9A3906339B42FC3638E8BFF575C28C709461D48A84821A89A21 ] WFPLWFS C:\WINDOWS\system32\drivers\wfplwfs.sys
    16:15:15.0467 0x09ac WFPLWFS - ok
    16:15:15.0473 0x09ac [ 752F5931696914DF2EC0B27275C38458, 83415E7BE50D9548785FBF6550FA679E425B5990F303E2D74513275A5E1DC828 ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
    16:15:15.0493 0x09ac WiaRpc - ok
    16:15:15.0498 0x09ac [ 3AE28A996C9EB8A6F2AC12BC55035126, E54227B97F42800D445241EA638EFE86A7FEC664E96A0FA38BC48DDF7DA182AD ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
    16:15:15.0511 0x09ac WIMMount - ok
    16:15:15.0516 0x09ac [ CEDC4E5155D9D48F2922C21EC02419B7, B147CC9A14B92E224C7755D41E0453506F983E7874573F1DF79F3EBF27BED090 ] WinDefend C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe
    16:15:15.0528 0x09ac WinDefend - ok
    16:15:15.0538 0x09ac [ 2BB82BABE32D41F430D290239ABC0E87, 2D519F0B86F7B87B7028E404821EDE8B7BDA18288EF32CF81C25B9C1E629FFB1 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
    16:15:15.0550 0x09ac WindowsTrustedRT - ok
    16:15:15.0555 0x09ac [ 5F0EDDA201630E132C2251BC9DA85023, 842B5CBA8C33616345EDC2F91B560416AAEAAB15A8CE1F36978B251CE4CBDA16 ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
    16:15:15.0566 0x09ac WindowsTrustedRTProxy - ok
    16:15:15.0586 0x09ac [ 939AA47A32AFE2BC17EB39FB2ED1DDC2, 7BBE6FE475FF7971EBB59682872003059AC9B27D51898BA4C094C70534E057B6 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
    16:15:15.0617 0x09ac WinHttpAutoProxySvc - ok
    16:15:15.0622 0x09ac [ 762D8D839C44C5A0BE0449AA84034522, E6602D0FDB501081DF165CE904DA0FEC75F3FE29C3B07B44DED6268612742F9C ] WinMad C:\WINDOWS\System32\drivers\winmad.sys
    16:15:15.0634 0x09ac WinMad - ok
    16:15:15.0644 0x09ac [ 72D83880FEF0C788C5F305F330744208, 3126C2907170BBA47421D61CD6ED04DA3A3FCC66B4DBFCB4E3B56001B3BF6045 ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    16:15:15.0667 0x09ac Winmgmt - ok
    16:15:15.0676 0x09ac [ 80086471CD4D8BF61C757E8EDFDB01DD, EDB58B6C634B3189929867DE4D47764CD35E4E0ED6BBDE98DC1372E9058EA99E ] WinNat C:\WINDOWS\system32\drivers\winnat.sys
    16:15:15.0699 0x09ac WinNat - ok
    16:15:15.0746 0x09ac [ C57185CC62AA13E4F5A989D904CC9A16, 993F27F710148335C4244AB74D4B1D232DEDB0E3D82E39093A1E422C72283D31 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
    16:15:15.0836 0x09ac WinRM - ok
    16:15:15.0848 0x09ac [ 6FA3D810FE082001B16ADE19829F1E8E, 64B420FC14AB3194D4D2907EA5BE741456928E7E3CB9CBA50FEB8677A43B1971 ] WINUSB C:\WINDOWS\System32\drivers\WinUSB.SYS
    16:15:15.0867 0x09ac WINUSB - ok
    16:15:15.0872 0x09ac [ D2D6DB37E06608A5AF5B68D8E677B219, C7AAFEE7AAF76A4DCFF4FD2EE7232501832A57E3EE92CE20FA4A5D22F03FBE45 ] WinVerbs C:\WINDOWS\System32\drivers\winverbs.sys
    16:15:15.0885 0x09ac WinVerbs - ok
    16:15:15.0903 0x09ac [ 08BEB7851B4B8AA07325C23A657233F1, 6D7A4D194D342A5BC3EE9738765B2F5D6B75165954CA6B0D9CD4B40B262C300E ] wisvc C:\WINDOWS\system32\flightsettings.dll
    16:15:15.0943 0x09ac wisvc - ok
    16:15:15.0988 0x09ac [ 2490E373EC18869BA4FE435CFDE3ADEE, 5A3A9D11B426E5F13040758A1BE2284851C3E653E49340C1C75CF9EC3CE418B7 ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
