Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 problems with Update, Avast and slow working computer


  • This topic is locked This topic is locked
18 replies to this topic

#1 Deriath

Deriath

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 PM

Posted 03 May 2016 - 12:23 PM

Hello,

As adviced by boopme i'm creating new topic on behalve on that one http://www.bleepingcomputer.com/forums/t/612894/windows-7-problems-with-update-avast-and-slow-working-computer/#entry3992201.

 

 

Hello,

I'm fighting with problems with my computer (lenovo G780 on windows 764bit) for some time, and till now nothing helped. So I was hoping you guys can help me.

 

So in general, About 2 weeks ago i decided to clean my Windows after few years of using. I reinstalled it, as well with other programs and games I'm using. But from this moment some weird things have started.

- First of all the computer is working slower than before reinstallation.

- Secondly my antivir Avast premier is turning it self off, I mean its working in background but saying that im not secured and fire wall is turned off, I can turn it on but after some time its same story.

- Thirdly, right now I see that after I turn on the computer, and before i start using any kind of program, the svchost process is using more than 1 500 000 Kb of memory. 

- another thing is that windows update cannot install new updates. It download them, install and after reboot when it try to configure them it shows info, that it cannot be done and restart computer without upling the updates.

 

I was thinking it some problem with HDD so i tryed to run CHKDSK but it was unsuccesfull. So I removed the disk and went for another computer to do it from another windows instance. It was possible without any problems. Windows corrected all errors. I defragmented disk and serched for bad sectors, but everything was fine. 

 

Till now I tried to scan computer with avast (it cannot find anything and the avast cleanup scan stops at 99% and cannot move further regardless how much I will wait for it). Tried as well microsoft security essentials but it didn't found nothing. Downloaded Malwarebytes and scanned computer without any result.

I used even Webroot SecureAnywhere Endpoint Protectiona at my work, this one actually founded some infected files and removed them with success. But it didn't helped, computer is still slow and not working correctly.

 

I'm not sure what should I do now as its kind annoying to work on it, and I have no idea what should i do next.

 

Kind regards 
Pawel

 

 

In attachment addition file from FRST.

 

Below report from FRST:

 

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:03-05-2016

Uruchomiony przez Laptop (administrator)  LAPTOP-KOMPUTER (03-05-2016 13:04:53)

Uruchomiony z C:\Users\Laptop\Downloads

Załadowane profile: Laptop (Dostępne profile: Laptop)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska)

Internet Explorer Wersja 9 (Domyślna przeglądarka: Chrome)

Tryb startu: Normal

Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Procesy (filtrowane) =================

 

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe

(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe

(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE

(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe

(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avBugReport.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{1348D4F3-ECEF-441B-A8AA-261A1398BC77}\50.0.2661.94_49.0.2623.112_chrome_updater.exe

(Google Inc.) C:\Windows\Temp\CR_E69EE.tmp\setup.exe

(Google Inc.) C:\Windows\Temp\CR_E69EE.tmp\setup.exe

 

 

==================== Rejestr (filtrowane) ===========================

 

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

 

HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-08-04] (Lenovo)

HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-08-04] (Lenovo(beijing) Limited)

HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-08-04] (Lenovo (Beijing) Limited)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2011-12-15] (Conexant Systems, Inc.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397752 2016-04-05] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390096 2016-04-11] (AVAST Software)

HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)

HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-11-24] (Vimicro)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-3506106218-1799370102-204394789-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-04] (Google Inc.)

HKU\S-1-5-21-3506106218-1799370102-204394789-1002\...\MountPoints2: {8686b2de-0b1f-11e6-8e5f-08edb9a7ffe4} - G:\Startme.exe

AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-05-01] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-05-01] (NVIDIA Corporation)

Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-11] (AVAST Software)

ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-02-15] (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-02-15] (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-02-15] (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-02-15] (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll [2012-08-04] ()

 

==================== Internet (filtrowane) ====================

 

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1

Tcpip\..\Interfaces\{0169879B-A61E-4847-ADCD-FD1AA7EA136C}: [DhcpNameServer] 192.168.8.1 192.168.8.1

 

Internet Explorer:

==================

HKU\S-1-5-21-3506106218-1799370102-204394789-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com

HKU\S-1-5-21-3506106218-1799370102-204394789-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN

HKU\S-1-5-21-3506106218-1799370102-204394789-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN

HKU\S-1-5-21-3506106218-1799370102-204394789-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

HKU\S-1-5-21-3506106218-1799370102-204394789-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll [2012-08-04] (Google Inc.)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-11] (AVAST Software)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-30] (Google Inc.)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-30] (Oracle Corporation)

BHO-x32: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner.dll [2012-08-04] (Google Inc.)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-11] (AVAST Software)

BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-30] (Google Inc.)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-30] (Oracle Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-30] (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-30] (Google Inc.)

Toolbar: HKU\S-1-5-21-3506106218-1799370102-204394789-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-30] (Google Inc.)

 

FireFox:

========

FF ProfilePath: C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\sqpca8c1.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-17] ()

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-17] ()

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-30] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-30] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-11] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-11] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-11]

FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-11]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Session Restore: Default -> [funkcja włączona]

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => Brak pliku

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => Brak pliku

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => Brak pliku

CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll => Brak pliku

CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => Brak pliku

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll => Brak pliku

CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Profile: C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (YouTube) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-11]

CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2016-04-11]

CHR Extension: (Avast Online Security) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-11]

CHR Extension: (Wes Craven) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahooofggegjbnodalhoibemeabkapop [2016-04-11]

CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-11]

CHR Extension: (Gmail) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-11]

CHR Profile: C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (YouTube) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-11]

CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2016-04-11]

CHR Extension: (Avast Online Security) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-11]

CHR Extension: (Wes Craven) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahooofggegjbnodalhoibemeabkapop [2016-04-11]

CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-11]

CHR Extension: (Gmail) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-11]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-11]

CHR HKLM-x32\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - C:\Program Files (x86)\Amazon\ABB\AmazonChrome-lenovo-abb.crx [2012-02-18]

 

==================== Usługi (filtrowane) ========================

 

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-11] (AVAST Software)

R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [370656 2016-04-11] (AVAST Software)

R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.)

R2 DamageGuardSvc; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [572976 2012-03-26] (Lenovo (Beijing) Limited)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164856 2016-04-05] (NVIDIA Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)

S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2016-01-08] (Lenovo)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-04-05] (NVIDIA Corporation)

R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-04-05] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-04-05] (NVIDIA Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

 

===================== Sterowniki (filtrowane) ==========================

 

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-04-11] (AVAST Software)

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-04-11] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-04-11] (AVAST Software)

R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [28312 2016-04-11] (AVAST Software)

R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [536312 2016-04-11] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-04-11] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-04-11] (AVAST Software)

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-04-11] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-04-11] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-04-11] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-04-13] (AVAST Software)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.)

R1 DamageGuard; C:\Windows\System32\DRIVERS\DamageGuardX64.sys [217392 2012-02-10] (Lenovo)

R1 dgFltr; C:\Windows\System32\drivers\dgFltrX64.sys [23648 2011-12-13] (Lenovo)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-02] (Qualcomm Atheros Co., Ltd.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-03] (Malwarebytes)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2016-05-01] (Microsoft Corporation)

R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-04-05] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)

R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27408 2012-03-26] (Synaptics Incorporated)

R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [952832 2011-12-06] (Vimicro Corporation)

U3 BcmSqlStartupSvc; Brak ImagePath

U2 CLKMSVC10_3A60B698; Brak ImagePath

U2 CLKMSVC10_C3B3B687; Brak ImagePath

U2 DriverService; Brak ImagePath

U2 iATAgentService; Brak ImagePath

U2 idealife Update Service; Brak ImagePath

U3 IGRS; Brak ImagePath

U2 IviRegMgr; Brak ImagePath

U2 Oasis2Service; Brak ImagePath

U2 PCCarerService; Brak ImagePath

U2 ReadyComm.DirectRouter; Brak ImagePath

U2 RichVideo; Brak ImagePath

U2 RtLedService; Brak ImagePath

U2 SeaPort; Brak ImagePath

U2 SoftwareService; Brak ImagePath

U3 SQLWriter; Brak ImagePath

 

==================== NetSvcs (filtrowane) ===================

 

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

 

 

==================== Jeden miesiąc - utworzone pliki i foldery ========

 

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

 

2016-05-03 13:04 - 2016-05-03 13:13 - 00024491 _____ C:\Users\Laptop\Downloads\FRST.txt

2016-05-03 13:03 - 2016-05-03 13:04 - 00000000 ____D C:\FRST

2016-05-03 12:54 - 2016-05-03 13:00 - 02377216 _____ (Farbar) C:\Users\Laptop\Downloads\FRST64.exe

2016-05-02 00:10 - 2016-05-03 12:13 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-05-01 23:59 - 2016-05-01 23:59 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2016-05-01 23:59 - 2016-05-01 23:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2016-05-01 23:59 - 2016-05-01 23:59 - 00000000 ____D C:\ProgramData\Malwarebytes

2016-05-01 23:59 - 2016-05-01 23:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2016-05-01 23:59 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2016-05-01 23:59 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys

2016-05-01 23:59 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

2016-05-01 23:56 - 2016-05-01 23:56 - 22851472 _____ (Malwarebytes ) C:\Users\Laptop\Downloads\mbam-setup-2.2.1.1043.exe

2016-05-01 23:56 - 2016-05-01 23:56 - 00289120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MPFILTER.sys

2016-05-01 23:56 - 2016-05-01 23:56 - 00002144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2016-05-01 23:56 - 2016-05-01 23:56 - 00001912 _____ C:\Windows\epplauncher.mif

2016-05-01 23:56 - 2015-11-13 08:50 - 00133816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys

2016-05-01 23:55 - 2016-05-01 23:56 - 00000000 ____D C:\Program Files\Microsoft Security Client

2016-05-01 23:55 - 2016-05-01 23:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

2016-05-01 23:53 - 2016-05-01 23:54 - 14346432 _____ (Microsoft Corporation) C:\Users\Laptop\Downloads\mseinstall.exe

2016-05-01 22:00 - 2016-05-01 22:09 - 00000000 ____D C:\Users\Laptop\Downloads\Ant.Man.2015.HDRip.XviD.AC3-EVO

2016-05-01 19:38 - 2016-05-01 19:38 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\NapiProjekt

2016-05-01 19:37 - 2016-05-01 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NapiProjekt

2016-05-01 19:37 - 2016-05-01 19:38 - 00000000 ____D C:\Program Files (x86)\NapiProjekt

2016-05-01 19:34 - 2016-05-01 19:36 - 09361577 _____ C:\Users\Laptop\Downloads\setup.zip

2016-05-01 19:11 - 2016-05-01 19:38 - 00000000 ____D C:\Users\Laptop\Downloads\Captain.America.The.Winter.Soldier.2014.RERiP.720p.BluRay.x264

2016-05-01 19:02 - 2016-05-01 19:02 - 00000000 ____D C:\Users\Laptop\AppData\Local\ElevatedDiagnostics

2016-05-01 06:20 - 2016-05-01 06:20 - 00000000 __SHD C:\found.000

2016-04-30 18:48 - 2016-04-30 18:48 - 00000000 ____D C:\Users\Laptop\Documents\Diablo III

2016-04-30 18:23 - 2016-05-03 12:58 - 00000000 _____ C:\Windows\SysWOW64\last.dump

2016-04-30 17:19 - 2016-04-30 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III

2016-04-30 17:17 - 2016-04-30 17:24 - 00000000 ____D C:\Users\Laptop\AppData\Local\Mozilla

2016-04-30 17:17 - 2016-04-30 17:18 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\Mozilla

2016-04-30 17:17 - 2016-04-30 17:17 - 00001176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2016-04-30 17:16 - 2016-04-30 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2016-04-30 17:16 - 2016-04-30 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2016-04-30 17:03 - 2016-04-30 18:47 - 00000000 ____D C:\Program Files (x86)\Diablo III

2016-04-30 16:55 - 2016-04-30 16:55 - 00242336 _____ C:\Users\Laptop\Downloads\Firefox Setup Stub 46.0.exe

2016-04-30 11:23 - 2016-04-30 11:23 - 00000000 ____D C:\Windows\Sun

2016-04-30 11:21 - 2016-04-30 11:21 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\Sun

2016-04-30 11:21 - 2016-04-30 11:21 - 00000000 ____D C:\Users\Laptop\AppData\LocalLow\Sun

2016-04-30 11:21 - 2016-04-30 11:21 - 00000000 ____D C:\Users\Laptop\.oracle_jre_usage

2016-04-30 11:20 - 2016-04-30 11:20 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2016-04-30 11:20 - 2016-04-30 11:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2016-04-30 11:19 - 2016-04-30 11:22 - 00000000 ____D C:\ProgramData\Oracle

2016-04-30 11:19 - 2016-04-30 11:19 - 00000000 ____D C:\Program Files (x86)\Java

2016-04-30 11:17 - 2016-04-30 11:17 - 00000000 ____D C:\Users\Laptop\AppData\LocalLow\Oracle

2016-04-30 11:16 - 2016-04-30 11:16 - 00738368 _____ (Oracle Corporation) C:\Users\Laptop\Downloads\JavaSetup8u91.exe

2016-04-30 11:05 - 2016-04-30 11:05 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\Google

2016-04-29 23:13 - 2016-04-29 23:13 - 28766787 _____ C:\Users\Laptop\Downloads\Instrukcja obslugi Renault Espace IV pl.pdf

2016-04-29 22:59 - 2016-04-29 22:59 - 09984309 _____ C:\Users\Laptop\Downloads\espace_drivers_handbook.pdf

2016-04-29 22:56 - 2016-04-29 22:56 - 01097813 _____ C:\Users\Laptop\Downloads\751cf43f9c0f78082fa421745f54571f.pdf

2016-04-28 10:49 - 2016-04-28 10:49 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET

2016-04-25 22:47 - 2016-04-25 22:47 - 00000000 ___HD C:\Users\Laptop\Desktop\.picasaoriginals

2016-04-25 22:26 - 2016-04-25 22:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3

2016-04-25 22:26 - 2015-08-26 23:04 - 04587520 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr

2016-04-25 22:19 - 2016-04-25 22:19 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2016-04-25 22:18 - 2010-11-21 05:23 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys

2016-04-25 22:18 - 2009-07-14 03:41 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtp.dll

2016-04-25 22:18 - 2009-07-14 03:41 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtpUS.dll

2016-04-25 22:02 - 2016-04-30 11:07 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Urządzenia interfejsu Bluetooth

2016-04-25 17:46 - 2016-04-25 17:46 - 05008189 _____ C:\Users\Laptop\Downloads\marcinorzolek.pl oferta ślubna (1).pdf

2016-04-25 14:10 - 2016-04-25 14:10 - 00122065 _____ C:\Users\Laptop\Downloads\address_declaration_form.pdf

2016-04-25 14:10 - 2016-04-25 14:10 - 00000000 _____ C:\Users\Laptop\Downloads\%40

2016-04-23 10:19 - 2016-04-23 10:19 - 05008189 _____ C:\Users\Laptop\Downloads\marcinorzolek.pl oferta ślubna.pdf

2016-04-22 21:33 - 2016-04-22 21:52 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\BESTplayer

2016-04-22 21:32 - 2016-04-22 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack

2016-04-22 21:32 - 2016-04-22 21:32 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack

2016-04-22 21:32 - 2014-06-14 16:03 - 00260696 _____ C:\Windows\system32\unrar64.dll

2016-04-22 21:32 - 2014-06-14 16:03 - 00218200 _____ C:\Windows\SysWOW64\unrar.dll

2016-04-22 19:34 - 2016-05-01 22:09 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\BitTorrent

2016-04-22 19:34 - 2016-04-22 19:34 - 00000873 _____ C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk

2016-04-19 21:21 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2016-04-19 21:21 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2016-04-19 21:21 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2016-04-19 21:21 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2016-04-19 21:21 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2016-04-19 21:21 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

2016-04-19 21:21 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

2016-04-19 21:21 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

2016-04-19 21:21 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

2016-04-19 21:21 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

2016-04-19 21:21 - 2014-07-09 00:38 - 00419992 _____ C:\Windows\system32\locale.nls

2016-04-19 21:21 - 2014-07-09 00:30 - 00419992 _____ C:\Windows\SysWOW64\locale.nls

2016-04-19 12:46 - 2016-04-19 12:46 - 00120163 _____ C:\Users\Laptop\Desktop\Groupon-6A0F29E158.pdf

2016-04-19 12:46 - 2016-04-19 12:46 - 00000000 ____D C:\Users\Laptop\AppData\LocalLow\Adobe

2016-04-18 19:59 - 2016-04-18 19:59 - 00000000 ____D C:\ProgramData\CyberLink

2016-04-18 18:03 - 2016-04-19 21:32 - 00000000 ____D C:\Windows\System32\Tasks\Abelssoft

2016-04-18 18:03 - 2016-04-19 19:20 - 00000000 ____D C:\Users\Laptop\AppData\Local\Abelssoft

2016-04-18 18:03 - 2016-04-18 18:03 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\Abelssoft

2016-04-18 18:03 - 2016-04-18 18:03 - 00000000 ____D C:\ProgramData\XDMessagingv4

2016-04-18 18:02 - 2016-04-18 18:02 - 03209144 _____ (Abelssoft ) C:\Users\Laptop\Downloads\checkdrive.exe

2016-04-18 17:44 - 2016-04-18 17:44 - 00000000 ____D C:\ProgramData\Energy Management

2016-04-17 12:05 - 2016-05-03 12:32 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2016-04-17 12:05 - 2016-05-01 19:53 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2016-04-17 12:05 - 2016-05-01 19:52 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2016-04-17 12:05 - 2016-04-17 12:05 - 00000885 _____ C:\Users\Laptop\Desktop\BEATA SZKOŁA — skrót.lnk

2016-04-17 12:05 - 2016-04-17 12:05 - 00000805 _____ C:\Users\Laptop\Desktop\bea dokumenty — skrót.lnk

2016-04-17 12:05 - 2016-04-17 12:05 - 00000788 _____ C:\Users\Laptop\Desktop\make up ;) — skrót.lnk

2016-04-17 12:05 - 2016-04-17 12:05 - 00000662 _____ C:\Users\Laptop\Desktop\Praca Bea — skrót.lnk

2016-04-17 12:05 - 2016-04-17 12:05 - 00000000 ____D C:\Windows\system32\Macromed

2016-04-17 12:05 - 2015-05-30 21:52 - 01093632 _____ (Karol Winnicki) C:\Users\Laptop\Desktop\BESTplayer.exe

2016-04-16 19:23 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll

2016-04-16 19:23 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll

2016-04-16 19:23 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll

2016-04-16 19:23 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll

2016-04-16 19:23 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll

2016-04-16 19:23 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll

2016-04-16 19:23 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll

2016-04-16 19:23 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll

2016-04-16 19:23 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll

2016-04-16 19:23 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll

2016-04-16 19:23 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll

2016-04-16 19:23 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll

2016-04-16 19:23 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll

2016-04-16 19:23 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll

2016-04-16 19:23 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll

2016-04-16 19:23 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll

2016-04-16 19:23 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll

2016-04-16 19:23 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll

2016-04-16 19:23 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll

2016-04-16 19:23 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll

2016-04-16 19:23 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll

2016-04-16 19:23 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll

2016-04-16 19:23 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll

2016-04-16 19:23 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll

2016-04-16 19:23 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll

2016-04-16 19:23 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll

2016-04-16 19:23 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll

2016-04-16 19:23 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll

2016-04-16 19:23 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll

2016-04-16 19:23 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll

2016-04-16 19:23 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll

2016-04-16 19:23 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll

2016-04-16 19:07 - 2016-05-01 19:52 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2016-04-16 19:07 - 2016-04-16 19:07 - 00000000 ____D C:\Windows\SysWOW64\Macromed

2016-04-16 19:07 - 2007-11-07 08:12 - 00232960 _____ C:\VC_RED.MSI

2016-04-16 19:07 - 2007-11-07 08:09 - 01442522 _____ C:\VC_RED.cab

2016-04-16 19:07 - 2007-11-07 08:03 - 00562688 _____ (Microsoft Corporation) C:\install.exe

2016-04-16 19:07 - 2007-11-07 08:03 - 00097296 _____ (Microsoft Corporation) C:\install.res.1036.dll

2016-04-16 19:07 - 2007-11-07 08:03 - 00096272 _____ (Microsoft Corporation) C:\install.res.3082.dll

2016-04-16 19:07 - 2007-11-07 08:03 - 00096272 _____ (Microsoft Corporation) C:\install.res.1031.dll

2016-04-16 19:07 - 2007-11-07 08:03 - 00095248 _____ (Microsoft Corporation) C:\install.res.1040.dll

2016-04-16 19:07 - 2007-11-07 08:03 - 00091152 _____ (Microsoft Corporation) C:\install.res.1033.dll

2016-04-16 19:07 - 2007-11-07 08:03 - 00081424 _____ (Microsoft Corporation) C:\install.res.1041.dll

2016-04-16 19:07 - 2007-11-07 08:03 - 00079888 _____ (Microsoft Corporation) C:\install.res.1042.dll

2016-04-16 19:07 - 2007-11-07 08:03 - 00076304 _____ (Microsoft Corporation) C:\install.res.1028.dll

2016-04-16 19:07 - 2007-11-07 08:03 - 00075792 _____ (Microsoft Corporation) C:\install.res.2052.dll

2016-04-16 19:07 - 2007-11-07 08:00 - 00017734 _____ C:\eula.3082.txt

2016-04-16 19:07 - 2007-11-07 08:00 - 00017734 _____ C:\eula.2052.txt

2016-04-16 19:07 - 2007-11-07 08:00 - 00017734 _____ C:\eula.1042.txt

2016-04-16 19:07 - 2007-11-07 08:00 - 00017734 _____ C:\eula.1040.txt

2016-04-16 19:07 - 2007-11-07 08:00 - 00017734 _____ C:\eula.1036.txt

2016-04-16 19:07 - 2007-11-07 08:00 - 00017734 _____ C:\eula.1031.txt

2016-04-16 19:07 - 2007-11-07 08:00 - 00017734 _____ C:\eula.1028.txt

2016-04-16 19:07 - 2007-11-07 08:00 - 00010134 _____ C:\eula.1033.txt

2016-04-16 19:07 - 2007-11-07 08:00 - 00005686 _____ C:\vcredist.bmp

2016-04-16 19:07 - 2007-11-07 08:00 - 00001110 _____ C:\globdata.ini

2016-04-16 19:07 - 2007-11-07 08:00 - 00000843 _____ C:\install.ini

2016-04-16 19:07 - 2007-11-07 08:00 - 00000118 _____ C:\eula.1041.txt

2016-04-16 18:59 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll

2016-04-16 18:59 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll

2016-04-16 18:59 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll

2016-04-16 18:59 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll

2016-04-16 18:59 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll

2016-04-16 18:59 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll

2016-04-16 18:59 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll

2016-04-16 18:59 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll

2016-04-16 18:59 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll

2016-04-16 18:59 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll

2016-04-16 18:59 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll

2016-04-16 18:59 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll

2016-04-16 18:59 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll

2016-04-16 18:59 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll

2016-04-16 18:59 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll

2016-04-16 18:59 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll

2016-04-16 18:59 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll

2016-04-16 18:59 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll

2016-04-16 18:59 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll

2016-04-16 18:59 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll

2016-04-16 18:59 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll

2016-04-16 18:59 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll

2016-04-16 18:59 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll

2016-04-16 18:59 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll

2016-04-16 18:59 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll

2016-04-16 18:59 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll

2016-04-16 18:59 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll

2016-04-16 18:59 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll

2016-04-16 18:59 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll

2016-04-16 18:59 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll

2016-04-16 18:59 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll

2016-04-16 18:59 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll

2016-04-16 18:59 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll

2016-04-16 18:59 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll

2016-04-16 18:59 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll

2016-04-16 18:59 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll

2016-04-16 18:59 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll

2016-04-16 18:59 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll

2016-04-16 18:58 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll

2016-04-16 18:58 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll

2016-04-16 18:58 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll

2016-04-16 18:58 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll

2016-04-16 18:58 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll

2016-04-16 18:58 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll

2016-04-16 18:58 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll

2016-04-16 18:58 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll

2016-04-16 18:58 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll

2016-04-16 18:58 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll

2016-04-16 18:58 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll

2016-04-16 18:58 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll

2016-04-16 18:58 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll

2016-04-16 18:58 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll

2016-04-16 18:58 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll

2016-04-16 18:58 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll

2016-04-16 18:58 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll

2016-04-16 18:58 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll

2016-04-16 18:58 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll

2016-04-16 18:58 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll

2016-04-16 18:58 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll

2016-04-16 18:58 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll

2016-04-16 18:58 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll

2016-04-16 18:58 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll

2016-04-16 18:58 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll

2016-04-16 18:58 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll

2016-04-16 18:58 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll

2016-04-16 18:58 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll

2016-04-16 18:58 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll

2016-04-16 18:58 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll

2016-04-16 18:58 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll

2016-04-16 18:58 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll

2016-04-16 18:58 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll

2016-04-16 18:58 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll

2016-04-16 18:58 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll

2016-04-16 18:58 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll

2016-04-16 18:58 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll

2016-04-16 18:58 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll

2016-04-16 18:58 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll

2016-04-16 18:58 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll

2016-04-16 18:58 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll

2016-04-16 18:58 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll

2016-04-16 18:58 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll

2016-04-16 18:58 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll

2016-04-16 18:58 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll

2016-04-16 18:58 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll

2016-04-16 18:58 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll

2016-04-16 18:58 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll

2016-04-16 18:58 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll

2016-04-16 18:58 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll

2016-04-16 18:58 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll

2016-04-16 18:58 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll

2016-04-16 18:58 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll

2016-04-16 18:58 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll

2016-04-16 18:58 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll

2016-04-16 18:58 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll

2016-04-16 18:58 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll

2016-04-16 18:58 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll

2016-04-16 18:58 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll

2016-04-16 18:58 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll

2016-04-16 18:58 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll

2016-04-16 18:58 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll

2016-04-16 18:58 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll

2016-04-16 18:58 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll

2016-04-16 18:58 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll

2016-04-16 18:58 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll

2016-04-16 18:58 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll

2016-04-16 18:58 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll

2016-04-16 18:58 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll

2016-04-16 18:58 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll

2016-04-16 18:58 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll

2016-04-16 18:58 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll

2016-04-16 18:58 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll

2016-04-16 18:58 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll

2016-04-16 18:58 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll

2016-04-16 18:58 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll

2016-04-16 18:58 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll

2016-04-16 18:58 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll

2016-04-16 18:58 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll

2016-04-16 18:58 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll

2016-04-16 18:58 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll

2016-04-16 18:58 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll

2016-04-16 14:49 - 2016-04-16 14:49 - 00000000 ____D C:\Users\Laptop\Documents\League of Legends

