Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Advanced Rootkit or backdoor trojan


  • This topic is locked This topic is locked
17 replies to this topic

#1 Irontigers

Irontigers

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 04 April 2017 - 05:34 PM

Hello, I have been dealing with some type of hidden rootkit/trojan that is just gathering information about everything i do( id have to explain more about my life circumstances for context). Everytime i run netstat it shows tons of connections even though i could of just restarted computer and be at desktop idle, and wireshark shows tons of network traffic from diff ips. i thought i got rid of this when i swapped my motherboard HDD and gpu out, but it took maybe 5-8weeks for these people to reinfect my computer even though i have no wifi, (connection goes modem-router-comp, with the wifi disabled)  I have tried so many scans and all come up with nothing or details that i quite cant understand( like gmer-unhooked etc) because i am not super coding/ in depth savy, however i know a decent amount about this stuff.. Any help to get rid of this or to help me understand what exactly this virus is/ why  these people would keep targeting me specifically would be greatly appreciated, thank you guys for your dedication, any other logs you need i will provide asap.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by J (administrator) on SPACESTATION (04-04-2017 18:23:25)
Running from C:\Users\J\Desktop
Loaded Profiles: J (Available Profiles: J)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\avp.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2017-02-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-3160587023-629741420-595008442-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-22] (Valve Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.235
Tcpip\..\Interfaces\{3fa1d0f1-12e5-4114-9674-27543501d1db}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3fa1d0f1-12e5-4114-9674-27543501d1db}: [DhcpNameServer] 192.168.1.235

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3160587023-629741420-595008442-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\x64\IEExt\ie_plugin.dll [2016-12-27] (AO Kaspersky Lab)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-07] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-07] (Oracle Corporation)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\IEExt\ie_plugin.dll [2016-12-27] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\x64\IEExt\ie_plugin.dll [2016-12-27] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\IEExt\ie_plugin.dll [2016-12-27] (AO Kaspersky Lab)

FireFox:
========
FF DefaultProfile: jrm2y3qf.default
FF ProfilePath: C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\jrm2y3qf.default [2017-04-04]
FF Extension: (HTTPS Everywhere) - C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\jrm2y3qf.default\Extensions\https-everywhere@eff.org.xpi [2017-03-23]
FF Extension: (Adblock Plus) - C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\jrm2y3qf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-06]
FF Extension: (Site Deployment Checker) - C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\jrm2y3qf.default\features\{02e48cd6-633c-4982-90cd-bd37bbfa305d}\deployment-checker@mozilla.org.xpi [2017-04-03]
FF Extension: (Disable Prefetch) - C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\jrm2y3qf.default\features\{02e48cd6-633c-4982-90cd-bd37bbfa305d}\disable-prefetch@mozilla.org.xpi [2017-04-03]
FF Extension: (Site Deployment Checker) - C:\Program Files\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-28] [not signed]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\FFExt\light_plugin_firefox\addon.xpi [2016-12-27]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-04-01] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-07] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-04-01] ()