    16:15:16.0073 0x09ac WlanSvc - ok
    16:15:16.0115 0x09ac [ 28A32E1F7A46A833DE104EF43E389F5F, 5A88C409DD9CC74ED6CEBEB5DFC8DDADFAB9D1CBDFD4EB78D7CBB6D55749C235 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
    16:15:16.0191 0x09ac wlidsvc - ok
    16:15:16.0219 0x09ac [ 6DF8049EC9A5AEFE99F753162D9681D4, A97FFC784617D0B45ECB7AB86AF363E6E9EC86D6E27EA90C8016DAEA27DD8183 ] wlpasvc C:\WINDOWS\System32\lpasvc.dll
    16:15:16.0271 0x09ac wlpasvc - ok
    16:15:16.0277 0x09ac [ EAEF2A087812BB7110C744446AB731D5, F5571D3C47564DFB6182DC43CC28124892323B60C3F389599DFEC94D227B4A86 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
    16:15:16.0293 0x09ac WmiAcpi - ok
    16:15:16.0303 0x09ac [ ABAC310F5E01CBA9B33AE694F99D0977, 700CDC85479CDBF765FB1A6A389DC991FC4D2A77851A81FF80BEED921250DBF6 ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
    16:15:16.0325 0x09ac wmiApSrv - ok
    16:15:16.0329 0x09ac WMPNetworkSvc - ok
    16:15:16.0336 0x09ac [ E122AD60BF4D7E4B28CCBABF33B28C1F, 1ABABE62FCC1B1A837540EE66F3EB0CE062962F05247002D61CFDE6ABB8E7E87 ] Wof C:\WINDOWS\system32\drivers\Wof.sys
    16:15:16.0352 0x09ac Wof - ok
    16:15:16.0394 0x09ac [ 0D3303BDBC591ECF113601D7853A1AA7, 437CF89541696E0B1A8056F4A5189642FC76D762113ED4F71458AF4D72FC3E9A ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
    16:15:16.0454 0x09ac workfolderssvc - ok
    16:15:16.0483 0x09ac [ 58DA02D34C964C00AF9140C07CCFF8F0, 6A02F326251A790F76E59737E20CB6C38190F671766E56CE6C7FB33D1A4588B9 ] WpcMonSvc C:\WINDOWS\System32\WpcDesktopMonSvc.dll
    16:15:16.0539 0x09ac WpcMonSvc - ok
    16:15:16.0546 0x09ac [ 7412ECE8BD5590881FA9780B68BD70C5, 52329B5BF78E2F5792369FE5A72CF4E3E216D4F0670507D10F3DB8383FA5E0BC ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
    16:15:16.0568 0x09ac WPDBusEnum - ok
    16:15:16.0573 0x09ac [ 15C1131EA0216F799C86B03EDAE0BE45, 39F50C084407BC3B498714B74DDA5D63E0539681F324A18ABBED3CD0DE5D52AA ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
    16:15:16.0585 0x09ac WpdUpFltr - ok
    16:15:16.0594 0x09ac [ 096969606BB5C4822AB020081EA07FC5, 522F372834B0497215F45ACBC417DA10DCE45C6D3C7099E47BBA18700C294B22 ] WpnService C:\WINDOWS\system32\WpnService.dll
    16:15:16.0620 0x09ac WpnService - ok
    16:15:16.0626 0x09ac [ 8B694BC50D2D2B98311283CFE5B40EE6, 734F8985CAD99E8635ACF09309D958D2B7FB05C6FF54DBE3623DC071BECE3413 ] WpnUserService C:\WINDOWS\System32\WpnUserService.dll
    16:15:16.0648 0x09ac WpnUserService - ok
    16:15:16.0655 0x09ac [ C1C2E769FCD3B00A59FF876FB2AD4336, B4D9065268A8B3C509E9160E6F30C20F80D14876C9F6C1057245F09CEB6B0F36 ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
    16:15:16.0673 0x09ac ws2ifsl - ok
    16:15:16.0682 0x09ac [ DCB549367EB94CD8AFAA28E3F77F6493, 9FD2C6E03F398E76403502CFC94EB8EBD2F90ED5E95ABA5E86C1B7F63601C43C ] wscsvc C:\WINDOWS\System32\wscsvc.dll
    16:15:16.0708 0x09ac wscsvc - ok
    16:15:16.0713 0x09ac [ A3317B8C6765C18F3BD9FE9DD352B05D, 8312D05F32909933FA692B893D5F6E1DC2E5908C8E590D4B6A51EA724DF4744C ] WSDPrintDevice C:\WINDOWS\System32\drivers\WSDPrint.sys
    16:15:16.0728 0x09ac WSDPrintDevice - ok
    16:15:16.0732 0x09ac WSearch - ok