2016-04-16 00:49 - 2016-04-16 00:49 - 00000000 ____D C:\Windows\SysWOW64\NV

2016-04-16 00:49 - 2016-04-16 00:49 - 00000000 ____D C:\Windows\system32\NV

2016-04-16 00:49 - 2016-04-16 00:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan

2016-04-16 00:49 - 2016-04-16 00:49 - 00000000 ____D C:\Program Files (x86)\VulkanRT

2016-04-16 00:49 - 2016-03-16 23:30 - 00128792 _____ C:\Windows\SysWOW64\vulkan-1-1-0-5-1.dll

2016-04-16 00:49 - 2016-03-16 23:30 - 00128792 _____ C:\Windows\SysWOW64\vulkan-1.dll

2016-04-16 00:49 - 2016-03-16 23:29 - 00127768 _____ C:\Windows\system32\vulkan-1-1-0-5-1.dll

2016-04-16 00:49 - 2016-03-16 23:29 - 00127768 _____ C:\Windows\system32\vulkan-1.dll

2016-04-16 00:49 - 2016-03-16 23:29 - 00041752 _____ C:\Windows\SysWOW64\vulkaninfo-1-1-0-5-1.exe

2016-04-16 00:49 - 2016-03-16 23:29 - 00041752 _____ C:\Windows\SysWOW64\vulkaninfo.exe

2016-04-16 00:49 - 2016-03-16 23:28 - 00045848 _____ C:\Windows\system32\vulkaninfo-1-1-0-5-1.exe

2016-04-16 00:49 - 2016-03-16 23:28 - 00045848 _____ C:\Windows\system32\vulkaninfo.exe

2016-04-16 00:49 - 2013-10-05 02:38 - 04449952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc120u.dll

2016-04-16 00:49 - 2013-10-05 02:38 - 04424344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc120.dll

2016-04-16 00:49 - 2013-10-05 02:38 - 00970912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120.dll

2016-04-16 00:49 - 2013-10-05 02:38 - 00455328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120.dll

2016-04-16 00:49 - 2013-10-05 02:38 - 00339616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcamp120.dll

2016-04-16 00:49 - 2013-10-05 02:38 - 00247984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib120.dll

2016-04-16 00:49 - 2013-10-05 02:38 - 00119456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcomp120.dll

2016-04-16 00:49 - 2013-10-05 02:38 - 00083104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcm120u.dll

2016-04-16 00:49 - 2013-10-05 02:38 - 00083104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcm120.dll

2016-04-16 00:49 - 2013-10-05 02:38 - 00074920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc120fra.dll

2016-04-16 00:49 - 2013-10-05 02:38 - 00074920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc120deu.dll

2016-04-16 00:49 - 2013-10-05 02:38 - 00073896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc120esn.dll

2016-04-16 00:49 - 2013-10-05 02:38 - 00072872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc120ita.dll

2016-04-16 00:49 - 2013-10-05 02:38 - 00070824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc120rus.dll

2016-04-16 00:49 - 2013-10-05 02:38 - 00065192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc120enu.dll

2016-04-16 00:49 - 2013-10-05 02:38 - 00053928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc120jpn.dll

2016-04-16 00:49 - 2013-10-05 02:38 - 00053416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc120kor.dll

2016-04-16 00:49 - 2013-10-05 02:38 - 00046248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc120cht.dll

2016-04-16 00:49 - 2013-10-05 02:38 - 00046248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc120chs.dll

2016-04-16 00:47 - 2016-04-16 00:47 - 00000000 ____D C:\temp

2016-04-16 00:47 - 2016-03-22 06:12 - 17748712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2016-04-16 00:47 - 2016-03-22 06:12 - 08659472 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll

2016-04-16 00:47 - 2016-03-22 06:12 - 01924152 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436472.dll

2016-04-16 00:47 - 2016-03-22 06:12 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436472.dll

2016-04-16 00:46 - 2016-03-22 06:12 - 21355248 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2016-04-16 00:46 - 2016-03-22 06:12 - 10550736 _____ C:\Windows\system32\nvptxJitCompiler.dll

2016-04-16 00:46 - 2016-03-22 06:12 - 00959544 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2016-04-16 00:46 - 2016-03-22 06:12 - 00889400 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2016-04-16 00:46 - 2016-03-22 06:12 - 00753208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2016-04-16 00:46 - 2016-03-22 06:12 - 00695864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2016-04-16 00:46 - 2016-03-22 06:12 - 00678520 _____ C:\Windows\system32\nvfatbinaryLoader.dll

2016-04-16 00:46 - 2016-03-22 06:12 - 00571912 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll

2016-04-16 00:46 - 2016-03-22 06:12 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2016-04-16 00:46 - 2016-03-22 06:12 - 00129208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2016-04-16 00:46 - 2016-03-22 06:12 - 00037091 _____ C:\Windows\system32\nvinfo.pb

2016-04-16 00:46 - 2016-03-22 06:12 - 00000139 _____ C:\Windows\SysWOW64\nv-vk32.json

2016-04-16 00:46 - 2016-03-22 06:12 - 00000139 _____ C:\Windows\system32\nv-vk64.json

2016-04-15 22:31 - 2016-04-15 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2016-04-15 22:31 - 2016-04-05 09:48 - 01373864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll

2016-04-15 22:31 - 2016-04-05 09:48 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll

2016-04-15 22:31 - 2016-04-05 09:47 - 01767432 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

2016-04-15 22:31 - 2016-04-05 09:47 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll

2016-04-15 22:31 - 2016-04-05 09:47 - 00112032 _____ C:\Windows\system32\NvRtmpStreamer64.dll

2016-04-15 22:30 - 2016-04-16 00:49 - 00000000 ____D C:\ProgramData\Package Cache

2016-04-15 22:30 - 2016-04-16 00:47 - 00000000 ____D C:\Windows\LastGood

2016-04-15 22:30 - 2016-03-21 22:01 - 00109632 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll

2016-04-15 22:30 - 2016-03-21 22:01 - 00100416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

2016-04-15 22:30 - 2016-03-21 22:01 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

2016-04-15 22:30 - 2013-10-04 23:58 - 05634720 _____ (Microsoft Corporation) C:\Windows\system32\mfc120u.dll

2016-04-15 22:30 - 2013-10-04 23:58 - 05608088 _____ (Microsoft Corporation) C:\Windows\system32\mfc120.dll

2016-04-15 22:30 - 2013-10-04 23:58 - 00963232 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120.dll

2016-04-15 22:30 - 2013-10-04 23:58 - 00660128 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120.dll

2016-04-15 22:30 - 2013-10-04 23:58 - 00481952 _____ (Microsoft Corporation) C:\Windows\system32\vcamp120.dll

2016-04-15 22:30 - 2013-10-04 23:58 - 00356528 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib120.dll

2016-04-15 22:30 - 2013-10-04 23:58 - 00137376 _____ (Microsoft Corporation) C:\Windows\system32\vcomp120.dll

2016-04-15 22:30 - 2013-10-04 23:58 - 00091808 _____ (Microsoft Corporation) C:\Windows\system32\mfcm120u.dll

2016-04-15 22:30 - 2013-10-04 23:58 - 00091808 _____ (Microsoft Corporation) C:\Windows\system32\mfcm120.dll

2016-04-15 22:30 - 2013-10-04 23:58 - 00074920 _____ (Microsoft Corporation) C:\Windows\system32\mfc120fra.dll

2016-04-15 22:30 - 2013-10-04 23:58 - 00074920 _____ (Microsoft Corporation) C:\Windows\system32\mfc120deu.dll

2016-04-15 22:30 - 2013-10-04 23:58 - 00073896 _____ (Microsoft Corporation) C:\Windows\system32\mfc120esn.dll

2016-04-15 22:30 - 2013-10-04 23:58 - 00072872 _____ (Microsoft Corporation) C:\Windows\system32\mfc120ita.dll

2016-04-15 22:30 - 2013-10-04 23:58 - 00070824 _____ (Microsoft Corporation) C:\Windows\system32\mfc120rus.dll

2016-04-15 22:30 - 2013-10-04 23:58 - 00065192 _____ (Microsoft Corporation) C:\Windows\system32\mfc120enu.dll

2016-04-15 22:30 - 2013-10-04 23:58 - 00053928 _____ (Microsoft Corporation) C:\Windows\system32\mfc120jpn.dll

2016-04-15 22:30 - 2013-10-04 23:58 - 00053416 _____ (Microsoft Corporation) C:\Windows\system32\mfc120kor.dll

2016-04-15 22:30 - 2013-10-04 23:58 - 00046248 _____ (Microsoft Corporation) C:\Windows\system32\mfc120cht.dll

2016-04-15 22:30 - 2013-10-04 23:58 - 00046248 _____ (Microsoft Corporation) C:\Windows\system32\mfc120chs.dll

2016-04-15 22:10 - 2016-04-15 22:27 - 44977016 _____ (NVIDIA Corporation) C:\Users\Laptop\Downloads\GeForce_Experience_v2.11.2.66.exe

2016-04-15 21:48 - 2016-04-15 21:48 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\LolClient

2016-04-15 17:23 - 2016-04-15 17:23 - 00000000 ____D C:\Windows\CheckSur

2016-04-15 17:13 - 2016-04-15 17:16 - 564744309 _____ C:\Users\Laptop\Downloads\Windows6.1-KB947821-v34-x64.msu

2016-04-15 17:09 - 2016-04-15 17:09 - 00000000 ____D C:\Users\Laptop\AppData\Local\Google

2016-04-15 17:09 - 2016-04-15 17:09 - 00000000 ____D C:\Users\Laptop\AppData\Local\Google

2016-04-15 17:08 - 2016-04-18 16:35 - 00345322 _____ C:\Windows\ntbtlog.txt

2016-04-15 12:41 - 2016-04-15 12:42 - 00058571 _____ C:\Users\Laptop\Downloads\32501078_F_10006413_03_16_F.pdf

2016-04-15 01:27 - 2016-04-15 01:27 - 00000000 ____D C:\Windows\pss

2016-04-15 01:18 - 2016-04-15 01:20 - 00985600 _____ C:\Users\Laptop\Downloads\MicrosoftFixit50123.msi

2016-04-14 21:30 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE

2016-04-14 19:15 - 2016-04-14 20:11 - 00000000 ____D C:\Windows\system32\MRT

2016-04-14 19:15 - 2016-04-14 19:15 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2016-04-13 15:32 - 2016-03-29 19:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2016-04-13 15:32 - 2016-03-18 01:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2016-04-13 15:32 - 2016-03-18 01:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2016-04-13 15:32 - 2016-03-18 01:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2016-04-13 15:32 - 2016-03-18 01:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2016-04-13 15:32 - 2016-03-18 01:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2016-04-13 15:32 - 2016-03-18 01:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2016-04-13 15:32 - 2016-03-18 00:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2016-04-13 15:32 - 2016-03-18 00:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2016-04-13 15:32 - 2016-03-18 00:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2016-04-13 15:32 - 2016-03-18 00:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2016-04-13 15:32 - 2016-03-18 00:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2016-04-13 15:32 - 2016-03-18 00:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2016-04-13 15:32 - 2016-03-18 00:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2016-04-13 15:32 - 2016-03-18 00:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2016-04-13 15:32 - 2016-03-18 00:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2016-04-13 15:32 - 2016-03-18 00:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2016-04-13 15:32 - 2016-03-18 00:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2016-04-13 15:32 - 2016-03-18 00:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2016-04-13 15:32 - 2016-03-18 00:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll

2016-04-13 15:32 - 2016-03-18 00:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2016-04-13 15:32 - 2016-03-18 00:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2016-04-13 15:32 - 2016-03-18 00:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll

2016-04-13 15:32 - 2016-03-18 00:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2016-04-13 15:32 - 2016-03-18 00:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2016-04-13 15:32 - 2016-03-18 00:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2016-04-13 15:32 - 2016-03-18 00:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2016-04-13 15:32 - 2016-03-18 00:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2016-04-13 15:32 - 2016-03-18 00:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2016-04-13 15:32 - 2016-03-18 00:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2016-04-13 15:32 - 2016-03-18 00:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2016-04-13 15:32 - 2016-03-18 00:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2016-04-13 15:32 - 2016-03-18 00:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2016-04-13 15:32 - 2016-03-18 00:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2016-04-13 15:32 - 2016-03-18 00:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2016-04-13 15:32 - 2016-03-18 00:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2016-04-13 15:32 - 2016-03-18 00:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2016-04-13 15:32 - 2016-03-18 00:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2016-04-13 15:32 - 2016-03-18 00:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2016-04-13 15:32 - 2016-03-18 00:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2016-04-13 15:32 - 2016-03-18 00:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2016-04-13 15:32 - 2016-03-18 00:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2016-04-13 15:32 - 2016-03-18 00:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2016-04-13 15:32 - 2016-03-18 00:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll

2016-04-13 15:32 - 2016-03-18 00:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2016-04-13 15:32 - 2016-03-18 00:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll

2016-04-13 15:32 - 2016-03-18 00:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2016-04-13 15:32 - 2016-03-18 00:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2016-04-13 15:32 - 2016-03-18 00:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2016-04-13 15:32 - 2016-03-18 00:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2016-04-13 15:32 - 2016-03-18 00:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2016-04-13 15:32 - 2016-03-18 00:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2016-04-13 15:32 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2016-04-13 15:32 - 2016-03-17 23:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2016-04-13 15:32 - 2016-03-17 23:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2016-04-13 15:32 - 2016-03-17 23:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2016-04-13 15:32 - 2016-03-17 23:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2016-04-13 15:32 - 2016-03-17 23:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2016-04-13 15:32 - 2016-03-17 23:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2016-04-13 15:32 - 2016-03-17 23:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2016-04-13 15:32 - 2016-03-17 23:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2016-04-13 15:32 - 2016-03-17 23:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2016-04-13 15:32 - 2016-03-17 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2016-04-13 15:32 - 2016-03-17 23:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2016-04-13 15:32 - 2016-03-17 23:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2016-04-13 15:32 - 2016-03-17 23:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2016-04-13 15:32 - 2016-03-17 23:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2016-04-13 15:32 - 2016-03-17 23:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2016-04-13 15:32 - 2016-03-17 23:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2016-04-13 15:32 - 2016-03-17 23:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2016-04-13 15:32 - 2016-03-17 23:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2016-04-13 15:32 - 2016-03-17 23:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2016-04-13 15:32 - 2016-03-17 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2016-04-13 15:32 - 2016-03-17 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2016-04-13 15:32 - 2016-03-16 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll

2016-04-13 15:32 - 2016-03-16 20:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll

2016-04-13 15:32 - 2016-03-16 20:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll

2016-04-13 15:32 - 2016-02-05 21:03 - 00147904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys

2016-04-13 15:32 - 2016-01-21 02:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys

2016-04-13 15:31 - 2016-03-16 02:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll

2016-04-13 15:31 - 2016-03-16 02:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll

2016-04-13 15:31 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2016-04-13 15:31 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2016-04-13 14:18 - 2016-04-13 14:18 - 00001104 _____ C:\Users\Laptop\Desktop\Battle.net.lnk

2016-04-13 06:55 - 2015-11-05 20:36 - 00018600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110_clr0400.dll

2016-04-13 06:55 - 2015-11-05 20:36 - 00018600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110_clr0400.dll

2016-04-13 06:55 - 2015-11-05 20:34 - 00018592 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110_clr0400.dll

2016-04-13 06:55 - 2015-11-05 20:34 - 00018592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110_clr0400.dll

2016-04-13 06:55 - 2015-10-22 10:09 - 00993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll

2016-04-13 06:55 - 2015-10-22 10:09 - 00987848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll

2016-04-13 06:55 - 2015-10-22 10:08 - 00690016 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll

2016-04-13 06:55 - 2015-10-22 10:08 - 00484552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll

2016-04-13 03:04 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2016-04-13 03:04 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2016-04-13 03:04 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2016-04-13 03:04 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2016-04-13 03:03 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2016-04-13 03:03 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2016-04-13 03:03 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2016-04-13 03:03 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2016-04-12 20:55 - 2016-04-12 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II

2016-04-12 20:33 - 2016-04-16 19:24 - 00000000 ____D C:\Users\Laptop\Documents\StarCraft II

2016-04-12 20:23 - 2015-07-15 20:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys

2016-04-12 20:23 - 2015-07-15 20:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll

2016-04-12 20:14 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2016-04-12 20:14 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll

2016-04-12 20:14 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2016-04-12 20:14 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2016-04-12 20:14 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys

2016-04-12 20:14 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2016-04-12 20:13 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2016-04-12 20:13 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2016-04-12 20:13 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2016-04-12 20:13 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll

2016-04-12 20:13 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll

2016-04-12 20:13 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2016-04-12 20:13 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2016-04-12 20:13 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll

2016-04-12 20:04 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll

2016-04-12 20:04 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll

2016-04-12 20:04 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll

2016-04-12 20:04 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll

2016-04-12 20:04 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll

2016-04-12 20:04 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll

2016-04-12 20:04 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll

2016-04-12 20:04 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll

2016-04-12 20:04 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll

2016-04-12 20:04 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll

2016-04-12 20:04 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll

2016-04-12 20:04 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll

2016-04-12 20:04 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll

2016-04-12 20:04 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll

2016-04-12 19:59 - 2015-07-23 02:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2016-04-12 19:59 - 2015-07-22 19:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2016-04-12 19:53 - 2015-12-08 23:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL

2016-04-12 19:53 - 2015-12-08 23:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2016-04-12 19:53 - 2015-12-08 23:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2016-04-12 19:53 - 2015-12-08 23:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll

2016-04-12 19:53 - 2015-12-08 23:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax

2016-04-12 19:53 - 2015-12-08 23:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll

2016-04-12 19:53 - 2015-12-08 23:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll

2016-04-12 19:53 - 2015-12-08 21:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2016-04-12 19:53 - 2015-12-08 21:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll

2016-04-12 19:53 - 2015-12-08 21:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL

2016-04-12 19:53 - 2015-12-08 21:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll

2016-04-12 19:53 - 2015-12-08 21:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2016-04-12 19:53 - 2015-12-08 21:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll

2016-04-12 19:53 - 2015-12-08 21:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll

2016-04-12 19:53 - 2015-12-08 21:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll

2016-04-12 19:53 - 2015-12-08 21:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax

2016-04-12 19:53 - 2015-12-08 20:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys

2016-04-12 19:53 - 2015-12-08 20:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

2016-04-12 19:53 - 2015-12-08 20:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys

2016-04-12 19:52 - 2015-09-23 15:18 - 00459344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2016-04-12 19:52 - 2015-09-23 15:18 - 00298192 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll

2016-04-12 19:52 - 2015-09-23 15:08 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll

2016-04-12 19:52 - 2015-09-14 23:40 - 00634432 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2016-04-12 19:52 - 2015-06-03 22:17 - 00546656 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe

2016-04-12 19:49 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll

2016-04-12 19:44 - 2016-04-12 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm

2016-04-12 19:44 - 2015-07-10 19:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2016-04-12 19:44 - 2015-07-10 19:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll

2016-04-12 19:44 - 2015-07-10 19:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll

2016-04-12 19:44 - 2015-07-10 19:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2016-04-12 19:44 - 2015-07-10 19:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2016-04-12 19:44 - 2015-07-10 19:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2016-04-12 19:43 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll

2016-04-12 19:43 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe

2016-04-12 19:43 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe

2016-04-12 19:43 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe

2016-04-12 19:43 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe

2016-04-12 19:43 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe

2016-04-12 19:43 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll

2016-04-12 19:43 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe

2016-04-12 19:43 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe

2016-04-12 19:43 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe

2016-04-12 19:43 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe

2016-04-12 19:43 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe

2016-04-12 19:35 - 2015-07-15 05:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll

2016-04-12 19:35 - 2014-10-14 04:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2016-04-12 19:28 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys

2016-04-12 19:27 - 2015-11-10 20:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll

2016-04-12 19:27 - 2015-11-10 20:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll

2016-04-12 19:24 - 2016-02-03 20:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS

2016-04-12 19:24 - 2013-11-27 03:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2016-04-12 19:24 - 2013-11-27 03:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2016-04-12 19:24 - 2013-11-27 03:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2016-04-12 19:24 - 2013-11-27 03:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2016-04-12 19:24 - 2013-11-27 03:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2016-04-12 19:24 - 2013-11-27 03:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2016-04-12 19:24 - 2013-11-27 03:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2016-04-12 19:22 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2016-04-12 19:22 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2016-04-12 19:22 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2016-04-12 19:22 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2016-04-12 19:22 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2016-04-12 19:22 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2016-04-12 19:22 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2016-04-12 19:22 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2016-04-12 19:19 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys

2016-04-12 19:19 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys

2016-04-12 19:06 - 2016-04-12 19:06 - 00000000 ____D C:\Users\Laptop\Documents\Heroes of the Storm

2016-04-12 19:05 - 2016-02-05 20:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2016-04-12 19:05 - 2016-02-05 20:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2016-04-12 19:05 - 2016-02-05 20:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2016-04-12 19:05 - 2016-02-05 20:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2016-04-12 19:05 - 2016-02-05 20:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2016-04-12 19:05 - 2016-02-05 20:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2016-04-12 19:05 - 2016-02-05 19:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2016-04-12 19:05 - 2016-02-05 19:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2016-04-12 19:05 - 2016-02-05 19:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2016-04-12 19:04 - 2016-02-05 20:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2016-04-12 18:46 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe

2016-04-12 18:46 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

2016-04-12 18:45 - 2014-11-11 05:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

2016-04-12 18:45 - 2014-11-11 04:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

2016-04-12 18:36 - 2012-07-06 22:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys

2016-04-12 18:35 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys

2016-04-12 18:08 - 2014-07-17 04:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2016-04-12 18:08 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2016-04-12 18:08 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2016-04-12 18:08 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2016-04-12 18:08 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2016-04-12 18:07 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2016-04-12 18:07 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll

2016-04-12 18:07 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2016-04-12 18:07 - 2012-04-26 07:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll

2016-04-12 18:07 - 2012-04-26 07:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe

2016-04-12 18:00 - 2015-12-08 23:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2016-04-12 18:00 - 2015-12-08 21:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2016-04-12 17:59 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll

2016-04-12 17:59 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe

2016-04-12 17:59 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe

2016-04-12 17:59 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll

2016-04-12 17:51 - 2012-05-14 07:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll

2016-04-12 17:50 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys

2016-04-12 17:50 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll

2016-04-12 17:50 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll

2016-04-12 17:50 - 2011-02-23 06:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys

2016-04-12 17:35 - 2015-02-04 05:16 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2016-04-12 17:35 - 2015-02-04 04:54 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2016-04-12 17:35 - 2013-10-12 04:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll

2016-04-12 17:35 - 2013-10-12 04:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL

2016-04-12 17:35 - 2013-10-12 04:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL

2016-04-12 17:35 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll

2016-04-12 17:35 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL

2016-04-12 17:35 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

2016-04-12 16:05 - 2016-04-12 16:05 - 00000000 ____D C:\ProgramData\Riot Games

2016-04-12 14:54 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll

2016-04-12 14:54 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll

2016-04-12 14:54 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll

2016-04-12 14:54 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll

2016-04-12 14:54 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll

2016-04-12 14:53 - 2016-04-12 14:53 - 00001577 _____ C:\Users\Public\Desktop\League of Legends.lnk

2016-04-12 14:53 - 2016-04-12 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends

2016-04-12 14:49 - 2016-04-12 14:54 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\Riot Games

2016-04-12 14:31 - 2016-04-22 22:17 - 00000000 ____D C:\Program Files (x86)\StarCraft II

2016-04-12 14:30 - 2016-04-30 17:01 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm

2016-04-12 14:27 - 2016-04-16 19:21 - 00000000 ____D C:\Users\Laptop\AppData\Local\Blizzard Entertainment

2016-04-12 14:27 - 2016-04-16 19:19 - 00000000 ____D C:\ProgramData\Blizzard Entertainment

2016-04-12 14:26 - 2016-04-30 23:56 - 00000000 ____D C:\Users\Laptop\AppData\Local\Battle.net

2016-04-11 21:48 - 2016-04-11 21:48 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf

2016-04-11 21:48 - 2016-04-11 21:48 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\LSC

2016-04-11 21:47 - 2016-04-11 21:47 - 00000000 ____D C:\ProgramData\Lenovo

2016-04-11 21:41 - 2016-04-11 21:41 - 00987728 _____ (Google Inc.) C:\Users\Laptop\Downloads\ChromeSetup.exe

2016-04-11 21:31 - 2016-04-11 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2016-04-11 21:31 - 2016-04-11 21:29 - 00028312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetNd6.sys

2016-04-11 21:30 - 2016-04-11 21:30 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2016-04-11 21:30 - 2016-04-11 21:30 - 00536312 _____ (AVAST Software) C:\Windows\system32\Drivers\ASWNETSEC.sys

2016-04-11 21:30 - 2016-04-11 21:30 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2016-04-11 21:30 - 2016-04-11 21:30 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2016-04-11 21:30 - 2016-04-11 21:30 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys

2016-04-11 21:30 - 2016-04-11 21:30 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys

2016-04-11 21:29 - 2016-04-11 17:19 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2016-04-11 18:16 - 2016-04-11 18:16 - 00000000 ____D C:\Users\Laptop\AppData\Local\Steam

2016-04-11 18:16 - 2016-04-11 18:16 - 00000000 ____D C:\Users\Laptop\AppData\Local\CEF

2016-04-11 18:10 - 2016-04-12 14:28 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\Battle.net

2016-04-11 18:09 - 2016-04-11 18:10 - 30993712 _____ (Riot Games) C:\Users\Laptop\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe

2016-04-11 18:08 - 2016-04-12 14:53 - 00000000 ____D C:\Games

2016-04-11 18:08 - 2016-04-11 18:10 - 00000000 ____D C:\ProgramData\Battle.net

2016-04-11 18:08 - 2016-04-11 18:08 - 00000679 _____ C:\Users\Public\Desktop\Steam.lnk

2016-04-11 18:08 - 2016-04-11 18:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

2016-04-11 18:01 - 2016-04-11 18:01 - 05052424 _____ (AVAST Software) C:\Users\Laptop\Downloads\avast_premier_antivirus_setup_online.exe

2016-04-11 17:51 - 2016-04-16 00:52 - 00000000 ____D C:\Users\Laptop\AppData\Local\NVIDIA Corporation

2016-04-11 17:51 - 2016-04-15 23:06 - 00000000 ____D C:\Users\Laptop\AppData\Local\NVIDIA

2016-04-11 17:51 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll

2016-04-11 17:51 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll

2016-04-11 17:51 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll

2016-04-11 17:51 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll

2016-04-11 17:51 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll

2016-04-11 17:51 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll

2016-04-11 17:29 - 2016-04-11 21:31 - 00003122 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1460388532

2016-04-11 17:29 - 2016-04-11 17:29 - 00001054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk

2016-04-11 17:25 - 2016-04-11 17:25 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\AVAST Software

2016-04-11 17:23 - 2016-04-28 10:59 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2016-04-11 17:23 - 2016-04-11 17:23 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software

2016-04-11 17:23 - 2016-04-11 17:23 - 00000000 ____D C:\Program Files\Common Files\AV

2016-04-11 17:22 - 2016-04-11 17:19 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2016-04-11 17:22 - 2016-04-11 17:19 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2016-04-11 17:22 - 2016-04-11 17:19 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys

2016-04-11 17:18 - 2016-04-11 17:18 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr

2016-04-11 17:14 - 2016-04-11 17:27 - 00000000 ____D C:\Program Files\AVAST Software

2016-04-11 17:13 - 2016-04-11 17:27 - 00000000 ____D C:\ProgramData\AVAST Software

2016-04-11 17:10 - 2016-04-11 21:47 - 00000000 ____D C:\Users\Laptop\AppData\Local\LSC

2016-04-11 16:58 - 2016-04-11 16:58 - 16777216 _____ C:\Windows\system32\config\CLEANS.okr

2016-04-11 16:58 - 2016-04-11 16:58 - 16777216 _____ C:\Windows\system32\config\CLEANS

2016-04-11 16:52 - 2016-04-11 16:52 - 00065536 _____ C:\Windows\system32\ExchangSector.bin

2016-04-11 16:48 - 2016-04-11 16:48 - 00000000 ____D C:\Users\Laptop\Documents\Bluetooth Exchange Folder

2016-04-11 16:48 - 2016-04-11 16:48 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\Intel Corporation

2016-04-11 16:48 - 2016-04-11 16:48 - 00000000 ____D C:\Users\Laptop\AppData\Local\Broadcom

2016-04-11 16:48 - 2016-04-11 16:48 - 00000000 ____D C:\Users\Laptop\AppData\Local\Adobe

2016-04-11 16:47 - 2016-04-11 16:47 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\Adobe

2016-04-11 16:46 - 2016-04-11 16:46 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\Leadertech

2016-04-11 16:44 - 2016-04-11 16:44 - 00001462 _____ C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2016-04-11 16:44 - 2016-04-11 16:44 - 00001428 _____ C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2016-04-11 16:38 - 2016-04-11 16:38 - 00000000 ___HD C:\SWTOOLS

2016-04-11 16:38 - 2016-04-11 16:38 - 00000000 ____D C:\Program Files (x86)\Amazon

2016-04-11 16:37 - 2016-04-11 16:37 - 00090624 _____ C:\Users\Public\AlexaNSISPlugin.4408.dll

2016-04-11 16:37 - 2016-04-11 16:37 - 00000000 _____ C:\Windows\firstboot.dat

2016-04-11 16:36 - 2016-04-11 16:36 - 00000000 ____D C:\Users\Laptop\AppData\Local\VirtualStore

2016-04-11 16:36 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2016-04-11 16:36 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2016-04-11 16:36 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2016-04-11 16:36 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2016-04-11 16:36 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2016-04-11 16:36 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2016-04-11 16:36 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2016-04-11 16:36 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2016-04-11 16:36 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2016-04-11 16:36 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2016-04-11 16:36 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2016-04-11 16:36 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2016-04-11 16:36 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2016-04-11 16:36 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2016-04-11 16:35 - 2016-04-11 16:45 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo

2016-04-11 16:35 - 2016-04-11 16:44 - 00000000 ____D C:\Users\Laptop

2016-04-11 16:35 - 2016-04-11 16:35 - 00000020 ___SH C:\Users\Laptop\ntuser.ini

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Public\Documents\Moje wideo

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Public\Documents\Moje obrazy

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Public\Documents\Moja muzyka

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Laptop\Ustawienia lokalne

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Laptop\Szablony

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Laptop\Moje dokumenty

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Laptop\Menu Start

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Laptop\Documents\Moje wideo

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Laptop\Documents\Moje obrazy

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Laptop\Documents\Moja muzyka

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Laptop\Dane aplikacji

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programy

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Laptop\AppData\Local\Historia

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Laptop\AppData\Local\Dane aplikacji

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Default\Ustawienia lokalne

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Default\Szablony

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Default\Moje dokumenty

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Default\Menu Start

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Default\Documents\Moje wideo

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Default\Documents\Moje obrazy

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Default\Documents\Moja muzyka

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Default\Dane aplikacji

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Default\AppData\Local\Historia

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Default\AppData\Local\Dane aplikacji

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Default User\Documents\Moje wideo

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Default User\Documents\Moje obrazy

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Default User\Documents\Moja muzyka

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programy

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Historia

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Dane aplikacji

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\ProgramData\Ulubione

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\ProgramData\Szablony

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\ProgramData\Pulpit

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programy

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\ProgramData\Menu Start

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\ProgramData\Dokumenty

2016-04-11 16:35 - 2016-04-11 16:35 - 00000000 _SHDL C:\ProgramData\Dane aplikacji

2016-04-11 16:35 - 2012-08-04 01:32 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\Macromedia

2016-04-11 16:35 - 2011-10-10 10:19 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\Media Center Programs

 

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

 

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

 

2016-05-03 12:46 - 2012-08-04 01:30 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-05-03 12:40 - 2012-08-04 01:30 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-05-03 12:39 - 1601-01-02 06:16 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-05-03 12:10 - 1601-01-02 06:16 - 00092791 _____ C:\Windows\system32\fastboot.set

2016-05-03 11:52 - 1601-01-02 06:16 - 01664728 _____ C:\Windows\system32\PerfStringBackup.INI

2016-05-03 11:52 - 1601-01-02 06:16 - 00738702 _____ C:\Windows\system32\perfh015.dat

2016-05-03 11:52 - 1601-01-02 06:16 - 00155146 _____ C:\Windows\system32\perfc015.dat

2016-04-28 10:58 - 1601-01-02 06:16 - 00062864 _____ C:\Users\Laptop\AppData\Local\GDIPFONTCACHEV1.DAT

2016-04-21 20:30 - 1601-01-02 06:16 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2016-04-19 19:11 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism

2016-04-19 19:11 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism

2016-04-18 16:30 - 1601-01-02 06:16 - 00221184 _____ C:\Windows\system32\umstartup.etl

2016-04-18 16:30 - 1601-01-02 06:16 - 00018432 _____ C:\Windows\system32\umstartup000.etl

2016-04-17 02:00 - 2011-10-10 10:19 - 00000000 ____D C:\Program Files\Windows Journal

2016-04-17 02:00 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\winrm

2016-04-17 02:00 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\WCN

2016-04-17 02:00 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\slmgr

2016-04-17 02:00 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts

2016-04-17 02:00 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\winrm

2016-04-17 02:00 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\WCN

2016-04-17 02:00 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\slmgr

2016-04-17 02:00 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts

2016-04-17 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar

2016-04-17 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer

2016-04-17 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender

2016-04-17 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker

2016-04-17 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar

2016-04-17 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2016-04-17 02:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2016-04-17 02:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz

2016-04-17 02:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\migwiz

2016-04-17 02:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\servicing

2016-04-15 17:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf

2016-04-15 01:25 - 1601-01-02 06:16 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

2016-04-15 01:10 - 1601-01-02 06:16 - 01638822 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2016-04-13 09:32 - 1601-01-02 06:16 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.146053269406101

2016-04-13 09:32 - 1601-01-02 06:16 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys

2016-04-11 21:42 - 1601-01-02 06:16 - 00002284 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-04-11 21:42 - 1601-01-02 06:16 - 00002272 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-04-11 21:41 - 1601-01-02 06:16 - 00004044 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2016-04-11 21:41 - 1601-01-02 06:16 - 00003792 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2016-04-11 17:08 - 2009-07-14 06:45 - 00031840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-04-11 17:08 - 2009-07-14 06:45 - 00031840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-04-11 16:58 - 2012-08-04 01:31 - 00000000 __SHD C:\SysPart

2016-04-11 16:46 - 2012-08-04 01:29 - 00000000 ____D C:\ProgramData\VeriFace

2016-04-11 16:42 - 2012-08-04 01:26 - 00000000 ____D C:\swshare

2016-04-11 16:38 - 2012-08-04 00:47 - 00000042 _____ C:\Windows\SysWOW64\Drivers\17AA_Lenovo_Lenovo_G780_Lenovo_G780.MRK

2016-04-11 16:38 - 2011-02-24 19:03 - 00000000 ____D C:\Windows\Panther

2016-04-11 16:37 - 2012-08-04 01:24 - 00000000 ____D C:\ProgramData\McAfee

2016-04-11 16:35 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries

2016-04-11 16:35 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Windows NT

2016-04-11 16:33 - 2012-08-04 01:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo

2016-04-11 16:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache

2016-04-11 16:31 - 2009-07-14 06:45 - 00292824 _____ C:\Windows\system32\FNTCACHE.DAT

 

Pliki do przeniesienia lub usunięcia:

====================

C:\Users\Public\AlexaNSISPlugin.4408.dll

 

 

Niektóre pliki w TEMP:

====================

C:\Users\Laptop\AppData\Local\Temp\vcredist_x64.exe

C:\Users\Laptop\AppData\Local\Temp\vcredist_x86.exe

 

 

==================== Bamital & volsnap =================

 

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

 

C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo

C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo

C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo

C:\Windows\explorer.exe => Plik podpisany cyfrowo

C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo

C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo

C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo

C:\Windows\system32\services.exe => Plik podpisany cyfrowo

C:\Windows\system32\User32.dll => Plik podpisany cyfrowo

C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo

C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo

C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo

C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo

C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo

C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo

C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo

 

 

LastRegBack: 2016-04-28 00:36

 

==================== Koniec  FRST.txt ============================

 

Hello,

I'm fighting with problems with my computer (lenovo G780 on windows 764bit) for some time, and till now nothing helped. So I was hoping you guys can help me.

 

So in general, About 2 weeks ago i decided to clean my Windows after few years of using. I reinstalled it, as well with other programs and games I'm using. But from this moment some weird things have started.

- First of all the computer is working slower than before reinstallation.

- Secondly my antivir Avast premier is turning it self off, I mean its working in background but saying that im not secured and fire wall is turned off, I can turn it on but after some time its same story.

- Thirdly, right now I see that after I turn on the computer, and before i start using any kind of program, the svchost process is using more than 1 500 000 Kb of memory. 

- another thing is that windows update cannot install new updates. It download them, install and after reboot when it try to configure them it shows info, that it cannot be done and restart computer without upling the updates.

 

I was thinking it some problem with HDD so i tryed to run CHKDSK but it was unsuccesfull. So I removed the disk and went for another computer to do it from another windows instance. It was possible without any problems. Windows corrected all errors. I defragmented disk and serched for bad sectors, but everything was fine. 

 

Till now I tried to scan computer with avast (it cannot find anything and the avast cleanup scan stops at 99% and cannot move further regardless how much I will wait for it). Tried as well microsoft security essentials but it didn't found nothing. Downloaded Malwarebytes and scanned computer without any result.

I used even Webroot SecureAnywhere Endpoint Protectiona at my work, this one actually founded some infected files and removed them with success. But it didn't helped, computer is still slow and not working correctly.

 

I'm not sure what should I do now as its kind annoying to work on it, and I have no idea what should i do next.

 

Kind regards 
Pawel

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:43 AM

Posted 03 May 2016 - 02:33 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Google Inc.) C:\Windows\Temp\CR_E69EE.tmp\setup.exe
(Google Inc.) C:\Windows\Temp\CR_E69EE.tmp\setup.exe
HKU\S-1-5-21-3506106218-1799370102-204394789-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => Brak pliku
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => Brak pliku
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => Brak pliku
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll => Brak pliku
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => Brak pliku
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll => Brak pliku
CHR Extension: (Avast Online Security) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-11]
CHR Extension: (Platnosci w sklepie Chrome Web Store) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-11]
CHR Extension: (Avast Online Security) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-11]
CHR Extension: (Platnosci w sklepie Chrome Web Store) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-11]
CHR HKLM-x32\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - C:\Program Files (x86)\Amazon\ABB\AmazonChrome-lenovo-abb.crx [2012-02-18]
C:\Windows\Temp\CR_E69EE.tmp
C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
---

Reset the browsers that have been compromised.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.

====

Please let me know what problem persists with this computer.

#3 Deriath

Deriath
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 PM

Posted 03 May 2016 - 03:35 PM

Hello there Nasdaq,

I did everything u requested. Bellow log after fix. 

Right now i cannot see much of the difference (I think is working a bit faster), but I will do proper testing tomorrow and write results.

 

edit:

 

After few moments i see that svchost is still using much of resources.

 

Log: 

Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:03-05-2016
Uruchomiony przez Laptop (2016-05-03 22:18:27) Run:1
Uruchomiony z C:\Users\Laptop\Downloads
Załadowane profile: Laptop (Dostępne profile: Laptop)
Tryb startu: Normal
==============================================
 
fixlist - zawartość:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(Google Inc.) C:\Windows\Temp\CR_E69EE.tmp\setup.exe
(Google Inc.) C:\Windows\Temp\CR_E69EE.tmp\setup.exe
HKU\S-1-5-21-3506106218-1799370102-204394789-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => Brak pliku
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => Brak pliku
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => Brak pliku
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll => Brak pliku
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => Brak pliku
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll => Brak pliku
CHR Extension: (Avast Online Security) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-11]
CHR Extension: (Platnosci w sklepie Chrome Web Store) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-11]
CHR Extension: (Avast Online Security) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-11]
CHR Extension: (Platnosci w sklepie Chrome Web Store) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-11]
CHR HKLM-x32\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - C:\Program Files (x86)\Amazon\ABB\AmazonChrome-lenovo-abb.crx [2012-02-18]
C:\Windows\Temp\CR_E69EE.tmp
C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
End
*****************
 
Błąd: (0) Nie udało się utworzyć punktu przywracania.
Procesy zostały pomyślnie zamknięte.
C:\Windows\Temp\CR_E69EE.tmp\setup.exe => Nie odnaleziono uruchomionego procesu
C:\Windows\Temp\CR_E69EE.tmp\setup.exe => Nie odnaleziono uruchomionego procesu
HKU\S-1-5-21-3506106218-1799370102-204394789-1002\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => nie znaleziono.
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => nie znaleziono.
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => nie znaleziono.
C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll => nie znaleziono.
C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => nie znaleziono.
C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll => nie znaleziono.
C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => pomyślnie przeniesiono
C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => pomyślnie przeniesiono
C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => nie znaleziono
C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => nie znaleziono
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => klucz pomyślnie usunięto
Nie można przenieść "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Zaplanowany do przeniesienia przy restarcie.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam" => klucz pomyślnie usunięto
C:\Program Files (x86)\Amazon\ABB\AmazonChrome-lenovo-abb.crx => pomyślnie przeniesiono
C:\Windows\Temp\CR_E69EE.tmp => pomyślnie przeniesiono
"C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => nie znaleziono.
EmptyTemp: => 3.6 GB danych tymczasowych Usunięto.
 
Rezultat przenoszenia plików przy restarcie (Tryb startu: Normal) (Data i godzina: 2016-05-03 22:24:21)
 
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Nie można przenieść
 
==== Koniec  Fixlog 22:24:21 ====

Edited by Deriath, 03 May 2016 - 03:39 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:43 AM

Posted 04 May 2016 - 06:38 AM

Please Download and run the ComboFix tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

====

Let me know how the computer is performing.

#5 Deriath

Deriath
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 PM

Posted 04 May 2016 - 02:37 PM

Firstly sorry for second thread. I guess due to my slow working computer i created the same one two times.

Secondly, if there is any specific time this combofix tool should scan computer? Because it stopped at step 4 for an hour right now.

Regarding computer svchost is still using a lot from resources... Problrm with slow working computer persist. Only chrome is working faster.

 

edit:

 

After some time error came that pev.3xe has been crashed and need to be stopped. 


Edited by Deriath, 05 May 2016 - 12:06 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:43 AM

Posted 05 May 2016 - 06:24 AM

That pev.3xe is used by Combofix.

Lets try this scan.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
process; 
startupall;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

#7 Deriath

Deriath
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 PM

Posted 05 May 2016 - 11:23 PM

Good morning, 

Attaching report can be problematic as zoek is going now for 7 hours and stuck on Checking input...



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:43 AM

Posted 06 May 2016 - 06:41 AM

Close the process and start over.

It should complete withing 30 minutes, however you computer is slow it may take longer but not 20 hours.

If it takes too long close the process and do the scan with only this command for now.

autoclean;

Post the log when ready.

#9 Deriath

Deriath
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 PM

Posted 06 May 2016 - 07:53 AM

Will do as first thing after going back home, so in the next 3,5 hrs. 



#10 Deriath

Deriath
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 PM

Posted 06 May 2016 - 11:00 AM

I guess that, unfortunatly, it will not work... Its scanning for 45 minutes right now, its stuck on checking input...

 

EDIT: 

 

What is weard, there is no zoek proccess in task list..


Edited by Deriath, 06 May 2016 - 11:41 AM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:43 AM

Posted 07 May 2016 - 07:23 AM

You may have a rootkit infection.

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Wait for further instructions.

#12 Deriath

Deriath
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 PM

Posted 07 May 2016 - 11:58 AM

All done.

 

Report from tdss:
 
