Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.DNSChanger on fresh installation


  • This topic is locked This topic is locked
17 replies to this topic

#1 Nikopol555

Nikopol555

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 28 January 2015 - 06:36 PM

Pretty much my situation is identical to the one found in this topic: http://www.bleepingcomputer.com/forums/t/563436/trojandnschanger-malwarebytes-detects-it-even-after-os-reinstallation/

After installing Windows on a recently formatted hard-drive i must've opened something i shouldn't have and now Malwarebytes finds an infection but is unable to remove it. I saw that the Topic Starter of that thread managed to resolve the issue at the end but i'm unable to follow the huge conversation since English isn't my native lenguage nor i am very skilled with computers and those walls of text really confuse me.

Can someone help me resolve the same infection explaining step by step? It would be much appreciated.



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:45 AM

Posted 29 January 2015 - 08:50 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Nikopol555

Nikopol555
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 29 January 2015 - 09:17 AM

Results from FRST scan (FRST.txt):

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Nicola (administrator) on NICOLA-PC on 29-01-2015 15:11:18
Running from C:\Users\Nicola\Downloads
Loaded Profiles: Nicola (Available profiles: Nicola)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.233\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.17\deploy\LoLPatcher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.17\deploy\LoLPatcherUx.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.17\deploy\LoLPatcherUx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-28] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-4048785765-2181376722-290186957-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4048785765-2181376722-290186957-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/it-it/?ocid=iehp
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{9489338E-5522-46EB-9E94-B03E83F9E249}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-28]