    16:15:16.0785 0x09ac [ 5BEDFB0A96970427DEFC0FA273B9EE5A, 12E221A59E70B797E2CEBB005A66F7E6FE0C3315628F98136381AAB773F87E4D ] wuauserv C:\WINDOWS\system32\wuaueng.dll
    16:15:16.0879 0x09ac wuauserv - ok
    16:15:16.0888 0x09ac [ 813DC18CC654CFB1875074139B0FEFD3, 87901841AFD9224BFEC06A712BE3C2371E16D3571210D4792F91034A2B926A06 ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
    16:15:16.0906 0x09ac WudfPf - ok
    16:15:16.0914 0x09ac [ FB64BAD6DEDB27EA39B03685AC0A8EB4, CEDCB71F5FC8BAFF69948960F69A46E3A41CDF81304495AFF41088E5B4E9EB1D ] WUDFRd C:\WINDOWS\system32\drivers\WudfRd.sys
    16:15:16.0937 0x09ac WUDFRd - ok
    16:15:16.0945 0x09ac [ FB64BAD6DEDB27EA39B03685AC0A8EB4, CEDCB71F5FC8BAFF69948960F69A46E3A41CDF81304495AFF41088E5B4E9EB1D ] WUDFWpdMtp C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
    16:15:16.0966 0x09ac WUDFWpdMtp - ok
    16:15:16.0996 0x09ac [ FAFE3B08208AA28C82BC42731B4EEBE8, 333D9CBE6B3492BC30A7B64C1F83494B38AD2CE7C832C1D68FEBD2EB8029230D ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
    16:15:17.0059 0x09ac WwanSvc - ok
    16:15:17.0067 0x09ac [ 51D3A1E2285E2E931A553281BBA10E81, 8B371AF5E7717C53780A5C2F68400412C4DB0F01AC6551476FF062B83A7D0AC8 ] xbgm C:\WINDOWS\system32\xbgmsvc.exe
    16:15:17.0081 0x09ac xbgm - ok
    16:15:17.0104 0x09ac [ DB952AD196A9548CF5235A71E5197F3F, 6C51EB14B2808665FCB999F376A97018F6B0A91EE6E63A25C044EA59A5713EE1 ] XblAuthManager C:\WINDOWS\System32\XblAuthManager.dll
    16:15:17.0152 0x09ac XblAuthManager - ok
    16:15:17.0179 0x09ac [ 8C0DD7BFFF5A81AEC26AD720057F5451, 4503D4DD540DB9977BBFF3BF7E92BE9778578B769972CF8A54AF0F1FF5C79BF5 ] XblGameSave C:\WINDOWS\System32\XblGameSave.dll
    16:15:17.0233 0x09ac XblGameSave - ok
    16:15:17.0244 0x09ac [ 93352403D9E6B71C275996690672488F, A012D907679B29988D18C71928BDF528506DC05A2DEF01F472B7F0CC043A0340 ] xboxgip C:\WINDOWS\System32\drivers\xboxgip.sys
    16:15:17.0265 0x09ac xboxgip - ok
    16:15:17.0271 0x09ac [ C7FEC5C0377E5598BA919B29731CA45F, C153C62742B6F981905AEF7C464761E5894260F26EE164968B21D93979376378 ] XboxGipSvc C:\WINDOWS\System32\XboxGipSvc.dll
    16:15:17.0292 0x09ac XboxGipSvc - ok
    16:15:17.0315 0x09ac [ 3A94BD93CD2D9C34725D924230B502A5, 87AF2061D348FFFA190D0E50E6860903BED46968CF64B7765D8D80127C702E6A ] XboxNetApiSvc C:\WINDOWS\system32\XboxNetApiSvc.dll
    16:15:17.0365 0x09ac XboxNetApiSvc - ok
    16:15:17.0371 0x09ac [ CE1F78B5C1F14F74242008B2B3153FA2, 682D1F32DD1BBEB031D5129CE40D9C77D3C6CF4FB5979F1918B2482AF617B5BE ] xinputhid C:\WINDOWS\System32\drivers\xinputhid.sys
    16:15:17.0390 0x09ac xinputhid - ok
    16:15:17.0396 0x09ac [ 9D75735571712F8D739118BFBCA1473D, 29F095EAADDB229E53BEEFB5512CF89E7A113807E1E85AE53037A4F52A407B49 ] XTU3SERVICE C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
    16:15:17.0408 0x09ac XTU3SERVICE - ok
    16:15:17.0409 0x09ac ================ Scan global ===============================
    16:15:17.0412 0x09ac [ 44D259E3B8F950D123CBE21893CEF1AB, 94FEA350B54D1581FF07D078D25A27FE3C9F815E24D299A0504FB1153E68A903 ] C:\WINDOWS\system32\basesrv.dll