18:35:58.0607 0x1a5c  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
18:36:03.0777 0x1a5c  ============================================================
18:36:03.0777 0x1a5c  Current date / time: 2016/05/07 18:36:03.0777
18:36:03.0777 0x1a5c  SystemInfo:
18:36:03.0777 0x1a5c  
18:36:03.0777 0x1a5c  OS Version: 6.1.7601 ServicePack: 1.0
18:36:03.0777 0x1a5c  Product type: Workstation
18:36:03.0777 0x1a5c  ComputerName: LAPTOP-KOMPUTER
18:36:03.0777 0x1a5c  UserName: Laptop
18:36:03.0777 0x1a5c  Windows directory: C:\Windows
18:36:03.0777 0x1a5c  System windows directory: C:\Windows
18:36:03.0777 0x1a5c  Running under WOW64
18:36:03.0777 0x1a5c  Processor architecture: Intel x64
18:36:03.0777 0x1a5c  Number of processors: 4
18:36:03.0777 0x1a5c  Page size: 0x1000
18:36:03.0777 0x1a5c  Boot type: Normal boot
18:36:03.0777 0x1a5c  ============================================================
18:36:03.0862 0x1a5c  KLMD registered as C:\Windows\system32\drivers\74839079.sys
18:36:04.0191 0x1a5c  System UUID: {F365A2E0-17CE-9FD5-939A-A3520F1E0329}
18:36:04.0909 0x1a5c  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:36:04.0931 0x1a5c  Drive \Device\Harddisk1\DR1 - Size: 0x1D1DFF000 ( 7.28 Gb ), SectorSize: 0x200, Cylinders: 0x3B6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:36:04.0933 0x1a5c  ============================================================
18:36:04.0933 0x1a5c  \Device\Harddisk0\DR0:
18:36:04.0933 0x1a5c  MBR partitions:
18:36:04.0933 0x1a5c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
18:36:04.0933 0x1a5c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x38AE0800
18:36:04.0963 0x1a5c  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38B46000, BlocksNum 0x18FFF800
18:36:04.0978 0x1a5c  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x51B46000, BlocksNum 0x32EF800
18:36:04.0978 0x1a5c  \Device\Harddisk1\DR1:
18:36:04.0979 0x1a5c  MBR partitions:
18:36:04.0979 0x1a5c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0xE8D078
18:36:04.0979 0x1a5c  ============================================================
18:36:05.0027 0x1a5c  C: <-> \Device\Harddisk0\DR0\Partition2
18:36:05.0052 0x1a5c  D: <-> \Device\Harddisk0\DR0\Partition3
18:36:05.0096 0x1a5c  E: <-> \Device\Harddisk0\DR0\Partition4
18:36:05.0097 0x1a5c  ============================================================
18:36:05.0097 0x1a5c  Initialize success
18:36:05.0097 0x1a5c  ============================================================
18:36:23.0887 0x1988  ============================================================
18:36:23.0887 0x1988  Scan started
18:36:23.0887 0x1988  Mode: Manual; 
18:36:23.0887 0x1988  ============================================================
18:36:23.0887 0x1988  KSN ping started
18:36:26.0692 0x1988  KSN ping finished: true
18:36:27.0668 0x1988  ================ Scan system memory ========================
18:36:27.0668 0x1988  System memory - ok
18:36:27.0669 0x1988  ================ Scan services =============================
18:36:27.0890 0x1988  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:36:27.0896 0x1988  1394ohci - ok
18:36:27.0983 0x1988  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:36:27.0989 0x1988  ACPI - ok
18:36:28.0028 0x1988  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:36:28.0030 0x1988  AcpiPmi - ok
18:36:28.0074 0x1988  [ 5E813B11629007309E4FC0F0FD2B7C30, A8FDC3994D236248B7FAEA572E987C8D5903AF5305E06D624909DE786FA811BA ] ACPIVPC         C:\Windows\system32\DRIVERS\AcpiVpc.sys
18:36:28.0077 0x1988  ACPIVPC - ok
18:36:28.0247 0x1988  [ 11A52CF7B265631DEEB24C6149309EFF, CBA25D358185FD4BE261C6C1B518AD60F5D27D5FB418098AB262B10F5A11C178 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:36:28.0257 0x1988  Suspicious file ( Forged ): C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe. Real md5: 11A52CF7B265631DEEB24C6149309EFF, sha256: CBA25D358185FD4BE261C6C1B518AD60F5D27D5FB418098AB262B10F5A11C178, fake md5: FC5B75CA6A1DA31EDD4F8D53F5540B98, fake sha256: CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520
18:36:28.0257 0x1988  AdobeARMservice - detected ForgedFile.Multi.Generic ( 1 )
18:36:31.0059 0x1988  Detect skipped due to KSN trusted
18:36:31.0059 0x1988  AdobeARMservice - ok
18:36:31.0123 0x1988  AdobeFlashPlayerUpdateSvc - ok
18:36:31.0196 0x1988  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:36:31.0262 0x1988  adp94xx - ok
18:36:31.0310 0x1988  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:36:31.0318 0x1988  adpahci - ok
18:36:31.0327 0x1988  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:36:31.0332 0x1988  adpu320 - ok
18:36:31.0359 0x1988  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:36:31.0361 0x1988  AeLookupSvc - ok
18:36:31.0464 0x1988  [ 1C7857B62DE5994A75B054A9FD4C3825, 83F963D7E636532B1AD30B1E727EC429317CA540F6EB3BB268FCC0B163B67767 ] AFD             C:\Windows\system32\drivers\afd.sys
18:36:31.0476 0x1988  AFD - ok
18:36:31.0498 0x1988  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
18:36:31.0501 0x1988  agp440 - ok
18:36:31.0517 0x1988  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
18:36:31.0519 0x1988  ALG - ok
18:36:31.0598 0x1988  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:36:31.0600 0x1988  aliide - ok
18:36:31.0616 0x1988  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:36:31.0618 0x1988  amdide - ok
18:36:31.0633 0x1988  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:36:31.0635 0x1988  AmdK8 - ok
18:36:31.0639 0x1988  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
18:36:31.0642 0x1988  AmdPPM - ok
18:36:31.0671 0x1988  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:36:31.0675 0x1988  amdsata - ok
18:36:31.0683 0x1988  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
18:36:31.0688 0x1988  amdsbs - ok
18:36:31.0693 0x1988  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:36:31.0694 0x1988  amdxata - ok
18:36:31.0784 0x1988  [ A9FB80B0BBA6F765F4E691B7AD4963A7, 06BC740AF47ACECEE3707C433357F872EA0D9F2CA1B9FC2489FA3B421A262EF0 ] AppID           C:\Windows\system32\drivers\appid.sys
18:36:31.0786 0x1988  AppID - ok
18:36:31.0820 0x1988  [ C47B6624AF9AEE4146743DCB133A159D, 10D1E6C9F972C3A8CC304F38B0A52818A78D70B4AF71F6E22CE1773397FC2AB4 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:36:31.0822 0x1988  AppIDSvc - ok
18:36:31.0842 0x1988  [ 3977D4A871CA0D4F2ED1E7DB46829731, 2AF1C3225994769C3FD25CD7E9603964B035576F25B0B6D91545566E0722FFAA ] Appinfo         C:\Windows\System32\appinfo.dll
18:36:31.0844 0x1988  Appinfo - ok
18:36:31.0888 0x1988  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
18:36:31.0892 0x1988  arc - ok
18:36:31.0957 0x1988  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:36:31.0961 0x1988  arcsas - ok
18:36:32.0060 0x1988  [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:36:32.0203 0x1988  Suspicious file ( Forged ): C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe. Real md5: 9217D874131AE6FF8F642F124F00A555, sha256: BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495, fake md5: 660D597B7A78256734D7F3230B21B355, fake sha256: CAA19E8EFAD63B8975A4CD8EFD5CE5F21E056856D36BC5A9E48517F1E574ABBA
18:36:32.0203 0x1988  aspnet_state - detected ForgedFile.Multi.Generic ( 1 )
18:36:34.0988 0x1988  Detect skipped due to KSN trusted
18:36:34.0988 0x1988  aspnet_state - ok
18:36:35.0003 0x1988  aswHwid - ok
18:36:35.0038 0x1988  [ 786E8BCDFF674068F3C950615FC2E71C, B5803960297F9622F594EC113FF6C89221606FC6B26B02EA6F021BE38AA66794 ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
18:36:35.0051 0x1988  aswKbd - ok
18:36:35.0144 0x1988  aswMonFlt - ok
18:36:35.0228 0x1988  aswNetNd6 - ok
18:36:35.0425 0x1988  [ 5261F0E21A21027CDED0CD47D20E16F2, D56EE09C8F53D7CFC8E62F487C6733AF5CADC61A6839B7E80B5D8F4573E9DE1E ] aswNetSec       C:\Windows\system32\drivers\aswNetSec.sys
18:36:35.0502 0x1988  aswNetSec - ok
18:36:35.0541 0x1988  [ DF190688D993A3DB227BFB0BB40BD7D4, C7EDA64AE84001089AE2085B8336B7572DEDDCC80EAAA05D73C9C675CAD8C511 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
18:36:35.0549 0x1988  aswRdr - ok
18:36:35.0678 0x1988  [ D873455DFA27680585AE238503917DF5, CAD9CBCD24F33FF8E49C77C795F8FE0540243E455A6FC9E3035B8C15C9EEBD6C ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
18:36:35.0689 0x1988  aswRvrt - ok
18:36:35.0738 0x1988  [ A371A06EC8F4830C263D3F5CA5A11B65, 62E55DD439C106184F3AF73198D5CEAB5828A0EE1E30A13C35103B1B57966AB6 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
18:36:35.0771 0x1988  aswSnx - ok
18:36:35.0883 0x1988  [ 6B7F6CE19A16240EE9DE2C528897ED9C, 3B7C24F5B152B408D87DA70B01AD2E744DCB877D46602C0620931FCADB275E17 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
18:36:35.0899 0x1988  aswSP - ok
18:36:35.0951 0x1988  aswStm - ok
18:36:35.0997 0x1988  [ BA4CDCD8C0395E91C38CD2C5CE3E7FA2, EF037C9C62F67C3D4432C86E3F568F62AABF468C792EA75477FCBC8EC8151C29 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
18:36:36.0014 0x1988  aswVmm - ok
18:36:36.0073 0x1988  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:36:36.0088 0x1988  AsyncMac - ok
18:36:36.0235 0x1988  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:36:36.0237 0x1988  atapi - ok
18:36:36.0288 0x1988  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:36:36.0300 0x1988  AudioEndpointBuilder - ok
18:36:36.0369 0x1988  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:36:36.0387 0x1988  AudioSrv - ok
18:36:36.0422 0x1988  avast! Antivirus - ok
18:36:36.0459 0x1988  avast! Firewall - ok
18:36:36.0514 0x1988  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:36:36.0517 0x1988  AxInstSV - ok
18:36:36.0616 0x1988  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
18:36:36.0627 0x1988  b06bdrv - ok
18:36:36.0663 0x1988  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:36:36.0670 0x1988  b57nd60a - ok
18:36:36.0773 0x1988  [ BC9E4469FE2CE605902D4C8BB09E8236, 13C906DEE487E46037F6DAB82CD65B49CECCA8A7BAC9E1FFD34767AA288A9B76 ] bcbtums         C:\Windows\system32\drivers\bcbtums.sys
18:36:36.0777 0x1988  bcbtums - ok
18:36:36.0958 0x1988  [ FBC76C8D561D0AD159EF9452D9F328F6, 3A1A3E8ED48316ACF833554C50CAA3278C980F139332E9F35D889F1C46532FAA ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
18:36:37.0036 0x1988  BCM43XX - ok
18:36:37.0135 0x1988  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:36:37.0139 0x1988  BDESVC - ok
18:36:37.0206 0x1988  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:36:37.0267 0x1988  Beep - ok
18:36:37.0319 0x1988  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
18:36:37.0331 0x1988  BFE - ok
18:36:37.0391 0x1988  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
18:36:37.0408 0x1988  BITS - ok
18:36:37.0495 0x1988  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:36:37.0508 0x1988  blbdrive - ok
18:36:37.0535 0x1988  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:36:37.0538 0x1988  bowser - ok
18:36:37.0569 0x1988  [ AAA4F992F879977A000FE8B8C730CD2C, A109D3F7CA9D49B98FDA5CA34C60055690F72400CCC96D48076FA86086E4C74D ] BPntDrv         C:\Windows\system32\drivers\BPntDrv.sys
18:36:37.0571 0x1988  BPntDrv - ok
18:36:37.0648 0x1988  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
18:36:37.0651 0x1988  BrFiltLo - ok
18:36:37.0654 0x1988  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
18:36:37.0655 0x1988  BrFiltUp - ok
18:36:37.0698 0x1988  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
18:36:37.0703 0x1988  BridgeMP - ok
18:36:37.0811 0x1988  [ 8EF0D5C41EC907751B8429162B1239ED, 9CC25F1F93FACA6F6CE23F78EB58590C39A2E3C8A3ACDF400E8A9DE0757EADAE ] Browser         C:\Windows\System32\browser.dll
18:36:37.0814 0x1988  Browser - ok
18:36:37.0849 0x1988  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:36:37.0857 0x1988  Brserid - ok
18:36:37.0862 0x1988  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:36:37.0865 0x1988  BrSerWdm - ok
18:36:37.0879 0x1988  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:36:37.0889 0x1988  BrUsbMdm - ok
18:36:37.0913 0x1988  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:36:37.0931 0x1988  BrUsbSer - ok
18:36:38.0107 0x1988  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
18:36:38.0117 0x1988  BthEnum - ok
18:36:38.0172 0x1988  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:36:38.0188 0x1988  BTHMODEM - ok
18:36:38.0275 0x1988  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
18:36:38.0277 0x1988  BthPan - ok
18:36:38.0441 0x1988  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
18:36:38.0475 0x1988  BTHPORT - ok
18:36:38.0527 0x1988  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
18:36:38.0529 0x1988  bthserv - ok
18:36:38.0560 0x1988  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
18:36:38.0642 0x1988  BTHUSB - ok
18:36:38.0807 0x1988  [ 93F0E54C65EF7FCB56287FA685E4C4B7, FF8644C2F9DC4CDB1BDBD7C25968225769B2DAE7E063BE0FEDCD51809C48CB4D ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
18:36:38.0871 0x1988  btwampfl - ok
18:36:38.0944 0x1988  [ D1F3C58892C621935947C0261BAEF3C0, AEDAF86A78F615C9124A968568FAA41AA145E6AAE910AB16E370B83BC67BB603 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
18:36:38.0951 0x1988  btwaudio - ok
18:36:39.0000 0x1988  [ 9C7A3858D87F3A2574C1D326CA6C1461, EA98D1DE3E1BF3BB952FC11511082EC1D398B448C712141B7FC35AFB7E40C4E5 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
18:36:39.0011 0x1988  btwavdt - ok
18:36:39.0271 0x1988  [ CE6AD9E2874D19069569F03C819B558C, 719326983BC442B416651DB51DD20AA32455B93A79C48B386913296F65B50E6F ] btwdins         C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
18:36:39.0343 0x1988  btwdins - ok
18:36:39.0411 0x1988  [ B1ACFD00CDD13B48D86F46BFEC153BF9, CD7BE27D93364735511CC714B85CB7D97E21E84E3C2361EC405BADAAEA550925 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
18:36:39.0413 0x1988  btwl2cap - ok
18:36:39.0431 0x1988  [ BB892C59D453E127797F8C5B203678DC, 9ED6E44B1E1050F275BEDE733970F455867147F6EC08CD6522E5AA2F55CB5B71 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
18:36:39.0441 0x1988  btwrchid - ok
18:36:39.0462 0x1988  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:36:39.0471 0x1988  cdfs - ok
18:36:39.0615 0x1988  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:36:39.0625 0x1988  cdrom - ok
18:36:39.0678 0x1988  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:36:39.0687 0x1988  CertPropSvc - ok
18:36:39.0708 0x1988  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
18:36:39.0724 0x1988  circlass - ok
18:36:39.0803 0x1988  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
18:36:39.0819 0x1988  CLFS - ok
18:36:39.0980 0x1988  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:36:39.0995 0x1988  clr_optimization_v2.0.50727_32 - ok
18:36:40.0052 0x1988  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:36:40.0064 0x1988  clr_optimization_v2.0.50727_64 - ok
18:36:40.0183 0x1988  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:36:40.0416 0x1988  Suspicious file ( Forged ): C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe. Real md5: C5A75EB48E2344ABDC162BDA79E16841, sha256: 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726, fake md5: AB4CD527BEFCC43EE441E6C50CCE54C8, fake sha256: 13B776AE63049FFBA7E35EA0A4C26EBB57B10D973E05C4CF1214249754DC46E4
18:36:40.0417 0x1988  clr_optimization_v4.0.30319_32 - detected ForgedFile.Multi.Generic ( 1 )
18:36:43.0195 0x1988  Detect skipped due to KSN trusted
18:36:43.0195 0x1988  clr_optimization_v4.0.30319_32 - ok
18:36:43.0279 0x1988  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:36:43.0333 0x1988  Suspicious file ( Forged ): C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe. Real md5: C6F9AF94DCD58122A4D7E89DB6BED29D, sha256: CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE, fake md5: 1400C75FF021D6CFACE46AC41B60770E, fake sha256: 3FCB8D7714A79522F2738037D559F1FFFB2F05C5406D2A038EF5DDB4629CA1CE
18:36:43.0333 0x1988  clr_optimization_v4.0.30319_64 - detected ForgedFile.Multi.Generic ( 1 )
18:36:46.0140 0x1988  Detect skipped due to KSN trusted
18:36:46.0140 0x1988  clr_optimization_v4.0.30319_64 - ok
18:36:46.0249 0x1988  [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
18:36:46.0260 0x1988  clwvd - ok
18:36:46.0285 0x1988  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:36:46.0287 0x1988  CmBatt - ok
18:36:46.0310 0x1988  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:36:46.0312 0x1988  cmdide - ok
18:36:46.0353 0x1988  [ CA3FB5A6B626D8A00A89E049CF95954E, CD5E3E40972513195108BA46CEC1D0AEA6B09A67EEBDD17EB759BD1729B07C06 ] CNG             C:\Windows\system32\Drivers\cng.sys
18:36:46.0364 0x1988  CNG - ok
18:36:46.0479 0x1988  [ 9F6DE1995A188615CEEE908E750A34ED, 66ADA2F7C21661FA059BB1B931B4191BC180EAF55C50CEDB24D9F34CEE1E78E3 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
18:36:46.0520 0x1988  CnxtHdAudService - ok
18:36:46.0534 0x1988  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
18:36:46.0535 0x1988  Compbatt - ok
18:36:46.0607 0x1988  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
18:36:46.0610 0x1988  CompositeBus - ok
18:36:46.0621 0x1988  COMSysApp - ok
18:36:46.0687 0x1988  [ 9DE2CE0A06DAB38BA03471BFE60493A6, A2A9ADA8EA2A9C2CE368F414DFE0C046FA1FCD7DF870725A757FD99D422838C3 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
18:36:46.0698 0x1988  cphs - ok
18:36:46.0721 0x1988  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:36:46.0723 0x1988  crcdisk - ok
18:36:46.0727 0x13ac  Object required for P2P: [ 786E8BCDFF674068F3C950615FC2E71C ] aswKbd
18:36:46.0817 0x1988  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:36:46.0821 0x1988  CryptSvc - ok
18:36:46.0864 0x1988  [ F160B26B26BA4AFE8CECC12ED5AC231E, 8DA8921A40B67ACFC7E47A54870181CDA1866901A3E8B3A2393D7C006C6B3A42 ] CxAudMsg        C:\Windows\system32\CxAudMsg64.exe
18:36:46.0871 0x1988  CxAudMsg - ok
18:36:46.0904 0x1988  [ 56F4750B7F0CE969E43DE2A76DDA5A5F, FD6F600F52F13E9FDF27A98E959C8AB154E95C1959C8C779D8DA74F1609517A5 ] DamageGuard     C:\Windows\system32\DRIVERS\DamageGuardX64.sys
18:36:46.0912 0x1988  DamageGuard - ok
18:36:47.0093 0x1988  [ 75974DA59BA3D2E3DCE9386493A31F54, 6A1E17AD95B93F15C89C1716CC443F239222EBAF29E985D4E32C2AC4F60E3731 ] DamageGuardSvc  C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe
18:36:47.0103 0x1988  DamageGuardSvc - ok
18:36:47.0194 0x1988  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:36:47.0205 0x1988  DcomLaunch - ok
18:36:47.0245 0x1988  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
18:36:47.0256 0x1988  defragsvc - ok
18:36:47.0327 0x1988  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:36:47.0330 0x1988  DfsC - ok
18:36:47.0395 0x1988  [ 5014042B07FE6CBE0E6C737AA3F1EBFC, 35BE28BB681A677AB9E26276B8457081CF715BE3CB29D635FDCB100EC36EC35A ] dgFltr          C:\Windows\system32\drivers\dgFltrX64.sys
18:36:47.0410 0x1988  dgFltr - ok
18:36:47.0463 0x1988  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:36:47.0472 0x1988  Dhcp - ok
18:36:47.0477 0x1988  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
18:36:47.0480 0x1988  discache - ok
18:36:47.0540 0x1988  [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk            C:\Windows\system32\drivers\disk.sys
18:36:47.0542 0x1988  Disk - ok
18:36:47.0628 0x1988  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:36:47.0641 0x1988  Dnscache - ok
18:36:47.0653 0x1988  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:36:47.0660 0x1988  dot3svc - ok
18:36:47.0670 0x1988  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
18:36:47.0676 0x1988  DPS - ok
18:36:47.0722 0x1988  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:36:47.0724 0x1988  drmkaud - ok
18:36:47.0762 0x1988  [ F5BEE30450E18E6B83A5012C100616FD, 44D0577D159FC2BDF4EAD1DC2C7FD14925D075225EF97608CAC52DEE405B08FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:36:47.0783 0x1988  DXGKrnl - ok
18:36:47.0804 0x1988  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
18:36:47.0807 0x1988  EapHost - ok
18:36:47.0950 0x1988  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
18:36:48.0085 0x1988  ebdrv - ok
18:36:48.0128 0x1988  [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] EFS             C:\Windows\System32\lsass.exe
18:36:48.0131 0x1988  EFS - ok
18:36:48.0197 0x1988  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:36:48.0216 0x1988  ehRecvr - ok
18:36:48.0256 0x1988  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
18:36:48.0268 0x1988  ehSched - ok
18:36:48.0307 0x1988  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:36:48.0396 0x1988  elxstor - ok
18:36:48.0401 0x1988  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:36:48.0403 0x1988  ErrDev - ok
18:36:48.0473 0x1988  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
18:36:48.0481 0x1988  EventSystem - ok
18:36:48.0513 0x1988  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:36:48.0520 0x1988  exfat - ok
18:36:48.0642 0x1988  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:36:48.0653 0x1988  fastfat - ok
18:36:48.0918 0x1988  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
18:36:48.0938 0x1988  Fax - ok
18:36:49.0096 0x1988  [ 0BDD7984DB7AAFF6DFEFD11D82D473DB, 616B20DD438DA1F18949DD99513889D47A5773E7FD98776B61A2A654733C855E ] fbfmon          C:\Windows\system32\drivers\fbfmon.sys
18:36:49.0099 0x1988  fbfmon - ok
18:36:49.0134 0x1988  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
18:36:49.0155 0x1988  fdc - ok
18:36:49.0219 0x1988  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
18:36:49.0221 0x1988  fdPHost - ok
18:36:49.0344 0x1988  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:36:49.0347 0x1988  FDResPub - ok
18:36:49.0371 0x1988  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:36:49.0375 0x1988  FileInfo - ok
18:36:49.0380 0x1988  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:36:49.0383 0x1988  Filetrace - ok
18:36:49.0403 0x1988  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
18:36:49.0405 0x1988  flpydisk - ok
18:36:49.0414 0x1988  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:36:49.0422 0x1988  FltMgr - ok
18:36:49.0497 0x1988  [ 5C4CB4086FB83115B153E47ADD961A0C, 0C3AB7D04BEB3A8FDE00B0C86E6FE064B1CEBB3E4DE1A29CD27830806FA300B3 ] FontCache       C:\Windows\system32\FntCache.dll
18:36:49.0518 0x1988  FontCache - ok
18:36:49.0596 0x1988  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:36:49.0599 0x1988  FontCache3.0.0.0 - ok
18:36:49.0621 0x13ac  Object send P2P result: true
18:36:49.0641 0x1988  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:36:49.0643 0x1988  FsDepends - ok
18:36:49.0671 0x1988  [ 6C06701BF1DB05405804D7EB610991CE, 75DEB2204D9AC338ED7C4742BEFAFA0AFC7E42B2C1B54A57DF8A1AD097D9EC3E ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
18:36:49.0674 0x1988  fssfltr - ok
18:36:49.0838 0x1988  [ 4CE9DAC1518FF7E77BD213E6394B9D77, D7D0D29DF93AC7DC5F85E385EEB45306C7BD87ACA7AAC5A8D47893D120C32C03 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:36:49.0880 0x1988  fsssvc - ok
18:36:49.0919 0x1988  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:36:49.0921 0x1988  Fs_Rec - ok
18:36:49.0956 0x1988  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:36:49.0961 0x1988  fvevol - ok
18:36:49.0998 0x1988  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:36:50.0001 0x1988  gagp30kx - ok
18:36:50.0056 0x1988  GfExperienceService - ok
18:36:50.0147 0x1988  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:36:50.0161 0x1988  gpsvc - ok
18:36:50.0233 0x1988  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:36:50.0236 0x1988  Suspicious file ( Forged ): C:\Program Files (x86)\Google\Update\GoogleUpdate.exe. Real md5: F02A533F517EB38333CB12A9E8963773, sha256: 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF, fake md5: 750446ED76A5D13E902174DDDDA1A62B, fake sha256: F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0
18:36:50.0236 0x1988  gupdate - detected ForgedFile.Multi.Generic ( 1 )
18:36:53.0034 0x1988  Detect skipped due to KSN trusted