Chrome: 
=======
CHR HomePage: Default -> hxxp://google.it/
CHR StartupUrls: Default -> "hxxp://google.it/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-28]
CHR Extension: (YouTube) - C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-28]
CHR Extension: (Google Search) - C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-28]
CHR Extension: (LoL Stream Browser) - C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\edidfaijmhpefkbnobdcepampbncgejp [2015-01-28]
CHR Extension: (AdBlock) - C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-28]
CHR Extension: (Avast Online Security) - C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-28]
CHR Extension: (Google Wallet) - C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-28]
CHR Extension: (Gmail) - C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-28] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-28] (Avast Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-28] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-28] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 15:11 - 2015-01-29 15:11 - 00009334 _____ () C:\Users\Nicola\Downloads\FRST.txt
2015-01-29 15:10 - 2015-01-29 15:11 - 00000000 ____D () C:\FRST
2015-01-29 15:09 - 2015-01-29 15:10 - 02130432 _____ (Farbar) C:\Users\Nicola\Downloads\FRST64.exe
2015-01-29 02:04 - 2015-01-28 17:15 - 00000000 ____D () C:\Windows\Panther
2015-01-29 01:18 - 2015-01-29 01:19 - 00000197 _____ () C:\Windows\system32\2015-01-29-00-18-54.009-AvastVBoxSVC.exe-2372.log
2015-01-29 01:06 - 2015-01-29 01:06 - 00000000 ____D () C:\ProgramData\Riot Games
2015-01-29 01:03 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-01-29 01:03 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-01-29 01:03 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-01-29 01:03 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-01-29 01:03 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-01-29 01:02 - 2015-01-29 01:02 - 00000000 ____D () C:\Riot Games
2015-01-29 01:02 - 2015-01-29 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-01-29 00:57 - 2015-01-29 01:03 - 00000000 ____D () C:\Users\Nicola\AppData\Roaming\Riot Games
2015-01-29 00:55 - 2015-01-29 00:56 - 30668968 _____ (Riot Games) C:\Users\Nicola\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe
2015-01-28 23:37 - 2015-01-29 00:56 - 00000014 _____ () C:\Users\Nicola\Desktop\New Text Document.txt
2015-01-28 23:37 - 2015-01-28 23:37 - 00000197 _____ () C:\Windows\system32\2015-01-28-22-37-47.099-AvastVBoxSVC.exe-2128.log
2015-01-28 23:36 - 2015-01-28 23:36 - 00000000 ____D () C:\Users\Nicola\AppData\Roaming\Adobe
2015-01-28 23:01 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2015-01-28 22:57 - 2015-01-28 22:57 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-01-28 22:57 - 2015-01-28 22:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-28 22:57 - 2015-01-28 22:57 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-28 22:57 - 2015-01-28 22:57 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-01-28 22:57 - 2015-01-28 22:57 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-01-28 22:57 - 2015-01-28 22:57 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-28 22:57 - 2015-01-28 22:57 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-01-28 22:57 - 2015-01-28 22:57 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-01-28 22:57 - 2015-01-28 22:57 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-01-28 22:57 - 2015-01-28 22:57 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-01-28 22:57 - 2015-01-28 22:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-01-28 22:57 - 2015-01-28 22:57 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-01-28 22:57 - 2015-01-28 22:57 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-28 22:57 - 2015-01-28 22:57 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-01-28 22:57 - 2015-01-28 22:57 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-01-28 22:57 - 2015-01-28 22:57 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-28 22:57 - 2015-01-28 22:57 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-01-28 22:57 - 2015-01-28 22:57 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-01-28 22:57 - 2015-01-28 22:57 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-01-28 22:57 - 2015-01-28 22:57 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-01-28 22:57 - 2015-01-28 22:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-01-28 22:57 - 2015-01-28 22:57 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-01-28 22:57 - 2015-01-28 22:57 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-01-28 22:57 - 2015-01-28 22:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-01-28 22:57 - 2015-01-28 22:57 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-01-28 22:57 - 2015-01-28 22:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-01-28 22:57 - 2015-01-28 22:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-01-28 22:57 - 2015-01-28 22:57 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-01-28 22:57 - 2015-01-28 22:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-01-28 22:55 - 2015-01-28 22:55 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-01-28 22:55 - 2015-01-28 22:55 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-01-28 22:55 - 2015-01-28 22:55 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-01-28 22:55 - 2015-01-28 22:55 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-01-28 22:55 - 2015-01-28 22:55 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-01-28 22:55 - 2015-01-28 22:55 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-01-28 22:54 - 2015-01-28 22:54 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2015-01-28 22:54 - 2015-01-28 22:54 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-01-28 22:49 - 2015-01-28 22:49 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-01-28 22:47 - 2015-01-28 22:47 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-01-28 22:47 - 2015-01-28 22:47 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2015-01-28 22:46 - 2015-01-28 23:01 - 00013830 _____ () C:\Windows\IE11_main.log
2015-01-28 22:03 - 2012-03-01 07:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2015-01-28 22:03 - 2012-03-01 07:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2015-01-28 22:03 - 2012-03-01 06:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2015-01-28 21:56 - 2015-01-28 21:59 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-28 21:56 - 2014-12-31 13:12 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-28 21:54 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-01-28 21:54 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-01-28 21:54 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-01-28 21:54 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-01-28 21:54 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-01-28 21:54 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-01-28 21:54 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-01-28 21:54 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-01-28 21:12 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-28 21:12 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-01-28 21:12 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-01-28 21:12 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-01-28 21:12 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-01-28 21:12 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-01-28 21:12 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-28 21:12 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-01-28 21:12 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-01-28 21:12 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-01-28 21:12 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-01-28 21:12 - 2013-02-15 07:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-01-28 21:12 - 2013-02-15 07:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-01-28 21:12 - 2013-02-15 04:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-01-28 21:12 - 2012-04-26 06:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2015-01-28 21:12 - 2012-04-26 06:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2015-01-28 21:07 - 2014-03-04 10:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-01-28 21:07 - 2014-03-04 10:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-01-28 21:07 - 2014-03-04 10:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-01-28 21:07 - 2014-03-04 10:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-01-28 21:07 - 2014-03-04 10:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-01-28 21:07 - 2014-03-04 10:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-01-28 21:07 - 2014-03-04 10:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-01-28 21:07 - 2014-03-04 10:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-01-28 21:07 - 2014-03-04 10:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2015-01-28 21:07 - 2014-03-04 10:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2015-01-28 21:07 - 2014-03-04 10:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2015-01-28 21:07 - 2014-03-04 10:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2015-01-28 21:07 - 2014-03-04 10:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2015-01-28 21:07 - 2014-03-04 10:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2015-01-28 21:07 - 2014-03-04 10:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2015-01-28 21:07 - 2014-03-04 10:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-01-28 20:59 - 2013-05-13 06:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2015-01-28 20:59 - 2013-05-13 04:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2015-01-28 20:59 - 2013-05-13 04:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2015-01-28 20:59 - 2013-05-13 04:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2015-01-28 20:57 - 2011-11-17 07:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2015-01-28 20:57 - 2011-11-17 06:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2015-01-28 20:56 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-01-28 20:56 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-01-28 20:56 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-01-28 20:56 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-01-28 20:56 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-01-28 20:56 - 2014-05-30 07:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-01-28 20:55 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-01-28 20:55 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-01-28 20:55 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-01-28 20:55 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-01-28 20:55 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-01-28 20:55 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-01-28 20:55 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-01-28 20:54 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-28 20:54 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-28 20:54 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-28 20:54 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-28 20:54 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-28 20:54 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-28 20:54 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-28 20:54 - 2013-08-02 03:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-01-28 20:54 - 2013-08-02 03:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-01-28 20:54 - 2013-08-02 02:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-01-28 20:54 - 2013-08-02 01:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-01-28 20:53 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-01-28 20:53 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-01-28 20:53 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-01-28 20:53 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-01-28 20:53 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-01-28 20:53 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-01-28 20:53 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-01-28 20:53 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-01-28 20:53 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-01-28 20:53 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-01-28 20:53 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-01-28 20:53 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-01-28 20:53 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-01-28 20:53 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-01-28 20:53 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-01-28 20:53 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-01-28 20:53 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-01-28 20:53 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-01-28 20:53 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-01-28 20:53 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-01-28 20:53 - 2014-04-12 03:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-01-28 20:53 - 2014-04-12 03:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-01-28 20:53 - 2014-04-12 03:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-01-28 20:53 - 2014-04-12 03:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-01-28 20:53 - 2014-04-12 03:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-01-28 20:52 - 2014-06-18 03:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-01-28 20:52 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-01-28 20:52 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2015-01-28 20:52 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-01-28 20:52 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2015-01-28 20:52 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2015-01-28 20:52 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2015-01-28 20:52 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2015-01-28 20:52 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2015-01-28 20:52 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2015-01-28 20:52 - 2013-07-09 06:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-01-28 20:52 - 2013-07-09 05:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-01-28 20:52 - 2012-05-14 06:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-01-28 20:51 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-28 20:51 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-28 20:51 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-28 20:51 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-28 20:51 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-28 20:51 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-28 20:51 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2015-01-28 20:51 - 2013-07-12 11:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2015-01-28 20:51 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-01-28 20:51 - 2013-02-12 05:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-01-28 20:51 - 2012-11-28 23:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2015-01-28 20:51 - 2012-11-28 23:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2015-01-28 20:51 - 2012-11-28 23:56 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2015-01-28 20:51 - 2012-11-23 04:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2015-01-28 20:51 - 2012-09-25 23:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2015-01-28 20:51 - 2012-09-25 23:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2015-01-28 20:51 - 2012-07-04 23:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2015-01-28 20:51 - 2012-07-04 23:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2015-01-28 20:51 - 2012-07-04 23:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2015-01-28 20:51 - 2012-07-04 22:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2015-01-28 20:51 - 2012-07-04 22:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2015-01-28 20:51 - 2011-07-09 03:46 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-01-28 20:51 - 2011-04-27 03:40 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-01-28 20:51 - 2011-04-27 03:39 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-01-28 20:50 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-28 20:50 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-28 20:50 - 2014-06-03 11:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-01-28 20:50 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-01-28 20:50 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-01-28 20:50 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-01-28 20:50 - 2014-06-03 10:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-01-28 20:50 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-01-28 20:50 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-01-28 20:50 - 2013-02-27 06:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-01-28 20:50 - 2012-03-17 08:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2015-01-28 20:50 - 2011-06-15 11:02 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2015-01-28 20:50 - 2011-06-15 11:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2015-01-28 20:50 - 2011-06-15 11:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2015-01-28 20:50 - 2011-06-15 11:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2015-01-28 20:50 - 2011-06-15 09:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2015-01-28 20:50 - 2011-06-15 09:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2015-01-28 20:50 - 2011-06-15 09:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2015-01-28 20:50 - 2011-06-15 09:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2015-01-28 20:50 - 2011-06-15 09:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2015-01-28 20:49 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-01-28 20:49 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-01-28 20:49 - 2014-03-26 15:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-01-28 20:49 - 2014-03-26 15:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-01-28 20:49 - 2014-03-26 15:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-01-28 20:49 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-01-28 20:49 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-01-28 20:49 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-01-28 20:49 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-01-28 20:49 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-01-28 20:49 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2015-01-28 20:49 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2015-01-28 20:49 - 2011-04-29 04:06 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-01-28 20:49 - 2011-04-29 04:05 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2015-01-28 20:49 - 2011-04-29 04:05 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-01-28 20:48 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-28 20:48 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-28 20:48 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-01-28 20:48 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-01-28 20:48 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2015-01-28 20:48 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2015-01-28 20:48 - 2013-07-09 06:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-01-28 20:48 - 2013-07-09 06:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-01-28 20:48 - 2013-07-09 05:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-01-28 20:48 - 2013-07-09 05:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-01-28 20:48 - 2011-12-16 09:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2015-01-28 20:48 - 2011-12-16 08:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2015-01-28 20:47 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-01-28 20:47 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-01-28 20:47 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-01-28 20:47 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-01-28 20:46 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-01-28 20:46 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-01-28 20:46 - 2012-02-17 07:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2015-01-28 20:46 - 2012-02-17 06:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2015-01-28 20:46 - 2012-02-17 05:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2015-01-28 20:45 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-01-28 20:45 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-01-28 20:45 - 2013-07-26 03:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2015-01-28 20:45 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2015-01-28 20:45 - 2011-08-27 06:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2015-01-28 20:45 - 2011-08-27 05:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2015-01-28 20:45 - 2011-05-24 12:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2015-01-28 20:45 - 2011-05-24 11:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2015-01-28 20:45 - 2011-05-24 11:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2015-01-28 20:45 - 2011-05-24 11:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2015-01-28 20:45 - 2011-05-24 11:37 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2015-01-28 20:44 - 2014-08-23 03:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-01-28 20:44 - 2014-08-23 02:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-01-28 20:44 - 2014-04-25 03:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-01-28 20:44 - 2014-04-25 03:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-01-28 20:44 - 2014-04-05 03:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-01-28 20:44 - 2014-04-05 03:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-01-28 20:44 - 2014-03-04 10:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-01-28 20:44 - 2014-03-04 10:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-01-28 20:44 - 2014-03-04 10:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-01-28 20:44 - 2014-03-04 10:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-01-28 20:44 - 2014-03-04 10:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-01-28 20:44 - 2014-03-04 10:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-01-28 20:44 - 2014-03-04 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-01-28 20:44 - 2014-03-04 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-01-28 20:44 - 2014-03-04 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-01-28 20:44 - 2014-03-04 09:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-01-28 20:44 - 2014-03-04 09:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-01-28 20:44 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-01-28 20:44 - 2013-08-02 03:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 02:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-01-28 20:44 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-01-28 20:44 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-01-28 20:44 - 2013-07-25 10:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-01-28 20:44 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2015-01-28 20:44 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-01-28 20:44 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-01-28 20:44 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-01-28 20:44 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-01-28 20:44 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-01-28 20:44 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-01-28 20:44 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-01-28 20:44 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-01-28 20:44 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-01-28 20:44 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-01-28 20:44 - 2011-10-26 06:25 - 01572864 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-01-28 20:44 - 2011-10-26 06:25 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-01-28 20:44 - 2011-10-26 05:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-01-28 20:44 - 2011-10-26 05:32 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-01-28 20:44 - 2011-03-11 07:34 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-01-28 20:44 - 2011-03-11 07:34 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-01-28 20:44 - 2011-03-11 06:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-01-28 20:44 - 2010-12-23 11:42 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2015-01-28 20:44 - 2010-12-23 11:42 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2015-01-28 20:44 - 2010-12-23 11:36 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2015-01-28 20:44 - 2010-12-23 06:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2015-01-28 20:44 - 2010-12-23 06:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2015-01-28 20:44 - 2010-12-23 06:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2015-01-28 20:43 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-28 20:43 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-28 20:43 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-28 20:43 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-01-28 20:43 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-01-28 20:43 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-01-28 20:43 - 2014-06-06 11:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-01-28 20:43 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-01-28 20:43 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-01-28 20:43 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-01-28 20:43 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2015-01-28 20:43 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-01-28 20:43 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-01-28 20:43 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2015-01-28 20:43 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2015-01-28 20:43 - 2013-04-12 15:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-01-28 20:43 - 2013-04-10 07:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-01-28 20:43 - 2012-10-03 18:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-28 20:43 - 2012-10-03 18:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-28 20:43 - 2011-03-11 06:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-01-28 20:43 - 2011-03-03 07:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-01-28 20:43 - 2011-03-03 07:24 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2015-01-28 20:43 - 2011-03-03 07:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2015-01-28 20:43 - 2011-03-03 06:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-01-28 20:43 - 2011-03-03 06:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2015-01-28 20:43 - 2011-02-03 12:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-01-28 20:42 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-28 20:42 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-01-28 20:42 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-01-28 20:42 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-01-28 20:42 - 2014-03-25 03:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-01-28 20:42 - 2014-03-25 03:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-01-28 20:42 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-28 20:42 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-28 20:42 - 2013-04-26 06:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-01-28 20:42 - 2013-04-26 05:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2015-01-28 20:42 - 2012-11-02 06:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2015-01-28 20:42 - 2012-11-02 06:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2015-01-28 20:42 - 2012-06-06 07:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2015-01-28 20:42 - 2012-06-06 06:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2015-01-28 20:42 - 2011-08-17 06:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2015-01-28 20:42 - 2011-08-17 06:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2015-01-28 20:42 - 2011-08-17 05:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2015-01-28 20:42 - 2011-08-17 05:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2015-01-28 20:42 - 2011-05-03 06:29 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-01-28 20:42 - 2011-05-03 05:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-01-28 20:42 - 2011-02-12 12:34 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2015-01-28 20:42 - 2011-02-05 18:10 - 00642944 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-01-28 20:42 - 2011-02-05 18:10 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2015-01-28 20:42 - 2011-02-05 18:10 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2015-01-28 20:42 - 2011-02-05 18:10 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
2015-01-28 20:42 - 2011-02-05 18:06 - 00605552 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-01-28 20:42 - 2011-02-05 18:06 - 00566208 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-01-28 20:42 - 2011-02-05 18:06 - 00518672 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-01-28 20:40 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-01-28 20:40 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-01-28 20:40 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-01-28 20:40 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-01-28 20:40 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-01-28 20:40 - 2011-10-15 07:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2015-01-28 20:40 - 2011-10-15 06:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2015-01-28 20:40 - 2011-04-09 07:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-01-28 20:40 - 2011-04-09 06:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-01-28 20:40 - 2011-02-23 05:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2015-01-28 20:18 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-28 20:18 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-28 20:18 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-01-28 20:18 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-28 20:18 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-01-28 20:18 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-01-28 20:18 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-01-28 20:18 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-28 20:18 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-28 20:18 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-01-28 20:17 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-28 20:17 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-01-28 20:17 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-28 20:17 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-01-28 19:34 - 2015-01-28 19:34 - 00000197 _____ () C:\Windows\system32\2015-01-28-18-34-19.074-AvastVBoxSVC.exe-2816.log
2015-01-28 19:31 - 2015-01-28 19:31 - 00000000 ____D () C:\Users\Nicola\AppData\Roaming\ATI
2015-01-28 19:31 - 2015-01-28 19:31 - 00000000 ____D () C:\Users\Nicola\AppData\Local\ATI
2015-01-28 19:31 - 2015-01-28 19:31 - 00000000 ____D () C:\ProgramData\ATI
2015-01-28 19:31 - 2015-01-28 19:31 - 00000000 _____ () C:\Windows\ativpsrm.bin
2015-01-28 19:22 - 2015-01-28 19:22 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201501281922138149.log
2015-01-28 19:22 - 2015-01-28 19:22 - 00000000 ____D () C:\ProgramData\AMD
2015-01-28 19:22 - 2015-01-28 19:22 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-01-28 19:21 - 2015-01-28 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-01-28 19:21 - 2015-01-28 19:21 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-01-28 19:20 - 2015-01-28 19:20 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2015-01-28 19:17 - 2015-01-28 23:17 - 00765280 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-28 19:15 - 2015-01-28 19:19 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-28 19:14 - 2015-01-28 19:20 - 00000000 ____D () C:\Program Files\AMD
2015-01-28 19:13 - 2015-01-28 19:13 - 00000000 ____D () C:\AMD
2015-01-28 19:08 - 2015-01-28 19:11 - 00000000 ____D () C:\Users\Nicola\Documents\Download
2015-01-28 19:07 - 2015-01-28 19:08 - 00000000 ____D () C:\Users\Nicola\AppData\Roaming\qBittorrent
2015-01-28 19:07 - 2015-01-28 19:07 - 00000000 ____D () C:\Users\Nicola\AppData\Local\qBittorrent
2015-01-28 19:04 - 2015-01-28 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2015-01-28 19:04 - 2015-01-28 19:04 - 00000000 ____D () C:\Program Files (x86)\qBittorrent
2015-01-28 18:56 - 2015-01-29 01:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-28 18:56 - 2015-01-28 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-28 18:51 - 2015-01-28 18:54 - 10876097 _____ (The qBittorrent project) C:\Users\Nicola\Downloads\qbittorrent_3.1.11_setup.exe
2015-01-28 18:44 - 2015-01-28 18:45 - 01142128 _____ () C:\Users\Nicola\Downloads\SteamSetup.exe
2015-01-28 18:26 - 2015-01-28 18:26 - 05451464 _____ (Advanced Micro Devices, Inc.) C:\Users\Nicola\Downloads\autodetectutility.exe
2015-01-28 18:24 - 2015-01-28 18:25 - 00000000 ____D () C:\Users\Nicola\AppData\Roaming\Dropbox
2015-01-28 18:23 - 2015-01-28 18:23 - 00000000 ____D () C:\Users\Nicola\AppData\Roaming\AVAST Software
2015-01-28 18:01 - 2015-01-28 18:01 - 00000247 _____ () C:\Windows\system32\2015-01-28-17-01-10.027-aswFe.exe-3340.log
2015-01-28 17:58 - 2015-01-28 18:01 - 00000247 _____ () C:\Windows\system32\2015-01-28-16-58-43.069-aswFe.exe-4040.log
2015-01-28 17:58 - 2015-01-28 17:58 - 00000197 _____ () C:\Windows\system32\2015-01-28-16-58-41.077-AvastVBoxSVC.exe-4920.log
2015-01-28 17:57 - 2015-01-28 17:57 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-01-28 17:57 - 2015-01-28 17:57 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-28 17:57 - 2015-01-28 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-28 17:56 - 2015-01-28 18:23 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-28 17:56 - 2015-01-28 17:57 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-28 17:56 - 2015-01-28 17:57 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-01-28 17:56 - 2015-01-28 17:56 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-01-28 17:56 - 2015-01-28 17:56 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-28 17:56 - 2015-01-28 17:56 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-28 17:56 - 2015-01-28 17:56 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-28 17:56 - 2015-01-28 17:56 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-28 17:56 - 2015-01-28 17:56 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-28 17:56 - 2015-01-28 17:56 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-28 17:56 - 2015-01-28 17:56 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-28 17:41 - 2015-01-28 17:41 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-28 17:40 - 2015-01-28 17:41 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-28 17:39 - 2015-01-28 17:40 - 05006864 _____ (AVAST Software) C:\Users\Nicola\Downloads\avast_free_antivirus_setup_online.exe
2015-01-28 17:34 - 2015-01-28 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-28 17:28 - 2015-01-29 14:33 - 00001150 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-28 17:28 - 2015-01-29 01:16 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-28 17:28 - 2015-01-28 17:34 - 00000000 ____D () C:\Users\Nicola\AppData\Local\Google
2015-01-28 17:28 - 2015-01-28 17:34 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-28 17:28 - 2015-01-28 17:28 - 00057560 _____ () C:\Users\Nicola\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-28 17:28 - 2015-01-28 17:28 - 00004146 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-28 17:28 - 2015-01-28 17:28 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-28 17:28 - 2015-01-28 17:28 - 00000000 ____D () C:\Users\Nicola\AppData\Local\Deployment
2015-01-28 17:28 - 2015-01-28 17:28 - 00000000 ____D () C:\Users\Nicola\AppData\Local\Apps\2.0
2015-01-28 17:27 - 2015-01-29 12:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-28 17:27 - 2015-01-28 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-28 17:27 - 2015-01-28 17:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-28 17:27 - 2015-01-28 17:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-28 17:27 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-28 17:27 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-28 17:27 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-28 17:18 - 2015-01-28 17:18 - 00000000 ____D () C:\Users\Nicola\AppData\Local\Downloaded Installations
2015-01-28 17:18 - 2015-01-28 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broadcom
2015-01-28 17:18 - 2015-01-28 17:18 - 00000000 ____D () C:\Program Files\Broadcom
2015-01-28 17:17 - 2015-01-28 17:17 - 00000000 ____D () C:\dell
2015-01-28 17:16 - 2015-01-29 01:19 - 01985483 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 17:16 - 2015-01-28 23:36 - 00001413 _____ () C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-28 17:15 - 2015-01-28 17:15 - 00000020 ___SH () C:\Users\Nicola\ntuser.ini
2015-01-28 17:15 - 2015-01-28 17:15 - 00000000 __SHD () C:\Recovery
2015-01-28 17:15 - 2015-01-28 17:15 - 00000000 ____D () C:\Users\Nicola\AppData\Local\VirtualStore
2015-01-28 17:15 - 2015-01-28 17:15 - 00000000 ____D () C:\Users\Nicola
2015-01-28 17:15 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-28 17:15 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-28 17:07 - 2015-01-28 17:07 - 00001355 _____ () C:\Windows\TSSysprep.log
2015-01-28 17:07 - 2015-01-28 17:07 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-01-28 17:07 - 2015-01-28 17:07 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-01-28 17:05 - 2015-01-28 17:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 03:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-29 02:04 - 2009-07-14 06:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-01-29 02:04 - 2009-07-14 06:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-01-29 01:23 - 2009-07-14 05:45 - 00031728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-29 01:23 - 2009-07-14 05:45 - 00031728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-29 01:21 - 2009-07-14 06:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-29 01:16 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-29 01:15 - 2009-07-14 05:51 - 00025893 _____ () C:\Windows\setupact.log
2015-01-28 23:29 - 2009-07-14 05:45 - 00266400 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-28 23:26 - 2011-04-12 09:28 - 00000000 ____D () C:\Program Files\Windows Journal
2015-01-28 23:26 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-01-28 23:26 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-01-28 23:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2015-01-28 23:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2015-01-28 23:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-01-28 23:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-01-28 23:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-28 23:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-28 19:30 - 2010-11-21 04:47 - 00005614 _____ () C:\Windows\PFRO.log
2015-01-28 17:20 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-28 17:18 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\restore
2015-01-28 17:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Recovery
2015-01-28 17:07 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-28 17:07 - 2009-07-14 05:46 - 00002790 _____ () C:\Windows\DtcInstall.log
2015-01-28 17:07 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-28 17:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sysprep
2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Nicola\AppData\Local\Temp\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe
C:\Users\Nicola\AppData\Local\Temp\AutoDetectUtilApp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-29 03:33

==================== End Of Log ============================

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by Nicola at 2015-01-29 15:11:45
Running from C:\Users\Nicola\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{5569655A-9653-42CD-A599-5617DF767D2A}) (Version: 12.37.01 - Broadcom Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
qBittorrent 3.1.11 (HKLM-x32\...\qBittorrent) (Version: 3.1.11 - The qBittorrent project)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

28-01-2015 17:18:13 Installed Broadcom NetXtreme-I Netlink Driver and Management Installer.
28-01-2015 17:41:49 avast! antivirus system restore point
28-01-2015 19:15:17 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
28-01-2015 19:19:24 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
28-01-2015 20:17:33 Windows Update
28-01-2015 21:53:37 Windows Update
29-01-2015 00:58:04 Installed Microsoft Visual C++ 2005 Redistributable (x64)
29-01-2015 01:00:24 Installed Microsoft Visual C++ 2005 Redistributable
29-01-2015 01:01:49 Installed League of Legends
29-01-2015 01:03:07 Installed DirectX

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {79064269-A3BA-48C7-BA43-0DD55D1204F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-28] (Google Inc.)
Task: {C29B4036-FC9A-47FC-B38D-1832FCA7352E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-28] (AVAST Software)
Task: {E8BDD0F4-7224-4439-BEC3-69DFAF245D09} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-28] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2015-01-28 17:56 - 2015-01-28 17:56 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2015-01-28 17:56 - 2015-01-28 17:56 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-01-21 16:54 - 2015-01-29 01:03 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2015-01-29 01:03 - 2015-01-29 01:03 - 02445816 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.233\deploy\LoLLauncher.exe
2015-01-29 01:06 - 2015-01-29 01:06 - 04233720 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.17\deploy\LoLPatcher.exe
2015-01-29 01:06 - 2015-01-29 01:06 - 03299832 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.17\deploy\LoLPatcherUx.exe
2015-01-28 17:56 - 2015-01-28 17:56 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012800\algo.dll
2015-01-28 17:56 - 2015-01-28 17:56 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-01-29 13:16 - 2015-01-29 13:16 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012900\algo.dll
2015-01-28 19:29 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-01-28 19:29 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-01-28 19:29 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-01-28 19:29 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-01-28 19:29 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-28 19:29 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-28 19:29 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-28 19:29 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-01-28 19:29 - 2015-01-23 23:34 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2015-01-28 19:29 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-01-28 19:29 - 2015-01-23 23:33 - 00696512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-01-28 17:56 - 2015-01-28 17:56 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-28 19:29 - 2015-01-16 00:42 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-01-28 19:29 - 2015-01-16 00:42 - 01709960 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2015-01-29 01:06 - 2015-01-29 01:06 - 01618424 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.17\deploy\RiotLauncher.dll
2015-01-29 01:06 - 2015-01-29 01:06 - 43374072 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.17\deploy\libcef.dll
2015-01-29 01:06 - 2015-01-29 01:06 - 01571832 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.17\deploy\icui18n.dll
2015-01-29 01:06 - 2015-01-29 01:06 - 01253880 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.17\deploy\icuuc.dll
2015-01-29 01:06 - 2015-01-29 01:06 - 05088760 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.17\deploy\v8.dll
2015-01-29 01:06 - 2015-01-29 01:06 - 01712120 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.17\deploy\RiotRadsIO.dll
2015-01-29 01:06 - 2015-01-29 01:06 - 01056248 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.17\deploy\ffmpegsumo.dll
2015-01-28 17:34 - 2015-01-25 22:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
2015-01-28 17:34 - 2015-01-25 22:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
2015-01-28 17:34 - 2015-01-25 22:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-4048785765-2181376722-290186957-500 - Administrator - Disabled)
Guest (S-1-5-21-4048785765-2181376722-290186957-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4048785765-2181376722-290186957-1002 - Limited - Enabled)
Nicola (S-1-5-21-4048785765-2181376722-290186957-1000 - Administrator - Enabled) => C:\Users\Nicola

==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/29/2015 01:16:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2015 11:35:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2015 11:34:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Web.Mobile, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (01/28/2015 11:34:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Web.Services, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (01/28/2015 11:34:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Transactions, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=amd64" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (01/28/2015 11:34:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "Microsoft.VisualBasic, Version=8.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (01/28/2015 11:34:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.EnterpriseServices, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=amd64" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (01/28/2015 11:34:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Configuration, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (01/28/2015 11:34:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.ServiceProcess, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (01/28/2015 11:34:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Deployment, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.


System errors:
=============
Error: (01/28/2015 11:34:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%16405

Error: (01/28/2015 11:28:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! Antivirus service failed to start due to the following error: 
%%1053

Error: (01/28/2015 11:28:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the avast! Antivirus service to connect.

Error: (01/28/2015 11:28:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/28/2015 11:28:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (01/28/2015 11:28:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/28/2015 11:28:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The avast! Antivirus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (01/28/2015 11:28:15 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.

Error: (01/28/2015 07:30:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053

Error: (01/28/2015 07:30:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.


Microsoft Office Sessions:
=========================
Error: (01/29/2015 01:16:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2015 11:35:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2015 11:34:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Web.Mobile, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (01/28/2015 11:34:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Web.Services, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (01/28/2015 11:34:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Transactions, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=amd64" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (01/28/2015 11:34:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "Microsoft.VisualBasic, Version=8.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (01/28/2015 11:34:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.EnterpriseServices, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=amd64" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (01/28/2015 11:34:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Configuration, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (01/28/2015 11:34:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.ServiceProcess, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (01/28/2015 11:34:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Deployment, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 40%
Total physical RAM: 6103.08 MB
Available physical RAM: 3614.19 MB
Total Pagefile: 12204.34 MB
Available Pagefile: 9241.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:883.35 GB) NTFS
Drive d: (DBAN) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 096AFE51)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================


#4 Nikopol555

Nikopol555
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 29 January 2015 - 09:27 AM

Results from GMER scan:

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-01-29 15:23:09
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.05.0 931,51GB
Running: zy5rfi2g.exe; Driver: C:\Users\Nicola\AppData\Local\Temp\pwdiqpog.sys

---- Processes - GMER 2.1 ----

Library  C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\86f9013f188f327c84886c3bdc6e7954\mscorlib.ni.dll (*** suspicious ***) @ C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe [2256]  000007fef1af0000
Library  C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\86f9013f188f327c84886c3bdc6e7954\mscorlib.ni.dll (*** suspicious ***) @ C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe [3512]  000007fef1af0000

---- EOF - GMER 2.1 ----


TDSSKiller scan results:

15:24:58.0941 0x1198  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
15:25:04.0860 0x1198  ============================================================
15:25:04.0860 0x1198  Current date / time: 2015/01/29 15:25:04.0860
15:25:04.0860 0x1198  SystemInfo:
15:25:04.0860 0x1198  
15:25:04.0860 0x1198  OS Version: 6.1.7601 ServicePack: 1.0
15:25:04.0860 0x1198  Product type: Workstation
15:25:04.0860 0x1198  ComputerName: NICOLA-PC
15:25:04.0860 0x1198  UserName: Nicola
15:25:04.0860 0x1198  Windows directory: C:\Windows
15:25:04.0860 0x1198  System windows directory: C:\Windows
15:25:04.0860 0x1198  Running under WOW64
15:25:04.0860 0x1198  Processor architecture: Intel x64
15:25:04.0860 0x1198  Number of processors: 8
15:25:04.0860 0x1198  Page size: 0x1000
15:25:04.0860 0x1198  Boot type: Normal boot
15:25:04.0860 0x1198  ============================================================
15:25:06.0207 0x1198  KLMD registered as C:\Windows\system32\drivers\52202805.sys
15:25:06.0348 0x1198  System UUID: {CB2230A6-230A-C57A-3B56-866F95A7A3E2}
15:25:06.0660 0x1198  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:25:06.0675 0x1198  ============================================================
15:25:06.0675 0x1198  \Device\Harddisk0\DR0:
15:25:06.0675 0x1198  MBR partitions:
15:25:06.0675 0x1198  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:25:06.0675 0x1198  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
15:25:06.0675 0x1198  ============================================================
15:25:06.0691 0x1198  C: <-> \Device\Harddisk0\DR0\Partition2
15:25:06.0691 0x1198  ============================================================
15:25:06.0691 0x1198  Initialize success
15:25:06.0691 0x1198  ============================================================
15:25:18.0313 0x14c0  ============================================================
15:25:18.0313 0x14c0  Scan started
15:25:18.0313 0x14c0  Mode: Manual; 
15:25:18.0313 0x14c0  ============================================================
15:25:18.0313 0x14c0  KSN ping started
15:25:21.0069 0x14c0  KSN ping finished: true
15:25:21.0635 0x14c0  ================ Scan system memory ========================
15:25:21.0650 0x14c0  System memory - ok
15:25:21.0650 0x14c0  ================ Scan services =============================
15:25:21.0759 0x14c0  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
15:25:21.0759 0x14c0  1394ohci - ok
15:25:21.0775 0x14c0  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:25:21.0791 0x14c0  ACPI - ok
15:25:21.0806 0x14c0  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:25:21.0806 0x14c0  AcpiPmi - ok
15:25:21.0822 0x14c0  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:25:21.0822 0x14c0  adp94xx - ok
15:25:21.0837 0x14c0  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:25:21.0837 0x14c0  adpahci - ok
15:25:21.0853 0x14c0  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:25:21.0853 0x14c0  adpu320 - ok
15:25:21.0869 0x14c0  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:25:21.0869 0x14c0  AeLookupSvc - ok
15:25:21.0915 0x14c0  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
15:25:21.0915 0x14c0  AFD - ok
15:25:21.0931 0x14c0  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
15:25:21.0931 0x14c0  agp440 - ok
15:25:21.0931 0x14c0  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
15:25:21.0931 0x14c0  ALG - ok
15:25:21.0931 0x14c0  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:25:21.0931 0x14c0  aliide - ok
15:25:21.0962 0x14c0  [ 2998362D1E550F0C990D77E34415BEB6, 36BBC575DFE0CBD5BC4AF9AD8B54DCEF950E93AF48884D6523457071296514CC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:25:21.0962 0x14c0  AMD External Events Utility - ok
15:25:21.0962 0x14c0  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:25:21.0962 0x14c0  amdide - ok
15:25:21.0962 0x14c0  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:25:21.0962 0x14c0  AmdK8 - ok
15:25:22.0446 0x14c0  [ A87FC6E3670DB55788184FE3A3808712, 2366E7423B4EBC6E12F0C172246E4D2D3BDD702193FA6955A08180FFFCB217B9 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:25:22.0727 0x14c0  amdkmdag - ok
15:25:22.0789 0x14c0  [ 971F3B12C24BB83B48F8CCA2ED019906, E4757480DFF2678E3C7897F6E720EEFF76D452707FC87401B209FE533BFC3210 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:25:22.0805 0x14c0  amdkmdap - ok
15:25:22.0805 0x14c0  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
15:25:22.0805 0x14c0  AmdPPM - ok
15:25:22.0805 0x14c0  [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:25:22.0805 0x14c0  amdsata - ok
15:25:22.0820 0x14c0  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:25:22.0820 0x14c0  amdsbs - ok
15:25:22.0820 0x14c0  [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:25:22.0820 0x14c0  amdxata - ok
15:25:22.0851 0x14c0  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
15:25:22.0851 0x14c0  AppID - ok
15:25:22.0867 0x14c0  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:25:22.0867 0x14c0  AppIDSvc - ok
15:25:22.0898 0x14c0  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
15:25:22.0898 0x14c0  Appinfo - ok
15:25:22.0898 0x14c0  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
15:25:22.0898 0x14c0  arc - ok
15:25:22.0898 0x14c0  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:25:22.0898 0x14c0  arcsas - ok
15:25:22.0964 0x14c0  [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:25:22.0964 0x14c0  aspnet_state - ok
15:25:22.0995 0x14c0  [ 9BE9F2B83DE80E2752B1405CC427E2EC, 6015CA66553B3B882083B33F24FB338249A110D9769831C3D3D3C681AAFA9411 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
15:25:22.0995 0x14c0  aswHwid - ok
15:25:23.0010 0x14c0  [ DE13ACC4B3EA66B4FBED7CF322807C90, E62AC03B66E69C43BBF275C10A79D88A6CCD782A8257114335464400E57A5639 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
15:25:23.0010 0x14c0  aswMonFlt - ok
15:25:23.0026 0x14c0  [ 4750016EF9CC1DEC6DA3FE5AF9A7F095, C4CF46246D8A3FF9BD8D2FE899685654ADD45EB9B032F33804D0B8131882BC74 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
15:25:23.0026 0x14c0  aswRdr - ok
15:25:23.0042 0x14c0  [ 1323269A92645705DEFA053F3596829D, 83EC58E0577A1E45D1FCBC0C0AF182099FB70B9005B9F8161166EBB4E9F58F35 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
15:25:23.0042 0x14c0  aswRvrt - ok
15:25:23.0073 0x14c0  [ E74FD717476B30E23F45354B8F3ACB30, 951D1655E1FA4CF0ACB29F2EEDDB3B42522D392F46DD826C63DCA8941E17ABA8 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
15:25:23.0088 0x14c0  aswSnx - ok
15:25:23.0104 0x14c0  [ B1881A01E301990B671694CA1623F1B6, 5299C713EA7CF96F0550943DB37E963CDA09258F65C471CCEEAB44C4736B7A08 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
15:25:23.0120 0x14c0  aswSP - ok
15:25:23.0120 0x14c0  [ 7509F07BA6F84C1E3B2C0D78A1F6F782, A90A36E8E23F58E430DE98B3623688DC09D34B62906EF7796DFC90F581FC385F ] aswStm          C:\Windows\system32\drivers\aswStm.sys
15:25:23.0120 0x14c0  aswStm - ok
15:25:23.0135 0x14c0  [ 1A5BDDE65B648DC3AD48B6ECAA3AE9C8, 858F674C3B775F9C8C782B7AFAC0B02AE9410C9F3B7F5B3AE1C4AD3BF6448C14 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
15:25:23.0135 0x14c0  aswVmm - ok
15:25:23.0151 0x14c0  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:25:23.0151 0x14c0  AsyncMac - ok
15:25:23.0151 0x14c0  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:25:23.0151 0x14c0  atapi - ok
15:25:23.0182 0x14c0  [ 33497249626E7787AA5CEA99B226CCA6, EF6213B79F83334CD95E4A58A4FE64190AA3FEFF590E41C4BF302FC4A8F6D6D6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:25:23.0182 0x14c0  AtiHDAudioService - ok
15:25:23.0231 0x14c0  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:25:23.0246 0x14c0  AudioEndpointBuilder - ok
15:25:23.0262 0x14c0  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:25:23.0278 0x14c0  AudioSrv - ok
15:25:23.0324 0x14c0  [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:25:23.0340 0x14c0  avast! Antivirus - ok
15:25:23.0466 0x14c0  [ 4F4EBF6163D3A02D52A66BBD145B0069, 179B2FD2671F6BB8D3F77B39001F546A0DEBE85BFF9782060AF1DC50DFA071EF ] AvastVBoxSvc    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
15:25:23.0513 0x14c0  AvastVBoxSvc - ok
15:25:23.0544 0x14c0  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:25:23.0544 0x14c0  AxInstSV - ok
15:25:23.0559 0x14c0  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
15:25:23.0575 0x14c0  b06bdrv - ok
15:25:23.0591 0x14c0  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:25:23.0591 0x14c0  b57nd60a - ok
15:25:23.0606 0x14c0  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:25:23.0606 0x14c0  BDESVC - ok
15:25:23.0622 0x14c0  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:25:23.0622 0x14c0  Beep - ok
15:25:23.0653 0x14c0  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
15:25:23.0669 0x14c0  BFE - ok
15:25:23.0715 0x14c0  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
15:25:23.0731 0x14c0  BITS - ok
15:25:23.0747 0x14c0  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:25:23.0747 0x14c0  blbdrive - ok
15:25:23.0762 0x14c0  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:25:23.0762 0x14c0  bowser - ok
15:25:23.0778 0x14c0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:25:23.0778 0x14c0  BrFiltLo - ok
15:25:23.0778 0x14c0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:25:23.0778 0x14c0  BrFiltUp - ok
15:25:23.0809 0x14c0  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
15:25:23.0809 0x14c0  Browser - ok
15:25:23.0825 0x14c0  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:25:23.0825 0x14c0  Brserid - ok
15:25:23.0825 0x14c0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:25:23.0825 0x14c0  BrSerWdm - ok
15:25:23.0825 0x14c0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:25:23.0825 0x14c0  BrUsbMdm - ok
15:25:23.0825 0x14c0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:25:23.0840 0x14c0  BrUsbSer - ok
15:25:23.0840 0x14c0  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:25:23.0840 0x14c0  BTHMODEM - ok
15:25:23.0856 0x14c0  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
15:25:23.0856 0x14c0  bthserv - ok
15:25:23.0856 0x14c0  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:25:23.0856 0x14c0  cdfs - ok
15:25:23.0856 0x14c0  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:25:23.0871 0x14c0  cdrom - ok
15:25:23.0871 0x14c0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:25:23.0887 0x14c0  CertPropSvc - ok
15:25:23.0887 0x14c0  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
15:25:23.0887 0x14c0  circlass - ok
15:25:23.0903 0x14c0  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
15:25:23.0903 0x14c0  CLFS - ok
15:25:23.0965 0x14c0  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:25:23.0965 0x14c0  clr_optimization_v2.0.50727_32 - ok
15:25:24.0012 0x14c0  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:25:24.0012 0x14c0  clr_optimization_v2.0.50727_64 - ok
15:25:24.0043 0x14c0  [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:25:24.0043 0x14c0  clr_optimization_v4.0.30319_32 - ok
15:25:24.0059 0x14c0  [ 86329C35FF23CFEF0FB6C0023BA06BCE, D915CE7AD564F97A1C3B047D5248B7EF67ADDC59687FBC90F1776C21DAA0D3FD ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:25:24.0059 0x14c0  clr_optimization_v4.0.30319_64 - ok
15:25:24.0059 0x14c0  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
15:25:24.0074 0x14c0  CmBatt - ok
15:25:24.0074 0x14c0  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:25:24.0074 0x14c0  cmdide - ok
15:25:24.0105 0x14c0  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
15:25:24.0105 0x14c0  CNG - ok
15:25:24.0105 0x14c0  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:25:24.0105 0x14c0  Compbatt - ok
15:25:24.0121 0x14c0  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
15:25:24.0121 0x14c0  CompositeBus - ok
15:25:24.0121 0x14c0  COMSysApp - ok
15:25:24.0121 0x14c0  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:25:24.0121 0x14c0  crcdisk - ok
15:25:24.0152 0x14c0  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:25:24.0152 0x14c0  CryptSvc - ok
15:25:24.0168 0x14c0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:25:24.0183 0x14c0  DcomLaunch - ok
15:25:24.0199 0x14c0  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:25:24.0215 0x14c0  defragsvc - ok
15:25:24.0215 0x14c0  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:25:24.0215 0x14c0  DfsC - ok
15:25:24.0247 0x14c0  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:25:24.0247 0x14c0  Dhcp - ok
15:25:24.0247 0x14c0  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
15:25:24.0247 0x14c0  discache - ok
15:25:24.0262 0x14c0  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
15:25:24.0262 0x14c0  Disk - ok
15:25:24.0278 0x14c0  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:25:24.0294 0x14c0  Dnscache - ok
15:25:24.0309 0x14c0  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:25:24.0309 0x14c0  dot3svc - ok
15:25:24.0325 0x14c0  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
15:25:24.0325 0x14c0  DPS - ok
15:25:24.0356 0x14c0  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:25:24.0356 0x14c0  drmkaud - ok
15:25:24.0403 0x14c0  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:25:24.0418 0x14c0  DXGKrnl - ok
15:25:24.0434 0x14c0  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
15:25:24.0434 0x14c0  EapHost - ok
15:25:24.0515 0x14c0  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
15:25:24.0562 0x14c0  ebdrv - ok
15:25:24.0593 0x14c0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
15:25:24.0593 0x14c0  EFS - ok
15:25:24.0640 0x14c0  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:25:24.0655 0x14c0  ehRecvr - ok
15:25:24.0655 0x14c0  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
15:25:24.0655 0x14c0  ehSched - ok
15:25:24.0671 0x14c0  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:25:24.0687 0x14c0  elxstor - ok
15:25:24.0687 0x14c0  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:25:24.0687 0x14c0  ErrDev - ok
15:25:24.0718 0x14c0  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
15:25:24.0733 0x14c0  EventSystem - ok
15:25:24.0733 0x14c0  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
15:25:24.0733 0x14c0  exfat - ok
15:25:24.0749 0x14c0  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:25:24.0749 0x14c0  fastfat - ok
15:25:24.0765 0x14c0  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
15:25:24.0780 0x14c0  Fax - ok
15:25:24.0780 0x14c0  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
15:25:24.0780 0x14c0  fdc - ok
15:25:24.0796 0x14c0  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
15:25:24.0796 0x14c0  fdPHost - ok
15:25:24.0796 0x14c0  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:25:24.0811 0x14c0  FDResPub - ok
15:25:24.0811 0x14c0  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:25:24.0811 0x14c0  FileInfo - ok
15:25:24.0811 0x14c0  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:25:24.0811 0x14c0  Filetrace - ok
15:25:24.0811 0x14c0  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
15:25:24.0811 0x14c0  flpydisk - ok
15:25:24.0827 0x14c0  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:25:24.0827 0x14c0  FltMgr - ok
15:25:24.0874 0x14c0  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
15:25:24.0889 0x14c0  FontCache - ok
15:25:24.0921 0x14c0  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:25:24.0921 0x14c0  FontCache3.0.0.0 - ok
15:25:24.0921 0x14c0  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:25:24.0921 0x14c0  FsDepends - ok
15:25:24.0958 0x14c0  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:25:24.0958 0x14c0  Fs_Rec - ok
15:25:24.0958 0x14c0  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:25:24.0958 0x14c0  fvevol - ok
15:25:24.0973 0x14c0  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:25:24.0973 0x14c0  gagp30kx - ok
15:25:25.0005 0x14c0  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:25:25.0005 0x14c0  gpsvc - ok
15:25:25.0036 0x14c0  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:25:25.0036 0x14c0  gupdate - ok
15:25:25.0036 0x14c0  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:25:25.0051 0x14c0  gupdatem - ok
15:25:25.0051 0x14c0  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:25:25.0051 0x14c0  hcw85cir - ok
15:25:25.0083 0x14c0  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:25:25.0083 0x14c0  HdAudAddService - ok
15:25:25.0098 0x14c0  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:25:25.0098 0x14c0  HDAudBus - ok
15:25:25.0098 0x14c0  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
15:25:25.0098 0x14c0  HidBatt - ok
15:25:25.0114 0x14c0  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:25:25.0114 0x14c0  HidBth - ok
15:25:25.0114 0x14c0  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:25:25.0114 0x14c0  HidIr - ok
15:25:25.0145 0x14c0  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
15:25:25.0145 0x14c0  hidserv - ok
15:25:25.0161 0x14c0  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
15:25:25.0161 0x14c0  HidUsb - ok
15:25:25.0192 0x14c0  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:25:25.0192 0x14c0  hkmsvc - ok
15:25:25.0207 0x14c0  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:25:25.0207 0x14c0  HomeGroupListener - ok
15:25:25.0223 0x14c0  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:25:25.0223 0x14c0  HomeGroupProvider - ok
15:25:25.0239 0x14c0  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:25:25.0239 0x14c0  HpSAMD - ok
15:25:25.0254 0x14c0  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:25:25.0271 0x14c0  HTTP - ok
15:25:25.0271 0x14c0  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:25:25.0271 0x14c0  hwpolicy - ok
15:25:25.0286 0x14c0  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:25:25.0286 0x14c0  i8042prt - ok
15:25:25.0286 0x14c0  [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:25:25.0302 0x14c0  iaStorV - ok
15:25:25.0349 0x14c0  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:25:25.0364 0x14c0  idsvc - ok
15:25:25.0380 0x14c0  IEEtwCollectorService - ok
15:25:25.0380 0x14c0  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:25:25.0380 0x14c0  iirsp - ok
15:25:25.0411 0x14c0  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
15:25:25.0427 0x14c0  IKEEXT - ok
15:25:25.0442 0x14c0  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:25:25.0442 0x14c0  intelide - ok
15:25:25.0442 0x14c0  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:25:25.0442 0x14c0  intelppm - ok
15:25:25.0458 0x14c0  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:25:25.0458 0x14c0  IPBusEnum - ok
15:25:25.0458 0x14c0  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:25:25.0458 0x14c0  IpFilterDriver - ok
15:25:25.0474 0x14c0  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:25:25.0491 0x14c0  iphlpsvc - ok
15:25:25.0491 0x14c0  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:25:25.0491 0x14c0  IPMIDRV - ok
15:25:25.0491 0x14c0  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:25:25.0507 0x14c0  IPNAT - ok
15:25:25.0507 0x14c0  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:25:25.0507 0x14c0  IRENUM - ok
15:25:25.0507 0x14c0  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:25:25.0507 0x14c0  isapnp - ok
15:25:25.0522 0x14c0  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:25:25.0522 0x14c0  iScsiPrt - ok
15:25:25.0554 0x14c0  [ D85F3F18E44F7447B5F1BA5C85BAEB7C, 0FA419F9BF061AC3F81A978FAE1523904081BA6FEA6FACEA228B20F5608FCF1E ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
15:25:25.0554 0x14c0  k57nd60a - ok
15:25:25.0554 0x14c0  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:25:25.0554 0x14c0  kbdclass - ok
15:25:25.0554 0x14c0  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:25:25.0554 0x14c0  kbdhid - ok
15:25:25.0569 0x14c0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
15:25:25.0569 0x14c0  KeyIso - ok
15:25:25.0600 0x14c0  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:25:25.0600 0x14c0  KSecDD - ok
15:25:25.0616 0x14c0  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:25:25.0616 0x14c0  KSecPkg - ok
15:25:25.0632 0x14c0  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:25:25.0632 0x14c0  ksthunk - ok
15:25:25.0647 0x14c0  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:25:25.0647 0x14c0  KtmRm - ok
15:25:25.0694 0x14c0  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:25:25.0694 0x14c0  LanmanServer - ok
15:25:25.0710 0x14c0  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:25:25.0710 0x14c0  LanmanWorkstation - ok
15:25:25.0710 0x14c0  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:25:25.0710 0x14c0  lltdio - ok
15:25:25.0725 0x14c0  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:25:25.0725 0x14c0  lltdsvc - ok
15:25:25.0741 0x14c0  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:25:25.0741 0x14c0  lmhosts - ok
15:25:25.0756 0x14c0  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:25:25.0756 0x14c0  LSI_FC - ok
15:25:25.0756 0x14c0  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:25:25.0756 0x14c0  LSI_SAS - ok
15:25:25.0772 0x14c0  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:25:25.0772 0x14c0  LSI_SAS2 - ok
15:25:25.0788 0x14c0  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:25:25.0788 0x14c0  LSI_SCSI - ok
15:25:25.0803 0x14c0  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
15:25:25.0803 0x14c0  luafv - ok
15:25:25.0819 0x14c0  [ CA43F8904E24BBE49982E4C0B29E6579, 2E3E6D02980706061C478C1643F8838310DDAC573C8722AE7F3290CE36B02CB2 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
15:25:25.0819 0x14c0  MBAMProtector - ok
15:25:25.0881 0x14c0  [ 0BB29DE40C9D9529793DCDB59A43CF5B, 251001A407D32EF22F64915EEFFAAEC229073C4549BF7D9D1D4209B7D15B4681 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
15:25:25.0897 0x14c0  MBAMScheduler - ok
15:25:25.0944 0x14c0  [ 5F82D8188B370B0CF185D4AE2B9B4A0E, 549B53DD989A069E1C38347C4CEF5283DF9B428CE102799B06A20D3D8F23825F ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
15:25:25.0944 0x14c0  MBAMService - ok
15:25:25.0990 0x14c0  [ 26C43960C99EE861A5D0EDC4DCF3B1C3, 6238FB8E785652040CCE3E7044EA52066CE1BF173A1467474D64A3AB214B6BCD ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
15:25:25.0990 0x14c0  MBAMSwissArmy - ok
15:25:26.0006 0x14c0  [ A646C2DDB8C46E9B20A326FAF566646C, F46E3BF392CB4EB53D323BC8CC41EFBB9C5D7C935FECF255F524EB18583A2A37 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
15:25:26.0006 0x14c0  MBAMWebAccessControl - ok
15:25:26.0022 0x14c0  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:25:26.0022 0x14c0  Mcx2Svc - ok
15:25:26.0037 0x14c0  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:25:26.0037 0x14c0  megasas - ok
15:25:26.0037 0x14c0  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:25:26.0037 0x14c0  MegaSR - ok
15:25:26.0053 0x14c0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
15:25:26.0053 0x14c0  MMCSS - ok
15:25:26.0068 0x14c0  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
15:25:26.0068 0x14c0  Modem - ok
15:25:26.0068 0x14c0  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:25:26.0068 0x14c0  monitor - ok
15:25:26.0068 0x14c0  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:25:26.0068 0x14c0  mouclass - ok
15:25:26.0068 0x14c0  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:25:26.0068 0x14c0  mouhid - ok
15:25:26.0084 0x14c0  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:25:26.0084 0x14c0  mountmgr - ok
15:25:26.0084 0x14c0  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:25:26.0084 0x14c0  mpio - ok
15:25:26.0100 0x14c0  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:25:26.0100 0x14c0  mpsdrv - ok
15:25:26.0146 0x14c0  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:25:26.0162 0x14c0  MpsSvc - ok
15:25:26.0178 0x14c0  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:25:26.0178 0x14c0  MRxDAV - ok
15:25:26.0209 0x14c0  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:25:26.0209 0x14c0  mrxsmb - ok
15:25:26.0224 0x14c0  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:25:26.0224 0x14c0  mrxsmb10 - ok
15:25:26.0256 0x14c0  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:25:26.0256 0x14c0  mrxsmb20 - ok
15:25:26.0271 0x14c0  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:25:26.0271 0x14c0  msahci - ok
15:25:26.0271 0x14c0  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:25:26.0271 0x14c0  msdsm - ok
15:25:26.0287 0x14c0  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
15:25:26.0287 0x14c0  MSDTC - ok
15:25:26.0302 0x14c0  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:25:26.0302 0x14c0  Msfs - ok
15:25:26.0302 0x14c0  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:25:26.0302 0x14c0  mshidkmdf - ok
15:25:26.0302 0x14c0  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:25:26.0302 0x14c0  msisadrv - ok
15:25:26.0318 0x14c0  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:25:26.0318 0x14c0  MSiSCSI - ok
15:25:26.0334 0x14c0  msiserver - ok
15:25:26.0349 0x14c0  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:25:26.0349 0x14c0  MSKSSRV - ok
15:25:26.0365 0x14c0  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:25:26.0365 0x14c0  MSPCLOCK - ok
15:25:26.0365 0x14c0  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:25:26.0365 0x14c0  MSPQM - ok
15:25:26.0380 0x14c0  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:25:26.0380 0x14c0  MsRPC - ok
15:25:26.0396 0x14c0  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:25:26.0396 0x14c0  mssmbios - ok
15:25:26.0396 0x14c0  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:25:26.0396 0x14c0  MSTEE - ok
15:25:26.0396 0x14c0  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
15:25:26.0396 0x14c0  MTConfig - ok
15:25:26.0396 0x14c0  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
15:25:26.0396 0x14c0  Mup - ok
15:25:26.0412 0x14c0  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
15:25:26.0427 0x14c0  napagent - ok
15:25:26.0443 0x14c0  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:25:26.0443 0x14c0  NativeWifiP - ok
15:25:26.0474 0x14c0  [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:25:26.0490 0x14c0  NDIS - ok
15:25:26.0490 0x14c0  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:25:26.0490 0x14c0  NdisCap - ok
15:25:26.0490 0x14c0  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:25:26.0490 0x14c0  NdisTapi - ok
15:25:26.0490 0x14c0  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:25:26.0490 0x14c0  Ndisuio - ok
15:25:26.0505 0x14c0  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:25:26.0505 0x14c0  NdisWan - ok
15:25:26.0505 0x14c0  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:25:26.0505 0x14c0  NDProxy - ok
15:25:26.0505 0x14c0  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:25:26.0521 0x14c0  NetBIOS - ok
15:25:26.0521 0x14c0  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:25:26.0521 0x14c0  NetBT - ok
15:25:26.0536 0x14c0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
15:25:26.0536 0x14c0  Netlogon - ok
15:25:26.0552 0x14c0  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
15:25:26.0568 0x14c0  Netman - ok
15:25:26.0583 0x14c0  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:25:26.0583 0x14c0  NetMsmqActivator - ok
15:25:26.0583 0x14c0  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:25:26.0599 0x14c0  NetPipeActivator - ok
15:25:26.0614 0x14c0  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
15:25:26.0614 0x14c0  netprofm - ok
15:25:26.0614 0x14c0  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:25:26.0630 0x14c0  NetTcpActivator - ok
15:25:26.0630 0x14c0  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:25:26.0630 0x14c0  NetTcpPortSharing - ok
15:25:26.0630 0x14c0  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:25:26.0646 0x14c0  nfrd960 - ok
15:25:26.0677 0x14c0  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:25:26.0677 0x14c0  NlaSvc - ok
15:25:26.0677 0x14c0  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:25:26.0677 0x14c0  Npfs - ok
15:25:26.0692 0x14c0  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
15:25:26.0692 0x14c0  nsi - ok
15:25:26.0708 0x14c0  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:25:26.0708 0x14c0  nsiproxy - ok
15:25:26.0770 0x14c0  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:25:26.0802 0x14c0  Ntfs - ok
15:25:26.0802 0x14c0  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
15:25:26.0802 0x14c0  Null - ok
15:25:26.0817 0x14c0  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:25:26.0817 0x14c0  nvraid - ok
15:25:26.0817 0x14c0  [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:25:26.0817 0x14c0  nvstor - ok
15:25:26.0833 0x14c0  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:25:26.0833 0x14c0  nv_agp - ok
15:25:26.0833 0x14c0  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:25:26.0833 0x14c0  ohci1394 - ok
15:25:26.0848 0x14c0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:25:26.0864 0x14c0  p2pimsvc - ok
15:25:26.0880 0x14c0  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
15:25:26.0895 0x14c0  p2psvc - ok
15:25:26.0895 0x14c0  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
15:25:26.0895 0x14c0  Parport - ok
15:25:26.0926 0x14c0  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:25:26.0926 0x14c0  partmgr - ok
15:25:26.0942 0x14c0  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:25:26.0942 0x14c0  PcaSvc - ok
15:25:26.0960 0x14c0  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
15:25:26.0963 0x14c0  pci - ok
15:25:26.0965 0x14c0  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
15:25:26.0966 0x14c0  pciide - ok
15:25:26.0973 0x14c0  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:25:26.0977 0x14c0  pcmcia - ok
15:25:26.0977 0x14c0  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:25:26.0977 0x14c0  pcw - ok
15:25:26.0992 0x14c0  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:25:26.0992 0x14c0  PEAUTH - ok
15:25:27.0056 0x14c0  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:25:27.0056 0x14c0  PerfHost - ok
15:25:27.0099 0x14c0  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
15:25:27.0114 0x14c0  pla - ok
15:25:27.0161 0x14c0  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:25:27.0161 0x14c0  PlugPlay - ok
15:25:27.0177 0x14c0  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:25:27.0177 0x14c0  PNRPAutoReg - ok
15:25:27.0192 0x14c0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:25:27.0208 0x14c0  PNRPsvc - ok
15:25:27.0224 0x14c0  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:25:27.0239 0x14c0  PolicyAgent - ok
15:25:27.0255 0x14c0  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
15:25:27.0255 0x14c0  Power - ok
15:25:27.0270 0x14c0  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:25:27.0270 0x14c0  PptpMiniport - ok
15:25:27.0270 0x14c0  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
15:25:27.0270 0x14c0  Processor - ok
15:25:27.0302 0x14c0  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:25:27.0319 0x14c0  ProfSvc - ok
15:25:27.0319 0x14c0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:25:27.0319 0x14c0  ProtectedStorage - ok
15:25:27.0335 0x14c0  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:25:27.0335 0x14c0  Psched - ok
15:25:27.0382 0x14c0  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:25:27.0397 0x14c0  ql2300 - ok
15:25:27.0397 0x14c0  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:25:27.0397 0x14c0  ql40xx - ok
15:25:27.0413 0x14c0  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
15:25:27.0428 0x14c0  QWAVE - ok
15:25:27.0428 0x14c0  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:25:27.0428 0x14c0  QWAVEdrv - ok
15:25:27.0428 0x14c0  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:25:27.0428 0x14c0  RasAcd - ok
15:25:27.0444 0x14c0  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:25:27.0460 0x14c0  RasAgileVpn - ok
15:25:27.0460 0x14c0  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
15:25:27.0475 0x14c0  RasAuto - ok
15:25:27.0475 0x14c0  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:25:27.0475 0x14c0  Rasl2tp - ok
15:25:27.0491 0x14c0  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
15:25:27.0491 0x14c0  RasMan - ok
15:25:27.0506 0x14c0  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:25:27.0506 0x14c0  RasPppoe - ok
15:25:27.0506 0x14c0  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:25:27.0506 0x14c0  RasSstp - ok
15:25:27.0522 0x14c0  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:25:27.0522 0x14c0  rdbss - ok
15:25:27.0522 0x14c0  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
15:25:27.0522 0x14c0  rdpbus - ok
15:25:27.0522 0x14c0  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:25:27.0522 0x14c0  RDPCDD - ok
15:25:27.0538 0x14c0  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:25:27.0538 0x14c0  RDPENCDD - ok
15:25:27.0553 0x14c0  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:25:27.0553 0x14c0  RDPREFMP - ok
15:25:27.0584 0x14c0  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:25:27.0584 0x14c0  RDPWD - ok
15:25:27.0584 0x14c0  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:25:27.0600 0x14c0  rdyboost - ok
15:25:27.0600 0x14c0  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:25:27.0616 0x14c0  RemoteAccess - ok
15:25:27.0631 0x14c0  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:25:27.0631 0x14c0  RemoteRegistry - ok
15:25:27.0647 0x14c0  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:25:27.0647 0x14c0  RpcEptMapper - ok
15:25:27.0647 0x14c0  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
15:25:27.0647 0x14c0  RpcLocator - ok
15:25:27.0678 0x14c0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
15:25:27.0678 0x14c0  RpcSs - ok
15:25:27.0694 0x14c0  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:25:27.0694 0x14c0  rspndr - ok
15:25:27.0694 0x14c0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
15:25:27.0694 0x14c0  SamSs - ok
15:25:27.0694 0x14c0  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:25:27.0694 0x14c0  sbp2port - ok
15:25:27.0725 0x14c0  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:25:27.0725 0x14c0  SCardSvr - ok
15:25:27.0725 0x14c0  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:25:27.0725 0x14c0  scfilter - ok
15:25:27.0765 0x14c0  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
15:25:27.0781 0x14c0  Schedule - ok
15:25:27.0796 0x14c0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:25:27.0812 0x14c0  SCPolicySvc - ok
15:25:27.0812 0x14c0  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:25:27.0827 0x14c0  SDRSVC - ok
15:25:27.0827 0x14c0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:25:27.0827 0x14c0  secdrv - ok
15:25:27.0827 0x14c0  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
15:25:27.0827 0x14c0  seclogon - ok
15:25:27.0843 0x14c0  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
15:25:27.0843 0x14c0  SENS - ok
15:25:27.0859 0x14c0  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:25:27.0859 0x14c0  SensrSvc - ok
15:25:27.0874 0x14c0  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
15:25:27.0874 0x14c0  Serenum - ok
15:25:27.0874 0x14c0  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
15:25:27.0874 0x14c0  Serial - ok
15:25:27.0874 0x14c0  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:25:27.0874 0x14c0  sermouse - ok
15:25:27.0890 0x14c0  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
15:25:27.0890 0x14c0  SessionEnv - ok
15:25:27.0890 0x14c0  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:25:27.0890 0x14c0  sffdisk - ok
15:25:27.0905 0x14c0  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:25:27.0905 0x14c0  sffp_mmc - ok
15:25:27.0905 0x14c0  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:25:27.0905 0x14c0  sffp_sd - ok
15:25:27.0905 0x14c0  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:25:27.0905 0x14c0  sfloppy - ok
15:25:27.0921 0x14c0  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:25:27.0921 0x14c0  SharedAccess - ok
15:25:27.0952 0x14c0  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:25:27.0952 0x14c0  ShellHWDetection - ok
15:25:27.0968 0x14c0  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:25:27.0968 0x14c0  SiSRaid2 - ok
15:25:27.0968 0x14c0  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:25:27.0968 0x14c0  SiSRaid4 - ok
15:25:27.0968 0x14c0  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:25:27.0968 0x14c0  Smb - ok
15:25:27.0983 0x14c0  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:25:27.0983 0x14c0  SNMPTRAP - ok
15:25:27.0983 0x14c0  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:25:27.0999 0x14c0  spldr - ok
15:25:28.0015 0x14c0  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
15:25:28.0030 0x14c0  Spooler - ok
15:25:28.0125 0x14c0  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
15:25:28.0172 0x14c0  sppsvc - ok
15:25:28.0187 0x14c0  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:25:28.0203 0x14c0  sppuinotify - ok
15:25:28.0234 0x14c0  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:25:28.0234 0x14c0  srv - ok
15:25:28.0250 0x14c0  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:25:28.0266 0x14c0  srv2 - ok
15:25:28.0282 0x14c0  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:25:28.0282 0x14c0  srvnet - ok
15:25:28.0297 0x14c0  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:25:28.0313 0x14c0  SSDPSRV - ok
15:25:28.0313 0x14c0  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:25:28.0313 0x14c0  SstpSvc - ok
15:25:28.0362 0x14c0  [ AC8B882D658AF3070167F59AE92E5CA3, 7781475B6A49DCE239FEE2B32767A7E58188EF04BC4BB29E04B40DAFD8214E85 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
15:25:28.0362 0x14c0  Steam Client Service - ok
15:25:28.0377 0x14c0  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:25:28.0377 0x14c0  stexstor - ok
15:25:28.0393 0x14c0  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
15:25:28.0409 0x14c0  stisvc - ok
15:25:28.0409 0x14c0  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:25:28.0409 0x14c0  swenum - ok
15:25:28.0424 0x14c0  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
15:25:28.0440 0x14c0  swprv - ok
15:25:28.0471 0x14c0  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
15:25:28.0502 0x14c0  SysMain - ok
15:25:28.0518 0x14c0  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:25:28.0518 0x14c0  TabletInputService - ok
15:25:28.0533 0x14c0  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:25:28.0533 0x14c0  TapiSrv - ok
15:25:28.0549 0x14c0  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
15:25:28.0549 0x14c0  TBS - ok
15:25:28.0611 0x14c0  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:25:28.0643 0x14c0  Tcpip - ok
15:25:28.0689 0x14c0  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:25:28.0721 0x14c0  TCPIP6 - ok
15:25:28.0721 0x14c0  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:25:28.0736 0x14c0  tcpipreg - ok
15:25:28.0736 0x14c0  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:25:28.0736 0x14c0  TDPIPE - ok
15:25:28.0752 0x14c0  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:25:28.0752 0x14c0  TDTCP - ok
15:25:28.0767 0x14c0  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:25:28.0767 0x14c0  tdx - ok
15:25:28.0767 0x14c0  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:25:28.0767 0x14c0  TermDD - ok
15:25:28.0814 0x14c0  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
15:25:28.0830 0x14c0  TermService - ok
15:25:28.0845 0x14c0  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
15:25:28.0845 0x14c0  Themes - ok
15:25:28.0861 0x14c0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
15:25:28.0861 0x14c0  THREADORDER - ok
15:25:28.0877 0x14c0  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
15:25:28.0877 0x14c0  TrkWks - ok
15:25:28.0923 0x14c0  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:25:28.0923 0x14c0  TrustedInstaller - ok
15:25:28.0939 0x14c0  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:25:28.0955 0x14c0  tssecsrv - ok
15:25:28.0955 0x14c0  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:25:28.0955 0x14c0  TsUsbFlt - ok
15:25:28.0955 0x14c0  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
15:25:28.0955 0x14c0  TsUsbGD - ok
15:25:28.0972 0x14c0  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:25:28.0973 0x14c0  tunnel - ok
15:25:28.0973 0x14c0  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:25:28.0973 0x14c0  uagp35 - ok
15:25:28.0989 0x14c0  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:25:28.0989 0x14c0  udfs - ok
15:25:29.0004 0x14c0  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:25:29.0004 0x14c0  UI0Detect - ok
15:25:29.0020 0x14c0  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:25:29.0020 0x14c0  uliagpkx - ok
15:25:29.0020 0x14c0  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:25:29.0020 0x14c0  umbus - ok
15:25:29.0036 0x14c0  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
15:25:29.0036 0x14c0  UmPass - ok
15:25:29.0051 0x14c0  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
15:25:29.0051 0x14c0  upnphost - ok
15:25:29.0082 0x14c0  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:25:29.0098 0x14c0  usbaudio - ok
15:25:29.0098 0x14c0  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:25:29.0098 0x14c0  usbccgp - ok
15:25:29.0129 0x14c0  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:25:29.0129 0x14c0  usbcir - ok
15:25:29.0146 0x14c0  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:25:29.0146 0x14c0  usbehci - ok
15:25:29.0161 0x14c0  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:25:29.0161 0x14c0  usbhub - ok
15:25:29.0177 0x14c0  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:25:29.0177 0x14c0  usbohci - ok
15:25:29.0177 0x14c0  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
15:25:29.0177 0x14c0  usbprint - ok
15:25:29.0177 0x14c0  [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:25:29.0177 0x14c0  USBSTOR - ok
15:25:29.0177 0x14c0  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:25:29.0177 0x14c0  usbuhci - ok
15:25:29.0193 0x14c0  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
15:25:29.0193 0x14c0  UxSms - ok
15:25:29.0208 0x14c0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
15:25:29.0208 0x14c0  VaultSvc - ok
15:25:29.0302 0x14c0  [ 1352B215BDC5807A5641E7C143796DD7, B54F95307253BB81E4CEE4F2033782210652364DE6A1E833B27ECE7E04A2BD51 ] VBoxAswDrv      C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
15:25:29.0302 0x14c0  VBoxAswDrv - ok
15:25:29.0317 0x14c0  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:25:29.0317 0x14c0  vdrvroot - ok
15:25:29.0333 0x14c0  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
15:25:29.0349 0x14c0  vds - ok
15:25:29.0349 0x14c0  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:25:29.0349 0x14c0  vga - ok
15:25:29.0349 0x14c0  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:25:29.0349 0x14c0  VgaSave - ok
15:25:29.0365 0x14c0  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:25:29.0367 0x14c0  vhdmp - ok
15:25:29.0367 0x14c0  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:25:29.0367 0x14c0  viaide - ok
15:25:29.0367 0x14c0  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:25:29.0367 0x14c0  volmgr - ok
15:25:29.0383 0x14c0  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:25:29.0383 0x14c0  volmgrx - ok
15:25:29.0398 0x14c0  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:25:29.0398 0x14c0  volsnap - ok
15:25:29.0398 0x14c0  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:25:29.0414 0x14c0  vsmraid - ok
15:25:29.0461 0x14c0  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
15:25:29.0476 0x14c0  VSS - ok
15:25:29.0476 0x14c0  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:25:29.0476 0x14c0  vwifibus - ok
15:25:29.0492 0x14c0  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
15:25:29.0508 0x14c0  W32Time - ok
15:25:29.0508 0x14c0  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:25:29.0508 0x14c0  WacomPen - ok
15:25:29.0508 0x14c0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:25:29.0523 0x14c0  WANARP - ok
15:25:29.0523 0x14c0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:25:29.0523 0x14c0  Wanarpv6 - ok
15:25:29.0570 0x14c0  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
15:25:29.0586 0x14c0  wbengine - ok
15:25:29.0601 0x14c0  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:25:29.0601 0x14c0  WbioSrvc - ok
15:25:29.0617 0x14c0  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:25:29.0617 0x14c0  wcncsvc - ok
15:25:29.0648 0x14c0  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:25:29.0648 0x14c0  WcsPlugInService - ok
15:25:29.0648 0x14c0  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
15:25:29.0648 0x14c0  Wd - ok
15:25:29.0695 0x14c0  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:25:29.0710 0x14c0  Wdf01000 - ok
15:25:29.0710 0x14c0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:25:29.0726 0x14c0  WdiServiceHost - ok
15:25:29.0726 0x14c0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:25:29.0726 0x14c0  WdiSystemHost - ok
15:25:29.0726 0x14c0  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll
15:25:29.0742 0x14c0  WebClient - ok
15:25:29.0742 0x14c0  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:25:29.0757 0x14c0  Wecsvc - ok
15:25:29.0757 0x14c0  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:25:29.0757 0x14c0  wercplsupport - ok
15:25:29.0773 0x14c0  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:25:29.0773 0x14c0  WerSvc - ok
15:25:29.0773 0x14c0  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:25:29.0773 0x14c0  WfpLwf - ok
15:25:29.0773 0x14c0  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:25:29.0773 0x14c0  WIMMount - ok
15:25:29.0788 0x14c0  WinDefend - ok
15:25:29.0788 0x14c0  WinHttpAutoProxySvc - ok
15:25:29.0835 0x14c0  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:25:29.0835 0x14c0  Winmgmt - ok
15:25:29.0898 0x14c0  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:25:29.0929 0x14c0  WinRM - ok
15:25:29.0960 0x14c0  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:25:29.0976 0x14c0  Wlansvc - ok
15:25:29.0976 0x14c0  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:25:29.0976 0x14c0  WmiAcpi - ok
15:25:29.0991 0x14c0  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:25:29.0991 0x14c0  wmiApSrv - ok
15:25:30.0007 0x14c0  WMPNetworkSvc - ok
15:25:30.0022 0x14c0  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:25:30.0022 0x14c0  WPCSvc - ok
15:25:30.0038 0x14c0  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:25:30.0038 0x14c0  WPDBusEnum - ok
15:25:30.0038 0x14c0  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:25:30.0054 0x14c0  ws2ifsl - ok
15:25:30.0054 0x14c0  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
15:25:30.0054 0x14c0  wscsvc - ok
15:25:30.0054 0x14c0  WSearch - ok
15:25:30.0132 0x14c0  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:25:30.0178 0x14c0  wuauserv - ok
15:25:30.0178 0x14c0  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:25:30.0178 0x14c0  WudfPf - ok
15:25:30.0194 0x14c0  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:25:30.0194 0x14c0  WUDFRd - ok
15:25:30.0194 0x14c0  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:25:30.0210 0x14c0  wudfsvc - ok
15:25:30.0210 0x14c0  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:25:30.0225 0x14c0  WwanSvc - ok
15:25:30.0225 0x14c0  ================ Scan global ===============================
15:25:30.0256 0x14c0  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
15:25:30.0288 0x14c0  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
15:25:30.0288 0x14c0  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
15:25:30.0303 0x14c0  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
15:25:30.0334 0x14c0  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
15:25:30.0334 0x14c0  [ Global ] - ok
15:25:30.0334 0x14c0  ================ Scan MBR ==================================
15:25:30.0350 0x14c0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:25:30.0553 0x14c0  \Device\Harddisk0\DR0 - ok
15:25:30.0553 0x14c0  ================ Scan VBR ==================================
15:25:30.0553 0x14c0  [ ABF25C62F2A95C389516A8CD462F114B ] \Device\Harddisk0\DR0\Partition1
15:25:30.0615 0x14c0  \Device\Harddisk0\DR0\Partition1 - ok
15:25:30.0615 0x14c0  [ EF4A9A6EA5A1F114AF5C0174CC55F59F ] \Device\Harddisk0\DR0\Partition2
15:25:30.0646 0x14c0  \Device\Harddisk0\DR0\Partition2 - ok
15:25:30.0646 0x14c0  ================ Scan generic autorun ======================
15:25:30.0802 0x14c0  [ 44ADDA5FB88EE14F57A246285775AC2F, 2776225BA9F22C553453541DA0285E093B4F2019DB6FE640D033BA45045299C8 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
15:25:30.0880 0x14c0  AvastUI.exe - ok
15:25:30.0943 0x14c0  [ 5FC6AD6AE07F8827F954C4C6B73568E2, 6A2C1328BFBFB8D41CE268C2D1C26B1E2FCF2E426A98A740536689FB568ACFE9 ] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe
15:25:30.0958 0x14c0  StartCCC - ok
15:25:31.0024 0x14c0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:25:31.0055 0x14c0  Sidebar - ok
15:25:31.0086 0x14c0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:25:31.0086 0x14c0  mctadmin - ok
15:25:31.0102 0x14c0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:25:31.0133 0x14c0  Sidebar - ok
15:25:31.0133 0x14c0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:25:31.0133 0x14c0  mctadmin - ok
15:25:31.0213 0x14c0  [ 60A5CF720CE4017796DE9EB5F0B8F970, B696934264D121E6D1707CDE75CD9807157AAA33C71146D4A31739E0696C563A ] C:\Program Files (x86)\Steam\steam.exe
15:25:31.0244 0x14c0  Steam - ok
15:25:31.0244 0x14c0  Waiting for KSN requests completion. In queue: 255
15:25:32.0258 0x14c0  Waiting for KSN requests completion. In queue: 255
15:25:33.0265 0x14c0  Waiting for KSN requests completion. In queue: 255
15:25:34.0266 0x14c0  Waiting for KSN requests completion. In queue: 255
15:25:35.0284 0x14c0  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x41000 ( enabled : updated )
15:25:35.0284 0x14c0  Win FW state via NFP2: enabled
15:25:38.0116 0x14c0  ============================================================
15:25:38.0116 0x14c0  Scan finished
15:25:38.0116 0x14c0  ============================================================
15:25:38.0116 0x1650  Detected object count: 0
15:25:38.0116 0x1650  Actual detected object count: 0



#5 Nikopol555

Nikopol555
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 29 January 2015 - 09:29 AM

I was unsure if had to copypaste the logs or post them as attachments, so i copypasted them. If there's any problem with that let me know.



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:45 AM

Posted 30 January 2015 - 03:48 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

 

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Nikopol555

Nikopol555
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 30 January 2015 - 12:12 PM

I already had Malwarebytes installed and i already ran a scan that resulted in the quarantine of two registry keys, that's the log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 28/01/2015
Scan Time: 23:36:49
Logfile: 
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.28.10
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Nicola

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 314900
Time Elapsed: 6 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 2
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, 91.212.124.159 8.8.8.8, Good: (), Bad: (91.212.124.159),Replaced,[c2081ae2276263d35e3713988085ce32]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{9489338E-5522-46EB-9E94-B03E83F9E249}|DhcpNameServer, 91.212.124.159 8.8.8.8, Good: (), Bad: (91.212.124.159),Replaced,[b01a50ac30594aec85104a61927329d7]

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Since that log is a couple of days old I deleted the suspect objects from quarantine, I restarted the pc and did the scan all over again. This time it didn't find any threats:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 30/01/2015
Scan Time: 17:55:08
Logfile: 
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.30.06
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Nicola

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316055
Time Elapsed: 5 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Seems deleting it from quarantine removed it completely from the computer?



#8 Nikopol555

Nikopol555
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 30 January 2015 - 12:51 PM

ESET Online Scanner hasn't found any threats.



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:45 AM

Posted 02 February 2015 - 05:01 AM

Scan with RogueKiller

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • You´ll find the log as RKreport[1].txt on your desktop also.
  • Exit/Close RogueKiller.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 Nikopol555

Nikopol555
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 02 February 2015 - 11:49 AM

RogueKiller scan results:

RogueKiller V10.2.0.0 [Jan 19 2015] di Adlice Software
posta : http://www.adlice.com/contact/
Commenti : http://forum.adlice.com
Sito Web : http://www.adlice.com/softwares/roguekiller/
Discussione : http://www.adlice.com

Sistema Operativo : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniziato in : Modalità Normale
Utente : Nicola [Amministratore]
Modalità : Scansione -- Data : 02/02/2015  17:47:36

¤¤¤ Processi : 0 ¤¤¤

¤¤¤ Registro : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 23.109.34.237 8.8.8.8  -> Trovato
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{9489338E-5522-46EB-9E94-B03E83F9E249} | DhcpNameServer : 23.109.34.237 8.8.8.8  -> Trovato
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Trovato
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Trovato
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Trovato
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Trovato

¤¤¤ Attività : 0 ¤¤¤

¤¤¤ Archivi : 0 ¤¤¤

¤¤¤ Archivio Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Non caricato [0xc000036b]) ¤¤¤

¤¤¤ Web Browser : 0 ¤¤¤

¤¤¤ Controllo MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD1001FAES-75W7A0 +++++
--- User ---
[MBR] 626857be8437d14315a02e5164f267be
[BSP] 7dcd965fa3d87b184cbb747078b57ca4 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] 626857be8437d14315a02e5164f267be
[BSP] 7dcd965fa3d87b184cbb747078b57ca4 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Error reading VBR! ([3e6] Invalid access to memory location. )]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Error reading VBR! ([3e6] Invalid access to memory location. )]

+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_02022015_174404.log


#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:45 AM

Posted 04 February 2015 - 08:23 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 Nikopol555

Nikopol555
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 04 February 2015 - 12:48 PM

adwCleaner cleanup results:

# AdwCleaner v4.109 - Report created 04/02/2015 at 18:29:29
# Updated 24/01/2015 by Xplode
# Database : 2015-02-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Nicola - NICOLA-PC
# Running from : C:\Users\Nicola\Downloads\adwcleaner_4.109.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v40.0.2214.94


*************************

AdwCleaner[R0].txt - [840 octets] - [04/02/2015 18:27:55]
AdwCleaner[S0].txt - [764 octets] - [04/02/2015 18:29:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [823 octets] ##########

Junkware Removal Tool scan results:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Nicola on 04/02/2015 at 18:43:56,22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/02/2015 at 18:46:46,91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#13 Nikopol555

Nikopol555
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 04 February 2015 - 12:54 PM

SecurityCheck scan results:

 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u] 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u] 
 [b][color=green] Java 64-bit 8 Update 31[/b][/color]  
 Google Chrome (40.0.2214.93) 
 Google Chrome (40.0.2214.94) 
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast avastui.exe  
 AVAST Software Avast ng ngservice.exe 
[b][u]`````````````````System Health check`````````````````[/b][/u] 
 Total Fragmentation on Drive C: 0% 
[b][u]````````````````````End of Log``````````````````````[/b][/u] 



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:45 AM

Posted 05 February 2015 - 03:28 AM

Your system is clean now! :)

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.




Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 Nikopol555

Nikopol555
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 05 February 2015 - 07:29 AM

Ok, i followed those steps in order to secure my PC, I have only one question left: do you recommend using an additional firewall other than the Windows one? If so, which one?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users