    16:15:17.0417 0x09ac [ 1C346B5D7E5336246604A9FCFCB092BC, BD0C56C943A8F23CA9CD1CE1FE4F9D2183F752B469A72D14B713301A867AE776 ] C:\WINDOWS\system32\winsrv.dll
    16:15:17.0424 0x09ac [ FE8D1AB6D6711BE791A01C17EDEBD0D6, EECE3A16DFA0BE1BB1E7B882D33FB926C90A1DCA89805DD3514FABF7C9F05253 ] C:\WINDOWS\system32\sxssrv.dll
    16:15:17.0438 0x09ac [ 2FC61B2CF84792516D543CA94139A92C, BE42E4A901D6AC8885882D2CD9372A64023794428E0AC8CC87EE3121DD5DC402 ] C:\WINDOWS\system32\services.exe
    16:15:17.0450 0x09ac [ Global ] - ok
    16:15:17.0451 0x09ac ================ Scan MBR ==================================
    16:15:17.0452 0x09ac [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
    16:15:17.0481 0x09ac \Device\Harddisk0\DR0 - ok
    16:15:17.0482 0x09ac ================ Scan VBR ==================================
    16:15:17.0483 0x09ac [ 3D139A40BD7B4E3E2C8A54D280BC2FC5 ] \Device\Harddisk0\DR0\Partition1
    16:15:17.0484 0x09ac \Device\Harddisk0\DR0\Partition1 - ok
    16:15:17.0486 0x09ac [ 28337CE4F8B709A00E1CD689C57C1C42 ] \Device\Harddisk0\DR0\Partition2
    16:15:17.0487 0x09ac \Device\Harddisk0\DR0\Partition2 - ok
    16:15:17.0488 0x09ac [ 82D26E1ECC1CEDAED97405BEC8AA2AD3 ] \Device\Harddisk0\DR0\Partition3
    16:15:17.0489 0x09ac \Device\Harddisk0\DR0\Partition3 - ok
    16:15:17.0491 0x09ac [ EEA0C1905E11B5636BE5D8FDD1C20DAB ] \Device\Harddisk0\DR0\Partition4
    16:15:17.0492 0x09ac \Device\Harddisk0\DR0\Partition4 - ok
    16:15:17.0493 0x09ac [ 8B1A0F2F0D76FEA2A50113775D539524 ] \Device\Harddisk0\DR0\Partition5
    16:15:17.0495 0x09ac \Device\Harddisk0\DR0\Partition5 - ok
    16:15:17.0498 0x09ac [ 453C760558BA44431535510AA11A1ADC ] \Device\Harddisk0\DR0\Partition6
    16:15:17.0499 0x09ac \Device\Harddisk0\DR0\Partition6 - ok
    16:15:17.0502 0x09ac [ 224C825137CD1F8BCB08494C9C21D286 ] \Device\Harddisk0\DR0\Partition7
    16:15:17.0503 0x09ac \Device\Harddisk0\DR0\Partition7 - ok
    16:15:17.0504 0x09ac ================ Scan generic autorun ======================
    16:15:17.0504 0x09ac SecurityHealth - ok
    16:15:17.0780 0x09ac [ 59E09658354974B1C0B168E701047995, 4867313A799DA1E7393B7B5313B8165EEE534ED0B23A9405E35F29DC4CD12A2F ] C:\Program Files\Logitech Gaming Software\LCore.exe
    16:15:18.0106 0x09ac Launch LCore - ok
    16:15:18.0337 0x09ac [ BA6D2D72E4B3B5E6E092012F548F5182, D7DE4C0FF0683694F5A06BF36C1E772DAD232B7FCA2CE5F476C64925395D3EA4 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    16:15:18.0597 0x09ac RtHDVCpl - ok
    16:15:18.0641 0x09ac [ 37BFB349262E269DD07A3D8323BCCEAF, 1AA11990194258B5C8FCD16B88ED32098C406477F541A8BA31C8C7AAACA6463B ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    16:15:18.0678 0x09ac RtHDVBg_Dolby - ok
    16:15:18.0705 0x09ac [ 37BFB349262E269DD07A3D8323BCCEAF, 1AA11990194258B5C8FCD16B88ED32098C406477F541A8BA31C8C7AAACA6463B ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    16:15:18.0737 0x09ac RtHDVBg_LENOVO_DOLBYDRAGON - ok
    16:15:18.0763 0x09ac [ 37BFB349262E269DD07A3D8323BCCEAF, 1AA11990194258B5C8FCD16B88ED32098C406477F541A8BA31C8C7AAACA6463B ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    16:15:18.0794 0x09ac RtHDVBg_LENOVO_MICPKEY - ok
    16:15:18.0796 0x09ac ETDCtrl - ok