18:36:53.0034 0x1988  gupdate - ok
18:36:53.0063 0x1988  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:36:53.0066 0x1988  Suspicious file ( Forged ): C:\Program Files (x86)\Google\Update\GoogleUpdate.exe. Real md5: F02A533F517EB38333CB12A9E8963773, sha256: 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF, fake md5: 750446ED76A5D13E902174DDDDA1A62B, fake sha256: F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0
18:36:53.0066 0x1988  gupdatem - detected ForgedFile.Multi.Generic ( 1 )
18:36:53.0066 0x1988  Detect skipped due to KSN trusted
18:36:53.0066 0x1988  gupdatem - ok
18:36:53.0179 0x1988  [ CC839E8D766CC31A7710C9F38CF3E375, 327D57F18B4A2D1CB06C5682D3364097ECD3CF40C2719AA1F41D0B49A26003E4 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:36:53.0195 0x1988  Suspicious file ( Forged ): C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe. Real md5: CC839E8D766CC31A7710C9F38CF3E375, sha256: 327D57F18B4A2D1CB06C5682D3364097ECD3CF40C2719AA1F41D0B49A26003E4, fake md5: 5D4BC124FAAE6730AC002CDB67BF1A1C, fake sha256: 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551
18:36:53.0196 0x1988  gusvc - detected ForgedFile.Multi.Generic ( 1 )
18:36:55.0982 0x1988  Detect skipped due to KSN trusted
18:36:55.0982 0x1988  gusvc - ok
18:36:56.0034 0x1988  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:36:56.0041 0x1988  hcw85cir - ok
18:36:56.0082 0x1988  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:36:56.0099 0x1988  HdAudAddService - ok
18:36:56.0138 0x1988  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:36:56.0140 0x1988  HDAudBus - ok
18:36:56.0156 0x1988  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
18:36:56.0158 0x1988  HidBatt - ok
18:36:56.0170 0x1988  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:36:56.0180 0x1988  HidBth - ok
18:36:56.0204 0x1988  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:36:56.0222 0x1988  HidIr - ok
18:36:56.0293 0x1988  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
18:36:56.0295 0x1988  hidserv - ok
18:36:56.0353 0x1988  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:36:56.0356 0x1988  HidUsb - ok
18:36:56.0402 0x1988  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:36:56.0406 0x1988  hkmsvc - ok
18:36:56.0472 0x1988  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:36:56.0478 0x1988  HomeGroupListener - ok
18:36:56.0512 0x1988  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:36:56.0518 0x1988  HomeGroupProvider - ok
18:36:56.0574 0x1988  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:36:56.0590 0x1988  HpSAMD - ok
18:36:56.0694 0x1988  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:36:56.0717 0x1988  HTTP - ok
18:36:56.0763 0x1988  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:36:56.0778 0x1988  hwpolicy - ok
18:36:56.0806 0x1988  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:36:56.0813 0x1988  i8042prt - ok
18:36:57.0004 0x1988  [ C224331A54571C8C9162F7714400BBBD, C2CA4881ACD46071E67435BE5E3DB133D0743B026FD20D6D6E26B2FE7A03FCAA ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
18:36:57.0014 0x1988  iaStor - ok
18:36:57.0227 0x1988  [ 7D4B9A48430ED57ACA6373B71D5904CA, 6ED72DAA7A4951142F036364E8F237E74246EF3E9EA089448DEF15380DAB0DB3 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
18:36:57.0228 0x1988  IAStorDataMgrSvc - ok
18:36:57.0287 0x1988  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:36:57.0305 0x1988  iaStorV - ok
18:36:57.0618 0x1988  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:36:57.0688 0x1988  idsvc - ok
18:36:58.0909 0x1988  [ 7054941241807E91663A83A38BCE3F0D, 340F724554CCF4F52C1F426A7E3C8B0C4DE73C38DA102AFBD375D0FC8AF31086 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
18:36:59.0303 0x1988  igfx - ok
18:36:59.0421 0x1988  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:36:59.0434 0x1988  iirsp - ok
18:36:59.0656 0x1988  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
18:36:59.0671 0x1988  IKEEXT - ok
18:36:59.0776 0x1988  [ 6C9FFFECA9FED31347D211C5D1FFBD2D, 36CF8B847FAED0D978B3169ED550CC958025902CAC1D7D304E2684B2483E72B8 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
18:36:59.0784 0x1988  IntcDAud - ok
18:36:59.0993 0x1988  [ 832CE330DD987227B7DEA8C03F22AEFA, 3DE64D9519D9D865D4C1AA7483D846F0154392B6685BDC451DEC7DA5EA0E2B2E ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
18:37:00.0015 0x1988  Intel® Capability Licensing Service Interface - ok
18:37:00.0067 0x1988  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:37:00.0081 0x1988  intelide - ok
18:37:00.0172 0x1988  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:37:00.0174 0x1988  intelppm - ok
18:37:00.0206 0x1988  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:37:00.0216 0x1988  IPBusEnum - ok
18:37:00.0228 0x1988  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:37:00.0235 0x1988  IpFilterDriver - ok
18:37:00.0285 0x1988  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:37:00.0305 0x1988  iphlpsvc - ok
18:37:00.0320 0x1988  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:37:00.0337 0x1988  IPMIDRV - ok
18:37:00.0368 0x1988  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:37:00.0372 0x1988  IPNAT - ok
18:37:00.0471 0x1988  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:37:00.0486 0x1988  IRENUM - ok
18:37:00.0510 0x1988  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:37:00.0526 0x1988  isapnp - ok
18:37:00.0606 0x1988  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:37:00.0622 0x1988  iScsiPrt - ok
18:37:00.0748 0x1988  [ 846354992EBB373F452EB9182D501B08, 453459133DCA875E93CAAE9852E652F3794F8C31CE53526C47A181FDBABE6849 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
18:37:00.0750 0x1988  iusb3hcs - ok
18:37:00.0761 0x1988  [ 1D88A23853387D34D52CC8F9DDBFC56C, D00083B61E93E7E1D247EAB332787912FCF7605AF7043F071238C50E4A15016B ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
18:37:00.0773 0x1988  iusb3hub - ok
18:37:00.0849 0x1988  [ FC5EFD7C797DF19DFB999F0605A7924E, C56CE3840F3B11D81BED38E5F59ABCA190DFB7127F06263193870312A83379AF ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
18:37:00.0868 0x1988  iusb3xhc - ok
18:37:00.0955 0x1988  [ 09CA717536671E0896E07D239EE6740F, 5E1A4A1490D38DBDF21DD655D2139FC2856F5CAED6A72C4C6E65BF6C01C896CE ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
18:37:00.0975 0x1988  jhi_service - ok
18:37:01.0049 0x1988  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:37:01.0064 0x1988  kbdclass - ok
18:37:01.0112 0x1988  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
18:37:01.0114 0x1988  kbdhid - ok
18:37:01.0141 0x1988  [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] KeyIso          C:\Windows\system32\lsass.exe
18:37:01.0144 0x1988  KeyIso - ok
18:37:01.0231 0x1988  [ B6C2FA7F5E5BC1A488A57C6344D29D64, 857245D664CF9ED8121E2087D73F85DA3FED721484DDC6B51AF6A344EC29A27F ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:37:01.0243 0x1988  KSecDD - ok
18:37:01.0268 0x1988  [ FB4397DDCC732DB6A7B33B747C7EB708, AD8B9500AAE12C1507B982B74B86731BE75AFAC7F64538332A380AC43EDEC271 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:37:01.0272 0x1988  KSecPkg - ok
18:37:01.0330 0x1988  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:37:01.0344 0x1988  ksthunk - ok
18:37:01.0452 0x1988  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:37:01.0468 0x1988  KtmRm - ok
18:37:01.0521 0x1988  [ FC741259B7C22379EE83257D7CF91151, 37FAA2E03DFE8C04762178EC7C0AD7AB383155772EFF857D7D27225F8DF29C5B ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
18:37:01.0533 0x1988  L1C - ok
18:37:01.0647 0x1988  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
18:37:01.0654 0x1988  LanmanServer - ok
18:37:01.0688 0x1988  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:37:01.0694 0x1988  LanmanWorkstation - ok
18:37:01.0731 0x1988  [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr          C:\Windows\system32\DRIVERS\LhdX64.sys
18:37:01.0749 0x1988  LHDmgr - ok
18:37:01.0858 0x1988  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:37:01.0867 0x1988  lltdio - ok
18:37:01.0907 0x1988  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:37:01.0949 0x1988  lltdsvc - ok
18:37:01.0974 0x1988  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:37:01.0977 0x1988  lmhosts - ok
18:37:02.0068 0x1988  [ A60D56228FF3EE7EC1A56A908924680E, A50D75BB87CF4858681720380E9E1EF7FDFE1411E10D856F3E7BBAF3FB1EDDFC ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
18:37:02.0080 0x1988  LMS - ok
18:37:02.0173 0x1988  LSCWinService - ok
18:37:02.0226 0x1988  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:37:02.0280 0x1988  LSI_FC - ok
18:37:02.0306 0x1988  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:37:02.0313 0x1988  LSI_SAS - ok
18:37:02.0340 0x1988  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
18:37:02.0343 0x1988  LSI_SAS2 - ok
18:37:02.0352 0x1988  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:37:02.0367 0x1988  LSI_SCSI - ok
18:37:02.0432 0x1988  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
18:37:02.0490 0x1988  luafv - ok
18:37:02.0530 0x1988  MBAMProtector - ok
18:37:02.0578 0x1988  MBAMScheduler - ok
18:37:02.0613 0x1988  MBAMService - ok
18:37:02.0622 0x1988  MBAMWebAccessControl - ok
18:37:02.0651 0x1988  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:37:02.0670 0x1988  Mcx2Svc - ok
18:37:02.0745 0x1988  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:37:02.0747 0x1988  megasas - ok
18:37:02.0798 0x1988  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
18:37:02.0806 0x1988  MegaSR - ok
18:37:02.0861 0x1988  [ 6B01B7414A105B9E51652089A03027CF, 9B113DC22F7D0D0B376E577C6D7083F9EDC09BBFE47726393E16D4FDAAAE21FE ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
18:37:02.0863 0x1988  MEIx64 - ok
18:37:02.0922 0x1988  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
18:37:02.0925 0x1988  MMCSS - ok
18:37:03.0006 0x1988  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
18:37:03.0016 0x1988  Modem - ok
18:37:03.0052 0x1988  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:37:03.0053 0x1988  monitor - ok
18:37:03.0088 0x1988  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:37:03.0102 0x1988  mouclass - ok
18:37:03.0123 0x1988  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:37:03.0125 0x1988  mouhid - ok
18:37:03.0221 0x1988  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:37:03.0225 0x1988  mountmgr - ok
18:37:03.0243 0x1988  MozillaMaintenance - ok
18:37:03.0310 0x1988  [ DA0FAEE45D6F03D7647851A20977A7D0, AFB1EA053CD4BCA903868896D020205D4C207C85314E6C56C4663922A3F9BD6A ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
18:37:03.0317 0x1988  MpFilter - ok
18:37:03.0415 0x1988  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:37:03.0424 0x1988  mpio - ok
18:37:03.0446 0x1988  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:37:03.0454 0x1988  mpsdrv - ok
18:37:03.0671 0x1988  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:37:03.0687 0x1988  MpsSvc - ok
18:37:03.0706 0x1988  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:37:03.0719 0x1988  MRxDAV - ok
18:37:03.0760 0x1988  [ ACEC16415275E1AD6F7983EF472810E3, E5017E157954F6C21AA66233FF2C1A6B1FF3E4685F26648A8A21F2B9718DD97C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:37:03.0774 0x1988  mrxsmb - ok
18:37:03.0858 0x1988  [ 0F276F2F2018296FABC7BD2BCCAAB40B, 378A36F7282EE9FFEC8A1D5783ECD0A428E0215B1774AAA166C5AA09B3C636F7 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:37:03.0921 0x1988  mrxsmb10 - ok
18:37:03.0956 0x1988  [ 1D4B7972375052F5B7877A6FD9BE33A0, B3FD235F6FE975F1869436ED1215913F0E8EB1123BB252FD221C35AB1121C3F5 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:37:03.0974 0x1988  mrxsmb20 - ok
18:37:03.0998 0x1988  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:37:04.0012 0x1988  msahci - ok
18:37:04.0039 0x1988  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:37:04.0044 0x1988  msdsm - ok
18:37:04.0139 0x1988  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
18:37:04.0152 0x1988  MSDTC - ok
18:37:04.0185 0x1988  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:37:04.0197 0x1988  Msfs - ok
18:37:04.0219 0x1988  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:37:04.0228 0x1988  mshidkmdf - ok
18:37:04.0252 0x1988  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:37:04.0261 0x1988  msisadrv - ok
18:37:04.0390 0x1988  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:37:04.0400 0x1988  MSiSCSI - ok
18:37:04.0404 0x1988  msiserver - ok
18:37:04.0442 0x1988  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:37:04.0452 0x1988  MSKSSRV - ok
18:37:04.0593 0x1988  MsMpSvc - ok
18:37:04.0620 0x1988  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:37:04.0631 0x1988  MSPCLOCK - ok
18:37:04.0653 0x1988  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:37:04.0669 0x1988  MSPQM - ok
18:37:04.0759 0x1988  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:37:04.0775 0x1988  MsRPC - ok
18:37:04.0800 0x1988  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:37:04.0801 0x1988  mssmbios - ok
18:37:04.0850 0x1988  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:37:04.0860 0x1988  MSTEE - ok
18:37:04.0873 0x1988  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
18:37:04.0882 0x1988  MTConfig - ok
18:37:04.0956 0x1988  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
18:37:04.0973 0x1988  Mup - ok
18:37:05.0043 0x1988  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
18:37:05.0062 0x1988  napagent - ok
18:37:05.0239 0x1988  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:37:05.0254 0x1988  NativeWifiP - ok
18:37:05.0521 0x1988  [ C38B8AE57F78915905064A9A24DC1586, 5A24A490AC5DB4FCC745182BDBAEA8836E8FBEC635609AE4CF51DAC3A30A8221 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:37:05.0538 0x1988  NDIS - ok
18:37:05.0669 0x1988  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:37:05.0686 0x1988  NdisCap - ok
18:37:05.0739 0x1988  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:37:05.0753 0x1988  NdisTapi - ok
18:37:05.0808 0x1988  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:37:05.0819 0x1988  Ndisuio - ok
18:37:05.0910 0x1988  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:37:05.0925 0x1988  NdisWan - ok
18:37:05.0938 0x1988  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:37:05.0943 0x1988  NDProxy - ok
18:37:05.0986 0x1988  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:37:06.0005 0x1988  NetBIOS - ok
18:37:06.0049 0x1988  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:37:06.0066 0x1988  NetBT - ok
18:37:06.0121 0x1988  [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] Netlogon        C:\Windows\system32\lsass.exe
18:37:06.0124 0x1988  Netlogon - ok
18:37:06.0193 0x1988  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
18:37:06.0201 0x1988  Netman - ok
18:37:06.0561 0x1988  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:37:06.0590 0x1988  Suspicious file ( Forged ): C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe. Real md5: D22CD77D4F0D63D1169BB35911BFF12D, sha256: 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8, fake md5: 15CBA881E10968E33B43D31BE6097BA3, fake sha256: 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346
18:37:06.0590 0x1988  NetMsmqActivator - detected ForgedFile.Multi.Generic ( 1 )
18:37:09.0392 0x1988  Detect skipped due to KSN trusted
18:37:09.0392 0x1988  NetMsmqActivator - ok
18:37:09.0480 0x1988  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:37:09.0483 0x1988  Suspicious file ( Forged ): C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe. Real md5: D22CD77D4F0D63D1169BB35911BFF12D, sha256: 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8, fake md5: 15CBA881E10968E33B43D31BE6097BA3, fake sha256: 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346
18:37:09.0483 0x1988  NetPipeActivator - detected ForgedFile.Multi.Generic ( 1 )
18:37:09.0483 0x1988  Detect skipped due to KSN trusted
18:37:09.0483 0x1988  NetPipeActivator - ok
18:37:09.0527 0x1988  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
18:37:09.0536 0x1988  netprofm - ok
18:37:09.0544 0x1988  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:37:09.0547 0x1988  Suspicious file ( Forged ): C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe. Real md5: D22CD77D4F0D63D1169BB35911BFF12D, sha256: 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8, fake md5: 15CBA881E10968E33B43D31BE6097BA3, fake sha256: 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346
18:37:09.0547 0x1988  NetTcpActivator - detected ForgedFile.Multi.Generic ( 1 )
18:37:09.0547 0x1988  Detect skipped due to KSN trusted
18:37:09.0547 0x1988  NetTcpActivator - ok
18:37:09.0552 0x1988  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:37:09.0555 0x1988  Suspicious file ( Forged ): C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe. Real md5: D22CD77D4F0D63D1169BB35911BFF12D, sha256: 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8, fake md5: 15CBA881E10968E33B43D31BE6097BA3, fake sha256: 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346
18:37:09.0556 0x1988  NetTcpPortSharing - detected ForgedFile.Multi.Generic ( 1 )
18:37:09.0556 0x1988  Detect skipped due to KSN trusted
18:37:09.0556 0x1988  NetTcpPortSharing - ok
18:37:09.0584 0x1988  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:37:09.0592 0x1988  nfrd960 - ok
18:37:09.0638 0x1988  NisDrv - ok
18:37:09.0642 0x1988  NisSrv - ok
18:37:09.0672 0x1988  [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:37:09.0683 0x1988  NlaSvc - ok
18:37:09.0733 0x1988  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:37:09.0740 0x1988  Npfs - ok
18:37:09.0770 0x1988  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
18:37:09.0774 0x1988  nsi - ok
18:37:09.0788 0x1988  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:37:09.0797 0x1988  nsiproxy - ok
18:37:09.0896 0x1988  [ A2F74975097F52A00745F9637451FDD8, C681DDBD3382C477C2A030E828B5CFB529CB57C7847BD9AFF25E2A5E58B2DAF3 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:37:10.0008 0x1988  Ntfs - ok
18:37:10.0021 0x1988  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
18:37:10.0022 0x1988  Null - ok
18:37:10.0946 0x1988  [ 2CCA18C2B3CF18201B0F6204A4BC5A52, F9C8797DD2112A5649C209721779CBC499C974E577C4E3BEA101869D7E7FC777 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:37:11.0280 0x1988  Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\nvlddmkm.sys. Real md5: 2CCA18C2B3CF18201B0F6204A4BC5A52, sha256: F9C8797DD2112A5649C209721779CBC499C974E577C4E3BEA101869D7E7FC777, fake md5: 616D9A6F59FA604612E4B25AAF36BFCA, fake sha256: 6634F3091A07E2BE0E38622C604BE7589020D9FA47A0A15A3161CA0BBAECB33D
18:37:11.0299 0x1988  nvlddmkm - detected ForgedFile.Multi.Generic ( 1 )
18:37:14.0097 0x1988  Detect skipped due to KSN trusted
18:37:14.0099 0x1988  nvlddmkm - ok
18:37:14.0145 0x1988  NvNetworkService - ok
18:37:14.0218 0x1988  [ D70BC3FE775AAFB58FE353B5965657DF, E08FCE665F4699B32AE8C158CDE5A495FD6BCECACE4BDF5D464CD4043C9FD57D ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
18:37:14.0235 0x1988  Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\nvpciflt.sys. Real md5: D70BC3FE775AAFB58FE353B5965657DF, sha256: E08FCE665F4699B32AE8C158CDE5A495FD6BCECACE4BDF5D464CD4043C9FD57D, fake md5: 6459D3B45C0B6A6AF82C8B4B0C18B2FE, fake sha256: 7C39E70E57DC5568CFFA0822DC5169EC13C8B76040A9B803741B0BD9639413DD
18:37:14.0235 0x1988  nvpciflt - detected ForgedFile.Multi.Generic ( 1 )
18:37:16.0841 0x0c6c  Object required for P2P: [ DA0FAEE45D6F03D7647851A20977A7D0 ] MpFilter
18:37:17.0017 0x1988  Detect skipped due to KSN trusted
18:37:17.0017 0x1988  nvpciflt - ok
18:37:17.0039 0x1988  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:37:17.0045 0x1988  nvraid - ok
18:37:17.0079 0x1988  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:37:17.0083 0x1988  nvstor - ok
18:37:17.0086 0x1988  NvStreamKms - ok
18:37:17.0124 0x1988  NvStreamNetworkSvc - ok
18:37:17.0129 0x1988  NvStreamSvc - ok
18:37:17.0269 0x1988  [ 3ADFA793E3A5E465EA362E38C598ED71, BE7AABDC13BA1A2D8D88914A89AF4A23BFC617467A56E76A2379E4827256745D ] nvsvc           C:\Windows\system32\nvvsvc.exe
18:37:17.0293 0x1988  Suspicious file ( Forged ): C:\Windows\system32\nvvsvc.exe. Real md5: 3ADFA793E3A5E465EA362E38C598ED71, sha256: BE7AABDC13BA1A2D8D88914A89AF4A23BFC617467A56E76A2379E4827256745D, fake md5: 4DFABFC1A31FDE2BDB0AB577CD313D70, fake sha256: 1A517D4FED4B0B8BA1365EF6839BB006EF5E7C4CCC630470B8E239753FC5394F
18:37:17.0297 0x1988  nvsvc - detected ForgedFile.Multi.Generic ( 1 )
18:37:19.0702 0x0c6c  Object send P2P result: true
18:37:20.0083 0x1988  Detect skipped due to KSN trusted
18:37:20.0083 0x1988  nvsvc - ok
18:37:20.0120 0x1988  nvvad_WaveExtensible - ok
18:37:20.0138 0x1988  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:37:20.0142 0x1988  nv_agp - ok
18:37:20.0174 0x1988  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:37:20.0177 0x1988  ohci1394 - ok
18:37:20.0297 0x1988  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:37:20.0305 0x1988  p2pimsvc - ok
18:37:20.0362 0x1988  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
18:37:20.0374 0x1988  p2psvc - ok
18:37:20.0402 0x1988  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
18:37:20.0414 0x1988  Parport - ok
18:37:20.0467 0x1988  [ 871EADAC56B0A4C6512BBE32753CCF79, F9FD9DBA55274BB72B897550988DCDFD0F2D9367BE641DFDE07D240052DDC180 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:37:20.0485 0x1988  partmgr - ok
18:37:20.0552 0x1988  [ 9665402B7FA59302D520AD845DDFC026, 7FFE81F5402005FBD947A7440C12A206C58F3FDAE33F3E96987C334057CDB79E ] Partner Service C:\ProgramData\Partner\Partner.exe
18:37:20.0561 0x1988  Partner Service - ok
18:37:20.0583 0x1988  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:37:20.0588 0x1988  PcaSvc - ok
18:37:20.0638 0x1988  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
18:37:20.0652 0x1988  pci - ok
18:37:20.0738 0x1988  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
18:37:20.0758 0x1988  pciide - ok
18:37:20.0837 0x1988  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:37:20.0855 0x1988  pcmcia - ok
18:37:20.0870 0x1988  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:37:20.0872 0x1988  pcw - ok
18:37:20.0964 0x1988  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:37:20.0979 0x1988  PEAUTH - ok
18:37:21.0120 0x1988  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:37:21.0131 0x1988  PerfHost - ok
18:37:21.0194 0x1988  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
18:37:21.0219 0x1988  pla - ok
18:37:21.0274 0x1988  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:37:21.0286 0x1988  PlugPlay - ok
18:37:21.0309 0x1988  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:37:21.0313 0x1988  PNRPAutoReg - ok
18:37:21.0329 0x1988  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:37:21.0337 0x1988  PNRPsvc - ok
18:37:21.0383 0x1988  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:37:21.0395 0x1988  PolicyAgent - ok
18:37:21.0438 0x1988  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
18:37:21.0444 0x1988  Power - ok
18:37:21.0549 0x1988  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:37:21.0553 0x1988  PptpMiniport - ok
18:37:21.0569 0x1988  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
18:37:21.0582 0x1988  Processor - ok
18:37:21.0614 0x1988  [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc         C:\Windows\system32\profsvc.dll
18:37:21.0620 0x1988  ProfSvc - ok
18:37:21.0685 0x1988  [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:37:21.0688 0x1988  ProtectedStorage - ok
18:37:21.0709 0x1988  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:37:21.0713 0x1988  Psched - ok
18:37:21.0787 0x1988  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:37:21.0822 0x1988  ql2300 - ok