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
S4 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-03-16] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123240 2017-03-20] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184688 2017-03-20] (Electronic Arts)
S0 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [541696 2017-03-04] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-03-04] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-08] ()
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [559080 2017-02-06] (Intel Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-02-06] (REALiX™)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-08] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-06-01] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [196376 2017-03-14] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [509728 2017-03-14] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [182360 2017-02-19] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1017624 2017-03-14] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2016-12-27] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-06-01] (AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [218920 2017-02-06] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2017-03-14] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [245512 2017-02-06] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [104720 2017-02-06] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [164888 2017-02-06] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [136416 2017-03-14] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199392 2017-03-14] (AO Kaspersky Lab)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f37f8f12da8b10d7\nvlddmkm.sys [14574640 2017-03-17] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-20] (NVIDIA Corporation)
S3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-01-20] (NVIDIA Corporation)
R0 secnvme; C:\WINDOWS\System32\drivers\secnvme.sys [82136 2017-02-06] (Samsung Electronics Co., Ltd)
R0 secnvmeF; C:\WINDOWS\System32\drivers\secnvmeF.sys [30672 2017-02-06] (Samsung Electronics Co., Ltd)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 uwrdypog; C:\Users\J\AppData\Local\Temp\uwrdypog.sys [56584 2017-04-04] (GMER) [File not signed] <==== ATTENTION
U3 WMPNetworkSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-04 18:23 - 2017-04-04 18:23 - 00012622 _____ C:\Users\J\Desktop\FRST.txt
2017-04-04 18:23 - 2017-04-04 18:23 - 00000000 ____D C:\FRST
2017-04-04 18:22 - 2017-04-04 18:23 - 02424832 _____ (Farbar) C:\Users\J\Desktop\FRST64.exe
2017-04-01 13:19 - 2017-04-01 13:19 - 00000000 ____D C:\Users\J\Documents\Diablo III
2017-04-01 11:52 - 2017-04-03 15:55 - 00000000 ____D C:\Program Files (x86)\Diablo III
2017-03-29 11:32 - 2017-03-31 22:04 - 00005554 _____ C:\WINDOWS\system32\PerfStringBackup.TMP
2017-03-28 14:56 - 2017-03-28 14:56 - 00000956 _____ C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SimulationCraft.lnk
2017-03-28 14:56 - 2017-01-17 19:58 - 00000000 ____D C:\Users\J\Desktop\simc-715-01-win64
2017-03-24 21:23 - 2017-03-31 22:15 - 00003240 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-03-24 16:13 - 2017-03-24 16:13 - 00000000 ____D C:\Users\J\.QtWebEngineProcess
2017-03-24 04:50 - 2017-03-24 04:50 - 00000000 ____D C:\Users\J\AppData\Local\SkinSoft
2017-03-22 19:00 - 2017-03-22 19:56 - 00000000 ____D C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daring Development Inc
2017-03-22 19:00 - 2017-03-22 19:56 - 00000000 ____D C:\Users\J\AppData\Local\Infinity
2017-03-22 19:00 - 2017-03-22 19:41 - 00000000 ____D C:\Users\J\AppData\Roaming\Infinity
2017-03-22 19:00 - 2017-03-22 19:00 - 00000000 ____D C:\Users\J\AppData\Roaming\Daring Development
2017-03-22 19:00 - 2017-03-22 19:00 - 00000000 ____D C:\Users\J\AppData\Local\SquirrelTemp
2017-03-21 15:35 - 2017-03-21 15:35 - 00000611 _____ C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trainer.lnk
2017-03-21 15:35 - 2017-03-21 15:35 - 00000000 ____D C:\Users\J\Documents\BioWare
2017-03-21 15:35 - 2017-03-21 15:35 - 00000000 ____D C:\Users\J\ansel
2017-03-21 02:17 - 2017-03-21 02:17 - 00001164 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2017-03-21 02:17 - 2017-03-21 02:17 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2017-03-21 01:08 - 2017-03-21 01:08 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-03-21 01:08 - 2017-03-16 19:31 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-03-21 01:08 - 2017-01-25 20:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-03-21 01:08 - 2017-01-25 20:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-03-21 01:08 - 2017-01-25 20:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-03-21 01:08 - 2017-01-25 20:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-03-21 01:07 - 2017-03-16 21:01 - 40190400 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 34991672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 28254264 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 19006832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 14674896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 11122728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 11019888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 09306312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 08990256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 03597456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 03169848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 02716096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 01983424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437892.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437892.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 01052096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 00991288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 00959424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 00944224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 00910784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 00719672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 00687408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 00618232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 00605120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 00573632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 00500792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 00483384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 00447984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-03-21 01:07 - 2017-03-16 21:01 - 00047664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-03-21 01:00 - 2017-03-21 01:00 - 00001345 _____ C:\Users\Public\Desktop\Mass Effect Andromeda.lnk
2017-03-21 01:00 - 2017-03-21 01:00 - 00000000 ___HD C:\Program Files\Common Files\EAInstaller
2017-03-21 00:17 - 2017-04-01 10:31 - 00000000 ____D C:\Users\J\Desktop\Trainer
2017-03-20 23:59 - 2017-03-21 00:17 - 00000000 ____D C:\Program Files (x86)\Origin Games
2017-03-20 22:38 - 2017-03-29 17:32 - 00000000 ____D C:\Users\J\AppData\Roaming\Origin
2017-03-20 22:37 - 2017-03-20 22:37 - 00001022 _____ C:\Users\Public\Desktop\Origin.lnk
2017-03-20 22:37 - 2017-03-20 22:37 - 00000000 ____D C:\Program Files (x86)\Origin
2017-03-20 22:36 - 2017-03-20 23:59 - 00000000 ____D C:\Users\J\AppData\Local\Origin
2017-03-20 22:36 - 2017-03-20 22:36 - 00000000 ____D C:\Users\J\.Origin
2017-03-14 16:02 - 2017-03-14 16:02 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-14 16:00 - 2017-03-14 16:00 - 00000000 __RHD C:\Users\Public\Libraries
2017-03-14 14:20 - 2017-03-04 03:57 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-03-14 14:20 - 2017-03-04 03:57 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-03-14 14:20 - 2017-03-04 03:40 - 00965472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-03-14 14:20 - 2017-03-04 03:27 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-03-14 14:20 - 2017-03-04 03:26 - 00794416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-03-14 14:20 - 2017-03-04 03:24 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-03-14 14:20 - 2017-03-04 03:24 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2017-03-14 14:20 - 2017-03-04 03:24 - 00646688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-03-14 14:20 - 2017-03-04 03:24 - 00108384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-03-14 14:20 - 2017-03-04 03:24 - 00090976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2017-03-14 14:20 - 2017-03-04 03:23 - 02512304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2017-03-14 14:20 - 2017-03-04 03:22 - 07786336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-03-14 14:20 - 2017-03-04 03:22 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-03-14 14:20 - 2017-03-04 03:19 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-03-14 14:20 - 2017-03-04 03:18 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-03-14 14:20 - 2017-03-04 03:18 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2017-03-14 14:20 - 2017-03-04 03:18 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-03-14 14:20 - 2017-03-04 03:17 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2017-03-14 14:20 - 2017-03-04 03:15 - 01000280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-03-14 14:20 - 2017-03-04 03:15 - 00063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-03-14 14:20 - 2017-03-04 03:11 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-03-14 14:20 - 2017-03-04 03:10 - 02828384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-03-14 14:20 - 2017-03-04 03:10 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-03-14 14:20 - 2017-03-04 03:10 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-03-14 14:20 - 2017-03-04 03:09 - 07220696 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-03-14 14:20 - 2017-03-04 03:09 - 02750384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-03-14 14:20 - 2017-03-04 03:09 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-03-14 14:20 - 2017-03-04 03:09 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2017-03-14 14:20 - 2017-03-04 03:09 - 01860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-03-14 14:20 - 2017-03-04 03:09 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-03-14 14:20 - 2017-03-04 03:09 - 01157000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-03-14 14:20 - 2017-03-04 03:09 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-03-14 14:20 - 2017-03-04 03:09 - 00681312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-03-14 14:20 - 2017-03-04 03:09 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-03-14 14:20 - 2017-03-04 03:09 - 00635864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-03-14 14:20 - 2017-03-04 03:09 - 00527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2017-03-14 14:20 - 2017-03-04 03:09 - 00497416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-03-14 14:20 - 2017-03-04 03:09 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-03-14 14:20 - 2017-03-04 03:09 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2017-03-14 14:20 - 2017-03-04 03:08 - 00450400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-03-14 14:20 - 2017-03-04 03:08 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-03-14 14:20 - 2017-03-04 03:08 - 00130912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-03-14 14:20 - 2017-03-04 03:07 - 00557400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-03-14 14:20 - 2017-03-04 03:07 - 00432992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-03-14 14:20 - 2017-03-04 03:06 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-03-14 14:20 - 2017-03-04 03:04 - 08169536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-03-14 14:20 - 2017-03-04 03:04 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-03-14 14:20 - 2017-03-04 03:04 - 01063472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-03-14 14:20 - 2017-03-04 03:03 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-03-14 14:20 - 2017-03-04 03:03 - 04260576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-03-14 14:20 - 2017-03-04 03:03 - 01989072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-03-14 14:20 - 2017-03-04 03:03 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-03-14 14:20 - 2017-03-04 03:03 - 01723560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2017-03-14 14:20 - 2017-03-04 03:03 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-03-14 14:20 - 2017-03-04 03:03 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-03-14 14:20 - 2017-03-04 03:03 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-03-14 14:20 - 2017-03-04 03:03 - 01454512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-03-14 14:20 - 2017-03-04 03:03 - 01301112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-03-14 14:20 - 2017-03-04 03:03 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-03-14 14:20 - 2017-03-04 03:03 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-03-14 14:20 - 2017-03-04 03:03 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-03-14 14:20 - 2017-03-04 03:03 - 00755648 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2017-03-14 14:20 - 2017-03-04 03:03 - 00596040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2017-03-14 14:20 - 2017-03-04 03:03 - 00523712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll
2017-03-14 14:20 - 2017-03-04 03:03 - 00443232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-03-14 14:20 - 2017-03-04 03:03 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2017-03-14 14:20 - 2017-03-04 03:03 - 00382272 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2017-03-14 14:20 - 2017-03-04 03:03 - 00241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-03-14 14:20 - 2017-03-04 03:03 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-03-14 14:20 - 2017-03-04 03:02 - 00184416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2017-03-14 14:20 - 2017-03-04 03:01 - 00137936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2017-03-14 14:20 - 2017-03-04 02:57 - 02536288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-03-14 14:20 - 2017-03-04 02:56 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-03-14 14:20 - 2017-03-04 02:56 - 00248992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-03-14 14:20 - 2017-03-04 02:54 - 02277288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-03-14 14:20 - 2017-03-04 02:54 - 00524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-03-14 14:20 - 2017-03-04 02:53 - 05722320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-03-14 14:20 - 2017-03-04 02:53 - 02256080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-03-14 14:20 - 2017-03-04 02:53 - 01431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-03-14 14:20 - 2017-03-04 02:53 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-03-14 14:20 - 2017-03-04 02:53 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-03-14 14:20 - 2017-03-04 02:53 - 00781152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-03-14 14:20 - 2017-03-04 02:53 - 00493912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-03-14 14:20 - 2017-03-04 02:53 - 00313568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2017-03-14 14:20 - 2017-03-04 02:53 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-03-14 14:20 - 2017-03-04 02:52 - 00549088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-03-14 14:20 - 2017-03-04 02:52 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2017-03-14 14:20 - 2017-03-04 02:51 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-03-14 14:20 - 2017-03-04 02:51 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-03-14 14:20 - 2017-03-04 02:50 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-03-14 14:20 - 2017-03-04 02:47 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-03-14 14:20 - 2017-03-04 02:47 - 06667528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-03-14 14:20 - 2017-03-04 02:47 - 04023000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-03-14 14:20 - 2017-03-04 02:47 - 01853224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-03-14 14:20 - 2017-03-04 02:47 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-03-14 14:20 - 2017-03-04 02:47 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-03-14 14:20 - 2017-03-04 02:47 - 01344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-03-14 14:20 - 2017-03-04 02:47 - 01277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-03-14 14:20 - 2017-03-04 02:47 - 01202384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-03-14 14:20 - 2017-03-04 02:47 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-03-14 14:20 - 2017-03-04 02:47 - 00981376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-03-14 14:20 - 2017-03-04 02:47 - 00976184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-03-14 14:20 - 2017-03-04 02:47 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-03-14 14:20 - 2017-03-04 02:47 - 00640976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2017-03-14 14:20 - 2017-03-04 02:47 - 00530480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2017-03-14 14:20 - 2017-03-04 02:47 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2017-03-14 14:20 - 2017-03-04 02:47 - 00352760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-03-14 14:20 - 2017-03-04 02:47 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2017-03-14 14:20 - 2017-03-04 02:46 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-03-14 14:20 - 2017-03-04 02:46 - 00321792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2017-03-14 14:20 - 2017-03-04 02:45 - 00173408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-03-14 14:20 - 2017-03-04 02:45 - 00112120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2017-03-14 14:20 - 2017-03-04 02:42 - 01415240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-03-14 14:20 - 2017-03-04 02:42 - 01260784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-03-14 14:20 - 2017-03-04 02:42 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-03-14 14:20 - 2017-03-04 02:42 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2017-03-14 14:20 - 2017-03-04 02:40 - 00306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2017-03-14 14:20 - 2017-03-04 02:39 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-03-14 14:20 - 2017-03-04 02:37 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-03-14 14:20 - 2017-03-04 02:36 - 22565376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-03-14 14:20 - 2017-03-04 02:36 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-03-14 14:20 - 2017-03-04 02:36 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2017-03-14 14:20 - 2017-03-04 02:36 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-03-14 14:20 - 2017-03-04 02:36 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2017-03-14 14:20 - 2017-03-04 02:36 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-03-14 14:20 - 2017-03-04 02:35 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-03-14 14:20 - 2017-03-04 02:35 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-03-14 14:20 - 2017-03-04 02:34 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-03-14 14:20 - 2017-03-04 02:34 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-03-14 14:20 - 2017-03-04 02:34 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-03-14 14:20 - 2017-03-04 02:34 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-03-14 14:20 - 2017-03-04 02:34 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-03-14 14:20 - 2017-03-04 02:34 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2017-03-14 14:20 - 2017-03-04 02:33 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-03-14 14:20 - 2017-03-04 02:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.UI.GameBar.dll
2017-03-14 14:20 - 2017-03-04 02:33 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2017-03-14 14:20 - 2017-03-04 02:32 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2017-03-14 14:20 - 2017-03-04 02:32 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll
2017-03-14 14:20 - 2017-03-04 02:32 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCCSEngineShared.dll
2017-03-14 14:20 - 2017-03-04 02:32 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-03-14 14:20 - 2017-03-04 02:31 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2017-03-14 14:20 - 2017-03-04 02:31 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2017-03-14 14:20 - 2017-03-04 02:31 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2017-03-14 14:20 - 2017-03-04 02:31 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-03-14 14:20 - 2017-03-04 02:31 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2017-03-14 14:20 - 2017-03-04 02:30 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-03-14 14:20 - 2017-03-04 02:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-03-14 14:20 - 2017-03-04 02:30 - 00535552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-03-14 14:20 - 2017-03-04 02:30 - 00418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-03-14 14:20 - 2017-03-04 02:30 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2017-03-14 14:20 - 2017-03-04 02:30 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2017-03-14 14:20 - 2017-03-04 02:30 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2017-03-14 14:20 - 2017-03-04 02:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2017-03-14 14:20 - 2017-03-04 02:30 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-03-14 14:20 - 2017-03-04 02:30 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys
2017-03-14 14:20 - 2017-03-04 02:30 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-03-14 14:20 - 2017-03-04 02:30 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-03-14 14:20 - 2017-03-04 02:30 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-03-14 14:20 - 2017-03-04 02:29 - 01291264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-03-14 14:20 - 2017-03-04 02:29 - 00730112 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-03-14 14:20 - 2017-03-04 02:29 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2017-03-14 14:20 - 2017-03-04 02:29 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2017-03-14 14:20 - 2017-03-04 02:29 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapi32.dll
2017-03-14 14:20 - 2017-03-04 02:29 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2017-03-14 14:20 - 2017-03-04 02:29 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-03-14 14:20 - 2017-03-04 02:29 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2017-03-14 14:20 - 2017-03-04 02:29 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfp.dll
2017-03-14 14:20 - 2017-03-04 02:29 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2017-03-14 14:20 - 2017-03-04 02:29 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XInputUap.dll
2017-03-14 14:20 - 2017-03-04 02:29 - 00019968 _____ C:\WINDOWS\SysWOW64\GamePanelExternalHook.dll
2017-03-14 14:20 - 2017-03-04 02:28 - 01507840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll
2017-03-14 14:20 - 2017-03-04 02:28 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2017-03-14 14:20 - 2017-03-04 02:28 - 00741888 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2017-03-14 14:20 - 2017-03-04 02:28 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2017-03-14 14:20 - 2017-03-04 02:28 - 00568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2017-03-14 14:20 - 2017-03-04 02:28 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-03-14 14:20 - 2017-03-04 02:28 - 00462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-03-14 14:20 - 2017-03-04 02:28 - 00390144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2017-03-14 14:20 - 2017-03-04 02:28 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-03-14 14:20 - 2017-03-04 02:28 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2017-03-14 14:20 - 2017-03-04 02:27 - 06574592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2017-03-14 14:20 - 2017-03-04 02:27 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2017-03-14 14:20 - 2017-03-04 02:27 - 00719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-03-14 14:20 - 2017-03-04 02:27 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-03-14 14:20 - 2017-03-04 02:27 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-03-14 14:20 - 2017-03-04 02:27 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2017-03-14 14:20 - 2017-03-04 02:27 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-03-14 14:20 - 2017-03-04 02:27 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2017-03-14 14:20 - 2017-03-04 02:27 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-03-14 14:20 - 2017-03-04 02:27 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-03-14 14:20 - 2017-03-04 02:27 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-03-14 14:20 - 2017-03-04 02:27 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-03-14 14:20 - 2017-03-04 02:27 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-03-14 14:20 - 2017-03-04 02:27 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\accountaccessor.dll
2017-03-14 14:20 - 2017-03-04 02:27 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-03-14 14:20 - 2017-03-04 02:27 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2017-03-14 14:20 - 2017-03-04 02:27 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2017-03-14 14:20 - 2017-03-04 02:27 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll
2017-03-14 14:20 - 2017-03-04 02:27 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddrawex.dll
2017-03-14 14:20 - 2017-03-04 02:26 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-03-14 14:20 - 2017-03-04 02:26 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-03-14 14:20 - 2017-03-04 02:26 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2017-03-14 14:20 - 2017-03-04 02:26 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-03-14 14:20 - 2017-03-04 02:26 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-03-14 14:20 - 2017-03-04 02:26 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2017-03-14 14:20 - 2017-03-04 02:26 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2017-03-14 14:20 - 2017-03-04 02:26 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanui.dll
2017-03-14 14:20 - 2017-03-04 02:26 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DavSyncProvider.dll
2017-03-14 14:20 - 2017-03-04 02:26 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2017-03-14 14:20 - 2017-03-04 02:26 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2017-03-14 14:20 - 2017-03-04 02:26 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs3D.dll
2017-03-14 14:20 - 2017-03-04 02:26 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-03-14 14:20 - 2017-03-04 02:26 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-03-14 14:20 - 2017-03-04 02:26 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2017-03-14 14:20 - 2017-03-04 02:26 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-03-14 14:20 - 2017-03-04 02:26 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2017-03-14 14:20 - 2017-03-04 02:26 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2017-03-14 14:20 - 2017-03-04 02:26 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.UI.GameBar.dll
2017-03-14 14:20 - 2017-03-04 02:26 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2017-03-14 14:20 - 2017-03-04 02:26 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2017-03-14 14:20 - 2017-03-04 02:26 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe
2017-03-14 14:20 - 2017-03-04 02:25 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2017-03-14 14:20 - 2017-03-04 02:25 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2017-03-14 14:20 - 2017-03-04 02:25 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-03-14 14:20 - 2017-03-04 02:25 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-03-14 14:20 - 2017-03-04 02:25 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2017-03-14 14:20 - 2017-03-04 02:25 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-03-14 14:20 - 2017-03-04 02:25 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-03-14 14:20 - 2017-03-04 02:25 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-03-14 14:20 - 2017-03-04 02:25 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-03-14 14:20 - 2017-03-04 02:25 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscandui.dll
2017-03-14 14:20 - 2017-03-04 02:25 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-03-14 14:20 - 2017-03-04 02:25 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2017-03-14 14:20 - 2017-03-04 02:25 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2017-03-14 14:20 - 2017-03-04 02:25 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCCSEngineShared.dll
2017-03-14 14:20 - 2017-03-04 02:25 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2017-03-14 14:20 - 2017-03-04 02:25 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2017-03-14 14:20 - 2017-03-04 02:25 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll
2017-03-14 14:20 - 2017-03-04 02:25 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WPDShServiceObj.dll
2017-03-14 14:20 - 2017-03-04 02:25 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2017-03-14 14:20 - 2017-03-04 02:24 - 01293312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2017-03-14 14:20 - 2017-03-04 02:24 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-03-14 14:20 - 2017-03-04 02:24 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-03-14 14:20 - 2017-03-04 02:24 - 00671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2017-03-14 14:20 - 2017-03-04 02:24 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-03-14 14:20 - 2017-03-04 02:24 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-03-14 14:20 - 2017-03-04 02:24 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2017-03-14 14:20 - 2017-03-04 02:24 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2017-03-14 14:20 - 2017-03-04 02:24 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfui.dll
2017-03-14 14:20 - 2017-03-04 02:24 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2017-03-14 14:20 - 2017-03-04 02:24 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-03-14 14:20 - 2017-03-04 02:24 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2017-03-14 14:20 - 2017-03-04 02:23 - 01184256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-03-14 14:20 - 2017-03-04 02:23 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-03-14 14:20 - 2017-03-04 02:23 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-03-14 14:20 - 2017-03-04 02:23 - 00945152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-03-14 14:20 - 2017-03-04 02:23 - 00820224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
2017-03-14 14:20 - 2017-03-04 02:23 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2017-03-14 14:20 - 2017-03-04 02:23 - 00531456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-03-14 14:20 - 2017-03-04 02:23 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-03-14 14:20 - 2017-03-04 02:23 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-03-14 14:20 - 2017-03-04 02:23 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2017-03-14 14:20 - 2017-03-04 02:23 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2017-03-14 14:20 - 2017-03-04 02:23 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DavSyncProvider.dll
2017-03-14 14:20 - 2017-03-04 02:23 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-03-14 14:20 - 2017-03-04 02:23 - 00320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2017-03-14 14:20 - 2017-03-04 02:23 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2017-03-14 14:20 - 2017-03-04 02:23 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-03-14 14:20 - 2017-03-04 02:23 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2017-03-14 14:20 - 2017-03-04 02:23 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-03-14 14:20 - 2017-03-04 02:23 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-03-14 14:20 - 2017-03-04 02:23 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiohlp.dll
2017-03-14 14:20 - 2017-03-04 02:22 - 01299968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-03-14 14:20 - 2017-03-04 02:22 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2017-03-14 14:20 - 2017-03-04 02:22 - 00265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-03-14 14:20 - 2017-03-04 02:22 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2017-03-14 14:20 - 2017-03-04 02:22 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-03-14 14:20 - 2017-03-04 02:22 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-03-14 14:20 - 2017-03-04 02:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll
2017-03-14 14:20 - 2017-03-04 02:22 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2017-03-14 14:20 - 2017-03-04 02:22 - 00183296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2017-03-14 14:20 - 2017-03-04 02:22 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2017-03-14 14:20 - 2017-03-04 02:22 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2017-03-14 14:20 - 2017-03-04 02:21 - 06285824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-03-14 14:20 - 2017-03-04 02:21 - 01937920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2017-03-14 14:20 - 2017-03-04 02:21 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2017-03-14 14:20 - 2017-03-04 02:21 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-03-14 14:20 - 2017-03-04 02:21 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.Search.dll
2017-03-14 14:20 - 2017-03-04 02:21 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2017-03-14 14:20 - 2017-03-04 02:21 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\main.cpl
2017-03-14 14:20 - 2017-03-04 02:21 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2017-03-14 14:20 - 2017-03-04 02:21 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-03-14 14:20 - 2017-03-04 02:21 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-03-14 14:20 - 2017-03-04 02:21 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-03-14 14:20 - 2017-03-04 02:21 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-03-14 14:20 - 2017-03-04 02:21 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-03-14 14:20 - 2017-03-04 02:21 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2017-03-14 14:20 - 2017-03-04 02:21 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tapi32.dll
2017-03-14 14:20 - 2017-03-04 02:21 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-03-14 14:20 - 2017-03-04 02:20 - 13873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-03-14 14:20 - 2017-03-04 02:20 - 01280512 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-03-14 14:20 - 2017-03-04 02:20 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-03-14 14:20 - 2017-03-04 02:20 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-03-14 14:20 - 2017-03-04 02:20 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2017-03-14 14:20 - 2017-03-04 02:20 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2017-03-14 14:20 - 2017-03-04 02:20 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2017-03-14 14:20 - 2017-03-04 02:20 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2017-03-14 14:20 - 2017-03-04 02:20 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-03-14 14:20 - 2017-03-04 02:20 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-03-14 14:20 - 2017-03-04 02:20 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-03-14 14:20 - 2017-03-04 02:20 - 00424960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msutb.dll
2017-03-14 14:20 - 2017-03-04 02:20 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2017-03-14 14:20 - 2017-03-04 02:20 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanui.dll
2017-03-14 14:20 - 2017-03-04 02:20 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-03-14 14:20 - 2017-03-04 02:20 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-03-14 14:20 - 2017-03-04 02:20 - 00271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2017-03-14 14:20 - 2017-03-04 02:20 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-03-14 14:20 - 2017-03-04 02:20 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll
2017-03-14 14:20 - 2017-03-04 02:20 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2017-03-14 14:20 - 2017-03-04 02:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-03-14 14:20 - 2017-03-04 02:19 - 23676416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-03-14 14:20 - 2017-03-04 02:19 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-03-14 14:20 - 2017-03-04 02:19 - 01639424 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-03-14 14:20 - 2017-03-04 02:19 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-03-14 14:20 - 2017-03-04 02:19 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2017-03-14 14:20 - 2017-03-04 02:19 - 00714752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2017-03-14 14:20 - 2017-03-04 02:19 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2017-03-14 14:20 - 2017-03-04 02:19 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2017-03-14 14:20 - 2017-03-04 02:19 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-03-14 14:20 - 2017-03-04 02:19 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-03-14 14:20 - 2017-03-04 02:19 - 00390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2017-03-14 14:20 - 2017-03-04 02:19 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2017-03-14 14:20 - 2017-03-04 02:19 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2017-03-14 14:20 - 2017-03-04 02:19 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2017-03-14 14:20 - 2017-03-04 02:19 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-03-14 14:20 - 2017-03-04 02:18 - 17198592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-03-14 14:20 - 2017-03-04 02:18 - 01762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2017-03-14 14:20 - 2017-03-04 02:18 - 01231360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2017-03-14 14:20 - 2017-03-04 02:18 - 01189376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2017-03-14 14:20 - 2017-03-04 02:18 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2017-03-14 14:20 - 2017-03-04 02:18 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2017-03-14 14:20 - 2017-03-04 02:18 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2017-03-14 14:20 - 2017-03-04 02:18 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2017-03-14 14:20 - 2017-03-04 02:18 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2017-03-14 14:20 - 2017-03-04 02:18 - 00525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2017-03-14 14:20 - 2017-03-04 02:18 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2017-03-14 14:20 - 2017-03-04 02:18 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-03-14 14:20 - 2017-03-04 02:18 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll
2017-03-14 14:20 - 2017-03-04 02:18 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-03-14 14:20 - 2017-03-04 02:18 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RelPost.exe
2017-03-14 14:20 - 2017-03-04 02:18 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2017-03-14 14:20 - 2017-03-04 02:18 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-03-14 14:20 - 2017-03-04 02:17 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-03-14 14:20 - 2017-03-04 02:17 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2017-03-14 14:20 - 2017-03-04 02:17 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-03-14 14:20 - 2017-03-04 02:17 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-03-14 14:20 - 2017-03-04 02:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2017-03-14 14:20 - 2017-03-04 02:17 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-03-14 14:20 - 2017-03-04 02:17 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-03-14 14:20 - 2017-03-04 02:16 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-03-14 14:20 - 2017-03-04 02:16 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-03-14 14:20 - 2017-03-04 02:16 - 00968704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-03-14 14:20 - 2017-03-04 02:16 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2017-03-14 14:20 - 2017-03-04 02:16 - 00858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2017-03-14 14:20 - 2017-03-04 02:16 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-03-14 14:20 - 2017-03-04 02:16 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-03-14 14:20 - 2017-03-04 02:16 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2017-03-14 14:20 - 2017-03-04 02:16 - 00762880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2017-03-14 14:20 - 2017-03-04 02:16 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2017-03-14 14:20 - 2017-03-04 02:16 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-03-14 14:20 - 2017-03-04 02:16 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-03-14 14:20 - 2017-03-04 02:16 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2017-03-14 14:20 - 2017-03-04 02:16 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-03-14 14:20 - 2017-03-04 02:16 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2017-03-14 14:20 - 2017-03-04 02:16 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2017-03-14 14:20 - 2017-03-04 02:16 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2017-03-14 14:20 - 2017-03-04 02:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-03-14 14:20 - 2017-03-04 02:16 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2017-03-14 14:20 - 2017-03-04 02:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-03-14 14:20 - 2017-03-04 02:15 - 18362368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-03-14 14:20 - 2017-03-04 02:15 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe
2017-03-14 14:20 - 2017-03-04 02:15 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2017-03-14 14:20 - 2017-03-04 02:15 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-03-14 14:20 - 2017-03-04 02:15 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\azroleui.dll
2017-03-14 14:20 - 2017-03-04 02:15 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-03-14 14:20 - 2017-03-04 02:14 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2017-03-14 14:20 - 2017-03-04 02:14 - 00588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2017-03-14 14:20 - 2017-03-04 02:14 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2017-03-14 14:20 - 2017-03-04 02:13 - 19411968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-03-14 14:20 - 2017-03-04 02:13 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-03-14 14:20 - 2017-03-04 02:13 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-03-14 14:20 - 2017-03-04 02:13 - 04613120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-03-14 14:20 - 2017-03-04 02:13 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-03-14 14:20 - 2017-03-04 02:13 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2017-03-14 14:20 - 2017-03-04 02:13 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-03-14 14:20 - 2017-03-04 02:13 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-03-14 14:20 - 2017-03-04 02:13 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-03-14 14:20 - 2017-03-04 02:13 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-03-14 14:20 - 2017-03-04 02:13 - 00937472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-03-14 14:20 - 2017-03-04 02:13 - 00858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2017-03-14 14:20 - 2017-03-04 02:13 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2017-03-14 14:20 - 2017-03-04 02:13 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-03-14 14:20 - 2017-03-04 02:13 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-03-14 14:20 - 2017-03-04 02:13 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-03-14 14:20 - 2017-03-04 02:13 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-03-14 14:20 - 2017-03-04 02:13 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2017-03-14 14:20 - 2017-03-04 02:12 - 13085184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-03-14 14:20 - 2017-03-04 02:12 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-03-14 14:20 - 2017-03-04 02:12 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-03-14 14:20 - 2017-03-04 02:12 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-03-14 14:20 - 2017-03-04 02:12 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-03-14 14:20 - 2017-03-04 02:12 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-03-14 14:20 - 2017-03-04 02:12 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-03-14 14:20 - 2017-03-04 02:12 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.Search.dll
2017-03-14 14:20 - 2017-03-04 02:12 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-03-14 14:20 - 2017-03-04 02:12 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2017-03-14 14:20 - 2017-03-04 02:11 - 03441664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-03-14 14:20 - 2017-03-04 02:11 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-03-14 14:20 - 2017-03-04 02:11 - 01891328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2017-03-14 14:20 - 2017-03-04 02:11 - 01357312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2017-03-14 14:20 - 2017-03-04 02:11 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-03-14 14:20 - 2017-03-04 02:11 - 01320448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2017-03-14 14:20 - 2017-03-04 02:11 - 01137152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-03-14 14:20 - 2017-03-04 02:11 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-03-14 14:20 - 2017-03-04 02:11 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-03-14 14:20 - 2017-03-04 02:11 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-03-14 14:20 - 2017-03-04 02:11 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2017-03-14 14:20 - 2017-03-04 02:10 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-03-14 14:20 - 2017-03-04 02:10 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-03-14 14:20 - 2017-03-04 02:10 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2017-03-14 14:20 - 2017-03-04 02:10 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-03-14 14:20 - 2017-03-04 02:10 - 01917440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-03-14 14:20 - 2017-03-04 02:10 - 01555456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2017-03-14 14:20 - 2017-03-04 02:10 - 01536000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-03-14 14:20 - 2017-03-04 02:10 - 01399296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Pimstore.dll
2017-03-14 14:20 - 2017-03-04 02:10 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-03-14 14:20 - 2017-03-04 02:10 - 01275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-03-14 14:20 - 2017-03-04 02:10 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2017-03-14 14:20 - 2017-03-04 02:10 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-03-14 14:20 - 2017-03-04 02:10 - 00971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-03-14 14:20 - 2017-03-04 02:10 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-03-14 14:20 - 2017-03-04 02:10 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-03-14 14:20 - 2017-03-04 02:10 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-03-14 14:20 - 2017-03-04 02:10 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2017-03-14 14:20 - 2017-03-04 02:10 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regedit.exe
2017-03-14 14:20 - 2017-03-04 02:10 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2017-03-14 14:20 - 2017-03-04 02:09 - 08125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-03-14 14:20 - 2017-03-04 02:09 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-03-14 14:20 - 2017-03-04 02:09 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-03-14 14:20 - 2017-03-04 02:09 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-03-14 14:20 - 2017-03-04 02:09 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2017-03-14 14:20 - 2017-03-04 02:09 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2017-03-14 14:20 - 2017-03-04 02:09 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-03-14 14:20 - 2017-03-04 02:09 - 00570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2017-03-14 14:20 - 2017-03-04 02:09 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-03-14 14:20 - 2017-03-04 02:09 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2017-03-14 14:20 - 2017-03-04 02:08 - 08076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-03-14 14:20 - 2017-03-04 02:08 - 03405312 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-03-14 14:20 - 2017-03-04 02:08 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2017-03-14 14:20 - 2017-03-04 02:08 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2017-03-14 14:20 - 2017-03-04 02:08 - 01981440 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-03-14 14:20 - 2017-03-04 02:08 - 01780224 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-03-14 14:20 - 2017-03-04 02:08 - 01266176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-03-14 14:20 - 2017-03-04 02:08 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-03-14 14:20 - 2017-03-04 02:08 - 00792576 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-03-14 14:20 - 2017-03-04 02:08 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-03-14 14:20 - 2017-03-04 02:08 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2017-03-14 14:20 - 2017-03-04 02:07 - 12178944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-03-14 14:20 - 2017-03-04 02:07 - 02895872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-03-14 14:20 - 2017-03-04 02:07 - 02748928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-03-14 14:20 - 2017-03-04 02:07 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-03-14 14:20 - 2017-03-04 02:07 - 02643456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-03-14 14:20 - 2017-03-04 02:07 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-03-14 14:20 - 2017-03-04 02:07 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-03-14 14:20 - 2017-03-04 02:07 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2017-03-14 14:20 - 2017-03-04 02:07 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-03-14 14:20 - 2017-03-04 02:07 - 01512448 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-03-14 14:20 - 2017-03-04 02:07 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2017-03-14 14:20 - 2017-03-04 02:07 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-03-14 14:20 - 2017-03-04 02:07 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-03-14 14:20 - 2017-03-04 02:07 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-03-14 14:20 - 2017-03-04 02:07 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2017-03-14 14:20 - 2017-03-04 02:07 - 00875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-03-14 14:20 - 2017-03-04 02:07 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-03-14 14:20 - 2017-03-04 02:07 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-03-14 14:20 - 2017-03-04 02:07 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2017-03-14 14:20 - 2017-03-04 02:07 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-03-14 14:20 - 2017-03-04 02:06 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-03-14 14:20 - 2017-03-04 02:06 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-03-14 14:20 - 2017-03-04 02:06 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-03-14 14:20 - 2017-03-04 02:06 - 03202048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-03-14 14:20 - 2017-03-04 02:06 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2017-03-14 14:20 - 2017-03-04 02:06 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-03-14 14:20 - 2017-03-04 02:06 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-03-14 14:20 - 2017-03-04 02:06 - 02475008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-03-14 14:20 - 2017-03-04 02:06 - 02287104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-03-14 14:20 - 2017-03-04 02:06 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-03-14 14:20 - 2017-03-04 02:06 - 01424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-03-14 14:20 - 2017-03-04 02:06 - 01369088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-03-14 14:20 - 2017-03-04 02:06 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-03-14 14:20 - 2017-03-04 02:06 - 01013760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2017-03-14 14:20 - 2017-03-04 02:06 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2017-03-14 14:20 - 2017-03-04 02:06 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2017-03-14 14:20 - 2017-03-04 02:06 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-03-14 14:20 - 2017-03-04 02:05 - 07468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-03-14 14:20 - 2017-03-04 02:05 - 01328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-03-14 14:20 - 2017-03-04 02:05 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-03-14 14:20 - 2017-03-04 02:05 - 01133568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2017-03-14 14:20 - 2017-03-04 02:05 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-03-14 14:20 - 2017-03-04 02:05 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2017-03-14 14:20 - 2017-03-04 02:05 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2017-03-14 14:20 - 2017-03-04 02:05 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2017-03-14 14:20 - 2017-03-04 02:05 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2017-03-14 14:20 - 2017-03-04 02:05 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CameraCaptureUI.dll
2017-03-14 14:20 - 2017-03-04 02:04 - 01826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-03-14 14:20 - 2017-03-04 02:04 - 00998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-03-14 14:20 - 2017-03-04 02:04 - 00753152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2fs.dll
2017-03-14 14:20 - 2017-03-04 02:04 - 00719872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_sr.dll
2017-03-14 14:20 - 2017-03-04 02:04 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-03-14 14:20 - 2017-03-04 02:04 - 00531456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-03-14 14:20 - 2017-03-04 02:04 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-03-14 14:20 - 2017-03-04 02:04 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\RADCUI.dll
2017-03-14 14:20 - 2017-03-04 02:03 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-03-14 14:20 - 2017-03-04 02:03 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-03-14 14:20 - 2017-03-04 02:03 - 02363904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-03-14 14:20 - 2017-03-04 02:03 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-03-14 14:20 - 2017-03-04 02:03 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2017-03-14 14:20 - 2017-03-04 02:03 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2017-03-14 14:20 - 2017-03-04 02:03 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-03-14 14:20 - 2017-03-04 02:03 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2017-03-14 14:20 - 2017-03-04 02:02 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-03-14 14:20 - 2017-03-04 02:02 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-03-14 14:20 - 2017-03-04 02:02 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2017-03-14 14:20 - 2017-03-04 02:02 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-03-14 14:20 - 2017-03-04 02:02 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-03-14 14:20 - 2017-03-04 02:02 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-03-14 14:20 - 2017-03-04 02:02 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-03-14 14:20 - 2017-03-04 02:02 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-03-14 14:20 - 2017-03-04 02:02 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2017-03-14 14:20 - 2017-03-04 02:01 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-03-14 14:20 - 2017-03-04 02:01 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-03-14 14:20 - 2017-03-04 02:01 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-03-14 14:20 - 2017-03-04 02:01 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-03-14 14:20 - 2017-03-04 02:01 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2017-03-14 14:20 - 2017-03-04 02:01 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-03-14 14:20 - 2017-03-04 02:01 - 01571840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-03-14 14:20 - 2017-03-04 02:01 - 01564160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-03-14 14:20 - 2017-03-04 02:01 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-03-14 14:20 - 2017-03-04 02:01 - 01493504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2017-03-14 14:20 - 2017-03-04 02:01 - 01293312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2017-03-14 14:20 - 2017-03-04 02:01 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-03-14 14:20 - 2017-03-04 02:01 - 01154560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Pimstore.dll
2017-03-14 14:20 - 2017-03-04 02:01 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-03-14 14:20 - 2017-03-04 02:01 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-03-14 14:20 - 2017-03-04 02:01 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-03-14 14:20 - 2017-03-04 02:01 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-03-14 14:20 - 2017-03-04 02:01 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-03-14 14:20 - 2017-03-04 02:01 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2017-03-14 14:20 - 2017-03-04 02:01 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2017-03-14 14:20 - 2017-03-04 02:00 - 04557824 _____ (Microsoft) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-03-14 14:20 - 2017-03-04 02:00 - 02996736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-03-14 14:20 - 2017-03-04 02:00 - 02483200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-03-14 14:20 - 2017-03-04 02:00 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-03-14 14:20 - 2017-03-04 02:00 - 02003968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-03-14 14:20 - 2017-03-04 02:00 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-03-14 14:20 - 2017-03-04 02:00 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-03-14 14:20 - 2017-03-04 02:00 - 00862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-03-14 14:20 - 2017-03-04 02:00 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2017-03-14 14:20 - 2017-03-04 02:00 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2017-03-14 14:20 - 2017-03-04 02:00 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-03-14 14:20 - 2017-03-04 02:00 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-03-14 14:20 - 2017-03-04 02:00 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-03-14 14:20 - 2017-03-04 02:00 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-03-14 14:20 - 2017-03-04 02:00 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-03-14 14:20 - 2017-03-04 02:00 - 00444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2017-03-14 14:20 - 2017-03-04 02:00 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-03-14 14:20 - 2017-03-04 01:59 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-03-14 14:20 - 2017-03-04 01:59 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2017-03-14 14:20 - 2017-03-04 01:57 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-03-14 14:20 - 2017-03-04 01:57 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-03-14 14:20 - 2017-03-04 01:57 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-03-14 14:20 - 2017-03-04 01:57 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RADCUI.dll
2017-03-14 14:20 - 2017-03-04 01:36 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-03-14 14:20 - 2017-02-21 22:17 - 00448285 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-03-14 14:19 - 2017-03-04 03:57 - 00192352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-03-14 14:19 - 2017-03-04 03:35 - 01617760 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-03-14 14:19 - 2017-03-04 03:35 - 01294688 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-03-14 14:19 - 2017-03-04 03:35 - 00655200 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-03-14 14:19 - 2017-03-04 03:35 - 00590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-03-14 14:19 - 2017-03-04 03:35 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-03-14 14:19 - 2017-03-04 03:35 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-03-14 14:19 - 2017-03-04 03:35 - 00343904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-03-14 14:19 - 2017-03-04 03:35 - 00315232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-03-14 14:19 - 2017-03-04 03:35 - 00242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-03-14 14:19 - 2017-03-04 03:35 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-03-14 14:19 - 2017-03-04 03:35 - 00086368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-03-14 14:19 - 2017-03-04 03:35 - 00038240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-03-14 14:19 - 2017-03-04 03:25 - 01117024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-03-14 14:19 - 2017-03-04 03:24 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-03-14 14:19 - 2017-03-04 03:24 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-03-14 14:19 - 2017-03-04 03:24 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2017-03-14 14:19 - 2017-03-04 03:22 - 01354312 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-03-14 14:19 - 2017-03-04 03:22 - 01172984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-03-14 14:19 - 2017-03-04 03:21 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-03-14 14:19 - 2017-03-04 03:20 - 00379744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2017-03-14 14:19 - 2017-03-04 03:20 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-03-14 14:19 - 2017-03-04 03:18 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-03-14 14:19 - 2017-03-04 03:15 - 00404320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2017-03-14 14:19 - 2017-03-04 03:13 - 00635456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-03-14 14:19 - 2017-03-04 03:11 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-03-14 14:19 - 2017-03-04 03:09 - 00578392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-03-14 14:19 - 2017-03-04 03:09 - 00178520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-03-14 14:19 - 2017-03-04 03:08 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-03-14 14:19 - 2017-03-04 03:08 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-03-14 14:19 - 2017-03-04 03:08 - 00342456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2017-03-14 14:19 - 2017-03-04 03:07 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-03-14 14:19 - 2017-03-04 03:07 - 02446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-03-14 14:19 - 2017-03-04 03:07 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-03-14 14:19 - 2017-03-04 03:07 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-03-14 14:19 - 2017-03-04 03:07 - 00989016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-03-14 14:19 - 2017-03-04 03:07 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-03-14 14:19 - 2017-03-04 03:07 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-03-14 14:19 - 2017-03-04 03:07 - 00682808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-03-14 14:19 - 2017-03-04 03:07 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2017-03-14 14:19 - 2017-03-04 03:07 - 00110944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2017-03-14 14:19 - 2017-03-04 03:07 - 00080224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-03-14 14:19 - 2017-03-04 03:03 - 04674360 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-03-14 14:19 - 2017-03-04 03:03 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-03-14 14:19 - 2017-03-04 03:03 - 00038768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2017-03-14 14:19 - 2017-03-04 03:01 - 00201568 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-03-14 14:19 - 2017-03-04 03:01 - 00128648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2017-03-14 14:19 - 2017-03-04 02:59 - 01570208 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-03-14 14:19 - 2017-03-04 02:58 - 01416224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-03-14 14:19 - 2017-03-04 02:58 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-03-14 14:19 - 2017-03-04 02:58 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2017-03-14 14:19 - 2017-03-04 02:57 - 00372432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-03-14 14:19 - 2017-03-04 02:42 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-03-14 14:19 - 2017-03-04 02:37 - 00025088 _____ C:\WINDOWS\system32\GamePanelExternalHook.dll
2017-03-14 14:19 - 2017-03-04 02:36 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfp.dll
2017-03-14 14:19 - 2017-03-04 02:36 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-03-14 14:19 - 2017-03-04 02:36 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-03-14 14:19 - 2017-03-04 02:36 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-03-14 14:19 - 2017-03-04 02:35 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-03-14 14:19 - 2017-03-04 02:35 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddrawex.dll
2017-03-14 14:19 - 2017-03-04 02:34 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.SystemManagement.dll
2017-03-14 14:19 - 2017-03-04 02:34 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfui.dll
2017-03-14 14:19 - 2017-03-04 02:34 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-03-14 14:19 - 2017-03-04 02:33 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2017-03-14 14:19 - 2017-03-04 02:33 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-03-14 14:19 - 2017-03-04 02:33 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-03-14 14:19 - 2017-03-04 02:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2017-03-14 14:19 - 2017-03-04 02:33 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothDesktopHandlers.dll
2017-03-14 14:19 - 2017-03-04 02:33 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\XInputUap.dll
2017-03-14 14:19 - 2017-03-04 02:33 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2017-03-14 14:19 - 2017-03-04 02:32 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-03-14 14:19 - 2017-03-04 02:32 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-03-14 14:19 - 2017-03-04 02:32 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2017-03-14 14:19 - 2017-03-04 02:32 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll
2017-03-14 14:19 - 2017-03-04 02:32 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2017-03-14 14:19 - 2017-03-04 02:31 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-03-14 14:19 - 2017-03-04 02:31 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll
2017-03-14 14:19 - 2017-03-04 02:31 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2017-03-14 14:19 - 2017-03-04 02:31 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-03-14 14:19 - 2017-03-04 02:30 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2017-03-14 14:19 - 2017-03-04 02:30 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-03-14 14:19 - 2017-03-04 02:30 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscandui.dll
2017-03-14 14:19 - 2017-03-04 02:30 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-03-14 14:19 - 2017-03-04 02:30 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2017-03-14 14:19 - 2017-03-04 02:30 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiohlp.dll
2017-03-14 14:19 - 2017-03-04 02:30 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2017-03-14 14:19 - 2017-03-04 02:30 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2017-03-14 14:19 - 2017-03-04 02:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2017-03-14 14:19 - 2017-03-04 02:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2017-03-14 14:19 - 2017-03-04 02:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-03-14 14:19 - 2017-03-04 02:29 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll
2017-03-14 14:19 - 2017-03-04 02:29 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-03-14 14:19 - 2017-03-04 02:29 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2017-03-14 14:19 - 2017-03-04 02:29 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2017-03-14 14:19 - 2017-03-04 02:29 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-03-14 14:19 - 2017-03-04 02:28 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-03-14 14:19 - 2017-03-04 02:28 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-03-14 14:19 - 2017-03-04 02:28 - 00623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2017-03-14 14:19 - 2017-03-04 02:28 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2017-03-14 14:19 - 2017-03-04 02:28 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2017-03-14 14:19 - 2017-03-04 02:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2017-03-14 14:19 - 2017-03-04 02:28 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-03-14 14:19 - 2017-03-04 02:28 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2017-03-14 14:19 - 2017-03-04 02:28 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2017-03-14 14:19 - 2017-03-04 02:28 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-03-14 14:19 - 2017-03-04 02:28 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-03-14 14:19 - 2017-03-04 02:27 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2017-03-14 14:19 - 2017-03-04 02:27 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-03-14 14:19 - 2017-03-04 02:27 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-03-14 14:19 - 2017-03-04 02:27 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-03-14 14:19 - 2017-03-04 02:27 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-03-14 14:19 - 2017-03-04 02:27 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-03-14 14:19 - 2017-03-04 02:27 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-03-14 14:19 - 2017-03-04 02:26 - 00643072 _____ (Microsoft Corporation) C:\WINDOWS\system32\main.cpl
2017-03-14 14:19 - 2017-03-04 02:26 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-03-14 14:19 - 2017-03-04 02:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2017-03-14 14:19 - 2017-03-04 02:26 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msutb.dll
2017-03-14 14:19 - 2017-03-04 02:26 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-03-14 14:19 - 2017-03-04 02:26 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-03-14 14:19 - 2017-03-04 02:26 - 00264704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-03-14 14:19 - 2017-03-04 02:26 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-03-14 14:19 - 2017-03-04 02:26 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-03-14 14:19 - 2017-03-04 02:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-03-14 14:19 - 2017-03-04 02:25 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2017-03-14 14:19 - 2017-03-04 02:25 - 01016320 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-03-14 14:19 - 2017-03-04 02:25 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-03-14 14:19 - 2017-03-04 02:24 - 01092096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationFrame.dll
2017-03-14 14:19 - 2017-03-04 02:24 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-03-14 14:19 - 2017-03-04 02:24 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2017-03-14 14:19 - 2017-03-04 02:24 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-03-14 14:19 - 2017-03-04 02:24 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2017-03-14 14:19 - 2017-03-04 02:24 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXP.dll
2017-03-14 14:19 - 2017-03-04 02:24 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2017-03-14 14:19 - 2017-03-04 02:23 - 03753984 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2017-03-14 14:19 - 2017-03-04 02:23 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-03-14 14:19 - 2017-03-04 02:23 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-03-14 14:19 - 2017-03-04 02:23 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-03-14 14:19 - 2017-03-04 02:23 - 00634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2017-03-14 14:19 - 2017-03-04 02:23 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-03-14 14:19 - 2017-03-04 02:23 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2017-03-14 14:19 - 2017-03-04 02:22 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-03-14 14:19 - 2017-03-04 02:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-03-14 14:19 - 2017-03-04 02:22 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-03-14 14:19 - 2017-03-04 02:21 - 00776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabletPC.cpl
2017-03-14 14:19 - 2017-03-04 02:21 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-03-14 14:19 - 2017-03-04 02:20 - 01913856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-03-14 14:19 - 2017-03-04 02:20 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-03-14 14:19 - 2017-03-04 02:20 - 00893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-03-14 14:19 - 2017-03-04 02:20 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2017-03-14 14:19 - 2017-03-04 02:20 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2017-03-14 14:19 - 2017-03-04 02:19 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-03-14 14:19 - 2017-03-04 02:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-03-14 14:19 - 2017-03-04 02:19 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-03-14 14:19 - 2017-03-04 02:19 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Tabbtn.dll
2017-03-14 14:19 - 2017-03-04 02:19 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\tabcal.exe
2017-03-14 14:19 - 2017-03-04 02:18 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2017-03-14 14:19 - 2017-03-04 02:18 - 00320512 _____ (Microsoft Corporation) C:\WINDOWS\regedit.exe
2017-03-14 14:19 - 2017-03-04 02:18 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-03-14 14:19 - 2017-03-04 02:17 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-03-14 14:19 - 2017-03-04 02:17 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2017-03-14 14:19 - 2017-03-04 02:17 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-03-14 14:19 - 2017-03-04 02:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-03-14 14:19 - 2017-03-04 02:16 - 03289088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-03-14 14:19 - 2017-03-04 02:16 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
2017-03-14 14:19 - 2017-03-04 02:16 - 00583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-03-14 14:19 - 2017-03-04 02:16 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2017-03-14 14:19 - 2017-03-04 02:15 - 09130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-03-14 14:19 - 2017-03-04 02:15 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-03-14 14:19 - 2017-03-04 02:15 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2017-03-14 14:19 - 2017-03-04 02:14 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-03-14 14:19 - 2017-03-04 02:14 - 01562112 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2017-03-14 14:19 - 2017-03-04 02:14 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2017-03-14 14:19 - 2017-03-04 02:14 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-03-14 14:19 - 2017-03-04 02:14 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-03-14 14:19 - 2017-03-04 02:14 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-03-14 14:19 - 2017-03-04 02:14 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2017-03-14 14:19 - 2017-03-04 02:13 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2017-03-14 14:19 - 2017-03-04 02:13 - 00961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2fs.dll
2017-03-14 14:19 - 2017-03-04 02:13 - 00947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_sr.dll
2017-03-14 14:19 - 2017-03-04 02:13 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2017-03-14 14:19 - 2017-03-04 02:13 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-03-14 14:19 - 2017-03-04 02:13 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\CameraCaptureUI.dll
2017-03-14 14:19 - 2017-03-04 02:13 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MultiDigiMon.exe
2017-03-14 14:19 - 2017-03-04 02:12 - 01692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-03-14 14:19 - 2017-03-04 02:12 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2017-03-14 14:19 - 2017-03-04 02:12 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2017-03-14 14:19 - 2017-03-04 02:12 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2017-03-14 14:19 - 2017-03-04 02:11 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-03-14 14:19 - 2017-03-04 02:11 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2017-03-14 14:19 - 2017-03-04 02:11 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-03-14 14:19 - 2017-03-04 02:11 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-03-14 14:19 - 2017-03-04 02:11 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-03-14 14:19 - 2017-03-04 02:11 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2017-03-14 14:19 - 2017-03-04 02:11 - 00818176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-03-14 14:19 - 2017-03-04 02:10 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-03-14 14:19 - 2017-03-04 02:10 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2017-03-14 14:19 - 2017-03-04 02:10 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-03-14 14:19 - 2017-03-04 02:10 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-03-14 14:19 - 2017-03-04 02:10 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-03-14 14:19 - 2017-03-04 02:09 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2017-03-14 14:19 - 2017-03-04 02:08 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-03-14 14:19 - 2017-03-04 02:08 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2017-03-14 14:19 - 2017-03-04 02:07 - 02914816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-03-14 14:19 - 2017-03-04 02:07 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2017-03-14 14:19 - 2017-03-04 02:07 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-03-14 14:19 - 2017-03-04 02:07 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-03-14 14:19 - 2017-03-04 02:07 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-03-14 14:19 - 2017-03-04 02:07 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2017-03-14 14:19 - 2017-03-04 02:06 - 05384192 _____ (Microsoft) C:\WINDOWS\system32\dbgeng.dll
2017-03-14 14:19 - 2017-03-04 02:06 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-03-14 14:19 - 2017-03-04 02:06 - 04060672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-03-14 14:19 - 2017-03-04 02:06 - 03614720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-03-14 14:19 - 2017-03-04 02:06 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-03-14 14:19 - 2017-03-04 02:06 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2017-03-14 14:19 - 2017-03-04 02:06 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-03-14 14:19 - 2017-03-04 02:05 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-03-14 14:19 - 2017-03-04 02:05 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-03-14 14:19 - 2017-03-04 02:05 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2017-03-14 14:19 - 2017-03-04 02:04 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2017-03-14 14:19 - 2017-03-04 02:03 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-03-14 14:19 - 2017-03-04 02:02 - 00510464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-03-14 14:19 - 2017-03-04 02:01 - 03478528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-03-14 14:19 - 2016-07-15 22:29 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\CspCellularSettings.dll
2017-03-14 14:19 - 2016-07-15 22:28 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-03-14 14:19 - 2016-07-15 22:26 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-03-14 14:19 - 2016-05-29 14:38 - 08886976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSetup.exe
2017-03-14 12:35 - 2017-03-14 12:35 - 00087584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2017-03-09 17:04 - 2017-03-09 17:04 - 00000000 ____D C:\Users\J\AppData\Local\Skyrim Special Edition
2017-03-09 17:01 - 2017-03-09 17:01 - 00001272 _____ C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\common.lnk
2017-03-09 16:38 - 2017-03-09 16:38 - 00000000 ____D C:\Games
2017-03-09 16:07 - 2017-03-09 16:07 - 00000222 _____ C:\Users\J\Desktop\The Elder Scrolls V Skyrim Special Edition.url
2017-03-09 16:02 - 2017-03-09 16:38 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2017-03-09 16:02 - 2017-03-09 16:02 - 00000891 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2017-03-09 16:02 - 2017-03-09 16:02 - 00000000 ____D C:\Users\J\Documents\Nexus Mod Manager
2017-03-09 16:02 - 2017-03-09 16:02 - 00000000 ____D C:\Users\J\AppData\Local\Black_Tree_Gaming
2017-03-09 16:01 - 2017-03-09 16:02 - 00000000 ____D C:\Users\J\AppData\Local\Fallout4
2017-03-09 16:01 - 2017-03-09 16:01 - 00000000 ____D C:\Users\J\AppData\Local\Colossal Order
2017-03-08 01:42 - 2017-03-08 01:42 - 00000222 _____ C:\Users\J\Desktop\Cities Skylines.url
2017-03-06 00:52 - 2017-03-09 17:04 - 00000000 ____D C:\Users\J\Documents\My Games
2017-03-06 00:52 - 2017-03-06 00:52 - 00000000 ____D C:\Users\J\AppData\Roaming\FiraxisLive
2017-03-06 00:52 - 2010-06-02 05:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2017-03-06 00:52 - 2010-06-02 05:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2017-03-06 00:52 - 2010-06-02 05:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2017-03-06 00:52 - 2010-06-02 05:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2017-03-06 00:52 - 2010-06-02 05:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2017-03-06 00:52 - 2010-06-02 05:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2017-03-06 00:52 - 2010-05-26 12:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2017-03-06 00:52 - 2010-05-26 12:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2017-03-06 00:52 - 2010-05-26 12:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2017-03-06 00:52 - 2010-05-26 12:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2017-03-06 00:52 - 2010-02-04 11:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2017-03-06 00:52 - 2010-02-04 11:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2017-03-06 00:52 - 2010-02-04 11:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2017-03-06 00:52 - 2010-02-04 11:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2017-03-06 00:52 - 2010-02-04 11:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2017-03-06 00:52 - 2010-02-04 11:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2017-03-06 00:52 - 2010-02-04 11:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2017-03-06 00:52 - 2010-02-04 11:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2017-03-06 00:52 - 2009-09-04 18:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2017-03-06 00:52 - 2009-09-04 18:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2017-03-06 00:52 - 2009-09-04 18:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2017-03-06 00:52 - 2009-09-04 18:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2017-03-06 00:52 - 2009-09-04 18:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2017-03-06 00:52 - 2009-09-04 18:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2017-03-06 00:52 - 2009-09-04 18:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2017-03-06 00:52 - 2009-09-04 18:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2017-03-06 00:52 - 2009-09-04 18:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2017-03-06 00:52 - 2009-09-04 18:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2017-03-06 00:52 - 2009-09-04 18:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2017-03-06 00:52 - 2009-09-04 18:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2017-03-06 00:52 - 2009-09-04 18:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2017-03-06 00:52 - 2009-09-04 18:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2017-03-06 00:52 - 2009-09-04 18:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2017-03-06 00:52 - 2009-09-04 18:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2017-03-06 00:52 - 2009-03-16 15:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2017-03-06 00:52 - 2009-03-16 15:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2017-03-06 00:52 - 2009-03-16 15:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2017-03-06 00:52 - 2009-03-16 15:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2017-03-06 00:52 - 2009-03-16 15:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2017-03-06 00:52 - 2009-03-16 15:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2017-03-06 00:52 - 2009-03-09 16:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2017-03-06 00:52 - 2009-03-09 16:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2017-03-06 00:52 - 2009-03-09 16:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2017-03-06 00:52 - 2009-03-09 16:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
2017-03-06 00:52 - 2009-03-09 16:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2017-03-06 00:52 - 2009-03-09 16:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
2017-03-06 00:52 - 2008-10-27 11:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2017-03-06 00:52 - 2008-10-27 11:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2017-03-06 00:52 - 2008-10-27 11:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2017-03-06 00:52 - 2008-10-27 11:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2017-03-06 00:52 - 2008-10-27 11:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2017-03-06 00:52 - 2008-10-27 11:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2017-03-06 00:52 - 2008-10-27 11:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2017-03-06 00:52 - 2008-10-27 11:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2017-03-06 00:52 - 2008-10-15 07:22 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2017-03-06 00:52 - 2008-10-15 07:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2017-03-06 00:52 - 2008-10-15 07:22 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2017-03-06 00:52 - 2008-10-15 07:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2017-03-06 00:52 - 2008-10-15 07:22 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2017-03-06 00:52 - 2008-10-15 07:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2017-03-06 00:52 - 2008-07-31 11:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2017-03-06 00:52 - 2008-07-31 11:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2017-03-06 00:52 - 2008-07-31 11:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2017-03-06 00:52 - 2008-07-31 11:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2017-03-06 00:52 - 2008-07-10 12:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2017-03-06 00:52 - 2008-07-10 12:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2017-03-06 00:52 - 2008-07-10 12:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2017-03-06 00:52 - 2008-05-30 15:19 - 00511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2017-03-06 00:52 - 2008-05-30 15:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2017-03-06 00:52 - 2008-05-30 15:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2017-03-06 00:52 - 2008-05-30 15:18 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2017-03-06 00:52 - 2008-05-30 15:17 - 00068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2017-03-06 00:52 - 2008-05-30 15:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2017-03-06 00:52 - 2008-05-30 15:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2017-03-06 00:52 - 2008-05-30 15:16 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2017-03-06 00:52 - 2008-05-30 15:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2017-03-06 00:52 - 2008-05-30 15:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2017-03-06 00:52 - 2008-05-30 15:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2017-03-06 00:52 - 2008-05-30 15:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2017-03-06 00:52 - 2008-05-30 15:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2017-03-06 00:52 - 2008-05-30 15:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2017-03-06 00:52 - 2008-03-05 17:04 - 00489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2017-03-06 00:52 - 2008-03-05 17:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2017-03-06 00:52 - 2008-03-05 17:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2017-03-06 00:52 - 2008-03-05 17:03 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2017-03-06 00:52 - 2008-03-05 17:00 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2017-03-06 00:52 - 2008-03-05 17:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2017-03-06 00:52 - 2008-03-05 16:56 - 04910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2017-03-06 00:52 - 2008-03-05 16:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2017-03-06 00:52 - 2008-03-05 16:56 - 01860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2017-03-06 00:52 - 2008-03-05 16:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2017-03-06 00:52 - 2008-02-06 00:07 - 00529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2017-03-06 00:52 - 2008-02-06 00:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2017-03-06 00:52 - 2007-10-22 04:40 - 00411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2017-03-06 00:52 - 2007-10-22 04:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2017-03-06 00:52 - 2007-10-22 04:37 - 00021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2017-03-06 00:52 - 2007-10-22 04:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2017-03-06 00:52 - 2007-10-12 16:14 - 05081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2017-03-06 00:52 - 2007-10-12 16:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2017-03-06 00:52 - 2007-10-12 16:14 - 02006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2017-03-06 00:52 - 2007-10-12 16:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2017-03-06 00:52 - 2007-10-02 10:56 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2017-03-06 00:52 - 2007-10-02 10:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2017-03-06 00:52 - 2007-07-20 01:57 - 00411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2017-03-06 00:52 - 2007-07-20 01:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2017-03-06 00:52 - 2007-07-19 19:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2017-03-06 00:52 - 2007-07-19 19:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2017-03-06 00:52 - 2007-07-19 19:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2017-03-06 00:52 - 2007-07-19 19:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2017-03-06 00:52 - 2007-07-19 19:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2017-03-06 00:52 - 2007-07-19 19:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2017-03-06 00:52 - 2007-06-20 21:49 - 00409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2017-03-06 00:52 - 2007-06-20 21:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2017-03-06 00:52 - 2007-05-16 17:45 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2017-03-06 00:52 - 2007-05-16 17:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2017-03-06 00:52 - 2007-05-16 17:45 - 01401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2017-03-06 00:52 - 2007-05-16 17:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2017-03-06 00:52 - 2007-05-16 17:45 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2017-03-06 00:52 - 2007-05-16 17:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2017-03-06 00:52 - 2007-04-04 19:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2017-03-06 00:52 - 2007-04-04 19:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2017-03-06 00:52 - 2007-04-04 19:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2017-03-06 00:52 - 2007-04-04 19:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2017-03-06 00:52 - 2007-03-15 17:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2017-03-06 00:52 - 2007-03-15 17:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2017-03-06 00:52 - 2007-03-12 17:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2017-03-06 00:52 - 2007-03-12 17:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2017-03-06 00:52 - 2007-03-12 17:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2017-03-06 00:52 - 2007-03-12 17:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2017-03-06 00:52 - 2007-03-05 13:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2017-03-06 00:52 - 2007-03-05 13:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2017-03-06 00:52 - 2007-01-24 16:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2017-03-06 00:52 - 2007-01-24 16:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2017-03-06 00:52 - 2006-12-08 13:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2017-03-06 00:52 - 2006-12-08 13:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2017-03-06 00:52 - 2006-11-29 14:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2017-03-06 00:52 - 2006-11-29 14:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2017-03-06 00:52 - 2006-11-29 14:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2017-03-06 00:52 - 2006-11-29 14:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2017-03-06 00:52 - 2006-09-28 17:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2017-03-06 00:52 - 2006-09-28 17:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2017-03-06 00:52 - 2006-09-28 17:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2017-03-06 00:52 - 2006-09-28 17:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2017-03-06 00:52 - 2006-07-28 10:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2017-03-06 00:52 - 2006-07-28 10:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2017-03-06 00:52 - 2006-07-28 10:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2017-03-06 00:52 - 2006-07-28 10:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2017-03-06 00:52 - 2006-05-31 08:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2017-03-06 00:52 - 2006-05-31 08:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2017-03-06 00:52 - 2006-03-31 13:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2017-03-06 00:52 - 2006-03-31 13:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2017-03-06 00:52 - 2006-03-31 13:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2017-03-06 00:52 - 2006-03-31 13:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2017-03-06 00:52 - 2006-03-31 13:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2017-03-06 00:52 - 2006-03-31 13:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2017-03-06 00:52 - 2006-02-03 09:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2017-03-06 00:52 - 2006-02-03 09:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2017-03-06 00:52 - 2006-02-03 09:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2017-03-06 00:52 - 2006-02-03 09:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2017-03-06 00:52 - 2006-02-03 09:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2017-03-06 00:52 - 2006-02-03 09:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2017-03-06 00:52 - 2005-12-05 19:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2017-03-06 00:52 - 2005-12-05 19:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2017-03-06 00:52 - 2005-07-22 20:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2017-03-06 00:52 - 2005-07-22 20:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2017-03-06 00:52 - 2005-05-26 16:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2017-03-06 00:52 - 2005-05-26 16:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2017-03-06 00:52 - 2005-03-18 18:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2017-03-06 00:52 - 2005-03-18 18:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2017-03-06 00:52 - 2005-02-05 20:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2017-03-06 00:52 - 2005-02-05 20:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2017-03-05 22:53 - 2017-03-05 22:53 - 00000222 _____ C:\Users\J\Desktop\Sid Meier's Civilization VI.url
2017-03-05 16:48 - 2017-03-05 16:48 - 00000000 ____D C:\Users\J\AppData\Roaming\.mono
2017-03-05 16:48 - 2017-03-05 16:48 - 00000000 ____D C:\Users\J\AppData\LocalLow\Blizzard Entertainment
2017-03-05 16:48 - 2017-03-05 16:48 - 00000000 ____D C:\Users\J\AppData\Local\Blizzard
2017-03-05 15:50 - 2017-04-01 10:33 - 00000000 ____D C:\Users\J\AppData\Local\Adobe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-04 18:14 - 2017-02-06 20:30 - 00000000 ____D C:\Users\J\Desktop\Scan
2017-04-04 18:12 - 2017-02-06 21:35 - 00000000 ____D C:\Users\J\AppData\LocalLow\Mozilla
2017-04-04 17:59 - 2017-02-13 20:15 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-04 17:59 - 2017-02-13 20:15 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-04-04 17:41 - 2016-11-20 14:37 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-04 16:40 - 2017-02-17 14:06 - 00000000 ____D C:\Users\J\AppData\Local\Battle.net
2017-04-04 16:40 - 2017-02-17 14:06 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-04-04 16:40 - 2017-02-07 00:41 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2017-04-04 16:40 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-03 18:57 - 2017-02-14 09:01 - 00000000 ____D C:\Users\J\AppData\Roaming\Curse Client
2017-04-03 17:10 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-01 11:50 - 2017-02-08 23:51 - 00000000 ____D C:\Users\J\AppData\Roaming\SimulationCraft
2017-04-01 11:09 - 2017-02-12 23:39 - 00000000 ____D C:\Program Files (x86)\World of Warcraft Public Test
2017-04-01 10:33 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-04-01 10:33 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-01 10:29 - 2017-02-07 00:53 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-31 22:00 - 2017-02-07 01:11 - 00000000 ____D C:\Users\J
2017-03-31 22:00 - 2016-11-20 14:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-31 14:58 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2017-03-31 14:19 - 2016-07-16 02:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-03-28 23:01 - 2017-02-08 00:29 - 00000000 ____D C:\Users\J\AppData\Roaming\TS3Client
2017-03-28 17:06 - 2017-02-06 23:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-03-28 00:48 - 2017-02-20 03:42 - 00001044 _____ C:\Users\J\Desktop\CCleaner.lnk
2017-03-27 17:28 - 2017-02-06 20:30 - 00000110 _____ C:\Users\J\Desktop\ooo.txt
2017-03-24 21:23 - 2017-02-06 23:33 - 00000000 ____D C:\Program Files\Common Files\AV
2017-03-24 13:47 - 2017-02-06 23:35 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-03-22 09:29 - 2017-02-06 20:30 - 00000052 _____ C:\Users\J\Desktop\xxxx.txt
2017-03-21 02:15 - 2017-02-06 20:35 - 00000000 ____D C:\AdwCleaner
2017-03-21 01:08 - 2017-02-07 01:13 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-21 01:08 - 2017-02-07 01:13 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-21 01:08 - 2017-02-07 01:13 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-21 01:08 - 2017-02-07 01:13 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-21 01:08 - 2017-02-07 01:13 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-18 06:29 - 2017-02-07 00:27 - 00000000 ____D C:\Users\J\AppData\Local\ESET
2017-03-18 06:26 - 2017-02-23 08:59 - 00001118 _____ C:\Users\J\Desktop\Private Internet Access.lnk
2017-03-16 21:01 - 2017-02-06 23:50 - 04078008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-03-16 21:01 - 2017-02-06 23:50 - 01600056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-03-16 21:01 - 2017-02-06 23:50 - 00217528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-03-16 21:01 - 2017-02-06 23:50 - 00043636 _____ C:\WINDOWS\system32\nvinfo.pb
2017-03-16 19:16 - 2017-02-07 01:10 - 06401984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-03-16 19:16 - 2017-02-07 01:10 - 02477504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-03-16 19:16 - 2017-02-07 01:10 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-03-16 19:16 - 2017-02-07 01:10 - 00549944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-03-16 19:16 - 2017-02-07 01:10 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-03-16 19:16 - 2017-02-07 01:10 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-03-16 19:16 - 2017-02-07 01:10 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-03-16 15:34 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-03-16 15:34 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache
2017-03-16 05:39 - 2017-02-07 01:10 - 07813427 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-03-14 16:01 - 2016-11-20 14:37 - 00194192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-14 16:00 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-03-14 16:00 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-03-14 16:00 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-03-14 16:00 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-03-14 16:00 - 2016-07-16 07:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-03-14 16:00 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-03-14 16:00 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\setup
2017-03-14 16:00 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-03-14 16:00 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-03-14 16:00 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-03-14 16:00 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-03-14 16:00 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-03-14 16:00 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-03-14 12:35 - 2017-02-06 23:33 - 01017624 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2017-03-14 12:35 - 2017-02-06 23:33 - 00509728 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2017-03-14 12:35 - 2017-02-06 23:33 - 00196376 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2017-03-14 12:35 - 2016-12-27 02:03 - 00136416 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwtp.sys
2017-03-14 12:35 - 2016-07-16 02:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-03-14 12:35 - 2016-06-14 21:47 - 00199392 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kneps.sys
2017-03-10 01:17 - 2016-07-16 07:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-03-10 01:17 - 2016-07-16 07:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-10 00:19 - 2017-03-02 21:59 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2017-03-09 16:01 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-03-09 14:48 - 2017-02-06 23:23 - 00000000 ____D C:\Users\J\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories =======

2017-02-06 22:53 - 2017-02-06 22:53 - 0047129 _____ () C:\ProgramData\agent.1486435991.bdinstall.bin
2017-02-06 22:57 - 2017-02-06 22:57 - 0029139 _____ () C:\ProgramData\agent.1486436277.bdinstall.bin
2017-02-07 01:10 - 2017-02-07 01:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-26 19:26

==================== End of FRST.txt ============================

Attached Files


Edited by Irontigers, 04 April 2017 - 06:16 PM.


BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:37 AM

Posted 09 April 2017 - 06:14 AM

Irontigers:

 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I apologize for the delay you have experienced in receiving an initial reply to your post.  This Forum is extremely busy and and number of Malware Response Team members is limited.
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time, normally 48 hours after your last post.
 
I will need some time to review your FRST logs.  That could take a day or two.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:37 AM

Posted 09 April 2017 - 12:25 PM

Irontigers:

Thank you for your patience while I analyzed your FRST logs.

In future, I would request that you copy and paste all of the logs that I request into your responses. If they are too lengthy, please split them between posts. Please do not attach them. This makes it much faster for me to analyze them.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: Is there a reason that you have disabled the Kaspersky Total Security Firewall?

 

FW: Kaspersky Total Security (Disabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

 

.


:step2: You have a number of legitimate Windows 10 files the Firewall Rules are blocking. Is there a reason for that?  It is even more curious since the Kaspersky Firewall is showing as disabled.

 

FirewallRules: [{5AF4DBB7-BFE0-475D-9802-47DA4E45C2FA}] => (Block) C:\windows\system32\wsqmcons.exe
FirewallRules: [{DDD03E51-461B-4982-8F78-3CEB3D7A3906}] => (Block) C:\windows\system32\wermgr.exe
FirewallRules: [{FB121E43-EC74-428F-87D3-496207E31212}] => (Block) C:\windows\system32\sihclient.exe
FirewallRules: [{6E48E468-ACF0-4E42-9355-CA92187C4BC3}] => (Block) C:\windows\system32\msfeedssync.exe
FirewallRules: [{2E242D6D-E270-436A-AFBE-48B981B64583}] => (Block) C:\windows\system32\dmclient.exe
FirewallRules: [{B38D8166-0BA2-4411-A490-5DC06CB82E84}] => (Block) C:\windows\system32\compattelrunner.exe
FirewallRules: [{C8EAFCC6-B9D1-462E-8AFD-1E8F13491ABA}] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [{9ADC3A7C-678D-4535-A5C1-66D0E7447207}] => (Block) C:\windows\system32\taskhostw.exe
FirewallRules: [{A3AD6B2D-CDAD-41C5-A73A-B78D55E7F2E5}] => (Block) C:\windows\system32\backgroundtaskhost.exe
FirewallRules: [{4A40B3A6-7DAD-46A2-8C54-A33E23FE731D}] => (Block) C:\Windows\systemapps\ParentalControls_cw5n1h2txyewy\WpcUapApp.exe
FirewallRules: [{353F71FF-5C84-4853-B04B-03C5E11EC6AA}] => (Block) C:\Windows\systemapps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\XBox.TCUI.exe
FirewallRules: [{C244601A-A2E6-4D35-B514-AC627EBD98AE}] => (Block) C:\Windows\systemapps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
FirewallRules: [{1A0E7009-5113-4955-8518-99485E2DC30F}] => (Block) C:\Windows\systemapps\Microsoft.BioEnrollment_cw5n1h2txyewy\BioEnrollmentHost.exe
FirewallRules: [{6CCE6CE0-9CCD-4BEA-9D16-C444D36459B7}] => (Block) C:\Windows\systemapps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exe
FirewallRules: [{C16B0793-5584-485E-8C54-590AFC0A337D}] => (Block) C:\Windows\systemapps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe

 

.


:step3: Please run a FRST "Fix" for me. I am going to do a bit of a clean up and remove the Internet Explorer policy restrictions as well as reset your Hosts file. If you have any issues with that, please let me know why, and please do not run the FRST "fixlist.txt" script below.

Copy and paste the text in the code box below into Notepad and save the file as fixlist.txt to the Desktop.

NOTE: It is important that both files, FRST64.exe and fixlist.txt are both in the same folder or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

CreateRestorePoint:
CloseProcesses:

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
Hosts:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3160587023-629741420-595008442-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
U3 WMPNetworkSvc; no ImagePath
  • Right click FRST64.exe, and select "Run as Administrator".
  • Then press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop (Fixlog.txt). Please copy and paste the contents into your reply.

.


:step4: I am wondering what evidence you have for this statement?  Just what behavior or symptoms is your computer exhibiting that leads you to that conclusion?  The more detail that you can provide to me, the more it will assist me to help you.

 

Hello, I have been dealing with some type of hidden rootkit/trojan that is just gathering information about everything i do

 

I am not seeing any evidence of serious malware on your computer. That said, FRST does not detect everything, and there are other scanners/cleaners that I can use, but I need to understand your concerns, and the reasons for them, so that I know what I am looking for. Windows 10 is always "calling home", as is Kaspersky Total Security, so high levels of network activity are not, of themselves, indications of any nefarious software or of hackers. With tools such as GMER, there are often entries that are totally benign, and also false positives, so one must approach those scan results with caution. There is good reason why the Bleeping Computer Malware Removal Study Hall training is so comprehensive and lengthy. There is simply so much to learn to accurately interpret the results of the many and varied anti-malware tools that are used, and to deploy the correct disinfection tools for the malware detected.

You did say:

 

id have to explain more about my life circumstances for context.

 

To the extent possible, and appropriate, we do prefer to work in the open Forum, because it helps others as well, who read these posts, BUT if there are personal details that you would rather not post publicly, you can send me a Personal Message with just that information. I will safeguard your sensitive personal information, but we will have to continue to deal with your computer issues here in the open Forum. It is contrary to Bleeping Computer policy for us to work privately for individuals with respect to logs posted in this Forum.

There do appear to be some system issues, looking at the Event logs in the "Addition.txt" file.  We can deal with those once we have sorted out any potential undetected malware issues.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#4 Irontigers

Irontigers
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 09 April 2017 - 01:40 PM

Hello Phil, my name is Joe, and i wanted to thank you for the quick response!  So for Kaspersky i disabled the firewall because i use the windows firewall since i thought having two firewalls at same time can cause issues, would you recommend the opposite? The windows 10 firewall polices i believe i disabled in an attempt to try and secure my computer as much a possible from any type of netbios or remote access attacks, by disabling as many non essential services as i could and blocking alot of ports. Basically this all started in 2013~14, I was suspicious about my wifi being breached so i replaced my router, right after i did this i texted my sister that the wifi password was the same(big mistake) not even 30 minutes later while i was downloading some of my games back (since i just reformatted) and i noticed Kaspersky pop up with a rootkit scan, and i thought it was odd so i got up and looked out my window and saw a white van pull in my neighbors driveway ring his doorbell and then when no one answered he backed up and parked in front of my house in a blind spot to where my living room is (my computer is located) i thought this was odd so i went and got the mail, as i was walking back i decided to walk up to his window and ask if he needed help, he barely cracked the window and said he was waiting for the guy whoose driveway he pulled into, this didn't add up because the person who lives there is a police officer and i texted him after and he said he wasn't expecting anyone. fast forward a couple weeks later, both my computer and phone were doing weird things, and i found another partition on my ssd (small and separate from O/S partitions) and doing some research i learned that i had a bootkit installed on my computer that bascially is meant to lay undetected/dormant gathering while even offline and then when i went online the hacker could put key files/pws into that small partition to extract. My phone was similar however it was a lot more terrifying because i was able to talk to this "hacker" via google searches, i literally typed "crash my phone if you are willing to remove the bootkit/rootkit from my computer and leave me alone please" and i kid you not, 15 seconds later the phone black screened, crashed and rebooted. I did go to law enforcement with this and unfortunately this city isnt much help in terms of cybercrime. Now, my concern is i have a similar bootkit installed now, or some form of botnet that whenever i go online they are somehow able to sniff or access my computer ( potentially a physical network backdoor somewhere in the wiring outside or in the basement)  I have this suspicion now mainly because the people i believe are involved in this tend to know alot about what i do on the computer and even as far as when i'm typing to a couple of friends in WoW about my life situation, one of the people i think are involved was literally saying some of the stuff i told these people online about my self and its magically happening to him too. (  i said i might change majors and, when i saw this guy 3 days later he was telling me he was switching majors, stuff like that) As far as the situation i believe their are a quite a few people involved, expecting a big payday or something. Also if it matters, I am an Empath, and a lot of my dads friends i can sense are sketchy due to being jealous which i can always feel greatly when they come over to visit ( which one happens to work in voice and data networking and has told me he knows alot of "bad" people which i dont know why he would tell me but he did) So i guess this is more of a gut feeling coupled with the things i listed, as well as the weird Russian-based IPs on netstat and just crazy amounts of wire shark traffic. If you need anymore info or context please let me know, also i will PM you some more personal info, Thank you for reading and helping me with this!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by J (09-04-2017 13:55:12) Run:1
Running from C:\Users\J\Desktop
Loaded Profiles: J (Available Profiles: J)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
Hosts:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3160587023-629741420-595008442-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
U3 WMPNetworkSvc; no ImagePath
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => key removed successfully
HKCR\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => key removed successfully
HKCR\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => key removed successfully
HKCR\Wow6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => key removed successfully
HKCR\Wow6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
Could not restore Hosts.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-3160587023-629741420-595008442-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\System\CurrentControlSet\Services\WMPNetworkSvc => key removed successfully
WMPNetworkSvc => service removed successfully


The system needed a reboot.

==== End of Fixlog 13:55:17 ====



#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:37 AM

Posted 09 April 2017 - 02:35 PM

Joe:
 
Thank you for the "fixlog.txt" file contents.  That looks good.  Thank you also for permission to address you by your first name.
 
I won't be able to help you with any hardware bypasses in your basement or outdoors, but we can do a full suite of scans to see what we can find within your computer.
 
I would recommend that you disable the Windows Firewall and enable the Kaspersky Firewall.  In my personal opinion, the Kaspersky Firewall is more robust.  And yes, you are right, you should only have one anti-virus and one firewall active.  Interestingly, the FRST "Addition.txt" file did not show the Windows Firewall as enabled.
 
I also would recommend against blocking the normal services used by Windows 10 within your firewall.  That could lead to operating system integrity issues, unless you REALLY know what you are doing, and I am seeing Event Log errors in the "Addition.txt" file.
 
The Russian IP traffic is not at all unusual if you are using Kaspersky.  The company is Russian, and there will be lots of traffic back and forth as it protects your computer, scans, and updates.
 
OK, let's take a deeper look inside your computer.
 
.
 
:step1: ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected.

Don't forget to re-enable your antivirus when finished!

.

:step2: Please run a Malwarebytes Anti-Malware scan for me.

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available through History ->Application logs. Please copy and paste the contents of the log into your next reply.

.


:step3: I want to check your computer hard drive for hidden partitions, using a program called LISTPARTS.

  • Download LISTPARTS to your Desktop. Your computer is 64-bit so download that version.
  • Double click ListParts64.exe to launch the program.
  • Left click the Scan button.
  • When the program finishes scanning, it will create a log called "Result.txt" on your Desktop.
  • Please copy and paste the contents of that log into your next reply.

.

 

 

I am wrapping it up for the day.  Forum guidelines direct that we respond within 48 hours, but I will endeavor to respond daily.  Please don't be alarmed if I miss a day.  "Real life" does get in the way from time to time! :(  If you haven't heard back from me within 48 hours, please send me a Personal Message.

Thank you, Joe, and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#6 Irontigers

Irontigers
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 09 April 2017 - 03:34 PM

Here are the results, you too, have a fantastic day!

-Log Details-
Scan Date: 4/9/17
Scan Time: 4:28 PM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.1693
License: Trial

-System Information-
OS: Windows 8
CPU: x64
File System: NTFS
User: SPACESTATION\J

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331835
Time Elapsed: 0 min, 44 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

ListParts by Farbar Version: 31-07-2014
Ran by J (administrator) on 09-04-2017 at 16:36:05
WIN_81 (X64)
Running From: C:\Users\J\Desktop
Language: English (United States)
************************************************************

========================= Memory info ======================

Percentage of memory in use: 24%
Total physical RAM: 16322.73 MB
Available physical RAM: 12312.86 MB
Total Pagefile: 18754.73 MB
Available Pagefile: 14585.45 MB
Total Virtual: 131072 MB
Available Virtual: 131071.88 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.21 GB) (Free:218.64 GB) NTFS


  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          465 GB      0 B        *

Partitions of Disk 0:
===============


Disk ID: {0716AF5E-CAA5-4805-95A6-2AFBE1DD3182}

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Recovery           450 MB  1024 KB
  Partition 2    System (partition with boot components)              99 MB   451 MB
  Partition 3    Reserved            16 MB   550 MB
  Partition 4    Primary            465 GB   566 MB

======================================================================================================

Disk: 0
Partition 1
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2         Recovery     NTFS   Partition    450 MB  Healthy    Hidden  

======================================================================================================

Disk: 0
Partition 2
Type    : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden  : Yes
Required: No
Attrib  : 0X8000000000000000

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3                      FAT32  Partition     99 MB  Healthy    System (partition with boot components)  

======================================================================================================

Disk: 0
Partition 3
Type    : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden  : Yes
Required: No
Attrib  : 0X8000000000000000

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 4
Type    : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden  : No
Required: No
Attrib  : 0000000000000000

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C                NTFS   Partition    465 GB  Healthy    Boot    

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 00000000

Partition: GPT Partition Type.


Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {4f2ea8d4-ecca-11e6-b634-c3c6d4683e32}
                        {4f2ea8d5-ecca-11e6-b634-c3c6d4683e32}
timeout                 1

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\MICROSOFT\BOOT\BOOTMGFW.EFI
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {4f2ea8db-ecca-11e6-b634-c3c6d4683e32}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Firmware Application (101fffff)
-------------------------------
identifier              {4f2ea8d4-ecca-11e6-b634-c3c6d4683e32}
description             Samsung SSD 960 EVO 500GB

Firmware Application (101fffff)
-------------------------------
identifier              {4f2ea8d5-ecca-11e6-b634-c3c6d4683e32}
description             ASUS    DRW-24B1ST   i

Windows Boot Loader
-------------------
identifier              {4f2ea8d8-ecca-11e6-b634-c3c6d4683e32}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{4f2ea8d9-ecca-11e6-b634-c3c6d4683e32}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{4f2ea8d9-ecca-11e6-b634-c3c6d4683e32}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.efi
description             Windows 10
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {4f2ea8dd-ecca-11e6-b634-c3c6d4683e32}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {4f2ea8db-ecca-11e6-b634-c3c6d4683e32}
nx                      OptIn
bootmenupolicy          Standard

Windows Boot Loader
-------------------
identifier              {4f2ea8dd-ecca-11e6-b634-c3c6d4683e32}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{4f2ea8de-ecca-11e6-b634-c3c6d4683e32}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{4f2ea8de-ecca-11e6-b634-c3c6d4683e32}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {4f2ea8d6-ecca-11e6-b634-c3c6d4683e32}
device                  partition=C:
path                    \Windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {4f2ea8d8-ecca-11e6-b634-c3c6d4683e32}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {4f2ea8db-ecca-11e6-b634-c3c6d4683e32}
device                  partition=C:
path                    \WINDOWS\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {4f2ea8dd-ecca-11e6-b634-c3c6d4683e32}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 No

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
integrityservices       Enable

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {4f2ea8d9-ecca-11e6-b634-c3c6d4683e32}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {4f2ea8da-ecca-11e6-b634-c3c6d4683e32}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {4f2ea8de-ecca-11e6-b634-c3c6d4683e32}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi


****** End Of Log ******


Edited by Irontigers, 09 April 2017 - 03:37 PM.


#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:37 AM

Posted 10 April 2017 - 12:37 PM

IronTigers:
 
Thank you for the logs.  I did not see an ESET log.  I am presuming that is because ESET did not detect anything, in which case it does not produce a log to be attached.  Please confirm.
 
No concerns found there.  Let's continue with a few more standard anti-malware scans.

.

:step1: Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

.


:step2: Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please copy and paste the contents of JRT.txt into your next message.

.


If these scan look fine, then we will dig even deeper, with more powerful anti-malware tools, specifically designed to identify rootkits and backdoor trojans after you have responded with the logs from these scans.

 

Thank you, Joe, and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#8 Irontigers

Irontigers
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 10 April 2017 - 11:33 PM

ESET scan did indeed turn up clean, and here are the other scan results:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by J (Administrator) on Tue 04/11/2017 at  0:32:05.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/11/2017 at  0:32:30.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v6.045 - Logfile created 11/04/2017 at 00:30:47
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-10.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : J - SPACESTATION
# Running from : C:\Users\J\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1144 Bytes] - [06/02/2017 20:35:48]
C:\AdwCleaner\AdwCleaner[S1].txt - [1215 Bytes] - [07/02/2017 00:20:04]
C:\AdwCleaner\AdwCleaner[S2].txt - [1288 Bytes] - [13/02/2017 21:05:00]
C:\AdwCleaner\AdwCleaner[S3].txt - [1361 Bytes] - [18/02/2017 04:10:39]
C:\AdwCleaner\AdwCleaner[S4].txt - [1434 Bytes] - [23/02/2017 08:54:53]
C:\AdwCleaner\AdwCleaner[S5].txt - [1507 Bytes] - [09/03/2017 10:02:16]
C:\AdwCleaner\AdwCleaner[S6].txt - [1580 Bytes] - [21/03/2017 02:15:23]
C:\AdwCleaner\AdwCleaner[S7].txt - [1654 Bytes] - [06/04/2017 04:26:26]
C:\AdwCleaner\AdwCleaner[S8].txt - [1564 Bytes] - [11/04/2017 00:30:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [1637 Bytes] ##########
 



#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:37 AM

Posted 11 April 2017 - 09:49 AM

Joe:
 
Thank you for the AdwCleaner and JRT logs.  OK, all the logs are looking good.  It is actually very unusual in this Forum to encounter computers that pass all of these scans, so that is good news.  As promised, let's dig deeper, since you suspect a backdoor trojan or a rootkit.
 
.

 
:step1: Let's run a Malwarebytes Anti-Rootkit (MBAR) Scan.

  • Download Malwarebytes Anti-Rootkit from this link.
  • Run the file and follow the onscreen instructions to extract it to a location of your choosing (your desktop by default).
  • Malwarebytes Anti-Rootkit will then open, follow the instruction in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional: Internet access, Windows Update, Windows Firewall.
  • If there are additional problems with your system, such as any of those listed above or other system issues, then run the "fixdamage" tool included with Malwarebytes Anti-Rootkit located within the "Plugins" folder and reboot.
  • Verify that your system is now functioning normally.
  • If you experience any problems running the tool or it hasn't fully resolved all of the issues you had, please let me know.

.


:step2: Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  • Right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and TDSSKiller will offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • Note: If Cure is not an option, select Skip instead. Do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

.


Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#10 Irontigers

Irontigers
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 11 April 2017 - 10:22 PM

Hey, Phil! So i ran Both scans, with Mbar coming up with no results, and then tdss, with the same. Out of my own scans i have done in the recent past, the only ones that picked something up were RogueKiller which detected a bad registry key in LANMANSERVER something about a DCHP server then it listed an IP, so i went into the registry and manually deleted that key, also Unhooker lists a bunch of things, and then i ran Mbar maybe 2~ months ago, and that picked something up, and i quarantined it, hasn't shown up since.  Here is the Log of TDSS~  Thank you and have a great evening!

 

23:21:28.0890 0x1af4  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
23:21:28.0890 0x1af4  UEFI system
23:21:31.0766 0x1af4  ============================================================
23:21:31.0766 0x1af4  Current date / time: 2017/04/11 23:21:31.0766
23:21:31.0766 0x1af4  SystemInfo:
23:21:31.0766 0x1af4  
23:21:31.0766 0x1af4  OS Version: 10.0.14393 ServicePack: 0.0
23:21:31.0766 0x1af4  Product type: Workstation
23:21:31.0766 0x1af4  ComputerName: SPACESTATION
23:21:31.0766 0x1af4  UserName: J
23:21:31.0766 0x1af4  Windows directory: C:\WINDOWS
23:21:31.0766 0x1af4  System windows directory: C:\WINDOWS
23:21:31.0766 0x1af4  Running under WOW64
23:21:31.0766 0x1af4  Processor architecture: Intel x64
23:21:31.0766 0x1af4  Number of processors: 8
23:21:31.0766 0x1af4  Page size: 0x1000
23:21:31.0766 0x1af4  Boot type: Normal boot
23:21:31.0766 0x1af4  CodeIntegrityOptions = 0x00000001
23:21:31.0766 0x1af4  ============================================================
23:21:31.0766 0x1af4  KLMD ARK init status: drvProperties = 0xFFFF00, osBuild = 14393.953, osProperties = 0x19
23:21:31.0766 0x1af4  KLMD BG init status: drvProperties = 0xFFFF00, osBuild = 14393.953, osProperties = 0x19
23:21:31.0766 0x1af4  BG loaded
23:21:31.0875 0x1af4  System UUID: {D06E011A-B48F-7C72-DEDD-EF46BE5DF3FB}
23:21:32.0203 0x1af4  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:21:32.0203 0x1af4  ============================================================
23:21:32.0203 0x1af4  \Device\Harddisk0\DR0:
23:21:32.0203 0x1af4  GPT partitions:
23:21:32.0203 0x1af4  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {77DF5253-B29E-498D-909F-A854B641E353}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xE1000
23:21:32.0203 0x1af4  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {6E37AF30-63C8-4245-BA35-C959824B23B6}, Name: EFI system partition, StartLBA 0xE1800, BlocksNum 0x31800
23:21:32.0203 0x1af4  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {60DC2876-39E1-4DEE-B6BD-A36D86BBBBFA}, Name: Microsoft reserved partition, StartLBA 0x113000, BlocksNum 0x8000
23:21:32.0203 0x1af4  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {2D361DBF-92CA-45A4-A175-8E96593C449E}, Name: Basic data partition, StartLBA 0x11B000, BlocksNum 0x3A26B000
23:21:32.0203 0x1af4  MBR partitions:
23:21:32.0203 0x1af4  ============================================================
23:21:32.0203 0x1af4  C: <-> \Device\Harddisk0\DR0\Partition4
23:21:32.0203 0x1af4  ============================================================
23:21:32.0203 0x1af4  Initialize success
23:21:32.0203 0x1af4  ============================================================
23:21:33.0047 0x0da4  ============================================================
23:21:33.0047 0x0da4  Scan started
23:21:33.0047 0x0da4  Mode: Manual;
23:21:33.0047 0x0da4  ============================================================
23:21:33.0047 0x0da4  KSN ping started
23:21:33.0203 0x0da4  KSN ping finished: true
23:21:33.0547 0x0da4  ================ Scan system memory ========================
23:21:33.0547 0x0da4  System memory - ok
23:21:33.0547 0x0da4  ================ Scan services =============================
23:21:33.0563 0x0da4  [ A7901875F89D011C38CF52C98ACF5B29, 782141AB1DD7ACDE6EA08B5BAFDE8BADD05B81D38C18E097D6D9C46102056EB1 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
23:21:33.0563 0x0da4  1394ohci - ok
23:21:33.0563 0x0da4  [ EE1CCC54F75C24727A218F98FC5349DA, 0B0D26640BFA0F551B7087027E572D0BF2C5EAF50A4187C5A7D839180B7FF589 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
23:21:33.0563 0x0da4  3ware - ok
23:21:33.0578 0x0da4  [ 73C73E1AA0D4D727A04AAAB120B7F56A, 5D311F11022994410DF5C67914D38B1F0D813EFD181EA234750286A272D67A1A ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
23:21:33.0578 0x0da4  ACPI - ok
23:21:33.0578 0x0da4  [ 0935496EF9624B46B935CB35ECE1F205, A22A2A29195505A65E8626D60B00C86C23E0CABC1EB8345EA5ED523516CC21C0 ] AcpiDev         C:\WINDOWS\System32\drivers\AcpiDev.sys
23:21:33.0578 0x0da4  AcpiDev - ok
23:21:33.0594 0x0da4  [ D6794C31F4077B71433988787BAA926E, F16365C2F195AAE94D4740E6C3DF4C0CECEC6393CAD65425DCCD28CDBA6EC51A ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
23:21:33.0594 0x0da4  acpiex - ok
23:21:33.0594 0x0da4  [ FE5F656D6B35089DA39112E74EC6A85A, 5D81EE63998232A5B36DE47FE15B9D04D5BD02234CA133A2462AECA8C60A22ED ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
23:21:33.0594 0x0da4  acpipagr - ok
23:21:33.0594 0x0da4  [ 2F242941E4DFF69B883D77A16F039557, 45C388365317C720654A659A9326B2BC0E9D84929C704654985597D5D620101C ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
23:21:33.0594 0x0da4  AcpiPmi - ok
23:21:33.0594 0x0da4  [ C247E35A21682DA8D0DC3AF9F025FCC5, 455415EE3166B3043AD8A4DD50B688DB74242267FB555642441251EFA823E971 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
23:21:33.0594 0x0da4  acpitime - ok
23:21:33.0610 0x0da4  [ 49B9DB97AFC85DCCBDACDAB2E90085B7, 2A6C2A09F74EA15044F442CCFB54A0F24F105ADB915E5C78F02F59652DC29152 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
23:21:33.0625 0x0da4  ADP80XX - ok
23:21:33.0625 0x0da4  [ 323AA1953ED9C01E23F740FA891FE064, 4CED6E3D61749316CDE28965C913E7ED462539DAAD637A29484F62AF47AD650D ] AFD             C:\WINDOWS\system32\drivers\afd.sys
23:21:33.0625 0x0da4  AFD - ok
23:21:33.0641 0x0da4  [ 23522E5D581F7722B1B5B86737CAE39C, FB81ABD304376A1E87B65F5E1B34477B628CEDB2091C5D754DE97464B6050C5B ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
23:21:33.0641 0x0da4  ahcache - ok
23:21:33.0641 0x0da4  [ D0905D4A945D01D4B28DB9E1BD5985F7, CF389CBCD3B99D1BAE34A42F723F1005C32213A394F691978076D3DF1727715C ] AJRouter        C:\WINDOWS\System32\AJRouter.dll
23:21:33.0641 0x0da4  AJRouter - ok
23:21:33.0641 0x0da4  [ 8FD51B3B35707A66080D7C8CB05E792D, FE52F3DC280D208FDDC75F6E3294B8D601E0D86F9BD3DB1ACC8FC296AC74C23B ] ALG             C:\WINDOWS\System32\alg.exe
23:21:33.0641 0x0da4  ALG - ok
23:21:33.0641 0x0da4  [ DF21E05E41E5AC3F13F304D91457649A, 7F48F2AD1DBE89A261113C76D7C23AD7D87D5599BCC31F8A558A8A10B81BF521 ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
23:21:33.0641 0x0da4  AmdK8 - ok
23:21:33.0657 0x0da4  [ 45D0AA4BB90B821DF92E8F19ABED0C5E, EA87A6E98DB3C5A88A844C04C6934E870B7004E783AA5211722115382A211B90 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
23:21:33.0657 0x0da4  AmdPPM - ok
23:21:33.0657 0x0da4  [ 74FFBC43B4B899C9A8CA06A892F2CE73, 8D599363C7F3D373F1859BAA4D06DD0F40BE78B56BE52B74DE6EA6EF99452004 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
23:21:33.0657 0x0da4  amdsata - ok
23:21:33.0657 0x0da4  [ AAB0F1D8D7E54761ABAB13AF161F1680, CF847990EFFA2828F5B1DB1A68F08A6C2C918E9612EDFFCF95C36BCABBBEA272 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
23:21:33.0657 0x0da4  amdsbs - ok
23:21:33.0657 0x0da4  [ F91BAAC4237C40352A807000F3B716F9, F7EFA08E5067C3D419C9D21EDB880BA08883A80DDF35F8B42EC3AB293FE5E03E ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
23:21:33.0657 0x0da4  amdxata - ok
23:21:33.0672 0x0da4  [ BC121C099C6C659126AD2102AFDFF8CF, 42B5EE293BDD7ADCE48173A01B30D8452564B9DA225EAF25E9292FE77C0FCF3E ] AppID           C:\WINDOWS\system32\drivers\appid.sys
23:21:33.0672 0x0da4  AppID - ok
23:21:33.0672 0x0da4  [ 74A24CF946279111D7F203B36569EC02, FD67D36804744B4FE3E20BA891852575E6C2DA6515643B2F4B4210118B0FCCDA ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
23:21:33.0672 0x0da4  AppIDSvc - ok
23:21:33.0672 0x0da4  [ 79A87DD43331290A276C02DC396BF530, D0781DC027EE60C94831A2C9C3DD741F8F2100A253CD847E7FCFA59919014278 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
23:21:33.0672 0x0da4  Appinfo - ok
23:21:33.0672 0x0da4  [ 68190E2BADF23BD782344970E5B5DE9E, 95D30EC12C7FDF5822CED8BC2F17669A6687A2FB262B4F0D15C8DCFF4E9AB33D ] applockerfltr   C:\WINDOWS\system32\drivers\applockerfltr.sys
23:21:33.0672 0x0da4  applockerfltr - ok
23:21:33.0688 0x0da4  [ 32155E028491267CF2DB6085A0B7E359, 562831841293E4849CD01992DECE39B9B3C0835DCD352994CA2E2FE1C76A7CB3 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
23:21:33.0688 0x0da4  AppReadiness - ok
23:21:33.0719 0x0da4  [ 465CD915B245BB6B788A38BE19D47950, 36FA30C67D581FF158EF1D621938CF93102110635AC9298C6E002E7B87900EBD ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
23:21:33.0735 0x0da4  AppXSvc - ok
23:21:33.0735 0x0da4  [ E6AB1F0B4C3D4E0D2A88332D76FECD03, 0D3003EB979DA4546DCDD055011E24F13E34F683F02C9801CAC564D1809F11D2 ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
23:21:33.0735 0x0da4  arcsas - ok
23:21:33.0750 0x0da4  [ 798DE15F187C1F013095BBBEB6FB6197, 436CCAB6F62FA2D29827916E054ADE7ACAE485B3DE1D3E5C6C62D3DEBF1480E7 ] AsIO            C:\WINDOWS\syswow64\drivers\AsIO.sys
23:21:33.0750 0x0da4  AsIO - ok
23:21:33.0750 0x0da4  [ 075C9C288BC9B4DE8C162D551A673BAD, 2B26371ABB6972638AB7444D36E5854FC68110056AAB068F46AAF2050E40E795 ] asmthub3        C:\WINDOWS\System32\drivers\asmthub3.sys
23:21:33.0750 0x0da4  asmthub3 - ok
23:21:33.0750 0x0da4  [ 48E2237B58C7BBC5F50891546B374B20, 0493A4162566F64B7027CA247D875856E2A9DB0703A5D3C220326C4FC6476075 ] asmtxhci        C:\WINDOWS\System32\drivers\asmtxhci.sys
23:21:33.0750 0x0da4  asmtxhci - ok
23:21:33.0766 0x0da4  [ 61C5A480C43E7E8E49C42869F49D0D3E, E610F0E4315ABA1D90AD4A1D7A68ABA2ACBB7FCA89E9D1798470365D52592D55 ] AsyncMac        C:\WINDOWS\System32\drivers\asyncmac.sys
23:21:33.0766 0x0da4  AsyncMac - ok
23:21:33.0766 0x0da4  [ A10F989A812B57B9695F6C305907C9C6, E2B292610079AA1A10696138DE8130905A8A834B75A8DED7EBF8B6732B77A0F4 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
23:21:33.0766 0x0da4  atapi - ok
23:21:33.0766 0x0da4  [ 2DC3D53FFA0D10EB8C911AE2DB7BF4CF, 8E0A4B5D610D487A216E70396A99ACC1BEA12C46A6681B1A39CD0FD01EDD406A ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
23:21:33.0766 0x0da4  AudioEndpointBuilder - ok
23:21:33.0782 0x0da4  [ 7B993290E7691C446C16A56A431669BA, 004551934E27E9FC1A939C9BD1DEB850A216CBED9B18CB3317920F5656D9F6BF ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
23:21:33.0797 0x0da4  Audiosrv - ok
23:21:33.0797 0x0da4  [ 03B45C52179E8DAE51A0F685C30D06D6, E06F066B4BFE5344BBF5749B9B8B8CFBA0C02920FD2B9C73BDDA7E34F1785DA7 ] AVP17.0.0       C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\avp.exe
23:21:33.0797 0x0da4  AVP17.0.0 - ok
23:21:33.0797 0x0da4  [ 6D90FDA2DC364B8EA1420F2F81585CC3, 10E6F23A213CFE49BE04BB7D366ADD4028D61D7114FEC67C30B5467DF6B36D4F ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
23:21:33.0797 0x0da4  AxInstSV - ok
23:21:33.0813 0x0da4  [ 61BAC67048CA5C1D08C48FCC8012B613, 71B2A466FC38DA1029B471FBD2541D8FE359751A7B212AE0F420DB3645916450 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
23:21:33.0813 0x0da4  b06bdrv - ok
23:21:33.0813 0x0da4  [ 68F72B05EBC6D1779C0D60A147C7CA0B, AA1C857BEE34865C6B901157FC22570D4CF45D950708BAD7AA333F120F2B474C ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
23:21:33.0813 0x0da4  BasicDisplay - ok
23:21:33.0813 0x0da4  [ 23156E7EDAF613D839E2839746B168D3, CAEF8F9C7D3A338BD747AC9D5BFBE730D77B911E87BCF532EBB75E1F80916AFA ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
23:21:33.0813 0x0da4  BasicRender - ok
23:21:33.0828 0x0da4  [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn           C:\WINDOWS\System32\drivers\bcmfn.sys
23:21:33.0828 0x0da4  bcmfn - ok
23:21:33.0828 0x0da4  [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
23:21:33.0828 0x0da4  bcmfn2 - ok
23:21:33.0828 0x0da4  [ 2B4D3AEAAD02954F8C191BC2D67949AD, 8237C9AD556CFAF7442FF60F78608104BC17CE3134C89D986D49C38CC60B1518 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
23:21:33.0828 0x0da4  BDESVC - ok
23:21:33.0828 0x0da4  [ 0A508274355745EEF01C6BE3198D02C4, E2DB08AEE2368FA95FDB357BB31EA4EBF31679C3E72E109DB3D7CD1B5F7B828E ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
23:21:33.0828 0x0da4  Beep - ok
23:21:33.0844 0x0da4  [ 5125CBB61AC81168366BEB290399CB8E, B2A3095D45E2114DE2BD0E5A3AE20B3CE95EE517A35B9E1EAD05E231F38DBDCF ] BFE             C:\WINDOWS\System32\bfe.dll
23:21:33.0844 0x0da4  BFE - ok
23:21:33.0860 0x0da4  [ D876C567AB767258036F05E4766189FD, DE8BA67325CB64495BD454B8F9DDCAE82636253844FC68B360C7E1CF5D51DD0E ] BITS            C:\WINDOWS\System32\qmgr.dll
23:21:33.0875 0x0da4  BITS - ok
23:21:33.0875 0x0da4  [ 9CD2A4821DE379305CACB2E99AD8953A, 89D700DFC3C59ACBBADB48954A28C0EBF8D6A11A9E63837689DD891868E43188 ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
23:21:33.0875 0x0da4  bowser - ok
23:21:33.0891 0x0da4  [ 6A15C5140B6F7D9479A32276AC2BA108, 0A8C6DB88148C6DB61226DD2FF816BDF3FED9E7A60EF17CCA17FA7D9EEC01C71 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
23:21:33.0891 0x0da4  BrokerInfrastructure - ok
23:21:33.0891 0x0da4  [ 722036C26D2C4E50EC2A2EC5FD678846, 999468038AE01F0FF6881F4B2A2CB67BC636641188E95F10729E08ADBC3CB3DE ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
23:21:33.0891 0x0da4  BthAvrcpTg - ok
23:21:33.0891 0x0da4  [ C2E31BE025D46D189E38DD1EDF07837A, 656528DCAAAF485EC57EE5C3021E96736634DE3B9C39CBCD2728E055ABD4C0A5 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
23:21:33.0907 0x0da4  BthHFEnum - ok
23:21:33.0907 0x0da4  [ F7CD605FC0B0B22F3F6F247595E3A655, 1CD9140DE5415DDBEACD8667E63E5C95FD64D693B56302A0474E693E578BEAB0 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
23:21:33.0907 0x0da4  bthhfhid - ok
23:21:33.0907 0x0da4  [ B157D72BDA6A6DD6E9DC6BF338CD0CF8, B2AC26AE214151E5AD93DED78256BC0295DBF0133C854E7DEE4CD776D9C9A349 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
23:21:33.0907 0x0da4  BthHFSrv - ok
23:21:33.0907 0x0da4  [ 535DC41A33630AE4C262406F9E981C03, 599332589AA28D04189E19B87A4AE6FEEB60B40A7BC6E3B11240DA363A981C29 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
23:21:33.0907 0x0da4  BTHMODEM - ok
23:21:33.0922 0x0da4  [ 96932F631F5CB9F5D1C8F99A71568EF3, 5E4C8955A2EE9DC76B4EBC383653EB753D76D6B017E1A5DD553AC16094D7F12A ] bthserv         C:\WINDOWS\system32\bthserv.dll
23:21:33.0922 0x0da4  bthserv - ok
23:21:33.0922 0x0da4  [ 23F9EF739F685E07482116425E7879AA, 0EBDF96A49A319C0BCF6F51FB6C8C392C017E1738B950C19C91FF43E14D73143 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
23:21:33.0922 0x0da4  buttonconverter - ok
23:21:33.0922 0x0da4  [ 60EB6A4CE3E21887D302350631C16F26, 4270EFA22285C1A9336CF1220761E416950D2DA9C6A40D1D8452686CD5040DAB ] CapImg          C:\WINDOWS\System32\drivers\capimg.sys
23:21:33.0922 0x0da4  CapImg - ok
23:21:33.0922 0x0da4  [ F8FB51B9EF6372610E9B31A1D86B62FC, 7461584A8B39AC549AD7BAFFA509D4CD81EEE542808BC8EFC285863A0AE6432D ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
23:21:33.0922 0x0da4  cdfs - ok
23:21:33.0938 0x0da4  [ 2E6612376D257F74781F2EF1F869D8C3, 908B0DECB9F098F7F11B029A03C06C67FB52E5E8BEA42033A2B579D3B3686AB8 ] CDPSvc          C:\WINDOWS\System32\CDPSvc.dll
23:21:33.0938 0x0da4  CDPSvc - ok
23:21:33.0938 0x0da4  [ A93C9B9EBE2FDE5A536000D72CC17F7F, 9793CFAE8BE8C6B5B39A1D276577965FBB2CE131325A410B7C68BD23492ADAAF ] CDPUserSvc      C:\WINDOWS\System32\CDPUserSvc.dll
23:21:33.0938 0x0da4  CDPUserSvc - ok
23:21:33.0953 0x0da4  [ 613D0137C269187FA298A157E3D14A18, 84BC268525F14BB27202CE242BF94D9E83BC91B50A0335908574F31B29A2F04D ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
23:21:33.0953 0x0da4  cdrom - ok
23:21:33.0953 0x0da4  [ E189727B3C9909A85B33A16B290E192E, 2C273A9F44EDC5E5435904E9681973854B2F3EBB6100021BB139FF0CCCE9BF20 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
23:21:33.0953 0x0da4  CertPropSvc - ok
23:21:33.0969 0x0da4  [ 0AED948DA8D5F08B3D6F12E4E2089736, 95E538E81DDBC83492C5F3820C82C78F050B4D74ACF12D7970EC84F93581AE29 ] cht4iscsi       C:\WINDOWS\system32\drivers\cht4sx64.sys
23:21:33.0969 0x0da4  cht4iscsi - ok
23:21:33.0985 0x0da4  [ 0002A0FDE087C1657AB31CE73077539C, 4DD6210B67E9633AB3240371590869DC833A4C986C74FC12A5D4FFFFD361848A ] cht4vbd         C:\WINDOWS\System32\drivers\cht4vx64.sys
23:21:34.0000 0x0da4  cht4vbd - ok
23:21:34.0000 0x0da4  [ 6B4F90A287D75CCD78694F6790C911B2, 73D7C31E9F475FA3FD568FCA9A953F968729AA114F63C06F38BF5198DAD67BD8 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
23:21:34.0016 0x0da4  circlass - ok
23:21:34.0016 0x0da4  [ B72D26074E72A757D788FB1BEF8B2F2E, 36847C5315AFB9A5EC66AD3EF2A09C24C0FAF669FDF0831F78600F4609352CB4 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
23:21:34.0016 0x0da4  CLFS - ok
23:21:34.0032 0x0da4  [ E133CFCBFABB3CB517BE9F42FEA5887C, DA699CDD5F3CC427354540C907BD24CCA7BAC3112C53918EB611CB4EEC7611DA ] ClipSVC         C:\WINDOWS\System32\ClipSVC.dll
23:21:34.0032 0x0da4  ClipSVC - ok
23:21:34.0032 0x0da4  [ EEC3A4A98AE1A337E3CD1483AD6F2E15, 764DA329984A95E092F5C15116DA34FA7FC27216C0862365D4BF10ADC97EC5C5 ] clreg           C:\WINDOWS\System32\drivers\registry.sys
23:21:34.0032 0x0da4  clreg - ok
23:21:34.0047 0x0da4  [ 429623E266EF067A44E8CF148E9DFB9B, A48AA85ACC52C7AD73DB2D6148B3F9FB5EAC33C8F8C5BB6D7D0A9D84B7C08E11 ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
23:21:34.0047 0x0da4  CmBatt - ok
23:21:34.0047 0x0da4  [ B29A764A1E76473CD9D64C9438705C19, CD0497EB84DE60E1E491CA495AF981A8DFC4949BB373C1978CAF1BCF4321D30E ] cm_km           C:\WINDOWS\system32\DRIVERS\cm_km.sys
23:21:34.0047 0x0da4  cm_km - ok
23:21:34.0047 0x0da4  [ 43D1405674332A7883A68C27ACE08359, 789ACBF3A50904B47C847D9262F1BA00F837A7EF705BCC29EA85216DBC965288 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
23:21:34.0063 0x0da4  CNG - ok
23:21:34.0063 0x0da4  [ 3DB10C59405931E2C72EFB82C1AF97D1, 100B5450A70988DB1C1F8A5FDBB3553AF1A0D47B42A5AC71460DB92E26010CE6 ] cnghwassist     C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
23:21:34.0063 0x0da4  cnghwassist - ok
23:21:34.0063 0x0da4  [ 34C935AF2A414572B412B3556586D783, 912981B88B0796576ECCD5EBE0C4728EC02D5D6A96B039447DCBA59B2583F25E ] CompositeBus    C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
23:21:34.0063 0x0da4  CompositeBus - ok
23:21:34.0063 0x0da4  COMSysApp - ok
23:21:34.0078 0x0da4  [ 44EEEB2382F566999287E13F2067693C, 53A4A0C85EAD38030FF2078C67465E3710ECD03A08FF34E1E67B2E3E1CC70043 ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
23:21:34.0078 0x0da4  condrv - ok
23:21:34.0078 0x0da4  [ 0E965F9D654C64EAA8970DE25AF32839, 91709A4561A9536B4A9B00BAB8D7B63D5B904065375AF37598C2B0A2C5A8E47C ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
23:21:34.0094 0x0da4  CoreMessagingRegistrar - ok
23:21:34.0094 0x0da4  [ 5F06CAC4B09250CDDDD0180A08162924, A2EB0A57225E65FC264CFC9FAD858D8B54A015CDAE3DC904B1C4E9AAB40B1F06 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
23:21:34.0094 0x0da4  CryptSvc - ok
23:21:34.0094 0x0da4  [ 3BBD0073265DA6D3EFBA54B26E5D8236, 3C10C8BEC0D8AC41A3FBD589F41A83D6345C1FDD04B8B99063B2F5670CF10B18 ] dam             C:\WINDOWS\system32\drivers\dam.sys
23:21:34.0094 0x0da4  dam - ok
23:21:34.0094 0x0da4  [ 8AE2B187551B9B4BBFF9D65E5BEBA598, 9C3C6D45B5CB456B6798E41ACC5C50C4D433C4523C34ED0C13D98C6F6A5288E8 ] dc1-controller  C:\WINDOWS\System32\drivers\dc1-controller.sys
23:21:34.0094 0x0da4  dc1-controller - ok
23:21:34.0110 0x0da4  [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
23:21:34.0110 0x0da4  DcomLaunch - ok
23:21:34.0125 0x0da4  [ AE9F09F87755C18904656CB4F59F351D, B352A43B3B68B497D87B49C302AF3F37F36D56D49878AE3785C3D43597E5DC57 ] DcpSvc          C:\WINDOWS\system32\dcpsvc.dll
23:21:34.0125 0x0da4  DcpSvc - ok
23:21:34.0125 0x0da4  [ ABBD3EE724117242E28D31F19FBCFF03, 68EA91A969DD80A5DE28B0A8EAEB308837183713559C2C2FAEF991858C971393 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
23:21:34.0141 0x0da4  defragsvc - ok
23:21:34.0141 0x0da4  [ DD74F18227ACC837D9856E24282D446D, 6A760E44CD897952538CDFA8895FE11263D51AAA79CFF24C01F3862E919DA478 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
23:21:34.0141 0x0da4  DeviceAssociationService - ok
23:21:34.0141 0x0da4  [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
23:21:34.0157 0x0da4  DeviceInstall - ok
23:21:34.0157 0x0da4  [ CDF1B1B5C5951111791C236B2696C7F8, BF6C4BA545C8827B40DB69890DB4D2B2F9C583C5E3CFBDFD370B05891141458D ] DevQueryBroker  C:\WINDOWS\system32\DevQueryBroker.dll
23:21:34.0157 0x0da4  DevQueryBroker - ok
23:21:34.0157 0x0da4  [ 4BC21E937E9F9F408672D2C2CBE4A153, 2F27560D09D184ABB7B4415146F5B8DE56C84FF74A4042596635EF896E39CBC4 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
23:21:34.0157 0x0da4  Dfsc - ok
23:21:34.0157 0x0da4  [ F0D4400BA0F08610D9A551B15BF10B76, 83EB8FB272FC2DD2CC0659C2FB90AD0DAE88A88AB3951E03BCD933A25B601E10 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
23:21:34.0172 0x0da4  Dhcp - ok
23:21:34.0172 0x0da4  [ CA7FEDDFCF61EF15A09C54DA2C07C49F, 346EF7709BA9E6BD48592B86FA46F9D956C847EF91F4980EEAD98269D0F0EF67 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
23:21:34.0172 0x0da4  diagnosticshub.standardcollector.service - ok
23:21:34.0188 0x0da4  [ A9122954D36E4EDFA3E3DB35DCA9E048, 350692BEE164CED1E0BD1A71D1BC90D5B6E0B0A5D1CB6633D115C58FF8A09B92 ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
23:21:34.0204 0x0da4  DiagTrack - ok
23:21:34.0219 0x0da4  [ 35B9D46560339A5A7F0CAC6ED702C817, F70480B01533B7029F90E2DE297E9E829660300DDE7A7D009B0AC2684E7691A7 ] disk            C:\WINDOWS\system32\drivers\disk.sys
23:21:34.0219 0x0da4  disk - ok
23:21:34.0219 0x0da4  [ 00DF9E7ACB0376294E3D602AB6625B3E, 1D53DF89826A71FEC48B7602DD2F3E3B09024782B3CC5C787517DC374CC586C8 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
23:21:34.0219 0x0da4  DmEnrollmentSvc - ok
23:21:34.0219 0x0da4  [ 815F45161A4571C2C44491564F3D5968, 32E7AE8414A178CE429C0CDFCF718E3C11C705FB3155EA5CA0EAD48AAE507B01 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
23:21:34.0219 0x0da4  dmvsc - ok
23:21:34.0235 0x0da4  [ 6E5EE6E420FECD64DE463C5F01CBFE71, F173C56895E80AA03D70CD78B3AB659C2EEAACFF43BE3B6EF3939D6F4AD4F62D ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
23:21:34.0235 0x0da4  dmwappushservice - ok
23:21:34.0235 0x0da4  [ 86E507EE1457D7FA463BBF05BA76EB1E, 2D2D05CED57C22F41684DC6DD00ACECDF708407493286B2D4007068154E436FF ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
23:21:34.0235 0x0da4  Dnscache - ok
23:21:34.0235 0x0da4  [ 8F46B4C3F9BA19C26A26D0A11137B20B, BA0A66DBA98D77FD85A7CD2D4593F2B2A1A3B4D32BBECBCFFBEB5A54DCB0D8ED ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
23:21:34.0235 0x0da4  dot3svc - ok
23:21:34.0250 0x0da4  [ CA09EAEE92C6FDDC6B05057F11A0372D, 14DB5C186B69644AA93C445BF31CC9670204F95A47B77B6EACB19B4A316378AD ] DPS             C:\WINDOWS\system32\dps.dll
23:21:34.0250 0x0da4  DPS - ok
23:21:34.0250 0x0da4  [ AE6BD4C879A8C849E53947C92DF3B3A0, 8C29774CB2D30D901C54AAC0C8ACE709351EE40E5C8FB9951B2A18B4A03F28B7 ] drmkaud         C:\WINDOWS\system32\DRIVERS\drmkaud.sys
23:21:34.0250 0x0da4  drmkaud - ok
23:21:34.0250 0x0da4  [ 7433474BE77F065D2FA628671FE31A3E, 063ADDC68F48036749E6EC7B2F66284DB29F90F62E9468D16B4EF5A0FDC45E35 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
23:21:34.0250 0x0da4  DsmSvc - ok
23:21:34.0250 0x0da4  [ 5FCA45C24501DA7390065D3706A9FC3F, 093FD840F1502ECC6F05B9723CA523B3F15CF39A5D2B9106E1267739B3F2C52C ] DsSvc           C:\WINDOWS\System32\DsSvc.dll
23:21:34.0266 0x0da4  DsSvc - ok
23:21:34.0282 0x0da4  [ 928E2749E01AEB9948F5D548B1F0C116, FBBC525306E6CE387BAF3DDD8145FD8AADDEFB2DC93E5692A8ED7F116C3EDD08 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
23:21:34.0297 0x0da4  DXGKrnl - ok
23:21:34.0313 0x0da4  [ E063D7568233B6B007A6B18BE3751861, A0352D03B5B73EB219E57B9550D3D7CE41D07A70D8ED43E3AC2BBCE1E6684CE2 ] e1dexpress      C:\WINDOWS\system32\DRIVERS\e1d65x64.sys
23:21:34.0313 0x0da4  e1dexpress - ok
23:21:34.0313 0x0da4  [ 9FCE4EF7D5E274F862D9A2526B5F4779, 81D42D5475C2801C8E0C233A0BA827569D8A70590017C91C665C8B232D9BFAA9 ] EapHost         C:\WINDOWS\System32\eapsvc.dll
23:21:34.0313 0x0da4  EapHost - ok
23:21:34.0360 0x0da4  [ 7EC6FC0266D74BD47ABB130A328B70EC, 3856790AF967AB03B1A89F97328DC4D5A6854ACDA6169681A9AFB03D7CF791F9 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
23:21:34.0391 0x0da4  ebdrv - ok
23:21:34.0391 0x0da4  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] EFS             C:\WINDOWS\System32\lsass.exe
23:21:34.0391 0x0da4  EFS - ok
23:21:34.0391 0x0da4  [ 8D74B8B5D6F7C5BC4C525BAF2B083FF1, DA5656F745B3911F96871887FDFDC40F4D9C820622A0AA27EFE4BA93662833CA ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
23:21:34.0391 0x0da4  EhStorClass - ok
23:21:34.0391 0x0da4  [ 2A9817B5A9260D8F60D52E36BEF10443, AC1A0203221AFAF584C71317FA07AA1B6E61BE619E918B3B1E4AD57CCED1CF03 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
23:21:34.0391 0x0da4  EhStorTcgDrv - ok
23:21:34.0391 0x0da4  [ 80A7999DE02CE678B865832E1CE78CD6, 2576EBB6E4D630A906DE724F125099E52A962B5B68B9F9BCA849A7B29D8C8689 ] embeddedmode    C:\WINDOWS\System32\embeddedmodesvc.dll
23:21:34.0407 0x0da4  embeddedmode - ok
23:21:34.0407 0x0da4  [ 3CE2B6AECB9AF8BC159299EEC46A35CA, E933B28BB6E4D01FCCDF8FBBB134C244B28DA3ECBDFA13333F0D4C24B2551780 ] EntAppSvc       C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
23:21:34.0407 0x0da4  EntAppSvc - ok
23:21:34.0407 0x0da4  [ 77B60DEC7DCB4233E4A69D3F52E5DB24, 3A5C905E37A93899051497C90E5BA8E1D003B56C6906CADFD2F1CDF52052D248 ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
23:21:34.0407 0x0da4  ErrDev - ok
23:21:34.0407 0x0da4  [ ACB81E9F20882D2D2BEC7FF626E090AE, AC0329CFFD4429303B9484A3BB3E9CAE4FC937B66A62A9194C39CCD5012328F1 ] ESProtectionDriver C:\WINDOWS\system32\drivers\mbae64.sys
23:21:34.0407 0x0da4  ESProtectionDriver - ok
23:21:34.0422 0x0da4  [ F89083AB8B9F51C0031C1CBD0A9A7E35, 9EE973A25134960E62D1A6A1E34AD9B3F7690E71C1AD31A23FA2081A73438754 ] EventSystem     C:\WINDOWS\system32\es.dll
23:21:34.0422 0x0da4  EventSystem - ok
23:21:34.0422 0x0da4  [ FCD2C63754C2E739A8EEAD9BC63F9DDC, C57A72ABA4C0BD71F914B9C8FF965DCFF585A205498F19A4584A4BAF7674839D ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
23:21:34.0438 0x0da4  exfat - ok
23:21:34.0438 0x0da4  [ FA918EC296EB410FF02867D008D02421, 23D164A24CB0D212778FA9592A046B6BA1F3628003E04181744A1F891B5B3E5A ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
23:21:34.0438 0x0da4  fastfat - ok
23:21:34.0438 0x0da4  [ 99598ECA5E41996E005D5B9D9FF1EFA2, 91345CD50EF02431B69093505C1C5F5DC6A1AA6BF192EE9392ED4D5626B60462 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
23:21:34.0438 0x0da4  fdc - ok
23:21:34.0438 0x0da4  [ EF0DD43A4CBAB367BCA1AFBDC9971E4F, 73E161C45D63FDDE71EE2438137913724DC513860539D1E7F6BD861F5D1B33F3 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
23:21:34.0438 0x0da4  fdPHost - ok
23:21:34.0454 0x0da4  [ 34DAC585994CD3B4E910DE11C584EF3D, A6C6A4CB5413EA61F1A54E2D3AD71A311CEA2C26218544D2D2D4A5CFEC52DE8C ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
23:21:34.0454 0x0da4  FDResPub - ok
23:21:34.0454 0x0da4  [ B68DA1FE3CA2311AFD38DD6905CA7F71, 4B395DFB1B47D2507CA4D9DC996A70D0A3BDB1A245CD6DA6C42B2A299AFCCF37 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
23:21:34.0454 0x0da4  fhsvc - ok
23:21:34.0454 0x0da4  [ F44F666B0EACC3181544FFCF8CA0FFC7, 83F771CF9DAE1C504B30731EEC55355EA1253174252DA2192ADF1D228B3735C3 ] FileCrypt       C:\WINDOWS\system32\drivers\filecrypt.sys
23:21:34.0454 0x0da4  FileCrypt - ok
23:21:34.0454 0x0da4  [ 78A210DDFDF2C9EC884631D2DAA573F0, 5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BD ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
23:21:34.0454 0x0da4  FileInfo - ok
23:21:34.0454 0x0da4  [ 1A97DB5E701A186989F3795223C3BE39, F7982220D4DF7E104955E63CACE352394E2577DEF49506EA126127F820EB62DF ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
23:21:34.0454 0x0da4  Filetrace - ok
23:21:34.0469 0x0da4  [ 46626665F0E5906E45619B4EFD6186B8, 37FDD3B8AD49FD29E54DA5567EA77F28A53498AE56348F7A2628E5E5549D638B ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
23:21:34.0469 0x0da4  flpydisk - ok
23:21:34.0469 0x0da4  [ FDA72ACA14D516D18C33AFCD0FD9260F, 6509612DEC82EA74614B5C9A7B432305A1A468C97B88BED9E141DF2929B621B1 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
23:21:34.0469 0x0da4  FltMgr - ok
23:21:34.0485 0x0da4  [ 2E193D24CE8460A9C703D0F193192BEF, CD95928BC240D556DFEA265A09A655FFE157A36D2230CD10BBAD4CA15CB98412 ] FontCache       C:\WINDOWS\system32\FntCache.dll
23:21:34.0500 0x0da4  FontCache - ok
23:21:34.0516 0x0da4  [ 59241194DBDF30A2B4029E402F377900, 47A92E9CD8494C403B377799D395670A393766647E24CD83B15338CE2AA50266 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:21:34.0516 0x0da4  FontCache3.0.0.0 - ok
23:21:34.0516 0x0da4  [ CD7CD19E72EA2F597D01FC68ECD2F28E, 4E8BAA4AEF28B043780E2FEFFEB5E4DF4E2FB3211CE617D2DBAFB6C7B7DBBDFD ] FrameServer     C:\WINDOWS\system32\FrameServer.dll
23:21:34.0532 0x0da4  FrameServer - ok
23:21:34.0532 0x0da4  [ D152CCBFC8251670BF0AAFE00D6BC782, 9DE82D8FC4E1DAF8FF23EE08C0B7CB5051A9224E64544D262CFA4996A41B04E1 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
23:21:34.0532 0x0da4  FsDepends - ok
23:21:34.0532 0x0da4  [ 6D6BB5C7363CD35FA715E826F3D029EE, C214F791EB39E8B25CE57ED9D6C1D56EE1AF6021BCB380980BD42A6338A6C9F7 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:21:34.0532 0x0da4  Fs_Rec - ok
23:21:34.0547 0x0da4  [ 8EEC4925C03E375C4EC496E45C44139A, 06C5C7BCC28D3E435675F0759A09CAB726E971DF4BFC1DC3DCF503EABCDCCCC6 ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
23:21:34.0547 0x0da4  fvevol - ok
23:21:34.0547 0x0da4  [ EF78034773CE506323655A868C949144, DF195BEEE6704FBCC6D2D9E1BF6723E52ED502A1459F495B7D18481E6A79B5BC ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
23:21:34.0547 0x0da4  gencounter - ok
23:21:34.0547 0x0da4  [ B55FEBC6A00DAA1FE074F020B6907516, 67071FBAC2ABA47AB71358A5F08E92E034A55343878F00137E90B3B1F7362976 ] genericusbfn    C:\WINDOWS\System32\drivers\genericusbfn.sys
23:21:34.0547 0x0da4  genericusbfn - ok
23:21:34.0547 0x0da4  [ DDD8A8CDDC7F13EF57D1DAAE71865936, 9D472A8689F72F24D40D5B94849690F53C67849FDF6162A94EF4FB330A3DA566 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
23:21:34.0563 0x0da4  GPIOClx0101 - ok
23:21:34.0563 0x0da4  [ 8997353398C8466ECD183942D5FCC65B, C73FD5FFD71003F7FDDC17F59812BD6860992FA35EC0ECC8DE37D935606B485B ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
23:21:34.0579 0x0da4  gpsvc - ok
23:21:34.0579 0x0da4  [ 7ACD8F69B5D6EC97E6D2C006E19BED88, FC69214C9308EA64B88EF4C3C95800586DDBB44C8540846B79A161BAD8203B6E ] GpuEnergyDrv    C:\WINDOWS\system32\drivers\gpuenergydrv.sys
23:21:34.0579 0x0da4  GpuEnergyDrv - ok
23:21:34.0579 0x0da4  [ 10E3515FE5DBA6656FA62C29342EC4A1, 2051F10F74ED712B1766EB61E87FADE25AB3D0970BABFD320600D1B0D6377F26 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
23:21:34.0579 0x0da4  HDAudBus - ok
23:21:34.0594 0x0da4  [ B90D284B97CD4CA9DE7430AAAD887A56, 2F14F985C39B7801ED64590979CF2114924E9547F5B11D2B37A74DBFFDD9E7C5 ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
23:21:34.0594 0x0da4  HidBatt - ok
23:21:34.0594 0x0da4  [ B2FE11643CC6ACDEE6C247DD36018FDB, 5796613C7DBF8B2A9E860E006FF1A245B6BE7D10E3F6685AD142B48E5C237B8C ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
23:21:34.0594 0x0da4  HidBth - ok
23:21:34.0594 0x0da4  [ D24355488A2D4D2323518EC1AC7A6D9E, ED2176A2093726087EDDA25B86E9CDD4BA35F4E748E3A6DE0B15C4C97646B5C7 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
23:21:34.0594 0x0da4  hidi2c - ok
23:21:34.0594 0x0da4  [ 0AF9ABBA4F3F55C6C803890D64BC3C29, D3DE6FA308F8E7CD4F16387F46AE4B2F7EC9BBA07BF87652B660A0D645710571 ] hidinterrupt    C:\WINDOWS\System32\drivers\hidinterrupt.sys
23:21:34.0594 0x0da4  hidinterrupt - ok
23:21:34.0594 0x0da4  [ CDBCF8E9AB06D88A1E1191D32F320C5D, F76963AB7CF2BAB3A220013879AECD3976BFD851CFB66B5A69A9EA2541048861 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
23:21:34.0594 0x0da4  HidIr - ok
23:21:34.0594 0x0da4  [ C900FE0DD6A1E2220084B8F1C427790C, 802194EBEDA1A50EDA300078B0888AAC1F17A42E67147B7B3B9C50AD8D4E5C89 ] hidserv         C:\WINDOWS\system32\hidserv.dll
23:21:34.0594 0x0da4  hidserv - ok
23:21:34.0610 0x0da4  [ D8536CB438CC4CCDAE047B768EED22B2, 4F666BFA3554F9ACA6B9D436BFA64474D5F30FB3E78F4E66068CCDF283D9867F ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
23:21:34.0610 0x0da4  HidUsb - ok
23:21:34.0610 0x0da4  [ 0AC1BD5A28FAA371EF34859FE703E515, 1DD1C33AF8D6EBE7C36FCD051F066E4039D2B47ABAECF7C68BC3933D567930B2 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
23:21:34.0610 0x0da4  HomeGroupListener - ok
23:21:34.0610 0x0da4  [ 86161A89F16851728802590EC7C92608, 3A3B05BB4E115410D27063B30C0EF3F18295F542050F329F1E466C81A9E23A46 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
23:21:34.0625 0x0da4  HomeGroupProvider - ok
23:21:34.0625 0x0da4  [ F5CA18197B4646E04DB9EB2D6642CC4D, 5BA3342DDF1BCB67E4156169FE9A33E7BC2641C729E9F1A80C0E80953C6AB114 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
23:21:34.0625 0x0da4  HpSAMD - ok
23:21:34.0641 0x0da4  [ A10C7C1E69FC90620C7BF2E51302A01F, D725AEAE38255CED73F4922A10F226215528706580B06D01C228488F93AC0397 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
23:21:34.0641 0x0da4  HTTP - ok
23:21:34.0657 0x0da4  [ 0C84C250F80EAEC2C9768464CC1A9626, 212E1003B78F9B98FEB084FD1FDB59B26A9DE4C9120F24D4361FBBF0F3C035E7 ] HvHost          C:\WINDOWS\System32\hvhostsvc.dll
23:21:34.0657 0x0da4  HvHost - ok
23:21:34.0657 0x0da4  [ 74FC79C52395B10FFD0B55CF22CF88FC, 94D977DA2092EE8C2A598AC48758A84BB22CB6378BD114C2D3B4172A07A9CACC ] hvservice       C:\WINDOWS\system32\drivers\hvservice.sys
23:21:34.0657 0x0da4  hvservice - ok
23:21:34.0657 0x0da4  [ EF558A02D734A1403583E95CCEEC2487, F0D052DAF48A62E4A90D067BFCB5EE9563804DE68D0EA82E0E11C8D16AD19D29 ] HWiNFO32        C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
23:21:34.0657 0x0da4  HWiNFO32 - ok
23:21:34.0657 0x0da4  [ 771EDDA9830A3079F996F34D681FB6E5, F452AD656872A1C8B2D6DCE232CE01EBD456C46F4934A7601E78470F2A2CBF38 ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
23:21:34.0657 0x0da4  hwpolicy - ok
23:21:34.0657 0x0da4  [ 3B9F315E7FA72CC25228EB097DD9C694, B26F1E494428EF197A0C97645C05BB3CA093827A005D35C987F1D6778BC4E52C ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
23:21:34.0657 0x0da4  hyperkbd - ok
23:21:34.0672 0x0da4  [ 6A0B9F5662598D229F62CD317292E8F3, AF33D3FFACF72A15EEE37A4998DF0C1F9595B949D1AB4FAFA8AF278DB41E0455 ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
23:21:34.0672 0x0da4  HyperVideo - ok
23:21:34.0672 0x0da4  [ B54B30992620C97230013A74461C8517, CAF09BDCDD6DE2A39CB8AE2C65E6F8FE12D8E93D84BBEF6C6A98F872BF54A4E3 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
23:21:34.0672 0x0da4  i8042prt - ok
23:21:34.0672 0x0da4  [ C6B8743B213F06AA60943D8366FE968F, 758954F70B810063914B243115B2C753B2BCE40190F95C30ACBA0BF04EBD5B33 ] iagpio          C:\WINDOWS\System32\drivers\iagpio.sys
23:21:34.0672 0x0da4  iagpio - ok
23:21:34.0672 0x0da4  [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c           C:\WINDOWS\System32\drivers\iai2c.sys
23:21:34.0672 0x0da4  iai2c - ok
23:21:34.0672 0x0da4  [ 5A0E850F8CD17791A3E6A3CF81D0CA28, 10A965A49D53360DD250E0758B6BB142872298A21C732EB026ACB93492C5C6CF ] iaLPSS2i_GPIO2  C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys
23:21:34.0672 0x0da4  iaLPSS2i_GPIO2 - ok
23:21:34.0688 0x0da4  [ 7508F1096803385D6376BFD0BD473AC4, 1F32EC23CDC94DCB9710E6663B5C3BD83568545DDC2C741CFC13550A4E4DD2BE ] iaLPSS2i_I2C    C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
23:21:34.0688 0x0da4  iaLPSS2i_I2C - ok
23:21:34.0688 0x0da4  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
23:21:34.0688 0x0da4  iaLPSSi_GPIO - ok
23:21:34.0688 0x0da4  [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
23:21:34.0688 0x0da4  iaLPSSi_I2C - ok
23:21:34.0704 0x0da4  [ 7675D8E247732F45F60AA450BA2C207D, DBB591E56BBF9A93BE66A993D143A97964CC628457CF47EB5231D0DF62B59ADE ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
23:21:34.0704 0x0da4  iaStorA - ok
23:21:34.0719 0x0da4  [ 97E553D03219D3D51705C7235D9EAEBD, 5D4578C8804AF32D1DC0868E34D6538138DC15F9568CA7E21051B1C82C0D8D55 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
23:21:34.0719 0x0da4  iaStorAV - ok
23:21:34.0719 0x0da4  [ 8350FE3BCDE3428BC040877BB7E9EAEB, 77F9456351CA640C6B7862907C0580627E761EC807B551976A95657EB4D6CC20 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
23:21:34.0735 0x0da4  iaStorV - ok
23:21:34.0735 0x0da4  [ 3BA03F7C7700DDF4C383DDE9252F5817, 3E90F69D0010E7764349D9AE865D577E431FEBC67DA554B400BC808DD286E203 ] ibbus           C:\WINDOWS\System32\drivers\ibbus.sys
23:21:34.0735 0x0da4  ibbus - ok
23:21:34.0750 0x0da4  [ 937AC47F7356554DA05D9722C356EB55, 9EABC9F19B4E1193B669D2674967F5C6F03FAD348EDF0615E3F78554FF9A83CC ] icssvc          C:\WINDOWS\System32\tetheringservice.dll
23:21:34.0750 0x0da4  icssvc - ok
23:21:34.0750 0x0da4  [ F2934208C0E50C0B971A7981AB90BED2, B936BFBBD71E731CC2CDB8B47D262F2EF09726FF921C2DA0841910CA2401423D ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
23:21:34.0766 0x0da4  IKEEXT - ok
23:21:34.0766 0x0da4  [ 2A01C96DF5802D3434634E55C91232D8, A3ABEF36E2FD2CF5C371ADBF92566A09669A1D990ABE4677370F57F2EEAF8121 ] IndirectKmd     C:\WINDOWS\System32\drivers\IndirectKmd.sys
23:21:34.0766 0x0da4  IndirectKmd - ok
23:21:34.0813 0x0da4  [ AB23618C11CDAA1EF5C1482B065ECAC9, 3EC9C264C8C22AB19B0AD0D23E8E8F855E13EE4CAB2C376AC3AADF9D502E101F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
23:21:34.0860 0x0da4  IntcAzAudAddService - ok
23:21:34.0875 0x0da4  [ F28C5A79A1698E9F1374569A1C0FB880, 9DD0A9539AFE0DB71C2CDE1E9649D4178C28E3740E99E54E3337E7DD32971D72 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
23:21:34.0875 0x0da4  Intel® PROSet Monitoring Service - ok
23:21:34.0875 0x0da4  [ 9F7E87F6595D065A8A200A291043045E, 6944F72F73EADC6C9B7691F2C1C6DF1898F22C88EFA78EC0BA8CB5FFD9CE057B ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
23:21:34.0875 0x0da4  intelide - ok
23:21:34.0875 0x0da4  [ A6BD2E20AE1BC5CB2776C87C28E4F4CA, BD8BE67CED9A4982D785CE9ECBEFE868C3A2E37DF7F9592B9F9049B807A1554B ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
23:21:34.0875 0x0da4  intelpep - ok
23:21:34.0875 0x0da4  [ 2A48DA39542636DB0FA3BA915385D1B3, 6CA0916F5F4B1E81AE6A6233276320599BFA7C129267177703E3BB6468FB4683 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
23:21:34.0891 0x0da4  intelppm - ok
23:21:34.0891 0x0da4  [ DB32758F3A7F6CCE81A5430080A2EA65, 36A26BAA884E96804F8EA0B12BB3E81BBE6D4EE704809904091445F36CAB5A29 ] iorate          C:\WINDOWS\system32\drivers\iorate.sys
23:21:34.0891 0x0da4  iorate - ok
23:21:34.0891 0x0da4  [ FE85D0A86CA7A5A99CF8CD04DE7F80AE, 544C01FC01EE728EB5667158207E5F4418FE77A88BA318192A834722DB766F4E ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:21:34.0891 0x0da4  IpFilterDriver - ok
23:21:34.0907 0x0da4  [ 68C50E8E4265698BE6835156F4DD5008, 5B9CBBCE99315E5569E6733F13E91A687A36F536A68A2B670CC24C4BCC4EAFF4 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
23:21:34.0907 0x0da4  iphlpsvc - ok
23:21:34.0907 0x0da4  [ 10D01A3657AC8E8004C83D613163DE1E, F9389F1BF87A2D28899F50D270DA6F48B0912CFAF06CEE566697B041DBE92F9C ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
23:21:34.0907 0x0da4  IPMIDRV - ok
23:21:34.0922 0x0da4  [ F1DAECC3B3D6399875D4F10529D6A77C, 6533D2F858816BE6570C998510919FCA2904EC6EF806F61C1FD325E88133111B ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
23:21:34.0922 0x0da4  IPNAT - ok
23:21:34.0922 0x0da4  [ 7475A2903BB704B446AA6309E34D3362, C94643A1626A9716015EBA7041A1224098501EB7DAA704CBFCAD3DC6F3CFC6AF ] irda            C:\WINDOWS\system32\drivers\irda.sys
23:21:34.0922 0x0da4  irda - ok
23:21:34.0922 0x0da4  [ 9725E7F0C64CE9916A5CDABE8D6E13C3, 04AF9E48FEF208A2850DF28352E8FDCBF4018982C72C0F67EE12C048C4070116 ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
23:21:34.0922 0x0da4  IRENUM - ok
23:21:34.0922 0x0da4  [ 8C604213A2E73088BFFE6CD2E6F1AE53, B4C4FEE4D398A29F72EC27D5668071D7E68CD943FFFC38624DD5DF5BEBDF46D3 ] irmon           C:\WINDOWS\System32\irmon.dll
23:21:34.0922 0x0da4  irmon - ok
23:21:34.0922 0x0da4  [ 58040898883A96160D41739C80328BBF, 7F85C91C905811416E266A263DDEFCDCB0B45376AAE51B551AB636C16577DB9F ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
23:21:34.0922 0x0da4  isapnp - ok
23:21:34.0938 0x0da4  [ C9FD02D62E09337B67B0C61EC8CA38CC, DC77E935ECC8474BE9018F0937CB11C137073582B20A0EE107CE247FD9E1F9C1 ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
23:21:34.0938 0x0da4  iScsiPrt - ok
23:21:34.0938 0x0da4  [ 210808437570BDDEE71A43535E3A2D30, EF5DE6EE4FF58F44CDE4D4E7F298ABBC9086EC05CC3AE4903060DA878115AC1E ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
23:21:34.0938 0x0da4  kbdclass - ok
23:21:34.0938 0x0da4  [ 0B779E9FC426CA2268D28181FA6C222F, 83292023A688C3044D096F22242EB954B7F7511BE8341D45FF0AFBD9CB9BCB4E ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
23:21:34.0938 0x0da4  kbdhid - ok
23:21:34.0938 0x0da4  [ 813BA3EB2CE038F2A5382DDD75CAD60B, 99FA444027CAC247B54317730D54AB0C4C000AE076B97E47470FDA9834594312 ] kdnic           C:\WINDOWS\System32\drivers\kdnic.sys
23:21:34.0938 0x0da4  kdnic - ok
23:21:34.0938 0x0da4  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] KeyIso          C:\WINDOWS\system32\lsass.exe
23:21:34.0938 0x0da4  KeyIso - ok
23:21:34.0954 0x0da4  [ 97E3E8F35632EECD0ABD2DE6519A9666, ABE96FDEB1076E380D7FB4975C020B43ED4E821097EFC6AFE8C75D764167D6E8 ] kl1             C:\WINDOWS\system32\DRIVERS\kl1.sys
23:21:34.0954 0x0da4  kl1 - ok
23:21:34.0954 0x0da4  [ B01AD8DA034EE42D4C2282F77FDB03AE, 3FF55F3CEE4A0E5D559F04F5A639297EA0F36580720E94CF9DD56DEBF2E98F39 ] klbackupdisk    C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys
23:21:34.0954 0x0da4  klbackupdisk - ok
23:21:34.0969 0x0da4  [ 10549B5BFD9A3DCF4FFA6287236FA959, 6BDFA335A8E3A69425CB23230660D3168CB82911ACB3AAAF85C19263511EAF51 ] klbackupflt     C:\WINDOWS\system32\DRIVERS\klbackupflt.sys
23:21:34.0969 0x0da4  klbackupflt - ok
23:21:34.0969 0x0da4  [ 7DAA9047F50BF5A3F8C147719FC520AF, 0740387075AF46DB1E9AEE3B12C65A06EDFE58EADB8B562C36CB1FEFF9905C26 ] kldisk          C:\WINDOWS\system32\DRIVERS\kldisk.sys
23:21:34.0969 0x0da4  kldisk - ok
23:21:34.0969 0x0da4  [ 5766A27C85EE813029831D125D2EFB45, BB5BAFD5A58E80C7F0B8D24121352E0386B3422FFC16B56F1D1B1C6A482AC9F0 ] klelam          C:\WINDOWS\system32\DRIVERS\klelam.sys
23:21:34.0969 0x0da4  klelam - ok
23:21:34.0969 0x0da4  [ FA0253329B8951509D9B5A476CCD41D4, 1981BFCBEB8AF7D677791E1D46AD4434DA3CE0AC2A5CFB26916821FAB45EA757 ] klflt           C:\WINDOWS\system32\DRIVERS\klflt.sys
23:21:34.0969 0x0da4  klflt - ok
23:21:34.0985 0x0da4  [ 432A489DEF978702210732364E7CF486, 0D911843EB49F70BC60AEB56DD66BBC328E065F6AD2ED4EC7FCCD30C61A3B017 ] klhk            C:\WINDOWS\System32\drivers\klhk.sys
23:21:34.0985 0x0da4  klhk - ok
23:21:34.0985 0x0da4  [ 7796EAD58D8C1A42AAB6B6CA9A3F106C, 7DA8A05A0210F63C7D120DCF0101AD895D53368C0DED23E275F2BA79239FCE28 ] klids           C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys
23:21:34.0985 0x0da4  klids - ok
23:21:35.0000 0x0da4  [ 4DF87FF594381901C224866A61A25B7B, AFAF93F4C08B481F0203ECFB2B4F0997728E9C91B694CB2BF9BBBF4889EFC48B ] KLIF            C:\WINDOWS\system32\DRIVERS\klif.sys
23:21:35.0016 0x0da4  KLIF - ok
23:21:35.0016 0x0da4  [ 6357C533C30650361110DBAF59A25DF8, FA8CF6292CCBC7E23527D968E54CD773706CF091E35563B0CF9F8A1DF0B724B9 ] KLIM6           C:\WINDOWS\system32\DRIVERS\klim6.sys
23:21:35.0016 0x0da4  KLIM6 - ok
23:21:35.0016 0x0da4  [ 5480CC93737F48282552C84FA7EBA59B, B7D92424399B647132F6B9409FE75EAA310C984F796FC0B65BBE2EA180110968 ] klkbdflt        C:\WINDOWS\system32\DRIVERS\klkbdflt.sys
23:21:35.0016 0x0da4  klkbdflt - ok
23:21:35.0016 0x0da4  [ FD47C92A63B6EADEA830BFA96C06EAEE, C15C39B6FA53CBD01A2F95243845C4B706B4229F8FFB75C7128819B9CEE5B2CB ] klmouflt        C:\WINDOWS\system32\DRIVERS\klmouflt.sys
23:21:35.0016 0x0da4  klmouflt - ok
23:21:35.0016 0x0da4  [ 6B0C605591C892CBB683F63EA47822DC, E74C0A0501A1B4B56B417402108521F34DA6A23FCD1C05E4E524E41EBA0906FF ] klpd            C:\WINDOWS\system32\DRIVERS\klpd.sys
23:21:35.0032 0x0da4  klpd - ok
23:21:35.0032 0x0da4  [ 66516A704F1D378E58B85D79633C103D, 54E3EB342D2FD17CF742A8ACADCA81A553216AA289955DD176A54D6414727DA5 ] klupd_klif_arkmon C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
23:21:35.0032 0x0da4  klupd_klif_arkmon - ok
23:21:35.0032 0x0da4  [ 34D207C9300529BE5E29267922483778, 6F2888A3E649B78477A568E8F8A2527493D9D0D1FD13822E5D90AE575D2041D2 ] klupd_klif_kimul C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
23:21:35.0032 0x0da4  klupd_klif_kimul - ok
23:21:35.0032 0x0da4  [ 77443CD03E2DF52B11EF50D52E399F45, 28AA14E7923DDB097725D8ABF3994910F2FE77DEDCFC11A4FA3C24B1DCCEC4B9 ] klupd_klif_klark C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
23:21:35.0032 0x0da4  klupd_klif_klark - ok
23:21:35.0047 0x0da4  [ 80C48FD804044D2925DB4406526E0402, 4C6B4BCEE361B846F842D3292C5DF8561D8ED0C9315F635F89628495E56AD3B4 ] klupd_klif_klbg C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
23:21:35.0047 0x0da4  klupd_klif_klbg - ok
23:21:35.0047 0x0da4  [ 8D7E0B5D4F843D39AA1F644B2578B0EE, C4A8E569A253738AA7B7CDE8D0E987954D1DA6BE6F32D962BD458CA5275A5D76 ] klupd_klif_mark C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
23:21:35.0047 0x0da4  klupd_klif_mark - ok
23:21:35.0047 0x0da4  [ D7F0B46844565E2ED68AC99AF0F4263F, AB419CBC29F96703237127AC4178A5365D4CCA010BAB1BD66D100D635E6E89B8 ] klvssbrigde64   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\x64\vssbridge64.exe
23:21:35.0047 0x0da4  klvssbrigde64 - ok
23:21:35.0063 0x0da4  [ 4C5305295B51BA72FC9C8CDAB32F95C3, 0E5850AC4CA14D971E7B04FED23CB2F6CEEE2796E905AADA0104677982ECD58A ] klwfp           C:\WINDOWS\system32\DRIVERS\klwfp.sys
23:21:35.0063 0x0da4  klwfp - ok
23:21:35.0063 0x0da4  [ 4799405773BB400A2FF96663CF0EE4A2, F7650B80AC388675724D9A43D709FF9CCDE99374D7C5E3B900F61FC61D6816D2 ] Klwtp           C:\WINDOWS\system32\DRIVERS\klwtp.sys
23:21:35.0063 0x0da4  Klwtp - ok
23:21:35.0063 0x0da4  [ 098D3EBDC599E05449A3BFB5BB519FE0, 00A02DE53312D4DF52E26E14E0E803255DF5AFAE95455EAE5A004F9E84C8B2F5 ] kneps           C:\WINDOWS\system32\DRIVERS\kneps.sys
23:21:35.0063 0x0da4  kneps - ok
23:21:35.0063 0x0da4  [ 705C0F8BCCEF6E7CB704CCB454192D7E, FC608C708E2C3BF7A66E57B95E19E71E5F5C87EF359D8BC1A817500B45DF9338 ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
23:21:35.0063 0x0da4  KSecDD - ok
23:21:35.0079 0x0da4  [ 55AD13E2BAFC5AB53A10F8C271F5D242, 058BEF14DCB95574BCAB985F04737BA89483937E8D8A74F7B4CEAFB7400C2397 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
23:21:35.0079 0x0da4  KSecPkg - ok
23:21:35.0079 0x0da4  [ 4ED115CD1A1099705F56B5E0FFF97CC6, 9CC49DF2CD6AAAE405BA661D13EFC1E05111D1DE3D1E50C39C425AF1F075610B ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
23:21:35.0079 0x0da4  ksthunk - ok
23:21:35.0079 0x0da4  [ 8125BDF7ADC261F75EF0CAD92456E350, 184797AA1D58C4FF743BA60D48590B88B781EE7779205E45E0679DEC79F3E185 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
23:21:35.0079 0x0da4  KtmRm - ok
23:21:35.0094 0x0da4  [ 8CCAB08815B50AD78B823DB3F96C8604, 265E6D582EB7207B5CC577D61CB7BC3646F613047F168CD69BB776C37780EBF5 ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
23:21:35.0094 0x0da4  LanmanServer - ok
23:21:35.0094 0x0da4  [ 33DBBCF71F68EA97D9FD34E4C9AB5AC6, 104F04A1560E75EB224A3825707CE51E8798ABD764F5CC3B854FFFC93A39AF60 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
23:21:35.0110 0x0da4  LanmanWorkstation - ok
23:21:35.0110 0x0da4  [ F8EBAA1FE6D3BF84752931DE1BFA0E2A, 2F3C512712BA709BBBBD779D9E792DBE324876C402CDCEF0345B8B7ABE1D232A ] lfsvc           C:\WINDOWS\System32\lfsvc.dll
23:21:35.0110 0x0da4  lfsvc - ok
23:21:35.0110 0x0da4  [ 5A23E4BE0CCF49663C4CF7EB74C20278, 9DF91014B13B7CED1C3D409F90858FD03EFC5C4347C98901B4DF0AFF2B77845D ] LicenseManager  C:\WINDOWS\system32\LicenseManagerSvc.dll
23:21:35.0110 0x0da4  LicenseManager - ok
23:21:35.0110 0x0da4  [ 5933A6673F00D8255C52957E40C2D601, 0AA1281F8B3F97E360592D1B35EE7D3D614F1AB46007F9884CFFB1C5E647575E ] lltdio          C:\WINDOWS\system32\drivers\lltdio.sys
23:21:35.0110 0x0da4  lltdio - ok
23:21:35.0110 0x0da4  [ 88A3C935725FA6EA1A228DCC26CF9C6F, 9B1F70644EEFA1EE7CE151A8A970430087339B7A6345F2E0252370929D4AFAC6 ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
23:21:35.0125 0x0da4  lltdsvc - ok
23:21:35.0125 0x0da4  [ 3F858E28AEE6545FA1B64134DFD5C2CE, FFD7B4FB0A7B61BC6B76A172134673842F2CF00E96FA3ED4A8273DC525B6BB92 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
23:21:35.0125 0x0da4  lmhosts - ok
23:21:35.0125 0x0da4  [ 8E1B0946948CCC0BC1FA3CB70374A795, 0B894C129A35E223FF9594725AC90916CBD597FAD2211A18FC2AE03EA8679597 ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
23:21:35.0125 0x0da4  LSI_SAS - ok
23:21:35.0125 0x0da4  [ 4F68163FC04C973500DC4DA0946917B0, DF060C29109EB3978CEDFE781999B0C4C1E8C0FDB133428058D8400C53315EEC ] LSI_SAS2i       C:\WINDOWS\system32\drivers\lsi_sas2i.sys
23:21:35.0125 0x0da4  LSI_SAS2i - ok
23:21:35.0125 0x0da4  [ E5AC5F2815938651CDCC27F425474673, 3AF0598982153C36A766506FA088F7B84333CC96FEBB050402547AFC613AF9F7 ] LSI_SAS3i       C:\WINDOWS\system32\drivers\lsi_sas3i.sys
23:21:35.0141 0x0da4  LSI_SAS3i - ok
23:21:35.0141 0x0da4  [ CCF6EC9FB9B8F18E05B4253E81013E48, EBE8D77FEE8B99BD8C29702404774D554673C96DF3FDF3DCEA9C99E22C2709FC ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
23:21:35.0141 0x0da4  LSI_SSS - ok
23:21:35.0141 0x0da4  [ D5EFC0BAEC21EDE6FE03D377D403B421, 41BE71AF7C896FD4C51EF7E3871AAB769164DFB8050DA43E48C7A100711414B4 ] LSM             C:\WINDOWS\System32\lsm.dll
23:21:35.0157 0x0da4  LSM - ok
23:21:35.0157 0x0da4  [ C9579D32219E5B936AC3A48D470117EC, E61A77191B6BA25D29B1221FEBBE826BBC11F825C0E35A72B4CEFFF8B7FE59A8 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
23:21:35.0157 0x0da4  luafv - ok
23:21:35.0157 0x0da4  [ 9F699136FA1A8A170C2C05D7790A5FC0, 4363C527BD2FC9FD8937E9866CA200809AC87B64EA57084491BAB6DEB8ED9E87 ] MapsBroker      C:\WINDOWS\System32\moshost.dll
23:21:35.0157 0x0da4  MapsBroker - ok
23:21:35.0157 0x0da4  [ 835E1D6B5835EF70FC3BDF93ED42243A, 0025D232ED0FF9A572F8004094CFE21F62070DB832398345425554334E036DA6 ] MBAMChameleon   C:\WINDOWS\system32\drivers\MBAMChameleon.sys
23:21:35.0172 0x0da4  MBAMChameleon - ok
23:21:35.0172 0x0da4  [ E8E0D53AA910D8BC60A403E77DBA9B8C, D86EE7F845DB20230A036C26383A6F4314F80489A1D15C2A969A0C3C63706B7D ] MBAMFarflt      C:\WINDOWS\system32\drivers\farflt.sys
23:21:35.0172 0x0da4  MBAMFarflt - ok
23:21:35.0172 0x0da4  [ 88BD122C3A35DE63D75D382DF75554CE, ABDF59543CAD186A6ED4E66257205D9CF5047732A5DA74A96A28B468B41BC396 ] MBAMProtection  C:\WINDOWS\system32\drivers\mbam.sys
23:21:35.0172 0x0da4  MBAMProtection - ok
23:21:35.0219 0x0da4  [ 804E3246E3E73D4A936F2F4BCDC53A2D, BF1F9B4AC292238FA6EE541E325B220F311977F9D87D5BC7F90AD058FBF0B35A ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
23:21:35.0250 0x0da4  MBAMService - ok
23:21:35.0266 0x0da4  [ F8E8B0977741F114407494174522B71A, 6A3FE40D4649D89ABED007FFF13C38F021284265EC692C6190FF0EF8BDECF99C ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
23:21:35.0266 0x0da4  MBAMSwissArmy - ok
23:21:35.0266 0x0da4  [ 71C365620D484750948664AA4A579AB3, A60DBF3BD252ABC63BAD3571F3DF88BAD45FB76336FC52B88FAE0665C3D40D44 ] MBAMWebProtection C:\WINDOWS\system32\drivers\mwac.sys
23:21:35.0266 0x0da4  MBAMWebProtection - ok
23:21:35.0266 0x0da4  [ C3CDCCF07486BD2616A7B82946E07AC0, 1EF95DAB2DA856BC7D7573B2EB2D9006DF337F827F0B56A161D0C97F45DB755E ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
23:21:35.0266 0x0da4  megasas - ok
23:21:35.0266 0x0da4  [ 2CF0CB2A0ED68C5455371E84C16F9627, 1C9166B52140145F1968E83E52BFF041250811B23C770FE181A18A4BA060CA81 ] megasas2i       C:\WINDOWS\system32\drivers\MegaSas2i.sys
23:21:35.0266 0x0da4  megasas2i - ok
23:21:35.0282 0x0da4  [ FADB2FE017E69EECE0E1BA78661C2E8C, BE99B49031D8B4B670B6F6B6E829E54406779CF6F1D8AFE8AB79A73E6764AB2F ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
23:21:35.0282 0x0da4  megasr - ok
23:21:35.0282 0x0da4  [ C4A4BE9C6EDA9640F272B48FC0AB4F06, 8A9BE9FACDDBEBDF47ACB86D5DDC0DD3E5F90EDE1E93B59F9E92375E5CB2ACD6 ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
23:21:35.0297 0x0da4  MEIx64 - ok
23:21:35.0297 0x0da4  [ 55A417C3E41F2A98666CF929EC19108E, A38C262B2863C87E4151525BF26D6AC16E7982D370E2C6998EB15C88C4BC8254 ] MessagingService C:\WINDOWS\System32\MessagingService.dll
23:21:35.0297 0x0da4  MessagingService - ok
23:21:35.0297 0x0da4  [ FD60818B66B2E8A5415EA840E99A9D8F, 5D2F22909354534B821D958FBEF6A40EB4F642F53C7B509D00949096EF716F36 ] mlx4_bus        C:\WINDOWS\System32\drivers\mlx4_bus.sys
23:21:35.0313 0x0da4  mlx4_bus - ok
23:21:35.0313 0x0da4  [ 68F6977F1CFBAAC770D940A8C0326FA1, 90EE1E7DAC680EAA5AD50E9B0B9FD8FCE8DD6A02D5EF941B5AA5084CBD40BB80 ] MMCSS           C:\WINDOWS\system32\drivers\mmcss.sys
23:21:35.0313 0x0da4  MMCSS - ok
23:21:35.0313 0x0da4  [ 0D50B3F3AB32D416786B58D4553859CE, 9DA4D7A30982E8B31C45BDB721AEF5240EAD9DA6839CF34FDDBCF123BF104F2C ] Modem           C:\WINDOWS\system32\drivers\modem.sys
23:21:35.0313 0x0da4  Modem - ok
23:21:35.0313 0x0da4  [ 9CCCB7FC3EDADEBA461D78615A6011A6, C120B58F25E8CCFD971EB78645C0682F367AD56DC15F2D8C1980CE75B04719DF ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
23:21:35.0313 0x0da4  monitor - ok
23:21:35.0329 0x0da4  [ 27A07B2FB2E3057DA8DAEA4F25D843C7, 09D2B39E6B9AAEC879E5871DD6BCFF2AEF0B894F3B44649665A685F8B3CA6F27 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
23:21:35.0329 0x0da4  mouclass - ok
23:21:35.0329 0x0da4  [ 7BD6E7F7C9001AB21B8362CFFEE80B25, C470C3363EEF3A60409A5934988BFB9B72AE7C2BB63CC2C2D006D7EB1C797F6A ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
23:21:35.0329 0x0da4  mouhid - ok
23:21:35.0329 0x0da4  [ F5BDAEE4B7D369D4C74668DCFBA3FF10, 100F39288E56AFE0D39D1CC235BDC9F3727C873CD3114E092DA7A08810BD3EB2 ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
23:21:35.0329 0x0da4  mountmgr - ok
23:21:35.0329 0x0da4  [ 30844BD376F9D01E62C820BEF446F1F8, 910D672EDB544A20AEB4450B4D89830F46EDD28CE0021156176315C5D068A1B4 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
23:21:35.0329 0x0da4  mpsdrv - ok
23:21:35.0344 0x0da4  [ A231E1861F7AA9CCC24B97176BBA838D, CDAB9A25CC55B71E8A83E50504B12E948D7A88F035918E4F94E3624E4AA0A28D ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
23:21:35.0344 0x0da4  MpsSvc - ok
23:21:35.0360 0x0da4  [ 25D32BE04FE0A23FDF57FD5382757672, 64E39E3E21D9173FB1116B989D80C244C49DA827698A05AF5CC5CD1C6AE155DE ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
23:21:35.0360 0x0da4  MRxDAV - ok
23:21:35.0360 0x0da4  [ D559FF28B1AD9B1E15A4186E785E61F6, 4B22A740E86CA10B1B43E36CBE9A50B53D1E5504C25694C8FF3A514DF699E99C ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:21:35.0360 0x0da4  mrxsmb - ok
23:21:35.0376 0x0da4  [ 0698B15E21EA1B8742F2E7BB3142B754, 0DB79841E863F08452F895DA47CEEF6CA4D527A616EB616FDFF5F7431487E5F7 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
23:21:35.0376 0x0da4  mrxsmb20 - ok
23:21:35.0376 0x0da4  [ 74C9D21523DAE0C18F413C196DF0058A, 3DB4B8CA368D9DD82FAE2C2BC828A21142C8D29780A7C8667188C447519FF702 ] MsBridge        C:\WINDOWS\system32\drivers\bridge.sys
23:21:35.0376 0x0da4  MsBridge - ok
23:21:35.0376 0x0da4  [ 308F08347923DEEDE7BC03EC7D485841, 72DB45CA11FE635DF9F8273C38CBEFB8DF5362ADA0CBF6D2B1E570365DC700C0 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
23:21:35.0376 0x0da4  MSDTC - ok
23:21:35.0391 0x0da4  [ F01B849D9D4A8CEAF32D4FDBD0B83C92, D2473AC4C6E6C03DEF13EA73EC78FB878BDC95C047651BF79A16C9DEA82AD046 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
23:21:35.0391 0x0da4  Msfs - ok
23:21:35.0391 0x0da4  [ 22ECD8F5D1DFADF2011BBB1700CB871D, 8F9EFF51137394EFA5471B8A29C541710063B65806B075B4925A84D5B6BC3BBB ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
23:21:35.0391 0x0da4  msgpiowin32 - ok
23:21:35.0391 0x0da4  [ FD870F6968A145E4D2BA8A8842686B03, 34B8F601F3B5E42B4D0A41E2AF7DB4EB4E5B627DA8DA9A2A2D46B153AF23AEB1 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
23:21:35.0391 0x0da4  mshidkmdf - ok
23:21:35.0391 0x0da4  [ 30364757963A028CE5DF0FBAAC270173, C72588A6A52FF8E418A15D2C407A4DB7EA768585423720145F8253D5CA519DC2 ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
23:21:35.0391 0x0da4  mshidumdf - ok
23:21:35.0391 0x0da4  [ 6BB0FEDDAE7135FA37FFAFF4D9E0E876, B41A3C0FFDFC493D6325ED493445AFCED04EC9DFF2B38125616FC5419AD1ACC4 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
23:21:35.0391 0x0da4  msisadrv - ok
23:21:35.0391 0x0da4  [ 07E3E54734B14F43A4A95A849C0A0DE2, 314AA02EA84D267B32DBAEBEA6C1AC1A266DED1E8D35A17B41D1D2AC75E8049E ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
23:21:35.0391 0x0da4  MSiSCSI - ok
23:21:35.0407 0x0da4  msiserver - ok
23:21:35.0407 0x0da4  [ 4586CDA25B7866DD9505CEECF9DB3C74, B94CE1A7C1B6FFEF7AA33AEC30C27E01E44E6E56A4274705684BFBB738F95BCF ] MSKSSRV         C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys
23:21:35.0407 0x0da4  MSKSSRV - ok
23:21:35.0407 0x0da4  [ 642CDE46351D5D2D90311E77072AB46D, B2D3033E607BA2F6E6B9CFB1CBF154CD0CE910EA473C56343EC81B9B94044CCA ] MsLldp          C:\WINDOWS\system32\drivers\mslldp.sys
23:21:35.0407 0x0da4  MsLldp - ok
23:21:35.0407 0x0da4  [ F2302A5CE63CA7673200FAFCEEEDB6AF, B8C44FC2DC0332183DE325CDBF511101F3307225295EDD428CE575A8DE15C223 ] MSPCLOCK        C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys
23:21:35.0407 0x0da4  MSPCLOCK - ok
23:21:35.0407 0x0da4  [ 6114512EA26E835BA522C63635429DB5, 0F91CE41B4555316A79AEF3047C152D538CC9C7C329987C9FD0E3D961AFC87C8 ] MSPQM           C:\WINDOWS\system32\DRIVERS\MSPQM.sys
23:21:35.0407 0x0da4  MSPQM - ok
23:21:35.0407 0x0da4  [ AA538E16E644D00E3BA5349BBA9598EC, 64A68B06883FE7ED34E04AB119BA819753F1222923EDD4E802C35D402B89D075 ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
23:21:35.0422 0x0da4  MsRPC - ok
23:21:35.0422 0x0da4  [ 0543BEFD41EC4D25C7F7CF36409CEC7D, 631622CFEC49952C0470531B23FFFFF483DC0EFFEF7A97B1179A600392C05DDD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
23:21:35.0422 0x0da4  mssmbios - ok
23:21:35.0422 0x0da4  [ C1569E4DB8EFE3617847BF041A3C842F, 99ADE5E7F50E04CAEC737F7F90741CCA8EE628996BA5EB6C6BC62184884429B6 ] MSTEE           C:\WINDOWS\system32\DRIVERS\MSTEE.sys
23:21:35.0422 0x0da4  MSTEE - ok
23:21:35.0422 0x0da4  [ 130B16970154BA9876B09E5C4BAC63BE, BE3AF8FC5A26AB9C9DBA9C015C2E1FD3C4CD9CB423A2BBDABA91428BF8620553 ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
23:21:35.0422 0x0da4  MTConfig - ok
23:21:35.0422 0x0da4  [ 15D987C8F6CCD4AC94E070C5986762CB, 452FB0C48B86C7F8F53794CC2DDBF2B900B03A0383B2DE8F6A830F8CB0AFBAD8 ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
23:21:35.0422 0x0da4  Mup - ok
23:21:35.0438 0x0da4  [ 3D2C5B4995CA0751D32DEA0DE9FDFE44, A26958785FD9E05E2CA97078C9BB277CD44222BF5F7D9E8DC2F3F6AAAFFC6483 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
23:21:35.0438 0x0da4  mvumis - ok
23:21:35.0438 0x0da4  [ D0A5F9ACE1F0C459CEF714156DB1DE02, F877296E8506E6A1ACBDACDC5085B18C6842320A2775A329D286BAC796F08D54 ] NAL             C:\WINDOWS\system32\Drivers\iqvw64e.sys
23:21:35.0438 0x0da4  NAL - ok
23:21:35.0438 0x0da4  [ A5FA29F748BBF38FC3FAE4B54FA20A93, 8912F08967CFDD2A74593C9D23F43D6487D1920969C380B39BA8EA4672B24C3B ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
23:21:35.0454 0x0da4  NativeWifiP - ok
23:21:35.0454 0x0da4  [ C3D9870E680D9D843B18F4626C3858FE, 43596CAC9FB488F810FBA954C52BC4D13F7D32028C40ACFE33DFD7EE36A65C17 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
23:21:35.0454 0x0da4  NcaSvc - ok
23:21:35.0454 0x0da4  [ 04CE2C0F0759EACD886BA4B658B60D5D, E34D0976FC5936C8629800D826DB127072D1DFC3D350EFACA3AA1B8119551762 ] NcbService      C:\WINDOWS\System32\ncbservice.dll
23:21:35.0454 0x0da4  NcbService - ok
23:21:35.0469 0x0da4  [ E6094065008FE423377294050E7CEA2D, 86E200227256407530E2C28243DEFBC3CB6E9497644404D9AD79DA242286DF7B ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
23:21:35.0469 0x0da4  NcdAutoSetup - ok
23:21:35.0469 0x0da4  [ 629CB21AC49C8867E0F29DF1C16DB7B4, 20663E68C69D0A1A2FE99A0C2A9DEFABF49786A1DC8F7F4E1699458AF57D7E79 ] ndfltr          C:\WINDOWS\System32\drivers\ndfltr.sys
23:21:35.0469 0x0da4  ndfltr - ok
23:21:35.0485 0x0da4  [ 3B41B4CF8F3F7C4041AC516830561533, 1EA616164AF9EA6B5DEC569DD255CB81C9EC3D4288E214CD8EE72C334ADEA3B8 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
23:21:35.0485 0x0da4  NDIS - ok
23:21:35.0501 0x0da4  [ 6DD605338FAAF6BA17662AA874E0D162, 636607829F5D7C3B7A4683C0A2DD594360D72F2AA3F8710153BE32575AE34A15 ] NdisCap         C:\WINDOWS\system32\drivers\ndiscap.sys
23:21:35.0501 0x0da4  NdisCap - ok
23:21:35.0501 0x0da4  [ E34196F285F8B8879E1FF36C31F7179E, 77A4F24F995D4C0689C43F9956E08DCEC62517E4F8B1B9EAA1852B5293DB5B9A ] NdisImPlatform  C:\WINDOWS\system32\drivers\NdisImPlatform.sys
23:21:35.0501 0x0da4  NdisImPlatform - ok
23:21:35.0501 0x0da4  [ 1FAD2398673F30CEC616B89C46B7DCBA, 70302049E6AE2BC6B3A7A9DE54D3F940AD6A9771CC2EBCCEC65994E67A25ECB5 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:21:35.0501 0x0da4  NdisTapi - ok
23:21:35.0501 0x0da4  [ AEB8ECBE66CC46854066CB1F5623E179, 2F650A85A9DAE38887610C0B876621035616CEDB65D4BBBD7F1405616D218AAF ] Ndisuio         C:\WINDOWS\system32\drivers\ndisuio.sys
23:21:35.0501 0x0da4  Ndisuio - ok
23:21:35.0501 0x0da4  [ 7340104C2BF2F126714F7CDE85E63610, 45B64EC6F3A4C43F7D74806789067658C6EF0D44D36B841F4D26E1EBC95AF66C ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
23:21:35.0501 0x0da4  NdisVirtualBus - ok
23:21:35.0516 0x0da4  [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] NdisWan         C:\WINDOWS\System32\drivers\ndiswan.sys
23:21:35.0516 0x0da4  NdisWan - ok
23:21:35.0516 0x0da4  [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] ndiswanlegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:21:35.0516 0x0da4  ndiswanlegacy - ok
23:21:35.0516 0x0da4  [ 78A12E3DF035B5D054986949B19BE43C, AD9B34F89B9F27D473BD5FCE6694A40FCCB808B61ABEDD6F70F1AF6C7E73ABF8 ] ndproxy         C:\WINDOWS\system32\DRIVERS\NDProxy.sys
23:21:35.0516 0x0da4  ndproxy - ok
23:21:35.0532 0x0da4  [ 04C8859355C1DC9C0FA198D1894D71C2, E7C67E73009341B5D402470C686781B3C7BBE2531CE26665E08E711B990B1A77 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
23:21:35.0532 0x0da4  Ndu - ok
23:21:35.0532 0x0da4  [ 6C76780A01FC2B885BD6E957B5C36B02, DB7834F03A765F65C773E772D8051AFADB22CA4B5074180AA397857A0C47A068 ] NetAdapterCx    C:\WINDOWS\system32\drivers\NetAdapterCx.sys
23:21:35.0532 0x0da4  NetAdapterCx - ok
23:21:35.0532 0x0da4  [ 5D1513BD6430307C9DB86C6E351372ED, D2AB709CF7CFA5B857B084AFC821914A975B7DDDCE154229981F19448973BD6D ] NetBIOS         C:\WINDOWS\system32\drivers\netbios.sys
23:21:35.0532 0x0da4  NetBIOS - ok
23:21:35.0532 0x0da4  [ 6FEBB0A847FFD5F057B9AC8889F1B9A7, 558BCC64C59079E6569F61CCE1219A124B3313FC4E6CB5CBCC94124D202FF19D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
23:21:35.0532 0x0da4  NetBT - ok
23:21:35.0547 0x0da4  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] Netlogon        C:\WINDOWS\system32\lsass.exe
23:21:35.0547 0x0da4  Netlogon - ok
23:21:35.0547 0x0da4  [ D3BF2DA9216A4CF22A97820A50A67EFF, D00CBE0A7ECFB449D9B48967A01EE56141404EBE229893D5A1710781AD5F2551 ] Netman          C:\WINDOWS\System32\netman.dll
23:21:35.0547 0x0da4  Netman - ok
23:21:35.0563 0x0da4  [ F2645D51DD8AABC8BC72358409410437, 8CB97628923D6CEA6EFAD7E666BE92C154060BD108C28D46287A520A14B18ADA ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
23:21:35.0563 0x0da4  netprofm - ok
23:21:35.0563 0x0da4  [ D65F295A049473E6A39EA9A0EA76CA32, 274FC0BA044EB2D14093AB0E561F7FACEE06A3F433C81343C8B926FA2F9BD251 ] NetSetupSvc     C:\WINDOWS\System32\NetSetupSvc.dll
23:21:35.0563 0x0da4  NetSetupSvc - ok
23:21:35.0579 0x0da4  [ F7C50E021B401E38770F846BEA119C4D, 2C4A759D9DF1616D320E066BBE931B18A8B724908CA59E3CC2D86E71B1DB7ACF ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:21:35.0579 0x0da4  NetTcpPortSharing - ok
23:21:35.0579 0x0da4  [ 3613FDA8969255DB4D5B1AD753A6749A, D9B37C73E0EBB7298A51F44E278EAD1A2EF0C814EF82BA3B0729905FB07F0129 ] netvsc          C:\WINDOWS\System32\drivers\netvsc.sys
23:21:35.0579 0x0da4  netvsc - ok
23:21:35.0579 0x0da4  [ E79E364AF827EB1F141BE000ABB8727D, 96218EB8B7C9E0F614AB9EAEAEC41BD4DB0E9EFE5C1D87EC749B9CB71653CEB1 ] NgcCtnrSvc      C:\WINDOWS\System32\NgcCtnrSvc.dll
23:21:35.0594 0x0da4  NgcCtnrSvc - ok
23:21:35.0594 0x0da4  [ 54C31C2B815E2E26BB8158022F837C9C, CED660D1A58F635C6452F82FCB2EF8ACEEB7785E31617B2ADFD9EE69A2BDF2B8 ] NgcSvc          C:\WINDOWS\system32\ngcsvc.dll
23:21:35.0610 0x0da4  NgcSvc - ok
23:21:35.0610 0x0da4  [ 9B9F520C72EE33EAEC857124BB800243, DFA9386B272F4D86F3E4BE861A2FC4617261E1AA40576DDA610FC24AB4961A63 ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
23:21:35.0610 0x0da4  NlaSvc - ok
23:21:35.0626 0x0da4  [ 001CBD7A2CD45C4EB39C01C3C677EF73, F4AAF4D60DB1232921C7811A62287B55C7C098B7A1FF9A40D88AF58A5ABECBA2 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
23:21:35.0626 0x0da4  Npfs - ok
23:21:35.0626 0x0da4  [ 90F5DC9802AAA00CD0B6E2AD9E7FFADC, 71C0777829299DECA6ACD42F38802DBE3C29A42CFBD8A396F39DFA44D1F55B6C ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
23:21:35.0626 0x0da4  npsvctrig - ok
23:21:35.0626 0x0da4  [ 1993C85962692EF7024501E7FE92D466, F5BCAA8308495EBF8BB061C2015E07C202A779668D171364D7E312975BC18B10 ] nsi             C:\WINDOWS\system32\nsisvc.dll
23:21:35.0626 0x0da4  nsi - ok
23:21:35.0626 0x0da4  [ 0C6218321A09A7B51BA7FFAFBA4CCB21, 330B3FA793A78410B28DFC8250BBF24442E3BB80434A7938BB96F02337614E0D ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
23:21:35.0626 0x0da4  nsiproxy - ok
23:21:35.0657 0x0da4  [ 98BBD81DC481E9D58EEB31C81EBDEFF5, 28FAAFCB90721C557C37D18533681C274428BC97AB3C3AAFCC75212074E9F2CA ] NTFS            C:\WINDOWS\system32\drivers\NTFS.sys
23:21:35.0672 0x0da4  NTFS - ok
23:21:35.0672 0x0da4  [ 6E6DD6F9DD2A034CF85E94047DBDB992, 63D0A0756F551B7668D1CBAB24B29FD462C706E8A81690BC248D6C92061FE215 ] Null            C:\WINDOWS\system32\drivers\Null.sys
23:21:35.0672 0x0da4  Null - ok
23:21:35.0672 0x0da4  [ A138890751D328A9ADEAFCB4CC0B6370, BD42BAFD4243861A2DF9FA0170DB03D01DD3AB6A3047322878FD636576414C63 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
23:21:35.0688 0x0da4  NVHDA - ok
23:21:35.0813 0x0da4  [ C3594335F6D26A475E6CB32534DD9F08, E0AC44476AC93282A600C589ED8B84CBC79F60EB7F7AD25E73439B9738A96484 ] nvlddmkm        C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f37f8f12da8b10d7\nvlddmkm.sys
23:21:35.0938 0x0da4  nvlddmkm - ok
23:21:35.0954 0x0da4  [ D261DF41F0840F734856A2B4F5E072C7, 2E703556D0C919375D0B7770513456844B13362190643D5524663EC8546E0FF5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
23:21:35.0954 0x0da4  nvraid - ok
23:21:35.0954 0x0da4  [ 23B702B555EB0436B9DAA0BC63DA65CE, D454F80D9657CFEC852F022C12D7B2C1A2D7D247ECC591EDB07B9369DFD8C99E ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
23:21:35.0954 0x0da4  nvstor - ok
23:21:35.0969 0x0da4  [ CA090120FB0C11D99A15DA648CD33EE8, 9760D42634867306DA422A1A17C872FBE8D9874295107F8B00A9D5564CE3BCFC ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
23:21:35.0969 0x0da4  nvvad_WaveExtensible - ok
23:21:35.0969 0x0da4  [ 8633AFA9759AD66649D9E0613FFDD847, 6B1F4C4B8AEFC963652C9E881C28C3FCE5665D23C3D79AFA8F9F896B722F7A95 ] nvvhci          C:\WINDOWS\System32\drivers\nvvhci.sys
23:21:35.0969 0x0da4  nvvhci - ok
23:21:35.0969 0x0da4  [ 17997DC2441F7E29CDFC6458E0392764, 636CCE2DA1EF8195B33F8D6D5C8CC151D58EBF08DC9AD8ACCCE7ABD41A69639F ] OneSyncSvc      C:\WINDOWS\System32\APHostService.dll
23:21:35.0969 0x0da4  OneSyncSvc - ok
23:21:36.0001 0x0da4  [ 3BFD37065C952EE1BDA36714931F052B, 2095C468DF7354E0254C1F3AA85CB4D91BF4223E9FCF0A2AE99B68434AA1CC06 ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
23:21:36.0016 0x0da4  Origin Client Service - ok
23:21:36.0047 0x0da4  [ 36CF3B0A877C33A79045F6791A7A33FF, DCC646DBF4C446F9BC4FA3BA1D28BBB57902885DB371891C7B79785A107E0CF6 ] Origin Web Helper Service C:\Program Files (x86)\Origin\OriginWebHelperService.exe
23:21:36.0063 0x0da4  Origin Web Helper Service - ok
23:21:36.0063 0x0da4  [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
23:21:36.0063 0x0da4  p2pimsvc - ok
23:21:36.0079 0x0da4  [ 2BBCED66D7AFC968BDBB0E4D8524DF0A, 762D916390F9DE69B3EA1D31244224F910645F8E5CEF4C505B76B215BFDFCD9A ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
23:21:36.0079 0x0da4  p2psvc - ok
23:21:36.0079 0x0da4  [ 6B81BF7853D161DB8AC62CD8B9C2DE6B, B2DC06D135FD2501217DDA7349556EB873309E02188D4C3901807BA24FAB30C7 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
23:21:36.0079 0x0da4  Parport - ok
23:21:36.0079 0x0da4  [ 0553ECB742278C8F4CFA28B43FF20EAD, ACD7F5BC36573BCEC2C3413DEA687034ECC101EDD3C1544B264BBA29EFCE3425 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
23:21:36.0094 0x0da4  partmgr - ok
23:21:36.0094 0x0da4  [ CDD8EDF4C35BE6D6137112F5CC7A70DA, 80EECA6BC2E668E5652A5CA9B119CCCE2A2E421F0EED1FD0EAC20C42E77C02ED ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
23:21:36.0094 0x0da4  PcaSvc - ok
23:21:36.0110 0x0da4  [ 29AF16726F4DD84376ECA85AB6AFF2C6, BEF9EA10637065365ED343C4EBA51191B9BEADD8F1F3362D3EFE75F40BE9A027 ] pci             C:\WINDOWS\system32\drivers\pci.sys
23:21:36.0110 0x0da4  pci - ok
23:21:36.0110 0x0da4  [ 214DCC87E3898F738075D1341252A552, E721FBBC3510DDB848A8CAEA3B6031EE988F42252DBC3BF7BDB6ABD9A0D9FABD ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
23:21:36.0110 0x0da4  pciide - ok
23:21:36.0110 0x0da4  [ AED76A3333B3A31536E430020E0226FC, EC255B79B0908E3C142D92E35B79D90A3F2594BA012CA2B1B04A6A8745153430 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
23:21:36.0110 0x0da4  pcmcia - ok
23:21:36.0110 0x0da4  [ E63FB38B6E75B39467492FBAD2CD512A, DB406C92BA2460C833A49B98EB5BD58348E868F643A0123B0C9B5315FFC6A124 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
23:21:36.0110 0x0da4  pcw - ok
23:21:36.0126 0x0da4  [ CA979960D3A580C78EDB4BBD6BD3ABCC, 2A136BC562235D26F6421027B158D406FB1D08FE7D70A50DD3E4D344B0E27205 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
23:21:36.0126 0x0da4  pdc - ok
23:21:36.0126 0x0da4  [ 1509A77F840AA9E72CF8247D0CF2FBDE, 2D47AD4D8F5C2D871E603FB6D72D25EFD0E63FA3A542DAADAB9D82ED074C0E0B ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
23:21:36.0141 0x0da4  PEAUTH - ok
23:21:36.0141 0x0da4  [ 540116170E2135FCD5DDE77702166B67, CBEC51C2D47532F1781B3255040F303263420B204C2F8BB2B5D1EC342F57B285 ] percsas2i       C:\WINDOWS\system32\drivers\percsas2i.sys
23:21:36.0141 0x0da4  percsas2i - ok
23:21:36.0141 0x0da4  [ 8356F87553BF49C703CF382033815898, 245EB941566D848F134629690BF271B1CBEAB6440771D3D8D7AED3756835354E ] percsas3i       C:\WINDOWS\system32\drivers\percsas3i.sys
23:21:36.0141 0x0da4  percsas3i - ok
23:21:36.0141 0x0da4  [ CB5343FF52A702A9ACFAAE6BE972FE09, EAA5362D91D05D382DF4EBBAA3FD575456F23CAD531CC6F1270F8254892DBF02 ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
23:21:36.0141 0x0da4  PerfHost - ok
23:21:36.0157 0x0da4  [ D0D57322ABC7473E54472D8374169CC5, BD14A13D6908C8669E56EF9401FD8A3D7C618E8B6556B36E634864E733BCA4B2 ] PhoneSvc        C:\WINDOWS\System32\PhoneService.dll
23:21:36.0172 0x0da4  PhoneSvc - ok
23:21:36.0172 0x0da4  [ C7A94D99CDF054248EFBD9B93D096DA6, F59F0EB5B17DC078E47D044B1126A786D67DC149AC9614CDA6AA1226EEE3EF55 ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
23:21:36.0172 0x0da4  PimIndexMaintenanceSvc - ok
23:21:36.0188 0x0da4  [ F931F21E4287FE3ECCF09B54A232BBA2, CEB7AB3236E5F30214027092B7B695ED35F7A1E007DF4046797D1E4DFEF49EC8 ] pla             C:\WINDOWS\system32\pla.dll
23:21:36.0204 0x0da4  pla - ok
23:21:36.0204 0x0da4  [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
23:21:36.0204 0x0da4  PlugPlay - ok
23:21:36.0219 0x0da4  [ 56D7A89423325121C4A9BD5C326414F3, 649048C23D1973C3504E26B35362AC99DFE9BF31FFE73F45B43306A212AEA34C ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
23:21:36.0219 0x0da4  PNRPAutoReg - ok
23:21:36.0219 0x0da4  [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
23:21:36.0219 0x0da4  PNRPsvc - ok
23:21:36.0235 0x0da4  [ F70CAC34B455D05EAA04B2F8FB58E1CB, 295BFFB3DA03C5CE5462C11D3240024B68AC06E8DEA9062A739BE2CCEE19EB5D ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
23:21:36.0235 0x0da4  PolicyAgent - ok
23:21:36.0235 0x0da4  [ 60C8376B48BA96F07AEA536527433D44, EB988C119C3E71169B91ED2A744C71933DD35447DC4A8249E80EC24E9E7077D4 ] Power           C:\WINDOWS\system32\umpo.dll
23:21:36.0235 0x0da4  Power - ok
23:21:36.0235 0x0da4  [ 5645B9D9788CCA2C88B9534996ED2D6D, 4988942DF163DB5B9B1A08CE6B628D2C47C2E2EAA30AEAE4EFE21C8CF4C8DC5D ] PptpMiniport    C:\WINDOWS\System32\drivers\raspptp.sys
23:21:36.0235 0x0da4  PptpMiniport - ok
23:21:36.0282 0x0da4  [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify     C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
23:21:36.0297 0x0da4  PrintNotify - ok
23:21:36.0313 0x0da4  [ 372913E12677A8CBBBABDD8311894F9D, A5233D95A0D22D2A9DB214E7CB79A99D389B67189FF6A87D0AD4610A333A637F ] Processor       C:\WINDOWS\System32\drivers\processr.sys
23:21:36.0313 0x0da4  Processor - ok
23:21:36.0313 0x0da4  [ 1F115AF75EFBAC28479B4F94A3F8D4A3, BE8D8C50D985F6AF9DDC0F13BDBE2D55D600E1F5E344982536538B14EC484AA6 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
23:21:36.0313 0x0da4  ProfSvc - ok
23:21:36.0329 0x0da4  [ FC98407B85A31161851FDE245517574F, 2CCD706CF243934FCDA32B24CE0C385EA2E67F206E0306FA584496F583A20CD1 ] Psched          C:\WINDOWS\system32\drivers\pacer.sys
23:21:36.0329 0x0da4  Psched - ok
23:21:36.0329 0x0da4  [ 7A68710BAC9B6809314B86C0CB1CBC4A, C02D97993D1F6FE6EFBA5B1366B3A4FE8CE1136A95F3A2DA07BA59554C163501 ] QWAVE           C:\WINDOWS\system32\qwave.dll
23:21:36.0329 0x0da4  QWAVE - ok
23:21:36.0329 0x0da4  [ 819602BBBFDB0BD46DEA3715BF0DD452, D4007FF1E5296316B53436CA3598D6B1CF4F60AB77D5B02F3E595081EDD5D879 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
23:21:36.0329 0x0da4  QWAVEdrv - ok
23:21:36.0329 0x0da4  [ CDF47037A0939F56D11F699629C276AD, A63F2A3FE80FB8084E3870E907505694B79EE1D9E56E292C01D481FEFD2534B0 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:21:36.0344 0x0da4  RasAcd - ok
23:21:36.0344 0x0da4  [ 28C2EA278070EE12701D0EDF8CB0EC36, F10288C1C6835840026DB30285345EF892DE989F43C948E7F4760B8895FF675F ] RasAgileVpn     C:\WINDOWS\System32\drivers\AgileVpn.sys
23:21:36.0344 0x0da4  RasAgileVpn - ok
23:21:36.0344 0x0da4  [ 7B82197BF35CC3BE59AEF8B706AB8A16, AB0216164A548A48CD21F5F035E57E867584A96890B9887EC08F8DABDD89F990 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
23:21:36.0344 0x0da4  RasAuto - ok
23:21:36.0344 0x0da4  [ 17E565710172ED71B8531D8822E1C5D1, 0CA39ABD9E544DDAD9D9D7D1FC50444274C31E18F9BF73069051D9F62833698F ] Rasl2tp         C:\WINDOWS\System32\drivers\rasl2tp.sys
23:21:36.0344 0x0da4  Rasl2tp - ok
23:21:36.0360 0x0da4  [ 989DBF4805124A31610947E502501696, BCB73879AEC0588D0BFAB915D1F6EB637333A24D2030ED6572B3A3C03865AE93 ] RasMan          C:\WINDOWS\System32\rasmans.dll
23:21:36.0360 0x0da4  RasMan - ok
23:21:36.0360 0x0da4  [ 9387DF155233D45D4E010F4F2FB52A57, CABC25DA4E512809AED0085767BDD94BF3C1DA792BFF8A009B5465D9110E7060 ] RasPppoe        C:\WINDOWS\System32\drivers\raspppoe.sys
23:21:36.0360 0x0da4  RasPppoe - ok
23:21:36.0376 0x0da4  [ F0F4EEDEEBEE7A4244FAFB96A16B5712, F64717E601BD5EB674003009507B8CDD6F69F00E8670D6895EC64786166A0E8D ] RasSstp         C:\WINDOWS\System32\drivers\rassstp.sys
23:21:36.0376 0x0da4  RasSstp - ok
23:21:36.0376 0x0da4  [ 6132B142C5A1FA4C05F06FE43DE5E55E, CCF64C9A778501635B8B5E20BB617D39D0298329FD6911DC125FC8B31FEFEDE1 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:21:36.0376 0x0da4  rdbss - ok
23:21:36.0391 0x0da4  [ 79A415E6FA915EFC00297DAB16EC2635, 47BB49F6D756214193D38A4AB182B541AAC180381C3111FF7F9B0AD4C44D8733 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
23:21:36.0391 0x0da4  rdpbus - ok
23:21:36.0391 0x0da4  [ 7135785C21CA79D270D11037C43D3F19, 654A3C65CF891ED8C82A740D10CF607FC7D709185E664DE03288CEB5B25F03A6 ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
23:21:36.0391 0x0da4  RDPDR - ok
23:21:36.0391 0x0da4  [ 97A61A3CB2B5CB4FC32B3224EF333448, E4F2E8BCEE3639BE57BBC8A8E67FDE42C3A5158F1204684B0ECD216F4AA044A3 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
23:21:36.0391 0x0da4  RdpVideoMiniport - ok
23:21:36.0391 0x0da4  [ 69BB204AE07EE84ECFAB1BF13C4BD04B, 1CA832CBF4AE4821EEA2A19F9519C2D1D00406B8CCE2A86FE3B33A5F293DB218 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
23:21:36.0407 0x0da4  rdyboost - ok
23:21:36.0407 0x0da4  [ 940D6F5A2B0A61EE4170DF84F6C95C20, F8EE846DC8015EDFE7CB5BEEDC977EAA9C586BAC2216DE69D8ECCBDBC7408649 ] ReFSv1          C:\WINDOWS\system32\drivers\ReFSv1.sys
23:21:36.0422 0x0da4  ReFSv1 - ok
23:21:36.0422 0x0da4  [ 13F6B64235C60167052364BF7D99E4CA, BC12EE00775F7456FB922FBD684BF3F0CFABA5BEBB6E162C23B41DED5C20A978 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
23:21:36.0438 0x0da4  RemoteAccess - ok
23:21:36.0438 0x0da4  [ 3183B161B1F05333F6C325577FEF3596, D6A89B2A021377B6F371E5B9EFC36FF018822B28F0ED41F8CD2F00C5C8605707 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
23:21:36.0438 0x0da4  RemoteRegistry - ok
23:21:36.0438 0x0da4  [ CE44FB62412C9B78008BE740B0E16D11, 4FA01F54EE3924EEE0953FB27336FFB01069F2248859B4984030E5D364807335 ] RetailDemo      C:\WINDOWS\system32\RDXService.dll
23:21:36.0454 0x0da4  RetailDemo - ok
23:21:36.0454 0x0da4  [ 498C3D4D44382A96812A0E0FF28D575B, 23CB784547268CF775636B07CAC4C00B962FD10A7F9144D5D5886A9166919BBA ] Revoflt         C:\WINDOWS\system32\DRIVERS\revoflt.sys
23:21:36.0454 0x0da4  Revoflt - ok
23:21:36.0454 0x0da4  [ 5DAA644F17780FC4E3F4820A46D38FEC, 32C27FFA0A4608B164F4E709CD0D998AB73CA9713BE3E47F9DBC7B3D1B6C7453 ] RmSvc           C:\WINDOWS\System32\RMapi.dll
23:21:36.0454 0x0da4  RmSvc - ok
23:21:36.0469 0x0da4  [ 672724C8B21B7DC56646045DE4D5B860, 79986E80A92C949C543959F1E35647A9788DAB2892AC20B6DEA5C0BBC0CEDE9E ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
23:21:36.0469 0x0da4  RpcEptMapper - ok
23:21:36.0469 0x0da4  [ 109C1D609951E886D3643B15C1EDD1C2, 347D8E7C50EC7F96217C7421D9BC8A42C9DF50B94169CB58DCF857A63C33C2EA ] RpcLocator      C:\WINDOWS\system32\locator.exe
23:21:36.0469 0x0da4  RpcLocator - ok
23:21:36.0485 0x0da4  [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
23:21:36.0485 0x0da4  RpcSs - ok
23:21:36.0485 0x0da4  [ 5FF28F097C9699097B473F8FC7C1AA7D, 695560F1DBD85073F3D6CB1FF16F16504CA044EA62E940E463A16BBA8B86E2FA ] rspndr          C:\WINDOWS\system32\drivers\rspndr.sys
23:21:36.0485 0x0da4  rspndr - ok
23:21:36.0485 0x0da4  [ B5DAEE69BACA64D2BB004568E22D8756, C0072CF6B438ED756435A182D55AC55F3AD356ACBD483DE06A94893D3CA8CCC5 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
23:21:36.0501 0x0da4  s3cap - ok
23:21:36.0501 0x0da4  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] SamSs           C:\WINDOWS\system32\lsass.exe
23:21:36.0501 0x0da4  SamSs - ok
23:21:36.0501 0x0da4  [ 5E73FB63E2DBC75FE0C17DEB0010CE0E, 9DAC47486262397D03BC01F7438CAB62CF33BD7B5283F5B9548C770A3D6D0ADC ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
23:21:36.0501 0x0da4  sbp2port - ok
23:21:36.0501 0x0da4  [ 3CD0130FFDEAEACF0905B482F3934EA3, 1EC355B63135FD2563093EBB206741C0C4CCE0551A662F6DC86C875146A88B06 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
23:21:36.0501 0x0da4  SCardSvr - ok
23:21:36.0516 0x0da4  [ 5E8ECCE130A72107B6DFDBE26185A7FB, 811E2CE485BC14161FF629069BCCF53B2B8C6F8B1E1A6B3A3C86DBE4F85A5577 ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
23:21:36.0516 0x0da4  ScDeviceEnum - ok
23:21:36.0516 0x0da4  [ 3D9A82B03C92D1FEC42CB171D6F57778, DC027F02F5EB5F1D10DB6F405FB0C15D4D5C922445F5F3C916624113278AF072 ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
23:21:36.0516 0x0da4  scfilter - ok
23:21:36.0532 0x0da4  [ D4DB6B318A0A0C74A90260725A228C0B, 57BA2EF9D880488C785C806ABF9EE753A48E589129442D72F815CD6EFFA07B22 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
23:21:36.0532 0x0da4  Schedule - ok
23:21:36.0548 0x0da4  [ 9055ADDFBA4C8B914C914CE693B55C0A, DB213AC36E14D856B81D2AFE46815402537A2ABEEA15032A9FF436F953129441 ] scmbus          C:\WINDOWS\system32\drivers\scmbus.sys
23:21:36.0548 0x0da4  scmbus - ok
23:21:36.0548 0x0da4  [ B6F2363584E62960846F7C3F00124A4F, 252189FF9D623CF69BF415FF7C7FE74B0BBF756B632420578BFAFF6595616CF7 ] scmdisk0101     C:\WINDOWS\System32\drivers\scmdisk0101.sys
23:21:36.0548 0x0da4  scmdisk0101 - ok
23:21:36.0548 0x0da4  [ E189727B3C9909A85B33A16B290E192E, 2C273A9F44EDC5E5435904E9681973854B2F3EBB6100021BB139FF0CCCE9BF20 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
23:21:36.0548 0x0da4  SCPolicySvc - ok
23:21:36.0563 0x0da4  [ 7C3D10BEC8B0DBA00A78C78EB10B3AE2, A671C9CB97977613576D70607E106C7A29B9EA9E875C7C5AF293EE5903D7AD0A ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
23:21:36.0563 0x0da4  sdbus - ok
23:21:36.0563 0x0da4  [ F3714DBAA42C15F78FFCDFE4273214EB, 2D018970B92C5F0744FAE10A2FC298F3DCEA5C2EDEB760F4F0651337B9878ABF ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
23:21:36.0563 0x0da4  SDRSVC - ok
23:21:36.0563 0x0da4  [ 120DFCB71D6C502613A9E2D50E16850C, 2C294010AD1C9C380CD5221A37720544178B7358C8C8553AF44055E4CEE5DAF5 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
23:21:36.0563 0x0da4  sdstor - ok
23:21:36.0563 0x0da4  [ EFD644DD091E1D94555FC3BBC95EA66D, FBDDA6680BEC378CCF12A32D9186020E884DA15A1E789D1531B1E687FC7B54B1 ] seclogon        C:\WINDOWS\system32\seclogon.dll