    16:15:18.0935 0x09ac [ 99D79A0B3CFB0F0069BF882BD65EEC62, 37EC52D23A6465F863899317C08CFDCE961A871588E07EEF307511FD03980CA0 ] C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
    16:15:19.0110 0x09ac emsisoft anti-malware - ok
    16:15:19.0124 0x09ac [ 8F83160C43C61FC6775391B46B7C16BF, 648588126B2CD0B9F50F478BF4F7474137D1285061A3B22B56C1CB5B4FD3C3BF ] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
    16:15:19.0137 0x09ac UpdateP2GShortCut - ok
    16:15:19.0149 0x09ac [ 4ED76F2298F5AA6AEDF07BA5828CB154, 75A8102D9184122FB1D5EE9A2C5A7C9293F97C64B15C2D6ADEB63D4649992264 ] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
    16:15:19.0171 0x09ac Razer Synapse - ok
    16:15:19.0239 0x09ac [ 4E4673BBCAE7B4A613236689C683C121, D400F5BC90C7776AE84C95B27E78532175750E14A3FA5E2ECBF5225E60D483B2 ] C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    16:15:19.0319 0x09ac Dropbox - ok
    16:15:19.0390 0x09ac [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    16:15:19.0473 0x09ac SDTray - ok
    16:15:19.0490 0x09ac [ D86878E7E63DABDB46BE3107D1457038, 4BB6D08B965C2F754B469FFBC1C19E23A29C4AF760354126503B4DF2971B6C35 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    16:15:19.0511 0x09ac SunJavaUpdateSched - ok
    16:15:19.0849 0x09ac [ 450FDD861FD582026BDCE55FCB2162C4, 91166DBAEE6A0D97ABA5EED352D06078870A265E736ED491C666CB6A8559BEB2 ] C:\Windows\SysWOW64\OneDriveSetup.exe
    16:15:20.0274 0x09ac OneDriveSetup - ok
    16:15:20.0317 0x09ac [ FC7536F076D2F1660AC072E54A86B2F1, B36F3E9976F59EC137F8618C7EDF4ED0B35AC65497CA27D69835048E6E277040 ] C:\Program Files (x86)\Windows Mail\wab.exe
    16:15:20.0352 0x09ac WAB Migrate - ok
    16:15:20.0707 0x09ac [ 450FDD861FD582026BDCE55FCB2162C4, 91166DBAEE6A0D97ABA5EED352D06078870A265E736ED491C666CB6A8559BEB2 ] C:\Windows\SysWOW64\OneDriveSetup.exe
    16:15:21.0157 0x09ac OneDriveSetup - ok
    16:15:21.0190 0x09ac [ FC7536F076D2F1660AC072E54A86B2F1, B36F3E9976F59EC137F8618C7EDF4ED0B35AC65497CA27D69835048E6E277040 ] C:\Program Files (x86)\Windows Mail\wab.exe
    16:15:21.0227 0x09ac WAB Migrate - ok
    16:15:21.0247 0x09ac [ 678DD73CA364411BCF431892B8F878DA, 0853A5FB66DDB187947BF9A51789728B75E34885592F51C2BBBC583729B23E40 ] C:\Users\admin\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe
    16:15:21.0279 0x09ac Google Update - ok
    16:15:21.0349 0x09ac [ 2A49EE413D94D0453B45C0D96DF20271, DC7812DB23CBA365E6F96FACBC25E355F6A674EEE23BE10615E474E7ED899667 ] C:\Program Files (x86)\Steam\steam.exe
    16:15:21.0434 0x09ac Steam - ok
    16:15:21.0441 0x09ac Discord - ok
    16:15:21.0447 0x09ac [ FD961A1C64F6172211428CD96FB7CAB0, 4ADCA0C57A4EFD61238D8981F77D80DDC26A9B5F72BEB706930407A11931222D ] C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
    16:15:21.0463 0x09ac BackgroundSwitcher - ok
    16:15:21.0503 0x09ac [ 62305D013F4E1538FA071846BD62FF52, E3DE76A994F2CCF17F443EFC928532FA6114469BC2C4B21D43B1DCE677D5D112 ] C:\Users\admin\AppData\Local\FluxSoftware\Flux\flux.exe
    16:15:21.0556 0x09ac f.lux - ok
    16:15:21.0582 0x09ac [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