18:37:21.0830 0x1988  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:37:21.0836 0x1988  ql40xx - ok
18:37:21.0874 0x1988  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
18:37:21.0888 0x1988  QWAVE - ok
18:37:21.0909 0x1988  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:37:21.0974 0x1988  QWAVEdrv - ok
18:37:21.0979 0x1988  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:37:21.0981 0x1988  RasAcd - ok
18:37:22.0009 0x1988  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:37:22.0012 0x1988  RasAgileVpn - ok
18:37:22.0047 0x1988  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
18:37:22.0053 0x1988  RasAuto - ok
18:37:22.0078 0x1988  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:37:22.0082 0x1988  Rasl2tp - ok
18:37:22.0109 0x1988  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
18:37:22.0119 0x1988  RasMan - ok
18:37:22.0126 0x1988  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:37:22.0130 0x1988  RasPppoe - ok
18:37:22.0159 0x1988  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:37:22.0162 0x1988  RasSstp - ok
18:37:22.0173 0x1988  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:37:22.0180 0x1988  rdbss - ok
18:37:22.0202 0x1988  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
18:37:22.0204 0x1988  rdpbus - ok
18:37:22.0209 0x1988  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:37:22.0211 0x1988  RDPCDD - ok
18:37:22.0225 0x1988  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:37:22.0227 0x1988  RDPENCDD - ok
18:37:22.0235 0x1988  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:37:22.0237 0x1988  RDPREFMP - ok
18:37:22.0279 0x1988  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:37:22.0285 0x1988  RDPWD - ok
18:37:22.0310 0x1988  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:37:22.0315 0x1988  rdyboost - ok
18:37:22.0374 0x1988  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:37:22.0380 0x1988  RemoteAccess - ok
18:37:22.0491 0x1988  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:37:22.0498 0x1988  RemoteRegistry - ok
18:37:22.0525 0x1988  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
18:37:22.0530 0x1988  RFCOMM - ok
18:37:22.0546 0x1988  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:37:22.0551 0x1988  RpcEptMapper - ok
18:37:22.0585 0x1988  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
18:37:22.0589 0x1988  RpcLocator - ok
18:37:22.0703 0x1988  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
18:37:22.0714 0x1988  RpcSs - ok
18:37:22.0771 0x1988  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:37:22.0774 0x1988  rspndr - ok
18:37:22.0835 0x1988  [ 88AB579F407A3D02918B8DCC4E6E34B3, 2CEEA32598C067A803B0360CD7E9760B0EED62AEE10086CED72D9130F8FDBA37 ] RSUSBVSTOR      C:\Windows\system32\Drivers\RtsUVStor.sys
18:37:22.0841 0x1988  RSUSBVSTOR - ok
18:37:22.0928 0x1988  [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] SamSs           C:\Windows\system32\lsass.exe
18:37:22.0930 0x1988  SamSs - ok
18:37:22.0949 0x1988  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:37:22.0965 0x1988  sbp2port - ok
18:37:23.0007 0x1988  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:37:23.0015 0x1988  SCardSvr - ok
18:37:23.0052 0x1988  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:37:23.0054 0x1988  scfilter - ok
18:37:23.0108 0x1988  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
18:37:23.0134 0x1988  Schedule - ok
18:37:23.0163 0x1988  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:37:23.0166 0x1988  SCPolicySvc - ok
18:37:23.0195 0x1988  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:37:23.0203 0x1988  SDRSVC - ok
18:37:23.0240 0x1988  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:37:23.0242 0x1988  secdrv - ok
18:37:23.0313 0x1988  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
18:37:23.0319 0x1988  seclogon - ok
18:37:23.0326 0x1988  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
18:37:23.0330 0x1988  SENS - ok
18:37:23.0389 0x1988  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:37:23.0400 0x1988  SensrSvc - ok
18:37:23.0420 0x1988  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
18:37:23.0423 0x1988  Serenum - ok
18:37:23.0454 0x1988  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
18:37:23.0459 0x1988  Serial - ok
18:37:23.0463 0x1988  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:37:23.0466 0x1988  sermouse - ok
18:37:23.0542 0x1988  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
18:37:23.0548 0x1988  SessionEnv - ok
18:37:23.0552 0x1988  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:37:23.0556 0x1988  sffdisk - ok
18:37:23.0561 0x1988  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:37:23.0564 0x1988  sffp_mmc - ok
18:37:23.0570 0x1988  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:37:23.0572 0x1988  sffp_sd - ok
18:37:23.0577 0x1988  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:37:23.0580 0x1988  sfloppy - ok
18:37:23.0660 0x1988  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:37:23.0669 0x1988  SharedAccess - ok
18:37:23.0779 0x1988  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:37:23.0787 0x1988  ShellHWDetection - ok
18:37:23.0802 0x1988  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
18:37:23.0804 0x1988  SiSRaid2 - ok
18:37:23.0810 0x1988  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:37:23.0813 0x1988  SiSRaid4 - ok
18:37:23.0828 0x1988  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:37:23.0834 0x1988  Smb - ok
18:37:23.0906 0x1988  [ B9EECC2BDA778921C2B49F828B88CDD4, ADC07147CAAE79BC178080B5DF66C21FD2F235DD770B22E955FC2141706877DE ] SmbDrvIntel     C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
18:37:23.0910 0x1988  SmbDrvIntel - ok
18:37:23.0946 0x1988  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:37:23.0950 0x1988  SNMPTRAP - ok
18:37:23.0956 0x1988  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:37:23.0958 0x1988  spldr - ok
18:37:24.0000 0x1988  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
18:37:24.0012 0x1988  Spooler - ok
18:37:24.0184 0x1988  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
18:37:24.0282 0x1988  sppsvc - ok
18:37:24.0292 0x1988  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:37:24.0319 0x1988  sppuinotify - ok
18:37:24.0445 0x1988  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:37:24.0458 0x1988  srv - ok
18:37:24.0482 0x1988  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:37:24.0498 0x1988  srv2 - ok
18:37:24.0505 0x1988  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:37:24.0511 0x1988  srvnet - ok
18:37:24.0544 0x1988  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:37:24.0551 0x1988  SSDPSRV - ok
18:37:24.0557 0x1988  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:37:24.0562 0x1988  SstpSvc - ok
18:37:24.0683 0x1988  Steam Client Service - ok
18:37:24.0702 0x1988  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
18:37:24.0705 0x1988  stexstor - ok
18:37:24.0793 0x1988  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
18:37:24.0861 0x1988  stisvc - ok
18:37:24.0886 0x1988  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:37:24.0888 0x1988  swenum - ok
18:37:24.0920 0x1988  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
18:37:24.0934 0x1988  swprv - ok
18:37:24.0965 0x1988  [ 50647FA8EFACB6C80FD29669FE9C1666, A1307C46B86F658BDAE29C34FEACFE841ABECDE1EA9A04B1A2C7C36295811FA3 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
18:37:24.0976 0x1988  SynTP - ok
18:37:25.0077 0x1988  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
18:37:25.0119 0x1988  SysMain - ok
18:37:25.0134 0x1988  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:37:25.0139 0x1988  TabletInputService - ok
18:37:25.0153 0x1988  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:37:25.0166 0x1988  TapiSrv - ok
18:37:25.0180 0x1988  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
18:37:25.0186 0x1988  TBS - ok
18:37:25.0285 0x1988  [ FC62769E7BFF2896035AEED399108162, 82170042482E6D843F96D52AF6920F172B1D46D03456EF2E66C1D919EE0E3B46 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:37:25.0398 0x1988  Tcpip - ok
18:37:25.0466 0x1988  [ FC62769E7BFF2896035AEED399108162, 82170042482E6D843F96D52AF6920F172B1D46D03456EF2E66C1D919EE0E3B46 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:37:26.0064 0x1988  TCPIP6 - ok
18:37:26.0168 0x1988  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:37:26.0185 0x1988  tcpipreg - ok
18:37:26.0228 0x1988  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:37:26.0237 0x1988  TDPIPE - ok
18:37:26.0273 0x1988  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:37:26.0283 0x1988  TDTCP - ok
18:37:26.0315 0x1988  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:37:26.0382 0x1988  tdx - ok
18:37:26.0437 0x1988  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:37:26.0462 0x1988  TermDD - ok
18:37:26.0713 0x1988  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
18:37:26.0758 0x1988  TermService - ok
18:37:26.0817 0x1988  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
18:37:26.0883 0x1988  Themes - ok
18:37:27.0017 0x1988  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
18:37:27.0020 0x1988  THREADORDER - ok
18:37:27.0310 0x1988  [ 48DDEF0B921DD331536CC82C1A8FF64F, 540107E278E4C7DE4F43D37F7EA7BC094B6755399C22EE3A68574AA8A7719ACC ] TPM             C:\Windows\system32\drivers\tpm.sys
18:37:27.0333 0x1988  TPM - ok
18:37:27.0397 0x1988  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
18:37:27.0402 0x1988  TrkWks - ok
18:37:27.0687 0x1988  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:37:27.0701 0x1988  TrustedInstaller - ok
18:37:27.0775 0x1988  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:37:27.0797 0x1988  tssecsrv - ok
18:37:27.0899 0x1988  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:37:27.0914 0x1988  TsUsbFlt - ok
18:37:27.0932 0x1988  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
18:37:27.0949 0x1988  TsUsbGD - ok
18:37:28.0048 0x1988  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:37:28.0086 0x1988  tunnel - ok
18:37:28.0104 0x1988  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:37:28.0117 0x1988  uagp35 - ok
18:37:28.0258 0x1988  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:37:28.0278 0x1988  udfs - ok
18:37:28.0345 0x1988  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:37:28.0356 0x1988  UI0Detect - ok
18:37:28.0410 0x1988  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:37:28.0425 0x1988  uliagpkx - ok
18:37:28.0513 0x1988  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:37:28.0530 0x1988  umbus - ok
18:37:28.0555 0x1988  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
18:37:28.0579 0x1988  UmPass - ok
18:37:28.0747 0x1988  [ A0153CC9D28568A10BDAEE5EC612CFC8, C980FBB978545A1DDCA9FAB88CD9468FE1EF39D93272F0BEE13B7625B9787547 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
18:37:28.0754 0x1988  UNS - ok
18:37:28.0919 0x1988  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
18:37:28.0940 0x1988  upnphost - ok
18:37:28.0998 0x1988  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:37:29.0002 0x1988  usbccgp - ok
18:37:29.0039 0x1988  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:37:29.0068 0x1988  usbcir - ok
18:37:29.0102 0x1988  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
18:37:29.0104 0x1988  usbehci - ok
18:37:29.0172 0x1988  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:37:29.0181 0x1988  usbhub - ok
18:37:29.0333 0x1988  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:37:29.0346 0x1988  usbohci - ok
18:37:29.0433 0x1988  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
18:37:29.0457 0x1988  usbprint - ok
18:37:29.0514 0x1988  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:37:29.0517 0x1988  USBSTOR - ok
18:37:29.0544 0x1988  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:37:29.0561 0x1988  usbuhci - ok
18:37:29.0616 0x1988  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
18:37:29.0672 0x1988  usbvideo - ok
18:37:29.0704 0x1988  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
18:37:29.0709 0x1988  UxSms - ok
18:37:29.0762 0x1988  [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] VaultSvc        C:\Windows\system32\lsass.exe
18:37:29.0766 0x1988  VaultSvc - ok
18:37:29.0864 0x1988  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:37:29.0896 0x1988  vdrvroot - ok
18:37:30.0177 0x1988  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
18:37:30.0216 0x1988  vds - ok
18:37:30.0308 0x1988  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:37:30.0318 0x1988  vga - ok
18:37:30.0349 0x1988  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:37:30.0352 0x1988  VgaSave - ok
18:37:30.0414 0x1988  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:37:30.0431 0x1988  vhdmp - ok
18:37:30.0475 0x1988  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:37:30.0481 0x1988  viaide - ok
18:37:30.0840 0x1988  [ 8793B8146F58D54D07245CE5F722DA93, 89AF8CCA4CA603C06EB3E64B9230AAE561E6BE0D94841B4436A25AFF874E92AC ] vm331avs        C:\Windows\system32\Drivers\vm331avs.sys
18:37:30.0866 0x1988  vm331avs - ok
18:37:30.0878 0x1988  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:37:30.0902 0x1988  volmgr - ok
18:37:31.0067 0x1988  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:37:31.0080 0x1988  volmgrx - ok
18:37:31.0117 0x1988  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:37:31.0123 0x1988  volsnap - ok
18:37:31.0205 0x1988  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:37:31.0224 0x1988  vsmraid - ok
18:37:31.0514 0x1988  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
18:37:31.0570 0x1988  VSS - ok
18:37:31.0634 0x1988  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:37:31.0643 0x1988  vwifibus - ok
18:37:31.0724 0x1988  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:37:31.0745 0x1988  vwififlt - ok
18:37:32.0078 0x1988  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
18:37:32.0080 0x1988  vwifimp - ok
18:37:32.0209 0x1988  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
18:37:32.0244 0x1988  W32Time - ok
18:37:32.0270 0x1988  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:37:32.0291 0x1988  WacomPen - ok
18:37:32.0369 0x1988  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:37:32.0379 0x1988  WANARP - ok
18:37:32.0410 0x1988  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:37:32.0413 0x1988  Wanarpv6 - ok
18:37:32.0768 0x1988  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
18:37:33.0268 0x1988  wbengine - ok
18:37:33.0304 0x1988  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:37:33.0314 0x1988  WbioSrvc - ok
18:37:33.0398 0x1988  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:37:33.0415 0x1988  wcncsvc - ok
18:37:33.0449 0x1988  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:37:33.0463 0x1988  WcsPlugInService - ok
18:37:34.0103 0x1988  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
18:37:34.0119 0x1988  Wd - ok
18:37:34.0147 0x1988  [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:37:34.0166 0x1988  Wdf01000 - ok
18:37:34.0207 0x1988  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:37:34.0212 0x1988  WdiServiceHost - ok
18:37:34.0218 0x1988  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:37:34.0223 0x1988  WdiSystemHost - ok
18:37:34.0275 0x1988  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll
18:37:34.0295 0x1988  WebClient - ok
18:37:34.0360 0x1988  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:37:34.0371 0x1988  Wecsvc - ok
18:37:34.0441 0x1988  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:37:34.0449 0x1988  wercplsupport - ok
18:37:34.0497 0x1988  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:37:34.0509 0x1988  WerSvc - ok
18:37:34.0559 0x1988  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:37:34.0572 0x1988  WfpLwf - ok
18:37:34.0621 0x1988  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:37:34.0633 0x1988  WIMMount - ok
18:37:34.0663 0x1988  WinDefend - ok
18:37:34.0678 0x1988  WinHttpAutoProxySvc - ok
18:37:34.0882 0x1988  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:37:34.0892 0x1988  Winmgmt - ok
18:37:35.0306 0x1988  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:37:35.0396 0x1988  WinRM - ok
18:37:35.0452 0x1988  WinUsb - ok
18:37:35.0618 0x1988  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:37:35.0646 0x1988  Wlansvc - ok
18:37:35.0750 0x1988  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:37:35.0788 0x1988  wlcrasvc - ok
18:37:36.0398 0x1988  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:37:36.0463 0x1988  wlidsvc - ok
18:37:36.0507 0x1988  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:37:36.0521 0x1988  WmiAcpi - ok
18:37:36.0605 0x1988  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:37:36.0616 0x1988  wmiApSrv - ok
18:37:36.0670 0x1988  WMPNetworkSvc - ok
18:37:36.0795 0x1988  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:37:36.0813 0x1988  WPCSvc - ok
18:37:36.0842 0x1988  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:37:36.0853 0x1988  WPDBusEnum - ok
18:37:36.0889 0x1988  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:37:36.0900 0x1988  ws2ifsl - ok
18:37:36.0967 0x1988  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
18:37:36.0972 0x1988  wscsvc - ok
18:37:36.0976 0x1988  WSearch - ok
18:37:37.0028 0x1988  [ 83575C43B2BFE9AB0661A7F957E843C0, 6FCE62721902A4F35F1A4CED8AF60A0346CFAB657ED92DE4CEFF19BDB830D32D ] wsvd            C:\Windows\system32\DRIVERS\wsvd.sys
18:37:37.0035 0x1988  wsvd - ok
18:37:37.0709 0x1988  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:37:37.0753 0x1988  wuauserv - ok
18:37:37.0793 0x1988  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:37:37.0806 0x1988  WudfPf - ok
18:37:37.0888 0x1988  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:37:37.0899 0x1988  WUDFRd - ok
18:37:37.0956 0x1988  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:37:37.0961 0x1988  wudfsvc - ok
18:37:38.0037 0x1988  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:37:38.0047 0x1988  WwanSvc - ok
18:37:38.0079 0x1988  ================ Scan global ===============================
18:37:38.0120 0x1988  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
18:37:38.0210 0x1988  [ 841BF993597DCD498247684B5D3AE845, B80FDDE2F36F7DC9BCE253FFE0148C918DC3DD4357F37761B364DE7B887239EA ] C:\Windows\system32\winsrv.dll
18:37:38.0228 0x1988  [ 841BF993597DCD498247684B5D3AE845, B80FDDE2F36F7DC9BCE253FFE0148C918DC3DD4357F37761B364DE7B887239EA ] C:\Windows\system32\winsrv.dll
18:37:38.0285 0x1988  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
18:37:38.0419 0x1988  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
18:37:38.0442 0x1988  [ Global ] - ok
18:37:38.0442 0x1988  ================ Scan MBR ==================================
18:37:38.0458 0x1988  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:37:39.0611 0x1988  \Device\Harddisk0\DR0 - ok
18:37:39.0614 0x1988  ================ Scan VBR ==================================
18:37:39.0631 0x1988  [ 79E7BD8C3F8420D628D159BE04BF8D0F ] \Device\Harddisk0\DR0\Partition1
18:37:39.0633 0x1988  \Device\Harddisk0\DR0\Partition1 - ok
18:37:39.0660 0x1988  [ E563F9F07B8C229DF47EB8F5EDB5465D ] \Device\Harddisk0\DR0\Partition2
18:37:39.0693 0x1988  \Device\Harddisk0\DR0\Partition2 - ok
18:37:39.0723 0x1988  [ 79804830006917D8DCB497ECE938AA0A ] \Device\Harddisk0\DR0\Partition3
18:37:39.0747 0x1988  \Device\Harddisk0\DR0\Partition3 - ok
18:37:39.0763 0x1988  [ 914A44BD5AFBE590685C35C134967AFD ] \Device\Harddisk0\DR0\Partition4
18:37:39.0765 0x1988  \Device\Harddisk0\DR0\Partition4 - ok
18:37:39.0769 0x1988  ================ Scan generic autorun ======================
18:37:39.0856 0x1988  [ 3F35AC7163E403C1FA8D34EB2FF36302, 47AE59E315A2BAE7003A18BFDC3859EFBED511822F4BA5F2E02C6D2464A019C1 ] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
18:37:39.0860 0x1988  Lenovo EE Boot Optimizer - ok
18:37:39.0902 0x1988  [ B026C52A81F572C56278E5B1A41A2C7A, 5CA869BF3E0F16CD3307EBFE701B27DC153301A9F40688754FBD00FB706ADA2D ] C:\Windows\system32\igfxtray.exe
18:37:39.0914 0x1988  IgfxTray - ok
18:37:39.0954 0x1988  [ 7F6C2FE69233F41D6EC2E8D363710B35, 5FC2003E8181DF365E8FA46024DC9C790B5DD7B9C9BAB1F4395FA0F9C372A7C6 ] C:\Windows\system32\hkcmd.exe
18:37:39.0961 0x1988  HotKeysCmds - ok
18:37:40.0416 0x1988  [ E55169229CD9E0BA6AD5D6DC7C7CDF22, B63053D9E2FEC11024EA65D7678605F61830C50B88B20D03A7BE40FAD835E74D ] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
18:37:40.0603 0x1988  EnergyUtility - ok
18:37:41.0454 0x1988  [ FC1CEFA4039AEA767C1B7B07ED7C99D7, 326828F901A8F49BAB95222219653769AD7528EAE154811D2778F299FF9932F3 ] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
18:37:41.0675 0x1988  Energy Management - ok
18:37:41.0831 0x1988  [ AAFCA7631F21F9D2D9B7BFA9355A9E97, F8B7884A6AD3AB4A9C5431CBDEB4569AD15CF2DD69437CD24160DC7AF04ED337 ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
18:37:41.0845 0x1988  cAudioFilterAgent - ok
18:37:41.0867 0x1988  NvBackend - ok
18:37:41.0918 0x1988  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
18:37:41.0922 0x1988  ShadowPlay - ok
18:37:41.0922 0x1988  MSC - ok
18:37:41.0924 0x1988  AvastUI.exe - ok
18:37:42.0295 0x1988  [ 4E1CA3ADD7338B84DA96E5A5CF99673F, C2D9816868A067DA93A83979C05BE5818A4AFAD8A449D7AF3330242C2CE6F674 ] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe
18:37:42.0365 0x1988  Lenovo Registration - ok
18:37:42.0438 0x1988  [ 766AE515B1749F2141E418CC6C08515B, 02DDB5A7DB8278AA47A951604818E73DB69155DBF1ECD06B6E11926204EADAE7 ] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
18:37:42.0443 0x1988  IAStorIcon - ok
18:37:42.0526 0x1988  [ EFC77110B674E4F0945E7E85E2EAAB7C, F6CC7D74C45A9EDAC81E97EB225DD1465A640A6DF79605A468C1C381FB12D5F4 ] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
18:37:42.0539 0x1988  Dolby Advanced Audio v2 - ok
18:37:42.0713 0x1988  [ 47C1DE0A890613FFCFF1D67648EEDF90, 5821567D7DD99623257AEA794023EF4200E6E17FD09656B40D97C44A35C701BB ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
18:37:42.0730 0x1988  Suspicious file ( Forged ): C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe. Real md5: 47C1DE0A890613FFCFF1D67648EEDF90, sha256: 5821567D7DD99623257AEA794023EF4200E6E17FD09656B40D97C44A35C701BB, fake md5: 3E04F1E482357B1FC8B088197C3D9FF8, fake sha256: 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546
18:37:42.0731 0x1988  Adobe ARM - detected ForgedFile.Multi.Generic ( 1 )
18:37:45.0483 0x1988  Detect skipped due to KSN trusted
18:37:45.0483 0x1988  Adobe ARM - ok
18:37:45.0588 0x1988  [ 3442D13F144954C0CB3116155B2984D3, B7DB3AFB5F9E9042956FE0B74586FA3D27AA7A57020F659F72F445DC8615EADA ] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
18:37:45.0598 0x1988  331BigDog - ok
18:37:45.0600 0x1988  SunJavaUpdateSched - ok
18:37:45.0661 0x1988  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
18:37:45.0662 0x1988  swg - ok
18:37:45.0663 0x1988  Waiting for KSN requests completion. In queue: 187
18:37:46.0663 0x1988  Waiting for KSN requests completion. In queue: 187
18:37:47.0663 0x1988  Waiting for KSN requests completion. In queue: 187
18:37:48.0681 0x1988  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.9.218.0 ), 0x60000 ( disabled : updated )
18:37:48.0819 0x1988  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 11.2.2738.0 ), 0x40000 ( disabled : updated )
18:37:48.0821 0x1988  FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 11.2.2738.0 ), 0x40010 ( disabled )
18:37:48.0825 0x1988  Win FW state via NFP2: enabled ( trusted )
18:37:51.0573 0x1988  ============================================================
18:37:51.0573 0x1988  Scan finished
18:37:51.0573 0x1988  ============================================================
18:37:51.0578 0x19e4  Detected object count: 0
18:37:51.0578 0x19e4  Actual detected object count: 0
 
 


#13 Deriath

Deriath
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 PM

Posted 07 May 2016 - 12:00 PM

report from aswMBR:

 
 
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-05-07 18:39:48
-----------------------------
18:39:48.511    OS Version: Windows x64 6.1.7601 Service Pack 1
18:39:48.511    Number of processors: 4 586 0x3A09
18:39:48.512    ComputerName: LAPTOP-KOMPUTER  UserName: Laptop
18:39:49.645    Initialize success
18:39:49.663    VM: initialized successfully
18:39:49.664    VM: Intel CPU BiosDisabled 
18:39:53.429    AVAST engine defs: 16050601
18:40:59.276    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:40:59.276    Disk 0 Vendor: ST750LM0 2AR1 Size: 715404MB BusType: 3
18:40:59.432    Disk 0 MBR read successfully
18:40:59.432    Disk 0 MBR scan
18:40:59.790    Disk 0 Windows 7 default MBR code
18:40:59.806    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          200 MB offset 2048
18:40:59.806    Disk 0 default boot code
18:41:00.024    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       464321 MB offset 411648
18:41:00.087    Disk 0 Partition - 00     0F Extended LBA            230880 MB offset 951343104
18:41:00.118    Disk 0 Partition 3 00     12  Compaq diag NTFS        20001 MB offset 1424185344
18:41:00.212    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       204799 MB offset 951345152
18:41:00.446    Disk 0 Partition - 00     05     Extended             26080 MB offset 1370773504
18:41:00.477    Disk 0 Partition 5 00     07    HPFS/NTFS NTFS        26079 MB offset 1370775552
18:41:00.773    Disk 0 scanning C:\Windows\system32\drivers
18:41:12.785    File: C:\Windows\system32\drivers\cfwids.sys **HIDDEN**
18:41:12.832    File: C:\Windows\system32\drivers\mfeapfk.sys **HIDDEN**
18:41:12.879    File: C:\Windows\system32\drivers\mfeavfk.sys **HIDDEN**
18:41:12.910    File: C:\Windows\system32\drivers\mfeclnk.sys **HIDDEN**
18:41:12.957    File: C:\Windows\system32\drivers\mfefirek.sys **HIDDEN**
18:41:13.004    File: C:\Windows\system32\drivers\mfehidk.sys **HIDDEN**
18:41:13.035    File: C:\Windows\system32\drivers\mfenlfk.sys **HIDDEN**
18:41:13.082    File: C:\Windows\system32\drivers\mferkdet.sys **HIDDEN**
18:41:13.113    File: C:\Windows\system32\drivers\mfewfpk.sys **HIDDEN**
18:41:13.113    Service scanning
18:41:28.651    Modules scanning
18:41:28.651    Disk 0 trace - called modules:
18:41:28.682    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
18:41:28.682    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006fa9060]
18:41:28.682    3 CLASSPNP.SYS[fffff880019c643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ac5050]
18:41:29.727    AVAST engine scan C:\Windows
18:41:31.677    AVAST engine scan C:\Windows\system32
18:43:09.910    File: C:\Windows\system32\mfevtps.exe **HIDDEN**
18:43:10.051    File: C:\Windows\system32\nvcuvenc.dll **HIDDEN**
18:43:28.428    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9859a6e0562f64eacfb8ad76f260a2d6\Accessibility.ni.dll **HIDDEN**
18:43:28.490    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\2823d3be9334fea94dce8001b247589b\BDATunePIA.ni.dll **HIDDEN**
18:43:28.521    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\5f1a06c0108b2c81cde1dc491d74043d\ComSvcConfig.ni.exe **HIDDEN**
18:43:28.537    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bf7e7494e75e32979c7824a07570a8a9\CustomMarshalers.ni.dll **HIDDEN**
18:43:28.568    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\dfsvc\2c3e7fda8de40e45e7f5e004094dc7c9\dfsvc.ni.exe **HIDDEN**
18:43:28.599    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\c899de3549784161aa66610d5735e4f0\ehExtHost32.ni.exe **HIDDEN**
18:43:28.615    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\7b6de29c99674df526ccf9d4937828fe\ehiExtens.ni.dll **HIDDEN**
18:43:28.662    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\5cd902459c588bb0ac608d4cbc8b5e4c\ehiProxy.ni.dll **HIDDEN**
18:43:28.677    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\f09ce1eab0d18a4bbd53ab2a67a5c909\ehiUserXp.ni.dll **HIDDEN**
18:43:28.740    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\e05e6f6ef788b8973bbedf258216c972\ehiVidCtl.ni.dll **HIDDEN**
18:43:28.771    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\6e35ba22c9762646d5294dd919175c69\ehRecObj.ni.dll **HIDDEN**
18:43:28.802    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\EventViewer\654c5baca16d72756296ab1d927ea4a8\EventViewer.ni.dll **HIDDEN**
18:43:28.864    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ca11c3c4c5560bf7aafa094599128200\IAStorCommon.ni.dll **HIDDEN**
18:43:28.911    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\1428876b9bee0b7d7ced9462111719b8\IAStorDataMgr.ni.dll **HIDDEN**
18:43:28.942    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\51694f36a8a968fb3d8ca98152caf4ef\IAStorDataMgrSvc.ni.exe **HIDDEN**
18:43:29.005    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f1f0231b32dee581dcab0b26d83b02ca\IAStorUtil.ni.dll **HIDDEN**
18:43:29.036    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.CxHDAudioAP#\c534da8afa812956f594f98fc9ff5998\Interop.CxHDAudioAPILib.ni.dll **HIDDEN**
18:43:29.083    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a21ece5c049c9f429756fd1a3fe55ccd\IsdiInterop.ni.dll **HIDDEN**
18:43:29.176    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\mcepg\38e4b4d4c4cf98e359438769fae66149\mcepg.ni.dll **HIDDEN**
18:43:29.239    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstore\740a64a316ada107a23dd34f35ae3b94\mcstore.ni.dll **HIDDEN**
18:43:29.270    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\c359669d601990310a6b30ab5992ffa8\mcstoredb.ni.dll **HIDDEN**
18:43:29.286    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\942c10614a6f8c8a22d1f74e217a11d6\Microsoft.Build.Conversion.v3.5.ni.dll **HIDDEN**
18:43:29.332    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\14afe54e24cf09fe6c371fc47cfabf0e\Microsoft.Build.Engine.ni.dll **HIDDEN**
18:43:29.410    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e4031bd0b7706fd0a686e9bb6353aa2a\Microsoft.Build.Engine.ni.dll **HIDDEN**
18:43:29.426    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4c0fa9d495ac562afcb136f3e9a87cb9\Microsoft.Build.Framework.ni.dll **HIDDEN**
18:43:29.473    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\84b83e7639310b35b5ce150df62a2843\Microsoft.Build.Framework.ni.dll **HIDDEN**
18:43:29.535    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\880a680b2160130c8cf858a7d2a9067d\Microsoft.Build.Tasks.ni.dll **HIDDEN**
18:43:29.613    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d7245402b9853a8e390552ba45b3a6b4\Microsoft.Build.Tasks.v3.5.ni.dll **HIDDEN**
18:43:29.660    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\30f8865f88bb953486fd20650b54177c\Microsoft.Build.Utilities.ni.dll **HIDDEN**
18:43:29.691    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\dfb5532e4cf07b7324280988a3e1cca4\Microsoft.Build.Utilities.v3.5.ni.dll **HIDDEN**
18:43:29.738    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\b0d0daea6a1d9a111a0f33a9a868bcf7\Microsoft.Ink.ni.dll **HIDDEN**
18:43:29.816    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b3fde69f9642ab464bd3389f1fe3c5bd\Microsoft.JScript.ni.dll **HIDDEN**
18:43:29.847    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\630257a0b042768c2e3104a36559c1a9\Microsoft.ManagementConsole.ni.dll **HIDDEN**
18:43:29.878    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\d22ec1c367b915c4028867244c6a1623\Microsoft.MediaCenter.ni.dll **HIDDEN**
18:43:29.894    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\e7b8df5d803bb9bd27f63f0074775aaf\Microsoft.MediaCenter.UI.ni.dll **HIDDEN**
18:43:29.972    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2ba6bf6e9258afde91ab81fad2d37469\Microsoft.PowerShell.GPowerShell.ni.dll **HIDDEN**
18:43:30.019    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3008a05e2928e2c1d856cc34e0422c17\Microsoft.PowerShell.Commands.Utility.ni.dll **HIDDEN**
18:43:30.050    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4f68cd04686e5dc5a55070d112d44bdf\Microsoft.PowerShell.Commands.Diagnostics.ni.dll **HIDDEN**
18:43:30.144    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6cc1334749f85cce651642f0a8260892\Microsoft.PowerShell.Editor.ni.dll **HIDDEN**
18:43:30.237    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8ce205027e30804d1b2deaffa0582735\Microsoft.PowerShell.Security.ni.dll **HIDDEN**
18:43:30.300    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8df695fb80187f65208d87229e81e8a2\Microsoft.PowerShell.Commands.Management.ni.dll **HIDDEN**
18:43:30.346    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b1c511d8fad78ad3c5213b2b4fb02b8b\Microsoft.PowerShell.ConsoleHost.ni.dll **HIDDEN**
18:43:30.393    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\e998eeb1548ffd53b39dcde50d196ab7\Microsoft.PowerShell.GraphicalHost.ni.dll **HIDDEN**
18:43:30.440    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\4a235e617ad0a4c3aecd3982f0e3c48a\Microsoft.Transactions.Bridge.Dtc.ni.dll **HIDDEN**
18:43:30.502    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\af058f98427f47670e70468a36d84ee4\Microsoft.Transactions.Bridge.ni.dll **HIDDEN**
18:43:30.549    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll **HIDDEN**
18:43:30.596    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\4bfa36696bef033cf7e33b1a092c8a0f\Microsoft.VisualC.ni.dll **HIDDEN**
18:43:30.612    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\a415a146afc72f13f691f69a11ab5609\Microsoft.Vsa.ni.dll **HIDDEN**
18:43:30.658    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\0a5d39e601d2512b483a56408c3cec05\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll **HIDDEN**
18:43:30.690    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\90cd177df2fc13d88c401b6b53a121b8\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll **HIDDEN**
18:43:30.721    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\aa3fa7748881ce0969396eba0be3c6c3\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll **HIDDEN**
18:43:30.736    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\b5e6aa065d13e30c27219186f8e02689\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll **HIDDEN**
18:43:30.768    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\de64901e4cd2074f5c70733ab5d7787a\Microsoft.Windows.Diagnosis.SDHost.ni.dll **HIDDEN**
18:43:30.783    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\e7904d77bcee77868d534546ed2a61b6\Microsoft.Windows.Diagnosis.SDEngine.ni.dll **HIDDEN**
18:43:30.814    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\ee8ed3c8e7f0281a9e29c7cdf050b69d\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll **HIDDEN**
18:43:30.846    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\ee28a075665b6bc23b6dae56903d431d\Microsoft.WSMan.Management.ni.dll **HIDDEN**
18:43:30.877    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\86550fdda6994a9c192d7a0b9b59ee5b\Microsoft.WSMan.Runtime.ni.dll **HIDDEN**
18:43:30.877    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\569e273efda8306ec7e22143d5285476\MIGUIControls.ni.dll **HIDDEN**
18:43:30.939    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\MMCEx\6d4bacfd54e8f79763945bee5a50711d\MMCEx.ni.dll **HIDDEN**
18:43:30.970    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\18e41c018ceff36c2512d12f570f0be7\MMCFxCommon.ni.dll **HIDDEN**
18:43:30.986    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\MSBuild\af28543d9b3e7d9f110448ecce53cd72\MSBuild.ni.exe **HIDDEN**
18:43:31.002    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll **HIDDEN**
18:43:31.048    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\napcrypt\09b65f9c3f78e6ef3e259af945e937b9\napcrypt.ni.dll **HIDDEN**
18:43:31.064    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\naphlpr\3905ee11acabb6d202a69b8bfa3c91a0\naphlpr.ni.dll **HIDDEN**
18:43:31.095    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\napinit\6a657f2f518f97b282702fce20033459\napinit.ni.dll **HIDDEN**
18:43:31.142    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\napsnap\f64692e58aa1a7116024bf3c3cbd1352\napsnap.ni.dll **HIDDEN**
18:43:31.204    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\Narrator\0bae62c3fc6c327ed24989263988173d\Narrator.ni.exe **HIDDEN**
18:43:31.251    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\c0a8f3f379d7a62a032783cc4e04a4dd\PresentationBuildTasks.ni.dll **HIDDEN**
18:43:31.282    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3e357e76593a8cc5346dc0431f4cdaa9\PresentationCFFRasterizer.ni.dll **HIDDEN**
18:43:31.282    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2ad23de8284d4594aa658dfb5e667d97\PresentationCore.ni.dll **HIDDEN**
18:43:31.314    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\b3ade8d5c0d4bb5d4940bcafd3453642\PresentationFontCache.ni.exe **HIDDEN**
18:43:31.376    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0e5bae8f265fbbbf53e8ca79d159cd6d\PresentationFramework.Luna.ni.dll **HIDDEN**
18:43:31.407    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\17ab5131ab854c98847ad70236435924\PresentationFramework.Royale.ni.dll **HIDDEN**
18:43:31.423    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2897c35bf2bc4ef171004bfc2909aaf3\PresentationFramework.Classic.ni.dll **HIDDEN**
18:43:31.454    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\299d0b38053fd7cbd84bac2178c3703b\PresentationFramework.Aero.ni.dll **HIDDEN**
18:43:31.470    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bfaf8f86e69928fb2f67987c0203f603\PresentationFramework.ni.dll **HIDDEN**
18:43:31.563    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\6f4c8aeb8f066adf5cafedbec0cac415\PresentationUI.ni.dll **HIDDEN**
18:43:31.641    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\7073e12b4c349a6ad94522e465e4f4ed\ReachFramework.ni.dll **HIDDEN**
18:43:31.688    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\SmartAudio\1c301df37d78b555739f4881e69b9170\SmartAudio.ni.exe **HIDDEN**
18:43:31.719    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8218dc4808b77f3585fb048c61597af1\SMDiagnostics.ni.dll **HIDDEN**
18:43:31.750    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\1bc1ee3c3aa45d28dcf4657bceb2fcb4\SMSvcHost.ni.exe **HIDDEN**
18:43:31.797    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\sysglobl\8abe9d895b3e9efe741b9162cb9206fc\sysglobl.ni.dll **HIDDEN**
18:43:31.797    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll **HIDDEN**
18:43:31.844    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\29c55874e34f9d5cd3ea739262f48adc\System.AddIn.ni.dll **HIDDEN**
18:43:31.875    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\78ce3fd89c50ab2d8d0ffc42ad838644\System.AddIn.Contract.ni.dll **HIDDEN**
18:43:31.891    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\221fa10bd3cb407e43b7476af5039090\System.ComponentModel.DataAnnotations.ni.dll **HIDDEN**
18:43:31.922    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f02737c83305687a68c088927a6c5a98\System.Configuration.Install.ni.dll **HIDDEN**
18:43:31.969    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll **HIDDEN**
18:43:32.062    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll **HIDDEN**
18:43:32.062    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1e85062785e286cd9eae9c26d2c61f73\System.Data.ni.dll **HIDDEN**
18:43:32.140    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\eae18653a1b39fe484b49963d43480ce\System.Data.DataSetExtensions.ni.dll **HIDDEN**
18:43:32.172    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\a5947a9c77b884b9e06c54f38ff3c4d7\System.Data.Entity.ni.dll **HIDDEN**
18:43:32.234    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\32088676b4c08d192aae910cac1dade4\System.Data.Entity.Design.ni.dll **HIDDEN**
18:43:32.312    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\748de10ea72fad908022d9507c7304fc\System.Data.Linq.ni.dll **HIDDEN**
18:43:32.343    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\907f5045e26c39e1ae48024201b6334d\System.Data.OracleClient.ni.dll **HIDDEN**
18:43:32.406    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\5d0f494f1be2367fb0a634956f719965\System.Data.Services.Design.ni.dll **HIDDEN**
18:43:32.468    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a933cd1241698e4d13d80c8cb31d7055\System.Data.Services.Client.ni.dll **HIDDEN**
18:43:32.515    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\c335a6ef5339fa917518475c286c8ca4\System.Data.Services.ni.dll **HIDDEN**
18:43:32.593    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\4308c2310ca6f08c6e0068172e5b709f\System.Data.SqlXml.ni.dll **HIDDEN**
18:43:32.655    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\be74d258a0daa0e11197e1dcb1b3b0b9\System.Deployment.ni.dll **HIDDEN**
18:43:32.655    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\52873358b397c328168f0a5be7f3b9ae\System.Design.ni.dll **HIDDEN**
18:43:32.733    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\45ec12795950a7d54691591c615a9e3c\System.DirectoryServices.ni.dll **HIDDEN**
18:43:32.764    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\bcad898b90aee666da2f81b0a87a91ee\System.DirectoryServices.AccountManagement.ni.dll **HIDDEN**
18:43:32.796    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ced847eb933ffee8e1a2e738205916ce\System.DirectoryServices.Protocols.ni.dll **HIDDEN**
18:43:32.858    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll **HIDDEN**
18:43:32.905    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\fac6392e83ef7e777b78933e057c9546\System.Drawing.Design.ni.dll **HIDDEN**
18:43:32.952    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\887ef2648686aad19feff405eddbffd2\System.EnterpriseServices.ni.dll **HIDDEN**
18:43:32.967    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\887ef2648686aad19feff405eddbffd2\System.EnterpriseServices.Wrapper.dll **HIDDEN**
18:43:33.014    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\5490e4be56d6b1a80586439ac8b09b77\System.IdentityModel.Selectors.ni.dll **HIDDEN**
18:43:33.076    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\b4c60dd01be760ee0452df2c040de8fc\System.IdentityModel.ni.dll **HIDDEN**
18:43:33.108    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\19837bdc62b7667aba81364142e3565a\System.IO.Log.ni.dll **HIDDEN**
18:43:33.139    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\System.Management.ni.dll **HIDDEN**
18:43:33.154    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\4436815b432c313255af322f4ec3560d\System.Management.Automation.ni.dll **HIDDEN**
18:43:33.201    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\17e443d6c643b83137beb310adee3c48\System.Management.Instrumentation.ni.dll **HIDDEN**
18:43:33.232    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\9c17882ea083259c36cfd691f7c0835b\System.Messaging.ni.dll **HIDDEN**
18:43:33.295    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Net\964a515210f3bad01949e9ae4f83c7b2\System.Net.ni.dll **HIDDEN**
18:43:33.357    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Printing\aac5817d96d0ddcffebc1c45000e9008\System.Printing.ni.dll **HIDDEN**
18:43:33.404    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll **HIDDEN**
18:43:33.435    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0728af1479c3388cadf85ccfc2b12582\System.Runtime.Serialization.Formatters.Soap.ni.dll **HIDDEN**
18:43:33.513    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4a984a9ad59d14063bc6ae64a0c8f62a\System.Runtime.Serialization.ni.dll **HIDDEN**
18:43:33.544    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\d9a485330ec2708456134e4a9712a4ab\System.Security.ni.dll **HIDDEN**
18:43:33.544    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e2642bff810609f64343e53dddb6b59c\System.ServiceModel.ni.dll **HIDDEN**
18:43:33.607    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\4782a5d2bc7d86895faf404a3470aacb\System.ServiceModel.Web.ni.dll **HIDDEN**
18:43:33.654    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\20008c75bb41e2febf84d4d4aea5b4e8\System.ServiceProcess.ni.dll **HIDDEN**
18:43:33.700    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Speech\6935e1dad6ec5de21658f8d38999099a\System.Speech.ni.dll **HIDDEN**
18:43:33.747    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad18f93fc713db2c4b29b25116c13bd8\System.Transactions.ni.dll **HIDDEN**
18:43:33.763    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll **HIDDEN**
18:43:33.794    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\3112fe15b1994ff59b169cf7ce997e71\System.Web.Abstractions.ni.dll **HIDDEN**
18:43:33.810    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ec2acb1a563ecfce8396babd4a3b25\System.Web.DynamicData.Design.ni.dll **HIDDEN**
18:43:33.856    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a16dd65d2bfab6a019ac8a05337a5c24\System.Web.DynamicData.ni.dll **HIDDEN**
18:43:33.888    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9a3ab1594cf5cd52f0794b0a93a14b57\System.Web.Entity.ni.dll **HIDDEN**
18:43:33.919    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\a63e76cc86c8958f0f3e9741c0d89f14\System.Web.Entity.Design.ni.dll **HIDDEN**
18:43:33.966    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\0b5071ee1d40266575a7ac53b9b299d4\System.Web.Extensions.Design.ni.dll **HIDDEN**
18:43:34.044    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\70823ac0d6e6631a11d443bf38987cc9\System.Web.Extensions.ni.dll **HIDDEN**
18:43:34.090    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9abec9ee3dab00d67b395d1994a60776\System.Web.Mobile.ni.dll **HIDDEN**
18:43:34.122    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\c72ccbd1fef598dd897fdf0d2e49195b\System.Web.RegularExpressions.ni.dll **HIDDEN**
18:43:34.137    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\165d0873203da280298bfcfa50567a0b\System.Web.Routing.ni.dll **HIDDEN**
18:43:34.231    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\02d5be8209f0eac6f7725f8d83b87df6\System.Web.Services.ni.dll **HIDDEN**
18:43:34.231    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll **HIDDEN**
18:43:34.262    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\fee2bbfe0b8f5988a3ab7a9db85c7a30\System.Windows.Presentation.ni.dll **HIDDEN**
18:43:34.356    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b2a2c534c407bbe46e8536445d0ada50\System.Workflow.Activities.ni.dll **HIDDEN**
18:43:34.371    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\e1a68d2a01e132ebc60a5565a771902b\System.Workflow.ComponentModel.ni.dll **HIDDEN**
18:43:34.434    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\2101dbd9fa083a2ed0cc112636260070\System.Workflow.Runtime.ni.dll **HIDDEN**
18:43:34.480    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\f0f10d0591d11a36ee2aa8ee2fbdb2bf\System.WorkflowServices.ni.dll **HIDDEN**
18:43:34.480    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll **HIDDEN**
18:43:34.527    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\70aac9dff3bdde548962557151c1ff49\System.Xml.Linq.ni.dll **HIDDEN**
18:43:34.558    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\99797e9500ed7bfa6b06063e7f017313\TaskScheduler.ni.dll **HIDDEN**
18:43:34.636    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\eca4310274a7a6ce651b33cd4278610c\UIAutomationClient.ni.dll **HIDDEN**
18:43:34.714    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\56780b4bd164787631d4317d0556c3c0\UIAutomationClientsideProviders.ni.dll **HIDDEN**
18:43:34.746    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ab8ac659d9525c6a0cd22c6f3734862f\UIAutomationProvider.ni.dll **HIDDEN**
18:43:34.792    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6820836e29efa97200d3fcfb4d0f170b\UIAutomationTypes.ni.dll **HIDDEN**
18:43:34.902    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll **HIDDEN**
18:43:34.964    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\30b1d86571495ea86b9a19b13498aad3\WindowsFormsIntegration.ni.dll **HIDDEN**
18:43:34.995    File: C:\Windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\96a8bdafba9f9d3e33cd974bfaa67e58\WsatConfig.ni.exe **HIDDEN**
18:43:35.042    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Accessibility\b03641c39929ad202f0c3a9a64b93d86\Accessibility.ni.dll **HIDDEN**
18:43:35.089    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\13385391832b7c36af9306baeb570e57\BDATunePIA.ni.dll **HIDDEN**
18:43:35.120    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\d632b7434f821829827657e23ac98589\ComSvcConfig.ni.exe **HIDDEN**
18:43:35.151    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\e41fccd68a6543f2528f6f6118f5f7e2\CustomMarshalers.ni.dll **HIDDEN**
18:43:35.182    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\dfsvc\9bc0d921859b039d6e9f642148333949\dfsvc.ni.exe **HIDDEN**
18:43:35.214    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehCIR\b648e07269decc9d5a2d8aeba1d48cbb\ehCIR.ni.dll **HIDDEN**
18:43:35.245    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\ad37b6e3a1cb1081592f1c5797ae9dad\ehExtHost.ni.exe **HIDDEN**
18:43:35.276    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\56a7faf970109dc1dc6b76f643d93c5f\ehiActivScp.ni.dll **HIDDEN**
18:43:35.292    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\99c61751c71078d92ff372495bc38fc3\ehiBmlDataCarousel.ni.dll **HIDDEN**
18:43:35.323    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\d122f8c71cdd586e76d9617f80a0297f\ehiExtens.ni.dll **HIDDEN**
18:43:35.354    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\4a7ec1155d9e9e4b40889b171d16a577\ehiiTv.ni.dll **HIDDEN**
18:43:35.401    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\50691bdee045a2df00f00ac461844c5f\ehiProxy.ni.dll **HIDDEN**
18:43:35.432    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\32c163c5b3420fb95f4bc8b5a365a6bd\ehiTVMSMusic.ni.dll **HIDDEN**
18:43:35.463    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\8b58e86c1211cac8bb344ec05015055b\ehiUPnP.ni.dll **HIDDEN**
18:43:35.479    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\a6dc826bf08c95bd5fe459a02bbfd33c\ehiUserXp.ni.dll **HIDDEN**
18:43:35.526    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\005810b5e7d8802575d07878997d434d\ehiVidCtl.ni.dll **HIDDEN**
18:43:35.588    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\9f570489c98c93a79f0fd793586afdc6\ehiwmp.ni.dll **HIDDEN**
18:43:35.619    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\b253aa4b8000e29b2fb725e4f7b8bc7c\ehiWUapi.ni.dll **HIDDEN**
18:43:35.666    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\dd75e74b3a7686f661129df07fdeadf1\ehRecObj.ni.dll **HIDDEN**
18:43:35.682    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ehshell\a1e624126e0db648f3b8ea24d0f13f84\ehshell.ni.dll **HIDDEN**
18:43:35.713    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\EventViewer\21464de9aa1dce17c1f42044129a986e\EventViewer.ni.dll **HIDDEN**
18:43:35.760    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\d09b54cd68bc772b3be3832926e940d4\LoadMxf.ni.exe **HIDDEN**
18:43:35.869    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\mcepg\13b4ad00d1167ff3ed7d2a8e4994f1ff\mcepg.ni.dll **HIDDEN**
18:43:35.962    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\MCESidebarCtrl\f04b0488328a68d57953149b31a85065\MCESidebarCtrl.ni.dll **HIDDEN**
18:43:35.994    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\18aae97d7e56a28acf9d642ad23ab413\mcGlidHostObj.ni.dll **HIDDEN**
18:43:36.025    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\f7a93626b76fe66f217c19426cc5b02a\mcplayerinterop.ni.dll **HIDDEN**
18:43:36.103    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\mcstore\67c2902f53638a9056174f6130a8bde7\mcstore.ni.dll **HIDDEN**
18:43:36.150    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\e049a1a3948a031aed69690fc102ea6c\mcstoredb.ni.dll **HIDDEN**
18:43:36.181    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\mcupdate\f30beba36940b5a2b55a32ea7f42d694\mcupdate.ni.exe **HIDDEN**
18:43:36.228    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\53fddfded025faba07fdd8b69fef6bd6\Mcx2Dvcs.ni.dll **HIDDEN**
18:43:36.243    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\ba0cf5858766f7bc9413b1d4af6d69bd\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll **HIDDEN**
18:43:36.274    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\8d64f031cf429f4ce79642e8be267d2d\Microsoft.Build.Conversion.v3.5.ni.dll **HIDDEN**
18:43:36.337    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\2e1dbe90bc10ba70f147a249adfc7f64\Microsoft.Build.Engine.ni.dll **HIDDEN**
18:43:36.399    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\8c4abd55a6b822e3efbbc649c5c01a3e\Microsoft.Build.Engine.ni.dll **HIDDEN**
18:43:36.415    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\89815091ad8cb6d7b4c48d84ff1021e0\Microsoft.Build.Framework.ni.dll **HIDDEN**
18:43:36.462    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\a71fda14114136e528b310f41dce7915\Microsoft.Build.Framework.ni.dll **HIDDEN**
18:43:36.555    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\3cf3740de20740208d614d330aa4416c\Microsoft.Build.Tasks.v3.5.ni.dll **HIDDEN**
18:43:36.602    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\ca72594c581d8024d629f931f0e312d7\Microsoft.Build.Tasks.ni.dll **HIDDEN**
18:43:36.633    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\8ce46e3ffce2d37b9c50762a641c57ee\Microsoft.Build.Utilities.ni.dll **HIDDEN**
18:43:36.649    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\97d05b893a063bbb5b56c7b3d20c5245\Microsoft.Build.Utilities.v3.5.ni.dll **HIDDEN**
18:43:36.727    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\3d4632e11d04d8db85c98485b1622bae\Microsoft.Ink.ni.dll **HIDDEN**
18:43:36.805    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\71e40c479d779f2bf55bb925834e3cd3\Microsoft.JScript.ni.dll **HIDDEN**
18:43:36.836    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\e72886c96b63be364c0205b6c4ff4413\Microsoft.ManagementConsole.ni.dll **HIDDEN**
18:43:36.883    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\140714964f3afbcea38cb33d548c5d3c\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll **HIDDEN**
18:43:36.930    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\1e99a9d1dc792d81f86b5de451cf9f3d\Microsoft.MediaCenter.Interop.ni.dll **HIDDEN**
18:43:36.945    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\4e9468fdc6937145e65c6434787e2fa5\Microsoft.MediaCenter.iTv.Media.ni.dll **HIDDEN**
18:43:36.992    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5b9c2eae674609a3d84010c9906e0bf8\Microsoft.MediaCenter.iTv.Hosting.ni.dll **HIDDEN**
18:43:37.008    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\618ab8996b43e841efdcfb273393fc02\Microsoft.MediaCenter.UI.ni.dll **HIDDEN**
18:43:37.054    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\91d1761a767975dc100e4e05e48cc9a3\Microsoft.MediaCenter.Shell.ni.dll **HIDDEN**
18:43:37.086    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\9ae837dc03e8519b40fe2c35c8752146\Microsoft.MediaCenter.ni.dll **HIDDEN**
18:43:37.132    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\a9f43923aab0d83b93cbf10ac1dfd0b5\Microsoft.MediaCenter.iTv.ni.dll **HIDDEN**
18:43:37.179    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b883b83d1f72f1fcaf4acdef3c9c381f\Microsoft.MediaCenter.Bml.ni.dll **HIDDEN**
18:43:37.210    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ce17670e5d6d33a85e64766e340a2176\Microsoft.MediaCenter.Playback.ni.dll **HIDDEN**
18:43:37.257    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\dc34242bf840d340e94d2657c7c33371\Microsoft.MediaCenter.Sports.ni.dll **HIDDEN**
18:43:37.273    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ef44c6dfcb60c7b8bc8c26847048d6e5\Microsoft.MediaCenter.ITVVM.ni.dll **HIDDEN**
18:43:37.304    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f1f58d6720098d7c1d51faf7f326d72d\Microsoft.MediaCenter.Mheg.ni.dll **HIDDEN**
18:43:37.382    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\7a9c26f21641112fcacd6f087b42133a\Microsoft.PowerShell.GPowerShell.ni.dll **HIDDEN**
18:43:37.413    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\9206dc8156588e608d405729c833edc5\Microsoft.PowerShell.Commands.Management.ni.dll **HIDDEN**
18:43:37.429    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\997418025a2c73d8088b0f59264a6f2b\Microsoft.PowerShell.Editor.ni.dll **HIDDEN**
18:43:37.476    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b023321bc53c20c10ccbbd8f78c82c82\Microsoft.PowerShell.ConsoleHost.ni.dll **HIDDEN**
18:43:37.507    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b5a6a5ce3cd3d4dd2b151315c612aeff\Microsoft.PowerShell.Security.ni.dll **HIDDEN**
18:43:37.569    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\cdf48153115fc0bb466f37b7dcad9ac5\Microsoft.PowerShell.Commands.Utility.ni.dll **HIDDEN**
18:43:37.600    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\dcf1d740ffae84572215588047a59861\Microsoft.PowerShell.GraphicalHost.ni.dll **HIDDEN**
18:43:37.632    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\ec50af274bf7a15fb59ac1f0d353b7ea\Microsoft.PowerShell.Commands.Diagnostics.ni.dll **HIDDEN**
18:43:37.663    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\22b5364c10d315a7f0a1fbd23f671c5a\Microsoft.Transactions.Bridge.Dtc.ni.dll **HIDDEN**
18:43:37.710    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\a04be0cabc675da23c6cdd970b50e3c5\Microsoft.Transactions.Bridge.ni.dll **HIDDEN**
18:43:37.772    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\684eae3bcd28cb6d1e6997e6497056e2\Microsoft.VisualBasic.ni.dll **HIDDEN**
18:43:37.803    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\692d1ed105277febf1550c93d00cd202\Microsoft.VisualC.ni.dll **HIDDEN**
18:43:37.819    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\bb235aa98e8e876f0f641c4d486f9151\Microsoft.Vsa.ni.dll **HIDDEN**
18:43:37.866    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\03ab7eafba7f39a47e9e50e59551395a\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll **HIDDEN**
18:43:37.881    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\1dd37db07c93d0d49379838760970302\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll **HIDDEN**
18:43:37.912    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\5efdf2ce3570caddc09eeae943f71cee\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll **HIDDEN**
18:43:37.928    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\a178c0607d3809c8334a450b9b839b43\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll **HIDDEN**
18:43:37.959    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\a5daafd496ae30928b7ac626037af53c\Microsoft.Windows.Diagnosis.SDEngine.ni.dll **HIDDEN**
18:43:37.990    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\dcc11202188c9fa2ba06359a04d4b43a\Microsoft.Windows.Diagnosis.SDHost.ni.dll **HIDDEN**
18:43:38.006    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\e97b40597db13e8a8151b30b9c59007e\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll **HIDDEN**
18:43:38.053    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\8cd73e65058ef6f77f36b62a74ec3344\Microsoft.WSMan.Management.ni.dll **HIDDEN**
18:43:38.084    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\4582b654b68ad17b90714875bd8c3fa2\Microsoft.WSMan.Runtime.ni.dll **HIDDEN**
18:43:38.084    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\5d7e85e3ad81826e2e1d7131284c63fe\MIGUIControls.ni.dll **HIDDEN**
18:43:38.162    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\MMCEx\b46af15d2e2ae2782f384bfc4a4c2c03\MMCEx.ni.dll **HIDDEN**
18:43:38.193    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\98b1fc37038b59eb1fcb89ce6284190e\MMCFxCommon.ni.dll **HIDDEN**
18:43:38.224    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\MSBuild\1a154709cdfe214029ea88c51ab2b579\MSBuild.ni.exe **HIDDEN**
18:43:38.240    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9469491f37d9c35b596968b206615309\mscorlib.ni.dll **HIDDEN**
18:43:38.271    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\napcrypt\d95f343677c556b67e99818cc02f4214\napcrypt.ni.dll **HIDDEN**
18:43:38.302    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\naphlpr\03d99e593bc94e308005a972667d7ca9\naphlpr.ni.dll **HIDDEN**
18:43:38.334    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\napinit\a64d6cb9f99621449821066eca9291e9\napinit.ni.dll **HIDDEN**
18:43:38.396    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\napsnap\46a2e8958905ea98cb6e91b38449c58a\napsnap.ni.dll **HIDDEN**
18:43:38.490    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\Narrator\4cc02fad33053737088d4c18267ca0a0\Narrator.ni.exe **HIDDEN**
18:43:38.599    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\08ccd030c85c817c0a889196955a49a4\PresentationBuildTasks.ni.dll **HIDDEN**
18:43:38.630    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\c0ad9f95f88a6678d9ab2a648f0f2eae\PresentationCFFRasterizer.ni.dll **HIDDEN**
18:43:38.630    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\e097881a6e1956a4c3f6b8dbb81cb4ee\PresentationCore.ni.dll **HIDDEN**
18:43:38.661    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\0246845f487e5f33d3564eff578665a3\PresentationFontCache.ni.exe **HIDDEN**
18:43:38.692    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\09ca6fe45ec9d8c535413b0dfa7d2075\PresentationFramework.ni.dll **HIDDEN**
18:43:38.724    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\1badf57680aebab32f17bc080876b61d\PresentationFramework.Classic.ni.dll **HIDDEN**
18:43:38.755    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\4260e87dc94e25052b34ea78873dfedb\PresentationFramework.Aero.ni.dll **HIDDEN**
18:43:38.802    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\495f263cbca8e7d0462ee309a634e115\PresentationFramework.Luna.ni.dll **HIDDEN**
18:43:38.833    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\c462be068987b2b4fac3a700f265fc77\PresentationFramework.Royale.ni.dll **HIDDEN**
18:43:38.911    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\d7c71f43e6d6e92221717345e6156044\PresentationUI.ni.dll **HIDDEN**
18:43:39.004    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\34177215bbd2e05eb6d59d40a0a98f96\ReachFramework.ni.dll **HIDDEN**
18:43:39.036    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\4b5adb098f8ce2890826195454a777b2\SMDiagnostics.ni.dll **HIDDEN**
18:43:39.067    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\04d794428d635f6a82ac57dd3d6f3628\SMSvcHost.ni.exe **HIDDEN**
18:43:39.098    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\sysglobl\857fbc76bdd79711e5228e5b075ade49\sysglobl.ni.dll **HIDDEN**
18:43:39.114    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System\adff7dd9fe8e541775c46b6363401b22\System.ni.dll **HIDDEN**
18:43:39.223    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\ed852e32514b415cfb4ac81aef9ac0fd\System.AddIn.ni.dll **HIDDEN**
18:43:39.270    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\eadb7dd5fe85da92b491154484bc40e3\System.AddIn.Contract.ni.dll **HIDDEN**
18:43:39.301    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\560cb6a2e8f4877877b11de7c1f07d42\System.ComponentModel.DataAnnotations.ni.dll **HIDDEN**
18:43:39.332    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\fcf35536476614410e0b0bd0e412199e\System.Configuration.Install.ni.dll **HIDDEN**
18:43:39.410    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\091b931d0f6408001747dbbbb05dbe66\System.Configuration.ni.dll **HIDDEN**
18:43:39.504    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\83e2f6909980da7347e7806d8c26670e\System.Core.ni.dll **HIDDEN**
18:43:39.566    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\accc3a5269658c8c47fe3e402ac4ac1c\System.Data.ni.dll **HIDDEN**
18:43:39.597    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\56ccdabce54219b23bc4b6477d98b45c\System.Data.DataSetExtensions.ni.dll **HIDDEN**
18:43:39.613    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\84467aa24019da88d4aece177e51a223\System.Data.Entity.ni.dll **HIDDEN**
18:43:39.675    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\8f1dcb9771b151969c5afdae76376d5c\System.Data.Entity.Design.ni.dll **HIDDEN**
18:43:39.769    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\b357f35e860204c5b74e1388f97db058\System.Data.Linq.ni.dll **HIDDEN**
18:43:39.862    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\89eae0aa2c0c6d4678ccffdc84fcc410\System.Data.OracleClient.ni.dll **HIDDEN**
18:43:39.894    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\1e96bc85441d7719ea6f7e63c4c3e287\System.Data.Services.Design.ni.dll **HIDDEN**
18:43:39.956    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\5d81c3e6fa9f3f78cd8d06d8cf2caff0\System.Data.Services.Client.ni.dll **HIDDEN**
18:43:40.034    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\0765c6422b48cd504d2fba3765c78c79\System.Data.Services.ni.dll **HIDDEN**
18:43:40.112    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\7111bf18edb7bf9d986782131f797acb\System.Data.SqlXml.ni.dll **HIDDEN**
18:43:40.206    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\413d36d1d35aabadf1c9d6f0a56cfab8\System.Deployment.ni.dll **HIDDEN**
18:43:40.221    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Design\d42a48a3e73b472a80d0d44038af89b0\System.Design.ni.dll **HIDDEN**
18:43:40.299    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\6ed2b26c49820b85b9f78ac7abceefa9\System.DirectoryServices.AccountManagement.ni.dll **HIDDEN**
18:43:40.362    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\System.DirectoryServices.ni.dll **HIDDEN**
18:43:40.424    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\e883ac4543d94e67abd1c33191633865\System.DirectoryServices.Protocols.ni.dll **HIDDEN**
18:43:40.486    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\5910828a337dbe848dc90c7ae0a7dee2\System.Drawing.ni.dll **HIDDEN**
18:43:40.518    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\aa8854bd55fca246dd3226a671092bfa\System.Drawing.Design.ni.dll **HIDDEN**
18:43:40.549    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\a6155c70b3df6c860303ffee7b560ade\System.EnterpriseServices.ni.dll **HIDDEN**
18:43:40.580    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\a6155c70b3df6c860303ffee7b560ade\System.EnterpriseServices.Wrapper.dll **HIDDEN**
18:43:40.611    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\559a3dee015d005c199f3867b10f5bbc\System.IdentityModel.Selectors.ni.dll **HIDDEN**
18:43:40.674    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\9b1d7533105a793af14b7b51cd5443af\System.IdentityModel.ni.dll **HIDDEN**
18:43:40.720    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\85b543fd18ce71c8bc95c49abf8ceb66\System.IO.Log.ni.dll **HIDDEN**
18:43:40.752    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\c44929bde355680c886f8a52f5e22b81\System.Management.ni.dll **HIDDEN**
18:43:40.767    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\009a09f5b2322bb8c5520dc5ddbb28bb\System.Management.Automation.ni.dll **HIDDEN**
18:43:40.814    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\8b62ac3a8cfd55c530052c79253d25c8\System.Management.Instrumentation.ni.dll **HIDDEN**
18:43:40.861    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\ee9a323861b378713f17421b0d98adb5\System.Messaging.ni.dll **HIDDEN**
18:43:40.908    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Net\d567624f1206028ff852c689416d6b58\System.Net.ni.dll **HIDDEN**
18:43:40.954    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Printing\8a2376658a24628765d359a0fafb3339\System.Printing.ni.dll **HIDDEN**
18:43:40.986    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\0fde44651bdf14a3988b955dd94aa318\System.Runtime.Remoting.ni.dll **HIDDEN**
18:43:41.126    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\52bdf474b237d949c5b2b407ebec8f1e\System.Runtime.Serialization.ni.dll **HIDDEN**
18:43:41.188    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\8ad0e1382ab6565741bbb64b965f2748\System.Runtime.Serialization.Formatters.Soap.ni.dll **HIDDEN**
18:43:41.251    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Security\821d4406efa3556465e6244fae26b536\System.Security.ni.dll **HIDDEN**
18:43:41.266    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\ac74a0642981011a441823a762bfb3d8\System.ServiceModel.ni.dll **HIDDEN**
18:43:41.360    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\bde9665f643d6e82b36b401d38f07fc8\System.ServiceModel.Web.ni.dll **HIDDEN**
18:43:41.407    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\df4cc33bfe326b259eeef086451a2528\System.ServiceProcess.ni.dll **HIDDEN**
18:43:41.516    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Speech\0dc049d2993f3d0e2651581533093e17\System.Speech.ni.dll **HIDDEN**
18:43:41.547    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\051655963f24f9ade08486084c570086\System.Transactions.ni.dll **HIDDEN**
18:43:41.594    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web\ea5a0e7af3956d40caeffaab3bb8b753\System.Web.ni.dll **HIDDEN**
18:43:41.656    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\e66285eb011e4864314f3e4e4d6d8e40\System.Web.Abstractions.ni.dll **HIDDEN**
18:43:41.672    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\98acb62493655ab4e5cad815e8df664d\System.Web.DynamicData.Design.ni.dll **HIDDEN**
18:43:41.719    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\bef47cfaf8928e35b99d8deb0eeb6b08\System.Web.DynamicData.ni.dll **HIDDEN**
18:43:41.750    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\d3aaf07a1d6356d9edf7c3c9f4b7dd0d\System.Web.Entity.ni.dll **HIDDEN**
18:43:41.781    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\86fd874752b7cca432941e9f482c3590\System.Web.Entity.Design.ni.dll **HIDDEN**
18:43:41.828    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\47da05ff5ddd7d25ab9df88e6d79bb39\System.Web.Extensions.Design.ni.dll **HIDDEN**
18:43:41.890    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\e2d043bbce0d8d303dadd068037c3ffb\System.Web.Extensions.ni.dll **HIDDEN**
18:43:41.984    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\5ea81699d36a1938a0ff618380506f11\System.Web.Mobile.ni.dll **HIDDEN**
18:43:42.031    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\fc4fb8a45f4e2115c1290af5ffe5ace0\System.Web.RegularExpressions.ni.dll **HIDDEN**
18:43:42.062    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\b9977dd97ed7006f1d7968495c594bc5\System.Web.Routing.ni.dll **HIDDEN**
18:43:42.124    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\2f157d250a738f7a6074e0f29b298998\System.Web.Services.ni.dll **HIDDEN**
18:43:42.156    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\6c352ff9e3603b0e69d969ff7e7632f5\System.Windows.Forms.ni.dll **HIDDEN**
18:43:42.187    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\93ee0d8b03d20f6b2d9875add13e23e8\System.Windows.Presentation.ni.dll **HIDDEN**
18:43:42.327    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\a53a2767e448aef90b345af1339d4c9a\System.Workflow.Activities.ni.dll **HIDDEN**
18:43:42.390    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\20e46d1d15a9eaee80b1d16dafef4017\System.Workflow.ComponentModel.ni.dll **HIDDEN**
18:43:42.468    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\462293b97f4b8f084192a7fbae47269f\System.Workflow.Runtime.ni.dll **HIDDEN**
18:43:42.530    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\7f1f91903e297c234f177743d94c318e\System.WorkflowServices.ni.dll **HIDDEN**
18:43:42.546    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\ee795155543768ea67eecddc686a1e9e\System.Xml.ni.dll **HIDDEN**
18:43:42.577    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\164d9beb2bf9b6160593f915a2d9aa6d\System.Xml.Linq.ni.dll **HIDDEN**
18:43:42.608    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\a3883e7fc1bd0fbc54761b26c2bc5483\TaskScheduler.ni.dll **HIDDEN**
18:43:42.655    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\60fa801c6b0c236ddeb6e93364ec5705\UIAutomationClient.ni.dll **HIDDEN**
18:43:42.717    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\1820fd86357ea33153927f127e6c5d3f\UIAutomationClientsideProviders.ni.dll **HIDDEN**
18:43:42.748    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\0445defa66af3e3548dd3052e8752079\UIAutomationProvider.ni.dll **HIDDEN**
18:43:42.780    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\69e6acc80dfb71c3ebeac12584ea008c\UIAutomationTypes.ni.dll **HIDDEN**
18:43:42.780    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\40864f42b00635e6fa6ce8da88d9ab83\WindowsBase.ni.dll **HIDDEN**
18:43:42.826    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\0cb1830849e0ce11c8985339523d5b63\WindowsFormsIntegration.ni.dll **HIDDEN**
18:43:42.858    File: C:\Windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\36ca2928b2191011831ab673861c6ac6\WsatConfig.ni.exe **HIDDEN**
18:43:42.889    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\01254caa0efc15b5cd48fb3178018701\Accessibility.ni.dll **HIDDEN**
18:43:42.936    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\d2574c8ae333ff959be2e0d83121ad10\CustomMarshalers.ni.dll **HIDDEN**
18:43:42.951    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\dfsvc\b9b6069e6da06eb57e89cc544397f735\dfsvc.ni.exe **HIDDEN**
18:43:43.045    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\05503f37aef5261d80ccca19f8078679\Microsoft.CSharp.ni.dll **HIDDEN**
18:43:43.107    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\08b2c2639708ab20748653185d6b67be\Microsoft.JScript.ni.dll **HIDDEN**
18:43:43.154    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\5f595338c63c2fdb5a171760c29d5bcf\Microsoft.Transactions.Bridge.Dtc.ni.dll **HIDDEN**
18:43:43.201    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\9952f66fc592ffc21b024803c8c955fd\Microsoft.Transactions.Bridge.ni.dll **HIDDEN**
18:43:43.248    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\2eef2f34c0295f1fe5d6d4441f9e790b\Microsoft.VisualBasic.Activities.Compiler.ni.dll **HIDDEN**
18:43:43.294    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\a7b5a07abe981fc8d777ff40a0e45102\Microsoft.VisualBasic.Compatibility.ni.dll **HIDDEN**
18:43:43.357    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e8ab3b63bade82c3522613f2b1240c0d\Microsoft.VisualBasic.ni.dll **HIDDEN**
18:43:43.388    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\edcde6e8ccca7996c2e1ad40bd0f2758\Microsoft.VisualBasic.Compatibility.Data.ni.dll **HIDDEN**
18:43:43.404    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\552a460a8bcf608aecc6418db0d40216\Microsoft.VisualC.ni.dll **HIDDEN**
18:43:43.435    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll **HIDDEN**
18:43:43.435    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll **HIDDEN**
18:43:43.497    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\016f9a150fce0e0a4c93532d8fa4c749\PresentationFramework.Luna.ni.dll **HIDDEN**
18:43:43.528    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\040571d65dc822e5df020d5e084f4b45\PresentationFramework.Royale.ni.dll **HIDDEN**
18:43:43.560    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3555f5f74c56fa92c0ab7a635af91bfa\PresentationFramework.Aero.ni.dll **HIDDEN**
18:43:43.575    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll **HIDDEN**
18:43:43.606    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f5e029e2215c95ab38a1eefef7b32ac9\PresentationFramework.Classic.ni.dll **HIDDEN**
18:43:43.669    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\15578874ee1464dc6a3545d4be842e59\PresentationUI.ni.dll **HIDDEN**
18:43:43.762    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\42f0e1a4e3081c50503d74ebc0540a60\ReachFramework.ni.dll **HIDDEN**
18:43:43.794    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4d2a51c03b27e615ff9f1c430f2014ba\SMDiagnostics.ni.dll **HIDDEN**
18:43:43.825    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\38f0d77629891e7808424103aaef0728\SMSvcHost.ni.exe **HIDDEN**
18:43:43.825    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll **HIDDEN**
18:43:43.918    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Activities\931ad0783c03deb967760d5c2387274a\System.Activities.ni.dll **HIDDEN**
18:43:44.028    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\607df7a11c3334146664bc74130bc38f\System.Activities.Core.Presentation.ni.dll **HIDDEN**
18:43:44.059    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\8594d07d18330843968d649ed6ef6166\System.Activities.DurableInstancing.ni.dll **HIDDEN**
18:43:44.215    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\a57e34a36f38a007aa24f1bd07a167ab\System.Activities.Presentation.ni.dll **HIDDEN**
18:43:44.355    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\767e70aec1ffb52f95c2b07c08fa0781\System.AddIn.ni.dll **HIDDEN**
18:43:44.433    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\5c87f21925d5a61059ee68cef72841f4\System.AddIn.Contract.ni.dll **HIDDEN**
18:43:44.464    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\4a518b841f06ee4f07320159cf918a2c\System.ComponentModel.Composition.ni.dll **HIDDEN**
18:43:44.496    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\7d8e51e92fede804332703770695afdb\System.ComponentModel.DataAnnotations.ni.dll **HIDDEN**
18:43:44.527    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\aea1d325200e1a7b1ee7ec86fba33db4\System.Configuration.Install.ni.dll **HIDDEN**
18:43:44.558    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll **HIDDEN**
18:43:44.574    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll **HIDDEN**
18:43:44.589    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\92cccedc7cda413ff6fc6492cb256b58\System.Data.ni.dll **HIDDEN**
18:43:44.605    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\caecc65b5c0ede0fe0d55b9f48ada80f\System.Data.DataSetExtensions.ni.dll **HIDDEN**
18:43:44.620    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\642a7b3d47828fb0070a55cfeb58f42b\System.Data.Entity.ni.dll **HIDDEN**
18:43:44.683    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\87a713cee613d08ee04ae9483a9d4716\System.Data.Linq.ni.dll **HIDDEN**
18:43:44.730    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\685c7df1332a74aaa899f2bdb3beabc3\System.Data.Services.Client.ni.dll **HIDDEN**
18:43:44.808    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\1fdd0961d8d07ef4d1fcaf30f0050c0a\System.Data.SqlXml.ni.dll **HIDDEN**
18:43:44.854    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\90fd7fc9fbf5f4eed9135996b515a38a\System.Deployment.ni.dll **HIDDEN**
18:43:44.870    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Design\95a46d4775428acf5dd84f12aaa9f06f\System.Design.ni.dll **HIDDEN**
18:43:44.901    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Device\36342e6024e2844502d0bdaa9d30971a\System.Device.ni.dll **HIDDEN**
18:43:44.964    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\46a7f51ef1a9d917598b96f7a758a459\System.DirectoryServices.AccountManagement.ni.dll **HIDDEN**
18:43:44.995    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\5166bf93ac5239837c9c92b58d183ea6\System.DirectoryServices.ni.dll **HIDDEN**
18:43:45.026    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\7f4419b6f829a2485d83b3c3e7b26a97\System.DirectoryServices.Protocols.ni.dll **HIDDEN**
18:43:45.104    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll **HIDDEN**
18:43:45.135    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\8f9993d3eb4cd33d1452155f79b23d65\System.Drawing.Design.ni.dll **HIDDEN**
18:43:45.166    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\1331ee3a7146218388537aa7e41303af\System.Dynamic.ni.dll **HIDDEN**
18:43:45.198    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\8b6e9d6171aad3561263ce2cd05c57df\System.EnterpriseServices.ni.dll **HIDDEN**
18:43:45.229    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\8b6e9d6171aad3561263ce2cd05c57df\System.EnterpriseServices.Wrapper.dll **HIDDEN**
18:43:45.244    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\386f41f744eedacd1517c8a15750a48b\System.IdentityModel.Selectors.ni.dll **HIDDEN**
18:43:45.307    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\9eac876f58a3ebca8878b8654efdc817\System.IdentityModel.ni.dll **HIDDEN**
18:43:45.322    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\150da10324f2811a48da58d3496bbe10\System.IO.Log.ni.dll **HIDDEN**
18:43:45.369    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\6a6f4be744ed5bc5273cbcf0fcf303e3\System.Management.ni.dll **HIDDEN**
18:43:45.400    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\8b5fe7aff54a7aed07287257a9b8e420\System.Management.Instrumentation.ni.dll **HIDDEN**
18:43:45.432    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\3ab3e80af8e5e95a5a62092cc9293c91\System.Messaging.ni.dll **HIDDEN**
18:43:45.478    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net\dd5c866d2462dd913ed0a0287396aa50\System.Net.ni.dll **HIDDEN**
18:43:45.494    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\b07f0d26a34ad53fc369248f289d1126\System.Numerics.ni.dll **HIDDEN**
18:43:45.556    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Printing\eb9369fc9393d29afe51e45cb49aa4be\System.Printing.ni.dll **HIDDEN**
18:43:45.588    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f3989d3e9cb8904e4edf23ede5adb6c1\System.Runtime.DurableInstancing.ni.dll **HIDDEN**
18:43:45.619    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e30ded9b9c19a264a974b1cc40d7d2cc\System.Runtime.Remoting.ni.dll **HIDDEN**
18:43:45.650    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d0ff3383438d688a0118d0fa19ed1dc4\System.Runtime.Serialization.Formatters.Soap.ni.dll **HIDDEN**
18:43:45.728    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\e9f8a45b1063d6c6a62718c88a5623d1\System.Runtime.Serialization.ni.dll **HIDDEN**
18:43:45.775    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\09a97525ae5583cc2685e2c39a3078bd\System.Security.ni.dll **HIDDEN**
18:43:45.790    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\250b525aa8c17327216e102569c0d766\System.ServiceModel.ni.dll **HIDDEN**
18:43:45.868    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\52481fccddb053768631c640d5059d4b\System.ServiceModel.Activities.ni.dll **HIDDEN**
18:43:45.931    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\76a5d670ce969c0c65a905b7303d4bbf\System.ServiceModel.Routing.ni.dll **HIDDEN**
18:43:45.962    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c3831eb95ccf3904bab81a97a9b08ed3\System.ServiceModel.Channels.ni.dll **HIDDEN**
18:43:45.993    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\dbf07cb14b4dcc210cdf8b5d90a12a56\System.ServiceModel.Discovery.ni.dll **HIDDEN**
18:43:46.024    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\6e7f1bdc845816dfc797f8002b76b5e8\System.ServiceProcess.ni.dll **HIDDEN**
18:43:46.087    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Speech\61a931da70f8078539a51cef3888d02d\System.Speech.ni.dll **HIDDEN**
18:43:46.149    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dd9dbf82e44454689976a49a9e4ddb6d\System.Transactions.ni.dll **HIDDEN**
18:43:46.196    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\02068ef9dafba3308b13444b8f4e5940\System.Web.ApplicationServices.ni.dll **HIDDEN**
18:43:46.243    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\87e09dfbe3a44d6b00d3a5895f5a21a6\System.Web.Services.ni.dll **HIDDEN**
18:43:46.274    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\9cf13572472dc2efe8f3b7c2ab6198d3\System.Windows.Forms.DataVisualization.ni.dll **HIDDEN**
18:43:46.290    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll **HIDDEN**
18:43:46.321    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\18419dd13ced512c5f8dc15a79a601eb\System.Windows.Input.Manipulations.ni.dll **HIDDEN**
18:43:46.352    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\9bbefd2263d8f2169ab3695798208293\System.Windows.Presentation.ni.dll **HIDDEN**
18:43:46.414    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll **HIDDEN**
18:43:46.414    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll **HIDDEN**
18:43:46.461    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8eca92a64c232f34b5b559625b022369\System.Xml.Linq.ni.dll **HIDDEN**
18:43:46.508    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\ece129234f9ba9ad856d0e77e4849137\UIAutomationClient.ni.dll **HIDDEN**
18:43:46.555    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\5904383f7c86f1374a14198872dfa7d8\UIAutomationClientsideProviders.ni.dll **HIDDEN**
18:43:46.586    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\0eb3c18ec758534395684f3ca286a201\UIAutomationProvider.ni.dll **HIDDEN**
18:43:46.602    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\5786f917a7b62d63ca8dd5b47aaf9610\UIAutomationTypes.ni.dll **HIDDEN**
18:43:46.695    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll **HIDDEN**
18:43:46.789    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\cc063533b04f9420d1aa571a36d1fabd\WindowsFormsIntegration.ni.dll **HIDDEN**
18:43:46.836    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\Accessibility\dea86a81aacc28e408507e311da6d2fa\Accessibility.ni.dll **HIDDEN**
18:43:46.867    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\484c3c0ed451c906dec30445553d8fc1\CustomMarshalers.ni.dll **HIDDEN**
18:43:46.882    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\dfsvc\a354197a45ffa73be93177ed5b0ce377\dfsvc.ni.exe **HIDDEN**
18:43:46.945    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\4e7049d81f575a6e0652f7af80040a17\Microsoft.CSharp.ni.dll **HIDDEN**
18:43:47.023    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\0ec582085325e7acf33b004c484be1de\Microsoft.JScript.ni.dll **HIDDEN**
18:43:47.070    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\0fb7cbd4c3fcf73f8860bd91497e8f66\Microsoft.Transactions.Bridge.ni.dll **HIDDEN**
18:43:47.085    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\a4381928c37d4cf483070269f48326d2\Microsoft.Transactions.Bridge.Dtc.ni.dll **HIDDEN**
18:43:47.132    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\227517fd5a11539b8ed1fbe6a8c10f79\Microsoft.VisualBasic.Compatibility.Data.ni.dll **HIDDEN**
18:43:47.210    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\af08f116e2c31d2c65bd492804fb2fef\Microsoft.VisualBasic.ni.dll **HIDDEN**
18:43:47.241    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\b37e1ae66271b1dd2b7879febc9eac93\Microsoft.VisualBasic.Activities.Compiler.ni.dll **HIDDEN**
18:43:47.335    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\f989c78736b186c8cc9ff2d1ca06217e\Microsoft.VisualBasic.Compatibility.ni.dll **HIDDEN**
18:43:47.366    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\35566e921b6dc6f070408594e730faaa\Microsoft.VisualC.ni.dll **HIDDEN**
18:43:47.366    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\bc19222db4406c472d9aa1f8b6e0f470\mscorlib.ni.dll **HIDDEN**
18:43:47.382    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\f3bf2b87e57d986369366c34f520a41b\PresentationCore.ni.dll **HIDDEN**
18:43:47.428    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\27fcc0e27b29a6518808712035f60f71\PresentationFramework.Aero.ni.dll **HIDDEN**
18:43:47.444    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\33e1103724b1b63ae539a292b56355fe\PresentationFramework.ni.dll **HIDDEN**
18:43:47.491    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\8b726992b3b59fd5fb396feaa5697ee0\PresentationFramework.Luna.ni.dll **HIDDEN**
18:43:47.506    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\a63e7b9a489aaa79e0708cd669469c72\PresentationFramework.Royale.ni.dll **HIDDEN**
18:43:47.538    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\d63d1aeda73031944cb04496577630e3\PresentationFramework.Classic.ni.dll **HIDDEN**
18:43:47.616    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\b3fcf4290c9ba947d8dcb293442eacb1\PresentationUI.ni.dll **HIDDEN**
18:43:47.694    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\c8777929815906c78c1cd0fd6003eb9c\ReachFramework.ni.dll **HIDDEN**
18:43:47.803    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\ac74a156499a8303d5788ab299881d5d\SMDiagnostics.ni.dll **HIDDEN**
18:43:47.834    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\ef022a4092ef0a271b4dd7d12264dae8\SMSvcHost.ni.exe **HIDDEN**
18:43:47.834    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System\0f8f78b729ce16dd078f5d5f734a1110\System.ni.dll **HIDDEN**
18:43:47.850    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Activities\8a7112ce783f048fabd7c0ae1102f282\System.Activities.ni.dll **HIDDEN**
18:43:47.928    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\8ec6b52230006060fd8e0ae4ee5a6078\System.Activities.Core.Presentation.ni.dll **HIDDEN**
18:43:48.006    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\17de1d19c3443b70236762a493b51aa4\System.Activities.DurableInstancing.ni.dll **HIDDEN**
18:43:48.037    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\d6f957aff5d1d2adbae373ba2c895fc7\System.Activities.Presentation.ni.dll **HIDDEN**
18:43:48.099    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\fb44540b59b268b7a681165b000da009\System.AddIn.ni.dll **HIDDEN**
18:43:48.130    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\47d59056ac291cf639edc1499ad22e84\System.AddIn.Contract.ni.dll **HIDDEN**
18:43:48.193    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\041944016e311af997be348fdf7bf101\System.ComponentModel.Composition.ni.dll **HIDDEN**
18:43:48.224    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\209765cffc4869810e3dac2a63356adb\System.ComponentModel.DataAnnotations.ni.dll **HIDDEN**
18:43:48.240    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\c080a9ed31f78466f2400bba623af2f8\System.Configuration.Install.ni.dll **HIDDEN**
18:43:48.286    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\11581b5eba4b3ff58441c638ab66c742\System.Configuration.ni.dll **HIDDEN**
18:43:48.302    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\7a93c267da35a5f16b6fa5a10482eb4e\System.Core.ni.dll **HIDDEN**
18:43:48.302    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data\5a47dfd0b200a502a4d5d27ee99bcc3c\System.Data.ni.dll **HIDDEN**
18:43:48.333    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\e21ef3f0466f3b32573b2054a8ec2756\System.Data.DataSetExtensions.ni.dll **HIDDEN**
18:43:48.349    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\c41b30de7215a62c8ca5bfe6e04ea763\System.Data.Entity.ni.dll **HIDDEN**
18:43:48.427    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\8b5e92d8d715887140ae692251667d2a\System.Data.Linq.ni.dll **HIDDEN**
18:43:48.536    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\5ac492f703d6d741140f7cd45ef3c746\System.Data.Services.Client.ni.dll **HIDDEN**
18:43:48.630    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\eda698e4f33bbc7f6824512b1af768b4\System.Data.SqlXml.ni.dll **HIDDEN**
18:43:48.692    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\b02f2fc896c45ef188c8fcc62bb78622\System.Deployment.ni.dll **HIDDEN**
18:43:48.723    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Device\355f9ad8b3a2820986085f8194e46afd\System.Device.ni.dll **HIDDEN**
18:43:48.801    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\1e6d600cb8881ea39ba9321e27665bcd\System.DirectoryServices.ni.dll **HIDDEN**
18:43:48.832    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\4e646b87f86fb1349f132c16106281ee\System.DirectoryServices.AccountManagement.ni.dll **HIDDEN**
18:43:48.864    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\c2e9871975b94235b9e6ab192ecd1bf7\System.DirectoryServices.Protocols.ni.dll **HIDDEN**
18:43:48.942    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\1266d26c7b7843d308e2705cb8239d55\System.Drawing.ni.dll **HIDDEN**
18:43:48.973    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\898b578693d64daac6e604c9cc44fcea\System.Dynamic.ni.dll **HIDDEN**
18:43:49.004    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\48264d6ad04173a3a82cc06b70c5cd28\System.EnterpriseServices.ni.dll **HIDDEN**
18:43:49.035    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\48264d6ad04173a3a82cc06b70c5cd28\System.EnterpriseServices.Wrapper.dll **HIDDEN**
18:43:49.066    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\2db9efed85653059a279145d180bc535\System.IdentityModel.Selectors.ni.dll **HIDDEN**
18:43:49.144    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\33ac21194152cf9a89b82d9cd38b398d\System.IdentityModel.ni.dll **HIDDEN**
18:43:49.191    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\858fcb90269ce9231b39c3c8fd773d18\System.IO.Log.ni.dll **HIDDEN**
18:43:49.238    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\da51604aa808b94c181181b37c727078\System.Management.ni.dll **HIDDEN**
18:43:49.269    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\0ed484f6ac7e052feab93c030580fe83\System.Management.Instrumentation.ni.dll **HIDDEN**
18:43:49.332    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\e00e9887726be6523c6766d97563a5ce\System.Messaging.ni.dll **HIDDEN**
18:43:49.378    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Net\e12639aa1d12f14e08d88dabb7d7aec2\System.Net.ni.dll **HIDDEN**
18:43:49.394    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\215d813343ba0950ad6e148e2098018b\System.Numerics.ni.dll **HIDDEN**
18:43:49.441    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Printing\0b4141cd5f9a1f9b5db2ed0d53c2aafa\System.Printing.ni.dll **HIDDEN**
18:43:49.488    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\2f02efd9ddb7417ffd5c06cfe6e865ca\System.Runtime.DurableInstancing.ni.dll **HIDDEN**
18:43:49.534    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\bfcee391af3b055588839ed4dcd0a93c\System.Runtime.Remoting.ni.dll **HIDDEN**
18:43:49.612    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\08fba6b56d838ad48b4451c82e5728d4\System.Runtime.Serialization.ni.dll **HIDDEN**
18:43:49.644    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\b468f9d8655e91b7a6aa11473eca4a97\System.Runtime.Serialization.Formatters.Soap.ni.dll **HIDDEN**
18:43:49.690    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\1a32460874cc4452c740b86ff22ecdf1\System.Security.ni.dll **HIDDEN**
18:43:49.722    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\d072039db89cac96d9e0b1ae9b3a94f4\System.ServiceModel.ni.dll **HIDDEN**
18:43:49.800    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\3d4a4c37891be698e4a6da84c70f9f74\System.ServiceModel.Discovery.ni.dll **HIDDEN**
18:43:49.831    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\50c0039fed2761ebedbf30436cb26d4e\System.ServiceModel.Channels.ni.dll **HIDDEN**
18:43:49.862    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\71433975df10aad7d60d14f2a2e59ade\System.ServiceModel.Routing.ni.dll **HIDDEN**
18:43:49.909    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\ab64e8f7c3bcb8d217c80c6b24a6e2d1\System.ServiceModel.Activities.ni.dll **HIDDEN**
18:43:49.956    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\7b167f31f23d4aed19dfa65ad3d29480\System.ServiceProcess.ni.dll **HIDDEN**
18:43:50.034    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Speech\56deb12b13d969b72e250df440b3cd5f\System.Speech.ni.dll **HIDDEN**
18:43:50.065    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\122cea70c5d0d591f9af1f4316848fd1\System.Transactions.ni.dll **HIDDEN**
18:43:50.096    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\cb9aa37454ca42d505366aa421872b49\System.Web.ApplicationServices.ni.dll **HIDDEN**
18:43:50.190    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\f417705d2257cd04cb9d11483ed38be8\System.Web.Services.ni.dll **HIDDEN**
18:43:50.205    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\c4b205eb68df08b6c0e3e2645f6653c5\System.Windows.Forms.DataVisualization.ni.dll **HIDDEN**
18:43:50.205    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\f0acb5c0e7dc2c42c6c61f3aa1278338\System.Windows.Forms.ni.dll **HIDDEN**
18:43:50.252    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\63310265c78b84ed848564e7b48fbdb4\System.Windows.Input.Manipulations.ni.dll **HIDDEN**
18:43:50.268    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\ae6799bd4dc4d1a2a65cdcc8a82cea40\System.Windows.Presentation.ni.dll **HIDDEN**
18:43:50.330    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\535e182d16212c61bc8b22e0309d3362\System.Xaml.ni.dll **HIDDEN**
18:43:50.346    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\5d9f385419332f14eaf937556199856f\System.Xml.ni.dll **HIDDEN**
18:43:50.392    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\9d14b7bc969452800c0456286309d41d\System.Xml.Linq.ni.dll **HIDDEN**
18:43:50.439    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\3b9f689c1ba2a1875d5001ade2cc54e2\UIAutomationClient.ni.dll **HIDDEN**
18:43:50.486    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\9438a191056a09eab733771508954503\UIAutomationClientsideProviders.ni.dll **HIDDEN**
18:43:50.517    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\17f02848e133014dab9270423d9dc916\UIAutomationProvider.ni.dll **HIDDEN**
18:43:50.548    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\61f2a7b20694daeb02f7de4931261fa4\UIAutomationTypes.ni.dll **HIDDEN**
18:43:50.548    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\38d48114cb19778e4bfdc338eb8adde2\WindowsBase.ni.dll **HIDDEN**
18:43:50.595    File: C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\1c94b0dc0867d4028750c5efc3cb5edf\WindowsFormsIntegration.ni.dll **HIDDEN**
18:43:51.032    AVAST engine scan C:\Windows\system32\drivers
18:44:01.734    File: C:\Windows\system32\drivers\cfwids.sys **HIDDEN**
18:44:01.796    File: C:\Windows\system32\drivers\mfeapfk.sys **HIDDEN**
18:44:01.905    File: C:\Windows\system32\drivers\mfeavfk.sys **HIDDEN**
18:44:01.952    File: C:\Windows\system32\drivers\mfeclnk.sys **HIDDEN**
18:44:02.046    File: C:\Windows\system32\drivers\mfefirek.sys **HIDDEN**
18:44:02.108    File: C:\Windows\system32\drivers\mfehidk.sys **HIDDEN**
18:44:02.155    File: C:\Windows\system32\drivers\mfenlfk.sys **HIDDEN**
18:44:02.186    File: C:\Windows\system32\drivers\mferkdet.sys **HIDDEN**
18:44:02.248    File: C:\Windows\system32\drivers\mfewfpk.sys **HIDDEN**
18:44:02.716    AVAST engine scan C:\Users\Laptop
18:44:14.276    AVAST engine scan C:\ProgramData
18:44:56.786    File: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasbase.vdm **HIDDEN**
18:44:56.833    File: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasdlta.vdm **HIDDEN**
18:44:56.849    File: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpengine.dll **HIDDEN**
18:44:56.911    File: C:\ProgramData\NVIDIA\Updatus\WLMerger.exe **HIDDEN**
18:44:56.927    Disk 0 statistics 3196065/0/0 @ 15,09 MB/s
18:44:56.927    Scan finished successfully
18:47:17.530    Disk 0 MBR has been saved successfully to "C:\Users\Laptop\Desktop\MBR.dat"
18:47:17.530    The log file has been saved successfully to "C:\Users\Laptop\Desktop\aswMBR.txt"
 
 
 
 

 

Attached Files

  • Attached File  MBR.zip   586bytes   0 downloads


#14 Deriath

Deriath
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 PM

Posted 15 May 2016 - 03:03 AM

Something new ?

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:43 AM

Posted 15 May 2016 - 08:22 AM

I'm sorry I lost your subscription.


Looking closely at your TDSS log I found 15 files that were forged.

The files are required by the programs listed in bold.

( Forged ): C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
( Forged ): C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
( Forged ): C:\Program Files (x86)\Google\Update\GoogleUpdate.exe.
( Forged ): C:\Windows\system32\DRIVERS\nvlddmkm.sys > nVidia Display Driver

I suggest you remove all of the Adobe programs, Microsoft.net version 4, Google.
Reinstall your nVidea video drivers.

===

You should remove the programs via the Control Panel > Programs > Programs and Features applet.

Test your system and then reinstall the applications.

The other issue is to reinstall the operating system, it's you call.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users