Hola, buenas noches. Tengo un problema con mi notebook. Mi hermano la uso a la noche, y no se que programa habrá descargado que me desconfiguró todo el escritorio, el problema es que no se si habrá pasado algo más que yo no me doy cuenta. Le pasé el Malwarebyte y encontró 51 archivos potencialmente sospechosos. No se que más hacer volver que mi computadora sea la de antes y la seguridad de no tener algún virus dando vueltas.
Muchas gracias por leerme…
Una publicación ha sido separada a un nuevo tema: Desconfiguración del Escritorio
Hola, buenas @Marita4142 bienvenida al foro. Al ser nueva te recomiendo que te leas las políticas de este. No porque hayas hecho nada mal, sino para saber más acerca del funcionamiento de este.
En tu próxima respuesta traes los correspondientes logs de los programas que hayas utilizado para eliminar Malware.
Muy Importante Coloca el reporte que te he pedido como se muestra en la siguiente imagen:
Salu2.
Malwarebytes
www.malwarebytes.com
-Detalles del registro-
Fecha del análisis: 26/7/21
Hora del análisis: 16:24
Archivo de registro: 08e49ee2-ee47-11eb-9196-e82a441d3734.json
-Información del software-
Versión: 4.4.3.125
Versión de los componentes: 1.0.1387
Versión del paquete de actualización: 1.0.43574
Licencia: Prueba
-Información del sistema-
SO: Windows 10 (Build 19043.1110)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-JNS742B\mbrio
-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 500708
Amenazas detectadas: 51
Amenazas en cuarentena: 0
Tiempo transcurrido: 6 min, 24 seg
-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar
-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)
Módulo: 0
(No hay elementos maliciosos detectados)
Clave del registro: 1
PUP.Optional.SearchYa, HKU\S-1-5-21-388786263-2918010216-717573212-1001.bak\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{993F5746-4C15-42BC-99C1-064A1764271B}, Sin acciones por parte del usuario, 435, 242794, 1.0.43574, , ame, , ,
Valor del registro: 3
PUP.Optional.SearchYa, HKU\S-1-5-21-388786263-2918010216-717573212-1001.bak\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{993F5746-4C15-42BC-99C1-064A1764271B}|DISPLAYNAME, Sin acciones por parte del usuario, 435, 242794, 1.0.43574, , ame, , ,
PUP.Optional.Trustnav, HKU\S-1-5-21-388786263-2918010216-717573212-1001.bak\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|hgjdbeiflalimgifllheflljdconlbig, Sin acciones por parte del usuario, 474, 569615, , , , , ,
PUP.Optional.Trustnav, HKU\S-1-5-21-388786263-2918010216-717573212-1001.bak\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|dgbldpiollgaehnlegmfhioconikkjjh, Sin acciones por parte del usuario, 474, 569615, , , , , ,
Datos del registro: 0
(No hay elementos maliciosos detectados)
Secuencia de datos: 0
(No hay elementos maliciosos detectados)
Carpeta: 8
PUP.Optional.Trustnav, C:\USERS\MBRIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\hgjdbeiflalimgifllheflljdconlbig, Sin acciones por parte del usuario, 474, 569615, , , , , ,
PUP.Optional.Trustnav, C:\USERS\MBRIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Sin acciones por parte del usuario, 474, 569615, , , , , ,
PUP.Optional.Trustnav, C:\USERS\MBRIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HGJDBEIFLALIMGIFLLHEFLLJDCONLBIG, Sin acciones por parte del usuario, 474, 569615, 1.0.43574, , ame, , ,
PUP.Optional.Trustnav, C:\USERS\MBRIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\dgbldpiollgaehnlegmfhioconikkjjh, Sin acciones por parte del usuario, 474, 569615, , , , , ,
PUP.Optional.Trustnav, C:\USERS\MBRIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\dgbldpiollgaehnlegmfhioconikkjjh, Sin acciones por parte del usuario, 474, 569615, , , , , ,
PUP.Optional.Trustnav, C:\USERS\MBRIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Sin acciones por parte del usuario, 474, 569615, , , , , ,
PUP.Optional.Trustnav, C:\USERS\MBRIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DGBLDPIOLLGAEHNLEGMFHIOCONIKKJJH, Sin acciones por parte del usuario, 474, 569615, 1.0.43574, , ame, , ,
PUP.Optional.Trustnav, C:\USERS\MBRIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Sin acciones por parte del usuario, 474, 569609, , , , , ,
Archivo: 39
PUP.Optional.Trustnav, C:\USERS\MBRIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sin acciones por parte del usuario, 474, 569615, , , , , D0DEFDFCCDD0E1A1D0EBB4D5EC37D65B, C0B000A5B370FF6DA073F75D2A52CB2E7945EC1AAAAAED088354D78970316CAA
PUP.Optional.Trustnav, C:\USERS\MBRIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Sin acciones por parte del usuario, 474, 569615, , , , , CE4830D5A3364C668D07AB45D33F6946, 58BBE5AFECDEDCE9ED3F353C3523B41FE664EC47A916EC2953116B7A20631BFF
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hgjdbeiflalimgifllheflljdconlbig\000003.log, Sin acciones por parte del usuario, 474, 569615, , , , , D717A3EA6E8FE5D016D9B0B6F97CF6EC, F1BAA0FE7DE0DC52C878B72476A7DFD8430E50B3B340FA6799218D04C88A9421
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hgjdbeiflalimgifllheflljdconlbig\CURRENT, Sin acciones por parte del usuario, 474, 569615, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hgjdbeiflalimgifllheflljdconlbig\LOCK, Sin acciones por parte del usuario, 474, 569615, , , , , ,
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hgjdbeiflalimgifllheflljdconlbig\LOG, Sin acciones por parte del usuario, 474, 569615, , , , , 38B7702600942961DF56CA2D20CA84C8, 5BBD657AE3B20F0503ADAEC1572F5C03FF489F5C5B3A09D46ED4902424A0EC9A
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hgjdbeiflalimgifllheflljdconlbig\LOG.old, Sin acciones por parte del usuario, 474, 569615, , , , , BE107EDEF38644DF1058515943B69F53, 5AB031ED2781CBC445AD6D128A745C45BA15E5EFE52FB8A8861F94F0E4ACE12A
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hgjdbeiflalimgifllheflljdconlbig\MANIFEST-000001, Sin acciones por parte del usuario, 474, 569615, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000124.ldb, Sin acciones por parte del usuario, 474, 569615, , , , , E2DFA535F46EA92947EA5035BAA561FF, E50F282F86C4C49B33834887C0009EAFE83AB896366721A4CD4116310E66A6B8
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000126.log, Sin acciones por parte del usuario, 474, 569615, , , , , 385128E4D1E14BF4B05E69B1C14FFA5C, 736B305DC4C9BA728E82FF31CB30044353819D45C3A84646E88F7583A690F680
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000127.ldb, Sin acciones por parte del usuario, 474, 569615, , , , , 6BEF542FF9292A47959D84F87E9E8018, DC57D8C17C94F4849A4C5CE5A8272580AC21C937128B06D30176F23E8040A1B7
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Sin acciones por parte del usuario, 474, 569615, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Sin acciones por parte del usuario, 474, 569615, , , , , ,
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Sin acciones por parte del usuario, 474, 569615, , , , , 5BE14AC5D20EF4280121FE22F72E750B, 4467A1D8125123599CBD264DE1D70ECB634D2C6A33F3D00A11CEADE6D3CA4FB4
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Sin acciones por parte del usuario, 474, 569615, , , , , 46ABB62319ED773359C7C84207C5A661, DCFE0A9A5DEC06756BF780EDBEF4C365F23FC400561639D675F16EA2D67A3D3B
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Sin acciones por parte del usuario, 474, 569615, , , , , 0CBB5EE65ECAAC110D2C40328A3CD241, C647602576363E1343F2FEF95F1EED7E92500AA46F9CF6ACAEB32A8623DB06D1
PUP.Optional.Trustnav, C:\USERS\MBRIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HGJDBEIFLALIMGIFLLHEFLLJDCONLBIG\5.3.3_0\MANIFEST.JSON, Sin acciones por parte del usuario, 474, 569615, 1.0.43574, , ame, , 10D1D34049466847B643751BD12D0882, 10A10F1A71A0E2FE9740293F65EA713DC4D019B07C64FDFC48E76D0D71E4BADD
PUP.Optional.Trustnav, C:\USERS\MBRIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sin acciones por parte del usuario, 474, 569615, , , , , D0DEFDFCCDD0E1A1D0EBB4D5EC37D65B, C0B000A5B370FF6DA073F75D2A52CB2E7945EC1AAAAAED088354D78970316CAA
PUP.Optional.Trustnav, C:\USERS\MBRIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Sin acciones por parte del usuario, 474, 569615, , , , , CE4830D5A3364C668D07AB45D33F6946, 58BBE5AFECDEDCE9ED3F353C3523B41FE664EC47A916EC2953116B7A20631BFF
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dgbldpiollgaehnlegmfhioconikkjjh\000005.ldb, Sin acciones por parte del usuario, 474, 569615, , , , , C95CC58CD86315A5B0AD9C1342F86C43, EEA47050351BC69D673361DAE66BD6A31EF64F17EAA9407737716747BD89533A
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dgbldpiollgaehnlegmfhioconikkjjh\041798.ldb, Sin acciones por parte del usuario, 474, 569615, , , , , F7A88A24113BFE242FD808AAF0ED9ECB, 0E0E34E37DBEACD16EDEB22FCD3F73CC96F999237DC6352B8BEBD3151991D9F1
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dgbldpiollgaehnlegmfhioconikkjjh\041799.ldb, Sin acciones por parte del usuario, 474, 569615, , , , , 5A249DE6F0AC0E00D7A685879090CCA8, 1B2BB02127D65207D380CFDF52BF12252D7F5B5FB59F09B034772FBE4F4ADBE3
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dgbldpiollgaehnlegmfhioconikkjjh\041801.ldb, Sin acciones por parte del usuario, 474, 569615, , , , , 98AA3274DC057D8E425EFCB12BBC42D0, B09DDCB7524EECCDD955F7E7CF5BAA65831783EE97017CA44FAFE924ACBCCA4D
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dgbldpiollgaehnlegmfhioconikkjjh\041802.log, Sin acciones por parte del usuario, 474, 569615, , , , , C712615F0F012ECD8913BF7D9098468B, 81AE22268BB8325CD16C804E6A9A8B404B785387269EB076FE6A2B869C7F257A
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dgbldpiollgaehnlegmfhioconikkjjh\041803.ldb, Sin acciones por parte del usuario, 474, 569615, , , , , 0BDEF33BF0E0DCDDC3018948F455EA1A, B5E1F44FABF39AFCBB4DD7C91300752C950B9CDECD8C98185D21407AD7944E27
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dgbldpiollgaehnlegmfhioconikkjjh\CURRENT, Sin acciones por parte del usuario, 474, 569615, , , , , 63817EAD49BD60B900A7D9DC68D33A01, 48DB9717F2D177FFD0AB93AD6BF241A4ADF9F8076FF91E2F4941DF4275135DC0
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dgbldpiollgaehnlegmfhioconikkjjh\LOCK, Sin acciones por parte del usuario, 474, 569615, , , , , ,
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dgbldpiollgaehnlegmfhioconikkjjh\LOG, Sin acciones por parte del usuario, 474, 569615, , , , , EDAB72FDB95A7167420EC5CBDAAC2488, D82EFD23B8F4E06006FFD03CD063F9507E7463B9F55EE15340EB5FDB5C5AC7A4
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dgbldpiollgaehnlegmfhioconikkjjh\LOG.old, Sin acciones por parte del usuario, 474, 569615, , , , , 45E1C10B0DD7BBE80AAE8E0016EFE80C, 5E0F94DACD7E4C02A17CFD2F22686F0854127C560D1D2785C8A4D8C642B1FD23
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dgbldpiollgaehnlegmfhioconikkjjh\MANIFEST-041617, Sin acciones por parte del usuario, 474, 569615, , , , , EDF7D441A4F7291C2BB7BD654CBE0EB6, C7EB43AE5DBE063E5073A362755A21A84379B6B88C12A4C26A97E8964E316760
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dgbldpiollgaehnlegmfhioconikkjjh\000003.log, Sin acciones por parte del usuario, 474, 569615, , , , , A6938933ED05468F5E7B0861B3AF069A, 35534CD810E4B0390322B2E4A6E95A8BBBC2A1EA286B878956FC88DFDA8025F2
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dgbldpiollgaehnlegmfhioconikkjjh\CURRENT, Sin acciones por parte del usuario, 474, 569615, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dgbldpiollgaehnlegmfhioconikkjjh\LOCK, Sin acciones por parte del usuario, 474, 569615, , , , , ,
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dgbldpiollgaehnlegmfhioconikkjjh\LOG, Sin acciones por parte del usuario, 474, 569615, , , , , C15FCDD72A541CB2B300171DC8D2319B, 1C9FAB9EB25BC59461CAE040A72D83FD5C775B5BBC0C13BFD17B5DA170253F7A
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dgbldpiollgaehnlegmfhioconikkjjh\LOG.old, Sin acciones por parte del usuario, 474, 569615, , , , , BC9F9EB08E17893562988D2B894F7F29, 2251A933D86C08D86D5A1A0376FCA7EFFD29D495DD1503202B42B731439140B7
PUP.Optional.Trustnav, C:\Users\mbrio\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dgbldpiollgaehnlegmfhioconikkjjh\MANIFEST-000001, Sin acciones por parte del usuario, 474, 569615, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
PUP.Optional.Trustnav, C:\USERS\MBRIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DGBLDPIOLLGAEHNLEGMFHIOCONIKKJJH\2.8.6_0\MANIFEST.JSON, Sin acciones por parte del usuario, 474, 569615, 1.0.43574, , ame, , B1461E2F1344A9E707FC922CCAE9CD5D, 63D5AF847AA124A41AB9A9E4B0B1E60F67D61F1DB61491E420099179934BCCD0
MachineLearning/Anomalous.100%, C:\PROGRAMDATA\~IOBIT\IOBITLIVEUPDATE\UNINSTALLERFREEWEB\XMAS.EXE, Sin acciones por parte del usuario, 0, 392687, 1.0.43574, , shuriken, , 3753BFB75EA858196CFD61E99100B247, FFFEA558D7772D3B670FB696361ED2E36D9B1F58AC7973E36050F6E13BF19567
PUP.Optional.Trustnav, C:\USERS\MBRIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sin acciones por parte del usuario, 474, 569609, 1.0.43574, , ame, , D0DEFDFCCDD0E1A1D0EBB4D5EC37D65B, C0B000A5B370FF6DA073F75D2A52CB2E7945EC1AAAAAED088354D78970316CAA
Sector físico: 0
(No hay elementos maliciosos detectados)
WMI: 0
(No hay elementos maliciosos detectados)
(end)El Malware fue lo primero que le pase. Luego usé el CCleaner que me dio muy pocos errores, y después no supe hacer nada mas. No sólo se me desconfiguró el escritorio, sino que perdí carpetas, los antecedentes de las tareas de mis alumnos y mis papeles para empezar el doctorado. Esperemos que algo tenga salvación Muchas gracias por responderme.
Hola, buenas nuevamente @Marita4142
OK. Lo que si que te puedo decir por lo que he visto hasta ahora es que efectivamente sí que tienes malware en tu máquina. Y por el tipo de análisis y lo que he visto, es muy probable que aún queden más malwares en tu sistema. Además de que no los has puesto en cuarentena, por lo que dichos malwares siguen haciendo de las suyas en tu máquina. Sobretodo tienes mucho Adware entre otros. Y es muy probable que el rendimiento de la máquina se vea afectado negativamente por la presencia de estos. Así que vamos a SOLUCIONAR el problema.
De nada. La prioridad es erradicar todo el malware y después veremos en el estado en el que ha quedado todo.
EN BUSCA / ELIMINACIÓN DE MALWARE
(Mantén conectados todos tus dispositivos externos que tengas como: USBs, discos duros externos, etc).
Por favor, descarga todo el software de los enlaces que pongo/de sus respectivos manuales.
Ahora ejecutarás una serie de herramientas respetando el orden los pasos con todos los programas cerrados incluidos los navegadores.
Conectas todos tus dispositivos externos (todos los discos duros externos que tengas, así como todas las USB que tengas y discos duros externos si también tienes.
Realiza los pasos que te pongo a continuación, sin cambiar el orden y síguelos al pie de la letra:
0) Descarga Ccleaner Aquí te dejo su manual: Manual de CCleaner , para que sepas como usarlo y configurarlo correctamente.
Lo instalas y lo ejecutas. En la pestaña Limpieza personalizada dejas la configuración predeterminada. Haces clic en Analizar y esperas a que termine. Seguidamente haz clic en Ejecutar Limpiador. Clic en la pestaña Registro > clic en Buscar Problemas esperas que termine. Finalmente clic en Reparar Seleccionadas y realizas una Copia de Seguridad del registro de Windows.
1) Descarga, instala, actualiza y ejecuta Malwarebytes’ Anti-Malware. Aquí te dejo su manual: Manual de Malwarebytes, para que sepas como usarlo y configurarlo correctamente.
1. Analizar objetos en memoria
2. Analizar configuracion de inicio y registro
3. Analizar dentro de los archivos
2) Descarga Adwcleaner en el escritorio.
Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad que tengas activado.3) Utiliza nuevamente CCleaner tal como te dije en el punto 0.