    16:15:21.0627 0x09ac SpybotPostWindows10UpgradeReInstall - detected UnsignedFile.Multi.Generic ( 1 )
    16:15:21.0761 0x09ac Detect skipped due to KSN trusted
    16:15:21.0761 0x09ac SpybotPostWindows10UpgradeReInstall - ok
    16:15:21.0798 0x09ac [ C84B6E5F646590F201E88F2C0955285A, 1785CC39A455F3ED3D0BAB97C03ED80D58CE24157E00C3AAECD31C2C98AA9806 ] C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    16:15:21.0845 0x09ac OneDrive - ok
    16:15:21.0983 0x09ac [ 16AAD50AAA562630E99895D260412D2A, 3D9B726C320BDC14124DF29E1D9FD32475B3F3EA2A7150DF756198C3957F0BE2 ] C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
    16:15:22.0154 0x09ac GalaxyClient - ok
    16:15:22.0198 0x09ac [ 2569D153876A765D1B9520A5E203B32F, 42A75A255633790AC75D5CBA49B4FF8DC4C250B070A7A76AD727AD90D011B4A5 ] C:\Users\admin\AppData\Local\slack\Update.exe
    16:15:22.0252 0x09ac com.squirrel.slack.slack - ok
    16:15:22.0258 0x09ac EpicGamesLauncher - ok
    16:15:22.0260 0x09ac Waiting for KSN requests completion. In queue: 305
    16:15:23.0288 0x09ac AV detected via SS2: Emsisoft Anti-Malware, C:\Program Files\Emsisoft Anti-Malware\a2start.exe ( 2018.8.1.8923 ), 0x41000 ( enabled : updated )
    16:15:23.0288 0x09ac AV detected via SS2: Windows Defender, windowsdefender:// ( ), 0x60100 ( disabled : updated )
    16:15:23.0292 0x09ac AV detected via SS2: Malwarebytes, C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe ( 3.0.0.181 ), 0x61000 ( enabled : updated )
    16:15:23.0481 0x09ac Win FW state via NFP2: enabled ( trusted )
    16:15:23.0748 0x09ac ============================================================
    16:15:23.0748 0x09ac Scan finished
    16:15:23.0748 0x09ac ============================================================
    16:15:23.0768 0x28f4 Detected object count: 0
    16:15:23.0768 0x28f4 Actual detected object count: 0

  8. #8
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,750

    Default

    How was performance today?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #9
    Junior Member
    Join Date
    Sep 2018
    Posts
    6

    Default

    Seemed better, web pages loaded faster. Thank you so much for your help Juliet

  10. #10
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,750

    Default

    • Please download DelFix or from Here and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Click the Run button.
    • -- This will remove the specialized tools we used to disinfect your system.
      Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete
      ).

    *************

    Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits (and also 0-days) which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, Google Chrome, Mozilla Firefox, VLC Media Player, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like UCheck, SUMo and Heimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.


    Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

    Anti-Virus


    As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:

    As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

    created by Aura

    Safe surfing
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •