Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Rootkit/bootkit infection reinstalled windows not helping


  • This topic is locked This topic is locked
28 replies to this topic

#1 garrys1

garrys1

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 16 April 2016 - 12:55 PM

I tryed to run FRST but it says

 

​Line 18555 (File ""):

 

 

Error: This keyword cannot be used after a "Then" keyword.



BC AdBot (Login to Remove)

 


#2 garrys1

garrys1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 16 April 2016 - 05:21 PM

Hello i got more information for my helper what i found about this possible rootkit/bootkit i attached a picture what i seen with active partition manager program about this u see unallocated space i never made this or i never modified anything so this must be the possible "bootkit" and i need help for remove this.. Thanks

Attached Files



#3 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:12:32 PM

Posted 16 April 2016 - 09:19 PM

Hi garrys1,

Welcome to BleepingComputer. My name is dbrisendine and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at BleepingComputer are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


    - Save ALL Tools to your Desktop-
     

    All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

    Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
    Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
    "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
    Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
    and the click the "Select Folder" button. Click OK to get out of the Options menu.
    IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
    select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
    NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
     

Let's get started....


Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.

  • Do not reboot the computer, you will need to run the application again.



Please delete the copy of FRST64.exe you have on your desktop.

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.

  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update.  Allow it do this please.
  • Once the tool shows "The tool is ready to use." message, please press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.



Please download Malwarebytes Anti-Rootkit from here
  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

 


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#4 garrys1

garrys1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 17 April 2016 - 08:37 AM

here is all logs below

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-04-2016
Ran by uue (administrator) on DESKTOP-NOUD51E (17-04-2016 16:15:11)
Running from C:\Users\uue\Desktop
Loaded Profiles: uue (Available Profiles: uue)
Platform: Windows 10 Home Version 1511 (X64) Language: suomi (Suomi)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804432 2015-11-27] (NVIDIA Corporation)
HKU\S-1-5-21-570155457-1763276045-3915574387-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 62.145.169.130 213.145.216.231
Tcpip\..\Interfaces\{886b7e9b-750b-4771-90ff-2c620b73f878}: [DhcpNameServer] 62.145.169.130 213.145.216.231
 