Pegas los reportes de Malwarebytes y AdwCleaner y comentas como va el problema inicial planteado por el cual abriste este tema. También responde a las preguntas que te haya realizado a lo largo de este Post, siempre que te haya hecho alguna, si no, no
NOTA IMPORTANTE
Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo:
- No realices pasos/acciones que NOSOTROS no te hayamos indicado.
- No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
- No instales NADA (programas/software/complementos/extensiones del navegador…).
- No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…).
- No realices por tu cuenta otros procedimientos.
- Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.
Muy Importante Coloca los diferentes reportes que te he pedido como se muestra en la siguiente imagen:
Salu2.
Malwarebytes
www.malwarebytes.com
-Detalles del registro-
Fecha del análisis: 31/7/21
Hora del análisis: 18:17
Archivo de registro: a4cae234-f244-11eb-9f71-e82a441d3734.json
-Información del software-
Versión: 4.4.4.126
Versión de los componentes: 1.0.1404
Versión del paquete de actualización: 1.0.43770
Licencia: Prueba
-Información del sistema-
SO: Windows 10 (Build 19043.1110)
CPU: x64
Sistema de archivos: NTFS
Usuario: System
-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Programador de tareas
Resultado: Completado
Objetos analizados: 767445
Amenazas detectadas: 2
Amenazas en cuarentena: 2
Tiempo transcurrido: 16 hr, 53 min, 8 seg
-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar
-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)
Módulo: 0
(No hay elementos maliciosos detectados)
Clave del registro: 1
PUP.Optional.SearchYa, HKU\S-1-5-21-388786263-2918010216-717573212-1001.bak\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{993F5746-4C15-42BC-99C1-064A1764271B}, En cuarentena, 435, 242794, 1.0.43770, , ame, , ,
Valor del registro: 1
PUP.Optional.SearchYa, HKU\S-1-5-21-388786263-2918010216-717573212-1001.bak\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{993F5746-4C15-42BC-99C1-064A1764271B}|DISPLAYNAME, En cuarentena, 435, 242794, 1.0.43770, , ame, , ,
Datos del registro: 0
(No hay elementos maliciosos detectados)
Secuencia de datos: 0
(No hay elementos maliciosos detectados)
Carpeta: 0
(No hay elementos maliciosos detectados)
Archivo: 0
(No hay elementos maliciosos detectados)
Sector físico: 0
(No hay elementos maliciosos detectados)
WMI: 0
(No hay elementos maliciosos detectados)
(end)# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-06-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-01-2021
# Duration: 00:00:04
# OS: Windows 10 Home Single Language
# Cleaned: 2
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Deleted claro.com.ar
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [3971 octets] - [01/08/2021 13:22:23]
AdwCleaner[S01].txt - [4032 octets] - [01/08/2021 13:24:52]
AdwCleaner[S02].txt - [4093 octets] - [01/08/2021 13:39:55]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########Hola, el Malwarebytes tardo horrores, no se si será normal. Cuando pasé el CCleaner me volvio a arrojar errores, como no me los pediste no los subí, pero para que sepas. No noto ninguna diferencia, porque nunca tuve problemas con la velocidad ni nada de eso, mis archivos siguen sin aparecer, pero como me dijiste, esta es la fase de detectar virus y sacarlos de la máquina.
Hola, buenas @Marita4142
Respecto al Malwarebytes >> ha eliminado correctamente malware de tipo Adware/PUP.
Respecto al AdwCleaner >> ha eliminado correctamente un malware de tipo Adware.
Eso es porque dejaste marcada la casilla de RootKit. Y yo te DIJE QUE NO LA MARCASES.
No la debías de haber marcado. Pues dicha opción hoy en día puede hacer que el programa se cuelgue y no finalice el análisis o hacer que este tarde muchísimo (como lo es en este caso 16 h).
Los Rootkits hoy en día ya no son tan abundantes como lo eran antes, ni tampoco son el pan de cada día.
Dicho esto… Vamos a asegurarnos de que no hay ninguno de estos haciendo delas suyas.
EN BUSCA / ELIMINACIÓN DE MALWARE
Por favor, descarga todo el software de los enlaces que pongo/de sus respectivos manuales.
Ahora ejecutarás una serie de herramientas respetando el orden los pasos con todos los programas cerrados incluidos los navegadores.
Inicia de nuevo el equipo desde el Modo Seguro – con funciones de Red, de Windows. Si no funcionasen los métodos que se explican en el anterior post, prueba estos otros. Más concretamente, primero el 3 (Seleccionando Red en lugar de Mínimo) y si no el 2 (también Red).
Una vez iniciado en este modo, empiezas haciendo todos los pasos que te pondré a continuación.
P.D.: Si el quipo no te arrancase en Modo seguro (cosa que puede pasar), me lo dices e intentaremos arreglar el sistema para que arranque en Modo Seguro. Pues hay malwares que ya se encargaran de que no puedas iniciar en Modo Seguro.
Me explico, por ejemplo: has iniciado la máquina en Modo Seguro con funciones de Red, has ejecutado Rkill y seguidamente realizas un Análisis con Malwarebytes. Este te detecta infecciones y te pide reiniciar la máquina para poder finalizar exitosamente su desinfección. Seguidamente, yo te he indicado que ejecutes por ejemplo el ESET Online Scanner, pues bien como no hemos acabado de desinfectar la máquina y estamos realizando el proceso de desinfección, y has tenido que reiniciar, ya que te lo ha pedido Malwarebytes pues debes de ejecutar nuevamente Rkill y después acto seguido el ESET ONline.
¿Me entiendes?
Si por ejemplo, incluso con Rkill, Malwarebytes AntiMalware o la herramienta que sea que te he pedido que utilices, ves que se bloquea y que al cabo de un buen rato no responde. Pues pasas a la siguiente y me informas de ello. Y así con todas. ¿OK? ¿Se entiende?
Manual Malwarebytes Anti-Rootkit Beta sigues las instrucciones de su manual y me traes sus correspondientes Informes de análisis: Mbar-log.txt y System-log.txt tal como se indica en su manual (Actualizando la Database).
Descarga, instala y ejecuta TDSKiller de acuerdo a su Manual TDSKiller. Marca todas las casillas (Loaded Modules, Verify file digital signatures y Detect TDLFS file system). Sí te pide reiniciar lo haces, ejecutas de nuevo la herramienta y al marcar nuevamente las casillas que te he dicho, ya te dejara analizar.
NOTA IMPORTANTE
Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo:
- No realices pasos/acciones que NOSOTROS no te hayamos indicado.
- No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
- No instales NADA (programas/software/complementos/extensiones del navegador…).
- No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…).
- No realices por tu cuenta otros procedimientos.
- Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.
EN TU PRÓXIMA RESPUESTA
Salu2.
Yo tengo Windows 10, es lo mismo?
Sí, lo es. Mira este otro enlace: ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?
Pues lo mismo que es para W8, es para W10.
Salu2.
Hola Reinicie la computadora en modo seguro y no tenía conexión a internet, lo volví a reiniciar y (aún en Modo Seguro) me aparecieron todos los archivos perdidos en el escritorio (aún cosas que había borrado). Descargue y ejecuté el RKill, y luego lo renombré Cuando quiero descargar el Malwarebytes Anti-Rootkit Beta no me deja, como que el botón no responde aun sigo en modo seguro, será por eso que no me deja descargar el programa?
OK.
Si has iniciado en Modo Seguro, seguro que no tienes Red. Si has iniciado en Modo Seguro con Funciones de Red, sí que deberías de tener.
¿Con cuál de los dos Modos has iniciado la máquina?
Si es con el segundo modo, no deberías de tener problema. Sí es con el primero, pues cambias al segundo modo y sigues con el resto de los pasos.
Salu2.
La primera vez no tenía Red, pero luego si pude tener conexión. Igualmente no me deja descargar el programa Malwarebytes Anti-Rootkit Beta que aparece en el manual (Malwarebytes Anti-Rootkit | InfoSpyware)
20:52:48.0876 0x0f68 TDSS rootkit removing tool 3.1.0.28 Apr 9 2019 21:11:46
20:52:48.0876 0x0f68 UEFI system
20:52:52.0763 0x0f68 ============================================================
20:52:52.0763 0x0f68 Current date / time: 2021/08/03 20:52:52.0763
20:52:52.0763 0x0f68 SystemInfo:
20:52:52.0763 0x0f68
20:52:52.0763 0x0f68 OS Version: 10.0.19043 ServicePack: 0.0
20:52:52.0763 0x0f68 Product type: Workstation
20:52:52.0763 0x0f68 ComputerName: DESKTOP-JNS742B
20:52:52.0763 0x0f68 UserName: mbrio
20:52:52.0763 0x0f68 Windows directory: C:\WINDOWS
20:52:52.0763 0x0f68 System windows directory: C:\WINDOWS
20:52:52.0763 0x0f68 Running under WOW64
20:52:52.0763 0x0f68 Processor architecture: Intel x64
20:52:52.0763 0x0f68 Number of processors: 4
20:52:52.0763 0x0f68 Page size: 0x1000
20:52:52.0763 0x0f68 Boot type: Safe boot with network
20:52:52.0763 0x0f68 CodeIntegrityOptions = 0x0000C001
20:52:52.0763 0x0f68 ============================================================
20:52:52.0763 0x0f68 KLMD ARK init status: drvProperties = 0xEF0F02, osBuild = 19041.0, osProperties = 0x1D
20:52:52.0763 0x0f68 KLMD BG init status: drvProperties = 0xEF0F02, osBuild = 19041.0, osProperties = 0x1D
20:52:52.0763 0x0f68 BG loaded
20:52:52.0919 0x0f68 System UUID: {1069E267-23A3-96D9-1952-AD6CA1280302}
20:52:53.0372 0x0f68 !crdlk
20:52:53.0372 0x0f68 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
20:52:53.0403 0x0f68 ============================================================
20:52:53.0403 0x0f68 \Device\Harddisk0\DR0:
20:52:53.0403 0x0f68 GPT partitions:
20:52:53.0403 0x0f68 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {6D2A8E31-96BB-444C-837C-1AF0FD2114BF}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x82000
20:52:53.0403 0x0f68 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {B0C52987-021E-48D0-BC1C-933DED4EE4B7}, Name: Microsoft reserved partition, StartLBA 0x82800, BlocksNum 0x8000
20:52:53.0403 0x0f68 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {AB1EA37B-9CCC-4A95-B522-301AB7E9EE35}, Name: Basic data partition, StartLBA 0x8A800, BlocksNum 0x744EC000
20:52:53.0403 0x0f68 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {E3BF51EE-D6B5-4E08-A25D-294613A75037}, Name: Basic data partition, StartLBA 0x74576800, BlocksNum 0x190000
20:52:53.0403 0x0f68 MBR partitions:
20:52:53.0403 0x0f68 ============================================================
20:52:53.0450 0x0f68 C: <-> \Device\Harddisk0\DR0\Partition3
20:52:53.0450 0x0f68 ============================================================
20:52:53.0450 0x0f68 Initialize success
20:52:53.0450 0x0f68 ============================================================
20:56:13.0129 0x10a0 ============================================================
20:56:13.0129 0x10a0 Scan started
20:56:13.0129 0x10a0 Mode: Manual; SigCheck; TDLFS;
20:56:13.0129 0x10a0 ============================================================
20:56:13.0129 0x10a0 KSN ping started
20:56:33.0457 0x10a0 KSN ping finished: true
20:56:35.0554 0x10a0 ================ Scan BIOS =================================
20:56:35.0554 0x10a0 BIOS info: vendor = American Megatrends Inc., version = X541UAK.306, releaseDate = 07/05/2017
20:56:35.0554 0x10a0 Base board info: manufacturer = ASUSTeK COMPUTER INC., product = X541UAK, version = 1.0
20:56:38.0201 0x10a0 [ DD5344E6BEB8A712AEA3CA1DA2488EA7, C87723AA3E6A7CDA5435B5F0A91DE142BDF5BEA696A4358E3A31D69A2F642C77 ] BIOS
20:56:38.0201 0x10a0 BIOS - ok
20:56:38.0201 0x10a0 ================ Scan system memory ========================
20:56:38.0201 0x10a0 System memory - ok
20:56:38.0201 0x10a0 ================ Scan services =============================
20:56:38.0513 0x10a0 0013361627944983mcinstcleanup - ok
20:56:40.0743 0x10a0 1394ohci - ok
20:56:40.0746 0x10a0 3ware - ok
20:56:40.0779 0x10a0 AarSvc - ok
20:56:40.0958 0x10a0 ACPI - ok
20:56:40.0961 0x10a0 AcpiDev - ok
20:56:40.0965 0x10a0 acpiex - ok
20:56:40.0968 0x10a0 acpipagr - ok
20:56:41.0000 0x10a0 [ 33B5ED555018128792AFFCDC9AF7AFD2, 1E7C5FADA2486EE31289A4BEFB70AEA173190671C64995441651903CF31E5033 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
20:56:41.0393 0x10a0 AcpiPmi - ok
20:56:41.0393 0x10a0 acpitime - ok
20:56:41.0393 0x10a0 Acx01000 - ok
20:56:41.0409 0x10a0 ADP80XX - ok
20:56:41.0409 0x10a0 AFD - ok
20:56:41.0440 0x10a0 afunix - ok
20:56:41.0456 0x10a0 ahcache - ok
20:56:41.0503 0x10a0 [ EF91AC93FD14599002CC21D10F9F0D58, FF0621E2D8C2FCA676182F3B0B7BFB35A50836435BD520D4C7E0FC1FE6A7B0C2 ] AiCharger C:\WINDOWS\system32\DRIVERS\AiCharger.sys
20:56:41.0503 0x10a0 AiCharger - ok
20:56:41.0534 0x10a0 [ 526FE18DB976D9A1AE19FBC53FA690B1, 4E2623243A9BB61F7211E591C24EDB70B07974A7FA21E3F14C683F27E975777F ] AJRouter C:\WINDOWS\System32\AJRouter.dll
20:56:42.0897 0x10a0 AJRouter - ok
20:56:42.0903 0x10a0 ALG - ok
20:56:42.0907 0x10a0 amdgpio2 - ok
20:56:42.0911 0x10a0 amdi2c - ok
20:56:42.0917 0x10a0 AmdK8 - ok
20:56:42.0920 0x10a0 AmdPPM - ok
20:56:42.0924 0x10a0 amdsata - ok
20:56:42.0928 0x10a0 amdsbs - ok
20:56:42.0933 0x10a0 amdxata - ok
20:56:42.0945 0x10a0 AppID - ok
20:56:42.0949 0x10a0 AppIDSvc - ok
20:56:42.0973 0x10a0 Appinfo - ok
20:56:42.0978 0x10a0 applockerfltr - ok
20:56:43.0024 0x10a0 AppReadiness - ok
20:56:43.0076 0x10a0 AppXSvc - ok
20:56:43.0079 0x10a0 arcsas - ok
20:56:43.0238 0x10a0 [ B035AFB34EB863BF090060A96B76A205, 3A794A9A4E7C486CC58157E9723D7DA6C9C50F9E493F46AFB8359C9FFACD1965 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
20:56:43.0256 0x10a0 ASLDRService - ok
20:56:43.0311 0x10a0 [ CAA69B5EF70E88C1E8A8A2C341151063, CE3C178C6EBDA538411FC8677D84735AF6991D047106522F0E1CC08BB1FEF412 ] AsusPTPDrv C:\WINDOWS\System32\drivers\AsusPTPFilter.sys
20:56:43.0401 0x10a0 AsusPTPDrv - ok
20:56:43.0419 0x10a0 [ 257B3F900A5DD53F7F9F0E1C2F60DA55, 6D84F9B1BB9B671102551F9E0337A67C625C035BC403A56382547CE05F085C96 ] aswArDisk C:\WINDOWS\system32\drivers\aswArDisk.sys
20:56:43.0431 0x10a0 aswArDisk - ok
20:56:43.0460 0x10a0 [ 2A55A061EF660B1C4CC6B2854AF06922, 086C1B314CCCC9C88EAD666BD3B24A49F836B282EC7C86407EACDB898B36002A ] aswArPot C:\WINDOWS\system32\drivers\aswArPot.sys
20:56:43.0471 0x10a0 aswArPot - ok
20:56:44.0330 0x10a0 [ DD45F15877091ECD3FA744EDA698B089, 7B0EEE89018AE7DDEFB827017E481B03A33B802AE289AC99CD9AA1E3126236A7 ] aswbIDSAgent C:\Program Files\AVAST Software\Avast\aswidsagent.exe
20:56:45.0002 0x10a0 aswbIDSAgent - ok
20:56:45.0033 0x10a0 [ CCF5EDF0D2224998C5E0CC3D98A7F337, 6D388500371B0E0F213BF6C47502A7F7E27822FA6CD64CACAA1BCD5102E6687A ] aswbidsdriver C:\WINDOWS\system32\drivers\aswbidsdriver.sys
20:56:45.0049 0x10a0 aswbidsdriver - ok
20:56:45.0080 0x10a0 [ 483173AE6B3A0404083247EC7EEC541E, 646C164CFB697EAE7506AAC0ABA9E238479A20870664B8CF1489B1EDD825F0ED ] aswbidsh C:\WINDOWS\system32\drivers\aswbidsh.sys
20:56:45.0096 0x10a0 aswbidsh - ok
20:56:45.0127 0x10a0 [ A36FEFEC57AF466FBA56A47785C7C951, 27B2D29DA9D471BFACE70C9E1F0EECD848C0B29BE7EDC9A100767C6BB6EABA92 ] aswbuniv C:\WINDOWS\system32\drivers\aswbuniv.sys
20:56:45.0143 0x10a0 aswbuniv - ok
20:56:45.0315 0x10a0 [ 0D6C1266418D1CA2E19A150ADA9F1ADC, 64A671CEE39013F90D0DAA8D70994E72F2A7AA95F4C59906C026458003E7D66B ] aswElam C:\WINDOWS\system32\drivers\aswElam.sys
20:56:45.0596 0x10a0 aswElam - ok
20:56:45.0627 0x10a0 [ 1A707F680943E0FDB5C215D53A6ED778, C801058F1F4E308115B74B66B17A872AA52AF0BE6BF88D9B37B37CBE155C1D1D ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys
20:56:45.0643 0x10a0 aswKbd - ok
20:56:45.0690 0x10a0 [ 6A9975BC85096D16DF84603B530B63AA, ED653826E4A7A1551CA55979AEFD511159D3249B4F94A0D9895F2FACD7CF3C89 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
20:56:45.0690 0x10a0 aswMonFlt - ok
20:56:45.0736 0x10a0 [ EBBCA43893755A2AEC68BBD26C142B83, B79A75AAB399B2C70A40195F848D9217C0F23388AF7D74BAFEF1D265D2B51494 ] aswNetHub C:\WINDOWS\system32\drivers\aswNetHub.sys
20:56:45.0752 0x10a0 aswNetHub - ok
20:56:45.0768 0x10a0 [ 76A629BAB1566B5EDE137292A0A8143C, E8971147634F665329F60CF28152D12E2DFA20B5A4ED9E5449B5A917B08389F1 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr2.sys
20:56:45.0783 0x10a0 aswRdr - ok
20:56:45.0799 0x10a0 [ E363695B5DA46131AB1AA46C64DBD5EF, CF7705FBA2544A6425336D278A0A4824FCE66AB9673D252810DE160D80808B97 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
20:56:45.0815 0x10a0 aswRvrt - ok
20:56:45.0971 0x10a0 [ D6112F9298DF396BDF13F4BFB365B23F, 9F1D4A0FC8F99A9E6FC96D3B61B3CCABFEB8A07368444C7408B14B6F2C17AD88 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
20:56:46.0002 0x10a0 aswSnx - ok
20:56:46.0033 0x10a0 [ 35D07B194855CAEE171ADAACAB1AA64C, E133A24A1D3AC771D3AF30FAEBD04B331A3E6EB7168A59EB1A64F62BBD813C48 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
20:56:46.0049 0x10a0 aswSP - ok
20:56:46.0080 0x10a0 [ 36C0D2E74BC57B77920C52389BABC147, 1817707C90A25770FB392AB26C5BEB6F2E50BB46D81987F867E5E9984A9FA48C ] aswStm C:\WINDOWS\system32\drivers\aswStm.sys
20:56:46.0111 0x10a0 aswStm - ok
20:56:46.0158 0x10a0 [ 81D77BA862C2CAC331B9E49D1D55477D, 66A3634BD6BF3C8197217C678D0F7D9E821F153B464E39B3B35A4AD8A69933B4 ] aswTap C:\WINDOWS\System32\drivers\aswTap.sys
20:56:46.0158 0x10a0 aswTap - ok
20:56:46.0189 0x10a0 [ BEFAD1107F4D9D13906B5EBE23E2DEE5, 98EEA93E5ADF52DEFAF41B15973325BE13CBBA2C92FAB7B94D77C1BA9D67C8FC ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
20:56:46.0205 0x10a0 aswVmm - ok
20:56:46.0252 0x10a0 [ 654EA9E4F6EDC385B4245540F705953E, CB5515C145AF53D7A0A33F18F2C63AC309A85C5492ABCF70225D60B935966796 ] aswVpnRdr C:\WINDOWS\system32\drivers\aswVpnRdr.sys
20:56:46.0268 0x10a0 aswVpnRdr - ok
20:56:46.0268 0x10a0 AsyncMac - ok
20:56:46.0268 0x10a0 atapi - ok
20:56:46.0314 0x10a0 [ 546CCCC70E397A5273145ECE316E023F, 52238BF0D56983CD5D8C36B4F3C7D6B72D259CC60F3FCD8AD081A8380C349B82 ] AtherosSvc C:\WINDOWS\System32\drivers\AdminService.exe
20:56:46.0330 0x10a0 AtherosSvc - ok
20:56:46.0486 0x10a0 [ 62B28ACF1C27CA02759E0C09E5D96022, 13C573F346A8C2C34C413B437B8C0EB66653977B62E545A18A37B0CBDDA54FC1 ] athr C:\WINDOWS\System32\drivers\athw10x.sys
20:56:46.0627 0x10a0 athr - ok
20:56:46.0736 0x10a0 [ 0E717D7FED23731863EC44B4031DC268, A6F98FE201320FE3FF041768E426008C86B15BA7593EA04B1AC71B6FAE837A1E ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
20:56:46.0752 0x10a0 ATKWMIACPIIO - ok
20:56:46.0783 0x10a0 AudioEndpointBuilder - ok
20:56:46.0799 0x10a0 Audiosrv - ok
20:56:46.0830 0x10a0 autotimesvc - ok
20:56:46.0892 0x10a0 [ 9C1E9B5D6AF94975792BC2C3ED169BE8, 8E60D165EA2463F0FDCECCF90545FF3699C70B7D1B5E378B3358E746B02A31EE ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:56:46.0908 0x10a0 avast! Antivirus - ok
20:56:46.0955 0x10a0 [ 5327638F15182D57FF0490F0261E747F, 0089544BF3EC76C9494AA059B42E92A0372D99C6874B11A041BD337509734B41 ] avast! Tools C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
20:56:46.0971 0x10a0 avast! Tools - ok
20:56:47.0017 0x10a0 [ 1B231B5C4D36DE4750A587F08338DEDE, 79E53D36A40951AB328E153BAC9C1E3ADF3330B45899345E645889B9046F06E0 ] AvastWscReporter C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
20:56:47.0080 0x10a0 AvastWscReporter - ok
20:56:47.0111 0x10a0 AxInstSV - ok
20:56:47.0111 0x10a0 b06bdrv - ok
20:56:47.0142 0x10a0 [ 26E2320D24C66EB72B36EB71EBEF2558, 7D06B6499FE915480DF4DAD658281C8B85F7AD71F49B089A270AE0B45713F2E9 ] bam C:\WINDOWS\system32\drivers\bam.sys
20:56:47.0158 0x10a0 bam - ok
20:56:47.0220 0x10a0 BasicDisplay - ok
20:56:47.0236 0x10a0 BasicRender - ok
20:56:47.0283 0x10a0 BcastDVRUserService - ok
20:56:47.0330 0x10a0 [ 739D089777D2B66DBE7201E5EA4BA2D7, 9AD12E18A042C5B8EFB19297BC2E7BD1FEF75A138FEFB64C6BF0261FD3E53AB1 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
20:56:47.0502 0x10a0 bcmfn2 - ok
20:56:47.0564 0x10a0 BDESVC - ok
20:56:47.0642 0x10a0 [ 4280B427B81EB8C265F3206E2298761E, 121AF03BBE6ECC1622C2540805A30AE9555EB5D5FE25B55939C045ECE7FC37EB ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:56:47.0752 0x10a0 Beep - ok
20:56:47.0767 0x10a0 BFE - ok
20:56:47.0830 0x10a0 bindflt - ok
20:56:47.0892 0x10a0 BITS - ok
20:56:47.0908 0x10a0 BluetoothUserService - ok
20:56:47.0955 0x10a0 bowser - ok
20:56:47.0970 0x10a0 BrokerInfrastructure - ok
20:56:48.0002 0x10a0 [ 35F152A2299ABF0CFB101DF5001CD7E2, 169C56B69240CBE2E045CA26B6F6BF29E406D9D8EF40BA55FFE0667F6BB6D75B ] Browser C:\WINDOWS\System32\browser.dll
20:56:49.0298 0x10a0 Browser - ok
20:56:49.0298 0x10a0 BTAGService - ok
20:56:49.0329 0x10a0 [ 4C223F0F8B10BF7EF241788DCC998D97, 612389381E1EFD3ADA79B5A730A3A66D532E4B5A7A951DC84D5FC9AEF6999DB2 ] BtFilter C:\WINDOWS\System32\drivers\btfilter.sys
20:56:49.0329 0x10a0 BtFilter - ok
20:56:49.0361 0x10a0 BthA2dp - ok
20:56:49.0361 0x10a0 BthAvctpSvc - ok
20:56:49.0376 0x10a0 BthEnum - ok
20:56:49.0392 0x10a0 [ 54A6088904238C4C023A3A3B73BD0F6D, E1139629752B748A0B0A7C22F4E1DB18D93439B239AF258D3148377B275A3B51 ] BthHFAud C:\WINDOWS\System32\drivers\BthHfAud.sys
20:56:49.0551 0x10a0 BthHFAud - ok
20:56:49.0626 0x10a0 [ 7AE44E94C6B1DF488AA309824DEAD643, 91C72C54142A0D4E5A5F33268850CEB8315AA30C2F0B74A9FFA962887ABAC797 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
20:56:49.0653 0x10a0 BthHFEnum - ok
20:56:49.0718 0x10a0 BthLEEnum - ok
20:56:49.0722 0x10a0 BthMini - ok
20:56:49.0760 0x10a0 [ 11D609CC74F0EB1DF6C0171331CDE9A1, 9412DC92F16C0B8A937D6FB1AD83D7169F4EC0F08FAE0E2B244346428CE99EE1 ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
20:56:49.0810 0x10a0 BTHMODEM - ok
20:56:49.0855 0x10a0 [ 3AB6DD0A13F9AA1BC6A71E942CC45770, C39E471BD757CA12635F283FFC4407989447739D36830E81E8DD3E63E363B3D7 ] BthPan C:\WINDOWS\System32\drivers\bthpan.sys
20:56:49.0947 0x10a0 BthPan - ok
20:56:49.0980 0x10a0 BTHPORT - ok
20:56:50.0059 0x10a0 [ D293AC628357F2F75B8579087F732970, 1E536D8863D695944214D55E9B0B4BFE04F705DB7ECA18A0CF8B37AAF4893B1E ] bthserv C:\WINDOWS\system32\bthserv.dll
20:56:50.0190 0x10a0 bthserv - ok
20:56:50.0205 0x10a0 BTHUSB - ok
20:56:50.0221 0x10a0 bttflt - ok
20:56:50.0221 0x10a0 buttonconverter - ok
20:56:50.0252 0x10a0 [ E7690568D2A5FA3D4E6D28B42358A122, CDBD820B6D383EC0A8151EA4300435C2BAD085EC55DB185C5E16CAF961443888 ] CAD C:\WINDOWS\System32\drivers\CAD.sys
20:56:50.0268 0x10a0 CAD - ok
20:56:50.0284 0x10a0 camsvc - ok
20:56:50.0330 0x10a0 CaptureService - ok
20:56:50.0424 0x10a0 cbdhsvc - ok
20:56:50.0440 0x10a0 cdfs - ok
20:56:50.0487 0x10a0 CDPSvc - ok
20:56:50.0518 0x10a0 CDPUserSvc - ok
20:56:50.0549 0x10a0 cdrom - ok
20:56:50.0580 0x10a0 CertPropSvc - ok
20:56:50.0612 0x10a0 [ D2D089C7D1ADD0C9E9D9C81DD24BD819, 8B4D9B88ACDF02B15B0700E05C43E7232F73DEA45579CFE593C33AFA850FA62E ] cfwids C:\WINDOWS\system32\drivers\cfwids.sys
20:56:50.0612 0x10a0 cfwids - ok
20:56:50.0627 0x10a0 cht4iscsi - ok
20:56:50.0627 0x10a0 cht4vbd - ok
20:56:50.0643 0x10a0 CimFS - ok
20:56:50.0674 0x10a0 [ 115CC1E142CE29C9006D59943108DF47, 564FA08C5BEC6DAF1A83C80C9139A6E1AA7E05D251DB3BA379B57C9FDAE83E1B ] circlass C:\WINDOWS\System32\drivers\circlass.sys
20:56:50.0924 0x10a0 circlass - ok
20:56:50.0924 0x10a0 CldFlt - ok
20:56:51.0481 0x10a0 [ 2EB7D0C0B54D5D0AEA869B4337BEC6A1, C669FCF717820DFFBD4392FDA1E73847EC375FF392DBE729DC71C97796F72E40 ] CleanupPSvc C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe
20:56:52.0408 0x10a0 CleanupPSvc - ok
20:56:52.0424 0x10a0 CLFS - ok
20:56:53.0018 0x10a0 [ F69880974B3C28F378768FB5129E7E4E, 730D8808686DC85A199DC906ED067E0068053AF914FEF95609F8692D54015EE1 ] ClickToRunSvc C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
20:56:53.0408 0x10a0 ClickToRunSvc - ok
20:56:53.0518 0x10a0 [ E9921DAEA6A0ECA423056A119A1CEE1E, E7AA9E510AFFC0D707BA3E037E6C12EAC30C9FCB230FFA708C3C58299D42B555 ] ClientAnalyticsService C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
20:56:53.0564 0x10a0 ClientAnalyticsService - ok
20:56:53.0596 0x10a0 ClipSVC - ok
20:56:53.0596 0x10a0 CmBatt - ok
20:56:53.0596 0x10a0 CNG - ok
20:56:53.0627 0x10a0 [ A46B4D1484227900F7615FE2A569D828, A06B8002E7A708890222C777DDF8B67FED7015C0943C1FC4F9036E9F9DC14494 ] cnghwassist C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
20:56:53.0643 0x10a0 cnghwassist - ok
20:56:53.0689 0x10a0 [ 99392FDADF3CE5EB47403E5A52866E6F, 63CEF51971EB85D9823CE9A95F1ED9907D20525ED8E32230068CC36E9082A8C3 ] CompositeBus C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_7500cffa210c6946\CompositeBus.sys
20:56:53.0721 0x10a0 CompositeBus - ok
20:56:53.0721 0x10a0 COMSysApp - ok
20:56:53.0736 0x10a0 condrv - ok
20:56:53.0783 0x10a0 ConsentUxUserSvc - ok
20:56:53.0846 0x10a0 CoreMessagingRegistrar - ok
20:56:54.0111 0x10a0 [ 3C2C6121D2E8D9069995BA2D3318A91A, A06CA18C3972FAD2B6FA63C7BF6DA156A974F141F87C2E74C495237F62B1D804 ] cphs C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_fb9939a7d714d646\IntelCpHeciSvc.exe
20:56:54.0158 0x10a0 cphs - ok
20:56:54.0189 0x10a0 [ D14FC1262D996D3BC1125619BEAEBF0C, 797AF0B479231B4C5DA534557612701910585B78AC9809FD0C785398DBCF4261 ] cplspcon C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_fb9939a7d714d646\IntelCpHDCPSvc.exe
20:56:54.0205 0x10a0 cplspcon - ok
20:56:54.0252 0x10a0 CredentialEnrollmentManagerUserSvc - ok
20:56:54.0252 0x10a0 CredentialEnrollmentManagerUserSvc_379f1 - ok
20:56:54.0267 0x10a0 CryptSvc - ok
20:56:54.0267 0x10a0 dam - ok
20:56:54.0283 0x10a0 DcomLaunch - ok
20:56:54.0299 0x10a0 defragsvc - ok
20:56:54.0408 0x10a0 [ 1CB00B5CBA251B45075C478E212312AE, 4370EFBBAA5E8F97E4450BC2CEB708C9ABFB828B4FF73B3127F271C1B275775B ] DevActSvc C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe
20:56:54.0424 0x10a0 DevActSvc - ok
20:56:54.0424 0x10a0 DeviceAssociationBrokerSvc - ok
20:56:54.0439 0x10a0 DeviceAssociationService - ok
20:56:54.0611 0x10a0 DeviceInstall - ok
20:56:54.0627 0x10a0 DevicePickerUserSvc - ok
20:56:54.0658 0x10a0 DevicesFlowUserSvc - ok
20:56:54.0689 0x10a0 [ F8BE99B9EA9B110F7CB3F46BA844C1FF, EABF953864C0AE4FB6426C0B7E92DD81EE4A8852081F9D2EA02B61D4C8DB6188 ] DevQueryBroker C:\WINDOWS\system32\DevQueryBroker.dll
20:56:57.0220 0x10a0 DevQueryBroker - ok
20:56:57.0235 0x10a0 Dfsc - ok
20:56:57.0267 0x10a0 [ 7696E56D3918EC9BBF5BC65E241002DC, 4FF3ADE6A47160D84ED1FDCA261EC29BF408944BAFA159A3E381DDC958300265 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus2.sys
20:56:58.0188 0x10a0 dg_ssudbus - ok
20:56:58.0220 0x10a0 Dhcp - ok
20:56:58.0266 0x10a0 diagnosticshub.standardcollector.service - ok
20:56:58.0298 0x10a0 diagsvc - ok
20:56:58.0313 0x10a0 DiagTrack - ok
20:56:58.0329 0x10a0 disk - ok
20:56:58.0345 0x10a0 DispBrokerDesktopSvc - ok
20:56:58.0360 0x10a0 DisplayEnhancementService - ok
20:56:58.0376 0x10a0 DmEnrollmentSvc - ok
20:56:58.0376 0x10a0 dmvsc - ok
20:56:58.0391 0x10a0 [ 2E8A026D6680C301ADF6D4B301A4CE8B, 2FDB34E2A61457308B0FEC938A2D6351F63D02BB67DC87FE4F2534E0048C8E89 ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
20:56:58.0907 0x10a0 dmwappushservice - ok
20:56:58.0938 0x10a0 Dnscache - ok
20:56:59.0094 0x10a0 dot3svc - ok
20:56:59.0141 0x10a0 [ 9E65C33CB7FB50453F7F4407070EAF53, A8707BD19D584DAECA39990A2E791194140AFCA4FCE31F23CC7E931DF8C17361 ] DPS C:\WINDOWS\system32\dps.dll
20:56:59.0501 0x10a0 DPS - ok
20:56:59.0532 0x10a0 [ CF1232E0F6AECAE0241BFF06EE8F065E, DE6D706C5D2CBE4B4B174DEB72851717BD4E47827026C89AE1635CC3E460DFD5 ] dptf_cpu C:\WINDOWS\System32\drivers\dptf_cpu.sys
20:56:59.0547 0x10a0 dptf_cpu - ok
20:56:59.0579 0x10a0 drmkaud - ok
20:56:59.0610 0x10a0 DsmSvc - ok
20:56:59.0626 0x10a0 DsSvc - ok
20:56:59.0657 0x10a0 [ 81DF23EC4009D307479D5C169539CD67, 65AEE1E876CBE801A763F14930D15CF2E6A10697620B5903AA04BA30585A5676 ] DusmSvc C:\WINDOWS\System32\dusmsvc.dll
20:56:59.0985 0x10a0 DusmSvc - ok
20:57:00.0000 0x10a0 DXGKrnl - ok
20:57:00.0016 0x10a0 Eaphost - ok
20:57:00.0016 0x10a0 ebdrv - ok
20:57:00.0125 0x10a0 [ D21437C262283650E8349AFA573AC03A, 9C256D462F0640855E1AB3D2C658CB4EDD7E061EB2782FD03481196D5ED93DB5 ] edgeupdate C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
20:57:00.0141 0x10a0 edgeupdate - ok
20:57:00.0157 0x10a0 [ D21437C262283650E8349AFA573AC03A, 9C256D462F0640855E1AB3D2C658CB4EDD7E061EB2782FD03481196D5ED93DB5 ] edgeupdatem C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
20:57:00.0172 0x10a0 edgeupdatem - ok
20:57:00.0188 0x10a0 EFS - ok
20:57:00.0219 0x10a0 EhStorClass - ok
20:57:00.0219 0x10a0 EhStorTcgDrv - ok
20:57:00.0250 0x10a0 embeddedmode - ok
20:57:00.0344 0x10a0 [ 0794D2FA7C69C4ACF3AD3439B6FC8745, 1A5C070F54117FC18ABA98DD734CD0FB650802C264CDA0A1912AF015DBC34D91 ] EMP_UDSA C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
20:57:00.0391 0x10a0 EMP_UDSA - ok
20:57:00.0407 0x10a0 EntAppSvc - ok
20:57:00.0407 0x10a0 ErrDev - ok
20:57:00.0532 0x10a0 [ 54CD5C621BD88E707B56EC8493A87D93, 499094A508FE871F5978692AD152AA3522EB203E6BC5F751906FFEBB07F05D22 ] esifsvc C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe
20:57:00.0594 0x10a0 esifsvc - ok
20:57:00.0625 0x10a0 [ EE106C2FE507A9D0A8F581ED757059AF, D82FA75BFFBA2624B993F4CE815833D45DDABE01BFFB48D7AF1E25AA70566348 ] esif_lf C:\WINDOWS\system32\DRIVERS\esif_lf.sys
20:57:00.0641 0x10a0 esif_lf - ok
20:57:00.0781 0x10a0 EventLog - ok
20:57:00.0797 0x10a0 EventSystem - ok
20:57:00.0813 0x10a0 exfat - ok
20:57:00.0828 0x10a0 fastfat - ok
20:57:00.0860 0x10a0 Fax - ok
20:57:00.0860 0x10a0 fdc - ok
20:57:00.0875 0x10a0 [ 0439B82F6034ADA3E71C0C9F169082BD, 0918728669077235B2F2DB7EE22CE819FA570D8A7A497BA5F11E76774EA75099 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
20:57:01.0719 0x10a0 fdPHost - ok
20:57:01.0750 0x10a0 [ AD64C91B3CC71226785DCE688842E5AB, 056E1091468D268E7970045AB329EB3DFF48BB6B22448046A14C309678847B6E ] FDResPub C:\WINDOWS\system32\fdrespub.dll
20:57:01.0812 0x10a0 FDResPub - ok
20:57:01.0844 0x10a0 fhsvc - ok
20:57:01.0859 0x10a0 [ 8E59D944EE4EFAED65A341A71297C4CD, CFFFD7007AB7FB04ECB44D0079BFE8EEB53AECC988135199C388AF425EBCF2AD ] FileCrypt C:\WINDOWS\system32\drivers\filecrypt.sys
20:57:01.0906 0x10a0 FileCrypt - ok
20:57:01.0906 0x10a0 FileInfo - ok
20:57:01.0906 0x10a0 Filetrace - ok
20:57:01.0906 0x10a0 flpydisk - ok
20:57:01.0937 0x10a0 FltMgr - ok
20:57:01.0984 0x10a0 FontCache - ok
20:57:02.0094 0x10a0 FontCache3.0.0.0 - ok
20:57:02.0125 0x10a0 FrameServer - ok
20:57:02.0141 0x10a0 FsDepends - ok
20:57:02.0141 0x10a0 Fs_Rec - ok
20:57:02.0141 0x10a0 fvevol - ok
20:57:02.0187 0x10a0 [ A1E06E4E8CB863C74DE428D4D6681185, DA46502C009FD4C847A547610DEE2684A5A583467BF76009BD46104AAE2F6B1B ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
20:57:02.0484 0x10a0 gencounter - ok
20:57:02.0484 0x10a0 genericusbfn - ok
20:57:02.0625 0x10a0 [ 31C54B9E32FCB632284A8610C997D201, D9A3F0D8C3CB8242274BA35F723146A1FAD45ED4E5A23BD7F3A93701D1E54A82 ] GoogleChromeElevationService C:\Program Files (x86)\Google\Chrome\Application\92.0.4515.107\elevation_service.exe
20:57:02.0719 0x10a0 GoogleChromeElevationService - ok
20:57:02.0734 0x10a0 GPIOClx0101 - ok
20:57:02.0772 0x10a0 gpsvc - ok
20:57:02.0803 0x10a0 [ 8C06046B6A8C1ACDAEA15682058FDFB4, 3E0CC301249B7D8D5BEB932F4DFD1EAB8037679EC153772F63B430713903B0AC ] GpuEnergyDrv C:\WINDOWS\system32\drivers\gpuenergydrv.sys
20:57:02.0819 0x10a0 GpuEnergyDrv - ok
20:57:02.0866 0x10a0 GraphicsPerfSvc - ok
20:57:02.0913 0x10a0 [ 605CCC9CE1839BC5583017DF7CAE27A6, F1F67830FC3531DFBDAF5315F59422438AB9F243D89491AC75D1818E7ED98B5D ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:57:02.0913 0x10a0 gupdate - ok
20:57:02.0928 0x10a0 [ 605CCC9CE1839BC5583017DF7CAE27A6, F1F67830FC3531DFBDAF5315F59422438AB9F243D89491AC75D1818E7ED98B5D ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:57:02.0928 0x10a0 gupdatem - ok
20:57:02.0959 0x10a0 HdAudAddService - ok
20:57:03.0006 0x10a0 HDAudBus - ok
20:57:03.0006 0x10a0 HidBatt - ok
20:57:03.0037 0x10a0 HidBth - ok
20:57:03.0037 0x10a0 hidi2c - ok
20:57:03.0037 0x10a0 hidinterrupt - ok
20:57:03.0053 0x10a0 [ 6B46E3061EC0523CB46ED28060FCD946, 6089305AF73CC584963865482448CD5CA4252EC9BD3E72AF16D45E4F95C3EBF2 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
20:57:03.0105 0x10a0 HidIr - ok
20:57:03.0121 0x10a0 hidserv - ok
20:57:03.0121 0x10a0 hidspi - ok
20:57:03.0152 0x10a0 [ 2866EE966A0D19307E247A22BE110522, F11B8F5A3344AF5B48C411F5547E1589987C6A63CF2DFCAC80044B98AF4BDD63 ] HIDSwitch C:\WINDOWS\System32\drivers\AsRadioControl.sys
20:57:03.0152 0x10a0 HIDSwitch - ok
20:57:03.0184 0x10a0 HidUsb - ok
20:57:03.0230 0x10a0 [ D0D9A2B7B769BCC5541ADC2D04E6A744, D47BEF0E7DE692D1AA4DAC3A866E150226AC2B2A5175DA2B22BB319C297B7AE3 ] HipShieldK C:\WINDOWS\system32\drivers\HipShieldK.sys
20:57:03.0230 0x10a0 HipShieldK - ok
20:57:03.0246 0x10a0 HpSAMD - ok
20:57:03.0262 0x10a0 HTTP - ok
20:57:03.0293 0x10a0 [ 849A66D34BC2DAD0044FAC2FEE1AF956, A5F6858AA556D9180C303EA3ED02EB6D6D8EB55A100B3918654281A01198D8E8 ] hvcrash C:\WINDOWS\System32\drivers\hvcrash.sys
20:57:03.0293 0x10a0 hvcrash - ok
20:57:03.0324 0x10a0 [ 855F55BB462B7D8B6BC31A94A592DF3D, 776C772E69CF9D81D8511201813DD79F2106DC7D2547B4FA700432AE9B73C202 ] HvHost C:\WINDOWS\System32\hvhostsvc.dll
20:57:04.0917 0x10a0 HvHost - ok
20:57:04.0949 0x10a0 hvservice - ok
20:57:04.0964 0x10a0 [ 5DC7DFED5FEDD923B874B51D0C6752BB, 69714A8B74EB02282572B34E156051FFC10693B816905CE18A8C6C8CCB95B846 ] HwNClx0101 C:\WINDOWS\system32\Drivers\mshwnclx.sys
20:57:05.0011 0x10a0 HwNClx0101 - ok
20:57:05.0027 0x10a0 hwpolicy - ok
20:57:05.0027 0x10a0 hyperkbd - ok
20:57:05.0027 0x10a0 HyperVideo - ok
20:57:05.0027 0x10a0 i8042prt - ok
20:57:05.0042 0x10a0 iagpio - ok
20:57:05.0042 0x10a0 iai2c - ok
20:57:05.0042 0x10a0 iaLPSS2i_GPIO2 - ok
20:57:05.0058 0x10a0 iaLPSS2i_GPIO2_BXT_P - ok
20:57:05.0058 0x10a0 iaLPSS2i_GPIO2_CNL - ok
20:57:05.0074 0x10a0 iaLPSS2i_GPIO2_GLK - ok
20:57:05.0074 0x10a0 iaLPSS2i_I2C - ok
20:57:05.0089 0x10a0 iaLPSS2i_I2C_BXT_P - ok
20:57:05.0089 0x10a0 iaLPSS2i_I2C_CNL - ok
20:57:05.0105 0x10a0 iaLPSS2i_I2C_GLK - ok
20:57:05.0105 0x10a0 iaLPSSi_GPIO - ok
20:57:05.0105 0x10a0 iaLPSSi_I2C - ok
20:57:05.0167 0x10a0 [ DB0599BBD0EE8436BC942C882A3013B2, EC218370DBD3F68B363E9E6CD5D66E57FF06EFF9125AAB793754332359ACB685 ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys
20:57:05.0199 0x10a0 iaStorA - ok
20:57:05.0214 0x10a0 iaStorAVC - ok
20:57:05.0324 0x10a0 iaStorV - ok
20:57:05.0324 0x10a0 ibbus - ok
20:57:05.0355 0x10a0 icssvc - ok
20:57:05.0417 0x10a0 igfx - ok
20:57:05.0464 0x10a0 [ 4C9B5205851C626A34F7AD3B2487C66A, ADA2F01A3764F3203174DB1B652D0549C764FFD979FB6B2AF5BD75C51C58DFB9 ] igfxCUIService2.0.0.0 C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_fb9939a7d714d646\igfxCUIService.exe
20:57:05.0480 0x10a0 igfxCUIService2.0.0.0 - ok
20:57:05.0511 0x10a0 IKEEXT - ok
20:57:05.0542 0x10a0 IndirectKmd - ok
20:57:05.0574 0x10a0 InstallService - ok
20:57:05.0761 0x10a0 [ 6FA30DBDD992096C8307A1E17006F6F5, CAF737B029D39CD7BA9969D06B55FB1A84CC13333F4AC852BDB3DD1A35E8BD95 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
20:57:05.0964 0x10a0 IntcAzAudAddService - ok
20:57:06.0042 0x10a0 [ D802C54CB11E1B1A701846F5F7B5BC32, A95CFE28549E31CD58269A47530320A9F61415691F915C1DB6121DA4E9191F2E ] IntcDAud C:\WINDOWS\System32\DriverStore\FileRepository\intcdaud.inf_amd64_1b570d7b9a790b1a\IntcDAud.sys
20:57:06.0073 0x10a0 IntcDAud - ok
20:57:06.0230 0x10a0 [ AEA02F1F43503A5E10C92246A0B70DBD, 9717788B0D3E69071042A6D3EFB431F7466F76805F762BF22A32314FF3C21D84 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
20:57:06.0261 0x10a0 Intel(R) Capability Licensing Service TCP IP Interface - ok
20:57:06.0292 0x10a0 intelide - ok
20:57:06.0370 0x10a0 intelpep - ok
20:57:06.0433 0x10a0 [ AECBF5BE2F9A2A50B978E0BF31041A81, A62F436C66DEFEB438A7891857DFB830995714A7E4FE4BDCA6B4EB1606BD2101 ] intelpmax C:\WINDOWS\System32\drivers\intelpmax.sys
20:57:06.0464 0x10a0 intelpmax - ok
20:57:06.0480 0x10a0 intelppm - ok
20:57:06.0589 0x10a0 [ 3FE81DE0379939BAEF3AF0AEEF225130, B4DE05DFE155D229058E33D3604E5F4271C972A992D931A7E6F3EADDA7BACB49 ] IObitUnSvr C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
20:57:06.0605 0x10a0 IObitUnSvr - ok
20:57:06.0620 0x10a0 iorate - ok
20:57:06.0667 0x10a0 IpFilterDriver - ok
20:57:06.0714 0x10a0 iphlpsvc - ok
20:57:06.0745 0x10a0 IPMIDRV - ok
20:57:06.0776 0x10a0 [ F63572DF4295C78B3F7036AEDA878176, B71EB3CC4EC95BC9A3FA217736C6C36C756935714D7E16E34C05D913B829CB9C ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
20:57:06.0808 0x10a0 IPNAT - ok
20:57:06.0823 0x10a0 [ B5B6D1F86E40E785D6650DB923DB6BEA, 7A2D92A2274E0379B5FA6351D18E2F0DD55960BB783EA3528FE9E303E1A4256D ] IPT C:\WINDOWS\System32\drivers\ipt.sys
20:57:06.0839 0x10a0 IPT - ok
20:57:06.0870 0x10a0 [ 77494E26B28465D2A09B9455F8A3B34E, B778D4BC71A5F5CF687175CA53AC342E4740156D4B96E6E96D918BD46C2C1459 ] IpxlatCfgSvc C:\WINDOWS\System32\IpxlatCfg.dll
20:57:07.0464 0x10a0 IpxlatCfgSvc - ok
20:57:07.0479 0x10a0 isapnp - ok
20:57:07.0479 0x10a0 iScsiPrt - ok
20:57:07.0495 0x10a0 ItSas35i - ok
20:57:07.0542 0x10a0 [ C2F501AA3189EABE8F37411A9DC8DFD5, EF8385B091CC33E43892E36CAD7FC1BE0505DB8482ACC2A9D27ED97FDED2A5E5 ] IUFileFilter C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys
20:57:07.0542 0x10a0 IUFileFilter - ok
20:57:07.0557 0x10a0 [ F075553416F0BA206381D01C3DDD702F, 17927F93565F1A73DF685D2EF58F0F413741EA217DFD827C64F0BA248B8A49E3 ] IURegProcessFilter C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegProcessFilter.sys
20:57:07.0557 0x10a0 IURegProcessFilter - ok
20:57:07.0682 0x10a0 [ C395FADCE0E9FD9B0F23E622C2249701, 257E0DF7CDAA23AFBFE53E22DA44140D43DB5298086C5BB49DB155A261895998 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
20:57:07.0698 0x10a0 jhi_service - ok
20:57:07.0698 0x10a0 kbdclass - ok
20:57:07.0698 0x10a0 kbdhid - ok
20:57:07.0714 0x10a0 kdnic - ok
20:57:07.0745 0x10a0 KeyIso - ok
20:57:07.0761 0x10a0 KSecDD - ok
20:57:07.0776 0x10a0 KSecPkg - ok
20:57:07.0776 0x10a0 ksthunk - ok
20:57:07.0807 0x10a0 [ DAE67BD7EC6ED569438F5CA38BFBB458, 672CA98525D6DD799A01A3BC3A62AB7B4544D62ECEB3615FAC05BFB97B389D23 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
20:57:10.0369 0x10a0 KtmRm - ok
20:57:10.0401 0x10a0 LanmanServer - ok
20:57:10.0447 0x10a0 LanmanWorkstation - ok
20:57:10.0604 0x10a0 [ 8D38A092AE5A3511BEDADB7243A84409, 499A2D654AAA19EB34FD1CE0150C3B8C2F3E1F5E7F676BC8BD1EF3D5FB2726D8 ] LdBoxDrv C:\Program Files\dnplayerext2\LdBoxDrv.sys
20:57:10.0619 0x10a0 LdBoxDrv - ok
20:57:10.0651 0x10a0 [ A997488F4EDAAD59C748CF9FB1D9DAC0, A0B145041F984DD4E0A6F8D0E9C8363DA6F2DA7460E140F028C320CEAC03759C ] lfsvc C:\WINDOWS\System32\lfsvc.dll
20:57:10.0697 0x10a0 lfsvc - ok
20:57:10.0713 0x10a0 LicenseManager - ok
20:57:10.0729 0x10a0 [ 78779BD92081CB27967E77561683AFBE, 05EC91E194336D1BB1EE323E70FAC54F6DC0CEF53FD4925F394399531A37A0DD ] lltdio C:\WINDOWS\system32\drivers\lltdio.sys
20:57:10.0775 0x10a0 lltdio - ok
20:57:10.0791 0x10a0 lltdsvc - ok
20:57:10.0807 0x10a0 lmhosts - ok
20:57:10.0885 0x10a0 [ B743127DDCE8CF670C187BE2CF8A38E5, C64244B32BA7825E41C141BFCB0593CB6D2A1B65A9C9ED85C7FB8668093FF949 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:57:10.0900 0x10a0 LMS - ok
20:57:10.0932 0x10a0 LSI_SAS - ok
20:57:10.0932 0x10a0 LSI_SAS2i - ok
20:57:10.0932 0x10a0 LSI_SAS3i - ok
20:57:10.0932 0x10a0 LSI_SSS - ok
20:57:10.0979 0x10a0 LSM - ok
20:57:10.0994 0x10a0 luafv - ok
20:57:11.0041 0x10a0 LxpSvc - ok
20:57:11.0057 0x10a0 [ AE03D8F1B7863268EAED2FE0105ED75F, F5172A1A3E24FC5271FCB0118861EA0EC33AA8ABB01AE9CAD50E2F032B92486C ] MapsBroker C:\WINDOWS\System32\moshost.dll
20:57:11.0135 0x10a0 MapsBroker - ok
20:57:11.0135 0x10a0 mausbhost - ok
20:57:11.0135 0x10a0 mausbip - ok
20:57:11.0213 0x10a0 [ E8AAA5EF5EBD3BBFFFA581B14056C1B9, 6519A70E8AFFE122E1DB69BA22CF14EC9B88BDA5AA4031FF0EC9834AC18D57BE ] MBAMChameleon C:\WINDOWS\System32\Drivers\MbamChameleon.sys
20:57:11.0228 0x10a0 MBAMChameleon - ok
20:57:11.0275 0x10a0 [ BF46AFE0CC03D9A5883E74438170B841, 43309A4DBCF15F09AB3066E96C498785C4F41DBCA8467B0385FCA467AE370980 ] MbamElam C:\WINDOWS\system32\DRIVERS\MbamElam.sys
20:57:11.0275 0x10a0 MbamElam - ok
20:57:11.0666 0x10a0 [ 1686A65526EDE0201C177F815AE9BB2C, 176F75A262419BCD3B383E2EE4581AC589F45B60902F4BE16AF5EF7802536FEB ] MBAMService C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
20:57:11.0822 0x10a0 MBAMService - ok
20:57:11.0885 0x10a0 [ 0B17A8F4956ABD5FA1A0851B59FF960E, 1B62082ACA96EF78A61AFDB33EF77260292C5D08E5E35B56F7F8F0A3A837ED9B ] MBAMSwissArmy C:\WINDOWS\System32\Drivers\mbamswissarmy.sys
20:57:11.0900 0x10a0 MBAMSwissArmy - ok
20:57:11.0916 0x10a0 MbbCx - ok
20:57:12.0072 0x10a0 [ 390BDF748DC3CFC18A957D3291C3DAE2, E66B0DAB1D7AA11D215A61DE2F7DD0057ECF01635AC437BC3EEAE3A9D8CB7064 ] McAPExe C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe
20:57:12.0088 0x10a0 McAPExe - ok
20:57:12.0181 0x10a0 [ 78B1C1DD87E53C5F8406CC307327B69D, 7F1710E8CE71EA9063D07DB90AECE2EDA683BBD88866F94E3A7BAF83F36BBDAF ] McAWFwk C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe
20:57:12.0197 0x10a0 McAWFwk - ok
20:57:12.0338 0x10a0 [ CB0FE788C6F443E24FA888890BCCDA1E, D2E492F8D19B519087E32FEA4FEF5A9AD1ED137E1C605F394A6DA4F458E07942 ] mccspsvc C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\\McCSPServiceHost.exe
20:57:12.0416 0x10a0 mccspsvc - ok
20:57:12.0416 0x10a0 megasas - ok
20:57:12.0416 0x10a0 megasas2i - ok
20:57:12.0416 0x10a0 megasas35i - ok
20:57:12.0431 0x10a0 megasr - ok
20:57:12.0478 0x10a0 [ 06D4AEA95783EC15B2D6098AD47F5590, 368C19CD520CABA1F26FB2FBBA81BB1A301BC8E2980FDD866E68097677FF33D8 ] MEIx64 C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
20:57:12.0494 0x10a0 MEIx64 - ok
20:57:12.0494 0x10a0 MessagingService - ok
20:57:12.0619 0x10a0 [ 0AE3EF6D5D8FCC3969A91911245F2DCC, DF17EE4D3BAA5FA22B5B60ED54D2773CD37ED040E01E4FCBE842378A0C0200B8 ] mfeaack C:\WINDOWS\system32\drivers\mfeaack.sys
20:57:12.0634 0x10a0 mfeaack - ok
20:57:12.0681 0x10a0 [ 39DA4178636C974F19D546345158EA8D, 21701687CE036D90AB0DE5F81A85D86F8FEA25E26A4395DE3FFA2968A20019AF ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
20:57:12.0697 0x10a0 mfeavfk - ok
20:57:12.0728 0x10a0 [ A3A47D55F9B8815B76214FC9022FDB13, AACA6D30F6DB9B4B53F8A30330414213EC10588F201E4ADC0FC5AE94DC0DA81E ] mfeelamk C:\WINDOWS\system32\drivers\mfeelamk.sys
20:57:12.0744 0x10a0 mfeelamk - ok
20:57:12.0791 0x10a0 [ 1B237A460D79EA2E5A500A92BD20E792, 56F6C47EF79947DE5B8FBAAF5088B28DD4C43F1D15BEB744261859106E7B7A68 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
20:57:12.0806 0x10a0 mfefire - ok
20:57:12.0837 0x10a0 [ 7B0C24D0B257C8159BEC756BC6A96772, A1898D59D86EE73E8ADB4D826EB60DAA69583252C861B0F86331C90C40ACECAA ] mfefirek C:\WINDOWS\system32\drivers\mfefirek.sys
20:57:12.0853 0x10a0 mfefirek - ok
20:57:12.0900 0x10a0 [ 331FA3CA43277DA4DAFF83C0212337EA, 78E601EB879F02D5C5F2ABDC17B26A718D9E360355D3FD212D5EAA51480A5126 ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
20:57:12.0931 0x10a0 mfehidk - ok
20:57:12.0978 0x10a0 [ 1EBBEC6BE4B4C096CCA06E9F0FA2C5BE, E61E99428B54FA19E28F019A0257DE295BE65F515386F68B9B8F3FF9C9856E2F ] mfemms C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
20:57:12.0994 0x10a0 mfemms - ok
20:57:13.0041 0x10a0 [ 4677F74438F290D2A8D8DD3A22AD6F09, 418A3C368B51A0C61DA40A52C44E354142DB6CE877A478A91CCC5DD310500CCC ] mfencbdc C:\WINDOWS\system32\DRIVERS\mfencbdc.sys
20:57:13.0072 0x10a0 mfencbdc - ok
20:57:13.0119 0x10a0 [ D446D79BD0A46372C64B702A708BA59F, F0714DFBC1E3ACAD623315653CAFF4D79C72958B039F255918575DEEA3243DC2 ] mfencrk C:\WINDOWS\system32\DRIVERS\mfencrk.sys
20:57:13.0119 0x10a0 mfencrk - ok
20:57:13.0166 0x10a0 [ 410C37CABA5D8756B30B840A6D50F58D, 52972FB09A2A5FF03A60034B401D46A0D37AEEF0FE815F6CA44399CF6AFC4890 ] mfeplk C:\WINDOWS\system32\drivers\mfeplk.sys
20:57:13.0181 0x10a0 mfeplk - ok
20:57:13.0228 0x10a0 [ 23B38957BFE6BBDB1E400164A2E3C67A, 47D6557E18BCD0738B50B2076C4E5F83D2C6D81D96E17F860504DA0A95A75707 ] mfevtp C:\Windows\system32\mfevtps.exe
20:57:13.0244 0x10a0 mfevtp - ok
20:57:13.0275 0x10a0 [ 2AAA2332F183B6CD548BCAC320536160, BAC6E82BF0BB1805845EB6EDD80A0BE910720EBBFC3B309058956CFBACF6D5EB ] mfewfpk C:\WINDOWS\system32\drivers\mfewfpk.sys
20:57:13.0291 0x10a0 mfewfpk - ok
20:57:13.0447 0x10a0 MicrosoftEdgeElevationService - ok
20:57:13.0494 0x10a0 [ B74FFC6301B3312A9F59E04E487BC72A, 76F71824E80D10EB71BEDE5EE3A64CAD7CAC3DDFBB6670D1537E6B75FF0217E9 ] Microsoft_Bluetooth_AvrcpTransport C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys
20:57:13.0540 0x10a0 Microsoft_Bluetooth_AvrcpTransport - ok
20:57:13.0540 0x10a0 MixedRealityOpenXRSvc - ok
20:57:13.0540 0x10a0 mlx4_bus - ok
20:57:13.0556 0x10a0 MMCSS - ok
20:57:13.0587 0x10a0 Modem - ok
20:57:13.0681 0x10a0 [ E1D941F98D004B0B7160C4E03BFA2A64, B2D7A32100308924793ACC1D419F3FEA74E386A861A1F6C2884C961C155FDA05 ] ModuleCoreService C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
20:57:13.0728 0x10a0 ModuleCoreService - ok
20:57:13.0744 0x10a0 monitor - ok
20:57:13.0744 0x10a0 mouclass - ok
20:57:13.0759 0x10a0 mouhid - ok
20:57:13.0759 0x10a0 mountmgr - ok
20:57:13.0759 0x10a0 mpsdrv - ok
20:57:13.0822 0x10a0 mpssvc - ok
20:57:13.0931 0x10a0 [ 186251D6489F7470616862DD15644177, CC06B99F3F67A90E0B5FC3B2FD7A0DBB23B0D766DDCC94FF6C72B1C2C6C913DF ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
20:57:14.0197 0x10a0 MRxDAV - ok
20:57:14.0212 0x10a0 mrxsmb - ok
20:57:14.0228 0x10a0 mrxsmb20 - ok
20:57:14.0259 0x10a0 [ E587396A4C8151ABBF13A96C4465DE31, A3AA5D51E34657479CFCDC3DBB7821B7255F7CB57D5686B7F709A7953AD537EB ] MsBridge C:\WINDOWS\system32\drivers\bridge.sys
20:57:14.0415 0x10a0 MsBridge - ok
20:57:14.0446 0x10a0 [ 2EF846AC66E181BE820B513DBC15B5D2, EDFE71025C352D0DABEC7B9506C5945BB0EC11F8DB540DB8CB1116C2EA1648A8 ] MSDTC C:\WINDOWS\System32\msdtc.exe
20:57:14.0493 0x10a0 MSDTC - ok
20:57:14.0509 0x10a0 Msfs - ok
20:57:14.0540 0x10a0 [ 6092FD060EC4132A799BDAD61845DDB7, B45F9D3A71FC8A73AED3C5B8CF6F14A25EBDD3D4D47C9F39FFCD75C7D22F4A9E ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
20:57:14.0556 0x10a0 msgpiowin32 - ok
20:57:14.0556 0x10a0 mshidkmdf - ok
20:57:14.0603 0x10a0 [ 9E90FE6DF363D2427A5C773120E7B27D, 1FDB7E28CCAF757603C4B754E1AC9C470E5E60E85DE067375902F108F5E34608 ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
20:57:14.0696 0x10a0 mshidumdf - ok
20:57:14.0728 0x10a0 msisadrv - ok
20:57:14.0743 0x10a0 MSiSCSI - ok
20:57:14.0743 0x10a0 msiserver - ok
20:57:14.0775 0x10a0 MSKSSRV - ok
20:57:14.0806 0x10a0 [ 9FB5040C8CEAE4C32B7884ECBBCAFDAF, 0EC3E53C5B1B202440DE22A5BF7E1EBE9AF5BBB6BA69DB9D018A6D8EC97B477E ] MsLldp C:\WINDOWS\system32\drivers\mslldp.sys
20:57:14.0946 0x10a0 MsLldp - ok
20:57:14.0962 0x10a0 MSPCLOCK - ok
20:57:14.0962 0x10a0 MSPQM - ok
20:57:14.0978 0x10a0 MsQuic - ok
20:57:14.0993 0x10a0 MsRPC - ok
20:57:15.0009 0x10a0 mssmbios - ok
20:57:15.0040 0x10a0 MSTEE - ok
20:57:15.0040 0x10a0 MTConfig - ok
20:57:15.0056 0x10a0 Mup - ok
20:57:15.0056 0x10a0 mvumis - ok
20:57:15.0071 0x10a0 NativeWifiP - ok
20:57:15.0087 0x10a0 NaturalAuthentication - ok
20:57:15.0134 0x10a0 [ D47A20839608B8213065D7AFC8C42195, 7B0187BE9705ED2F925616C13B3744BAC0A9C96B21BE503D96BC9EE7EE125B33 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
20:57:16.0102 0x10a0 NcaSvc - ok
20:57:16.0102 0x10a0 NcbService - ok
20:57:16.0118 0x10a0 [ 8C938E851CDF2CE30BBEA14555B61820, F853F526C811893BD40B1124BAEC543099381E7BF091729B6A6665DF3CE10B94 ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
20:57:16.0227 0x10a0 NcdAutoSetup - ok
20:57:16.0227 0x10a0 ndfltr - ok
20:57:16.0243 0x10a0 NDIS - ok
20:57:16.0274 0x10a0 [ 6BEC0929C7A7BF2A7C44F585ECC7DAEB, 5F6395268CBD26A4B90960479040C114B2C8A3F24C188C2D5F62D6AB43A637D1 ] NdisCap
C:\WINDOWS\system32\drivers\ndiscap.sys
20:57:16.0305 0x10a0 NdisCap - ok
20:57:16.0352 0x10a0 NdisImPlatform - ok
20:57:16.0368 0x10a0 NdisTapi - ok
20:57:16.0384 0x10a0 Ndisuio - ok
20:57:16.0399 0x10a0 NdisVirtualBus - ok
20:57:16.0415 0x10a0 NdisWan - ok
20:57:16.0415 0x10a0 ndiswanlegacy - ok
20:57:16.0446 0x10a0 [ 33CDAEDC7CBE8339A8324CEC2461BFB4, DAAEACDB4506D2BDDED61957D92FB4983E11D9CE6E7B25119B4CBFB431C945F4 ] NDKPing C:\WINDOWS\system32\drivers\NDKPing.sys
20:57:16.0462 0x10a0 NDKPing - ok
20:57:16.0462 0x10a0 ndproxy - ok
20:57:16.0493 0x10a0 [ 77621E74FD79B267071A0D12C643A48A, 8228B7D1237A0FFABCCC150B299EA494C8F0CB4CCB51AB0DBFF08CBAA9EFC4BB ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
20:57:16.0524 0x10a0 Ndu - ok
20:57:16.0571 0x10a0 NetAdapterCx - ok
20:57:16.0571 0x10a0 NetBIOS - ok
20:57:16.0587 0x10a0 NetBT - ok
20:57:16.0587 0x10a0 Netlogon - ok
20:57:16.0587 0x10a0 Netman - ok
20:57:16.0602 0x10a0 netprofm - ok
20:57:16.0633 0x10a0 NetSetupSvc - ok
20:57:16.0868 0x10a0 [ B9D455C60292DF5FCB064834CA5802AA, 75DCE4E5FA08CCEAF4D3D30FE8E26903FCDD14CC852E820F63B40F374C706DBD ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:57:17.0211 0x10a0 NetTcpPortSharing - ok
20:57:17.0227 0x10a0 netvsc - ok
20:57:17.0274 0x10a0 NgcCtnrSvc - ok
20:57:17.0321 0x10a0 NgcSvc - ok
20:57:17.0336 0x10a0 NlaSvc - ok
20:57:17.0336 0x10a0 Npfs - ok
20:57:17.0352 0x10a0 npsvctrig - ok
20:57:17.0368 0x10a0 nsi - ok
20:57:17.0383 0x10a0 nsiproxy - ok
20:57:17.0383 0x10a0 Ntfs - ok
20:57:17.0399 0x10a0 Null - ok
20:57:17.0399 0x10a0 nvdimm - ok
20:57:17.0430 0x10a0 nvraid - ok
20:57:17.0430 0x10a0 nvstor - ok
20:57:17.0461 0x10a0 OneSyncSvc - ok
20:57:17.0540 0x10a0 [ 8EBA5640D3316EC1D2F251F591A8D739, 586F4B9FD0151B97E9AF628FB639B274B5993290057E1C455B3907FE92C3D572 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:57:17.0555 0x10a0 ose64 - ok
20:57:17.0586 0x10a0 p2pimsvc - ok
20:57:17.0618 0x10a0 [ DA97CD5815EC123BC88382C08D465B9E, 46F5EA2E3D590FB10E14BC811612B6EF87C805B359A652D2C6BFE4840D5D6AA2 ] p2psvc C:\WINDOWS\system32\p2psvc.dll
20:57:18.0477 0x10a0 p2psvc - ok
20:57:18.0492 0x10a0 Parport - ok
20:57:18.0492 0x10a0 partmgr - ok
20:57:18.0539 0x10a0 PcaSvc - ok
20:57:18.0571 0x10a0 pci - ok
20:57:18.0586 0x10a0 pciide - ok
20:57:18.0602 0x10a0 pcmcia - ok
20:57:18.0602 0x10a0 pcw - ok
20:57:18.0617 0x10a0 pdc - ok
20:57:18.0633 0x10a0 PEAUTH - ok
20:57:18.0727 0x10a0 [ EC7A84653211DF98473A52898763E988, AA0085B09CE763D89D029246AFC94A8BC567F6CD5399FC3A1D5ED1956D8351F5 ] PEFService C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
20:57:18.0758 0x10a0 PEFService - ok
20:57:18.0836 0x10a0 perceptionsimulation - ok
20:57:18.0836 0x10a0 percsas2i - ok
20:57:18.0852 0x10a0 percsas3i - ok
20:57:19.0758 0x10a0 [ 2FC7CFCEDBF7E038351C7CEB1036D2E1, 41D7DA706F0CF613DF768B6795CD09C5C1035F9F101051FB58F5042EB4352DB6 ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
20:57:26.0381 0x10a0 PerfHost - ok
20:57:26.0412 0x10a0 PhoneSvc - ok
20:57:26.0459 0x10a0 PimIndexMaintenanceSvc - ok
20:57:26.0491 0x10a0 PktMon - ok
20:57:26.0553 0x10a0 [ 9E431A5D697432DD6F4DB48C9A185104, 44C16E194258C9143A45F4022F9C5DE229E217D6FF7F944F105FE631BE9EF4A7 ] pla C:\WINDOWS\system32\pla.dll
20:57:27.0193 0x10a0 pla - ok
20:57:27.0209 0x10a0 PlugPlay - ok
20:57:27.0225 0x10a0 pmem - ok
20:57:27.0240 0x10a0 [ 2769F200292C0F941A10BD60C33EA4A6, B8345C32585C45E6248D7194B1071F2B8617718E7C9B270AAF44C132D029DB4C ] PNPMEM C:\WINDOWS\System32\drivers\pnpmem.sys
20:57:27.0272 0x10a0 PNPMEM - ok
20:57:27.0287 0x10a0 [ 6AAAC8AD69AEFBE5FE04738B687EE85E, 83427082298E2FC021D5D39A43DB4A5783D95213F2CA8D3A997DB6C815BD9CB2 ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
20:57:27.0303 0x10a0 PNRPAutoReg - ok
20:57:27.0318 0x10a0 PNRPsvc - ok
20:57:27.0350 0x10a0 PolicyAgent - ok
20:57:27.0365 0x10a0 portcfg - ok
20:57:27.0381 0x10a0 Power - ok
20:57:27.0397 0x10a0 PptpMiniport - ok
20:57:27.0490 0x10a0 [ 9F1D4AE603B550B121B5019DAE8D92D7, F5BF7C6EB249B8AC6F1589561D7A32790F42B4B5293C8967F8AD255E19E6F8F1 ] prezi C:\Program Files (x86)\Prezi\Update\PreziUpdate.exe
20:57:27.0506 0x10a0 prezi - ok
20:57:27.0522 0x10a0 [ 9F1D4AE603B550B121B5019DAE8D92D7, F5BF7C6EB249B8AC6F1589561D7A32790F42B4B5293C8967F8AD255E19E6F8F1 ] prezim C:\Program Files (x86)\Prezi\Update\PreziUpdate.exe
20:57:27.0522 0x10a0 prezim - ok
20:57:27.0771 0x10a0 [ 207791C6CF332C53C72BB2E66AB13C6E, 1F067D862ECE38294B8ACDFEC0F50A82F1E4B1B5A6ACDB7A8F5EC6D0B7D9C3A5 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
20:57:27.0975 0x10a0 PrintNotify - ok
20:57:28.0021 0x10a0 PrintWorkflowUserSvc - ok
20:57:28.0068 0x10a0 Processor - ok
20:57:28.0068 0x10a0 ProfSvc - ok
20:57:28.0100 0x10a0 Psched - ok
20:57:28.0115 0x10a0 PushToInstall - ok
20:57:28.0162 0x10a0 [ 2F3808790D517E5E5E6ABF7177875C02, BE1A79A6498697EB86FC29638324A853197B49BC06AE3EB1130793F710926998 ] QWAVE C:\WINDOWS\system32\qwave.dll
20:57:28.0775 0x10a0 QWAVE - ok
20:57:28.0822 0x10a0 [ CE51A9A997D2830C6C64A36D7F8D8879, 706D683CAF92C259C121222446D34ED43F6E8872407C3615E2ED118ACD24D21D ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
20:57:28.0853 0x10a0 QWAVEdrv - ok
20:57:28.0853 0x10a0 Ramdisk - ok
20:57:28.0868 0x10a0 RasAcd - ok
20:57:28.0884 0x10a0 RasAgileVpn - ok
20:57:28.0900 0x10a0 RasAuto - ok
20:57:28.0900 0x10a0 Rasl2tp - ok
20:57:28.0931 0x10a0 RasMan - ok
20:57:28.0946 0x10a0 RasPppoe - ok
20:57:28.0946 0x10a0 RasSstp - ok
20:57:28.0962 0x10a0 rdbss - ok
20:57:29.0009 0x10a0 [ B7BAD23CA994EFF8EA11261626326004, 056495FB4A54984CE9D28D7B45550990D4A4B0736669F0F69138BEF51A695EFA ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
20:57:29.0040 0x10a0 rdpbus - ok
20:57:29.0040 0x10a0 RDPDR - ok
20:57:29.0056 0x10a0 RdpVideoMiniport - ok
20:57:29.0087 0x10a0 [ B4A6F3BFB5A07DAF4E18C14A6337A226, F906865E349390D24A3DCBC563154BBB9F307B97361832BE93BC9D44A9F3B486 ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
20:57:29.0103 0x10a0 rdyboost - ok
20:57:29.0118 0x10a0 ReFS - ok
20:57:29.0118 0x10a0 ReFSv1 - ok
20:57:29.0165 0x10a0 RemoteAccess - ok
20:57:29.0400 0x10a0 [ 58B3C0A2B0C130838588EF519ADCE495, 60360DD8EA1802C8F95EB93531FF9666BE1148253E6A1BD706D4CA98955C0F6E ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:57:30.0024 0x10a0 RemoteRegistry - ok
20:57:30.0024 0x10a0 RetailDemo - ok
20:57:30.0056 0x10a0 [ EC8E58E6B58B4FCDE77431CDA3A24C0E, 25667717BF4691957F07A6363585E2C7EAF22E5FD7229BF32C91EA59EF4A2EDD ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys
20:57:30.0071 0x10a0 Revoflt - ok
20:57:30.0102 0x10a0 [ D2EE9CCE0187C616E50D61EB30ECA262, 825C918D22FC8DBF3EE9BDB41D121A0AC3CCBFFBA147E2B26F0197552E0675DE ] RFCOMM C:\WINDOWS\System32\drivers\rfcomm.sys
20:57:30.0134 0x10a0 RFCOMM - ok
20:57:30.0165 0x10a0 [ 4DD0EFE49F0C020DAFEAE6F5F231362C, DF04978AF6CD34C8251B3DDE381CD77518684DCB1D2B16BD2DAFEE63AC9D5858 ] rhproxy C:\WINDOWS\System32\drivers\rhproxy.sys
20:57:30.0212 0x10a0 rhproxy - ok
20:57:30.0259 0x10a0 RmSvc - ok
20:57:30.0306 0x10a0 RpcEptMapper - ok
20:57:30.0337 0x10a0 [ D45676C47616B9ABBFAEC97DD3B240A8, E13985D667F66B7A0082356F23270F61A57B8C2DD211B1E09D66D7970D7B4D6A ] RpcLocator C:\WINDOWS\system32\locator.exe
20:57:30.0493 0x10a0 RpcLocator - ok
20:57:30.0524 0x10a0 RpcSs - ok
20:57:30.0555 0x10a0 [ 685B0561F0E0B13CD7DDBC47892BD732, D277FBAAE817DD071D6973BB47991E9DCBE64169169B321BF0A5FEA91AEF1981 ] RSBASTOR C:\WINDOWS\System32\drivers\RtsBaStor.sys
20:57:30.0571 0x10a0 RSBASTOR - ok
20:57:30.0618 0x10a0 [ EABD30C39742A79913B595A5B6F809D4, 9067160F566220A2B21FEEE181729A796A3F3EECF75FFB75815BE5CCC7BBA64F ] rspndr C:\WINDOWS\system32\drivers\rspndr.sys
20:57:30.0665 0x10a0 rspndr - ok
20:57:30.0712 0x10a0 [ 80453D2522DA43AED8F2D94ABD33B01B, C50CE27C17FB5EBA4E3C75D1A8BD1161CD82AB47A48AE3B95E7352B783AAB415 ] rt640x64 C:\WINDOWS\System32\drivers\rt640x64.sys
20:57:30.0743 0x10a0 rt640x64 - ok
20:57:30.0759 0x10a0 [ 5914CC0C1E99A3C1711BDB1E224526D1, 54BB8636F27282B396D487B3FEA8BD73F2F6FE6DA4DE8D718EE498F75A6A5DCE ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
20:57:30.0774 0x10a0 s3cap - ok
20:57:30.0805 0x10a0 SamSs - ok
20:57:30.0821 0x10a0 sbp2port - ok
20:57:30.0868 0x10a0 SCardSvr - ok
20:57:30.0899 0x10a0 ScDeviceEnum - ok
20:57:30.0915 0x10a0 scfilter - ok
20:57:30.0962 0x10a0 Schedule - ok
20:57:30.0977 0x10a0 scmbus - ok
20:57:30.0977 0x10a0 SCPolicySvc - ok
20:57:30.0993 0x10a0 sdbus - ok
20:57:31.0008 0x10a0 [ 3200667DB433F0A2032FAF4DC02E2089, 5E940CA63AD21CEA08C334AC61D985BAFDBA7DCB2D388F355B5C72EFA3E23E0A ] SDFRd C:\WINDOWS\System32\drivers\SDFRd.sys
20:57:31.0024 0x10a0 SDFRd - ok
20:57:31.0071 0x10a0 SDRSVC - ok
20:57:31.0087 0x10a0 sdstor - ok
20:57:31.0118 0x10a0 [ 016706A76857F914C99D2472B1E79BF9, 39A114EB591E243E0429DA7279413F046626DE7B52E057DDBCD26A0A1BF327FB ] seclogon C:\WINDOWS\system32\seclogon.dll
20:57:31.0555 0x10a0 seclogon - ok
20:57:31.0977 0x10a0 [ E1B5361CF23F650BD0B9511A7A8D7CFD, 2B6DBEA313C6BA0256ED625B2E2C3AC2ECA33D2D9E1E8217F115D6B4A71E91E1 ] SecureLine C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe
20:57:32.0321 0x10a0 SecureLine - ok
20:57:32.0368 0x10a0 SecurityHealthService - ok
20:57:32.0414 0x10a0 SEMgrSvc - ok
20:57:32.0430 0x10a0 [ 1EA7972A4C7163FF1D3EFE9988404D4E, 56A94B1617815C1E8A79D832B0F0CBA683C3080105CC4C87DBB9B8EAB4CD2690 ] SENS C:\WINDOWS\System32\sens.dll
20:57:32.0633 0x10a0 SENS - ok
20:57:32.0633 0x10a0 SensorDataService - ok
20:57:32.0649 0x10a0 SensorService - ok
20:57:32.0696 0x10a0 [ 0BCFFAD6F3B180DD60C941B01768F733, A0B73C1BF636F14504B69606999287B6FE148C958A4F6E31E9022FF129A048E0 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
20:57:32.0742 0x10a0 SensrSvc - ok
20:57:32.0742 0x10a0 SerCx - ok
20:57:32.0742 0x10a0 SerCx2 - ok
20:57:32.0742 0x10a0 Serenum - ok
20:57:32.0758 0x10a0 Serial - ok
20:57:32.0758 0x10a0 sermouse - ok
20:57:32.0805 0x10a0 SessionEnv - ok
20:57:32.0821 0x10a0 sfloppy - ok
20:57:32.0867 0x10a0 [ C05648C2BE6176BE557D9C7F02916388, C65D8FEDDCD9A52B04F42C64DAD2A499BF51246D36042E8DC09DD04C4C0B7BEE ] SgrmAgent C:\WINDOWS\system32\drivers\SgrmAgent.sys
20:57:32.0946 0x10a0 SgrmAgent - ok
20:57:33.0008 0x10a0 SgrmBroker - ok
20:57:33.0117 0x10a0 SharedAccess - ok
20:57:33.0305 0x10a0 SharedRealitySvc - ok
20:57:33.0336 0x10a0 [ BE44F2B19C4F61FED874C7FE26DF92AA, 07888C7575A1D7D46AE375B1CE6C13665CCEE0F0672EA8FDE71B955B5BC0EA70 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:57:33.0977 0x10a0 ShellHWDetection - ok
20:57:34.0008 0x10a0 shpamsvc - ok
20:57:34.0008 0x10a0 SiSRaid2 - ok
20:57:34.0008 0x10a0 SiSRaid4 - ok
20:57:34.0023 0x10a0 SmartSAMD - ok
20:57:34.0086 0x10a0 smphost - ok
20:57:34.0102 0x10a0 SmsRouter - ok
20:57:34.0133 0x10a0 [ 1971BBC71602B928CF9257759E3C05E8, 9D665698FF26ED333AD385B4B7A6C0F2B6806371D278E281FA4188002A5317E8 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
20:57:34.0461 0x10a0 SNMPTRAP - ok
20:57:34.0476 0x10a0 [ 27B7D9E872939EBB34C30343F991893D, 879AFDC8C50487ED0D3CB58C70A206E185F94BE75C25C31C387F3F08740771F9 ] spaceparser C:\WINDOWS\system32\drivers\spaceparser.sys
20:57:34.0508 0x10a0 spaceparser - ok
20:57:34.0523 0x10a0 spaceport - ok
20:57:34.0570 0x10a0 [ AB3BDEC793187CEDF1229AC98BB7DEDF, D2EA0C5FC534C89310207AA26A8816B30FEEF3F2708A067D8BB93D3CFF9C3936 ] SpatialGraphFilter C:\WINDOWS\system32\drivers\SpatialGraphFilter.sys
20:57:34.0586 0x10a0 SpatialGraphFilter - ok
20:57:34.0601 0x10a0 SpbCx - ok
20:57:34.0601 0x10a0 spectrum - ok
20:57:34.0648 0x10a0 Spooler - ok
20:57:34.0664 0x10a0 sppsvc - ok
20:57:34.0680 0x10a0 srv - ok
20:57:34.0695 0x10a0 srv2 - ok
20:57:34.0711 0x10a0 srvnet - ok
20:57:34.0758 0x10a0 SSDPSRV - ok
20:57:34.0804 0x10a0 ssh-agent - ok
20:57:34.0820 0x10a0 SstpSvc - ok
20:57:34.0867 0x10a0 [ DB1FA4DDD8641E5631969744695DA856, 7D0B4E051C0644C50A079C407ADAC029858FF5E151F420F8A8B44CE1D2B64BB8 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
20:57:34.0883 0x10a0 ssudmdm - ok
20:57:34.0914 0x10a0 StateRepository - ok
20:57:34.0914 0x10a0 stexstor - ok
20:57:34.0929 0x10a0 stisvc - ok
20:57:34.0961 0x10a0 storahci - ok
20:57:34.0976 0x10a0 storflt - ok
20:57:35.0008 0x10a0 stornvme - ok
20:57:35.0023 0x10a0 storqosflt - ok
20:57:35.0039 0x10a0 StorSvc - ok
20:57:35.0054 0x10a0 storufs - ok
20:57:35.0054 0x10a0 storvsc - ok
20:57:35.0070 0x10a0 svsvc - ok
20:57:35.0164 0x10a0 swenum - ok
20:57:35.0211 0x10a0 swprv - ok
20:57:35.0211 0x10a0 Synth3dVsc - ok
20:57:35.0242 0x10a0 SysMain - ok
20:57:35.0273 0x10a0 SystemEventsBroker - ok
20:57:35.0304 0x10a0 TabletInputService - ok
20:57:35.0320 0x10a0 TapiSrv - ok
20:57:35.0336 0x10a0 Tcpip - ok
20:57:35.0336 0x10a0 Tcpip6 - ok
20:57:35.0367 0x10a0 [ 57BE670CF1D93717B628271B404D658A, EDD4C58EDAB985C87D6101D9CA5620146EE2BB8A1B899C635DD4CD36541DD46E ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
20:57:35.0398 0x10a0 tcpipreg - ok
20:57:35.0414 0x10a0 tdx - ok
20:57:35.0429 0x10a0 Telemetry - ok
20:57:35.0461 0x10a0 [ C225B94F2B27AC97C3E66C0550AEA249, 6F88375DD12A648B77BB6EB4BE527FF6678EE76A2059DB5B4CC971CDB31D0DB8 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
20:57:35.0461 0x10a0 terminpt - ok
20:57:35.0492 0x10a0 TermService - ok
20:57:35.0523 0x10a0 [ 8EC4197962A0349DFFBDC11586099DB8, 8DD5348A4983C376F63E6B209227D4D02300555F8C80A0E0DB2EA16074ABC334 ] Themes C:\WINDOWS\system32\themeservice.dll
20:57:36.0398 0x10a0 Themes - ok
20:57:36.0413 0x10a0 TieringEngineService - ok
20:57:36.0429 0x10a0 TimeBrokerSvc - ok
20:57:36.0460 0x10a0 TokenBroker - ok
20:57:36.0492 0x10a0 TPM - ok
20:57:36.0523 0x10a0 [ 62636F77E0C51D59F043D9197C897AD4, F121E79E0A15ED6E362D7DEF72F9C1D2D5CC50BBEC3541DFAB91691BC3AFB191 ] TrkWks C:\WINDOWS\System32\trkwks.dll
20:57:36.0695 0x10a0 TrkWks - ok
20:57:36.0742 0x10a0 TroubleshootingSvc - ok
20:57:36.0820 0x10a0 TrustedInstaller - ok
20:57:36.0851 0x10a0 [ F613A8618CC19DD96D1E0C81C5DCB7D1, AD6DE675AC033BE6BF75FF6303EAED4B5C672689D3AEC6DB94816D60E19B7030 ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
20:57:36.0882 0x10a0 TsUsbFlt - ok
20:57:36.0913 0x10a0 [ BF1D6924E7949102DA6F14F7EFE8D2D5, EA6AE80568B8FEB5EAE213EC8222AD72FFD99D80321D7F2A52C1B42A88F583AD ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
20:57:36.0945 0x10a0 TsUsbGD - ok
20:57:36.0960 0x10a0 [ 6244FD1056BF170E38245B4B9042BFDF, C32908B3C5800CD52EF9BDD26C77B8162831CFD19DBF1D399941B17FB909AD94 ] tunnel C:\WINDOWS\system32\drivers\tunnel.sys
20:57:37.0023 0x10a0 tunnel - ok
20:57:37.0054 0x10a0 tzautoupdate - ok
20:57:37.0070 0x10a0 UASPStor - ok
20:57:37.0085 0x10a0 UcmCx0101 - ok
20:57:37.0116 0x10a0 [ 229B33B8499F4F2AAB1F3B590423611F, E70A2D9EEEF0C6894A0DB7990CFF6ECE3B8F389FD30B7B1949FCBDD3300B6148 ] UcmTcpciCx0101 C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
20:57:37.0148 0x10a0 UcmTcpciCx0101 - ok
20:57:37.0195 0x10a0 [ 7FDC3A6FD8547468CE554C8821640103, 3626760AEE42EE36E047DA6899A81E0646DFBA344A234270EAE5D635F049BE37 ] UcmUcsiAcpiClient C:\WINDOWS\System32\drivers\UcmUcsiAcpiClient.sys
20:57:37.0226 0x10a0 UcmUcsiAcpiClient - ok
20:57:37.0226 0x10a0 UcmUcsiCx0101 - ok
20:57:37.0241 0x10a0 Ucx01000 - ok
20:57:37.0241 0x10a0 UdeCx - ok
20:57:37.0241 0x10a0 udfs - ok
20:57:37.0273 0x10a0 UdkUserSvc - ok
20:57:37.0304 0x10a0 UEFI - ok
20:57:37.0320 0x10a0 Ufx01000 - ok
20:57:37.0335 0x10a0 UfxChipidea - ok
20:57:37.0366 0x10a0 ufxsynopsys - ok
20:57:37.0476 0x10a0 [ 931255341ADB0480D8C8CB1A2ED82FDA, C7664DF416694E3545F2B4BCB82A36614DA1B18618FD3EF70474BC0E785B5CD3 ] uhssvc C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
20:57:37.0491 0x10a0 uhssvc - ok
20:57:37.0507 0x10a0 umbus - ok
20:57:37.0523 0x10a0 UmPass - ok
20:57:37.0538 0x10a0 UmRdpService - ok
20:57:37.0569 0x10a0 UnistoreSvc - ok
20:57:37.0585 0x10a0 upnphost - ok
20:57:37.0601 0x10a0 [ 5C33B91675BE0C9693358C1AAA723D20, A5BB54ABBB0F7B13ACCA0997F567A81395688C6D68EB87F67F688737DC16918F ] UrsChipidea C:\WINDOWS\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\urschipidea.sys
20:57:37.0616 0x10a0 UrsChipidea - ok
20:57:37.0648 0x10a0 [ ADFAB87405AE22290E24D0E8E6141AF1, BC0982BEFE4CABEA1E260C8A3266EA18A4CA158A07D1C5176890A04CC3B6A84A ] UrsCx01000 C:\WINDOWS\system32\drivers\urscx01000.sys
20:57:37.0663 0x10a0 UrsCx01000 - ok
20:57:37.0694 0x10a0 [ BBDE7BF496327115DD744E7D4105C7BC, 5A8CC47603A1C9D58A30A5E897F1BCDC56199B08317B9FF319D469D6DD6CAAF0 ] UrsSynopsys C:\WINDOWS\System32\DriverStore\FileRepository\urssynopsys.inf_amd64_057fa37902020500\urssynopsys.sys
20:57:37.0694 0x10a0 UrsSynopsys - ok
20:57:37.0741 0x10a0 usbaudio - ok
20:57:37.0788 0x10a0 [ FB9F25ACEBCBAEABFE30CACCB17D4EE6, 7D38FA294DA179E5535E3E481746F07E2AE47CE57192C2D1C5B780B583FD9C6D ] usbaudio2 C:\WINDOWS\System32\drivers\usbaudio2.sys
20:57:37.0819 0x10a0 usbaudio2 - ok
20:57:37.0835 0x10a0 usbccgp - ok
20:57:37.0866 0x10a0 [ 11561FC5BAA2DEB5AC8B179B591A882E, 2AD595BF4ABC146D8F533981848FF8271E983038566937BEB48A6A8F09BC60FB ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
20:57:37.0898 0x10a0 usbcir - ok
20:57:37.0913 0x10a0 usbehci - ok
20:57:37.0913 0x10a0 usbhub - ok
20:57:37.0944 0x10a0 USBHUB3 - ok
20:57:37.0960 0x10a0 usbohci - ok
20:57:37.0960 0x10a0 usbprint - ok
20:57:37.0976 0x10a0 usbser - ok
20:57:38.0007 0x10a0 USBSTOR - ok
20:57:38.0007 0x10a0 usbuhci - ok
20:57:38.0022 0x10a0 usbvideo - ok
20:57:38.0022 0x10a0 USBXHCI - ok
20:57:38.0054 0x10a0 UserDataSvc - ok
20:57:38.0069 0x10a0 UserManager - ok
20:57:38.0101 0x10a0 UsoSvc - ok
20:57:38.0132 0x10a0 VacSvc - ok
20:57:38.0163 0x10a0 VaultSvc - ok
20:57:38.0179 0x10a0 vdrvroot - ok
20:57:38.0226 0x10a0 vds - ok
20:57:38.0226 0x10a0 VerifierExt - ok
20:57:38.0226 0x10a0 vhdmp - ok
20:57:38.0226 0x10a0 vhf - ok
20:57:38.0241 0x10a0 Vid - ok
20:57:38.0288 0x10a0 [ B37F0BF662BB504F0A9C247F24C281AD, 6281D573D9AD9AA204778C3823737726E882B17657B23CF5458C012FF7990E52 ] VirtualRender C:\WINDOWS\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\vrd.sys
20:57:38.0382 0x10a0 VirtualRender - ok
20:57:38.0429 0x10a0 vmbus - ok
20:57:38.0429 0x10a0 VMBusHID - ok
20:57:38.0460 0x10a0 [ E5BB075B6B5A1DA3C3F48CA5DFF54E77, E13E8F9523F51F976084561C9D0A843CAF550FA233521FF13FFE1C5634CA6472 ] vmgid C:\WINDOWS\System32\drivers\vmgid.sys
20:57:38.0460 0x10a0 vmgid - ok
20:57:38.0491 0x10a0 vmicguestinterface - ok
20:57:38.0491 0x10a0 vmicheartbeat - ok
20:57:38.0491 0x10a0 vmickvpexchange - ok
20:57:38.0522 0x10a0 vmicrdv - ok
20:57:38.0522 0x10a0 vmicshutdown - ok
20:57:38.0522 0x10a0 vmictimesync - ok
20:57:38.0522 0x10a0 vmicvmsession - ok
20:57:38.0538 0x10a0 vmicvss - ok
20:57:38.0538 0x10a0 volmgr - ok
20:57:38.0554 0x10a0 volmgrx - ok
20:57:38.0554 0x10a0 volsnap - ok
20:57:38.0569 0x10a0 volume - ok
20:57:38.0585 0x10a0 [ A37A7788DABE4FF6E33FE50D7A33D8E8, 9E99D9D27BA3DFA6F89C77B9AD91BE495F15E4F612BB63B209157DFA13BCD7E0 ] vpci C:\WINDOWS\system32\drivers\vpci.sys
20:57:38.0585 0x10a0 vpci - ok
20:57:38.0600 0x10a0 vsmraid - ok
20:57:38.0632 0x10a0 VSS - ok
20:57:38.0632 0x10a0 VSTXRAID - ok
20:57:38.0647 0x10a0 vwifibus - ok
20:57:38.0663 0x10a0 vwififlt - ok
20:57:38.0663 0x10a0 vwifimp - ok
20:57:38.0788 0x10a0 W32Time - ok
20:57:38.0819 0x10a0 WaaSMedicSvc - ok
20:57:38.0835 0x10a0 WacomPen - ok
20:57:38.0866 0x10a0 WalletService - ok
20:57:38.0882 0x10a0 wanarp - ok
20:57:38.0882 0x10a0 wanarpv6 - ok
20:57:38.0913 0x10a0 [ 8449398F11D49864117105679B539816, 8FD3B9C72066D6A983D062DE72EEF9769339EACBF4E0D303B9E12343C9D5DE6C ] WarpJITSvc C:\WINDOWS\System32\Windows.WARP.JITService.dll
20:57:41.0976 0x10a0 WarpJITSvc - ok
20:57:42.0023 0x10a0 wbengine - ok
20:57:42.0054 0x10a0 WbioSrvc - ok
20:57:42.0070 0x10a0 wcifs - ok
20:57:42.0117 0x10a0 Wcmsvc - ok
20:57:42.0132 0x10a0 wcncsvc - ok
20:57:42.0163 0x10a0 wcnfs - ok
20:57:42.0179 0x10a0 WdBoot - ok
20:57:42.0195 0x10a0 Wdf01000 - ok
20:57:42.0195 0x10a0 WdFilter - ok
20:57:42.0226 0x10a0 [ BB37AF6E45E0F69222E057A74B4AFE1E, 4662064205BEC0DB7B10F1412E0A09A6E5E3B16DE443AEF7F79ACA3ACE24A51D ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
20:57:42.0273 0x10a0 WdiServiceHost - ok
20:57:42.0288 0x10a0 [ BB37AF6E45E0F69222E057A74B4AFE1E, 4662064205BEC0DB7B10F1412E0A09A6E5E3B16DE443AEF7F79ACA3ACE24A51D ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
20:57:42.0304 0x10a0 WdiSystemHost - ok
20:57:42.0320 0x10a0 wdiwifi - ok
20:57:42.0351 0x10a0 [ A6C92A5F2982EBB8788E0690C19048C4, 85C54A99DD43DC1FAC7FD2A31288CEC7501F795DE8FA86857790F4CCD5AF7C18 ] WdmCompanionFilter C:\WINDOWS\system32\drivers\WdmCompanionFilter.sys
20:57:42.0445 0x10a0 WdmCompanionFilter - ok
20:57:42.0445 0x10a0 WdNisDrv - ok
20:57:42.0632 0x10a0 WdNisSvc - ok
20:57:42.0663 0x10a0 [ 4A81FA6E29A3909FC620EC8B7AE0C8FF, 89F67C978A7F58FF1E51CE6DE17FE8FAF64A52A2E96BD188E911517AF1949275 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:57:42.0710 0x10a0 WebClient - ok
20:57:42.0741 0x10a0 Wecsvc - ok
20:57:42.0757 0x10a0 [ CBA85827716DE89106F8E4AD7430620C, EF2FEAD68FE003DAC52BC2098962F397DF80B7DCD79A8F45012A050C7C0E2DB1 ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
20:57:42.0804 0x10a0 WEPHOSTSVC - ok
20:57:42.0835 0x10a0 wercplsupport - ok
20:57:42.0882 0x10a0 WerSvc - ok
20:57:42.0913 0x10a0 [ 39B758E2093B9FB42A086BF4BB1B8BEC, 473C61E7F4D734AE9C4BD2E111C6DCE595E9EF167C001CEDC35E53213F2987F6 ] WFDSConMgrSvc C:\WINDOWS\System32\wfdsconmgrsvc.dll
20:57:43.0038 0x10a0 WFDSConMgrSvc - ok
20:57:43.0066 0x10a0 WFPLWFS - ok
20:57:43.0084 0x10a0 WiaRpc - ok
20:57:43.0096 0x10a0 WIMMount - ok
20:57:43.0127 0x10a0 WinDefend - ok
20:57:43.0159 0x10a0 [ B434A84F46C70F4E67B70ED70F024B7F, 64EEB8093BA2590E83D83C5AF7C2A025B88AF5681143BCA83671104266FEEA99 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
20:57:43.0159 0x10a0 WindowsTrustedRT - ok
20:57:43.0205 0x10a0 [ 982774B74EE1419D641CEB66E394A4BA, 090C4CE6B76B3904B5AE73E4F1EEBCE619194C358874D7584537012F954C54BE ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
20:57:43.0205 0x10a0 WindowsTrustedRTProxy - ok
20:57:43.0252 0x10a0 WinHttpAutoProxySvc - ok
20:57:43.0268 0x10a0 WinMad - ok
20:57:43.0455 0x10a0 Winmgmt - ok
20:57:43.0455 0x10a0 WinNat - ok
20:57:43.0502 0x10a0 WinRM - ok
20:57:43.0518 0x10a0 [ 91D3DC62C6EDDB6554CE14C0E0B4290F, 6F8F89B350FC6BC0D23A50C593F02514854AB7D6CD234D8C8AD4B5DDDD586BA0 ] WINUSB C:\WINDOWS\System32\drivers\WinUsb.sys
20:57:43.0534 0x10a0 WINUSB - ok
20:57:43.0534 0x10a0 WinVerbs - ok
20:57:43.0580 0x10a0 wisvc - ok
20:57:43.0596 0x10a0 WlanSvc - ok
20:57:43.0627 0x10a0 wlidsvc - ok
20:57:43.0674 0x10a0 wlpasvc - ok
20:57:43.0690 0x10a0 WManSvc - ok
20:57:43.0705 0x10a0 WmiAcpi - ok
20:57:43.0737 0x10a0 wmiApSrv - ok
20:57:43.0799 0x10a0 WMPNetworkSvc - ok
20:57:43.0799 0x10a0 Wof - ok
20:57:43.0924 0x10a0 [ 33657E39F8E5084940F53DE337B4150F, 945B702B3E48920AC4A924CEC4D2ED75F1749E7590EDA142955555C0143CF749 ] Wondershare InstallAssist C:\ProgramData\Wondershare\Service\InstallAssistService.exe
20:57:43.0955 0x10a0 Wondershare InstallAssist - ok
20:57:43.0987 0x10a0 workfolderssvc - ok
20:57:44.0002 0x10a0 WpcMonSvc - ok
20:57:44.0033 0x10a0 [ 02876C4F9F4EEC8AC30BBCFFE3447AB6, 0744CBBD9F2B867DF456E2B0E113897B654F07E1C96FCB32D4B4B57BE6A3BE81 ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
20:57:45.0002 0x10a0 WPDBusEnum - ok
20:57:45.0033 0x10a0 [ 024924C9E79F51560B9133EEAB866BBF, F4D464BC02C7B96EF72AA9229A99A1AD32F56390F97972C33525EF0D85304261 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
20:57:45.0049 0x10a0 WpdUpFltr - ok
20:57:45.0064 0x10a0 WpnService - ok
20:57:45.0064 0x10a0 WpnUserService - ok
20:57:45.0080 0x10a0 ws2ifsl - ok
20:57:45.0096 0x10a0 wscsvc - ok
20:57:45.0127 0x10a0 [ 3B974B8EAED22593AC3B946C694E08D9, 96A41C32F8724EAB8B2E88D1A21AB5B725616759E1FB731DEC0562F871ED7AB3 ] WSDPrintDevice C:\WINDOWS\System32\drivers\WSDPrint.sys
20:57:45.0174 0x10a0 WSDPrintDevice - ok
20:57:45.0174 0x10a0 WSearch - ok
20:57:45.0205 0x10a0 wuauserv - ok
20:57:45.0236 0x10a0 [ 7FC0072ECE3F5F860990EF4E10D3F8F4, 15444A3E540EAD214A674FF0EB99CD42899D6A1139E59D69DE1C2B6BA364A9E0 ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
20:57:45.0392 0x10a0 WudfPf - ok
20:57:45.0439 0x10a0 [ 24B093F34B25076A2A6605DDAC8A629B, 64BEEA0C054C91AD2CEB9F6B9238A8ED3696FC20B8CC4753D88B8BC482D766C0 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
20:57:45.0486 0x10a0 WUDFRd - ok
20:57:45.0486 0x10a0 [ 24B093F34B25076A2A6605DDAC8A629B, 64BEEA0C054C91AD2CEB9F6B9238A8ED3696FC20B8CC4753D88B8BC482D766C0 ] WUDFWpdFs C:\WINDOWS\System32\drivers\WUDFRd.sys
20:57:45.0517 0x10a0 WUDFWpdFs - ok
20:57:45.0549 0x10a0 [ 24B093F34B25076A2A6605DDAC8A629B, 64BEEA0C054C91AD2CEB9F6B9238A8ED3696FC20B8CC4753D88B8BC482D766C0 ] WUDFWpdMtp C:\WINDOWS\System32\drivers\WUDFRd.sys
20:57:45.0580 0x10a0 WUDFWpdMtp - ok
20:57:45.0611 0x10a0 WwanSvc - ok
20:57:45.0674 0x10a0 XblAuthManager - ok
20:57:45.0689 0x10a0 XblGameSave - ok
20:57:45.0689 0x10a0 xboxgip - ok
20:57:45.0705 0x10a0 XboxGipSvc - ok
20:57:45.0721 0x10a0 XboxNetApiSvc - ok
20:57:45.0721 0x10a0 xinputhid - ok
20:57:45.0721 0x10a0 ================ Scan global ===============================
20:57:45.0924 0x10a0 [ Global ] - ok
20:57:45.0924 0x10a0 ================ Scan MBR ==================================
20:57:45.0939 0x10a0 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
20:57:46.0002 0x10a0 \Device\Harddisk0\DR0 - ok
20:57:46.0017 0x10a0 ================ Scan VBR ==================================
20:57:46.0033 0x10a0 [ B85DE5882EBB7AEE50E9CA78F776BBC4 ] \Device\Harddisk0\DR0\Partition1
20:57:46.0033 0x10a0 \Device\Harddisk0\DR0\Partition1 - ok
20:57:46.0049 0x10a0 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition2
20:57:46.0049 0x10a0 \Device\Harddisk0\DR0\Partition2 - ok
20:57:46.0064 0x10a0 [ 81A27D71C386B97D76B676C1E0F272A3 ] \Device\Harddisk0\DR0\Partition3
20:57:46.0064 0x10a0 \Device\Harddisk0\DR0\Partition3 - ok
20:57:46.0080 0x10a0 [ A8AFF21C1EB8DFC6FD0E22BA0B4372E4 ] \Device\Harddisk0\DR0\Partition4
20:57:46.0080 0x10a0 \Device\Harddisk0\DR0\Partition4 - ok
20:57:46.0080 0x10a0 ================ Scan active images ========================
20:57:46.0080 0x10a0 ================ Scan generic autorun ======================
20:57:46.0127 0x10a0 [ 783C99AFD4C2AE6950FA5694389D2CFA, 570B37A7A3FFDAFCCECCC33CBC1968FEB857B73CA3CB4DFFEDC2E67E9ABD0878 ] C:\WINDOWS\system32\SecurityHealthSystray.exe
20:57:46.0236 0x10a0 SecurityHealth - ok
20:57:46.0611 0x10a0 [ BA072CBF5B9114A44A8CFA4C4446C2D3, FDBAFCB5688191AD9543D50530A34BDC4DA11993A4817DFB80C8D3447CF65B57 ] C:\Program Files\AVAST Software\Avast\AvLaunch.exe
20:57:46.0627 0x10a0 AvastUI.exe - ok
20:57:46.0830 0x10a0 [ 2451EDF225AF47CC2277378D54E5F2E8, B02EBDB0E08107D1E317572C0404FBC8BBFFA50CBE1776EF8BDF3BF77C28FBF6 ] C:\Program Files\Avast Software\Cleanup\TuneupUI.exe
20:57:46.0955 0x10a0 TuneupUI.exe - ok
20:57:47.0048 0x10a0 [ E782C99ED0176334F169C2C7C2A6D1DA, 004C8192284FEC6809522F48275BE4450B8D7F9E7410AA541EEF477DFABB9615 ] C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe
20:57:47.0064 0x10a0 EPSON_UD_START - ok
20:57:47.0064 0x10a0 {F1CC6B2D-F110-4A4C-A9C6-8AC93A7BA229} - ok
20:57:47.0767 0x10a0 OneDriveSetup - ok
20:57:47.0783 0x10a0 OneDriveSetup - ok
20:57:47.0783 0x10a0 OneDriveSetup - ok
20:57:48.0079 0x10a0 [ 7E4E052E45F1A30C4B1AF5043C877573, 5C6D45FEDD161CCCE4505E7D1B8E3EB5DB0235214EBB612C65DF346A477EF193 ] C:\Users\mbrio\AppData\Local\Microsoft\OneDrive\OneDrive.exe
20:57:48.0126 0x10a0 OneDrive - ok
20:57:48.0282 0x10a0 [ 2287DAEA100837E40232FD9053F635D8, 8E905B8BC72F8DD6C7C71A7E04CD8D8EC1E9AD2B77EF5A48E089E439A75043D6 ] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIFE.EXE
20:57:48.0314 0x10a0 EPLTarget\P0000000000000000 - ok
20:57:48.0392 0x10a0 CCleaner Smart Cleaning - ok
20:57:48.0501 0x10a0 [ 9282B08109D452769CD02AEA56726878, 4C71D4E6DBA8C3B49FF2F6060AF1BDAAD486AE472EBC93280126D287788F2342 ] C:\Users\mbrio\AppData\Local\Microsoft\Teams\Update.exe
20:57:48.0610 0x10a0 com.squirrel.Teams.Teams - ok
20:57:48.0642 0x10a0 CCleanerBrowserAutoLaunch_5CDE49F1B74C79B7BAA32A65E90C1006 - ok
20:57:48.0657 0x10a0 OneDriveSetup - ok
20:57:48.0720 0x10a0 [ 251E51E2FEDCE8BB82763D39D631EF89, 2682086ACE1970D5573F971669591B731F87D749406927BD7A7A4B58C3C662E9 ] C:\Program Files (x86)\Windows Mail\wab.exe
20:57:48.0985 0x10a0 WAB Migrate - ok
20:57:48.0985 0x10a0 OneDriveSetup - ok
20:57:49.0001 0x10a0 [ 251E51E2FEDCE8BB82763D39D631EF89, 2682086ACE1970D5573F971669591B731F87D749406927BD7A7A4B58C3C662E9 ] C:\Program Files (x86)\Windows Mail\wab.exe
20:57:49.0032 0x10a0 WAB Migrate - ok
20:57:49.0032 0x10a0 Waiting for KSN requests completion. In queue: 76
20:57:50.0704 0x10a0 AV detected via SS2: Windows Defender, windowsdefender:// ( ), 0x60100 ( disabled : updated )
20:57:50.0704 0x10a0 AV detected via SS2: Avast Antivirus, C:\Program Files\AVAST Software\Avast\wsc_proxy.exe ( 21.4.6162.0 ), 0x41000 ( enabled : updated )
20:57:50.0751 0x10a0 AV detected via SS2: Malwarebytes, C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe ( 3.0.0.207 ), 0x60000 ( disabled : updated )
20:57:50.0813 0x10a0 AV detected via SS2: McAfee VirusScan, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 17.2.0.0 ), 0x70000 ( disabled : updated )
20:57:50.0813 0x10a0 FW detected via SS2: McAfee Firewall, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 17.2.0.0 ), 0x70000 ( disabled )
20:57:50.0844 0x10a0 Win FW state via NFP2: enabled ( trusted )
20:57:51.0782 0x10a0 ============================================================
20:57:51.0782 0x10a0 Scan finished
20:57:51.0782 0x10a0 ============================================================
20:57:51.0789 0x0be4 Detected object count: 0
20:57:51.0789 0x0be4 Actual detected object count: 0alwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
Database version:
main: v2021.08.03.06
rootkit: v2021.08.03.06
Windows 10 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.789.19041.0
mbrio :: DESKTOP-JNS742B [administrator]
3/8/2021 19:06:38
mbar-log-2021-08-03 (19-06-38).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 328512
Time elapsed: 1 hour(s), 17 minute(s), 4 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
System is currently in a safe mode
Account is Administrative
Internet Explorer version: 11.789.19041.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.712000 GHz
Memory total: 8465854464, free: 4607868928
Downloaded database version: v2021.08.03.06
Downloaded database version: v2021.08.03.06
Downloaded database version: v2018.01.20.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
08/03/2021 19:06:22
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\WppRecorder.sys
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\system32\drivers\SgrmAgent.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\tpm.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\IntelTA.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\isapnp.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\evbda.sys
\SystemRoot\System32\drivers\pcmcia.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\intelide.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\sdbus.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\vmbus.sys
\SystemRoot\System32\drivers\NDIS.SYS
\SystemRoot\System32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\hvsocket.sys
\SystemRoot\System32\drivers\vmbkmcl.sys
\SystemRoot\System32\drivers\winhv.sys
\SystemRoot\System32\drivers\vpci.sys
\SystemRoot\System32\drivers\bxvbda.sys
\SystemRoot\System32\drivers\nvraid.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\urscx01000.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorV.sys
\SystemRoot\System32\drivers\vsmraid.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\3ware.sys
\SystemRoot\System32\drivers\amdsata.sys
\SystemRoot\System32\drivers\amdxata.sys
\SystemRoot\System32\drivers\amdsbs.sys
\SystemRoot\System32\drivers\arcsas.sys
\SystemRoot\System32\drivers\ItSas35i.sys
\SystemRoot\System32\drivers\lsi_sas.sys
\SystemRoot\System32\drivers\lsi_sas2i.sys
\SystemRoot\System32\drivers\lsi_sas3i.sys
\SystemRoot\System32\drivers\lsi_sss.sys
\SystemRoot\System32\drivers\megasas.sys
\SystemRoot\System32\drivers\MegaSas2i.sys
\SystemRoot\System32\drivers\megasas35i.sys
\SystemRoot\System32\drivers\megasr.sys
\SystemRoot\System32\drivers\mvumis.sys
\SystemRoot\System32\drivers\nvstor.sys
\SystemRoot\System32\drivers\percsas2i.sys
\SystemRoot\System32\drivers\percsas3i.sys
\SystemRoot\System32\drivers\SiSRaid2.sys
\SystemRoot\System32\drivers\sisraid4.sys
\SystemRoot\System32\drivers\vstxraid.sys
\SystemRoot\System32\drivers\stexstor.sys
\SystemRoot\System32\drivers\cht4sx64.sys
\SystemRoot\System32\drivers\iaStorAVC.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\stornvme.sys
\SystemRoot\System32\drivers\ADP80XX.SYS
\SystemRoot\System32\drivers\HpSAMD.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\SmartSAMD.sys
\SystemRoot\System32\drivers\nvdimm.sys
\SystemRoot\System32\drivers\EhStorTcgDrv.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\urschipidea.sys
\SystemRoot\System32\drivers\storvsc.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\System32\drivers\vmstorfl.sys
\SystemRoot\System32\drivers\bttflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\uaspstor.sys
\SystemRoot\System32\drivers\storufs.sys
\SystemRoot\System32\drivers\sdstor.sys
\SystemRoot\System32\drivers\scmbus.sys
\SystemRoot\System32\drivers\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\ramdisk.sys
\SystemRoot\System32\drivers\pmem.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\system32\drivers\aswArDisk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\BasicDisplay.sys
\SystemRoot\System32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\CimFS.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\system32\drivers\afunix.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\System32\drivers\ndiscap.sys
\SystemRoot\system32\drivers\aswNetHub.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_7500cffa210c6946\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\DriverStore\FileRepository\umbus.inf_amd64_b78a9c5b6fd62c27\umbus.sys
\SystemRoot\System32\drivers\CAD.sys
\SystemRoot\System32\drivers\iaLPSS2i_I2C.sys
\SystemRoot\system32\drivers\SpbCx.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\athw10x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\aswKbd.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\AsRadioControl.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\UEFI.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_16a14542b63c02af\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\DRIVERS\AiCharger.sys
\SystemRoot\System32\drivers\hidi2c.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\DriverStore\FileRepository\intcdaud.inf_amd64_1b570d7b9a790b1a\IntcDAud.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\AsusPTPFilter.sys
\SystemRoot\System32\drivers\MTConfig.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\drivers\dump_iaStorA.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\msquic.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\Drivers\mbamswissarmy.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\WINDOWS\system32\drivers\MbamChameleon.sys
\??\C:\WINDOWS\system32\drivers\71761355.sys
----------- End -----------
Done!
Scan started
Database versions:
main: v2021.08.03.06
rootkit: v2021.08.03.06
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe707a65b0140, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe707a640dc90, DeviceName: Unknown, DriverName: \Driver\aswArDisk\
DevicePointer: 0xffffe707a64048d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe707a65b0140, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe707a614fe10, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe707a618a3a0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe707a6150050, DeviceName: \Device\00000031\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 1E603F46
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 1107605342
GPT Header CurrentLba = 1 BackupLba 1953525167
GPT Header FirstUsableLba 34 LastUsableLba 1953525134
GPT Header Guid 2865e59e-9c04-49e6-8b4f-4afd9268be
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 1107605342
Backup GPT header CurrentLba = 1953525167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134
Backup GPT header Guid 2865e59e-9c04-49e6-8b4f-4afd9268be
Backup GPT header Contains 128 partition entries starting at LBA 1953525135
Backup GPT header Partition entry size = 128
Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 6d2a8e31-96bb-444c-837c-1af0fd2114bf
FirstLBA 2048 Last LBA 534527
Attributes 0
Partition Name EFI system partition
GPT Partition 0 is bootable
Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID b0c52987-21e-48d0-bc1c-933ded4ee4b7
FirstLBA 534528 Last LBA 567295
Attributes 0
Partition Name Microsoft reserved partition
Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID ab1ea37b-9ccc-4a95-b522-301ab7e9ee35
FirstLBA 567296 Last LBA 1951885311
Attributes 0
Partition Name Basic data partition
Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID e3bf51ee-d6b5-4e08-a25d-294613a75037
FirstLBA 1951885312 Last LBA 1953523711
Attributes 1
Partition Name Basic data partition
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\version.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_c0da534e38c01f4d\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\System32\sfc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wldp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptnet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\webio.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.FILEEXPLORER.COMMON.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cldapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fltLib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TEXTINPUTFRAMEWORK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREUICOMPONENTS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORYPS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\SYSTEMAPPS\MICROSOFT.WINDOWS.STARTMENUEXPERIENCEHOST_CW5N1H2TXYEWY\STARTMENUEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\SYSTEMAPPS\MICROSOFT.WINDOWS.SEARCH_CW5N1H2TXYEWY\SEARCHAPP.EXE" is sparse (flags = 32768)
File "C:\Windows\HelpPane.exe" is sparse (flags = 32768)
File "C:\Windows\SYSTEMAPPS\MICROSOFTWINDOWS.CLIENT.CBS_CW5N1H2TXYEWY\InputApp\TEXTINPUTHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\APPLICATIONFRAMEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SYSTEMAPPS\SHELLEXPERIENCEHOST_CW5N1H2TXYEWY\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\oobe\USEROOBEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\TEXTSHAPING.DLL" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPRESOLVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCP47LANGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\slc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sppc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONECORECOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONECOREUAPCOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\cmd.exe" is sparse (flags = 32768)
File "C:\Windows\System32\cmdext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\alg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ufx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Acx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afunix.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\SECURITYHEALTHSERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bindflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PktMon.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\iorate.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthA2dp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HYPERVIDEO.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MICROSOFT.BLUETOOTH.LEGACY.LEENUMERATOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\portcfg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthMini.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bttflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cldflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\CREDENTIALENROLLMENTMANAGER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dam.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\FXSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\MICROSOFT.NET\FRAMEWORK64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HdAudio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidspi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pacer.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MbbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\modem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msquic.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\PERCEPTIONSIMULATION\PERCEPTIONSIMULATIONSERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ramdisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\SGRMBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\Spectrum.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcnfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcifs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)
File "C:\Windows\System32\OpenSSH\SSH-AGENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\SERVICING\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMUCSICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbvideo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\vds.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Vid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifimp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\NATURALAUTH.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AarSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DISPBROKER.DESKTOP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MICROSOFT.BLUETOOTH.USERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\appidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AUTOTIMESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GRAPHICSPERFSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\psmsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCASTDVRUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wevtsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AxInstSv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CAPTURESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CBDHSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BTAGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BTHAVCTPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\vac.dll" is sparse (flags = 32768)
File "C:\Windows\System32\das.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CAPABILITYACCESSMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CONSENTUXCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXGIPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICEACCESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.DEVICES.PICKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESFLOWBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MICROSOFT.GRAPHICS.DISPLAY.DISPLAYENHANCEMENTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\es.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sdrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\upnphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lltdsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\INSTALLSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wecsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\lpasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\LANGUAGEOVERLAYSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MIXEDREALITYRUNTIME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PRINTWORKFLOWSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PUSHTOINSTALL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mprdim.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RMapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SEMgrSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SHAREDREALITYSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiaservc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TabSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\termsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tapisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TOKENBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MITIGATIONCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSUDK.SHELLCOMMON.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umrdp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usosvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vaultsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WAASMEDICSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiarpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.MANAGEMENT.SERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPCDESKTOPMONSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\rundll32.exe" is sparse (flags = 32768)
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
System is currently in a safe mode
Account is Administrative
Internet Explorer version: 11.789.19041.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.712000 GHz
Memory total: 8465854464, free: 6592884736
=======================================Hola!! Hice los pasos en el orden que me dijiste, pero los subí al revés. Ahora puedo ver todos mis archivos perdidos, incluso esos que había borrado.
Saludos