Internet Explorer:
==================
 
FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-17] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\uue\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google-dokumentit) - C:\Users\uue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-17]
CHR Extension: (Google Drive) - C:\Users\uue\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-17]
CHR Extension: (YouTube) - C:\Users\uue\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-17]
CHR Extension: (Google-taulukot) - C:\Users\uue\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-17]
CHR Extension: (Google Docsin offline-tila) - C:\Users\uue\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-17]
CHR Extension: (Chrome Web Storen maksut) - C:\Users\uue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-17]
CHR Extension: (Gmail) - C:\Users\uue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-17]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-17] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [194624 2016-02-10] (Intel Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-17 16:15 - 2016-04-17 16:15 - 00006525 _____ C:\Users\uue\Desktop\FRST.txt
2016-04-17 16:15 - 2016-04-17 16:15 - 00000000 ____D C:\FRST
2016-04-17 16:14 - 2016-04-17 16:15 - 02375168 _____ (Farbar) C:\Users\uue\Desktop\FRST64.exe
2016-04-17 16:11 - 2016-04-17 16:12 - 00001998 _____ C:\Users\uue\Desktop\Rkill.txt
2016-04-17 16:10 - 2016-04-17 16:11 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\uue\Desktop\rkill.com
2016-04-17 15:51 - 2016-04-17 16:08 - 00001030 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-17 15:51 - 2016-04-17 15:51 - 00987728 _____ (Google Inc.) C:\Users\uue\Downloads\ChromeSetup.exe
2016-04-17 15:51 - 2016-04-17 15:51 - 00004092 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-17 15:51 - 2016-04-17 15:51 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-17 15:51 - 2016-04-17 15:51 - 00002338 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-17 15:51 - 2016-04-17 15:51 - 00002326 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-17 15:51 - 2016-04-17 15:51 - 00001034 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-17 15:51 - 2016-04-17 15:51 - 00000000 ____D C:\Users\uue\AppData\Local\Google
2016-04-17 15:51 - 2016-04-17 15:51 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-17 04:43 - 2016-04-17 04:43 - 00000000 ____D C:\Users\uue\AppData\Local\Steam
2016-04-17 04:43 - 2016-04-17 04:43 - 00000000 ____D C:\Users\uue\AppData\Local\CEF
2016-04-17 04:40 - 2016-04-17 16:08 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-17 04:40 - 2016-04-17 04:40 - 00001032 _____ C:\Users\Public\Desktop\Steam.lnk
2016-04-17 04:40 - 2016-04-17 04:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-04-17 03:06 - 2016-04-17 03:06 - 00000000 ____D C:\Users\uue\AppData\Roaming\Mael
2016-04-17 03:01 - 2016-04-17 03:09 - 00000000 __SHD C:\Users\Public\DRM
2016-04-17 01:16 - 2016-04-17 01:18 - 00000000 ____D C:\Users\uue\Documents\Bandicam
2016-04-17 01:16 - 2016-04-17 01:16 - 00001057 _____ C:\Users\Public\Desktop\Bandicam.lnk
2016-04-17 01:16 - 2016-04-17 01:16 - 00000000 ____D C:\Users\uue\AppData\Roaming\BANDISOFT
2016-04-17 01:16 - 2016-04-17 01:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2016-04-17 01:16 - 2016-04-17 01:16 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2016-04-17 01:16 - 2016-04-17 01:16 - 00000000 ____D C:\Program Files (x86)\Bandicam
2016-04-17 01:14 - 2016-04-17 13:31 - 00004182 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{26224F2A-FEA4-40B3-9602-D0F27E93C3B1}
2016-04-17 01:13 - 2016-04-17 03:17 - 00000000 ____D C:\Program Files\LSoft Technologies
2016-04-17 01:13 - 2016-04-17 01:13 - 00000000 ____D C:\Users\uue\AppData\Local\Apps\2.0
2016-04-17 01:13 - 2016-04-17 01:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ Partition Manager
2016-04-17 01:10 - 2016-04-17 01:27 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Free 9.1
2016-04-17 01:10 - 2015-08-11 12:22 - 03067392 _____ C:\Windows\system32\pwNative.exe
2016-04-17 01:10 - 2013-09-30 15:26 - 00019152 ____N C:\Windows\system32\pwdrvio.sys
2016-04-17 01:10 - 2013-09-30 15:26 - 00012504 ____N C:\Windows\system32\pwdspio.sys
2016-04-17 01:08 - 2016-04-17 01:08 - 00000000 ____D C:\Program Files (x86)\EaseUS
2016-04-16 20:41 - 2016-04-17 16:08 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-16 20:41 - 2016-04-16 20:41 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-16 20:41 - 2016-04-16 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-16 20:41 - 2016-04-16 20:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-16 20:41 - 2016-04-16 20:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-16 20:41 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-16 20:41 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-16 20:41 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-16 20:39 - 2016-04-16 20:39 - 00000000 ____D C:\Users\uue\AppData\Roaming\Macromedia
2016-04-16 20:34 - 2016-04-16 20:34 - 00000000 ____D C:\Users\uue\AppData\Local\MicrosoftEdge
2016-04-16 20:31 - 2016-04-16 20:31 - 00000000 ____D C:\Users\uue\AppData\Local\NVIDIA
2016-04-16 20:24 - 2016-04-16 20:25 - 00000000 ____D C:\Windows\system32\MRT
2016-04-16 20:24 - 2016-04-16 20:24 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-16 20:24 - 2016-04-02 07:13 - 00369912 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-04-16 20:24 - 2016-04-02 06:19 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-04-16 20:24 - 2016-04-02 06:14 - 03994624 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2016-04-16 20:24 - 2016-04-02 06:07 - 03575296 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-16 20:24 - 2016-04-02 06:07 - 02158592 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-04-16 20:24 - 2016-03-29 13:20 - 07474016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-16 20:24 - 2016-03-29 13:20 - 02656952 _____ C:\Windows\system32\CoreUIComponents.dll
2016-04-16 20:24 - 2016-03-29 13:18 - 02152280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-04-16 20:24 - 2016-03-29 12:56 - 01297752 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2016-04-16 20:24 - 2016-03-29 12:37 - 01862008 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2016-04-16 20:24 - 2016-03-29 12:13 - 00986976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2016-04-16 20:24 - 2016-03-29 12:11 - 00605440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-04-16 20:24 - 2016-03-29 10:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\wininetlui.dll
2016-04-16 20:24 - 2016-03-29 10:58 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-16 20:24 - 2016-03-29 10:37 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2016-04-16 20:24 - 2016-03-29 10:34 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2016-04-16 20:24 - 2016-03-29 10:32 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-04-16 20:24 - 2016-03-29 10:20 - 00948736 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthManager.dll
2016-04-16 20:24 - 2016-03-29 10:16 - 00852480 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2016-04-16 20:24 - 2016-03-29 10:15 - 01714688 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2016-04-16 20:24 - 2016-03-29 10:15 - 00970752 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-16 20:24 - 2016-03-29 10:14 - 00965632 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2016-04-16 20:24 - 2016-03-29 10:14 - 00859136 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2016-04-16 20:24 - 2016-03-29 10:12 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininetlui.dll
2016-04-16 20:24 - 2016-03-29 10:12 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-16 20:24 - 2016-03-29 10:10 - 01388544 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-04-16 20:24 - 2016-03-29 10:10 - 00938496 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2016-04-16 20:24 - 2016-03-29 10:07 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2016-04-16 20:24 - 2016-03-29 10:05 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2016-04-16 20:24 - 2016-03-29 10:02 - 02624512 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2016-04-16 20:24 - 2016-03-29 10:00 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\TextInputFramework.dll
2016-04-16 20:24 - 2016-03-29 09:42 - 03592704 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-04-16 20:24 - 2016-03-29 09:37 - 01444352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2016-04-16 20:24 - 2016-03-29 09:37 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2016-04-16 20:24 - 2016-03-29 09:37 - 00792064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-16 20:24 - 2016-03-29 09:36 - 00649728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-16 20:24 - 2016-03-29 09:32 - 01731584 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-16 20:24 - 2016-03-29 09:32 - 01098240 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2016-04-16 20:24 - 2016-03-29 09:31 - 02275328 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-04-16 20:24 - 2016-03-29 09:31 - 01946112 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-04-16 20:24 - 2016-03-29 09:30 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2016-04-16 20:24 - 2016-03-29 09:28 - 01944576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2016-04-16 20:24 - 2016-03-29 09:27 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TextInputFramework.dll
2016-04-16 20:24 - 2016-03-29 09:26 - 02755584 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-16 20:24 - 2016-03-29 09:19 - 02635776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-04-16 20:24 - 2016-03-29 09:05 - 07199232 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2016-04-16 20:24 - 2016-03-29 09:05 - 01626624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-04-16 20:24 - 2016-03-29 09:05 - 01500672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-16 20:24 - 2016-03-29 09:05 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-16 20:24 - 2016-03-29 09:02 - 02229760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-16 20:24 - 2016-03-29 09:01 - 13018624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-04-16 20:24 - 2016-03-29 08:56 - 16985600 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-04-16 20:24 - 2016-03-29 08:52 - 11545600 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-04-16 20:24 - 2016-03-29 08:51 - 22378496 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-04-16 20:24 - 2016-03-29 08:51 - 09918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-04-16 20:24 - 2016-03-29 08:49 - 05202944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2016-04-16 20:24 - 2016-03-29 08:45 - 03078144 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2016-04-16 20:24 - 2016-03-29 08:41 - 24602112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-16 20:24 - 2016-03-29 08:41 - 12125184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-16 20:24 - 2016-03-29 08:39 - 13382656 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-16 20:24 - 2016-03-29 08:38 - 18673664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-04-16 20:24 - 2016-03-29 08:37 - 19340800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-16 20:24 - 2016-03-29 08:36 - 02722816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2016-04-16 20:24 - 2016-03-29 08:27 - 07836160 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-04-16 20:24 - 2016-03-29 08:27 - 05662208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-04-16 20:24 - 2016-03-01 08:31 - 00848168 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-04-16 20:24 - 2016-03-01 08:22 - 00709688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-04-16 20:24 - 2016-02-24 12:52 - 01997328 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-16 20:24 - 2016-02-24 12:48 - 00713568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-16 20:24 - 2016-02-24 12:47 - 01173344 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-16 20:24 - 2016-02-24 12:40 - 00513888 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-16 20:24 - 2016-02-24 12:34 - 01613664 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-04-16 20:24 - 2016-02-24 12:28 - 03449168 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2016-04-16 20:24 - 2016-02-24 12:15 - 01557768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-16 20:24 - 2016-02-24 11:50 - 00808800 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2016-04-16 20:24 - 2016-02-24 11:46 - 06607080 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2016-04-16 20:24 - 2016-02-24 11:11 - 01997152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-04-16 20:24 - 2016-02-24 11:10 - 00576864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-04-16 20:24 - 2016-02-24 11:06 - 05242496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-04-16 20:24 - 2016-02-24 09:34 - 00938496 _____ (Microsoft Corporation) C:\Windows\system32\ContactApis.dll
2016-04-16 20:24 - 2016-02-24 09:18 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\UserDataService.dll
2016-04-16 20:24 - 2016-02-24 09:07 - 00949248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2016-04-16 20:24 - 2016-02-24 08:55 - 01996288 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2016-04-16 20:24 - 2016-02-24 08:34 - 01707520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2016-04-16 20:24 - 2016-02-24 08:12 - 05321728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-04-16 20:24 - 2016-02-24 08:09 - 06972416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-04-16 20:24 - 2016-02-24 08:05 - 12586496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-04-16 20:24 - 2016-02-24 08:03 - 14252544 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-04-16 20:24 - 2016-02-23 14:25 - 01818696 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-16 20:24 - 2016-02-23 13:34 - 01542816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-16 20:24 - 2016-02-23 13:32 - 08705672 _____ (Microsoft Corp.) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2016-04-16 20:24 - 2016-02-23 13:32 - 02544264 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-04-16 20:24 - 2016-02-23 13:32 - 01152328 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2016-04-16 20:24 - 2016-02-23 13:32 - 01062480 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2016-04-16 20:24 - 2016-02-23 13:31 - 01017032 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2016-04-16 20:24 - 2016-02-23 13:31 - 00819648 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2016-04-16 20:24 - 2016-02-23 13:31 - 00536256 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-04-16 20:24 - 2016-02-23 13:31 - 00408120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-04-16 20:24 - 2016-02-23 13:25 - 03671888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-16 20:24 - 2016-02-23 13:21 - 22564328 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-04-16 20:24 - 2016-02-23 12:45 - 02773096 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2016-04-16 20:24 - 2016-02-23 12:38 - 06952088 _____ (Microsoft Corp.) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-04-16 20:24 - 2016-02-23 12:38 - 02180136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-04-16 20:24 - 2016-02-23 12:38 - 00980352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2016-04-16 20:24 - 2016-02-23 12:38 - 00895080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2016-04-16 20:24 - 2016-02-23 12:38 - 00882720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2016-04-16 20:24 - 2016-02-23 12:37 - 00713824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2016-04-16 20:24 - 2016-02-23 12:30 - 02919320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-16 20:24 - 2016-02-23 12:27 - 21124344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-04-16 20:24 - 2016-02-23 12:20 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\XblGameSave.dll
2016-04-16 20:24 - 2016-02-23 12:17 - 00649216 _____ (Microsoft Corporation) C:\Windows\system32\ngcsvc.dll
2016-04-16 20:24 - 2016-02-23 11:56 - 02186864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2016-04-16 20:24 - 2016-02-23 11:53 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\ngckeyenum.dll
2016-04-16 20:24 - 2016-02-23 11:37 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\DisplayManager.dll
2016-04-16 20:24 - 2016-02-23 11:29 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SmsRouterSvc.dll
2016-04-16 20:24 - 2016-02-23 11:28 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2016-04-16 20:24 - 2016-02-23 11:14 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.AccountsControl.dll
2016-04-16 20:24 - 2016-02-23 11:10 - 00997376 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2016-04-16 20:24 - 2016-02-23 11:04 - 01131520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Audio.dll
2016-04-16 20:24 - 2016-02-23 11:02 - 01318912 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2016-04-16 20:24 - 2016-02-23 10:52 - 00456704 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll
2016-04-16 20:24 - 2016-02-23 10:49 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DisplayManager.dll
2016-04-16 20:24 - 2016-02-23 10:37 - 01118208 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-04-16 20:24 - 2016-02-23 10:31 - 00585216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.AccountsControl.dll
2016-04-16 20:24 - 2016-02-23 10:24 - 04827136 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-04-16 20:24 - 2016-02-23 10:24 - 01105920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll
2016-04-16 20:24 - 2016-02-23 10:14 - 00990720 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2016-04-16 20:24 - 2016-02-23 09:56 - 04412928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-04-16 20:24 - 2016-02-23 09:55 - 04894208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-16 20:24 - 2016-02-23 09:41 - 02912256 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2016-04-16 20:24 - 2016-02-23 09:39 - 02581504 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-04-16 20:24 - 2016-02-23 09:36 - 03666432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-16 20:24 - 2016-02-23 09:35 - 07533568 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-04-16 20:24 - 2016-02-23 09:33 - 02604032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2016-04-16 20:24 - 2016-02-23 09:30 - 02061312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-04-16 20:24 - 2016-02-23 09:28 - 06740992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-04-16 20:23 - 2016-04-02 07:10 - 00770640 _____ (Microsoft Corporation) C:\Windows\system32\iuilp.dll
2016-04-16 20:23 - 2016-04-02 07:10 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Shell.Broker.dll
2016-04-16 20:23 - 2016-04-02 07:10 - 00374008 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2016-04-16 20:23 - 2016-04-02 06:30 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\VEStoreEventHandlers.dll
2016-04-16 20:23 - 2016-04-02 06:29 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\VEDataLayerHelpers.dll
2016-04-16 20:23 - 2016-04-02 06:29 - 00083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEDataLayerHelpers.dll
2016-04-16 20:23 - 2016-04-02 06:26 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\PhoneProviders.dll
2016-04-16 20:23 - 2016-04-02 06:25 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\NotificationObjFactory.dll
2016-04-16 20:23 - 2016-04-02 06:25 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NotificationObjFactory.dll
2016-04-16 20:23 - 2016-04-02 06:23 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2016-04-16 20:23 - 2016-04-02 06:23 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2016-04-16 20:23 - 2016-04-02 06:21 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2016-04-16 20:23 - 2016-04-02 06:18 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2016-04-16 20:23 - 2016-04-02 06:15 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2016-04-16 20:23 - 2016-04-02 06:09 - 01832448 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-04-16 20:23 - 2016-04-02 06:08 - 02193408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2016-04-16 20:23 - 2016-04-02 06:03 - 04774912 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-04-16 20:23 - 2016-04-02 06:00 - 01390080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2016-04-16 20:23 - 2016-03-29 13:23 - 00277856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2016-04-16 20:23 - 2016-03-29 13:22 - 01030416 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-16 20:23 - 2016-03-29 13:22 - 00874968 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-04-16 20:23 - 2016-03-29 13:20 - 01317640 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-16 20:23 - 2016-03-29 13:20 - 01141504 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-04-16 20:23 - 2016-03-29 13:15 - 00100232 _____ (Microsoft Corporation) C:\Windows\system32\omadmapi.dll
2016-04-16 20:23 - 2016-03-29 13:11 - 00686976 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-04-16 20:23 - 2016-03-29 13:05 - 01152864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-04-16 20:23 - 2016-03-29 13:02 - 00989536 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2016-04-16 20:23 - 2016-03-29 13:02 - 00334736 _____ (Microsoft Corporation) C:\Windows\system32\policymanager.dll
2016-04-16 20:23 - 2016-03-29 12:28 - 00696664 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-04-16 20:23 - 2016-03-29 12:28 - 00535080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-04-16 20:23 - 2016-03-29 12:28 - 00115040 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2016-04-16 20:23 - 2016-03-29 12:25 - 00258912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ufx01000.sys
2016-04-16 20:23 - 2016-03-29 12:25 - 00058400 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.dll
2016-04-16 20:23 - 2016-03-29 12:19 - 00296488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\policymanager.dll
2016-04-16 20:23 - 2016-03-29 12:18 - 00185184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2016-04-16 20:23 - 2016-03-29 12:17 - 00300104 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2016-04-16 20:23 - 2016-03-29 12:11 - 00074424 _____ (Microsoft Corporation) C:\Windows\system32\easinvoker.exe
2016-04-16 20:23 - 2016-03-29 12:10 - 00110584 _____ (Microsoft Corporation) C:\Windows\system32\srvcli.dll
2016-04-16 20:23 - 2016-03-29 12:09 - 00078040 _____ (Microsoft Corporation) C:\Windows\system32\wkscli.dll
2016-04-16 20:23 - 2016-03-29 12:08 - 00358752 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-16 20:23 - 2016-03-29 12:08 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\LsaIso.exe
2016-04-16 20:23 - 2016-03-29 12:07 - 00081144 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2016-04-16 20:23 - 2016-03-29 11:44 - 00502104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-04-16 20:23 - 2016-03-29 11:44 - 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2016-04-16 20:23 - 2016-03-29 11:41 - 00630632 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-04-16 20:23 - 2016-03-29 11:41 - 00051128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsNativeApi.dll
2016-04-16 20:23 - 2016-03-29 11:32 - 00253088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
2016-04-16 20:23 - 2016-03-29 11:26 - 02403680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-04-16 20:23 - 2016-03-29 11:26 - 01089888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2016-04-16 20:23 - 2016-03-29 11:26 - 00073872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srvcli.dll
2016-04-16 20:23 - 2016-03-29 11:25 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wkscli.dll
2016-04-16 20:23 - 2016-03-29 11:24 - 00294752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-16 20:23 - 2016-03-29 11:23 - 00069744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2016-04-16 20:23 - 2016-03-29 11:21 - 00378208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2016-04-16 20:23 - 2016-03-29 11:17 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\MapsCSP.dll
2016-04-16 20:23 - 2016-03-29 11:16 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xinputhid.sys
2016-04-16 20:23 - 2016-03-29 11:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.V2.dll
2016-04-16 20:23 - 2016-03-29 11:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\policymanagerprecheck.dll
2016-04-16 20:23 - 2016-03-29 11:07 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-04-16 20:23 - 2016-03-29 11:07 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\dmenterprisediagnostics.dll
2016-04-16 20:23 - 2016-03-29 11:07 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll
2016-04-16 20:23 - 2016-03-29 11:06 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-04-16 20:23 - 2016-03-29 11:06 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\oleacchooks.dll
2016-04-16 20:23 - 2016-03-29 11:02 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-04-16 20:23 - 2016-03-29 11:01 - 00541304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-04-16 20:23 - 2016-03-29 11:00 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\NetCfgNotifyObjectHost.exe
2016-04-16 20:23 - 2016-03-29 11:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\fveskybackup.dll
2016-04-16 20:23 - 2016-03-29 11:00 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mapsupdatetask.dll
2016-04-16 20:23 - 2016-03-29 10:59 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManagerShellext.exe
2016-04-16 20:23 - 2016-03-29 10:57 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2016-04-16 20:23 - 2016-03-29 10:57 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-16 20:23 - 2016-03-29 10:57 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\MosStorage.dll
2016-04-16 20:23 - 2016-03-29 10:57 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2016-04-16 20:23 - 2016-03-29 10:55 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvc.dll
2016-04-16 20:23 - 2016-03-29 10:55 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys
2016-04-16 20:23 - 2016-03-29 10:55 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\tbauth.dll
2016-04-16 20:23 - 2016-03-29 10:54 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-16 20:23 - 2016-03-29 10:53 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\FontProvider.dll
2016-04-16 20:23 - 2016-03-29 10:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\TokenBrokerCookies.exe
2016-04-16 20:23 - 2016-03-29 10:51 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\dafBth.dll
2016-04-16 20:23 - 2016-03-29 10:51 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\tzautoupdate.dll
2016-04-16 20:23 - 2016-03-29 10:50 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfgLib.dll
2016-04-16 20:23 - 2016-03-29 10:50 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
2016-04-16 20:23 - 2016-03-29 10:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\moshost.dll
2016-04-16 20:23 - 2016-03-29 10:50 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\OnDemandConnRouteHelper.dll
2016-04-16 20:23 - 2016-03-29 10:50 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\wuautoappupdate.dll
2016-04-16 20:23 - 2016-03-29 10:49 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2016-04-16 20:23 - 2016-03-29 10:48 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Devices.dll
2016-04-16 20:23 - 2016-03-29 10:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\AppCapture.dll
2016-04-16 20:23 - 2016-03-29 10:46 - 00365568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-04-16 20:23 - 2016-03-29 10:46 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2016-04-16 20:23 - 2016-03-29 10:44 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\DAFWSD.dll
2016-04-16 20:23 - 2016-03-29 10:42 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2016-04-16 20:23 - 2016-03-29 10:39 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2016-04-16 20:23 - 2016-03-29 10:38 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-04-16 20:23 - 2016-03-29 10:36 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2016-04-16 20:23 - 2016-03-29 10:36 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2016-04-16 20:23 - 2016-03-29 10:35 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2016-04-16 20:23 - 2016-03-29 10:35 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\credprovhost.dll
2016-04-16 20:23 - 2016-03-29 10:34 - 00686592 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2016-04-16 20:23 - 2016-03-29 10:34 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-04-16 20:23 - 2016-03-29 10:34 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2016-04-16 20:23 - 2016-03-29 10:33 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2016-04-16 20:23 - 2016-03-29 10:32 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
2016-04-16 20:23 - 2016-03-29 10:30 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2016-04-16 20:23 - 2016-03-29 10:30 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-16 20:23 - 2016-03-29 10:28 - 00460288 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2016-04-16 20:23 - 2016-03-29 10:27 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2016-04-16 20:23 - 2016-03-29 10:26 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\mdmmigrator.dll
2016-04-16 20:23 - 2016-03-29 10:23 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2016-04-16 20:23 - 2016-03-29 10:23 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\MessagingDataModel2.dll
2016-04-16 20:23 - 2016-03-29 10:23 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
2016-04-16 20:23 - 2016-03-29 10:22 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\AccountsRt.dll
2016-04-16 20:23 - 2016-03-29 10:21 - 00330240 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-16 20:23 - 2016-03-29 10:20 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\AboveLockAppHost.dll
2016-04-16 20:23 - 2016-03-29 10:20 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsNativeApi.V2.dll
2016-04-16 20:23 - 2016-03-29 10:20 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsdchngr.dll
2016-04-16 20:23 - 2016-03-29 10:19 - 00556032 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2016-04-16 20:23 - 2016-03-29 10:19 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-04-16 20:23 - 2016-03-29 10:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacchooks.dll
2016-04-16 20:23 - 2016-03-29 10:18 - 00676352 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2016-04-16 20:23 - 2016-03-29 10:17 - 01056256 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2016-04-16 20:23 - 2016-03-29 10:17 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-16 20:23 - 2016-03-29 10:17 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\CredProvDataModel.dll
2016-04-16 20:23 - 2016-03-29 10:16 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-04-16 20:23 - 2016-03-29 10:13 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2016-04-16 20:23 - 2016-03-29 10:12 - 00471552 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2016-04-16 20:23 - 2016-03-29 10:11 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2016-04-16 20:23 - 2016-03-29 10:11 - 00881664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2016-04-16 20:23 - 2016-03-29 10:11 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2016-04-16 20:23 - 2016-03-29 10:11 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-16 20:23 - 2016-03-29 10:11 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosStorage.dll
2016-04-16 20:23 - 2016-03-29 10:11 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2016-04-16 20:23 - 2016-03-29 10:09 - 01239552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2016-04-16 20:23 - 2016-03-29 10:09 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll
2016-04-16 20:23 - 2016-03-29 10:09 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbauth.dll
2016-04-16 20:23 - 2016-03-29 10:08 - 00888320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2016-04-16 20:23 - 2016-03-29 10:08 - 00841216 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-04-16 20:23 - 2016-03-29 10:08 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-16 20:23 - 2016-03-29 10:07 - 01902592 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-16 20:23 - 2016-03-29 10:06 - 01575936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.dll
2016-04-16 20:23 - 2016-03-29 10:06 - 00848896 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-04-16 20:23 - 2016-03-29 10:06 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBrokerCookies.exe
2016-04-16 20:23 - 2016-03-29 10:05 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-16 20:23 - 2016-03-29 10:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Devices.dll
2016-04-16 20:23 - 2016-03-29 10:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-04-16 20:23 - 2016-03-29 10:02 - 01211904 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Cred.dll
2016-04-16 20:23 - 2016-03-29 10:02 - 00303104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-04-16 20:23 - 2016-03-29 10:00 - 00235008 _____ C:\Windows\system32\MTF.dll
2016-04-16 20:23 - 2016-03-29 10:00 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-16 20:23 - 2016-03-29 10:00 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll
2016-04-16 20:23 - 2016-03-29 09:59 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-16 20:23 - 2016-03-29 09:59 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerDeviceEncryption.exe
2016-04-16 20:23 - 2016-03-29 09:59 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\InputLocaleManager.dll
2016-04-16 20:23 - 2016-03-29 09:56 - 00821760 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2016-04-16 20:23 - 2016-03-29 09:56 - 00415232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2016-04-16 20:23 - 2016-03-29 09:55 - 01052160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll
2016-04-16 20:23 - 2016-03-29 09:53 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2016-04-16 20:23 - 2016-03-29 09:53 - 00193024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credprovhost.dll
2016-04-16 20:23 - 2016-03-29 09:52 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2016-04-16 20:23 - 2016-03-29 09:52 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll
2016-04-16 20:23 - 2016-03-29 09:49 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\fveui.dll
2016-04-16 20:23 - 2016-03-29 09:48 - 00346624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2016-04-16 20:23 - 2016-03-29 09:44 - 00498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MessagingDataModel2.dll
2016-04-16 20:23 - 2016-03-29 09:43 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AccountsRt.dll
2016-04-16 20:23 - 2016-03-29 09:42 - 01410560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Http.dll
2016-04-16 20:23 - 2016-03-29 09:42 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-16 20:23 - 2016-03-29 09:41 - 00129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AboveLockAppHost.dll
2016-04-16 20:23 - 2016-03-29 09:40 - 00787456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.dll
2016-04-16 20:23 - 2016-03-29 09:39 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2016-04-16 20:23 - 2016-03-29 09:39 - 00496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-16 20:23 - 2016-03-29 09:39 - 00350720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredProvDataModel.dll
2016-04-16 20:23 - 2016-03-29 09:38 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2016-04-16 20:23 - 2016-03-29 09:36 - 03351040 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-04-16 20:23 - 2016-03-29 09:35 - 00354304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2016-04-16 20:23 - 2016-03-29 09:34 - 00784896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2016-04-16 20:23 - 2016-03-29 09:34 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2016-04-16 20:23 - 2016-03-29 09:34 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-16 20:23 - 2016-03-29 09:34 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2016-04-16 20:23 - 2016-03-29 09:32 - 01588224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-16 20:23 - 2016-03-29 09:32 - 00854528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-16 20:23 - 2016-03-29 09:32 - 00638464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2016-04-16 20:23 - 2016-03-29 09:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2016-04-16 20:23 - 2016-03-29 09:32 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2016-04-16 20:23 - 2016-03-29 09:32 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\dmcsps.dll
2016-04-16 20:23 - 2016-03-29 09:31 - 01117184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
2016-04-16 20:23 - 2016-03-29 09:31 - 00705536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-04-16 20:23 - 2016-03-29 09:29 - 00555520 _____ (Microsoft Corporation) C:\Windows\system32\SyncController.dll
2016-04-16 20:23 - 2016-03-29 09:29 - 00256000 _____ (Microsoft Corporation) C:\Windows\system32\accountaccessor.dll
2016-04-16 20:23 - 2016-03-29 09:28 - 00764928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2016-04-16 20:23 - 2016-03-29 09:27 - 07979008 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2016-04-16 20:23 - 2016-03-29 09:27 - 00162816 _____ C:\Windows\SysWOW64\MTF.dll
2016-04-16 20:23 - 2016-03-29 09:27 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-16 20:23 - 2016-03-29 09:27 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputLocaleManager.dll
2016-04-16 20:23 - 2016-03-29 09:23 - 00777728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
2016-04-16 20:23 - 2016-03-29 09:22 - 00638464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2016-04-16 20:23 - 2016-03-29 09:17 - 00765952 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-16 20:23 - 2016-03-29 09:14 - 01072128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.Http.dll
2016-04-16 20:23 - 2016-03-29 09:13 - 00592384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.dll
2016-04-16 20:23 - 2016-03-29 09:10 - 03671040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-04-16 20:23 - 2016-03-29 09:06 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2016-04-16 20:23 - 2016-03-29 09:05 - 00450560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncController.dll
2016-04-16 20:23 - 2016-03-29 09:05 - 00361472 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2016-04-16 20:23 - 2016-03-29 09:04 - 00848896 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-16 20:23 - 2016-03-29 09:04 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2016-04-16 20:23 - 2016-03-29 09:01 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-04-16 20:23 - 2016-03-29 09:00 - 06297088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-04-16 20:23 - 2016-03-29 08:58 - 01799680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-04-16 20:23 - 2016-03-29 08:45 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\ncbservice.dll
2016-04-16 20:23 - 2016-03-29 08:43 - 03428864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2016-04-16 20:23 - 2016-03-29 08:43 - 00521728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-16 20:23 - 2016-03-29 08:38 - 02798080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2016-04-16 20:23 - 2016-03-29 08:35 - 00821248 _____ (Microsoft Corporation) C:\Windows\system32\fvewiz.dll
2016-04-16 20:23 - 2016-03-29 08:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2016-04-16 20:23 - 2016-03-29 08:27 - 00794112 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2016-04-16 20:23 - 2016-03-29 08:26 - 00958976 _____ (Microsoft Corporation) C:\Windows\system32\RemoteNaturalLanguage.dll
2016-04-16 20:23 - 2016-03-29 08:26 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2016-04-16 20:23 - 2016-03-29 08:25 - 00712704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RemoteNaturalLanguage.dll
2016-04-16 20:23 - 2016-03-29 08:25 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2016-04-16 20:23 - 2016-03-29 08:21 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2016-04-16 20:23 - 2016-02-24 11:58 - 00794888 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-04-16 20:23 - 2016-02-24 11:54 - 00127840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-04-16 20:23 - 2016-02-24 11:51 - 01322248 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-16 20:23 - 2016-02-24 11:43 - 00625000 _____ (Microsoft Corporation) C:\Windows\system32\ClipSVC.dll
2016-04-16 20:23 - 2016-02-24 11:39 - 00141560 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2016-04-16 20:23 - 2016-02-24 11:19 - 00670928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-04-16 20:23 - 2016-02-24 11:14 - 00216416 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2016-04-16 20:23 - 2016-02-24 11:11 - 00957608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-16 20:23 - 2016-02-24 11:11 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2016-04-16 20:23 - 2016-02-24 11:11 - 00652392 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-04-16 20:23 - 2016-02-24 11:11 - 00394080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-04-16 20:23 - 2016-02-24 11:11 - 00258280 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll
2016-04-16 20:23 - 2016-02-24 11:09 - 00640472 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2016-04-16 20:23 - 2016-02-24 11:09 - 00147808 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2016-04-16 20:23 - 2016-02-24 10:39 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTypeHelperUtil.dll
2016-04-16 20:23 - 2016-02-24 10:39 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\ExtrasXmlParser.dll
2016-04-16 20:23 - 2016-02-24 10:38 - 00187744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2016-04-16 20:23 - 2016-02-24 10:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2016-04-16 20:23 - 2016-02-24 10:37 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\UserDataLanguageUtil.dll
2016-04-16 20:23 - 2016-02-24 10:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenanceClient.dll
2016-04-16 20:23 - 2016-02-24 10:35 - 00523752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-04-16 20:23 - 2016-02-24 10:35 - 00220064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqmapi.dll
2016-04-16 20:23 - 2016-02-24 10:33 - 00538736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2016-04-16 20:23 - 2016-02-24 10:33 - 00141664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2016-04-16 20:23 - 2016-02-24 10:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2016-04-16 20:23 - 2016-02-24 10:28 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\POSyncServices.dll
2016-04-16 20:23 - 2016-02-24 10:23 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-04-16 20:23 - 2016-02-24 10:23 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UserDataPlatformHelperUtil.dll
2016-04-16 20:23 - 2016-02-24 10:22 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\fwpolicyiomgr.dll
2016-04-16 20:23 - 2016-02-24 10:20 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\VCardParser.dll
2016-04-16 20:23 - 2016-02-24 10:19 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2016-04-16 20:23 - 2016-02-24 10:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-04-16 20:23 - 2016-02-24 10:14 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\ExSMime.dll
2016-04-16 20:23 - 2016-02-24 10:13 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentActivation.dll
2016-04-16 20:23 - 2016-02-24 10:12 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\cemapi.dll
2016-04-16 20:23 - 2016-02-24 10:12 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\PhoneCallHistoryApis.dll
2016-04-16 20:23 - 2016-02-24 10:10 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wpninprc.dll
2016-04-16 20:23 - 2016-02-24 10:09 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\UserDataAccountApis.dll
2016-04-16 20:23 - 2016-02-24 10:09 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\AppxSip.dll
2016-04-16 20:23 - 2016-02-24 10:07 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenance.dll
2016-04-16 20:23 - 2016-02-24 10:03 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-04-16 20:23 - 2016-02-24 10:02 - 00161280 _____ (Microsoft Corporation) C:\Windows\system32\CallHistoryClient.dll
2016-04-16 20:23 - 2016-02-24 10:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\AuthBroker.dll
2016-04-16 20:23 - 2016-02-24 10:01 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\profext.dll
2016-04-16 20:23 - 2016-02-24 10:00 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Scanners.dll
2016-04-16 20:23 - 2016-02-24 09:59 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Bluetooth.dll
2016-04-16 20:23 - 2016-02-24 09:59 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\vaultsvc.dll
2016-04-16 20:23 - 2016-02-24 09:59 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2016-04-16 20:23 - 2016-02-24 09:58 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\scapi.dll
2016-04-16 20:23 - 2016-02-24 09:55 - 00790528 _____ (Microsoft Corporation) C:\Windows\system32\EmailApis.dll
2016-04-16 20:23 - 2016-02-24 09:55 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\PackageStateRoaming.dll
2016-04-16 20:23 - 2016-02-24 09:55 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExtrasXmlParser.dll
2016-04-16 20:23 - 2016-02-24 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2016-04-16 20:23 - 2016-02-24 09:54 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\vaultcli.dll
2016-04-16 20:23 - 2016-02-24 09:54 - 00228352 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2016-04-16 20:23 - 2016-02-24 09:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTypeHelperUtil.dll
2016-04-16 20:23 - 2016-02-24 09:53 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2016-04-16 20:23 - 2016-02-24 09:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataLanguageUtil.dll
2016-04-16 20:23 - 2016-02-24 09:52 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2016-04-16 20:23 - 2016-02-24 09:52 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PimIndexMaintenanceClient.dll
2016-04-16 20:23 - 2016-02-24 09:49 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\ChatApis.dll
2016-04-16 20:23 - 2016-02-24 09:46 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2016-04-16 20:23 - 2016-02-24 09:44 - 00915456 _____ (Microsoft Corporation) C:\Windows\system32\configurationclient.dll
2016-04-16 20:23 - 2016-02-24 09:44 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentApis.dll
2016-04-16 20:23 - 2016-02-24 09:44 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\POSyncServices.dll
2016-04-16 20:23 - 2016-02-24 09:43 - 00286720 _____ (Microsoft Corporation) C:\Windows\system32\deviceaccess.dll
2016-04-16 20:23 - 2016-02-24 09:41 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2016-04-16 20:23 - 2016-02-24 09:41 - 00436736 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2016-04-16 20:23 - 2016-02-24 09:40 - 01224704 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2016-04-16 20:23 - 2016-02-24 09:40 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-04-16 20:23 - 2016-02-24 09:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataPlatformHelperUtil.dll
2016-04-16 20:23 - 2016-02-24 09:39 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwpolicyiomgr.dll
2016-04-16 20:23 - 2016-02-24 09:38 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VCardParser.dll
2016-04-16 20:23 - 2016-02-24 09:36 - 01847808 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe
2016-04-16 20:23 - 2016-02-24 09:32 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExSMime.dll
2016-04-16 20:23 - 2016-02-24 09:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentActivation.dll
2016-04-16 20:23 - 2016-02-24 09:31 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cemapi.dll
2016-04-16 20:23 - 2016-02-24 09:31 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhoneCallHistoryApis.dll
2016-04-16 20:23 - 2016-02-24 09:28 - 00870912 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2016-04-16 20:23 - 2016-02-24 09:28 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataAccountApis.dll
2016-04-16 20:23 - 2016-02-24 09:28 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxSip.dll
2016-04-16 20:23 - 2016-02-24 09:25 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\sharemediacpl.dll
2016-04-16 20:23 - 2016-02-24 09:23 - 00129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CallHistoryClient.dll
2016-04-16 20:23 - 2016-02-24 09:22 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\profext.dll
2016-04-16 20:23 - 2016-02-24 09:21 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll
2016-04-16 20:23 - 2016-02-24 09:21 - 00168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Scanners.dll
2016-04-16 20:23 - 2016-02-24 09:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EmailApis.dll
2016-04-16 20:23 - 2016-02-24 09:18 - 00184832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PackageStateRoaming.dll
2016-04-16 20:23 - 2016-02-24 09:17 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2016-04-16 20:23 - 2016-02-24 09:16 - 00394752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2016-04-16 20:23 - 2016-02-24 09:13 - 00540160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ChatApis.dll
2016-04-16 20:23 - 2016-02-24 09:09 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentApis.dll
2016-04-16 20:23 - 2016-02-24 09:09 - 00228352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\deviceaccess.dll
2016-04-16 20:23 - 2016-02-24 09:07 - 00890368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2016-04-16 20:23 - 2016-02-24 09:07 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2016-04-16 20:23 - 2016-02-24 09:04 - 01497088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPDMC.exe
2016-04-16 20:23 - 2016-02-24 09:03 - 00769536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContactApis.dll
2016-04-16 20:23 - 2016-02-24 08:43 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\fwbase.dll
2016-04-16 20:23 - 2016-02-24 08:22 - 00163328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwbase.dll
2016-04-16 20:23 - 2016-02-23 14:25 - 00563552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2016-04-16 20:23 - 2016-02-23 14:15 - 00779384 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2016-04-16 20:23 - 2016-02-23 13:33 - 00389992 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2016-04-16 20:23 - 2016-02-23 13:32 - 00498448 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2016-04-16 20:23 - 2016-02-23 13:31 - 00476728 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2016-04-16 20:23 - 2016-02-23 13:22 - 00572272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2016-04-16 20:23 - 2016-02-23 13:17 - 00146272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-16 20:23 - 2016-02-23 12:40 - 00430944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-16 20:23 - 2016-02-23 12:38 - 00450912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2016-04-16 20:23 - 2016-02-23 12:38 - 00420928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2016-04-16 20:23 - 2016-02-23 12:32 - 00791744 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-16 20:23 - 2016-02-23 12:27 - 00376536 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.MediaControl.dll
2016-04-16 20:23 - 2016-02-23 12:25 - 00534368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2016-04-16 20:23 - 2016-02-23 12:20 - 00238592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xboxgip.sys
2016-04-16 20:23 - 2016-02-23 12:12 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\provpackageapidll.dll
2016-04-16 20:23 - 2016-02-23 12:10 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\WiFiConfigSP.dll
2016-04-16 20:23 - 2016-02-23 12:07 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2016-04-16 20:23 - 2016-02-23 12:07 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\wlansvcpal.dll
2016-04-16 20:23 - 2016-02-23 12:06 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\flvprophandler.dll
2016-04-16 20:23 - 2016-02-23 12:01 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2016-04-16 20:23 - 2016-02-23 12:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-04-16 20:23 - 2016-02-23 12:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wfdprov.dll
2016-04-16 20:23 - 2016-02-23 11:58 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\irmon.dll
2016-04-16 20:23 - 2016-02-23 11:55 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys
2016-04-16 20:23 - 2016-02-23 11:53 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\srpapi.dll
2016-04-16 20:23 - 2016-02-23 11:52 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\MDMAppInstaller.exe
2016-04-16 20:23 - 2016-02-23 11:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2016-04-16 20:23 - 2016-02-23 11:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\TimeBrokerClient.dll
2016-04-16 20:23 - 2016-02-23 11:40 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SMSRouter.dll
2016-04-16 20:23 - 2016-02-23 11:39 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2016-04-16 20:23 - 2016-02-23 11:38 - 00320000 _____ (Microsoft Corporation) C:\Windows\system32\MSFlacDecoder.dll
2016-04-16 20:23 - 2016-02-23 11:38 - 00287712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.MediaControl.dll
2016-04-16 20:23 - 2016-02-23 11:36 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\QuickActionsDataModel.dll
2016-04-16 20:23 - 2016-02-23 11:34 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\wifiprofilessettinghandler.dll
2016-04-16 20:23 - 2016-02-23 11:34 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2016-04-16 20:23 - 2016-02-23 11:33 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
2016-04-16 20:23 - 2016-02-23 11:31 - 00463360 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2016-04-16 20:23 - 2016-02-23 11:27 - 00307712 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
2016-04-16 20:23 - 2016-02-23 11:26 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe
2016-04-16 20:23 - 2016-02-23 11:23 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2016-04-16 20:23 - 2016-02-23 11:22 - 00567808 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2016-04-16 20:23 - 2016-02-23 11:20 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2016-04-16 20:23 - 2016-02-23 11:20 - 00606720 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2016-04-16 20:23 - 2016-02-23 11:20 - 00493568 _____ (Microsoft Corporation) C:\Windows\system32\mfmkvsrcsnk.dll
2016-04-16 20:23 - 2016-02-23 11:19 - 00517632 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2016-04-16 20:23 - 2016-02-23 11:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2016-04-16 20:23 - 2016-02-23 11:09 - 00870400 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2016-04-16 20:23 - 2016-02-23 11:04 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2016-04-16 20:23 - 2016-02-23 11:04 - 00382464 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2016-04-16 20:23 - 2016-02-23 11:02 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2016-04-16 20:23 - 2016-02-23 11:02 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-16 20:23 - 2016-02-23 10:58 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\TimeBrokerServer.dll
2016-04-16 20:23 - 2016-02-23 10:57 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TimeBrokerClient.dll
2016-04-16 20:23 - 2016-02-23 10:50 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSFlacDecoder.dll
2016-04-16 20:23 - 2016-02-23 10:48 - 00838144 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2016-04-16 20:23 - 2016-02-23 10:47 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WiFiDisplay.dll
2016-04-16 20:23 - 2016-02-23 10:38 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2016-04-16 20:23 - 2016-02-23 10:37 - 00613376 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2016-04-16 20:23 - 2016-02-23 10:36 - 00713728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2016-04-16 20:23 - 2016-02-23 10:36 - 00379392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmkvsrcsnk.dll
2016-04-16 20:23 - 2016-02-23 10:35 - 00400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2016-04-16 20:23 - 2016-02-23 10:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2016-04-16 20:23 - 2016-02-23 10:05 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2016-04-16 20:23 - 2016-02-23 10:01 - 02295808 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2016-04-16 20:23 - 2016-02-23 09:51 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2016-04-16 20:23 - 2016-02-09 06:18 - 00297472 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
2016-04-16 20:23 - 2016-02-09 06:18 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2016-04-16 20:23 - 2016-02-09 06:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe
2016-04-16 20:22 - 2016-04-16 20:29 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-16 20:22 - 2016-04-16 20:22 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-04-16 20:22 - 2015-11-27 14:27 - 00121488 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-04-16 20:22 - 2015-11-27 14:27 - 00113808 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-04-16 20:22 - 2015-11-05 14:49 - 06875768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-04-16 20:22 - 2015-11-05 14:49 - 03496752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-04-16 20:22 - 2015-11-05 14:49 - 02558768 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-04-16 20:22 - 2015-11-05 14:49 - 01255544 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-04-16 20:22 - 2015-11-05 14:49 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-04-16 20:22 - 2015-11-05 14:49 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-04-16 20:22 - 2015-11-05 14:38 - 00572536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-04-16 20:22 - 2015-10-28 11:17 - 06027430 _____ C:\Windows\system32\nvcoproc.bin
2016-04-16 20:21 - 2016-04-16 20:22 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-04-16 20:21 - 2016-04-14 02:45 - 00453280 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-16 20:17 - 2016-04-16 20:22 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-04-16 19:11 - 2016-04-16 19:11 - 00000000 ____D C:\Users\uue\AppData\Local\Comms
2016-04-16 16:58 - 2016-04-16 16:01 - 00000000 ____D C:\Windows\Panther
2016-04-16 16:07 - 2016-04-16 20:36 - 01295642 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-16 16:07 - 2016-04-16 16:07 - 00002352 _____ C:\Users\uue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-16 16:07 - 2016-04-16 16:07 - 00000000 ___RD C:\Users\uue\OneDrive
2016-04-16 16:05 - 2016-04-17 15:55 - 00000000 ____D C:\Users\uue
2016-04-16 16:05 - 2016-04-16 20:48 - 00000000 ____D C:\Users\uue\AppData\Local\Packages
2016-04-16 16:05 - 2016-04-16 16:05 - 00000020 ___SH C:\Users\uue\ntuser.ini
2016-04-16 16:05 - 2016-04-16 16:05 - 00000000 _SHDL C:\Users\uue\Verkkoympäristö
2016-04-16 16:05 - 2016-04-16 16:05 - 00000000 _SHDL C:\Users\uue\Tulostinympäristö
2016-04-16 16:05 - 2016-04-16 16:05 - 00000000 _SHDL C:\Users\uue\Omat tiedostot
2016-04-16 16:05 - 2016-04-16 16:05 - 00000000 _SHDL C:\Users\uue\Mallit
2016-04-16 16:05 - 2016-04-16 16:05 - 00000000 _SHDL C:\Users\uue\Käynnistä-valikko
2016-04-16 16:05 - 2016-04-16 16:05 - 00000000 _SHDL C:\Users\uue\Documents\Omat videotiedostot
2016-04-16 16:05 - 2016-04-16 16:05 - 00000000 _SHDL C:\Users\uue\Documents\Omat musiikkitiedostot
2016-04-16 16:05 - 2016-04-16 16:05 - 00000000 _SHDL C:\Users\uue\Documents\Omat kuvatiedostot
2016-04-16 16:05 - 2016-04-16 16:05 - 00000000 _SHDL C:\Users\uue\AppData\Roaming\Microsoft\Windows\Start Menu\Ohjelmat
2016-04-16 16:05 - 2016-04-16 16:05 - 00000000 ____D C:\Users\uue\AppData\Roaming\Adobe
2016-04-16 16:05 - 2016-04-16 16:05 - 00000000 ____D C:\Users\uue\AppData\Local\VirtualStore
2016-04-16 16:05 - 2016-04-16 16:05 - 00000000 ____D C:\Users\uue\AppData\Local\TileDataLayer
2016-04-16 16:05 - 2016-04-16 16:05 - 00000000 ____D C:\Users\uue\AppData\Local\Publishers
2016-04-16 16:05 - 2016-04-16 16:05 - 00000000 ____D C:\Users\uue\AppData\Local\ActiveSync
2016-04-16 16:03 - 2016-04-16 16:03 - 00000000 _SHDL C:\Users\Public\Documents\Omat videotiedostot
2016-04-16 16:03 - 2016-04-16 16:03 - 00000000 _SHDL C:\Users\Public\Documents\Omat musiikkitiedostot
2016-04-16 16:03 - 2016-04-16 16:03 - 00000000 _SHDL C:\Users\Public\Documents\Omat kuvatiedostot
2016-04-16 16:03 - 2016-04-16 16:03 - 00000000 _SHDL C:\Users\Default\Verkkoympäristö
2016-04-16 16:03 - 2016-04-16 16:03 - 00000000 _SHDL C:\Users\Default\Tulostinympäristö
2016-04-16 16:03 - 2016-04-16 16:03 - 00000000 _SHDL C:\Users\Default\Omat tiedostot
2016-04-16 16:03 - 2016-04-16 16:03 - 00000000 _SHDL C:\Users\Default\Mallit
2016-04-16 16:03 - 2016-04-16 16:03 - 00000000 _SHDL C:\Users\Default\Käynnistä-valikko
2016-04-16 16:03 - 2016-04-16 16:03 - 00000000 _SHDL C:\Users\Default\Documents\Omat videotiedostot
2016-04-16 16:03 - 2016-04-16 16:03 - 00000000 _SHDL C:\Users\Default\Documents\Omat musiikkitiedostot
2016-04-16 16:03 - 2016-04-16 16:03 - 00000000 _SHDL C:\Users\Default\Documents\Omat kuvatiedostot
2016-04-16 16:03 - 2016-04-16 16:03 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Ohjelmat
2016-04-16 16:03 - 2016-04-16 16:03 - 00000000 _SHDL C:\Users\Default User\Documents\Omat videotiedostot
2016-04-16 16:03 - 2016-04-16 16:03 - 00000000 _SHDL C:\Users\Default User\Documents\Omat musiikkitiedostot
2016-04-16 16:03 - 2016-04-16 16:03 - 00000000 _SHDL C:\Users\Default User\Documents\Omat kuvatiedostot
2016-04-16 16:03 - 2016-04-16 16:03 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Ohjelmat
2016-04-16 16:03 - 2016-04-16 16:03 - 00000000 _SHDL C:\ProgramData\Työpöytä
2016-04-16 16:03 - 2016-04-16 16:03 - 00000000 _SHDL C:\ProgramData\Tiedostot
2016-04-16 16:03 - 2016-04-16 16:03 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Ohjelmat
2016-04-16 16:03 - 2016-04-16 16:03 - 00000000 _SHDL C:\ProgramData\Mallit
2016-04-16 16:03 - 2016-04-16 16:03 - 00000000 _SHDL C:\ProgramData\Käynnistä-valikko
2016-04-16 16:03 - 2016-04-16 16:03 - 00000000 _SHDL C:\Program Files\Common Files\Järjestelmä
2016-04-16 16:03 - 2016-04-16 16:03 - 00000000 _SHDL C:\Documents and Settings
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-17 16:14 - 2015-10-30 10:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-17 16:14 - 2015-10-30 10:24 - 00000000 ____D C:\Windows\AppReadiness
2016-04-16 20:41 - 2015-10-30 10:21 - 00000000 ____D C:\Windows\INF
2016-04-16 20:36 - 2016-02-13 19:59 - 00400362 _____ C:\Windows\system32\perfh00B.dat
2016-04-16 20:36 - 2016-02-13 19:59 - 00073606 _____ C:\Windows\system32\perfc00B.dat
2016-04-16 20:30 - 2016-02-13 20:30 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-04-16 20:29 - 2016-02-13 20:25 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-16 20:29 - 2016-02-13 10:22 - 00194224 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-16 20:28 - 2015-10-30 09:28 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-04-16 20:28 - 2015-10-30 09:28 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-04-16 20:27 - 2016-02-13 20:12 - 00000000 ____D C:\Program Files\Windows Journal
2016-04-16 20:27 - 2015-10-30 10:24 - 00000000 __RSD C:\Windows\Media
2016-04-16 20:27 - 2015-10-30 10:24 - 00000000 ___RD C:\Windows\PurchaseDialog
2016-04-16 20:27 - 2015-10-30 10:24 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-04-16 20:27 - 2015-10-30 10:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2016-04-16 20:27 - 2015-10-30 10:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-16 20:27 - 2015-10-30 10:24 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-04-16 20:27 - 2015-10-30 10:24 - 00000000 ____D C:\Windows\bcastdvr
2016-04-16 20:27 - 2015-10-30 10:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-04-16 20:27 - 2015-10-30 10:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-04-16 20:27 - 2015-10-30 10:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-04-16 20:27 - 2015-10-30 10:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-04-16 20:27 - 2015-10-30 09:28 - 00000000 ____D C:\Windows\system32\Dism
2016-04-16 20:26 - 2015-10-30 10:11 - 00000000 ____D C:\Windows\CbsTemp
2016-04-16 20:22 - 2015-10-30 10:24 - 00000000 ____D C:\Windows\Help
2016-04-16 16:58 - 2015-10-30 10:24 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-04-16 16:04 - 2015-10-30 10:24 - 00000000 ____D C:\Windows\rescache
2016-04-16 16:03 - 2015-10-30 10:24 - 00000000 ____D C:\Program Files\Windows NT
2016-04-16 16:01 - 2015-10-30 09:28 - 00000000 ____D C:\Windows\system32\Sysprep
2016-04-06 21:32 - 2015-10-30 10:26 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-06 21:32 - 2015-10-30 10:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
Some files in TEMP:
====================
C:\Users\uue\AppData\Local\Temp\bdfilters.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-16 15:59
 
==================== End of FRST.txt ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-04-2016
Ran by uue (2016-04-17 16:15:46)
Running from C:\Users\uue\Desktop
Windows 10 Home Version 1511 (X64) (2016-04-16 13:03:36)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
DefaultAccount (S-1-5-21-570155457-1763276045-3915574387-503 - Limited - Disabled)
Järjestelmänvalvoja (S-1-5-21-570155457-1763276045-3915574387-500 - Administrator - Disabled)
uue (S-1-5-21-570155457-1763276045-3915574387-1001 - Administrator - Enabled) => C:\Users\uue
Vieras (S-1-5-21-570155457-1763276045-3915574387-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Active@ Partition Manager 5 (HKLM\...\{FE2483C5-A90C-401D-967F-023A9C3CAAAF}_is1) (Version: 5 - LSoft Technologies Inc)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.0.4.1035 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.75 - Google Inc.)
Malwarebytes Anti-Malware versio 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
NVIDIA 3D Vision -ohjain 354.45 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 354.45 - NVIDIA Corporation)
NVIDIA Grafiikkaohjain 354.45 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 354.45 - NVIDIA Corporation)
NVIDIA HD-ääniohjain 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA-päivitykset 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {58D1514B-6084-4E9B-91A6-C32FFC9DC0D0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
Task: {77C0CBE2-6909-406D-AB1A-98F9D4D6420E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 10:18 - 2015-10-30 10:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-04-16 20:22 - 2015-11-05 14:49 - 00126072 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-16 20:24 - 2016-03-29 13:20 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-04-16 20:24 - 2016-03-29 13:20 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-02-13 20:02 - 2016-02-13 20:02 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-16 20:23 - 2016-04-02 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-16 20:23 - 2016-04-02 06:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-16 20:23 - 2016-04-02 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-16 20:24 - 2016-04-02 05:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-16 20:24 - 2016-04-02 06:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-17 16:14 - 2016-04-17 16:14 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-17 04:41 - 2016-03-11 03:56 - 00783360 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-04-17 04:41 - 2015-07-03 19:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-04-17 04:41 - 2016-03-31 23:55 - 02549840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-04-17 04:41 - 2015-07-03 19:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-04-17 04:41 - 2015-07-03 19:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-04-17 04:41 - 2016-02-09 02:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-04-17 04:41 - 2016-02-09 02:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-04-17 04:41 - 2016-02-09 02:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-04-17 04:41 - 2016-02-09 02:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-04-17 04:41 - 2016-02-09 02:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-04-17 04:41 - 2016-03-31 23:55 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-04-17 04:41 - 2016-02-18 01:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-04-17 04:41 - 2016-02-09 04:33 - 48400672 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-04-17 16:14 - 2016-04-17 16:14 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-17 16:14 - 2016-04-17 16:14 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 10:24 - 2015-10-30 10:21 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-570155457-1763276045-3915574387-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 62.145.169.130 - 213.145.216.231
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{649E3250-00B8-466F-B16E-834BE07BF3C6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DC80C66D-6181-47CA-B930-C1B48432E28D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{20945E5E-785E-40D8-B93B-BA1478975DF8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7CC38468-A535-4C0B-8EAC-4915EF05ED16}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0151AC4D-3162-4F9F-A53D-EE6DCD2B1E7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{37C38FA6-809F-41A9-A70C-B856CC68A6FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C6665CBE-C9AA-4DBB-B605-E7129FC0BA04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{52AB7951-25BF-4D33-A6FF-4215993573D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{9D2766DB-527C-4553-8132-E8D8B4943EBB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/16/2016 08:20:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-NOUD51E)
Description: Sovelluksen Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 aktivointi epäonnistui, virhe: -2147009280. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa.
 
Error: (04/16/2016 08:19:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-NOUD51E)
Description: Sovelluksen Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App aktivointi epäonnistui, virhe: -2147024770. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa.
 
Error: (04/16/2016 08:13:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-NOUD51E)
Description: Sovelluksen Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App aktivointi epäonnistui, virhe: -2147024770. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa.
 
Error: (04/16/2016 08:07:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-NOUD51E)
Description: Sovelluksen Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App aktivointi epäonnistui, virhe: -2147024770. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa.
 
Error: (04/16/2016 07:13:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-NOUD51E)
Description: Sovelluksen Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App aktivointi epäonnistui, virhe: -2147024770. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa.
 
Error: (04/16/2016 07:13:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-NOUD51E)
Description: Sovelluksen Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App aktivointi epäonnistui, virhe: -2147024770. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa.
 
Error: (04/16/2016 07:11:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-NOUD51E)
Description: Sovelluksen Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App aktivointi epäonnistui, virhe: -2147024770. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa.
 
Error: (04/16/2016 04:05:15 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Käyttöoikeuden aktivointi (Slui.exe) epäonnistui, virhekoodi: 
hr=0xD0000272
Komentoriviargumentit:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
 
Error: (04/16/2016 04:04:34 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Käyttöoikeuden aktivointi (Slui.exe) epäonnistui, virhekoodi: 
hr=0xD0000272
Komentoriviargumentit:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
 
System errors:
=============
Error: (04/17/2016 04:09:22 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-NOUD51E)
Description: tietokoneen oletusarvoPaikallinenAktivointi{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-NOUD51EuueS-1-5-21-570155457-1763276045-3915574387-1001LocalHost (LRPC käytössä)Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewyS-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795
 
Error: (04/17/2016 03:55:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Palvelu Käyttäjätietojen käyttöoikeudet_1b883fa on päättynyt odottamatta. Tämä on tapahtunut 1 kertaa. 10000 millisekunnin kuluttua suoritetaan seuraava korjaustoimi: Käynnistä palvelu uudelleen.
 
Error: (04/17/2016 03:55:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Palvelu Käyttäjätietosäilö_1b883fa on päättynyt odottamatta. Tämä on tapahtunut 1 kertaa. 10000 millisekunnin kuluttua suoritetaan seuraava korjaustoimi: Käynnistä palvelu uudelleen.
 
Error: (04/17/2016 03:55:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Palvelu Yhteystiedot_1b883fa on päättynyt odottamatta. Tämä on tapahtunut 1 kertaa. 10000 millisekunnin kuluttua suoritetaan seuraava korjaustoimi: Käynnistä palvelu uudelleen.
 
Error: (04/17/2016 03:55:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Palvelu Synkronoi isäntä_1b883fa on päättynyt odottamatta. Tämä on tapahtunut 1 kertaa. 10000 millisekunnin kuluttua suoritetaan seuraava korjaustoimi: Käynnistä palvelu uudelleen.
 
Error: (04/17/2016 03:55:22 PM) (Source: DCOM) (EventID: 10016) (User: NT-hallinta)
Description: sovelluskohtainenPaikallinenAktivointi{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-hallintaSYSTEMS-1-5-18LocalHost (LRPC käytössä)Ei käytettävissäEi käytettävissä
 
Error: (04/17/2016 05:20:18 AM) (Source: DCOM) (EventID: 10016) (User: NT-hallinta)
Description: sovelluskohtainenPaikallinenAktivointi{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-hallintaSYSTEMS-1-5-18LocalHost (LRPC käytössä)Ei käytettävissäEi käytettävissä
 
Error: (04/17/2016 04:43:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Palvelua Steam Client Service ei voi käynnistää. Virhekoodi on 
%%1053
 
Error: (04/17/2016 04:43:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Aikakatkaisu (30000 millisekuntia) odotettaessa Steam Client Service-palvelun yhteyden muodostusta.
 
Error: (04/17/2016 04:40:14 AM) (Source: DCOM) (EventID: 10016) (User: NT-hallinta)
Description: sovelluskohtainenPaikallinenAktivointi{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-hallintaSYSTEMS-1-5-18LocalHost (LRPC käytössä)Ei käytettävissäEi käytettävissä
 
 
CodeIntegrity:
===================================
  Date: 2016-04-16 20:30:17.799
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 22%
Total physical RAM: 8156.88 MB
Available physical RAM: 6358.89 MB
Total Virtual: 10076.88 MB
Available Virtual: 8227.37 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.02 GB) (Free:881.95 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 626365BC)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
 
 
 
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2016.04.17.03
  rootkit: v2016.04.09.01
 
Windows 10 x64 NTFS
Internet Explorer 11.212.10586.0
uue :: DESKTOP-NOUD51E [administrator]
 
17.4.2016 16.21.00
mbar-log-2016-04-17 (16-21-00).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 355415
Time elapsed: 7 minute(s), 21 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.212.10586.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.392000 GHz
Memory total: 8553107456, free: 6674325504
 
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.212.10586.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.392000 GHz
Memory total: 8553107456, free: 6464159744
 
Downloaded database version: v2016.04.17.03
Downloaded database version: v2016.04.09.01
Downloaded database version: v2016.04.12.01
=======================================
Initializing...
------------ Kernel report ------------
     04/17/2016 16:20:54
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\HdAudio.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\pwdrvio.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\cdd.dll
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\??\C:\Windows\system32\drivers\mwac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2016.04.17.03
  rootkit: v2016.04.09.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe0014e18b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe0014e04db10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe0014e18b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe0014cf21060, DeviceName: \Device\0000002f\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 626365BC
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1024000
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1026048  Numsec = 1952495616
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffe0014e8b3060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe0014e8f2b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe0014e8b3060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffe0014e8edb10, DeviceName: \Device\00000045\, DriverName: \Driver\USBSTOR\
------------ End ----------
File "C:\Users\uue\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
Scan finished
=======================================
 
 
 
 


#5 garrys1

garrys1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 19 April 2016 - 11:46 AM

Hey are u helping me ? 



#6 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:12:32 PM

Posted 19 April 2016 - 03:12 PM

Sorry for the delay in replying to you; family emergency.

 

Your logs look clean and the space at the end of the disk is a normal occurance whenever a disk is formatted.  This is due to a limitation of sector size and amount of space allocated to each partition.  ( See here and here for more information on this issue.)

 

However, if you want to have one more check for a bootkit / rootkit, TDDSkiller is an excellent scanner for that check (along with MBAR which you already ran).

 

Download the latest version of TDSSKiller from here and save it to your Desktop.


Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

 

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

TDSSKiller_options2015-01-10_zpse37afaba

 

Click the Start Scan button.

tdss_3.jpg

If a suspicious object is detected, the default action will be Skip, click on Continue.

tdss_4.jpg

If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

tdss_5.jpg

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
 


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#7 garrys1

garrys1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 19 April 2016 - 04:19 PM

here 

 

23:18:36.0258 0x164c  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12

23:18:38.0305 0x164c  ============================================================
23:18:38.0305 0x164c  Current date / time: 2016/04/19 23:18:38.0305
23:18:38.0305 0x164c  SystemInfo:
23:18:38.0305 0x164c  
23:18:38.0305 0x164c  OS Version: 10.0.10586 ServicePack: 0.0
23:18:38.0305 0x164c  Product type: Workstation
23:18:38.0305 0x164c  ComputerName: DESKTOP-NOUD51E
23:18:38.0305 0x164c  UserName: uue
23:18:38.0305 0x164c  Windows directory: C:\Windows
23:18:38.0305 0x164c  System windows directory: C:\Windows
23:18:38.0305 0x164c  Running under WOW64
23:18:38.0305 0x164c  Processor architecture: Intel x64
23:18:38.0305 0x164c  Number of processors: 8
23:18:38.0305 0x164c  Page size: 0x1000
23:18:38.0305 0x164c  Boot type: Normal boot
23:18:38.0305 0x164c  ============================================================
23:18:38.0555 0x164c  KLMD registered as C:\Windows\system32\drivers\47408513.sys
23:18:39.0211 0x164c  System UUID: {4E65C4BE-3833-3AC0-9280-D3B2C28F3F48}
23:18:39.0774 0x164c  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:18:40.0165 0x164c  ============================================================
23:18:40.0165 0x164c  \Device\Harddisk0\DR0:
23:18:40.0165 0x164c  MBR partitions:
23:18:40.0165 0x164c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xFA000
23:18:40.0165 0x164c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFA800, BlocksNum 0x7460B800
23:18:40.0165 0x164c  ============================================================
23:18:40.0196 0x164c  C: <-> \Device\Harddisk0\DR0\Partition2
23:18:40.0196 0x164c  ============================================================
23:18:40.0196 0x164c  Initialize success
23:18:40.0196 0x164c  ============================================================
23:18:46.0239 0x0eb4  ============================================================
23:18:46.0255 0x0eb4  Scan started
23:18:46.0255 0x0eb4  Mode: Manual; SigCheck; TDLFS; 
23:18:46.0255 0x0eb4  ============================================================
23:18:46.0255 0x0eb4  KSN ping started
23:18:48.0600 0x0eb4  KSN ping finished: true
23:18:50.0147 0x0eb4  ================ Scan system memory ========================
23:18:50.0147 0x0eb4  System memory - ok
23:18:50.0147 0x0eb4  ================ Scan services =============================
23:18:50.0272 0x0eb4  [ DF1C3D7E6C7929AD83BE22852B5B08CB, 9ECF6211CCD30273A23247E87C31B3A2ACDA623133CEF6E9B3243463C0609C5F ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
23:18:50.0334 0x0eb4  1394ohci - ok
23:18:50.0350 0x0eb4  [ 2C5B3035B86770ADD2FE9BFBAF5B35A4, 19E16F9144FE3E33B5FF248CF0040AB079ACAE22290B1369CC72AE4CB5FE3A90 ] 3ware           C:\Windows\system32\drivers\3ware.sys
23:18:50.0366 0x0eb4  3ware - ok
23:18:50.0381 0x0eb4  [ 469441BAE3FF8A16826FC62C51EF5E18, E1204677B87F47222D05F670F8DF3DB65EA0881782A8DCFBE0103478ED71187C ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:18:50.0413 0x0eb4  ACPI - ok
23:18:50.0413 0x0eb4  [ 7EADED8087C392876521F7EBCE846EF4, 99BF1BD948F97C1ECBC049C7F949B71D73D0B41FB505B2F75B208E655F7DC8A3 ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
23:18:50.0428 0x0eb4  acpiex - ok
23:18:50.0428 0x0eb4  [ C498887123327CDFD73A05E7A2780920, B45392C46254FCB8D79B6C3A82C8D894063199E6167D8E5F7EA7D60C75CD16EA ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
23:18:50.0444 0x0eb4  acpipagr - ok
23:18:50.0459 0x0eb4  [ C8DBE6EFFCF014CAA010B9BDDAC833EC, 96FC29340C62A6B0910DCCBF8945F32089FC300F45B451A540B8854D53734298 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
23:18:50.0491 0x0eb4  AcpiPmi - ok
23:18:50.0506 0x0eb4  [ 17039DBEB3B7B9ADCDB4B4533AA9771F, A4D38B144639A20B8B31E4F35FB776A028DB502FAC849FC73EECEB3CCD91830B ] acpitime        C:\Windows\System32\drivers\acpitime.sys
23:18:50.0538 0x0eb4  acpitime - ok
23:18:50.0584 0x0eb4  [ F7D0CD345D2DA42E7042ABCD73662403, 03183F90A994D69066F15C3DFC1D7D7514AEAF46A5AAC059B1FB327F8C30A35C ] ADP80XX         C:\Windows\system32\drivers\ADP80XX.SYS
23:18:50.0631 0x0eb4  ADP80XX - ok
23:18:50.0663 0x0eb4  [ 70148EFA9A562E7185B75BBE7D376BF7, 8200E3349A1AFA1040B3D956A17BAF3CDC784A1A3CA396125E7872B36C03D84A ] AFD             C:\Windows\system32\drivers\afd.sys
23:18:50.0678 0x0eb4  AFD - ok
23:18:50.0694 0x0eb4  [ 870F1A2C936F92B5D053DF7EC75B352F, D617524FD5886D6D3BC2EFBBB5EA310E906454CD7CA7257C3D7BDEA8C4F2DA71 ] agp440          C:\Windows\system32\drivers\agp440.sys
23:18:50.0694 0x0eb4  agp440 - ok
23:18:50.0709 0x0eb4  [ 3DF7751D5DC6525E7DC6617FBB45054F, 8E6D4C809DB3B66E7558C4829E01F5C227EE614AC82F33FD99DCC629770D1BE3 ] ahcache         C:\Windows\system32\DRIVERS\ahcache.sys
23:18:50.0756 0x0eb4  ahcache - ok
23:18:50.0788 0x0eb4  [ 19707ECBCEA71080A85DB2336580DB39, A09AE69C9DE2F3765417F212453B6927C317A94801AE68FBA6A8E8A7CB16CED7 ] AJRouter        C:\Windows\System32\AJRouter.dll
23:18:50.0803 0x0eb4  AJRouter - ok
23:18:50.0819 0x0eb4  [ AA91A5E156D0364ABA7B01658C2EB014, F61055D581745023939C741CAB3370074D1416BB5A0BE0BD47642D5A75669E12 ] ALG             C:\Windows\System32\alg.exe
23:18:50.0866 0x0eb4  ALG - ok
23:18:50.0866 0x0eb4  [ B70F0F2F54B4A4DB6E9C830454752F5A, C882DEAC30812E5FA4479A8CB688603C6AF269EF08236688F4C5E7EBED1D4572 ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
23:18:50.0881 0x0eb4  AmdK8 - ok
23:18:50.0897 0x0eb4  [ 35E890482C9728DD5C552B85DA8A5AB2, 1E0EB7D902AB4C38E23CAFC0BEA250E7F6E180E8814385B4F29730BFC373A191 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
23:18:50.0913 0x0eb4  AmdPPM - ok
23:18:50.0913 0x0eb4  [ 5B30BCFE6E02E45D3EE268FF001BC5E0, 9901DB728885CE36911F79998629B2DD42D56AF9633B5277834F498CC59B0346 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:18:50.0928 0x0eb4  amdsata - ok
23:18:50.0928 0x0eb4  [ F20B30F35A5C7888441B4DCA001ECF8E, 695A5BC1F18B65992EB06A202AD3CBFA17228E76DDFD1AE6977FD315724F75C2 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
23:18:50.0944 0x0eb4  amdsbs - ok
23:18:50.0959 0x0eb4  [ AFE838D7576C581D6483529621AB10CC, 14476A04CC64E7A0F1BBFDACCBD7A87F384BE1877C27656DBB973AF3975D4AE2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:18:50.0959 0x0eb4  amdxata - ok
23:18:51.0006 0x0eb4  [ EDDB0D726DBECDFC1DBCC6DB464E5A13, 98D128D1E6FA270ED9ADBFE50078F68A794C00D4CBB86E28EC6161FFAD0CA8FF ] AppID           C:\Windows\system32\drivers\appid.sys
23:18:51.0006 0x0eb4  AppID - ok
23:18:51.0022 0x0eb4  [ 7A55F9237F726D1667073A47B0D1B90F, 7C2D9AA84F1D4CC6C1FAF6848DF9479A534E01029C4387E8C0647745F1E74603 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:18:51.0069 0x0eb4  AppIDSvc - ok
23:18:51.0084 0x0eb4  [ 56E219DF92BE16F62308F884739BE022, FE189EE8A52BC5A0E6B76C632021F84F60307A182F2A67C0C0C7CAA72DEFC723 ] Appinfo         C:\Windows\System32\appinfo.dll
23:18:51.0100 0x0eb4  Appinfo - ok
23:18:51.0116 0x0eb4  [ 610499A73DF3599608EBB6B3F9929052, A9CA49C4A39A825916AB3791090BCFC7044FDB6B2C3538E01F0CFBC2A9931152 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
23:18:51.0178 0x0eb4  AppReadiness - ok
23:18:51.0241 0x0eb4  [ 0F3C165B71F8140F50A1DB5DE3E6D695, 7AD0F130088B3A964739C3194CF09E79B6B5D761B064071B9AC11D9B65F5D523 ] AppXSvc         C:\Windows\system32\appxdeploymentserver.dll
23:18:51.0319 0x0eb4  AppXSvc - ok
23:18:51.0319 0x0eb4  [ E3FE8F610B1CC12BC3B2E6BC43DC97E2, 0E18542CF2095A9ADA1759AB8F986E78B0A50A3C6B2AD4EACD80A23D832A2C6D ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:18:51.0335 0x0eb4  arcsas - ok
23:18:51.0350 0x0eb4  [ 5E00748A1AD246CAECBBB7553BED36CC, DAD2C93F0894E7BB5E5D8D767D8286A909086B49172C504A01097C3A180998C6 ] AsyncMac        C:\Windows\System32\drivers\asyncmac.sys
23:18:51.0397 0x0eb4  AsyncMac - ok
23:18:51.0413 0x0eb4  [ 492B99D2E3D5D7BFD5F0AE1BE7BD37DD, A3F6BFC4FDC1933FBF3145019B118689A414108B04F43E2563946B2673C89324 ] atapi           C:\Windows\system32\drivers\atapi.sys
23:18:51.0413 0x0eb4  atapi - ok
23:18:51.0428 0x0eb4  [ 42BF7FA295F453618104B5A50BEE105B, AB44BA2AD2FC5AF3B6BE4489C444C03FD1AB02C22109BF5F39BE459294C4CB18 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
23:18:51.0460 0x0eb4  AudioEndpointBuilder - ok
23:18:51.0491 0x0eb4  [ 2A2C0983B6FE62F02E7183335B1F5C20, 07845269FE72894D31D3FC927EECE26333AE9A2149A995DA4AE007276B05C647 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
23:18:51.0538 0x0eb4  Audiosrv - ok
23:18:51.0553 0x0eb4  [ 7062CE507814D5306DCA5D6A15B7B6B6, 9D60506003A66C2E516B1FCB70CC5B26FB3A9948B95D97C828DD0328E76F2C91 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:18:51.0569 0x0eb4  AxInstSV - ok
23:18:51.0616 0x0eb4  [ 6447BA6FA709514B6C803D159B4C7D1E, 549DDCEAD93DF333F6BBD56A9258A867E4DA219741C00D48C68F8F230A87B11A ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
23:18:51.0631 0x0eb4  b06bdrv - ok
23:18:51.0647 0x0eb4  [ B4AC08B1D04D0CE085435E5CD0E663C5, 61E641388E5692B2EB351E44BA1DB86B5305DD105EE56865D59072CA9407C8AC ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
23:18:51.0678 0x0eb4  BasicDisplay - ok
23:18:51.0678 0x0eb4  [ 25B5BB369DEE2BAE4BF459C978FF9035, DBC2157B2AC0BC92B4011CE5E01F2DCDAAE71E37D9D21102503C6455FAAC4DCA ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
23:18:51.0694 0x0eb4  BasicRender - ok
23:18:51.0710 0x0eb4  [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn           C:\Windows\System32\drivers\bcmfn.sys
23:18:51.0725 0x0eb4  bcmfn - ok
23:18:51.0741 0x0eb4  [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
23:18:51.0756 0x0eb4  bcmfn2 - ok
23:18:51.0803 0x0eb4  [ F374C27099807E99A156953F8416D34A, D267B8CD837290F9FC6B4FFD2DB8F54867D808FB155698FC7713BCAB3AE475B5 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:18:51.0850 0x0eb4  BDESVC - ok
23:18:51.0881 0x0eb4  [ 5A88834AEE15D97695FAE0837B73B3E4, 03035FB51DE218B8EDB15129A0376DDED0C7E7B6DA58DD95B12E4E5C8D852ED8 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:18:51.0913 0x0eb4  Beep - ok
23:18:51.0975 0x0eb4  [ 37F5E2385CB4D10AB42186974B9C241A, D38FA2B8CE19AC32056060F04B04D031F1621C07528DEDCCD5A8C01AB0A35995 ] BFE             C:\Windows\System32\bfe.dll
23:18:52.0006 0x0eb4  BFE - ok
23:18:52.0053 0x0eb4  [ 64582C924C48175D52AED0D0E64AB413, 75DC6BC01D26A4BABEDB8013F0C106780F0991CA63075798C7C24B66022F58E3 ] BITS            C:\Windows\System32\qmgr.dll
23:18:52.0116 0x0eb4  BITS - ok
23:18:52.0131 0x0eb4  [ DA2C6F7ACE392193C424FEA975C5BFFB, 668F91F3E5F8EA170C10823D6959E0EDB32434C51FAA68BEA782EDDF5618690E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:18:52.0147 0x0eb4  bowser - ok
23:18:52.0163 0x0eb4  [ 492FB85E61768950CDD27C87AED6E8FA, 1BFF11D899581E406D1AB5F2C66C9D816161ECF4B81AAACCCA3663875E86C0A5 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
23:18:52.0225 0x0eb4  BrokerInfrastructure - ok
23:18:52.0256 0x0eb4  [ A617BE5E429A035A1CA8217C1B16F0BB, 197EE6C6EB22FF8A626540886F5A2163CC4CB177504C5423856F54BF01EB0FF1 ] Browser         C:\Windows\System32\browser.dll
23:18:52.0288 0x0eb4  Browser - ok
23:18:52.0303 0x0eb4  [ CAEC7BC11AF69A181AF7932E636E09E4, 503C69045F1E025CBEE2405043BB71CC58478985ECAF6587F73FCB57860F5709 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
23:18:52.0475 0x0eb4  BthAvrcpTg - ok
23:18:52.0475 0x0eb4  [ 5F2B4B32E986C058525D3BA2A475A16C, CEC5BB0B025DD9525CFBBEDF6EB6F63336534798495A4F95763CE112DF915088 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
23:18:52.0491 0x0eb4  BthHFEnum - ok
23:18:52.0506 0x0eb4  [ 5406289E8AE2CB52FC408154E0A64BA7, 0A3795F2E6E2B51198452CF69A99159D8E11650E95F41DF0B575CB72F9C6C6B5 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
23:18:52.0522 0x0eb4  bthhfhid - ok
23:18:52.0600 0x0eb4  [ BAB101E7826BE287F79C4BA721621989, E6DD25C89267FE87253B8226292F2894F5E702075D3B23B09339D3B28744C060 ] BthHFSrv        C:\Windows\System32\BthHFSrv.dll
23:18:52.0631 0x0eb4  BthHFSrv - ok
23:18:52.0663 0x0eb4  [ A76F20CCCA31895A1DA78A875E50F946, ECD4B3670DA5984AA24F4354457B4E45983938A89FF6DB03B556A633B4B37E3C ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
23:18:52.0678 0x0eb4  BTHMODEM - ok
23:18:52.0694 0x0eb4  [ 7A177E18AA6A6A6365E6351C2BF8EDAE, A35224A20014B1215A6824AE5E17B8869A775EA272EF7F25EAFFA18733F8D09D ] bthserv         C:\Windows\system32\bthserv.dll
23:18:52.0710 0x0eb4  bthserv - ok
23:18:52.0741 0x0eb4  [ BF89BDBA5D3A0B4256D3F6FC8D31880D, 940F3BF55B88261C9E9A951A092331559FC5B24FE3BA0F1E1AB3450D2CA364C1 ] buttonconverter C:\Windows\System32\drivers\buttonconverter.sys
23:18:52.0772 0x0eb4  buttonconverter - ok
23:18:52.0788 0x0eb4  [ C24C27FDF93B85A4EFCF25F830253AA2, 35C87518BB59663B57C2361A13AD4E57E37392598F1EB9F07F86CA5A6321AF5A ] CapImg          C:\Windows\System32\drivers\capimg.sys
23:18:52.0819 0x0eb4  CapImg - ok
23:18:52.0819 0x0eb4  [ 7F9C7226D743B232907ED2537B8A574F, 2211AFC30E8F8FA03020DB48EE14914CD31E50BB6A63FF20AC7C6FA481E72C18 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:18:52.0835 0x0eb4  cdfs - ok
23:18:52.0881 0x0eb4  [ 0A92DC116CFC7F6BE8167DD25CB925CC, 50CAC7BE14FF69B10C029E049F7C441A5572540F027F95F940B185C76C689409 ] CDPSvc          C:\Windows\System32\CDPSvc.dll
23:18:52.0944 0x0eb4  CDPSvc - ok
23:18:52.0975 0x0eb4  [ 82D97776BF982AA143BDC7DFB5054EA8, 954F56728371E6B3514586DCEAF15C4727BAED6CAFBF788654C4E03BD702942C ] cdrom           C:\Windows\System32\drivers\cdrom.sys
23:18:52.0991 0x0eb4  cdrom - ok
23:18:53.0006 0x0eb4  [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] CertPropSvc     C:\Windows\System32\certprop.dll
23:18:53.0022 0x0eb4  CertPropSvc - ok
23:18:53.0038 0x0eb4  [ 0505C1D991D0F9D47F3353BB98597C7E, 3B801CCF4980256327A4A9FBD98007DA1E3ACE9C94E5A4C23AB21303B46E8B5A ] circlass        C:\Windows\System32\drivers\circlass.sys
23:18:53.0053 0x0eb4  circlass - ok
23:18:53.0069 0x0eb4  [ 8B4B39C507ABA09AAFE8E3932D1B392C, 734700155A658BC08FC96E8F99A01DE7F7251D7DDEFA79D258B2EEB370BA7AA8 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
23:18:53.0085 0x0eb4  CLFS - ok
23:18:53.0116 0x0eb4  [ F7526C133AC265F283012E9CD751F873, 6AABDD92FD880F49F63C1CC478C3D8291AF670802CEC58B32730E7675D858D88 ] ClipSVC         C:\Windows\System32\ClipSVC.dll
23:18:53.0131 0x0eb4  ClipSVC - ok
23:18:53.0131 0x0eb4  [ 95832B049E2833B9F5189823CDF946C7, 72773A42A89220B4A6AC72D1633B16F11191A44D876A44FAB5CEFB717CE3223D ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
23:18:53.0163 0x0eb4  CmBatt - ok
23:18:53.0178 0x0eb4  [ 3B866F8CB10719A5AF9E410B1B149714, B0A32B526290ED8E1DD93C70AB49DD417B82CA23D6B815163131247091D61DBA ] CNG             C:\Windows\system32\Drivers\cng.sys
23:18:53.0210 0x0eb4  CNG - ok
23:18:53.0210 0x0eb4  [ 58D640BC2294C71BDE0953F12D4B432F, 0B3B7659FCB97791A2A1F895C8E6F9078F855C94C13EB47464492588C4B02B85 ] cnghwassist     C:\Windows\system32\DRIVERS\cnghwassist.sys
23:18:53.0210 0x0eb4  cnghwassist - ok
23:18:53.0256 0x0eb4  [ 14F9883588398A1BDE49C75098C75DE6, D9D82DE89FAFE60BC902683BC44C7555533A030150FD5E5A35A24542FACC5CAD ] CompositeBus    C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
23:18:53.0288 0x0eb4  CompositeBus - ok
23:18:53.0288 0x0eb4  COMSysApp - ok
23:18:53.0319 0x0eb4  [ 02B8E49148DE5E0A2F6FDF28CE94A6AC, EEA405823F441CA604BEAA44EB71A1D20BC80E124FF7B27380D0201AAF2E0849 ] condrv          C:\Windows\system32\drivers\condrv.sys
23:18:53.0335 0x0eb4  condrv - ok
23:18:53.0366 0x0eb4  [ DE6DF2C34718EADCFF8776E597F2104D, 35D03E95853CEAC69F674FB09C819A4698EBEDFD8AC0474F0ADF02741492401E ] CoreMessagingRegistrar C:\Windows\system32\coremessaging.dll
23:18:53.0381 0x0eb4  CoreMessagingRegistrar - ok
23:18:53.0413 0x0eb4  [ 2CE0D74AED86A372997E9D77AE10B9F5, 1AFAA22C68FD0B81F73CE0EB763AD77AB97E78916752843A5056E1352F0FEA82 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:18:53.0428 0x0eb4  CryptSvc - ok
23:18:53.0444 0x0eb4  [ 2619DC483579DB9FE804044C1ADFFD1A, 23A5420288735A980917091532BE7BB36EB51660AA4555C615AF736357EB02EC ] dam             C:\Windows\system32\drivers\dam.sys
23:18:53.0460 0x0eb4  dam - ok
23:18:53.0491 0x0eb4  [ B339861C6A2A86FBCA67C2006B461473, 228ADC8A8603C0A4342C6CBC6F2CC919271D42391365061AF660E0D7151C66A4 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:18:53.0538 0x0eb4  DcomLaunch - ok
23:18:53.0553 0x0eb4  [ 620921E77351FB651632322AD2C195C4, 5A98971995D7A2B5AE6BEA69344FCC6687B582FEF74BDA206D32FB2E6CEB0478 ] DcpSvc          C:\Windows\system32\dcpsvc.dll
23:18:53.0600 0x0eb4  DcpSvc - ok
23:18:53.0632 0x0eb4  [ 6129EA4294C5C69E4665801E95B16AB2, CE419186CF0F57434426FF925A09F13BE87639679CBB5F2074B0E1A243349D27 ] defragsvc       C:\Windows\System32\defragsvc.dll
23:18:53.0678 0x0eb4  defragsvc - ok
23:18:53.0710 0x0eb4  [ D12B9B6A6C4885824876422AACC89954, 5853ED5CAF84B7AAFF3EDC5C71FE23EB121DB681D81267D77118424BA9AB6F88 ] DeviceAssociationService C:\Windows\system32\das.dll
23:18:53.0741 0x0eb4  DeviceAssociationService - ok
23:18:53.0788 0x0eb4  [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
23:18:53.0819 0x0eb4  DeviceInstall - ok
23:18:53.0835 0x0eb4  [ 5BF8BD9B19D665452494C8D56DF4B28D, E5FC649207EF42C04B6737D442FECD3383E82F8998B140319FF400773F1D0978 ] DevQueryBroker  C:\Windows\system32\DevQueryBroker.dll
23:18:53.0866 0x0eb4  DevQueryBroker - ok
23:18:53.0897 0x0eb4  [ 935823F79CBEDB91637B63D37E3A5A36, BE9A46F1CA631B9252C71758901D55456DC3C143053003D9FA7D67811A1E5026 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
23:18:53.0913 0x0eb4  Dfsc - ok
23:18:53.0928 0x0eb4  [ 5841A361D28069DFC82E1E98040FDC3F, 3A48DB7ADE90654242CB54DAD07F5FF0CD5CABF372C50D5B2C4D7AED068986E1 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:18:53.0960 0x0eb4  Dhcp - ok
23:18:53.0991 0x0eb4  [ 9F5AC03F5A0000DD96FA29CD68A6605B, 6964E077635E65DA902CA6C69E704A9DCD5856D22BA75E1CF823E63E62266AF7 ] diagnosticshub.standardcollector.service C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
23:18:54.0007 0x0eb4  diagnosticshub.standardcollector.service - ok
23:18:54.0069 0x0eb4  [ 15D174719872A30F2FDD6B5B1B8BA5D9, B0E6FF6FC47B731C204F110D4B768231906B144B31F602ECE8EAC24D70BA880D ] DiagTrack       C:\Windows\system32\diagtrack.dll
23:18:54.0116 0x0eb4  DiagTrack - ok
23:18:54.0147 0x0eb4  [ 4904B152E4942BF700F2D73228B4D477, 0E5646DCA05A24C71F057C9F9F64AE992D338DA72DF3126175C2FA178854C30F ] disk            C:\Windows\system32\drivers\disk.sys
23:18:54.0147 0x0eb4  disk - ok
23:18:54.0178 0x0eb4  [ 49F069E2D22F33955A69D44DFD1B5179, 739C52C7B961BA683E8C7CCDB0E95423C17561B2F1F506BAE923DC53DB96B067 ] DmEnrollmentSvc C:\Windows\system32\Windows.Internal.Management.dll
23:18:54.0225 0x0eb4  DmEnrollmentSvc - ok
23:18:54.0225 0x0eb4  [ 0197AE4B9790A4E73751CACFAA480126, 86BBB398F1A93754B2C329271F13A88FD2F285F30225C38F068F565CCA14EB9F ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
23:18:54.0272 0x0eb4  dmvsc - ok
23:18:54.0303 0x0eb4  [ 5EF8EC71A7A91F3DF7798BEFE6786B0E, A3A56B43C72926881C66B7A17C9EAA35C2D9603C8D3849438838536BCD3F4633 ] dmwappushservice C:\Windows\system32\dmwappushsvc.dll
23:18:54.0319 0x0eb4  dmwappushservice - ok
23:18:54.0350 0x0eb4  [ 5839A317C25F70979433E0905DFABB1B, 7F1CD50C77A33A10259D8A208A355BE7ECAFEA69F810AD908EF8878A792741AF ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:18:54.0366 0x0eb4  Dnscache - ok
23:18:54.0397 0x0eb4  [ 1B15297A3A2CAB6BD586676154F389D8, 623D5F5FC8622B7D9AEEEB1787E6846C1570F0EEF94341239440B616D09D672A ] dot3svc         C:\Windows\System32\dot3svc.dll
23:18:54.0428 0x0eb4  dot3svc - ok
23:18:54.0444 0x0eb4  [ 316C2D8B8E3C0727969F1C3790EF7193, 631F8578FDB26578C8436E4B9C4DF21E1F58FCFE6DA66E5769AAC3739005D465 ] DPS             C:\Windows\system32\dps.dll
23:18:54.0475 0x0eb4  DPS - ok
23:18:54.0491 0x0eb4  [ 25FA06D3B49D6ADF8E874FFCDCD76B50, 9AF09B96ED79D94EA36581ABE6CC73313A72891779774B15860D018BEA2BBA0F ] drmkaud         C:\Windows\System32\drivers\drmkaud.sys
23:18:54.0491 0x0eb4  drmkaud - ok
23:18:54.0522 0x0eb4  [ 16EE6701115BECF8C657D9D6E123F6A1, 16E115B5245C3C988F8B58B90D30F183021C7C7792D3D1C74BEC606E49672B2A ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
23:18:54.0553 0x0eb4  DsmSvc - ok
23:18:54.0585 0x0eb4  [ FBC8C56814642A7CA88ACBCA8DD1121F, 108690704A359991C3D6577477E232F5F2F46B36DF6B4B0738A893EF05D7D4EB ] DsSvc           C:\Windows\System32\DsSvc.dll
23:18:54.0616 0x0eb4  DsSvc - ok
23:18:54.0710 0x0eb4  [ F45665E77D11F3C1552EDBEAD1559DC8, C7C4B493CB36A1A35B8CA33C044BA0ED273CDA80E36F48BFF7CE3A0356246838 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:18:54.0788 0x0eb4  DXGKrnl - ok
23:18:54.0850 0x0eb4  [ 0CDF6B61D7F7FFCD195AF0113B9B2C16, 828D3FA31742B54075EAED2E67BBB5166D2EF4F84B791077E96DC0BD5557F11E ] Eaphost         C:\Windows\System32\eapsvc.dll
23:18:54.0866 0x0eb4  Eaphost - ok
23:18:54.0975 0x0eb4  [ 491275B864B704B54EC08168344E0F38, B4849400C3F819CF7809A2001EA2ECB527022483F7DFE31C3930F951EAFE50CE ] ebdrv           C:\Windows\system32\drivers\evbda.sys
23:18:55.0100 0x0eb4  ebdrv - ok
23:18:55.0116 0x0eb4  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] EFS             C:\Windows\System32\lsass.exe
23:18:55.0132 0x0eb4  EFS - ok
23:18:55.0147 0x0eb4  [ CEF108FCE06892CFA5F1B49527D4BF49, FA337584024B6E6EE4AF519F57FFA4C0FCA19EDC148FF309336C4CCA8F9C9CE8 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
23:18:55.0147 0x0eb4  EhStorClass - ok
23:18:55.0163 0x0eb4  [ 5B1EAAE3001A7A320C106FC3859F4111, 700BA2C7D4DFAFFEB78D3804B310A4EE5B4295C84600442665693FF661673951 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
23:18:55.0178 0x0eb4  EhStorTcgDrv - ok
23:18:55.0194 0x0eb4  [ E34DEFC09F2843C2C24C2248F1ABE6D8, 1FD67EB5820A1D2F4402DE9D95DE288DB69D421A8473074FF23491D7CA8B5ACE ] embeddedmode    C:\Windows\System32\embeddedmodesvc.dll
23:18:55.0210 0x0eb4  embeddedmode - ok
23:18:55.0241 0x0eb4  [ 062152DD5B225518A991DFCD8536770C, 5C8EF4E0C7DE3B24387FF239A8D0CDA39C2376826F16EAFF09739A6C7EDA01E0 ] EntAppSvc       C:\Windows\system32\EnterpriseAppMgmtSvc.dll
23:18:55.0272 0x0eb4  EntAppSvc - ok
23:18:55.0272 0x0eb4  [ 7A2705148A4BB3CA255F81624338B461, 68AC8F8D2DD8AA4E8F2224A0054DE2AF67EA199217E87CD3C7299B021048F14F ] ErrDev          C:\Windows\System32\drivers\errdev.sys
23:18:55.0288 0x0eb4  ErrDev - ok
23:18:55.0319 0x0eb4  [ 17BE4A35829B37C742084DC02D48E5F0, 7FDA62B56DF585C3F2C6FFB10AC7C0D8F70FA921C4DEA47B2789745CFE2618CE ] EventSystem     C:\Windows\system32\es.dll
23:18:55.0350 0x0eb4  EventSystem - ok
23:18:55.0366 0x0eb4  [ DFE8A33FBCF6F38182631A4D6097B92D, F9D06780830E74FD5309E6DC5C3EEDB9334A8AE284F381FA91EF2729297F8632 ] exfat           C:\Windows\system32\drivers\exfat.sys
23:18:55.0397 0x0eb4  exfat - ok
23:18:55.0397 0x0eb4  [ 03DE0EC072C5EBD5B018CAD83F1E522A, 9D0B30A2870FBA20B95017CE3A4205F2DD53FE169A0D16715E962D83DE040FB3 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:18:55.0413 0x0eb4  fastfat - ok
23:18:55.0444 0x0eb4  [ 952F10D2116B91BA433842D07879AE7A, 9E1EC0C719877EF198AA4DDBE896E9DDEAD360AAC1FC6DF305E7C5C73C7A761D ] Fax             C:\Windows\system32\fxssvc.exe
23:18:55.0491 0x0eb4  Fax - ok
23:18:55.0491 0x0eb4  [ 9D299AE86D671488926126A84DF77BFD, C076EEDD0524B7D88BC56C97089E0A836CC1AD725E1A544CC4F8DDBB6670C366 ] fdc             C:\Windows\System32\drivers\fdc.sys
23:18:55.0522 0x0eb4  fdc - ok
23:18:55.0553 0x0eb4  [ 47D09B8C312658ACE433E46DDF51C3A5, E76948DA0F51C7DC6D69B7E36D63CE6E98FDE619FA30E91637F75B5084107D22 ] fdPHost         C:\Windows\system32\fdPHost.dll
23:18:55.0585 0x0eb4  fdPHost - ok
23:18:55.0600 0x0eb4  [ 177AC945B20C81400A1525ED7B49A425, FD215A2E718EA38A95D985F53AB3DD44B50C2549AA67F44BA98C4709E492051F ] FDResPub        C:\Windows\system32\fdrespub.dll
23:18:55.0616 0x0eb4  FDResPub - ok
23:18:55.0647 0x0eb4  [ 3E78BEC276DA5A062E4D55F3291B3463, 62983457F506C70D1F89F527AB61C1C0F4D1B002631256A2708F9AF092A8C95E ] fhsvc           C:\Windows\system32\fhsvc.dll
23:18:55.0663 0x0eb4  fhsvc - ok
23:18:55.0694 0x0eb4  [ 8F12AB59336143B680F71B217B495AD2, A28F62F065C68CC1A7EEF0CA52F83C3284B001565D8E154BF8568DE4A525104E ] FileCrypt       C:\Windows\system32\drivers\filecrypt.sys
23:18:55.0710 0x0eb4  FileCrypt - ok
23:18:55.0725 0x0eb4  [ 92ECCFA58C8195B8EA33ED942469D4E6, 8DB12E8CF80ECA22182F9A1F4CA922336A430297F1F596F204ECF4D9D19F30D9 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:18:55.0741 0x0eb4  FileInfo - ok
23:18:55.0741 0x0eb4  [ 87C51FDD50C17882BA93E28BBABB9847, 8987D80FB77D1D3F9E89B491B1287B027DA26FFC4E4BA7B01E07D4D4FC69E236 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:18:55.0757 0x0eb4  Filetrace - ok
23:18:55.0757 0x0eb4  [ E99261DD76D1C9E05AF575939CAE5AC5, A789724FD2E22AFB2F921836F5C19A21D17F4BBD604771E2908C2651BD31989C ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
23:18:55.0772 0x0eb4  flpydisk - ok
23:18:55.0803 0x0eb4  [ 25D7A58625E1453E40D36825DE74E4F1, 74119803D35E3C3CC349B44C6CD9EDF6B797F88584B847F0BF9EED542719B86B ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:18:55.0808 0x0eb4  FltMgr - ok
23:18:55.0855 0x0eb4  [ 4387DE200BF8DD0E2EE828E655434B9A, 9148D65E54663EEC139E754091F47ABF439A637BEA83F600D30736522DAA845D ] FontCache       C:\Windows\system32\FntCache.dll
23:18:55.0933 0x0eb4  FontCache - ok
23:18:55.0933 0x0eb4  [ B4175E8BE60B099686FF55CA7D692316, 3158FC5B4D1A2F1FC1346754392AE24AE58999B9061B1CE78A65E785BFFADD52 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:18:55.0949 0x0eb4  FsDepends - ok
23:18:55.0949 0x0eb4  [ CC71372CEB811A72F1DC99089C5CBF53, BB9DDE74D60E534A6F8A51B63DDBB441245F06A00A0AFD37DBBE86255690946D ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:18:55.0964 0x0eb4  Fs_Rec - ok
23:18:55.0964 0x0eb4  [ 421497634C86EF4B8F86D0EBC076728F, E0D1449555D8849364E00AA747DBC820EF914A9F5B796E35070072FCBC532ADE ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:18:56.0043 0x0eb4  fvevol - ok
23:18:56.0043 0x0eb4  [ B9981A4CB9F728B3312A3885BFAA7204, 12FB2EB2E5D2A912769823DD9C1B33DB358CD0B7FBFC788529EF83DD584334F8 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:18:56.0058 0x0eb4  gagp30kx - ok
23:18:56.0089 0x0eb4  [ 77555B11B264991DDC26872FFCF1AB97, D5F230EEF74EB869F771F8A4AB19C1E6C845BB0EF4A1234882EBDA4FDC431E44 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
23:18:56.0121 0x0eb4  gencounter - ok
23:18:56.0121 0x0eb4  [ F3AC9652D88BF87BA6596CBEA28CE10F, 115F3C0A5B9903B17ADEA80E1825FE927B7361F5BDDF80CE3685EF2D327EDF4F ] genericusbfn    C:\Windows\System32\drivers\genericusbfn.sys
23:18:56.0152 0x0eb4  genericusbfn - ok
23:18:56.0183 0x0eb4  [ F802FBABF0C4DF1BAA733187B2E476F5, E2533284CEBBB872196B013DD1FBBCA794DB1CAAA37D64849BD9264ECDD2CEE6 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
23:18:56.0199 0x0eb4  GPIOClx0101 - ok
23:18:56.0246 0x0eb4  [ B55458A83395A2CFD4E745E9EC4AB5F2, EAB06B089D8A7DBC9AE2A1C919B489911690D341013A5F8F906819C68431CA85 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:18:56.0340 0x0eb4  gpsvc - ok
23:18:56.0355 0x0eb4  [ D011B0ADB15F4815310CE1BF4780B33E, 3860630917F83A89FE7A6407CC544505FA4BD754619CF273DD630ABFBAAE42EE ] GpuEnergyDrv    C:\Windows\system32\drivers\gpuenergydrv.sys
23:18:56.0371 0x0eb4  GpuEnergyDrv - ok
23:18:56.0433 0x0eb4  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:18:56.0449 0x0eb4  gupdate - ok
23:18:56.0465 0x0eb4  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:18:56.0465 0x0eb4  gupdatem - ok
23:18:56.0496 0x0eb4  [ 0F93EBE9071A6BB1548BF0F816EEA24B, 79A99544C00F59996980D299BFACA0463D86158BFA51C8045CE4FF4951779A44 ] HdAudAddService C:\Windows\system32\DRIVERS\HdAudio.sys
23:18:56.0527 0x0eb4  HdAudAddService - ok
23:18:56.0527 0x0eb4  [ 84BC034B6BB763733C1949B7B9BAF976, 18C2C0F15BAFA46197F0BB629C4F585D893C2A78324CA198F88A04527D524F23 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
23:18:56.0543 0x0eb4  HDAudBus - ok
23:18:56.0543 0x0eb4  [ 6B8CB114B8E64C0636EB49F7B914D1FC, 1AD7A43CC5CD99DCEF60C61242B6843D4AD925CE93BA5D75CD8395C7125EF5A7 ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
23:18:56.0574 0x0eb4  HidBatt - ok
23:18:56.0590 0x0eb4  [ D1AD197CCDAAC0CB4819DA1D6EB17BAE, C370F974D0A1F7B60F47EAFF57B6CCABE82913187F8BFEE169B8237AE91247B1 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
23:18:56.0605 0x0eb4  HidBth - ok
23:18:56.0621 0x0eb4  [ 64909DECCFCC6FB5D9A5BAFDCCB31FEE, E19C91FD8D5102A8C4F6C6FF70CA058BB272FEC1B6E9CBA3A473C49948E6AC7E ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
23:18:56.0636 0x0eb4  hidi2c - ok
23:18:56.0636 0x0eb4  [ F510F7B7BF61DEAAC04E65C3B65E8D59, 11566086B06FB08B6A179E3068E022DA381C762DC8962D1E1D63DC646DD4D301 ] hidinterrupt    C:\Windows\System32\drivers\hidinterrupt.sys
23:18:56.0652 0x0eb4  hidinterrupt - ok
23:18:56.0652 0x0eb4  [ 90F3ED42D423C942BA5EA54E2FFE7AC7, BF7DE0C8141CD20A6235657BA897A019ABEFF6A01AA3FB202C73C33433CDEAF8 ] HidIr           C:\Windows\System32\drivers\hidir.sys
23:18:56.0668 0x0eb4  HidIr - ok
23:18:56.0668 0x0eb4  [ 46DE2EF6382DD9613CB506760648F262, 419555220794380134A64E1956B83B2FD1D1B6E403C5FC729A9107E14A12E968 ] hidserv         C:\Windows\system32\hidserv.dll
23:18:56.0683 0x0eb4  hidserv - ok
23:18:56.0683 0x0eb4  [ 128DEDDD61915DBA4D451D91D21F0513, 961A0DDA02B0879989300C15E4FF9022882A4CD895D65335C263AC0DD1918314 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
23:18:56.0730 0x0eb4  HidUsb - ok
23:18:56.0746 0x0eb4  [ 2FEF4D90C0CAED258C93CFF72A8FFD71, 56473D90E9FE52849067D080FD88B29C0BBE76E5266657E2ABD6366B7A4E9474 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:18:56.0793 0x0eb4  HomeGroupListener - ok
23:18:56.0824 0x0eb4  [ E2145534FB853921788F52701BED0CAB, DF71F842772FAC21DD8994C97F578A78AC43D06C5F26F752FB69B47DFE3BB112 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:18:56.0840 0x0eb4  HomeGroupProvider - ok
23:18:56.0855 0x0eb4  [ FF442DCDCE1F6E9FAA9C8AD0CD1D199B, A239414E97B310C9545995B0E723B5E792B08D71F651450EB006AD4D1765E4F7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:18:56.0855 0x0eb4  HpSAMD - ok
23:18:56.0902 0x0eb4  [ 63C3F74DC398A1C1A77E39DFB9C312CA, 283A13899838B4313BFBC406E832042696C549640A1AB11E23C0B9E499289836 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:18:56.0933 0x0eb4  HTTP - ok
23:18:56.0949 0x0eb4  [ CBA5E88A0F0475B7F49653BB72150BEF, 0F03560D9C30E069D117A555AEE729C81E6BCAE443FA25172D0E9E6903695C67 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:18:56.0949 0x0eb4  hwpolicy - ok
23:18:56.0965 0x0eb4  [ D668FAB4B0397B426EE3D41683B9A1C0, 66F3E3B2ABC3C9B25A0DADBF09818547ED301230374AC5302B4794629A95DDF8 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
23:18:56.0980 0x0eb4  hyperkbd - ok
23:18:56.0983 0x0eb4  [ 40115A0F8E7FF9E786EBBD1D33D39AD7, 5190D3970950251CD0946521C428BF26BF7D68C2984B990B8EFDD406EC9CDFE1 ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
23:18:56.0988 0x0eb4  HyperVideo - ok
23:18:57.0004 0x0eb4  [ 53FDD9E69189E546DE4740F8C4D8AB2F, 45ED5B229ED5FD0CEE8BF52EFF88FD8B1889BF348ED7187926F290B3AD48A76D ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
23:18:57.0020 0x0eb4  i8042prt - ok
23:18:57.0035 0x0eb4  [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c           C:\Windows\System32\drivers\iai2c.sys
23:18:57.0035 0x0eb4  iai2c - ok
23:18:57.0066 0x0eb4  [ 59A20F5AD9F4AE54098154359519408E, E27B7389C9D123CDDA4EC9CBDB06C4AA5000012391F940EE1492419B593608FE ] iaLPSS2i_I2C    C:\Windows\System32\drivers\iaLPSS2i_I2C.sys
23:18:57.0098 0x0eb4  iaLPSS2i_I2C - ok
23:18:57.0098 0x0eb4  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
23:18:57.0098 0x0eb4  iaLPSSi_GPIO - ok
23:18:57.0113 0x0eb4  [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C     C:\Windows\System32\drivers\iaLPSSi_I2C.sys
23:18:57.0113 0x0eb4  iaLPSSi_I2C - ok
23:18:57.0129 0x0eb4  [ 6B0029A0253098CCE28EACCFDB9E7208, E33AD69644E1683A971DA1169B704FBCFD9F715E9550816058E420BB5DE4D946 ] iaStorAV        C:\Windows\system32\drivers\iaStorAV.sys
23:18:57.0160 0x0eb4  iaStorAV - ok
23:18:57.0191 0x0eb4  [ 9652E1E35A92D8C75710C17A63B15796, 72F8C4A49B874226DEE9B7C9704F0E0A98DAA2DF4EAE2F2258E8324ACBD242E4 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:18:57.0207 0x0eb4  iaStorV - ok
23:18:57.0223 0x0eb4  [ FFADF691F7BF727AF5C863454A372723, FCF5A5595E8C9C937BE9F1C3AB5D9BD0EFE82DE1298D12085E0CCD84A186D2F2 ] ibbus           C:\Windows\System32\drivers\ibbus.sys
23:18:57.0238 0x0eb4  ibbus - ok
23:18:57.0270 0x0eb4  [ 80BF2990E01E774D64F6E13F30661942, ADFEA2280D29F2C7B0A556C61709301D6327C288064FF5A4D29358403DF41DCE ] icssvc          C:\Windows\System32\tetheringservice.dll
23:18:57.0301 0x0eb4  icssvc - ok
23:18:57.0301 0x0eb4  IEEtwCollectorService - ok
23:18:57.0332 0x0eb4  [ 95A03F67830FDCB950E70261128D540D, D052CB703500E2871CF51E015E444F2A99FA9A7579AC422104F0E411F6107BD0 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:18:57.0379 0x0eb4  IKEEXT - ok
23:18:57.0379 0x0eb4  [ ECDB27420D3A98424666904525A8562A, BDA98C3C95F2AD79945EF8213D5C65064052C09C82DD36F0D6724E1D21DCC30A ] intelide        C:\Windows\system32\drivers\intelide.sys
23:18:57.0379 0x0eb4  intelide - ok
23:18:57.0395 0x0eb4  [ 8FF1978643EFD219C5BA49690191D701, 6FD78A8490107C80090D7125644B8C910855374BE1373D1D6B199307C79680BA ] intelpep        C:\Windows\system32\drivers\intelpep.sys
23:18:57.0410 0x0eb4  intelpep - ok
23:18:57.0426 0x0eb4  [ B61B60F36E1C8022FA8166ABF0F66B07, 23161F1DA51D44D936329E62DF4C2DAEE3DDD4B3D62CC501A888C0E149788968 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
23:18:57.0457 0x0eb4  intelppm - ok
23:18:57.0457 0x0eb4  [ CA0D42029AFFC4514D295E1EF823D02D, F2A05CB2B2E8C843FD02DC37E86F23CF928A4B2F9044424A60DE4E82B87DF5C3 ] IoQos           C:\Windows\system32\drivers\ioqos.sys
23:18:57.0473 0x0eb4  IoQos - ok
23:18:57.0488 0x0eb4  [ 6E3F9D95235DFC9417384080A216F310, 6F13D72661038A91CFABB360621F4B169D78955C3EAD64956A7C825ABAEC5121 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:18:57.0488 0x0eb4  IpFilterDriver - ok
23:18:57.0535 0x0eb4  [ 6E75B731A8A7EFED0821327B08DAB46D, A77B746447824BD3C68B82D7329B82D62098B2409F8AEE4738FA23CB1561E629 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:18:57.0566 0x0eb4  iphlpsvc - ok
23:18:57.0566 0x0eb4  [ 4F527ECB5EAB47D8EAF34A469666C469, 8FFBEEF42515B6A7758BE579ED69E3911856CBF7710D9785011332C5E3DFE495 ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
23:18:57.0598 0x0eb4  IPMIDRV - ok
23:18:57.0598 0x0eb4  [ 9E5E8F2A1996F23B7E9687846AA81B01, 29E59384A4F92B3B4F2974942C91A12380113C13D3800900B5F44E2355D05455 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:18:57.0613 0x0eb4  IPNAT - ok
23:18:57.0613 0x0eb4  [ C317EB660138BC9CBFE37CCDE56351AE, F3AF6C573419D7F65C96A4841D4F056CA281CD5AFACDC7A5F586A390DC6E615B ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:18:57.0645 0x0eb4  IRENUM - ok
23:18:57.0645 0x0eb4  [ 531994A6D9399D9B74BE12B5BB58A81E, 6D5CF540C777F4828E1D4C5FE58EE41E6C2F5F399C554DC85F19D1E52229B094 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:18:57.0645 0x0eb4  isapnp - ok
23:18:57.0676 0x0eb4  [ 68D5354A4A9692EEC24664C60F47D4A2, 92124E98B6E286B6127DC6D0BFACC9C6D293D58EAE2B47B45532714CE6A6D0CD ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
23:18:57.0691 0x0eb4  iScsiPrt - ok
23:18:57.0707 0x0eb4  [ 701D7DB13B0815E7076EF4CB4CE981F8, 02585661656C0069AC318B82DE83DAC660451A0B970FDBCA0F7A8B4CBF7D93A9 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
23:18:57.0707 0x0eb4  kbdclass - ok
23:18:57.0723 0x0eb4  [ 884EBBDDBF5968003B40185BD96FF0E6, E3934D0FF0BEDDF5526AF529F7D15BA8BE479383894975B1AF1A1818C394A6E3 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
23:18:57.0723 0x0eb4  kbdhid - ok
23:18:57.0723 0x0eb4  [ 6B3A0C7902811E6372643447E41F7048, 30667B56A306CFD5D15BC46F8E7D9E167612E71B6C8F554406E706A6330F5B94 ] kdnic           C:\Windows\System32\drivers\kdnic.sys
23:18:57.0754 0x0eb4  kdnic - ok
23:18:57.0770 0x0eb4  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] KeyIso          C:\Windows\system32\lsass.exe
23:18:57.0770 0x0eb4  KeyIso - ok
23:18:57.0785 0x0eb4  [ 982C795DE20CED7AEDD2E7899B5D9BC1, 9F4E7536DB253CD83AA2AB89E9F3311714CD70F13AFD16F9B4D4CD86A70FC164 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:18:57.0801 0x0eb4  KSecDD - ok
23:18:57.0816 0x0eb4  [ 7D8B9214692C4D0F1646215D9984E19A, DC73503A8CA67F4E167DEA69AADDEA5F2D756E1C1F4FF42B6ECEA7E637BB80AB ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:18:57.0832 0x0eb4  KSecPkg - ok
23:18:57.0832 0x0eb4  [ E9BB0023D730701BB5D9839B44F5E6B5, 19D4BAC09424D331922472CFD2D0E32BEFA9188A6AF194C8D1F93FD77CE36691 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:18:57.0832 0x0eb4  ksthunk - ok
23:18:57.0863 0x0eb4  [ 71DE1AD9B23661EEC4F2A6EAA5A7D33D, 3219AEF3D6AE5933AE669FD2ED9ED95A8780612E39F31DB3DB9ED6B6244C5F7B ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:18:57.0910 0x0eb4  KtmRm - ok
23:18:57.0941 0x0eb4  [ 8BBB2B4429AF340481520C20C17FC5B6, 9E32815349195FC4B1BE213600FD407F2EAEEC8368289EB3E6B769125A739C08 ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:18:57.0957 0x0eb4  LanmanServer - ok
23:18:57.0973 0x0eb4  [ 1F5D48B1DA1B812BD2411CA44D75DD32, D1BDB8142CB13E8C6DD6F42E07C9D19BBBF6410D5122A04C01B34B95B442DD95 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:18:58.0004 0x0eb4  LanmanWorkstation - ok
23:18:58.0020 0x0eb4  [ 02C54C5C7EBE371EC0C59795ED22213F, 712AFE0EDF40436124F3FD55ED9B5A3A33A8761A58F4D482BB65229741B1C270 ] lfsvc           C:\Windows\System32\lfsvc.dll
23:18:58.0035 0x0eb4  lfsvc - ok
23:18:58.0035 0x0eb4  [ 01BF128CC327A2E53898F732AF52B3DB, D62ACDA69D9942F9CEF400874DBB6EAF9811D9657CBFEF89174F88D76BB8D8EA ] LicenseManager  C:\Windows\system32\LicenseManagerSvc.dll
23:18:58.0066 0x0eb4  LicenseManager - ok
23:18:58.0066 0x0eb4  [ EC34EED89C34B27C292166B725AC7A7B, 58F1BA0CB7743314AC012A82F8CE4072CBDD05D9570C52BC18DC551882F5B1BA ] lltdio          C:\Windows\system32\drivers\lltdio.sys
23:18:58.0098 0x0eb4  lltdio - ok
23:18:58.0113 0x0eb4  [ 2C23283A0815B048C06D8C0ED76AAD95, 4335546939C1A98CFE9A4403CC82D79CC713439E4DFD1F4760FDD867305151E0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:18:58.0129 0x0eb4  lltdsvc - ok
23:18:58.0160 0x0eb4  [ CB6365E995F4DB856866500EDD8F61C1, 717ED387F245CAC68217B0F393D7B8AB3805721AB2C4D2D43430FE6E740F0856 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:18:58.0191 0x0eb4  lmhosts - ok
23:18:58.0223 0x0eb4  [ 961F28D879D345BFA50AF51285C90F2E, F9931A436651F695B746BC0C07E833D9C9F64126746DF976E691E6CAE26DAC9B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23:18:58.0223 0x0eb4  LSI_SAS - ok
23:18:58.0238 0x0eb4  [ 6BFB8D1B3407518BE06B6F81F92FA0F5, DE0818DCC0D8D1D30A29AB167C65461A78100ABE2368637CEB9D0ED2B4E88D8E ] LSI_SAS2i       C:\Windows\system32\drivers\lsi_sas2i.sys
23:18:58.0238 0x0eb4  LSI_SAS2i - ok
23:18:58.0254 0x0eb4  [ BE0E47988D78F731DEC2C0CB03E765CB, CA0015E87A3962611DBF714253FA618A6568346BAE640884432C1D44DE4C8684 ] LSI_SAS3i       C:\Windows\system32\drivers\lsi_sas3i.sys
23:18:58.0254 0x0eb4  LSI_SAS3i - ok
23:18:58.0254 0x0eb4  [ F99BF02BE9219986817BF094981EEB18, 4303C772366065885C5D937B2E9AC0BF80C84BFB2737716055AD57BF6AADD673 ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
23:18:58.0270 0x0eb4  LSI_SSS - ok
23:18:58.0301 0x0eb4  [ FFAA37FBBDD161E8C200C83B40F7872E, 0637B3119FC220CB8E23EE6694A9F1F25CF8D61008B14F6E30FDC17DCF9E077E ] LSM             C:\Windows\System32\lsm.dll
23:18:58.0332 0x0eb4  LSM - ok
23:18:58.0348 0x0eb4  [ 2FCF837196082864F66CFD9CAB256275, 8BE01C3BCBC1E6E5D1FD7F49E936482E61ACB805F397AB81B8D39C2F0F1083BD ] luafv           C:\Windows\system32\drivers\luafv.sys
23:18:58.0363 0x0eb4  luafv - ok
23:18:58.0379 0x0eb4  [ 9BC40C5A140B5F380042E391CC95993F, 4FFE8A6A473530CE171AC47C7E8D51B8C29BDC209E7129F66B06F8D40F07DAED ] MapsBroker      C:\Windows\System32\moshost.dll
23:18:58.0410 0x0eb4  MapsBroker - ok
23:18:58.0426 0x0eb4  [ 78BFF5425E044086E74E78650A359FBB, 294738C10F3ED933D4EC40EA0659372FCF19A3C6D45D356917438CA495F2CB45 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
23:18:58.0441 0x0eb4  MBAMProtector - ok
23:18:58.0488 0x0eb4  [ 9611577752E293259C7DCE19E9026362, 8CB5DFD63FA15603BB6FA6B501E09ED7F4DE0E8F68CB28B78CECAC3711BEFD24 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
23:18:58.0520 0x0eb4  MBAMScheduler - ok
23:18:58.0566 0x0eb4  [ F1A89A34388B5626F1548D393B23ECB1, EA00AC76C4C8C9340753B58A3313C9177A9B98F9F1BDE08F184CD0F53D0C186F ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
23:18:58.0582 0x0eb4  MBAMService - ok
23:18:58.0629 0x0eb4  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
23:18:58.0629 0x0eb4  MBAMSwissArmy - ok
23:18:58.0660 0x0eb4  [ 898415AC0B5F1D2A9A48ABCB68A6DC4B, E1FD9AE5E22E3E5A18288E66A6184E92A4B63A1274DCE147A7728BB09C6A225E ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
23:18:58.0660 0x0eb4  MBAMWebAccessControl - ok
23:18:58.0676 0x0eb4  [ 2ED29B635F35E31A1C0D3DDB7DD2AD03, F70CC20B98C2DBCD13B0D509D92B3BC3828D1B88F3ACD60C860E163064844181 ] megasas         C:\Windows\system32\drivers\megasas.sys
23:18:58.0692 0x0eb4  megasas - ok
23:18:58.0707 0x0eb4  [ 22E3CB85870879CBAE13C5095A8B12E3, 5FA5A8EFBA117089CFDBE09743A16BC3A7CC2042C96ABA1F57901747493106BF ] megasr          C:\Windows\system32\drivers\megasr.sys
23:18:58.0738 0x0eb4  megasr - ok
23:18:58.0754 0x0eb4  [ 034338E2F6F123727F7C351152B084AF, B1E120E838CC8A882FC0C4C5F6D6016E11DD3D067E31B27E532BAD11A5976230 ] MEIx64          C:\Windows\System32\drivers\TeeDriverW8x64.sys
23:18:58.0770 0x0eb4  MEIx64 - ok
23:18:58.0785 0x0eb4  [ F2C23E25636BCA3543E6AD7858E861B7, 0CAB0A037471B4858CE9477E49BF50A5E3E6685E05F8A4BD2D9238551D5073A6 ] MessagingService C:\Windows\System32\MessagingService.dll
23:18:58.0801 0x0eb4  MessagingService - ok
23:18:58.0832 0x0eb4  [ D41920FBFFF2BBCBBC69A5B383AD022E, E66218A8303422EA10C19BA12343740B9A1A70B11B39E185E805B4F74CD2B75E ] mlx4_bus        C:\Windows\System32\drivers\mlx4_bus.sys
23:18:58.0863 0x0eb4  mlx4_bus - ok
23:18:58.0879 0x0eb4  [ 64BD0C87064EA20C2D3DC4199F9C239C, ED69706277A58ED2C5F2B1B4E9A4A9C7C20173D46EB57FB31D8B63340BA23193 ] MMCSS           C:\Windows\system32\drivers\mmcss.sys
23:18:58.0895 0x0eb4  MMCSS - ok
23:18:58.0910 0x0eb4  [ 8D4B46FA84A3A3702EDADD37FAC6EDBA, E3B9E12BD324FE637C365FDC5E490C41889047004D4FC8F7D78339484F2F717B ] Modem           C:\Windows\system32\drivers\modem.sys
23:18:58.0942 0x0eb4  Modem - ok
23:18:58.0942 0x0eb4  [ 78FEC1BDB168370F131BFBFEA0A04E9D, E07B1BC429C2CFBD6162F89A6502C67A4BAD904ADC05D3505D87A0B2BCE1061B ] monitor         C:\Windows\System32\drivers\monitor.sys
23:18:58.0973 0x0eb4  monitor - ok
23:18:58.0988 0x0eb4  [ D1CC0833CFBC4222A95CAA5D0C8C78FF, 54F04374C6D3EFF5C1B794C069870458F10757E5773AEE911957089EAF51EC8D ] mouclass        C:\Windows\System32\drivers\mouclass.sys
23:18:59.0020 0x0eb4  mouclass - ok
23:18:59.0020 0x0eb4  [ C2E05EC6B80BCF5AE362DA873E1BCE64, 4ABE5CA2005A54E92259EDB52205A5C59BDB83026FC0CD7CBB1E3A003C2B535B ] mouhid          C:\Windows\System32\drivers\mouhid.sys
23:18:59.0051 0x0eb4  mouhid - ok
23:18:59.0051 0x0eb4  [ D5B7668A8F6C67C51FA5C6C513396D6C, 35985AD89344A8464BD78B8DA6A772E4E60A2EB93072AC23673A86EFD0B2270A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:18:59.0067 0x0eb4  mountmgr - ok
23:18:59.0067 0x0eb4  [ 5FBCB85D127BE21E3A9DAF11A13C00EA, D00AB99CC813E26B0BD2D39161D4138AB89A06B3E3A28712F2D5BCA60905BEC4 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:18:59.0098 0x0eb4  mpsdrv - ok
23:18:59.0145 0x0eb4  [ 553F19DC6F3F73545CB17FCD7A8AE37B, 49ABB625EB9C2981254EEA1FE7858DF630BA2D65653CC91CD4FEEACF69C5392F ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:18:59.0176 0x0eb4  MpsSvc - ok
23:18:59.0192 0x0eb4  [ BF6CA7EA5ECD6CF72D3D76652A9B8280, 8EC031D0D8E75CB583B129CBA518701097697498621307108388FA05FBF604BB ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:18:59.0223 0x0eb4  MRxDAV - ok
23:18:59.0238 0x0eb4  [ 0B3B0C1D86050355676640488FA897D3, DBED9D6F7AAFB11F4C00C1F69DB7A887A3058E5FA66615A1640242439822B60C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:18:59.0254 0x0eb4  mrxsmb - ok
23:18:59.0285 0x0eb4  [ 1A490555FD330CA2764D89191177C867, 1004AE2F80BEA9A6DBA3E6B5D2DDFA44FBA253F7137D60B000B094699DE1CB12 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:18:59.0317 0x0eb4  mrxsmb10 - ok
23:18:59.0332 0x0eb4  [ 0F47A6C09F0A7FB5513D322A2B9BE4EC, 00A17CB55D232E11F3D24D0B43FE4FA9E55F7EF5E5607B26ED84C13108AAC4FA ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:18:59.0348 0x0eb4  mrxsmb20 - ok
23:18:59.0363 0x0eb4  [ A4411C522D41707D5BCA817A5BB9E30B, EF7505BE475ECAB2B5E66A7419EDAF42A7E7A65BAD3BBE346A8CEE5DD69782CC ] MsBridge        C:\Windows\system32\drivers\bridge.sys
23:18:59.0379 0x0eb4  MsBridge - ok
23:18:59.0395 0x0eb4  [ 807A6636828E5F43C10A01474B8907EE, F275645F4F0D0A796C33C03EA7FA563A0B890AB3A93E5F99C5EA166F91D249B1 ] MSDTC           C:\Windows\System32\msdtc.exe
23:18:59.0426 0x0eb4  MSDTC - ok
23:18:59.0426 0x0eb4  [ D123343DDB02E372B02BF2C4293F835F, 8E02D9F7E5DA717B64538444B3FE1C55AA4B0F26F51DA20947E971D27EA09D12 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:18:59.0457 0x0eb4  Msfs - ok
23:18:59.0457 0x0eb4  [ B3358F380BA3F29F56BE0F7734C24D5F, 229D9E72C429AC51BF6E7C8306218620CB1AA50FE39BA6C11ED0F643E7AF90E5 ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
23:18:59.0457 0x0eb4  msgpiowin32 - ok
23:18:59.0473 0x0eb4  [ B2044D5D125F249680508EC0B2AAEFAC, 9631FF42DA5A7CEE1F2607AA8972EF0A67616F0EEEBC95F97B1C8F5A577ED5C4 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:18:59.0488 0x0eb4  mshidkmdf - ok
23:18:59.0488 0x0eb4  [ 36ABE7FC80BED4FE44754AE5CFB51432, FB89DF3A50C52B69D4E831A370157D1901810093A0D7D7120A120FC5C6E14BF5 ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
23:18:59.0504 0x0eb4  mshidumdf - ok
23:18:59.0504 0x0eb4  [ 59307FEAFC9E72EEEC56B7FD7D294F4C, 56576635870FC68980977FFA0E7F8E8D69A7981DECF5B52D0B2A82E3BA6685EA ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:18:59.0520 0x0eb4  msisadrv - ok
23:18:59.0520 0x0eb4  [ 236A38F5CB0A23BF0ACCD70ED0BD7F70, 8106B528458E6C8E4437D9064D58F10FF195E67CD308AEBBD5F860AD2D59DCC4 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:18:59.0551 0x0eb4  MSiSCSI - ok
23:18:59.0551 0x0eb4  msiserver - ok
23:18:59.0567 0x0eb4  [ E9457EDFEBC774199F907395C6D09CA2, C3655CE83F4AD1258382722E9A99C33FDD3AA40B62CFEB8DFDD141E254E6DCE2 ] MSKSSRV         C:\Windows\system32\DRIVERS\MSKSSRV.sys
23:18:59.0582 0x0eb4  MSKSSRV - ok
23:18:59.0598 0x0eb4  [ C85D79735641D27C5821C35ECDDC2334, C1BAFD98122B04665870171C143EC119181351D10777A83680A63BF305703FF3 ] MsLldp          C:\Windows\system32\drivers\mslldp.sys
23:18:59.0629 0x0eb4  MsLldp - ok
23:18:59.0629 0x0eb4  [ EF75184B64356850D0F04D049C253526, 325476F53372BD70201347F044C8EFEC0DB939E1926454B6DCC0CF7864969650 ] MSPCLOCK        C:\Windows\system32\DRIVERS\MSPCLOCK.sys
23:18:59.0660 0x0eb4  MSPCLOCK - ok
23:18:59.0660 0x0eb4  [ 543933D166C618E7588EA77707EC1683, 84A65D277E28FDD7CE2345188891093AC88B577E4C528AD39AB629E341199688 ] MSPQM           C:\Windows\system32\DRIVERS\MSPQM.sys
23:18:59.0660 0x0eb4  MSPQM - ok
23:18:59.0676 0x0eb4  [ 182711E9DDF70121A20EBB61B2DFB9E8, 70606503F6280EA3175B9AEC8370A8F461575755DA86EF6E9C9D04EAD61481FA ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:18:59.0692 0x0eb4  MsRPC - ok
23:18:59.0692 0x0eb4  [ E887FFDD6734C496407E9219225CB6FF, 0EC9A79224BCE5D0A782E62CC38E3494E8FB65DFC07C66D25C5A1A351121C27D ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
23:18:59.0707 0x0eb4  mssmbios - ok
23:18:59.0723 0x0eb4  [ 83A2AB75951000D681FABDB80C07AEFC, 3B2F582F097E3F934C4587B27CB05525350F36924B74CA6BCD364878FA8EC273 ] MSTEE           C:\Windows\system32\DRIVERS\MSTEE.sys
23:18:59.0738 0x0eb4  MSTEE - ok
23:18:59.0754 0x0eb4  [ 4FA0483896FC16583851EFB733FCB083, BB59243ABE32FBE92EC1B04D24239BE2DF7C2354A407C2EFF97623F07DCBDA35 ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
23:18:59.0770 0x0eb4  MTConfig - ok
23:18:59.0785 0x0eb4  [ 60F88248608315E13391C2F1C3B4473F, 99E8B74118A01FC281A1C6B323EFD1A8EA1997B81A013442205066F55327D555 ] Mup             C:\Windows\system32\Drivers\mup.sys
23:18:59.0785 0x0eb4  Mup - ok
23:18:59.0801 0x0eb4  [ 218705233D02776AE4D19CC37D985C1B, 3D92925867B6B8FFAF78E4080139DCB3D45E1E6E1D0AFB6A4FE248B002BD8471 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
23:18:59.0801 0x0eb4  mvumis - ok
23:18:59.0848 0x0eb4  [ AA4CD20708B7E0412A5316D7E2875103, 4E60A0865B7656735F3AB34AF5FE48304138F47DE961D4D16661617D711DEBC0 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:18:59.0879 0x0eb4  NativeWifiP - ok
23:18:59.0910 0x0eb4  [ A340A4B27CC7DEDDF953B7E2C9699747, 4C5AB23BD0C69B17E9BD29CAFEDC100A6EFC78BAB645B007FCAE4318C459D345 ] NcaSvc          C:\Windows\System32\ncasvc.dll
23:18:59.0926 0x0eb4  NcaSvc - ok
23:18:59.0942 0x0eb4  [ 24146738C422814EEB2A98FF1FC5C6E1, 3C70C6768681CE63DED339822EFB36194037B987D92456B9E955061A3A3C63BC ] NcbService      C:\Windows\System32\ncbservice.dll
23:18:59.0957 0x0eb4  NcbService - ok
23:18:59.0973 0x0eb4  [ 476466DC3AB2327E2DBFAEC11798E2EE, 9ACD74720664CF3F239601DF0BE80AC443AF0FBF666CBB8509169364FB22B95D ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
23:19:00.0020 0x0eb4  NcdAutoSetup - ok
23:19:00.0035 0x0eb4  [ B57CE307DA101C739885B7CC0678077F, F7F45DB6D306060F0FE0E59F39C3B95F6A9B6173930F22C5C41B2003895D6642 ] ndfltr          C:\Windows\System32\drivers\ndfltr.sys
23:19:00.0035 0x0eb4  ndfltr - ok
23:19:00.0082 0x0eb4  [ E582DA849A58524E645545FB68B6625D, B74E2CF078F6C575EFC4A2E4293D03FE6BA933307D656E0E57FFA17EF324948D ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:19:00.0129 0x0eb4  NDIS - ok
23:19:00.0145 0x0eb4  [ 202260E7CDD731A32AF62ABD1ABEE008, 0E019FAE09B2659CC3267756DB962CCD69172BA67E3288B491F7B455287A5392 ] NdisCap         C:\Windows\system32\drivers\ndiscap.sys
23:19:00.0176 0x0eb4  NdisCap - ok
23:19:00.0176 0x0eb4  [ A1D473D0CF10561F29B58EA7C5412A92, 3DBFC1D769E03E30C87FF4F30A9B523A69A7E0CD4EB87F8A9ECE190FEB84C569 ] NdisImPlatform  C:\Windows\system32\drivers\NdisImPlatform.sys
23:19:00.0192 0x0eb4  NdisImPlatform - ok
23:19:00.0207 0x0eb4  [ 1A0AE283B8DE6BB76412A0F8213D45AC, 91AFFDC7A9277EB59CD54021049BEA715078F90470B8A12F3E9F1386DF068D2D ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:19:00.0223 0x0eb4  NdisTapi - ok
23:19:00.0223 0x0eb4  [ A74EE2D2C0BFF5EC3A6185791868C4CA, A346320DEBEAE890575B4C6594FB3A3A9890A0E86881ADD8376E442282C88D38 ] Ndisuio         C:\Windows\system32\drivers\ndisuio.sys
23:19:00.0239 0x0eb4  Ndisuio - ok
23:19:00.0254 0x0eb4  [ 32A9BD1342640D48AD85C8B3E812B984, B702B05A0180472139B35B105DD3B6B6F75AEDC9DD1EE342FB576259076455AE ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
23:19:00.0270 0x0eb4  NdisVirtualBus - ok
23:19:00.0285 0x0eb4  [ 6A6A8CF5EE61801375A38EBB871D4057, AE8EFF18D82BBE83101B380189A6889822891A993EB865E2E81C1D2F60B77C4C ] NdisWan         C:\Windows\System32\drivers\ndiswan.sys
23:19:00.0301 0x0eb4  NdisWan - ok
23:19:00.0317 0x0eb4  [ 6A6A8CF5EE61801375A38EBB871D4057, AE8EFF18D82BBE83101B380189A6889822891A993EB865E2E81C1D2F60B77C4C ] ndiswanlegacy   C:\Windows\system32\DRIVERS\ndiswan.sys
23:19:00.0317 0x0eb4  ndiswanlegacy - ok
23:19:00.0332 0x0eb4  [ 50AEF8EF0064A91ABB08D858D039C9DE, 16F1CBE1EC3778D157CC054261068C8D7F8A72D85853CB70178F8DF81D238C8F ] ndproxy         C:\Windows\system32\DRIVERS\NDProxy.sys
23:19:00.0332 0x0eb4  ndproxy - ok
23:19:00.0364 0x0eb4  [ D358DF634F52247CB43F0781218F4D6E, D375E9E681551467FC5F7AB2AC053C9F22AAC541C0BCBA57090211F45009342C ] Ndu             C:\Windows\system32\drivers\Ndu.sys
23:19:00.0379 0x0eb4  Ndu - ok
23:19:00.0379 0x0eb4  [ 026618ECF6C4BEBDCB7885D42EC0DBE4, 8E7E13361DCF8748FA3AD518B3DE0A3DCE932316EE32E5529E75785BC5395AD1 ] NetBIOS         C:\Windows\system32\drivers\netbios.sys
23:19:00.0395 0x0eb4  NetBIOS - ok
23:19:00.0395 0x0eb4  [ F51C02D992A8D6BC5EC4D990F227D4C7, DBBDA422BFA82219403689637BE8D6B0D0A893895143E807FA5A007C166454CB ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:19:00.0426 0x0eb4  NetBT - ok
23:19:00.0442 0x0eb4  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] Netlogon        C:\Windows\system32\lsass.exe
23:19:00.0442 0x0eb4  Netlogon - ok
23:19:00.0473 0x0eb4  [ 7FD4C3D32DAE890608F44074A3437CD8, 5B7D9E9AEE26896B818F3C5DBE4C96A33D43CE2CF7716B95AAB7203611C03BFE ] Netman          C:\Windows\System32\netman.dll
23:19:00.0520 0x0eb4  Netman - ok
23:19:00.0582 0x0eb4  [ A059F75402710535A90A8D043674A514, E98536DF74A2B75FDBA6B866DC1909544292DFE5E14F984941470FBA6E8D810C ] netprofm        C:\Windows\System32\netprofmsvc.dll
23:19:00.0614 0x0eb4  netprofm - ok
23:19:00.0629 0x0eb4  [ C5DEEC4F7ED591D1E322899ADC4EE45F, CA3BE40FA1216F77C6D5B9FD518378DB9561163BFDC90C8CB1C2C2EA4112B263 ] NetSetupSvc     C:\Windows\System32\NetSetupSvc.dll
23:19:00.0660 0x0eb4  NetSetupSvc - ok
23:19:00.0739 0x0eb4  [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:19:00.0770 0x0eb4  NetTcpPortSharing - ok
23:19:00.0801 0x0eb4  [ 2BB62723C835F75F0C7C9E6A736881FB, CBA690F5205BE8AE1E8ED8A47BC1594E05391DAC30AAEE0A055366F24602346C ] netvsc          C:\Windows\System32\drivers\netvsc.sys
23:19:00.0832 0x0eb4  netvsc - ok
23:19:00.0848 0x0eb4  [ 91B32D7036700BEED5343E1F6A7122CC, 8123CA398A79F0E69126F962AA29C2464FAB50182E961CB6A6ADB6CEA09A6732 ] NgcCtnrSvc      C:\Windows\System32\NgcCtnrSvc.dll
23:19:00.0895 0x0eb4  NgcCtnrSvc - ok
23:19:00.0942 0x0eb4  [ C64B693DF26EB7BFF25F9BAD8B54D571, 12363E81B329D048E0148739AA542958F7CAF6FF3404BB001AF51850EF84338D ] NgcSvc          C:\Windows\system32\ngcsvc.dll
23:19:00.0973 0x0eb4  NgcSvc - ok
23:19:01.0004 0x0eb4  [ 1B8F07B59F7DAE02264FB8A16088C467, 1795DA9F72C34A9F47D9AAF5E95D40C3296948EB89D9600679AB4660671A5C65 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:19:01.0035 0x0eb4  NlaSvc - ok
23:19:01.0035 0x0eb4  [ 465DC580170CD844206D7E3EF1DBF2A1, 5A14001029BE154C708CCA34449B280905DB79978FC7F0BE0CF20B20E47752CF ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:19:01.0051 0x0eb4  Npfs - ok
23:19:01.0098 0x0eb4  [ 29395C214D2CD4C81F73166AB988A797, 3631EB2EA17E455ECD151C0BC9A3DF6EC87C75B15DC9B607CFB68D7C463E04B7 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
23:19:01.0114 0x0eb4  npsvctrig - ok
23:19:01.0114 0x0eb4  [ AF8B7848E102A83AAECCD24B181CEBE5, B2AAE3567EE3A7975CDFCB3FE41D33C74D4486BFF35FF56E0516A01C744BA52B ] nsi             C:\Windows\system32\nsisvc.dll
23:19:01.0145 0x0eb4  nsi - ok
23:19:01.0145 0x0eb4  [ 2871225495F832A8C8A7DD1A17EDB3DC, 2F6664C7F5FB2341B2AAF3C5A258FA0D7AEEE447562D7F39FD5A4EE905C18C6D ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:19:01.0160 0x0eb4  nsiproxy - ok
23:19:01.0223 0x0eb4  [ 19BD8A88AAC580592668B070AC0727D9, 60DB84895C40E6412BEB2D0E4D7F05891446B9DE992D70579CC90BA3FB27FC01 ] NTFS            C:\Windows\system32\drivers\NTFS.sys
23:19:01.0301 0x0eb4  NTFS - ok
23:19:01.0332 0x0eb4  [ 6DBD703320484C37CEA9E4E2D266A8CE, 85D6F73C0E3FDE16829C9BC0D13DD89E64183EAE02F84607F6B8440CB7F366E6 ] Null            C:\Windows\system32\drivers\Null.sys
23:19:01.0348 0x0eb4  Null - ok
23:19:01.0379 0x0eb4  [ CB3B7444E06A5C3CDDACB579E219B86C, FB3BACF76FB36F44DAE4CD5BCE105129869392CF35D17327FADD5B574BCB5DD5 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
23:19:01.0395 0x0eb4  NVHDA - ok
23:19:01.0676 0x0eb4  [ 74FAFC8C906A99030FD577980DEE869D, 6BCC214C8DA2C9C59F677C61CCFD1BB59E7E036178F0895B11E036E66864FCBD ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:19:01.0989 0x0eb4  nvlddmkm - ok
23:19:02.0020 0x0eb4  [ 604D27CC38CC23493F218D0BB834B3FF, EF5E5759CCF16DD97271C82DAF47FB2086EBCA5DE7D05177B70CA1197B95F41E ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:19:02.0035 0x0eb4  nvraid - ok
23:19:02.0035 0x0eb4  [ 8B50D897657AB4A15FD9E251BBF7D107, 36036130DD46D9BF105AC7176E219F3BE7D1168A660A0F8DFF76F61FBFA4B417 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:19:02.0051 0x0eb4  nvstor - ok
23:19:02.0082 0x0eb4  [ E6BC335BD7ABA7E26355F5266F60E23F, AC9FC987BF5DBB5501746AABA0FE63751931705AAF4EB23284EA5A69B2BF79DD ] nvsvc           C:\Windows\system32\nvvsvc.exe
23:19:02.0114 0x0eb4  nvsvc - ok
23:19:02.0129 0x0eb4  [ 31F990B2B6B91E9D7A667405CE12FCB1, 907E095D1E83CDAFF34BE789FC41CDD7BB4DEE23261E1D03C1CF0D4D030534AC ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:19:02.0145 0x0eb4  nv_agp - ok
23:19:02.0192 0x0eb4  [ 7F3A0D052B8E00E730316210B1DD092F, 14BD026EA759F6C81ED6B4DBB04E0584B7F6456725503FC73CD4347B7743005F ] OneSyncSvc      C:\Windows\System32\APHostService.dll
23:19:02.0223 0x0eb4  OneSyncSvc - ok
23:19:02.0254 0x0eb4  [ 334131C162B118EF49930D41B0E17825, 10EF08870B6E118AED2E0E3F45E06BA8A485439823BE98F44E34E7D2B65AA2EF ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:19:02.0285 0x0eb4  p2pimsvc - ok
23:19:02.0317 0x0eb4  [ 4A5634915AF62C983E08425905D0C04C, 09BC3F7AD9F79C5FF59520933D06FE155AC21CD0ABAFE66B81C9F87D83A2339F ] p2psvc          C:\Windows\system32\p2psvc.dll
23:19:02.0348 0x0eb4  p2psvc - ok
23:19:02.0348 0x0eb4  [ 7D0FC96264C0F8F2C1321E33E8EB646C, 82A06437B9B096BCCF5CE31BDF3539696E2E41DFA9870C358566EEE2F7D3B447 ] Parport         C:\Windows\System32\drivers\parport.sys
23:19:02.0364 0x0eb4  Parport - ok
23:19:02.0379 0x0eb4  [ 24AC0FD10325FBC2303B29A5F237AEB0, D94B26A36EBE4EFE8EA270FA6600811206830480BE953809F74FAB80628DF879 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:19:02.0395 0x0eb4  partmgr - ok
23:19:02.0411 0x0eb4  [ 0ECA2ADD5FBCE73183A68935C71B40B7, 08CC5F2F10D1DD1A1396CC29196314003491D3AF3DE59CADB281F252577F1860 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:19:02.0442 0x0eb4  PcaSvc - ok
23:19:02.0473 0x0eb4  [ 1D4E995955BDAE781C46CB97AE1CFB58, FF7475F19782CA253AA839DDB86E5AC20C5785D5CC1DD57D9FECBE4F5A5C0BFB ] pci             C:\Windows\system32\drivers\pci.sys
23:19:02.0489 0x0eb4  pci - ok
23:19:02.0489 0x0eb4  [ 2B4D98DF0CA57FB9536DBC80D2449D1F, AB34FA8585A20854369C0FAEB18BF5C7734D7E3C791F644B0576E40D609FCD09 ] pciide          C:\Windows\system32\drivers\pciide.sys
23:19:02.0504 0x0eb4  pciide - ok
23:19:02.0504 0x0eb4  [ F4D5793BF2E58AF15C6CF2FEEF9E73EB, 9B5A40AF8838063F8F0A2B1480B39A2711AAE78BD972CDA60CCA0EB2BA211A87 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:19:02.0520 0x0eb4  pcmcia - ok
23:19:02.0520 0x0eb4  [ 22A53744CEEADFFFD33BA010FAD95229, 30B775EC9795105B8BF785BD63115C160955E7EFF74B995D3EC288138D1825A3 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:19:02.0520 0x0eb4  pcw - ok
23:19:02.0535 0x0eb4  [ 48F3A3222CF340FE31535CB6D49C6D6F, 5F8904871219FA6C1BD74747583855B0FBCE42F340A3BE10270D8D3F02766E9D ] pdc             C:\Windows\system32\drivers\pdc.sys
23:19:02.0535 0x0eb4  pdc - ok
23:19:02.0567 0x0eb4  [ E2F8376F9731D12A009C522036C6073A, 5B8B68D3C013AAA8ED368C97042984C35E8D023542DBA404E7A03E89F2357E66 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:19:02.0629 0x0eb4  PEAUTH - ok
23:19:02.0629 0x0eb4  [ 1398A85E59698067CBBE1D66A9C13ADF, E3609F183068BFAED756B2F9237181D60A6F6D78691248B8BF5B0AEB6A367E3D ] percsas2i       C:\Windows\system32\drivers\percsas2i.sys
23:19:02.0645 0x0eb4  percsas2i - ok
23:19:02.0645 0x0eb4  [ 35F7C7AD709D909D618D9EDF987FC3ED, EE713E33688E74C5A2546CC58EBD8EA8F8116F25E42DCF8DA21DCBC7C7590E0E ] percsas3i       C:\Windows\system32\drivers\percsas3i.sys
23:19:02.0661 0x0eb4  percsas3i - ok
23:19:02.0754 0x0eb4  [ 0DAF7B7D85F7AF38E29161460899C63F, F2609F2BD02C714857F5D5E6EF580643429C54E175AA72D38467F8F3A4E7F59F ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:19:02.0801 0x0eb4  PerfHost - ok
23:19:02.0848 0x0eb4  [ 57606281E23B0F53347527691E947B2B, 7030182E706CEBE6BD52BDC71CA8F2230AD445AE6554188E76F09A5E2612BD2E ] PhoneSvc        C:\Windows\System32\PhoneService.dll
23:19:02.0911 0x0eb4  PhoneSvc - ok
23:19:02.0942 0x0eb4  [ 04F7878E7017105AB782353231561749, FB2811D98216720D4FDF0AC0EDF16C6CD33D7224B4CAFA752B4D2A839E6DD88A ] PimIndexMaintenanceSvc C:\Windows\System32\PimIndexMaintenance.dll
23:19:02.0957 0x0eb4  PimIndexMaintenanceSvc - ok
23:19:03.0004 0x0eb4  [ A546F72EFFE5CBBC98003A0CA19DA0F8, 89AE396676A37D851F46427E421E8E8ED5B4BADC33023F1E215CC352A4110F44 ] pla             C:\Windows\system32\pla.dll
23:19:03.0067 0x0eb4  pla - ok
23:19:03.0082 0x0eb4  [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:19:03.0098 0x0eb4  PlugPlay - ok
23:19:03.0098 0x0eb4  [ 6BF7093B27EA90FD9222845D19C1BE5F, CF8A6764BB6B369258F21FD303E4CAE08632195620A0BD66B62F62F5D7B762B8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:19:03.0129 0x0eb4  PNRPAutoReg - ok
23:19:03.0145 0x0eb4  [ 334131C162B118EF49930D41B0E17825, 10EF08870B6E118AED2E0E3F45E06BA8A485439823BE98F44E34E7D2B65AA2EF ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:19:03.0161 0x0eb4  PNRPsvc - ok
23:19:03.0192 0x0eb4  [ 5A91C28F99043215121499257468C4BD, 816D2AEBA29B8A050747E01CE11EB12A05C1CDDF91835C44BBB6A7B9D348B15A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:19:03.0223 0x0eb4  PolicyAgent - ok
23:19:03.0223 0x0eb4  [ AE3B1056FC1795F18D990C4908A6ECBF, 1C41F7714EBF54DF358D9B19D6AFE7281D3EABE20038B568A12031B76E1D50D9 ] Power           C:\Windows\system32\umpo.dll
23:19:03.0254 0x0eb4  Power - ok
23:19:03.0270 0x0eb4  [ 5BA6B9AD03B81546BA64E488C4EF9D17, C43442577685FA1A7C32094B2F14FC92BA6B511FD9FDBA6FD82473A1B165FC61 ] PptpMiniport    C:\Windows\System32\drivers\raspptp.sys
23:19:03.0301 0x0eb4  PptpMiniport - ok
23:19:03.0411 0x0eb4  [ 959F94AD1255BC749884EDDD14EC29C4, 2CD6DA9778EA36FA0B4080F6DB1C634712238E014E47546403CD3CDB35A1DCA8 ] PrintNotify     C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
23:19:03.0598 0x0eb4  PrintNotify - ok
23:19:03.0614 0x0eb4  [ 21AECFF3EB5748CBE12538A2500EFDE5, A1679F21363E99E3698B9C6F7E7E3BB2877D47089BC381AF0C51B1DD8B24325B ] Processor       C:\Windows\System32\drivers\processr.sys
23:19:03.0629 0x0eb4  Processor - ok
23:19:03.0645 0x0eb4  [ 7E0078F1EFEB6F8F47CF85C1D73C7EBC, 831BC3CE72F29AD259DEE7121D6F785CE0A8462CFB69DD7FB1F3BDAF16CDBF3E ] ProfSvc         C:\Windows\system32\profsvc.dll
23:19:03.0661 0x0eb4  ProfSvc - ok
23:19:03.0692 0x0eb4  [ 596FB6C5A72F34B7566930985E543806, 870B43783DB4CF845FA72BC5E40CE76BE6DFC66FE9E9B4B0A52D6B7FE7EA65FC ] Psched          C:\Windows\system32\drivers\pacer.sys
23:19:03.0707 0x0eb4  Psched - ok
23:19:03.0723 0x0eb4  [ C32ECB99AD25E9A04F01C8665DF29EF8, 0489B3DEC6A33E50D8A48A8DAD3F5B923A81F7300E4A71358D90D2879BAC9AA2 ] pwdrvio         C:\Windows\system32\pwdrvio.sys
23:19:03.0723 0x0eb4  pwdrvio - ok
23:19:03.0739 0x0eb4  [ D619356B955EEFA642F5FF72755E8B3C, 1FD54978A77ACD6FBF1236E177ED074894743A9141E4169FE9AFE28680FC93C5 ] pwdspio         C:\Windows\system32\pwdspio.sys
23:19:03.0754 0x0eb4  pwdspio - ok
23:19:03.0786 0x0eb4  [ E84F66BA185934C166F8DF0FA8F88455, 2E0380E98DA29B3F43FB3FE0E1ECA52B3C9AEF54CE982D5514F70FAE81758449 ] QWAVE           C:\Windows\system32\qwave.dll
23:19:03.0832 0x0eb4  QWAVE - ok
23:19:03.0832 0x0eb4  [ CFBA9C976CBF6796E5DC39EF59984021, A1C956AD828FC70ED92D702516E0F88A4BDAF8C93C571D7CA20F1695FD8E70C2 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:19:03.0864 0x0eb4  QWAVEdrv - ok
23:19:03.0864 0x0eb4  [ 7B2AD8C55217B514C14281AB97B4E21D, A1E295897B864B9C0177FF1C502EB060084A1783C0E7E53636291F901C2E2AA8 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:19:03.0879 0x0eb4  RasAcd - ok
23:19:03.0895 0x0eb4  [ E15A9CE1E2E7D1C8DF97A4FC1FFE6289, 44B53418D6BC51ACC567CF6917A0981889B44AE420489C9C03F5A30418B37267 ] RasAgileVpn     C:\Windows\System32\drivers\AgileVpn.sys
23:19:03.0911 0x0eb4  RasAgileVpn - ok
23:19:03.0942 0x0eb4  [ D60BA4C76D194472D6602FF3D2D51ADE, 01272663897685C75FFBC3F1C0CFDB8D0E1A58182049E0B607D634536A8F6400 ] RasAuto         C:\Windows\System32\rasauto.dll
23:19:03.0957 0x0eb4  RasAuto - ok
23:19:03.0973 0x0eb4  [ E3C82823B22463BC38AA4F8ADA852624, FF601B117F4003E2CC65B6143C2A270331EB257EE82B3BC020247D1AB1CD625F ] Rasl2tp         C:\Windows\System32\drivers\rasl2tp.sys
23:19:03.0989 0x0eb4  Rasl2tp - ok
23:19:04.0020 0x0eb4  [ 3655D86C5E2982B131FC0935DE24F98F, 0386B31FECDDED77450609A807097B2307361CB59B236DEC41037BDC95897463 ] RasMan          C:\Windows\System32\rasmans.dll
23:19:04.0067 0x0eb4  RasMan - ok
23:19:04.0082 0x0eb4  [ 3369023EB5790A75BA7DABA14B75D922, 36B63D5B74FDC932AAF1A876514024602D2F3EAF2CA33D1247CBA1E52FDB0418 ] RasPppoe        C:\Windows\System32\drivers\raspppoe.sys
23:19:04.0098 0x0eb4  RasPppoe - ok
23:19:04.0114 0x0eb4  [ 1E32A8CD65C4AD0A827CFEB13034DA29, 5D9A92E13020D994CCD39F701BACAFE2177A40A9CC89649441B91E3F3DECD911 ] RasSstp         C:\Windows\System32\drivers\rassstp.sys
23:19:04.0114 0x0eb4  RasSstp - ok
23:19:04.0145 0x0eb4  [ 2B648363E4C5E34B469C58596F377DD9, 30F82770468BBA562CEA0E9E39B24ACEFBE022343D0180C82E2ACE8957B73E44 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:19:04.0161 0x0eb4  rdbss - ok
23:19:04.0161 0x0eb4  [ D0221C13960E274CC539D72D5A842ED0, A5A961506B9D7429D97D0635FD69E74736C0E8405487E1D22BB5CD978A60044C ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
23:19:04.0176 0x0eb4  rdpbus - ok
23:19:04.0192 0x0eb4  [ 1DC2CC74B51E4DC4CD5A20C1021E4010, 46B7D17EE27439F2191504D1C6F6C70B2540BD4F2261DBB1F4BE783BEA99B04C ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
23:19:04.0208 0x0eb4  RDPDR - ok
23:19:04.0208 0x0eb4  [ 177DF954D0DEC0465A380C75F6E7F65F, 6B30C78223029BD5DBA586BF961968F85762209BA55CD031460A215B20F93AB2 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:19:04.0223 0x0eb4  RdpVideoMiniport - ok
23:19:04.0239 0x0eb4  [ 5D1680871054D2B0B8A971BC8AB3B837, 9CAB0B2E3857829D34A82A78B120D07E292D4D5060168D964295EB23339B7DE7 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:19:04.0254 0x0eb4  rdyboost - ok
23:19:04.0286 0x0eb4  [ 341E6830DA70F65730300DAB4CB0B490, 341EC8DB5E39963EF89E726F08730AFB2356C3BAD71CCE9EECCAB4D9B31C4863 ] ReFSv1          C:\Windows\system32\drivers\ReFSv1.sys
23:19:04.0317 0x0eb4  ReFSv1 - ok
23:19:04.0348 0x0eb4  [ 8355BCA85B0928382DFCDD02FCD1681A, F306F038DA09C8D2095C311818E2F991B55BCD96B40B95D2A53A60EA6AC37014 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:19:04.0379 0x0eb4  RemoteAccess - ok
23:19:04.0411 0x0eb4  [ 2C82F4DCABAB389CEBB1C9E86C715C9C, 70354621D3D467616A419A818C54D2C89EA013C5050BA9944E3A7A4F25CAD6BA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:19:04.0442 0x0eb4  RemoteRegistry - ok
23:19:04.0473 0x0eb4  [ 518A992A6700A86A47F79388F91737C0, 29B5D48F1E360714F9BCB26939AD49ED07F6D9C82E0DB5C9C6AF5B0BBFF04341 ] RetailDemo      C:\Windows\system32\RDXService.dll
23:19:04.0567 0x0eb4  RetailDemo - ok
23:19:04.0583 0x0eb4  [ 176D8470B15CD9080861594F9A33FA01, CFB66D7FEB9465985C2866D64EA03B7E7BE830DCF6C02B3FE2244D7F7E5343E2 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:19:04.0614 0x0eb4  RpcEptMapper - ok
23:19:04.0630 0x0eb4  [ 1A563653DAEDFE4CA81936E0D2FD8B56, 308B0DFEBA63333D407093C449A08ABFECE118C9274100809356BDAF7FA32EB6 ] RpcLocator      C:\Windows\system32\locator.exe
23:19:04.0645 0x0eb4  RpcLocator - ok
23:19:04.0676 0x0eb4  [ B339861C6A2A86FBCA67C2006B461473, 228ADC8A8603C0A4342C6CBC6F2CC919271D42391365061AF660E0D7151C66A4 ] RpcSs           C:\Windows\system32\rpcss.dll
23:19:04.0708 0x0eb4  RpcSs - ok
23:19:04.0708 0x0eb4  [ 0AC5FCDC29ED97ECDEF1276425EE2059, 8A12D1732D4AA18A9ED8416F4D4A49B81CE7C4C86ABCEE8FF28A16EA61993CFE ] rspndr          C:\Windows\system32\drivers\rspndr.sys
23:19:04.0739 0x0eb4  rspndr - ok
23:19:04.0770 0x0eb4  [ FBEFF38DE03450E03E6CD9E8E37A8C74, C1C0876785DB4366D67792A3AFA219FC933FC1894AF93D07B0016BBCC81A5886 ] rt640x64        C:\Windows\System32\drivers\rt640x64.sys
23:19:04.0801 0x0eb4  rt640x64 - ok
23:19:04.0801 0x0eb4  [ 044890BB0D6CF1E23C1087234D320509, FA6C79D24BE4ACCFAC617D2850B922BFAA7C2766AE625C725F3ACF43C934EFAF ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
23:19:04.0833 0x0eb4  s3cap - ok
23:19:04.0848 0x0eb4  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] SamSs           C:\Windows\system32\lsass.exe
23:19:04.0848 0x0eb4  SamSs - ok
23:19:04.0880 0x0eb4  [ 530F797129776AA7E81994783A97E2AD, F131EF036702C6E741E5A6851AE07E81043CE8BAEED0768838C0F31CE14FEC1A ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:19:04.0895 0x0eb4  sbp2port - ok
23:19:04.0926 0x0eb4  [ 0C12493B333B96797AFC5F3C7831C051, BEE786D7ED14221B1A9450060597393AC44116D776B913E045B5F6066D720F74 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:19:04.0942 0x0eb4  SCardSvr - ok
23:19:04.0942 0x0eb4  [ 40110802D217FE1CB581D9A70B1FD16F, CCB920593CCC6663676039F3F731536DFEF535C3F715F6DB6F34D0D733BEF89B ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
23:19:04.0958 0x0eb4  ScDeviceEnum - ok
23:19:04.0973 0x0eb4  [ 9B6B1D4DB35A3D9BEAF023BC95E1F49D, CA44124CA3E9958FB77A891CD234A993B63E8AC6632AE801CDEC6666267E7C7E ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:19:04.0989 0x0eb4  scfilter - ok
23:19:05.0020 0x0eb4  [ EA195B8BC11C1CDB313CFD456EFFA0E9, EEDF349C59ED0645B04040707906BB4496527243858C2A6BE46BE7029B4A7F37 ] Schedule        C:\Windows\system32\schedsvc.dll
23:19:05.0067 0x0eb4  Schedule - ok
23:19:05.0098 0x0eb4  [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:19:05.0114 0x0eb4  SCPolicySvc - ok
23:19:05.0145 0x0eb4  [ B24408471C1BCB17FC44F5B47EA8DEA3, 1CFE07C793F2A3D883E9071B8703C01A7619C8C0A02AAEBAA1130F36654AFD4F ] sdbus           C:\Windows\System32\drivers\sdbus.sys
23:19:05.0161 0x0eb4  sdbus - ok
23:19:05.0177 0x0eb4  [ 811EC0B1221402FCED0BA37E112BF627, 366EB8AF04C603BED6CF53652CC937099B247D5DD8C58D699D0D8DA22F8FDD51 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:19:05.0192 0x0eb4  SDRSVC - ok
23:19:05.0223 0x0eb4  [ DE6D7DC78D956928F59F7415A0F41E13, C0F8EEED29BF63A0D8FB5A0286C1C768BFEF598EC52715D910B5BB1A76231805 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
23:19:05.0223 0x0eb4  sdstor - ok
23:19:05.0255 0x0eb4  [ EBD07BD20B5E0E92A398566EF8720F79, 8A88C861D4113B9938C32CBD28FD3D7F1C3133E700E23E17F5DFD7B26CCDA04A ] seclogon        C:\Windows\system32\seclogon.dll
23:19:05.0286 0x0eb4  seclogon - ok
23:19:05.0302 0x0eb4  [ B7B9EEBCB7466338403A75D15AC120D7, B8F79DA71F8CD0F30983F7D92B625A431C212DD543DE2B3DC03EC5A68C41B00D ] SENS            C:\Windows\System32\sens.dll
23:19:05.0317 0x0eb4  SENS - ok
23:19:05.0364 0x0eb4  [ D14DD7D766664F880FECF44CE6017966, ECF966E3ACF4EBD5A3259468A076619A539E35F1B97AB6A98FBD7882F1FBBBAB ] SensorDataService C:\Windows\System32\SensorDataService.exe
23:19:05.0458 0x0eb4  SensorDataService - ok
23:19:05.0489 0x0eb4  [ 45D26646E3AD737E5DE3DB91CCCE7DBA, B05AB32700998C8347BC5797B18EB97F303FCB2302BED852348F2703DEDE72F9 ] SensorService   C:\Windows\system32\SensorService.dll
23:19:05.0536 0x0eb4  SensorService - ok
23:19:05.0552 0x0eb4  [ 7363A65C738F5A5292D7BDBE55D8C3C2, C53C10A0AE58613DFCC91E62E004D9B188E4793C2A19B4BE871A705EEE77048E ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:19:05.0583 0x0eb4  SensrSvc - ok
23:19:05.0583 0x0eb4  [ 67585C295FF2D221679E376B68893B35, 4B5E9A8DA8C6F7B1F7129F80A0603503D467E5650306FB4C309977D74037E46B ] SerCx           C:\Windows\system32\drivers\SerCx.sys
23:19:05.0583 0x0eb4  SerCx - ok
23:19:05.0614 0x0eb4  [ B8C4852CBCAAC1374C08EC7445443824, DDE577A81B3E11B5B56096317BC47AA6E286573042407B96A9D29BE981F3FA4D ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
23:19:05.0630 0x0eb4  SerCx2 - ok
23:19:05.0630 0x0eb4  [ D3A103944A8FCD78FD48B2B19092790C, 252DB8395DA8639E748658D3BE7863C1700E27AA5C41BB700CFCE193FE3F04E9 ] Serenum         C:\Windows\System32\drivers\serenum.sys
23:19:05.0645 0x0eb4  Serenum - ok
23:19:05.0661 0x0eb4  [ 249A563C48DFD9E42A37587653E003BB, D022FAE2B7AC9D99B9F230A4DF0B045891588162587E1F468B5E05C8DA98AA9A ] Serial          C:\Windows\System32\drivers\serial.sys
23:19:05.0692 0x0eb4  Serial - ok
23:19:05.0708 0x0eb4  [ 0F5B43074AE731D2C6F061241C9D84A6, 05CFEB30A4FC11441552D37687608C8C2FD6DC2F2266AE9D6526753E26283DE6 ] sermouse        C:\Windows\System32\drivers\sermouse.sys
23:19:05.0739 0x0eb4  sermouse - ok
23:19:05.0770 0x0eb4  [ CD90E445F6458512A5BA884D561EFCF1, E792FAB8AFF4126C1977024060842D788A06475139782896AFD7B39C85FCDF3F ] SessionEnv      C:\Windows\system32\sessenv.dll
23:19:05.0817 0x0eb4  SessionEnv - ok
23:19:05.0817 0x0eb4  [ D9FE59276BD56A9643C32D5FACE2F251, 591862D868A545F468496DE97DEE42C9DB3AFBFC0881CBA79EB6641A254AF033 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
23:19:05.0833 0x0eb4  sfloppy - ok
23:19:05.0864 0x0eb4  [ F8083C536BEDE61AFB4069D8A8C16DA7, 13AADAD7B5582911B8ABBE0CF7132CC517F7413A361CCF8ED502F803D061FFA3 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:19:05.0911 0x0eb4  SharedAccess - ok
23:19:05.0942 0x0eb4  [ AE6E4D3172FBF45B944668CB3998B8A8, E7D7F98CB464C236A17069987F7B678D7688D9D577334151EF09DF5C6F22AFFC ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:19:05.0973 0x0eb4  ShellHWDetection - ok
23:19:05.0973 0x0eb4  [ ABBE803FE0BDAE0E5BE74DDEFBE62F23, 5009F489F7A6D66628C23A0FA3D7632399D0AD72BD11A1B70D7E768ED507377D ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
23:19:05.0989 0x0eb4  SiSRaid2 - ok
23:19:05.0989 0x0eb4  [ 6043DF55CFE3C7ACF477645FA64DEA98, 0E18EF8EC589841BC319C17FBABA7383FD247C9441ABF64A0D830976F3E611AE ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:19:06.0005 0x0eb4  SiSRaid4 - ok
23:19:06.0052 0x0eb4  [ B922D32039A3B5991E64429EC4EE52A9, 5EB7EB1F6D2C25F06044D8CA9F3BA0471FB40C8C96432BDC2C80CC36DC49BA0B ] smphost         C:\Windows\System32\smphost.dll
23:19:06.0083 0x0eb4  smphost - ok
23:19:06.0114 0x0eb4  [ F07301C282AA222C33F8C28B4F545275, 2938943A3A62B33C8296DF3B57897D32293F5395A5E2A01C76B0160A98C12520 ] SmsRouter       C:\Windows\system32\SmsRouterSvc.dll
23:19:06.0145 0x0eb4  SmsRouter - ok
23:19:06.0161 0x0eb4  [ 0B6BECB2651EF947249CDC3715E8B9CC, EB7281AF3529DE16FE8CD0C0C0C8877641865A5864D58628DBAB865B510B0D0B ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:19:06.0161 0x0eb4  SNMPTRAP - ok
23:19:06.0177 0x0eb4  [ 1A6CB30F0EFC1632E6F1B852CA892583, 0E6BDCEE837AEC3D02C437478143C75550C94A50E36895DDB095F54A2FA18E2A ] spaceport       C:\Windows\system32\drivers\spaceport.sys
23:19:06.0208 0x0eb4  spaceport - ok
23:19:06.0208 0x0eb4  [ E1C158F6C00359278727A2CEE5D2ED71, 1591F942C6DD99D3BA7FD4D72D957864117B2263F205468A15F1D1417C6F799D ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
23:19:06.0223 0x0eb4  SpbCx - ok
23:19:06.0255 0x0eb4  [ D1241DFC397FA8CCFB4BB4B63AAD31AC, F8C57C2F7CA8B6D8FEE1505A143A3FECF502C8DCFFC375F9C8848A87D9714C9E ] Spooler         C:\Windows\System32\spoolsv.exe
23:19:06.0286 0x0eb4  Spooler - ok
23:19:06.0427 0x0eb4  [ 7C58AFEC26E9F7730A8AA7FD40225937, 546EAD8889F2A1BB6DCCB7781976B975F34DA1C9047F95FEAA52CF38EC60C6DD ] sppsvc          C:\Windows\system32\sppsvc.exe
23:19:06.0567 0x0eb4  sppsvc - ok
23:19:06.0583 0x0eb4  [ ACC1709EC7FE6EB8999DBC91C50C2B34, 83ABF51751A264291C53A32B86239A607361E56CB045CD2CBE6E41DBB8A01F54 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:19:06.0598 0x0eb4  srv - ok
23:19:06.0630 0x0eb4  [ AFBCFC946FAE7483E27BD316D03F94A5, CC9478EA717E85C38304957E923997821DFE2A995D7C8DF98C15267D952BEFBE ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:19:06.0661 0x0eb4  srv2 - ok
23:19:06.0677 0x0eb4  [ 107C1EBE79710E4A759449BD6604245A, 963D693F4E61EDC7B3AA9006CC274D56E577CE0035A61DDB2A6DE72116D5C52B ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:19:06.0692 0x0eb4  srvnet - ok
23:19:06.0708 0x0eb4  [ 8C1786C073A496B8C0C8A5450A4FFD5B, 13BF3B42A63CE6C461259D4CE767FB0DE1F10433512A11D2B2C033E36E652542 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:19:06.0739 0x0eb4  SSDPSRV - ok
23:19:06.0755 0x0eb4  [ 217A982201052EFC8C3C0C88D229791C, 11509E3446ED7B75C9A05CDC4A7AF18926CB463E0D98BAE1CD5DB43E88F94F90 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:19:06.0770 0x0eb4  SstpSvc - ok
23:19:06.0849 0x0eb4  [ 58863C57E4598C4F9DA967C5C36CFA5D, BB34FBC324E84E05128258CE3755241ECB63F7F2AE7F96716AC373931FAF92A8 ] StateRepository C:\Windows\system32\windows.staterepository.dll
23:19:06.0958 0x0eb4  StateRepository - ok
23:19:07.0036 0x0eb4  [ D27C8C88CEB69075465B41DA6ECF3374, B1A70A30787080474E901E4743996EEE4FCD09BEDBBA89CE57ACAE05A67907AB ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
23:19:07.0052 0x0eb4  Steam Client Service - ok
23:19:07.0114 0x0eb4  [ 9B04BE92396728C5495E24720BBE3E27, B6CB2B4C0410AD5B1A4881D532B711501518CC71C9BA3351FFD80225E233CD93 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:19:07.0145 0x0eb4  Stereo Service - ok
23:19:07.0145 0x0eb4  [ CCDA497C880AD16D87EDFAEFCFB2EDF5, 622599AA35ACFF0375DA252210BE42E7E90F30EDFEFF2F62FDB14AE6E45B5F88 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
23:19:07.0161 0x0eb4  stexstor - ok
23:19:07.0224 0x0eb4  [ 75476CAA8FA0A4E573948CDE8C7F0304, 68C4405CACA77AEED71761875A9AF60BCFBDD39E356BEA1BA8226E099BAA5FA4 ] stisvc          C:\Windows\System32\wiaservc.dll
23:19:07.0255 0x0eb4  stisvc - ok
23:19:07.0286 0x0eb4  [ BF8EA6FC3358C2F69678E3E94F764F84, D274DAD7B5756DD49CA44277C73497F1EC465C8E365CC730CD194932C3825920 ] storahci        C:\Windows\system32\drivers\storahci.sys
23:19:07.0302 0x0eb4  storahci - ok
23:19:07.0302 0x0eb4  [ 32FF460DA8C1F370F5C08B7654899B73, 0C9D5D38D033109BA672ABAFEF0F0CD295E9FFA108ACFCA9044429D9B2CA9057 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
23:19:07.0317 0x0eb4  storflt - ok
23:19:07.0317 0x0eb4  [ CC21DB3EF619B9480FE31A4EFE92CBEB, 256EFCA2F231F41D34250E1460BF88894D943EAE83A0B153FCADE700AB4DE11E ] stornvme        C:\Windows\system32\drivers\stornvme.sys
23:19:07.0317 0x0eb4  stornvme - ok
23:19:07.0333 0x0eb4  [ 390B8A75768E2689586539C224520895, D72F52E6D7AC5DC318FF9C1DF1F4E8A435D65B6BB59D7F1642222EC026BC54DB ] storqosflt      C:\Windows\system32\drivers\storqosflt.sys
23:19:07.0364 0x0eb4  storqosflt - ok
23:19:07.0380 0x0eb4  [ E5C3042B68D4EA89B3C52E150E553DA0, 83428E8EFC584778745F6B30F6F8FD96A645AD33F39AA955E97F9A0D458847B1 ] StorSvc         C:\Windows\system32\storsvc.dll
23:19:07.0427 0x0eb4  StorSvc - ok
23:19:07.0427 0x0eb4  [ 770A92D9D3A0BF61C97C3AFCB36847D9, 21A8CC3F8E63B971C4FF8DDED5C7032E093A7B0F16E2128A9BD2E890BA76A1D9 ] storufs         C:\Windows\system32\drivers\storufs.sys
23:19:07.0442 0x0eb4  storufs - ok
23:19:07.0442 0x0eb4  [ 736A2418E3E7F3DB3CF6EB0A55D1D581, 2D3BBC4E0C7B51EDE7479A978E4BCD5F47A7257745179F01D2D9ECFD83CCCC82 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
23:19:07.0442 0x0eb4  storvsc - ok
23:19:07.0458 0x0eb4  [ FA8F6E3AD3F92B35D2673CC9FD20429C, 62F81CBACF7E16FEF9DE3BE95FA5C9BDB51BAE4667AE5AE71399864A390FF6D5 ] svsvc           C:\Windows\system32\svsvc.dll
23:19:07.0474 0x0eb4  svsvc - ok
23:19:07.0474 0x0eb4  [ BD98B0225BCD49E8A62F4F8EE1D1F613, CDAD11969B2DA417079547724BECC3DB4FC4711B3C01590EB0D02774B69B6D90 ] swenum          C:\Windows\System32\drivers\swenum.sys
23:19:07.0489 0x0eb4  swenum - ok
23:19:07.0505 0x0eb4  [ 22E539A9B96C66A713583EC017562616, 210DA61DFC7AA9AD23277D9CC0239B781F4EABD322D0803AEC9434D68B81FABD ] swprv           C:\Windows\System32\swprv.dll
23:19:07.0536 0x0eb4  swprv - ok
23:19:07.0552 0x0eb4  [ CAE4B27B469C583131EA5AAE622F5D76, 3979006EB22489D1AAD2EC2E9F32C286EEDCDB83B37B97E58BA831263EC33B84 ] Synth3dVsc      C:\Windows\System32\drivers\Synth3dVsc.sys
23:19:07.0567 0x0eb4  Synth3dVsc - ok
23:19:07.0599 0x0eb4  [ 34A3EB84B2A830E6F450B8F885AE4E6E, E61AC6D17B815CB71F26D71CA3CCAFD9E66A170E3ED2E64A4F20D097A0C683B5 ] SysMain         C:\Windows\system32\sysmain.dll
23:19:07.0661 0x0eb4  SysMain - ok
23:19:07.0692 0x0eb4  [ AF2C8D7C1D4DCFD5C31501F009DF42B7, 3DDF9353F014EE99B031BBC969620CA07647FBB8D78EB4697C8D633021B46B11 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
23:19:07.0708 0x0eb4  SystemEventsBroker - ok
23:19:07.0724 0x0eb4  [ 6979A147C0D5C5CAB621ADC394D32B80, C30B8E3D271A1591D965559EA4A11A1BE63A34D832ED53B26CE91799C888DF77 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:19:07.0739 0x0eb4  TabletInputService - ok
23:19:07.0770 0x0eb4  [ 86B62FC8CB89946446F9B24FE49A66FD, 7B095310D1C78B82E5ACAC4713E101DD1323A3CF6FB39218C2E78ABE2B0385B5 ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:19:07.0786 0x0eb4  TapiSrv - ok
23:19:07.0864 0x0eb4  [ 083A727D784009F9CCFB120C7841B7AF, 14242ECC3EB17154AD856A2C5229324BA6914291F4E2CD93E6AE251A31130448 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:19:07.0942 0x0eb4  Tcpip - ok
23:19:08.0005 0x0eb4  [ 083A727D784009F9CCFB120C7841B7AF, 14242ECC3EB17154AD856A2C5229324BA6914291F4E2CD93E6AE251A31130448 ] Tcpip6          C:\Windows\system32\drivers\tcpip.sys
23:19:08.0067 0x0eb4  Tcpip6 - ok
23:19:08.0083 0x0eb4  [ 17F37EC9042D84561C550620643D9A85, B01620BA319A1383D403E6E50C7724879520F3267654556D975CAFFF91A82C78 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:19:08.0083 0x0eb4  tcpipreg - ok
23:19:08.0099 0x0eb4  [ 91D3F2A6253EF83EFBD7903028F58C4D, C15768CCCF734093B0F8A5E76882B35927B716E4F14D91ACEE897E1C078D43D1 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:19:08.0114 0x0eb4  tdx - ok
23:19:08.0130 0x0eb4  [ E730D0EB1B84EBC98423FC8D285EDBC0, 442DD433F9D22304E64EC7ACFC4E04892D4D92D8AC545A3530FC932A2EEC4767 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
23:19:08.0130 0x0eb4  terminpt - ok
23:19:08.0177 0x0eb4  [ 14307D4801C8CEF0A615907C09E886B3, C7F34C294D70DE689F673E0B5E9253B27EFEBBE6FA38B68B3B0B0374A896407E ] TermService     C:\Windows\System32\termsrv.dll
23:19:08.0239 0x0eb4  TermService - ok
23:19:08.0255 0x0eb4  [ D009D1BC14FD5F2AC93D1878735F6C39, D8BCE505B66E05BC00075E46B38359CA4D0FA484EB7981A74221885E8A1FFB87 ] Themes          C:\Windows\system32\themeservice.dll
23:19:08.0270 0x0eb4  Themes - ok
23:19:08.0286 0x0eb4  [ 5F27DE2082E16D4C1D6C627C8ECBD341, 08DA3EB3EF2B2006B6F9F2C8C149DF55DE6738975D556206A814096CAB5C1411 ] TieringEngineService C:\Windows\system32\TieringEngineService.exe
23:19:08.0317 0x0eb4  TieringEngineService - ok
23:19:08.0349 0x0eb4  [ 62300878366762EABAC7834543964A6E, 84E3DE6C93B31CBA71BA90669EB52C3122774E0EF803390EE8A483164D2CFE18 ] tiledatamodelsvc C:\Windows\system32\tileobjserver.dll
23:19:08.0380 0x0eb4  tiledatamodelsvc - ok
23:19:08.0396 0x0eb4  [ 7E81E3E0D7F83BFE3C3975020B6C7F12, 316F9415646CC7A4E9A5F1E07310D433457E623B3E589543E4A6C73C4F77712C ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
23:19:08.0411 0x0eb4  TimeBroker - ok
23:19:08.0427 0x0eb4  [ 169B0A246067457FEF8A18EED7EED9D5, BF5AC0CB29E1E456253B881CD0608B578D7343E9DFE1738A14598D1DFFE1AB66 ] TPM             C:\Windows\System32\drivers\tpm.sys
23:19:08.0442 0x0eb4  TPM - ok
23:19:08.0458 0x0eb4  [ AA84AF93CE5AF1F05838B51D20295419, 85B3EE773C691EEDFA080CD9C59D31CB58A5BC577AEE91A929F5DFBE1368AB6D ] TrkWks          C:\Windows\System32\trkwks.dll
23:19:08.0474 0x0eb4  TrkWks - ok
23:19:08.0505 0x0eb4  [ E50DD57F496CED8873FA3E7D38BCCD42, 36B95F6F2CF48078C6B19FB452C87BB07E95C8804A5C6B526D349AC6227CAB26 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:19:08.0567 0x0eb4  TrustedInstaller - ok
23:19:08.0567 0x0eb4  [ 48E828C66AB016E48F2CB4DD585315FD, 063809B610F6B177B65D62D12605FB94F108DB26A9FD3067E6D6C51F0D92E774 ] tsusbflt        C:\Windows\system32\drivers\TsUsbFlt.sys
23:19:08.0614 0x0eb4  tsusbflt - ok
23:19:08.0630 0x0eb4  [ 267C76EE60736EA5A1811A53FA02AABE, 28D4C4CB972534204B8336D0403B70E4EFE4F8369ABDE7401FFCCF7D4E3EA165 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
23:19:08.0630 0x0eb4  TsUsbGD - ok
23:19:08.0661 0x0eb4  [ 8CE72F094B822AD5EE9C3A3AFC0C16B6, 827CCD849544E1DA364B03DBC82A848D2F93AD32BA14ED52709C609BC70CE5CA ] tunnel          C:\Windows\System32\drivers\tunnel.sys
23:19:08.0692 0x0eb4  tunnel - ok
23:19:08.0739 0x0eb4  [ 56C238ACFE4CB020D3E38508249039EA, 172868080F07D98175229A02410FE751B5958ED5A3D567D4AE5736F4025DF432 ] tzautoupdate    C:\Windows\system32\tzautoupdate.dll
23:19:08.0771 0x0eb4  tzautoupdate - ok
23:19:08.0786 0x0eb4  [ 42C546414F80BD6C0137FC3A106F8A69, 067FFCAF0059935851888BD984E848E4E1A6CC1941A8F4534067CCF0B2A3B2E6 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:19:08.0802 0x0eb4  uagp35 - ok
23:19:08.0802 0x0eb4  [ 1686DBC81748B096232B15F16C302985, 63D72D1838C42A95599AF3C0B19A069E310ADB091208011D7D6FBAC968D1A59A ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
23:19:08.0817 0x0eb4  UASPStor - ok
23:19:08.0817 0x0eb4  [ 3995CC3DEDED258768B8EBC2F4C0DC73, 130E99EF13EB494B8BB6A8E037DD8D59C195190EA3C27CA9E3A695AF4349DC7C ] UcmCx0101       C:\Windows\system32\Drivers\UcmCx.sys
23:19:08.0849 0x0eb4  UcmCx0101 - ok
23:19:08.0849 0x0eb4  [ 1C95F7CE37D9EFB90EBE987A9712356C, B9EE7743ADA50276F05D735C5C29E44039D630A7DC93766A0EAF400DA037E4AF ] UcmUcsi         C:\Windows\System32\drivers\UcmUcsi.sys
23:19:08.0864 0x0eb4  UcmUcsi - ok
23:19:08.0864 0x0eb4  [ AED081772091C98173905E2DF28C223B, 08541CF3354EBB634BD590E0019128F70A6FCA9075B7E785A9E9BD82EC234DD3 ] Ucx01000        C:\Windows\system32\drivers\ucx01000.sys
23:19:08.0880 0x0eb4  Ucx01000 - ok
23:19:08.0880 0x0eb4  [ DCA34A111C29E4578DF2B8CEA3C7CDBD, 86BCE4C8EC228724D5896067A85A4768B6069D10A482ECC51A8F828DBD3880C9 ] UdeCx           C:\Windows\system32\drivers\udecx.sys
23:19:08.0911 0x0eb4  UdeCx - ok
23:19:08.0911 0x0eb4  [ 718A956AE00CE086F381044AB66CC29C, E4EED1600C72CECE1D4507827C329A93D356BBA027470FCF6C4B5C1651DED643 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:19:08.0942 0x0eb4  udfs - ok
23:19:08.0942 0x0eb4  [ BA760F8E66428BA9FF1E8BFBC6248136, BE7DCBB293B12672CB3653E640C46F669BD738D320F34F4FA4A26F6B248561F0 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
23:19:08.0958 0x0eb4  UEFI - ok
23:19:08.0989 0x0eb4  [ 28B8E1C6CBCF9FFE2FABFF3160C26ADF, 1C90E6C4E17C9B5555151943970BB6CC196E7EFC6665D9B9DCBB1EC51C70C715 ] Ufx01000        C:\Windows\system32\drivers\ufx01000.sys
23:19:09.0005 0x0eb4  Ufx01000 - ok
23:19:09.0005 0x0eb4  [ 2B1DABA97DDF5365FC66EE7DEDD86A13, 2FF3355862938B37EE63FCA149415CE5032BF54747B07517BB21460733B65AD8 ] UfxChipidea     C:\Windows\System32\drivers\UfxChipidea.sys
23:19:09.0005 0x0eb4  UfxChipidea - ok
23:19:09.0021 0x0eb4  [ DB630FC660443D63EBAB2C830C298EFE, 7698772FF9C988DF752DF3FAF1B154E923EBA425B92F288ABB6EF0805ABD3296 ] ufxsynopsys     C:\Windows\System32\drivers\ufxsynopsys.sys
23:19:09.0021 0x0eb4  ufxsynopsys - ok
23:19:09.0036 0x0eb4  [ 63451BD694651307254B8DD37A3D79C7, C781E2D876AF42D5972CCDCF86B7A59F6AF8AF0C6350647F3FA1B209119B5EF9 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:19:09.0052 0x0eb4  UI0Detect - ok
23:19:09.0052 0x0eb4  [ 6DE78C04BF32ECA7AF3064F53687C9A5, 164D3BB24EBA3EAF613799928063FE75220A4E583D985F53A895017782C18600 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:19:09.0067 0x0eb4  uliagpkx - ok
23:19:09.0067 0x0eb4  [ 67D1E0E6E4D5D33AF0AEF0E33B4DA0F4, BA2E6F16B6B3B54C943F1E7B9F79A6D1332A7ED228D754CC5AE70E3CD78B1F37 ] umbus           C:\Windows\System32\drivers\umbus.sys
23:19:09.0099 0x0eb4  umbus - ok
23:19:09.0099 0x0eb4  [ 11680607944A719EF20E0E740785712A, 1567C2B3AAD702DCC2DC9C6B7B92EE5B681C06701A39DAC3AA7E2BE9E1E04F47 ] UmPass          C:\Windows\System32\drivers\umpass.sys
23:19:09.0114 0x0eb4  UmPass - ok
23:19:09.0130 0x0eb4  [ FD949725D9EB52C0B87435CDE1134668, 96E2B3D3379E9AE225E5A4C5251207F1E7DA573901F4F026758EDE9FAEF4F2C5 ] UmRdpService    C:\Windows\System32\umrdp.dll
23:19:09.0146 0x0eb4  UmRdpService - ok
23:19:09.0193 0x0eb4  [ CB902A15DD21B363FECA5DCCF34F5C57, 6A0836A12A410EBD5C667982852B58CA9E9EDB11EA666C413CC0F811E01A549D ] UnistoreSvc     C:\Windows\System32\unistore.dll
23:19:09.0271 0x0eb4  UnistoreSvc - ok
23:19:09.0302 0x0eb4  [ B85A8CF2BE74DFF1E80097AC94584112, B1DBACC33A4143FEE2CF54E567590A69580312AD7A053BCC85B487C4D451FBDA ] upnphost        C:\Windows\System32\upnphost.dll
23:19:09.0333 0x0eb4  upnphost - ok
23:19:09.0333 0x0eb4  [ 2410A0C20D21A25E6C01979FA886BE90, DD3F92D8CF110D47B9E36BA0EB10EB34C0FDD28FE0D57E4B60F9326703388F75 ] UrsChipidea     C:\Windows\System32\drivers\urschipidea.sys
23:19:09.0349 0x0eb4  UrsChipidea - ok
23:19:09.0364 0x0eb4  [ 6E59CE43B6BA5AA1ADCF36A4DBBB92BB, 647D66775A90F67D803043DE8C8AE8BC2F7A042A8DCF9C95BF5458C79609481B ] UrsCx01000      C:\Windows\system32\drivers\urscx01000.sys
23:19:09.0364 0x0eb4  UrsCx01000 - ok
23:19:09.0364 0x0eb4  [ E8A59FA109A22FC07E44BDFCC9727DBD, 0DC5928C0FF7E5B38917660D6EFECCC22172DB0BB9B23216F33E750790529C16 ] UrsSynopsys     C:\Windows\System32\drivers\urssynopsys.sys
23:19:09.0380 0x0eb4  UrsSynopsys - ok
23:19:09.0380 0x0eb4  [ D8A44550ECE102B6443F5D54DCE7DAB3, 97F5AE7B17DAC4A4F3186C77116BC8E49874FB0018C99D8E2CDA29D89E8B0912 ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
23:19:09.0396 0x0eb4  usbccgp - ok
23:19:09.0411 0x0eb4  [ 66B3D22DAB5312FF238ABF5C6D9F8FAB, 4A644AFC1C27D692D352BEB8801398A00EA5B4055476063AF905A0A46DDBF8BB ] usbcir          C:\Windows\System32\drivers\usbcir.sys
23:19:09.0427 0x0eb4  usbcir - ok
23:19:09.0427 0x0eb4  [ 3E4F20DB902D2E2914F3FF3DB9772200, F3D32BE06A26164B5F6E8DB67160D1DBBDC6D14666EEF84EA43C78CB7706E31C ] usbehci         C:\Windows\System32\drivers\usbehci.sys
23:19:09.0443 0x0eb4  usbehci - ok
23:19:09.0458 0x0eb4  [ 41F7F00D76904416EF1F9EFA1A4C37A2, 7A4250EB2E2E0037B3AE1480C13B229ECFF5C575E68E4F934EE011DB1833B46A ] usbhub          C:\Windows\System32\drivers\usbhub.sys
23:19:09.0474 0x0eb4  usbhub - ok
23:19:09.0489 0x0eb4  [ B7E1CAA9429E4C3E7E01CB35B97E1536, 11A6431C27821F247202AC9F18441FEA26544630461522C129F1671257C527BA ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
23:19:09.0521 0x0eb4  USBHUB3 - ok
23:19:09.0536 0x0eb4  [ DAB35CCA86F5FBE77D870A40089BC4A1, 4A47D59D882D0F2B93F2EE7F10995E7D68B58009434E2CBD04C659E0D1F059D8 ] usbohci         C:\Windows\System32\drivers\usbohci.sys
23:19:09.0552 0x0eb4  usbohci - ok
23:19:09.0552 0x0eb4  [ 21162F65C7756AAECAEBED9E67D0A5FE, DE3B43964171DB5B0464DA5E7A674A5D200A8695E6EF1AE2030681066ABA2688 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
23:19:09.0568 0x0eb4  usbprint - ok
23:19:09.0599 0x0eb4  [ F259A45D6B555B14CC8365AA6BC8DC20, 28A588656449307F6E9C999BE5D73E34A2542A5771F4B504D9D36B9F93F32303 ] usbser          C:\Windows\System32\drivers\usbser.sys
23:19:09.0614 0x0eb4  usbser - ok
23:19:09.0630 0x0eb4  [ 8949F77132A4F8F3BA17C6727099F002, 86AD4A2263B34983335180FDAE775D1744E042D2A11300D27DF546F15F285A25 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
23:19:09.0630 0x0eb4  USBSTOR - ok
23:19:09.0646 0x0eb4  [ 8B3E458A8851F9A3B2109B1680EE1159, 753AC8F82F65564F00EA2F60B43E4B815FEAABE0DA35B6356210A5F4B1CA3EFC ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
23:19:09.0661 0x0eb4  usbuhci - ok
23:19:09.0677 0x0eb4  [ 9E9D58F5E1702955B2F4D62996F80E8E, 6C21C250B9D98346D0D5CB7D6C11AB120A1D195C28313BDB0CE532663F0114E2 ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
23:19:09.0693 0x0eb4  USBXHCI - ok
23:19:09.0739 0x0eb4  [ 2771EBB565F5C121E66060B173991D4D, 1EB34A6262A18E47ADCA392FDB2D58E8428A1CA43EB4196D76A897F74A03CA7F ] UserDataSvc     C:\Windows\System32\userdataservice.dll
23:19:09.0818 0x0eb4  UserDataSvc - ok
23:19:09.0864 0x0eb4  [ 36EC82F0E399F36BD25F593D63DC144A, 2A9E916A098ACD5A5074A5FD053ECAB027A0932A348C728F20CD63EF16289533 ] UserManager     C:\Windows\System32\usermgr.dll
23:19:09.0911 0x0eb4  UserManager - ok
23:19:09.0958 0x0eb4  [ 05F4CB5991D897E4253BF61FA5E828F8, 25B5B6751B4455491E9A050DF5C12F788B5677F70FB4844E0BF851090AC1F74C ] UsoSvc          C:\Windows\system32\usocore.dll
23:19:09.0989 0x0f08  Object required for P2P: [ 2619DC483579DB9FE804044C1ADFFD1A ] dam
23:19:10.0005 0x0eb4  UsoSvc - ok
23:19:10.0021 0x0eb4  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] VaultSvc        C:\Windows\system32\lsass.exe
23:19:10.0021 0x0eb4  VaultSvc - ok
23:19:10.0036 0x0eb4  [ E1BE37312785A71862516F66B3FD24CE, D248C513DBEACB192653C6E46809209F341771B146544BBF43B86369280B4F8B ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:19:10.0036 0x0eb4  vdrvroot - ok
23:19:10.0068 0x0eb4  [ 67A6E949395A09914AD8B38FE14B8D15, 593F2FAA880B2E0468F98BD58B5214A170E5890907B25294D7A47C66505A3D45 ] vds             C:\Windows\System32\vds.exe
23:19:10.0099 0x0eb4  vds - ok
23:19:10.0114 0x0eb4  [ E42C0F2850735FF9D908B9DB581E6314, E2204A56BF37FC57CD2ED96E3F908882D72B4BFF1BFB97C5172C851F1E4F9650 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
23:19:10.0114 0x0eb4  VerifierExt - ok
23:19:10.0146 0x0eb4  [ EC15FD6A28757793E2DA394CD94ABD52, DC758BBEE9C6952D7B3F7171EF67B037B4068E88189A2C4A894122D1D1209468 ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
23:19:10.0177 0x0eb4  vhdmp - ok
23:19:10.0177 0x0eb4  [ D0C9632C350F46786643A069251BC249, CF65BA0D3F3D2B821C10E2D4F53F5B6BF6236CA9767419392A561CFA79254C3B ] vhf             C:\Windows\System32\drivers\vhf.sys
23:19:10.0193 0x0eb4  vhf - ok
23:19:10.0193 0x0eb4  [ E886CB75DA2B6EB35469EF10135624C7, 3AFC59A0709B984F517A918D5BBEBEB1C80001BEC87C133447DCEAEDE00E516D ] vmbus           C:\Windows\system32\drivers\vmbus.sys
23:19:10.0193 0x0eb4  vmbus - ok
23:19:10.0208 0x0eb4  [ 46D2EC27820EC0F798F85821E53C2942, D298A7D6AC16F76A069F843C8DD323ECB340D361733CB9B076BCDE8FC5F1FEFC ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
23:19:10.0224 0x0eb4  VMBusHID - ok
23:19:10.0239 0x0eb4  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicguestinterface C:\Windows\System32\ICSvc.dll
23:19:10.0271 0x0eb4  vmicguestinterface - ok
23:19:10.0286 0x0eb4  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
23:19:10.0302 0x0eb4  vmicheartbeat - ok
23:19:10.0318 0x0eb4  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmickvpexchange C:\Windows\System32\ICSvc.dll
23:19:10.0333 0x0eb4  vmickvpexchange - ok
23:19:10.0364 0x0eb4  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicrdv         C:\Windows\System32\ICSvc.dll
23:19:10.0380 0x0eb4  vmicrdv - ok
23:19:10.0396 0x0eb4  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicshutdown    C:\Windows\System32\ICSvc.dll
23:19:10.0411 0x0eb4  vmicshutdown - ok
23:19:10.0427 0x0eb4  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmictimesync    C:\Windows\System32\ICSvc.dll
23:19:10.0443 0x0eb4  vmictimesync - ok
23:19:10.0458 0x0eb4  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicvmsession   C:\Windows\System32\ICSvc.dll
23:19:10.0489 0x0eb4  vmicvmsession - ok
23:19:10.0489 0x0eb4  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicvss         C:\Windows\System32\ICSvc.dll
23:19:10.0505 0x0eb4  vmicvss - ok
23:19:10.0521 0x0eb4  [ B9265F47E7A354BAAA0AF5CBA3F8F7CE, F836E7BEDC7CAB1C01225164D171A0210D8F909F52992E4C0BF3C92B365BCD52 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:19:10.0521 0x0eb4  volmgr - ok
23:19:10.0552 0x0eb4  [ BEE9C8B72AB752B794F69C2B9B3678AA, 49A5093C26F3CDCD60577F7F2D7F936C7B2BD010B27F2C49A7B6AA41E42DF98D ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:19:10.0583 0x0eb4  volmgrx - ok
23:19:10.0583 0x0eb4  [ E1F91A727A04C9F8199D04FF3BBBF63C, 076CAEE621DBF7DE24ED92BA239C440879FDB674CF3213DF3E35AEC03D0D2031 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:19:10.0599 0x0eb4  volsnap - ok
23:19:10.0614 0x0eb4  [ F7B1B1101271E31F43CC76E890704F51, 2282D82B220C3D13FF980ED8E40443C83816D3DA9557EACEA137873F92BB9CF4 ] vpci            C:\Windows\System32\drivers\vpci.sys
23:19:10.0630 0x0eb4  vpci - ok
23:19:10.0630 0x0eb4  [ D48ED0A08BD2FD25A833E6AC99623091, 6CA7580878D3893E14B4938023A00CDFC9BE215A0CE4ED59A94F95DFD9FDF4D8 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
23:19:10.0646 0x0eb4  vsmraid - ok
23:19:10.0693 0x0eb4  [ 4CF5A1E0C4FCA956ACD6C654E2A8610E, 57F3C7200C25E8717AF92AF2ED7615C6605179D3514B432220FA6EA94CAB4F2E ] VSS             C:\Windows\system32\vssvc.exe
23:19:10.0739 0x0eb4  VSS - ok
23:19:10.0755 0x0eb4  [ 6990D4AFDF545669D4E6C232F26DE1FB, 9B8F99A035188FD96BA79E935E8EF387BEA2223ECA0B74CF64AB993DABAA5722 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
23:19:10.0771 0x0eb4  VSTXRAID - ok
23:19:10.0786 0x0eb4  [ 1EE11F0508C58EF081F4176E66D6970B, 9069B3FC8850C7CF617909C6DBFC3753FEB59A9E708379CC57190F4097FB374E ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
23:19:10.0802 0x0eb4  vwifibus - ok
23:19:10.0833 0x0eb4  [ 938E4EF58E42D252B742B0E243011B90, AC0C21FBAF15924CB271CA43ACB7A86287936C78B4852BCFC59EC7EC703E036C ] vwififlt        C:\Windows\system32\drivers\vwififlt.sys
23:19:10.0864 0x0eb4  vwififlt - ok
23:19:10.0880 0x0eb4  [ 48C1A256591297C43ECFC4E30D144EAA, 8E66833ED2CEB6D7E499EB2E4282B4F9DFA28B6D21757BB88EC52FD069D7FACE ] W32Time         C:\Windows\system32\w32time.dll
23:19:10.0927 0x0eb4  W32Time - ok
23:19:10.0927 0x0eb4  [ 00C27B64C758C111E5D78A70DE6CA2B6, C99761B9B671B3A1FF1C52796CCA3F4F825BF50D9657D13B551E849CDD82055D ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
23:19:10.0927 0x0eb4  WacomPen - ok
23:19:10.0958 0x0eb4  [ D76D1AC4F2C642D09A68227D129A4726, D14D6C4D94E9660848C74B220359683D91A4A3D70750E781A20B6D86D46794CE ] WalletService   C:\Windows\system32\WalletService.dll
23:19:10.0989 0x0eb4  WalletService - ok
23:19:10.0989 0x0eb4  [ 8CB53620B2C2F0641DD7563EA0FDF491, D62FE75C908409A54949F0E3C39558DC7A8F11AF7496ED7B0872D80D08CB67A7 ] wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
23:19:11.0005 0x0eb4  wanarp - ok
23:19:11.0005 0x0eb4  [ 8CB53620B2C2F0641DD7563EA0FDF491, D62FE75C908409A54949F0E3C39558DC7A8F11AF7496ED7B0872D80D08CB67A7 ] wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:19:11.0021 0x0eb4  wanarpv6 - ok
23:19:11.0099 0x0eb4  [ 2598BBF11C9E7D0885DCA52E7FD5BCBD, 46B1FB080A2CD88C89A0EB8BA2594A1FA2C341ED77A6C6835CBFFE42907FAC55 ] wbengine        C:\Windows\system32\wbengine.exe
23:19:11.0177 0x0eb4  wbengine - ok
23:19:11.0208 0x0eb4  [ 642EFABF900374FA85639D83B5533AFD, 292692D6AAC2A785D237ADFBC7CA3D379E8FC79FA366A8CE7D06F5CA5CE6866B ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:19:11.0271 0x0eb4  WbioSrvc - ok
23:19:11.0302 0x0eb4  [ E9A0D466F6D8EC349DB526146618BCB6, CFD6F3F979E4366A68FBEC3BE90A42BF3D65403A987E80741A720C0622871F32 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
23:19:11.0333 0x0eb4  Wcmsvc - ok
23:19:11.0364 0x0eb4  [ 53A036CED1270F2459E708A05922FD49, 2F281A72E4B0408DE6C8153F5988C9AA38591FB1E72558767D389637D0666A85 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:19:11.0396 0x0eb4  wcncsvc - ok
23:19:11.0411 0x0eb4  [ 965B6197A659782B6A0F68411A180AAD, 5541AB78B71E4FA655BCBF2D80D574B2A3B4AA8871F65D26620BDE549FA5459A ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:19:11.0443 0x0eb4  WcsPlugInService - ok
23:19:11.0458 0x0eb4  [ 069D3D6E20AD753B34FCE856F0436869, CF8C12295DDAA56E7350019AADBA533D7857CFB3F20DEE14E557963645A9331B ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
23:19:11.0474 0x0eb4  WdBoot - ok
23:19:11.0505 0x0eb4  [ 6CC727E94CD84E9720FDCDA8089CABCC, BCF66056B06DED6BC2D329E910FCD3E685D627BAD3B5D7F4B0E970B45CD9CEF4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:19:11.0521 0x0eb4  Wdf01000 - ok
23:19:11.0536 0x0eb4  [ E3E97151A1D1E87BB2D5371F66C5F169, 0ED0B9852FE0533816F5EE2F06045B3964A00FD749A7011DB3C663AB6FA369E2 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
23:19:11.0552 0x0eb4  WdFilter - ok
23:19:11.0568 0x0eb4  [ 75DC67553051103547B693898CB32D08, 4FCF2C3DBBE85461364B1F3A3F3629B52C8664487D30142D15937A4C96EF6A8F ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:19:11.0583 0x0eb4  WdiServiceHost - ok
23:19:11.0583 0x0eb4  [ 75DC67553051103547B693898CB32D08, 4FCF2C3DBBE85461364B1F3A3F3629B52C8664487D30142D15937A4C96EF6A8F ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:19:11.0599 0x0eb4  WdiSystemHost - ok
23:19:11.0661 0x0eb4  [ 2BC2E99623119521EEF7910A11D0FDE0, 3F3E48A79534F0F65F961D9B170D534562E04901B630127B16DF02E6D42F2BBF ] wdiwifi         C:\Windows\system32\DRIVERS\wdiwifi.sys
23:19:11.0677 0x0eb4  wdiwifi - ok
23:19:11.0693 0x0eb4  [ 07B043160399AF4009054E2EA3464BF4, 8D652D7CD75F8FB2B5414155355F0C970015914E1AC6522DBB8387BB8662F542 ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
23:19:11.0708 0x0eb4  WdNisDrv - ok
23:19:11.0724 0x0eb4  WdNisSvc - ok
23:19:11.0740 0x0eb4  [ 9972D395DBD05D91DA5EDADEB9325680, 9382D846793F285721A1A0FED42F914035A53D856B902FADB0B7144C471BDA91 ] WebClient       C:\Windows\System32\webclnt.dll
23:19:11.0755 0x0eb4  WebClient - ok
23:19:11.0771 0x0eb4  [ B6BF579761489720BCE787F723F596E5, 879B17F6A4F23F5E85A09126B7B407955DDCEB1BA4A8FFC0A418B7F47311C056 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:19:11.0802 0x0eb4  Wecsvc - ok
23:19:11.0802 0x0eb4  [ 10C9CF8771A2A87F575F9FB56821474E, 15E3DFFE9CF6777F67E426ECF797D2DF743EA152DEE336DCC9C2F92A0E6EB9A3 ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
23:19:11.0818 0x0eb4  WEPHOSTSVC - ok
23:19:11.0833 0x0eb4  [ 357C083FE35D030D991D163AAF622A06, F301852D49DBDEF0D28F56CD74CBDC71CA003EBD07D3F46EA5C870DC1BD07896 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:19:11.0849 0x0eb4  wercplsupport - ok
23:19:11.0865 0x0eb4  [ 2235AF716D15D9DFE4C59DC2AC0C440C, 2DCFCEBEA77E7E40CEF9A785BE1A794B390B36E40FBCF49B494F9CEA3F6A28C4 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:19:11.0896 0x0eb4  WerSvc - ok
23:19:11.0927 0x0eb4  [ C11272713719922DE5711094333BD166, 61D4F07E02AECF04964FF51EEA31069A2B0EAA549AD2B29B5FD3E1E6BB543593 ] WFPLWFS         C:\Windows\system32\drivers\wfplwfs.sys
23:19:11.0943 0x0eb4  WFPLWFS - ok
23:19:11.0958 0x0eb4  [ 205A1FAE910F5C493D236245850BB62A, DBA4D1D734BAA3CDEB8A7F9C81A8DAA88CEA55AF5C4C5908E76FB8E522C5EC8A ] WiaRpc          C:\Windows\System32\wiarpc.dll
23:19:11.0974 0x0eb4  WiaRpc - ok
23:19:11.0990 0x0eb4  [ EF536C54AB9281FDC4E83B07279FCFC4, 22E4F133170682EE14413CA8FDC2DBE73AB31960D6ACB728A6B398229FDDFD3B ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:19:12.0005 0x0eb4  WIMMount - ok
23:19:12.0005 0x0eb4  WinDefend - ok
23:19:12.0021 0x0eb4  [ D8966A76408107224C6013993135DD78, 6159F69BC26FF817078E68C70E6DFC9075FEBF9EF9F4F046C7A65BC377544AE6 ] WindowsTrustedRT C:\Windows\system32\drivers\WindowsTrustedRT.sys
23:19:12.0036 0x0eb4  WindowsTrustedRT - ok
23:19:12.0036 0x0eb4  [ 8B102A7B6CE326FD4208CC7C2D183343, E47C1D76CBFD2A382C3A7BB048D752FB6DD4616FADDEB1C3ADD5DDAE149742AF ] WindowsTrustedRTProxy C:\Windows\system32\drivers\WindowsTrustedRTProxy.sys
23:19:12.0052 0x0eb4  WindowsTrustedRTProxy - ok
23:19:12.0083 0x0eb4  [ FFD04E8263FC9CDB89BAD8C27C337223, 7021161D354F1536DA261D001524B92301466631DCFA161A7C6355AAC86BBE40 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
23:19:12.0130 0x0eb4  WinHttpAutoProxySvc - ok
23:19:12.0161 0x0eb4  [ 4A53441C1C4D2878BEF27E381138BB2D, C221E74491E6FD2AF472B53876B46788D5CF62F4E645457F3B3816FD0ED2BAA1 ] WinMad          C:\Windows\System32\drivers\winmad.sys
23:19:12.0161 0x0eb4  WinMad - ok
23:19:12.0208 0x0eb4  [ 1033C37122C7404C3B926ADF84874832, 163B3A7112F13AE7BB2655A28C6B19AF9B263F2AD2FF1B75314BE3E2B9118903 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:19:12.0240 0x0eb4  Winmgmt - ok
23:19:12.0333 0x0eb4  [ 703D0F62C5AA4D08EE8756516C0D125D, 02015A5E62490C11EC968160C528C2AFD1D7194AACA27F407B06EB462657511F ] WinRM           C:\Windows\system32\WsmSvc.dll
23:19:12.0458 0x0f08  Object send P2P result: true
23:19:12.0474 0x0f08  Object required for P2P: [ 9A2A2F3C69B9A30B6E78536F6D258BAD ] iai2c
23:19:12.0474 0x0eb4  WinRM - ok
23:19:12.0490 0x0eb4  [ 260907CE034FE327AC99BDA4153AB22F, B96501F43248713C2E153B9D22B78D51412A3C6989A2FB5F53A406C6CDC98D30 ] WINUSB          C:\Windows\System32\drivers\WinUSB.SYS
23:19:12.0505 0x0eb4  WINUSB - ok
23:19:12.0505 0x0eb4  [ 40A3E8D729F458B2C9A8BD9380FF83D5, CD42FFC138969EF8C9588FD113F0B9A98FBA282D46A5B6BCFA765F55ED6E97A1 ] WinVerbs        C:\Windows\System32\drivers\winverbs.sys
23:19:12.0521 0x0eb4  WinVerbs - ok
23:19:12.0583 0x0eb4  [ 453740989239803FE363FF8B40EA2E08, 25499705627C38D3431B3C336E0CF3BF55ABB0C461B88DA6D3767CAAE1E2B893 ] WlanSvc         C:\Windows\System32\wlansvc.dll
23:19:12.0693 0x0eb4  WlanSvc - ok
23:19:12.0771 0x0eb4  [ E48BBF1363F843E030757EC190DD33E6, B37199495115ED423BA99B7317377CE865BB482D4E847861E871480AC49D4A84 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
23:19:12.0849 0x0eb4  wlidsvc - ok
23:19:12.0865 0x0eb4  [ 8F010BF65238F3F822D22BA12831796E, 2CA830F259B742D2F5CDD0437960BF512D40FB4A4C2342E3BABB38D468F79694 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
23:19:12.0880 0x0eb4  WmiAcpi - ok
23:19:12.0896 0x0eb4  [ 74ACA5A7880C1F0BB9D60E32E1705A70, A89817BCCBFF94D7394614DA81D1C6C4F53AF47A539E674EEF6DC3FC496BF702 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:19:12.0911 0x0eb4  wmiApSrv - ok
23:19:12.0927 0x0eb4  WMPNetworkSvc - ok
23:19:12.0927 0x0eb4  [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof             C:\Windows\system32\drivers\Wof.sys
23:19:12.0943 0x0eb4  Wof - ok
23:19:13.0005 0x0eb4  [ 4090C6738AA92B428220857B4D44F638, 4A3EE47494051E5BA8393F2AC8226EF434DA3AA1895CF4BADC9BC1BC378647C6 ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
23:19:13.0115 0x0eb4  workfolderssvc - ok
23:19:13.0130 0x0eb4  [ 22C52D7EE7C7D0E02C8EFD8CAE8E3A71, 126605A12CEC9CC07DE3050F12E43CECABEAF0D00DF12300AF70F34700F7FE8E ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
23:19:13.0130 0x0eb4  wpcfltr - ok
23:19:13.0146 0x0eb4  [ D282ECA35ADAC7A93D6B4943E775010B, A76A9698A95646FA63AC18DFFA02B744D7C6043934CBF6C37832ED2E6B21F570 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:19:13.0177 0x0eb4  WPDBusEnum - ok
23:19:13.0193 0x0eb4  [ 1C08E424CBDD5065BB7266F8C048C1B1, 0452C85EDA6CBAB75C2617886C5D8117ED25D91F1BE0F8377B08D55B6629B028 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
23:19:13.0193 0x0eb4  WpdUpFltr - ok
23:19:13.0208 0x0eb4  [ 2C6EEFFBB7FB1C51CCD3737C77AB9109, 8C2ED309FAF4312512E7BCCBBC51B1353603A3499077A1DE21991F0692AF1620 ] WpnService      C:\Windows\system32\WpnService.dll
23:19:13.0224 0x0eb4  WpnService - ok
23:19:13.0224 0x0eb4  [ 638B43D39A3D0B47024555CF1095E6F1, C7EA0A6ED227A5256EB02CA76FEC538DF196B8DC38DA2A567757D2B221C9473E ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:19:13.0240 0x0eb4  ws2ifsl - ok
23:19:13.0255 0x0eb4  [ 9C17CF2D05F8DA5AC66880B6BEE64E7D, 8930079A1AFA97657BE567038EE57C988D3DE9A6C24EA46160E2974837082535 ] wscsvc          C:\Windows\System32\wscsvc.dll
23:19:13.0286 0x0eb4  wscsvc - ok
23:19:13.0286 0x0eb4  WSearch - ok
23:19:13.0396 0x0eb4  [ 6E04BBE242E2889B37300C4DF5CE1126, FBDAEAC62C48A4FC5EF412AE47FF10590AE83E8871412F76F6F9BAE910542DFA ] WSService       C:\Windows\System32\WSService.dll
23:19:13.0474 0x0eb4  WSService - ok
23:19:13.0521 0x0eb4  [ 3D0DE8170ECCEC20CBF205D79C535BA1, 9249A420B9024AB3B18D7E4DAC20E2080E0759C620F46D37D467DC25A77F2025 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:19:13.0599 0x0eb4  wuauserv - ok
23:19:13.0599 0x0eb4  [ A928F25CB62232F413EE655352856E10, 1D2B278A24DDDE8792ADE7649FF90A98E186B79F13AA296C30E4180293BE906A ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:19:13.0615 0x0eb4  WudfPf - ok
23:19:13.0630 0x0eb4  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
23:19:13.0646 0x0eb4  WUDFRd - ok
23:19:13.0661 0x0eb4  [ 1336DA39FE006EAB2733CA4DE5B3560C, F0D6C71ADCB66D4D14EC6D09FD43F5521A3A8CA53F248DFD01696FB4F033BE77 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:19:13.0677 0x0eb4  wudfsvc - ok
23:19:13.0740 0x0eb4  [ 7F7591CCC146EC7D9EB77C1277D605F4, 80D6D45BD3C3C7F79BFA98B864CBFA443245416ED64C0BC16E9E7C8C5E958AFB ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:19:13.0818 0x0eb4  WwanSvc - ok
23:19:13.0865 0x0eb4  [ 5DFAF8BE5A3CABAABF6795BC09EB7876, 1AFD0BC50EA5C2CCB2874E97FE5205175C80849BD6C9BDAF9FBC49174D478997 ] XblAuthManager  C:\Windows\System32\XblAuthManager.dll
23:19:13.0927 0x0eb4  XblAuthManager - ok
23:19:13.0990 0x0eb4  [ 7118498F6E48758A2EF5A7D1982E2B62, 1FF75AE64CB6DB263E8B35515E092B325AA71A6B2210F8F2B0AD087B3BA33345 ] XblGameSave     C:\Windows\System32\XblGameSave.dll
23:19:14.0068 0x0eb4  XblGameSave - ok
23:19:14.0099 0x0eb4  [ F279536122B83FD0D8E158AA753E1B7C, 6A542F28E24B30DBDC2EEE24DA33C2F4ADB3596AEDDD71DC1495DD40577CE4BB ] xboxgip         C:\Windows\System32\drivers\xboxgip.sys
23:19:14.0130 0x0eb4  xboxgip - ok
23:19:14.0162 0x0eb4  [ 69E727F94BEA64E66C284F3C482F33E6, B3E0F287E7A251E0FC17C41089C45737027E54F0213BDE847356AC882B4D3700 ] XboxNetApiSvc   C:\Windows\system32\XboxNetApiSvc.dll
23:19:14.0208 0x0eb4  XboxNetApiSvc - ok
23:19:14.0240 0x0eb4  [ DA0807D87A62D076C29C4E30F1E84F46, CA3079350038091AEE04D4DA7C06865E9DB3095120AE61AAB575AA77E86A6223 ] xinputhid       C:\Windows\System32\drivers\xinputhid.sys
23:19:14.0240 0x0eb4  xinputhid - ok
23:19:14.0255 0x0eb4  ================ Scan global ===============================
23:19:14.0287 0x0eb4  [ 82E25186617BA6C15010F0D47C705705, 5BF9E38918E6EAE86448137E2D120B80318AA1143CDDF539A2BFBEE227646816 ] C:\Windows\system32\basesrv.dll
23:19:14.0302 0x0eb4  [ E2899695BD30B5F93EC626EBBEF2CB69, B190D2903A109D2C146D881F90769060A0E971942F4AA61AEAD81861032D89C3 ] C:\Windows\system32\winsrv.dll
23:19:14.0318 0x0eb4  [ 09E92888FFF86F3334E59778724DCA6F, 2344763B52395EF565A9DE5F55BEDCA026AD2E8072FFD06F826BF366B3BA2AB4 ] C:\Windows\system32\sxssrv.dll
23:19:14.0333 0x0eb4  [ 6FF8248F3A9D69A095C7F3F42BC29CB2, 9077B1AA0AFB8DB329FDED0E51085DE1C51B22A986162F29037FCA404A80D512 ] C:\Windows\system32\services.exe
23:19:14.0333 0x0eb4  [ Global ] - ok
23:19:14.0333 0x0eb4  ================ Scan MBR ==================================
23:19:14.0349 0x0eb4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:19:14.0694 0x0eb4  \Device\Harddisk0\DR0 - ok
23:19:14.0694 0x0eb4  ================ Scan VBR ==================================
23:19:14.0725 0x0eb4  [ 0DC65D8E7911BE2A61C16853071B0AEE ] \Device\Harddisk0\DR0\Partition1
23:19:14.0788 0x0eb4  \Device\Harddisk0\DR0\Partition1 - ok
23:19:14.0788 0x0eb4  [ D9E80628E3F680E0F57B60967E651FE4 ] \Device\Harddisk0\DR0\Partition2
23:19:14.0866 0x0eb4  \Device\Harddisk0\DR0\Partition2 - ok
23:19:14.0866 0x0eb4  ================ Scan generic autorun ======================
23:19:14.0944 0x0eb4  [ 45823986DF59D84D3641CC07832BCC1A, 93D3A668DBEB5681D8F1FF9759091D02B6D26DE29B9B0A072200619D0AF9CA8A ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
23:19:14.0975 0x0eb4  NvBackend - ok
23:19:14.0991 0x0f08  Object send P2P result: true
23:19:14.0991 0x0f08  Object required for P2P: [ 59A20F5AD9F4AE54098154359519408E ] iaLPSS2i_I2C
23:19:15.0210 0x0eb4  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
23:19:15.0444 0x0eb4  OneDriveSetup - ok
23:19:15.0632 0x0eb4  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
23:19:15.0757 0x0eb4  OneDriveSetup - ok
23:19:15.0851 0x0eb4  [ 91DD4AD85BB341CC8CF5187EA06FD171, 68330A5EBDA7E4A51926EC2085D71C11BD2857A6EB1D4749DEE7A6D1D5679B98 ] C:\Users\uue\AppData\Local\Microsoft\OneDrive\OneDrive.exe
23:19:15.0866 0x0eb4  OneDrive - ok
23:19:16.0054 0x0eb4  [ 2CD5F1053AB2BC2ED35EF1B253B9E44A, 28A0A3785797D9DDD0A0D0D07B291E24E68B3523F55DE223C60EF59F5FD3361C ] C:\Program Files (x86)\Steam\steam.exe
23:19:16.0116 0x0eb4  Steam - ok
23:19:16.0116 0x0eb4  Waiting for KSN requests completion. In queue: 362
23:19:17.0132 0x0eb4  Waiting for KSN requests completion. In queue: 362
23:19:17.0351 0x0f08  Object send P2P result: true
23:19:17.0366 0x0f08  Object required for P2P: [ 807A6636828E5F43C10A01474B8907EE ] MSDTC
23:19:18.0148 0x0eb4  Waiting for KSN requests completion. In queue: 299
23:19:18.0507 0x1558  Object required for P2P: [ 34A3EB84B2A830E6F450B8F885AE4E6E ] SysMain
23:19:19.0163 0x0eb4  Waiting for KSN requests completion. In queue: 297
23:19:19.0710 0x0f08  Object send P2P result: true
23:19:19.0726 0x0f08  Object required for P2P: [ 7C58AFEC26E9F7730A8AA7FD40225937 ] sppsvc
23:19:20.0170 0x0eb4  Waiting for KSN requests completion. In queue: 161
23:19:20.0961 0x1558  Object send P2P result: true
23:19:20.0976 0x1558  Object required for P2P: [ 4CF5A1E0C4FCA956ACD6C654E2A8610E ] VSS
23:19:21.0179 0x0eb4  Waiting for KSN requests completion. In queue: 85
23:19:22.0195 0x0eb4  Waiting for KSN requests completion. In queue: 85
23:19:22.0492 0x0f08  Object send P2P result: true
23:19:23.0211 0x0eb4  Waiting for KSN requests completion. In queue: 65
23:19:23.0320 0x1558  Object send P2P result: true
23:19:24.0258 0x0eb4  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x61100 ( enabled : updated )
23:19:24.0258 0x0eb4  Win FW state via NFP2: enabled ( trusted )
23:19:26.0617 0x0eb4  ============================================================
23:19:26.0617 0x0eb4  Scan finished
23:19:26.0617 0x0eb4  ============================================================
23:19:26.0617 0x0ea8  Detected object count: 0
23:19:26.0617 0x0ea8  Actual detected object count: 0
23:20:21.0486 0x1a94  Deinitialize success


#8 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:12:32 PM

Posted 19 April 2016 - 10:11 PM

I believe that the system is rootkit / bootkit free.  How is it running for you?

Did you read the information links and do you have any questions about the hard drive?


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#9 garrys1

garrys1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 20 April 2016 - 08:56 AM

ok so its running fine i was just wondering what are those unallocated spaces and what they do and i readed those links what  u gave to me.. so its safe to have unallocated spaces in your system?



#10 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:12:32 PM

Posted 20 April 2016 - 09:40 AM

Yes; having some unallocated space on a hard drive is perfectly normal.  Again this is a function of cluster / sector size and partition / volume size.  Now that you have a record of what your disk has now, you can check anytime in the future to see if there are any changes.

 

If your system is running fine, let's clear our tools and get you on your way.

 


All right!! :bananas: Your logs are clean and you're good to go now!! :thumbup2: We've got some final steps left to do to clean up our tools and get your system in good running condition and then you are on your way.  Just run through the steps from the Cleanup of Tools to the Program Update Checker. That's it. Thanks. :cool:


Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

  • Download Delfix from here or here
    to your desktop and double click it to start the program
  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Activate UAC
  • Create registry backup
  • Purge system restore
  • Reset system settings
  • DelFixSelectall_zps0f04cec4.png
  • Click Run
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.


Keep Windows Updated
Microsoft issues updates to Windows to close vulnerabilities as they are discovered. Staying updated helps protect your system from current exploits.

  • Click Start and then click Control Panel.
  • Click on the View by: in the upper right corner and select Large Icons (you can change this back later if you like).
  • Scroll down and click on Windows Update.
  • Click on Change settings.
  • Under Important Updates, click on Install updates automatically (recommended).
  • Select (click on) the other options on this page.
  • Select a day and time to have windows install the updates.
  • Click on Ok to change the settings.
  • If you want to change the view of the Control Panel display, click on the View by: in the upper right hand corner and select an option you prefer.

Keep other Important Programs Updated
Along with keeping Windows updated, it is a good idea to keep important programs updated. Java and Adobe Reader both need to be kept updated to the latest versions; malware writers utilize exploits in the unpatched versions to their advantages.

Java
Most security experts and the US CERT (part of the US Homeland Security) now recommend that users uninstall Java from their systems; if you don't have any programs that need Java on your system, you are safe to do this. You can read some of the articles on this here and here. I strongly suggest you uninstall Java unless you need it run certain software; in that case I would recommend that you disable or unplug Java from your web browsers and only enable it when you need it.

To disable / unplug Java in your browsers:


To uninstall Java (on Win7):


  • Click Start and then click Control Panel.
  • If you need to, click View by: and select either Large Icons or Small Icons.
  • Click on Programs and Features.
  • Scroll down until you find Java and click on it to select that program.
  • (Older versions of Java may appear in the program list as J2SE, Java 2, Java SE or Java Runtime Environment.)
  • Click Uninstall.
  • If more than one version of Java shows in your program list, you should repeat the selection and uninstall until all of them are removed.

To check for the latest version of Java and installation steps:


  • Go to java.com and click on Do I have Java?.
  • On the next page, click on Verify Java Version.
  • If you get a security pop up entitled "Do you want to run this application?" with the Name: Java Detection and Publisher: Oracle America, Inc., click Run.
  • Follow the recommendations (if any) on the results screen.
  • If there is a new version (or none at all on your system), there will be a button on the page showing Agree and Start Free Download. Click on it to update or install Java.
  • The site will start a download of jxpiinstall.exe. Save the file to your desktop.
  • When the download is finished, close your browser.
  • Right click on the jxpiinstall.exe and select Run as Administrator.
  • On the opening window, check Change destination folder and then click Install>.
  • The program will now download the rest of the files needed to install Java.
  • On the Destination Folder window, click Next>.
  • On the next window, the install will present you the option of adding additional software (this is known as Foistware).
  • Uncheck the Set and keep Ask as my default search provider.
  • Uncheck the Install the Ask Toolbar.
  • Click Next> to finish the install.
  • When the installation is finished, you will be taken to a web page that will check to see if Java is working properly.

Adobe Reader
Adobe Reader is the second most targeted (by malware) common software. If all you ever do with Adobe Reader is view PDF files, then please consider replacing it with a lighter, free PDF reader that is not exploitable. One that I recommend is Sumatra PDF.

To update Adobe Reader:


  • Launch your Adobe Reader.
  • Click Help and then click on About Adobe Reader from the menu list.
  • If the version is 11.0.10 then you are up to date. If it is less than this and you are keeping Adobe Reader, you should update to the latest version.
  • The best place to get Adobe Reader is from Adobe (click on Adobe to go there now).
  • Click on Download in the menu bar on top of the Adobe web page.
  • Click on Adobe Reader in the list on the right hand side of the page.
  • On the next page, click on the check mark (to turn it off) beside the option to include the McAfee scanner in the download and install. Make sure the check is NOT marked (this is another example of Foistware).
  • Click the Install Now button and follow the directions on next page.
  • If you are prompted to Save the installer file, choose to save it to your desktop. Once it is saved, right click on the file and select Run as Administrator.
  • When the installation is finished, you can delete the installer file on your desktop.

Consider a program that will check for out-of-date programs on your system
Some programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Heimdal Free from Heimdal Security (you can get the software from here and read more about it on the same page).


You are now done! :thumbup2: :grinner: :thumbup2: :grinner: :smilers:

Now some information on programs to help keep you safe:

First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus

Next, a firewall is a must have now-a-days. The built in firewall in Windows 7 is fine (just make sure it is turned on (Start > Control Panel > Windows Firewall)). Or, if you like, you could choose one of the free ones listed here:
Zone Alarm Free Firewall - installer includes foistware so read the options very carefully

=== options ====
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here.

Also, consider adding MalwareBytes Antimalware to your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online

_____________________________________________________________________

Please come back and paste the DelFix.txt log when you can. After that, if you have no more questions, you are good to go. Surf safe, my friend!!
 

 


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#11 garrys1

garrys1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 20 April 2016 - 03:34 PM

# DelFix v1.013 - Logfile created 20/04/2016 at 19:51:18
# Updated 17/04/2016 by Xplode
# Username : uue - DESKTOP-NOUD51E
# Operating System : Windows 10 Home  (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\TDSSKiller.3.1.0.9_19.04.2016_23.18.36_log.txt
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #1 [Installed DirectX | 04/17/2016 13:42:29]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########
 
i download avast antivirus, updated everything and downloaded that heimdal program it says it cant patch Adobe Flash Plugin


#12 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:12:32 PM

Posted 20 April 2016 - 05:45 PM

Are any browsers or games open when Heimdal is trying to patch Adobe Flash?  I don't think Adobe will let anything change it will in use anymore (used to be able to do that but not currently).


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#13 garrys1

garrys1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 20 April 2016 - 06:22 PM

no and i tryed to restart my computer too it says on status failed



#14 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:12:32 PM

Posted 20 April 2016 - 10:44 PM

Sorry for the trouble.  The best work around for this problem is to manually update by going to https://get.adobe.com/flashplayer/ .


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#15 garrys1

garrys1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 21 April 2016 - 07:40 AM

when i try to install it says adobe flashplayer already includes built-in.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users