23:21:36.0579 0x0da4  seclogon - ok
23:21:36.0579 0x0da4  [ BD0C9D978841E61343D64D850C82C92E, C957015DA8BF5B580E1E10A191489AF1B07C572143F12BB50BFF36E512B073CB ] secnvme         C:\WINDOWS\system32\drivers\secnvme.sys
23:21:36.0579 0x0da4  secnvme - ok
23:21:36.0579 0x0da4  [ C1A9473243EDC53E014ED3993B93BD25, B4BE40864E8F131274BB40AC475D25139E5CF1E3642AA50DACA8162B213C3262 ] secnvmeF        C:\WINDOWS\system32\drivers\secnvmeF.sys
23:21:36.0579 0x0da4  secnvmeF - ok
23:21:36.0579 0x0da4  [ F48535714BED7DD784853889B4594B26, 9B4AB7E7293E79A8F6CC46C84F23E62AD3BD6E958FCE078CDBB125A69FAC7E50 ] SENS            C:\WINDOWS\System32\sens.dll
23:21:36.0579 0x0da4  SENS - ok
23:21:36.0594 0x0da4  [ CF2AEB951CFC56D4F6CF2D66218B673C, CEA0B0E0251EA198893830080EE4CB8A9F18ADBF1F6FEFFC9C7E8AB4588D0639 ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
23:21:36.0610 0x0da4  SensorDataService - ok
23:21:36.0610 0x0da4  [ C09A42163878A082C3F0D0A3DFE95714, 8033DC38D0EDED3758DA6BF8C1955BE5FFE48863C079C589660B37D0E461300F ] SensorService   C:\WINDOWS\system32\SensorService.dll
23:21:36.0626 0x0da4  SensorService - ok
23:21:36.0626 0x0da4  [ E6F00415DADCEEC860E7AB42BFD19A65, 274CAF22F93D43B6DB6953730E3DF8DA94776B24EEE74B80AB4CD780BC1366A9 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
23:21:36.0626 0x0da4  SensrSvc - ok
23:21:36.0626 0x0da4  [ 401D706DDC0A7AF18C3DD228ADF74551, 27C0B38D7C2E3F6FF06201124E63483931F6071954B2B99EC0143C464238C0B7 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
23:21:36.0626 0x0da4  SerCx - ok
23:21:36.0626 0x0da4  [ 7084D11083F0CDCA8B5C76F9846ABF5D, F639920882B0E784D8CFAF0D4C0F0C411937B6831E5DD99B0ABFBFE06BA4742F ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
23:21:36.0641 0x0da4  SerCx2 - ok
23:21:36.0641 0x0da4  [ 3FF478A8ED32A83C36581425F6282B6C, 787646A17098EA7CF36064D0A950C1D470D4A280C8C5AC40023D566E53860EAE ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
23:21:36.0641 0x0da4  Serenum - ok
23:21:36.0641 0x0da4  [ 92509187AA171A80521528B36F753E1D, FE0DA272B8A155ECC161E99586C4AE7EE17B1C84BC330DA1566C83B8E03FA825 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
23:21:36.0641 0x0da4  Serial - ok
23:21:36.0641 0x0da4  [ 433D38FF6D08B993847EA2A10EB8CB52, 29BA75DB6D1AC761BBDFB5AC8874FC7D763E1CD10D290E369063B34CE951270F ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
23:21:36.0641 0x0da4  sermouse - ok
23:21:36.0657 0x0da4  [ 82CF273F0E8F243789683DEB40757569, 5433D93A41C4BF04494E6158931C6AC3154888F7CD3A417253EC02FF7EA6D00E ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
23:21:36.0657 0x0da4  SessionEnv - ok
23:21:36.0657 0x0da4  [ 697D3EE0740AEAB62B66ABCA1C83D13B, FCF54A0071ED04AD3FC8551C67FE5FD49089DC0510F753052CAC5972A65C9E3D ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
23:21:36.0657 0x0da4  sfloppy - ok
23:21:36.0657 0x0da4  [ E38BE81F0F6D9C74E420A82BC6A02AFE, 25D7594FD1BE0B303F9777ACBA702ACD0C27B00D21F82659989C40636851A330 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
23:21:36.0673 0x0da4  SharedAccess - ok
23:21:36.0673 0x0da4  [ 482E6BE8A07832E824080D352075ACA1, 4123A76C8E805AF4FE229C53E9C174095C0937913BA81A63FE9B45C44AA5B15F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:21:36.0688 0x0da4  ShellHWDetection - ok
23:21:36.0688 0x0da4  [ CF3BDF9EAD8D3EF671E9339B44B185BA, C17EC6D5B00F49D9C8B5B6C262A85F34ED71C58450659F006B3632AA84F68E23 ] shpamsvc        C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
23:21:36.0688 0x0da4  shpamsvc - ok
23:21:36.0688 0x0da4  [ A34CE1830E45DA98932295FDE4B7908A, FC553ECF4D64B4B10B7FDE5352707785517A18D487A80665BAFC7261E3F35CDC ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
23:21:36.0688 0x0da4  SiSRaid2 - ok
23:21:36.0704 0x0da4  [ A7B5C670770E908DA5FEF5BF1136E933, 8D3BB6FF65E631C34BE8EA766481B2FDB2E1E916A4FD67F86705A8975A136E6C ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
23:21:36.0704 0x0da4  SiSRaid4 - ok
23:21:36.0704 0x0da4  [ D233EAE2A9D48485321816486ED635EF, 03AB49BE9CF15EB7EDC50C400E673B4DF0E5BFDA9A7811E157F2AF2F3CF38D49 ] smphost         C:\WINDOWS\System32\smphost.dll
23:21:36.0704 0x0da4  smphost - ok
23:21:36.0704 0x0da4  [ 0B217141AC1283655402CDB356577735, 6EFA4CA46CFC8B7156CE7E5CA89B7F7073E16D66C2FC13F4DB95FEB78CCF698F ] SmsRouter       C:\WINDOWS\system32\SmsRouterSvc.dll
23:21:36.0719 0x0da4  SmsRouter - ok
23:21:36.0719 0x0da4  [ 6F4CE07D420FB657B5936F71101ABD41, CEC52984C56E578E0FFE12BE1B8148335F788B7D1751F2D0E79B944A41113C20 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
23:21:36.0719 0x0da4  SNMPTRAP - ok
23:21:36.0735 0x0da4  [ 8BDB9E47D84144110F05AB757E630374, 8A49004895B8AD17C877AA8E7B6A0F14936BDDCBB88F0E5FB880DD0D816AEAB4 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
23:21:36.0735 0x0da4  spaceport - ok
23:21:36.0735 0x0da4  [ E03264C4C25B568F92ED1656AD541E64, D42942BFFBC7213D204FAF84F4FE015FC23A6ACB29B5E752834EDBC17A3AC20D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
23:21:36.0735 0x0da4  SpbCx - ok
23:21:36.0751 0x0da4  [ 1DFE222F8D6A422B7ADC909E0C8840DA, 96761691CF4447710D65573044A1005F2F0F89443DF581A30B97D7944940BB70 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
23:21:36.0751 0x0da4  Spooler - ok
23:21:36.0813 0x0da4  [ 23529A00195CE71252FEBF647E56E27D, 8ADF7A1C96DAE005E9A974D90BE8954F88D49B6848252B88513C49E0A3BD9774 ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
23:21:36.0860 0x0da4  sppsvc - ok
23:21:36.0876 0x0da4  [ 55CA5329D1ADEB8F8034045930147AE4, D4F31BC82700D166564C7F9CDCEA3ABAB4A37B55137C34572768DF46FDA9320A ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
23:21:36.0876 0x0da4  srv2 - ok
23:21:36.0891 0x0da4  [ F13EE0DB1FB1D6946AC3228D7EFCFC8F, 109A809F0338FAB0F4045FA5EE33C6F0A994A9F586B2FBD8920A6AABA0E0EF66 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
23:21:36.0891 0x0da4  srvnet - ok
23:21:36.0891 0x0da4  [ 44758105AB3EA34E815D4B6CA1153311, 7F223A20D2538C123BAC6F75BE0E126876A116F09502FD980C05B8916E26E1B7 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
23:21:36.0891 0x0da4  SSDPSRV - ok
23:21:36.0891 0x0da4  [ B97C7EC07218A8002323718202BF5E77, 39D3254383E3F49FD3E2DFF8212F4B5744D8D5E0A6BB320516C5EE525AD211EB ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
23:21:36.0907 0x0da4  SstpSvc - ok
23:21:36.0954 0x0da4  [ 4E330AD1EED4A5D582EE415FD55953A2, 2C02E1F45F74D250110BA5117AA942495CB2EBAC7F2CCECC284B4FB8F47B13E1 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
23:21:36.0985 0x0da4  StateRepository - ok
23:21:37.0001 0x0da4  [ DF8D486ADBBC6ACA0901CF3C1A09EF05, 734477E23E1C8578517B187CE26FC0F5646BB557F871D6C69D78D12AEB20D287 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
23:21:37.0016 0x0da4  Steam Client Service - ok
23:21:37.0016 0x0da4  [ 29D26E1347AE1BBD4201014E19880B2C, 9E2153AD96CE4F189EEE43BB02515532C619FB1CA02D8F6DEF517AC3347AAA14 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
23:21:37.0016 0x0da4  stexstor - ok
23:21:37.0032 0x0da4  [ 91CB95B35481155BFE29C217CD237F27, CA66957DF1441D991453BEF02D768D44E5D9A484BC23C8874E8A7AC20904CB06 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
23:21:37.0032 0x0da4  stisvc - ok
23:21:37.0032 0x0da4  [ 6BC6023E866489D22CE30E18846B80D9, FD0D13332F3E267524A9FA7FEC128298D4905722807C172AE8E3DFE445C28DB1 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
23:21:37.0048 0x0da4  storahci - ok
23:21:37.0048 0x0da4  [ C5E0ACE4771F5575D9D5B457ABF3AD03, 365880BC5AC313F25C313EFB7758301F98D9B2BF4C5FC9499F98C2B7F8407D96 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
23:21:37.0048 0x0da4  storflt - ok
23:21:37.0048 0x0da4  [ B66D8C75C9BC59D637177AB3B1C569A6, 76252A631F03EEBF5FDC7693F6B0A5E73838CDBE3157114CC96B8BBE88B476BF ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
23:21:37.0048 0x0da4  stornvme - ok
23:21:37.0048 0x0da4  [ BEBF85EB4D90E6996047DA027D0ED26E, DF109CF0F07CDD1B9B702C2A076D4DD5366DAAD971CC9359AF0358E79981706F ] storqosflt      C:\WINDOWS\system32\drivers\storqosflt.sys
23:21:37.0048 0x0da4  storqosflt - ok
23:21:37.0063 0x0da4  [ B91FBE7CB4633FEB32AFBD0B48576396, 9EFDD92E8096CE5555F8DC3C870864E5515469603C2373B99B3607234633CA66 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
23:21:37.0063 0x0da4  StorSvc - ok
23:21:37.0063 0x0da4  [ 8E73037A6F8938475692FFCC26EBF385, F78C5CD1A3CD17AA831EEC82426B14006B4DDBC9085A4814E04E8C37FD6B05F7 ] storufs         C:\WINDOWS\system32\drivers\storufs.sys
23:21:37.0063 0x0da4  storufs - ok
23:21:37.0063 0x0da4  [ 9D9DED47DA10E845EFF2DD57C94C809B, 520D0CE7A867051B80C8141E351FE5A5BCE3C99776093F234DB77D3407B1F104 ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
23:21:37.0063 0x0da4  storvsc - ok
23:21:37.0063 0x0da4  [ 224C92E442B1B8C20C274332F1ACF00D, CDE5DCFB7A21089464A6E2ABB29BBE08B184C3433C218756AA5902A8F67C0B2C ] svsvc           C:\WINDOWS\system32\svsvc.dll
23:21:37.0063 0x0da4  svsvc - ok
23:21:37.0079 0x0da4  [ 505E0C40B5D0ADDCBB414640F59BD2E0, DF4B5E65FE6FF2224F298A2A2FAC9B648C082DFF8463148633647580A9FAD34D ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
23:21:37.0079 0x0da4  swenum - ok
23:21:37.0079 0x0da4  [ 2EE27411B5904C63D723BEA391819F58, C88C11D460E90398E16011B8A2CED5EE5626084F24790EA6115532F8F70060C6 ] swprv           C:\WINDOWS\System32\swprv.dll
23:21:37.0079 0x0da4  swprv - ok
23:21:37.0079 0x0da4  [ 32F46FB0F290D16DAA452B289C985795, 73F88AAAA6026DB4C27F1D054145216DCC3F1960946FB2A7A90518DD1D5737CB ] Synth3dVsc      C:\WINDOWS\System32\drivers\Synth3dVsc.sys
23:21:37.0079 0x0da4  Synth3dVsc - ok
23:21:37.0094 0x0da4  [ FED48B19D6F55D7A3AB498D85729D1BA, FA5E0E02BC2E2DE108C55991E3B063CC947072228B53539F42F922661510DE7C ] SysMain         C:\WINDOWS\system32\sysmain.dll
23:21:37.0110 0x0da4  SysMain - ok
23:21:37.0110 0x0da4  [ D9FEA79BF6AF136F8E656AE045C2FEC8, E6F08A93348E035185F0F1C6B6277E636F4F25D1136E3ACCA63488DAEEC7114B ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
23:21:37.0110 0x0da4  SystemEventsBroker - ok
23:21:37.0126 0x0da4  [ 86E7FD5C8DBEC1EB51C4368561402B75, 86EE61414CD5854E39E33F67BF5DA4377B569B3ED4D18882C470BC6784891DA1 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
23:21:37.0126 0x0da4  TabletInputService - ok
23:21:37.0126 0x0da4  [ 134B275751051C5D03F9ACCDC4F8CAAB, D50F96485AF6F26EA9A5A3A2ADEACC2DFD3B2ABCDAB88195B75CC72EAC543BE2 ] tap0901         C:\WINDOWS\System32\drivers\tap0901.sys
23:21:37.0126 0x0da4  tap0901 - ok
23:21:37.0126 0x0da4  [ 3929C8FC134AC672C4F3F85160956257, CD3195CA58BA6F55EA0DDA2BE6AB58280AD1CA488D7AAA1539DD05FB99374F36 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
23:21:37.0126 0x0da4  TapiSrv - ok
23:21:37.0157 0x0da4  [ 2011413864620317C8F931219CAF09C3, 640B39A8F355145CFA8174A1767B7DFCCF6DDC6A03AE0D54E346D8EEA9039415 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
23:21:37.0188 0x0da4  Tcpip - ok
23:21:37.0204 0x0da4  [ 2011413864620317C8F931219CAF09C3, 640B39A8F355145CFA8174A1767B7DFCCF6DDC6A03AE0D54E346D8EEA9039415 ] Tcpip6          C:\WINDOWS\system32\drivers\tcpip.sys
23:21:37.0235 0x0da4  Tcpip6 - ok
23:21:37.0235 0x0da4  [ EC9450227A4C661513661F1F9C1F7DD6, 4DB122DECEA7C76BD20A6682958609A40CA2C9EDD236DFA19E9B31C57114DA3A ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
23:21:37.0235 0x0da4  tcpipreg - ok
23:21:37.0235 0x0da4  [ 0B237F8A96952BF95A14865030E131F2, 263089672218D3A768A6FC9D28DBEFE113D6757A9ECBAB4D364A62AC5DDA8AAE ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
23:21:37.0235 0x0da4  tdx - ok
23:21:37.0251 0x0da4  [ 06130AFFECEB94525FC2352936576B70, 10EBE2C8FDC087D29E2FFB328F0F7905A5374AB8CC9FAE8699E7676DBC8CBF91 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
23:21:37.0251 0x0da4  terminpt - ok
23:21:37.0251 0x0da4  [ FB68E5F02316C42BE7282DA492351C6F, AC31D841FEA58B776127E138DB20F8D48E26FD8C00CE2FA9695EA14EBF159A0A ] TermService     C:\WINDOWS\System32\termsrv.dll
23:21:37.0266 0x0da4  TermService - ok
23:21:37.0266 0x0da4  [ 2AF438EC0D361A7BBB70E604A686602C, 4BE6A0461EB2CB94288614434A1CEC81C2ED46241721FD5BBD8ABE0680F7C804 ] Themes          C:\WINDOWS\system32\themeservice.dll
23:21:37.0266 0x0da4  Themes - ok
23:21:37.0266 0x0da4  [ 1482B8ED5CACA87992A882B853B83CEE, 613247F0E362A109090E8563D977DECC50C64D45D6962905FA84A2D59329045C ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
23:21:37.0282 0x0da4  TieringEngineService - ok
23:21:37.0282 0x0da4  [ 3B3C607C3C62DFBEF61938DA2CAB94DF, E5EEA7F45A7BBFDF6F0003CD77E39958C451DD1B4B401876B5619A3C20F5C370 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
23:21:37.0298 0x0da4  tiledatamodelsvc - ok
23:21:37.0298 0x0da4  [ C1F8CBE2D4843E0CCC3EFEA2EC60D4AB, 9D07527D982066922318C77AECE99280DE55034C375ACE145E827A6BEB5C3B70 ] TimeBrokerSvc   C:\WINDOWS\System32\TimeBrokerServer.dll
23:21:37.0298 0x0da4  TimeBrokerSvc - ok
23:21:37.0298 0x0da4  [ 46171262D0E806779DEEDFCAB2F830CC, 7F4A4658B8BA217D99E5B5C0E01600C20DC96ECBCA32A5BA7FBE17D2A7B8BFD8 ] TPM             C:\WINDOWS\System32\drivers\tpm.sys
23:21:37.0298 0x0da4  TPM - ok
23:21:37.0313 0x0da4  [ 3B91F35089240F6187AD681A5EC28BDE, 3D035CB73BC8E7831DCD0FB7D9DAD91CE51D3D0F9D9C8B866A0009BD508B6702 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
23:21:37.0313 0x0da4  TrkWks - ok
23:21:37.0313 0x0da4  [ 09440FA30C020B4443391FAFCF4876E3, 208C7725F70C75D8C96CCAF5B22F83B8B1C66D8C9FFF48465B1C9F4A77425569 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
23:21:37.0313 0x0da4  TrustedInstaller - ok
23:21:37.0313 0x0da4  [ A6F4025664C9D4BC2A9EDAB4092706D7, 89808A1679C0E716F86F06EE7701DCC289200894F0FA1F120DA2AC3A45FDB312 ] tsusbflt        C:\WINDOWS\system32\drivers\TsUsbFlt.sys
23:21:37.0313 0x0da4  tsusbflt - ok
23:21:37.0313 0x0da4  [ 37A96AD493E110C0BF1EE0AC0F9E7DBD, F2A6894A4AEE18DF2B92222CDB0801A13AEEB7212071F0431430788339B30E23 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
23:21:37.0313 0x0da4  TsUsbGD - ok
23:21:37.0329 0x0da4  [ 79E264287F17D56D768440B0270466DE, ABF9DC95C5E939B30BFD9BF9EDFDB3BD78A9DFCB055B945965303B6A60E6D7A7 ] tunnel          C:\WINDOWS\System32\drivers\tunnel.sys
23:21:37.0329 0x0da4  tunnel - ok
23:21:37.0329 0x0da4  [ 13781908186770ABE9F8EBCC2B45B138, 4BEC8466254E0C6492CC55CE344A6173878CFA040238C6BE5842E5209F066DEE ] tzautoupdate    C:\WINDOWS\system32\tzautoupdate.dll
23:21:37.0329 0x0da4  tzautoupdate - ok
23:21:37.0329 0x0da4  [ AA65954F512BA097DD190790876DD991, C1BB2B8F54F064D01190327B5E7949EBBDA21D6FC6F94D9FCD20F685C2F855FA ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
23:21:37.0329 0x0da4  UASPStor - ok
23:21:37.0329 0x0da4  [ AB6268022C3A5B529075A39C33904DA6, 2717F1704640201F2681711543EA39A74C3E89C7DB232EC5DD89FD8AA6F07846 ] UcmCx0101       C:\WINDOWS\system32\Drivers\UcmCx.sys
23:21:37.0329 0x0da4  UcmCx0101 - ok
23:21:37.0344 0x0da4  [ 7ED2EDA43D21C7A5F589A7960E265C52, 7DB8A595236FBB8A264D7AB155201357212855050ABB5B1036EF32F1223FDCC2 ] UcmTcpciCx0101  C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
23:21:37.0344 0x0da4  UcmTcpciCx0101 - ok
23:21:37.0344 0x0da4  [ 169351463039B45F5CDED9768879F712, 990C8C4AEF9ED7FF6BCEAE67F7BDAA037777B142B8D96A74F8715C941A5C63C6 ] UcmUcsi         C:\WINDOWS\System32\drivers\UcmUcsi.sys
23:21:37.0344 0x0da4  UcmUcsi - ok
23:21:37.0344 0x0da4  [ 08A9E3AD29B215484FBB68CDC175DF3A, 3EFFF99C3BC4A1454E3D2B5177AE587ED3041AB4CE2A95BA7E28A2124E38E1E5 ] Ucx01000        C:\WINDOWS\system32\drivers\ucx01000.sys
23:21:37.0344 0x0da4  Ucx01000 - ok
23:21:37.0360 0x0da4  [ DA70AEE267491AA56BC63AA0C0C96CA2, 0A0AADB27607F9292BB3CE000CFDDB19BD4CA09EAAD926C4925CB43B17817AD9 ] UdeCx           C:\WINDOWS\system32\drivers\udecx.sys
23:21:37.0360 0x0da4  UdeCx - ok
23:21:37.0360 0x0da4  [ FBC5ECF6D5A868D0B116C2DBB02B8168, 945AA76C60ABAD6075B5C8F9172C018F75BCF393A1CB8B329F5E68E664627775 ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
23:21:37.0360 0x0da4  udfs - ok
23:21:37.0360 0x0da4  [ B918E40FAA9CD118CCA4AD388B748C98, 4B539B7B656F02C5E5BAEE52A677757B05CC11C5500D619850A564C28FAB8115 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
23:21:37.0360 0x0da4  UEFI - ok
23:21:37.0376 0x0da4  [ 0FD75222C1AD2687AB365BEBEA400DD4, AD10DBCA59EB7D34FD8F963CE267F36774A9BC613F8D637903B12AC88C328E8A ] Ufx01000        C:\WINDOWS\system32\drivers\ufx01000.sys
23:21:37.0376 0x0da4  Ufx01000 - ok
23:21:37.0376 0x0da4  [ C1A78C53E01C641AE41BFA65797819F5, 0B9FE1BD724B3315199A1B1DA2F03255E4FE744DA3CE6CD0F77699A8E42E9359 ] UfxChipidea     C:\WINDOWS\System32\drivers\UfxChipidea.sys
23:21:37.0376 0x0da4  UfxChipidea - ok
23:21:37.0376 0x0da4  [ 767307212110EBEFB93EC9A5BE9E85B9, 368797400FE54802CE74F34B773CE2AF09EB8DEA6C035B55419A52F0B5A6FAD0 ] ufxsynopsys     C:\WINDOWS\System32\drivers\ufxsynopsys.sys
23:21:37.0376 0x0da4  ufxsynopsys - ok
23:21:37.0376 0x0da4  [ 8578F83EC5175920F2D8586FFF9DCE47, 049A16AC87F93E761150C8286633FFCA62EE85F5645DDE77D36BD0EB6481FF83 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
23:21:37.0391 0x0da4  UI0Detect - ok
23:21:37.0391 0x0da4  [ DC460AAA18CA2342FBBFB2DF9B044472, 14D45E059C596AE97506D26705F248CA1C2269160B31A60341060E8A93146CBD ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
23:21:37.0391 0x0da4  umbus - ok
23:21:37.0391 0x0da4  [ C3CF0377917ECE6D65D7623E1E61568F, 4909695E04CBC86BFCFFBC15F332C367521054B7B4D3C141C7CA6B2E40E090B9 ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
23:21:37.0391 0x0da4  UmPass - ok
23:21:37.0391 0x0da4  [ 640CF093C1CF16D5FD317616CA348F31, BEC34D1AACA83BF5A84CE01F6A668E3CA5A33C56A446DC42EFFF7C43D22E1AE6 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
23:21:37.0391 0x0da4  UmRdpService - ok
23:21:37.0407 0x0da4  [ 4B956444AF2A352366CF59C3A4A87C64, B5FFAF5908DCF78DDA27EA1ABF2AFDD2BDD43FFC0259D847A7107B1597E22BD6 ] UnistoreSvc     C:\WINDOWS\System32\unistore.dll
23:21:37.0423 0x0da4  UnistoreSvc - ok
23:21:37.0438 0x0da4  [ 6CDA3536F6BAB7896A57EAB7DC07F379, 8FBE6457ECD1ABB518D9800EBA8A017774FFAA8EABD2EDC0825181A12FE9AEF6 ] upnphost        C:\WINDOWS\System32\upnphost.dll
23:21:37.0438 0x0da4  upnphost - ok
23:21:37.0438 0x0da4  [ 6B46FC140C9AF68E6E7697D66D59CB4D, F018B4784D65F1A8140A6EA69C35D6A7ECE01738694052FD54AFD2B81A8F2FF8 ] UrsChipidea     C:\WINDOWS\System32\drivers\urschipidea.sys
23:21:37.0438 0x0da4  UrsChipidea - ok
23:21:37.0438 0x0da4  [ B4402E7F0923F660270442CE76877ABE, 1C2DD26EAB71F75EA576E8DAABAF71FD7DC3DF807CF025617C774CEF33C0B718 ] UrsCx01000      C:\WINDOWS\system32\drivers\urscx01000.sys
23:21:37.0438 0x0da4  UrsCx01000 - ok
23:21:37.0438 0x0da4  [ 9DD431F1B94789CFB527E5D19261F124, 8F5A249A97C5B14B282E3147DD21951D2AD34B651E762814C12F4C26D74EC70C ] UrsSynopsys     C:\WINDOWS\System32\drivers\urssynopsys.sys
23:21:37.0438 0x0da4  UrsSynopsys - ok
23:21:37.0454 0x0da4  [ C87E32B90F085970D9637FBAD45EF6FE, C180EACD2EE479277DA5DBF39E43B428BD7945141B2451CB3946B0C1E495E76F ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
23:21:37.0454 0x0da4  usbccgp - ok
23:21:37.0454 0x0da4  [ 0B663856474AC41924D9E9112203858F, 9E09F2A6279B48CAC09F8C7AA1F1BE02864D540C2ED1460CBA9FABCF0A546A1E ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
23:21:37.0454 0x0da4  usbcir - ok
23:21:37.0454 0x0da4  [ F83D2250256203AC5DA5E8601C1AFDD7, AC0D90E2DB3051798B9D287CF3D0E92FED4000822E65A82775A29CF896B76F04 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
23:21:37.0454 0x0da4  usbehci - ok
23:21:37.0469 0x0da4  [ 7FFD26742321919590ED77FCA556D65F, F7FAB63C36F8519F5A7B9091C507F3CB580C390322FAF9155CCE7F66C965B968 ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
23:21:37.0469 0x0da4  usbhub - ok
23:21:37.0469 0x0da4  [ 7A749B2863B5561BE34B39E8E249AD8F, E5B67DFAF5407007FD0CC408D6B4BA19DF59584819FC715E9F9E0FBF3EA00AAB ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
23:21:37.0485 0x0da4  USBHUB3 - ok
23:21:37.0485 0x0da4  [ D2109F1F4FEBF1DAC415CDC5DE876479, C8A871EBD0E5EF004BA622A73DAC36C03608CD317FDCD0A6A98608DF4CC10D55 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
23:21:37.0485 0x0da4  usbohci - ok
23:21:37.0485 0x0da4  [ 29C9572F2D061CFC3C0BD48A3163E343, 2527DCC9E6D421F5DC40051C787A5270EB077746785465C9AA2A2AEEF47307D5 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
23:21:37.0485 0x0da4  usbprint - ok
23:21:37.0485 0x0da4  [ 429477D6DEF3321FF7D3EF23CAAADA00, BB7D2AFE99736AAFFA8B0B2DABF7D6A6D5CB9563B1DE6A7E86CE7DC9D27F31C0 ] usbser          C:\WINDOWS\System32\drivers\usbser.sys
23:21:37.0485 0x0da4  usbser - ok
23:21:37.0501 0x0da4  [ 0CC16F7B91C57AE9A4E44425A295FDAA, 7CEE11955E5742DA390601F565412C14A7481B8747C495CCD246696C56B426DC ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
23:21:37.0501 0x0da4  USBSTOR - ok
23:21:37.0501 0x0da4  [ C917D09064CDBD18F75ADC9B2C48F847, A7F6223346CCD7E84186CD0C0715014F8E3A4398298925A43290224678620D23 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
23:21:37.0501 0x0da4  usbuhci - ok
23:21:37.0501 0x0da4  [ 95BCCEFBC40D06484CF16144FE79B8A5, 8ABA73C5FFEDD319FB96B807AD08716698E557522478DF1A2C5D662675636AE0 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
23:21:37.0501 0x0da4  USBXHCI - ok
23:21:37.0516 0x0da4  [ A39AFDD26E6F2E5595FF2D3997D7E1FE, 30DE54033DE437C16A069602529E63FF971AF0ABB383885E47B4DF5E0F8483AE ] UserDataSvc     C:\WINDOWS\System32\userdataservice.dll
23:21:37.0532 0x0da4  UserDataSvc - ok
23:21:37.0548 0x0da4  [ AA24C61D88E36BA1144072227922173D, 2EBBC827E740F72EA2E75745E585378189BC0DEE91CACD7FA31BDBC5EFCF8733 ] UserManager     C:\WINDOWS\System32\usermgr.dll
23:21:37.0563 0x0da4  UserManager - ok
23:21:37.0563 0x0da4  [ B6911F3CBA01ECC637B3891DFE5099DC, E3ECF7BE729E38C236716B4A4147A29CA7B2CD7CEC17AE50E18437E995D30781 ] UsoSvc          C:\WINDOWS\system32\usocore.dll
23:21:37.0579 0x0da4  UsoSvc - ok
23:21:37.0579 0x0da4  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
23:21:37.0579 0x0da4  VaultSvc - ok
23:21:37.0579 0x0da4  [ 0CBDE344FB48E42D78E29469F202ADBC, A1C3FBA5409DD3BBEAF1D3CE2583D6C8A621C0E4F534155EC540AFD67BC9E8CA ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
23:21:37.0579 0x0da4  vdrvroot - ok
23:21:37.0594 0x0da4  [ 2C5D96D0BB7EDEF9F2F8966A31007CCE, A8FB02E9E1B8ED5F2026534360C229DA7FC11BA209DE9C3222C65D0A9652FD3C ] vds             C:\WINDOWS\System32\vds.exe
23:21:37.0594 0x0da4  vds - ok
23:21:37.0594 0x0da4  [ 723195568C8755CAD57F7933C5F2C5C2, 5C403799F67223605F825BC16D217C1EF5E1A0DDF00AC6380FE8976339B67D9B ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
23:21:37.0594 0x0da4  VerifierExt - ok
23:21:37.0610 0x0da4  [ 3BB8D153A9A514EC9FFCB586251A1925, 5E4B46511F9791699826DC63B35528544347166BDE9981FB93F1F7F2A09599C7 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
23:21:37.0626 0x0da4  vhdmp - ok
23:21:37.0626 0x0da4  [ 7929228F0E8B0C2FA0495A17A4FC27F6, 1F1667B10A96B1D85ED165F62A5C0EF28C37F828B8280EA08BFCC1BAC03F2C90 ] vhf             C:\WINDOWS\System32\drivers\vhf.sys
23:21:37.0626 0x0da4  vhf - ok
23:21:37.0626 0x0da4  [ AEE432ED868831B1F068E373598F6D93, BAE91F47B0CB94B826CA010B490AD924D7B715911DF3FCE62F9165F3B571105C ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
23:21:37.0626 0x0da4  vmbus - ok
23:21:37.0626 0x0da4  [ 9444B23FC694B5F90F21B0FC7F10D8DD, 86F92856F5C985DD8E5993B51E85E1F47EF8C9B2FB37468998C94266963BB4BD ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
23:21:37.0626 0x0da4  VMBusHID - ok
23:21:37.0626 0x0da4  [ 4D0287F566B36536DD812A54C015FC4A, 01D6508CA59CF04A47902B1F7C202FD14A81240E0B447588D919DD1072B040CF ] vmgid           C:\WINDOWS\System32\drivers\vmgid.sys
23:21:37.0626 0x0da4  vmgid - ok
23:21:37.0641 0x0da4  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicguestinterface C:\WINDOWS\System32\icsvc.dll
23:21:37.0641 0x0da4  vmicguestinterface - ok
23:21:37.0641 0x0da4  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicheartbeat   C:\WINDOWS\System32\icsvc.dll
23:21:37.0641 0x0da4  vmicheartbeat - ok
23:21:37.0657 0x0da4  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmickvpexchange C:\WINDOWS\System32\icsvc.dll
23:21:37.0657 0x0da4  vmickvpexchange - ok
23:21:37.0657 0x0da4  [ F70DCCE72343449F0D12A0A92282B019, 3EFA99519387BE38C1CB482F1BFC9ED449BE9A5BD86883A1002725B8D4A5ECC1 ] vmicrdv         C:\WINDOWS\System32\icsvcext.dll
23:21:37.0657 0x0da4  vmicrdv - ok
23:21:37.0673 0x0da4  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicshutdown    C:\WINDOWS\System32\icsvc.dll
23:21:37.0673 0x0da4  vmicshutdown - ok
23:21:37.0673 0x0da4  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmictimesync    C:\WINDOWS\System32\icsvc.dll
23:21:37.0673 0x0da4  vmictimesync - ok
23:21:37.0688 0x0da4  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicvmsession   C:\WINDOWS\System32\icsvc.dll
23:21:37.0688 0x0da4  vmicvmsession - ok
23:21:37.0688 0x0da4  [ F70DCCE72343449F0D12A0A92282B019, 3EFA99519387BE38C1CB482F1BFC9ED449BE9A5BD86883A1002725B8D4A5ECC1 ] vmicvss         C:\WINDOWS\System32\icsvcext.dll
23:21:37.0688 0x0da4  vmicvss - ok
23:21:37.0704 0x0da4  [ 29075915F9BDC3437F8BED71C067D399, 2C7718080C11DFDD4C9A2085537F78F5633369B4A27D9C64168F0249594A4AA2 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
23:21:37.0704 0x0da4  volmgr - ok
23:21:37.0704 0x0da4  [ 6BDB6CE6D2D9E3D3F28F1C97E12B62E2, 5E77D7AF858D7B90FF395F39B86D6F96413D1DDEA28BC9FB40C5524A4DF6DAD0 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
23:21:37.0704 0x0da4  volmgrx - ok
23:21:37.0719 0x0da4  [ BF2546583BB75F01DDA60A7921DFB230, 579BD0BC55F4F03CD8D1FCDAC3975A1649C688820F2F7FC1AD354132D9E3BEE9 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
23:21:37.0719 0x0da4  volsnap - ok
23:21:37.0719 0x0da4  [ AC2E20A74D09D24485BE8396CE04F07B, 23FCE8BEE01B89E5CDCA536D75DBA6DCE3E92E13178A66836CEB7829310A89D1 ] volume          C:\WINDOWS\system32\drivers\volume.sys
23:21:37.0719 0x0da4  volume - ok
23:21:37.0719 0x0da4  [ 92F6E3E6D3F1795263EB34B37F74AEF7, 33AB1ECCA1216AF1995E1DB4F11E48156FF62391D7C176C8A4CC1037B9CB3A27 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
23:21:37.0719 0x0da4  vpci - ok
23:21:37.0719 0x0da4  [ FD9BCB8920973CEAD4D49DC7A6D8A618, 34AB4A485FB40DF737600006D8323BE927FB0BDA2BC170F4C123BE775EAE7CC8 ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
23:21:37.0719 0x0da4  vsmraid - ok
23:21:37.0751 0x0da4  [ 6DBB20053A67EFE5D8114CE93D12BEB3, B48997FADA4A600FEBFE36B249684E9CAF01570BAD36ED1FC9DA99F2D100638E ] VSS             C:\WINDOWS\system32\vssvc.exe
23:21:37.0751 0x0da4  VSS - ok
23:21:37.0766 0x0da4  [ 0C111F220798CCE80484026E06822379, B98A5E44D3ABA67E6DE99E18BF3C2C606923E6269E262665C721F672ACBBED2A ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
23:21:37.0766 0x0da4  VSTXRAID - ok
23:21:37.0766 0x0da4  [ 607639716E9DB1CEF4E18B5B229293B4, 1D997177093F907EFE8A04AD10443BB9C355C0D7657DBD449E7EE7FCABC3ECBC ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
23:21:37.0766 0x0da4  vwifibus - ok
23:21:37.0766 0x0da4  [ B1ED64E628763148BF84FBE23F2AD711, 6182A39675E6049BC3DD353694720795A8E3D0331509AA8ABA4883D5C569AD5E ] vwififlt        C:\WINDOWS\system32\drivers\vwififlt.sys
23:21:37.0766 0x0da4  vwififlt - ok
23:21:37.0782 0x0da4  [ 76C1CC611352499326001F25A3ED15F8, 228BFA8A01BB1B3868576D509A2EA6F3D37FEDC8F12D4DC4E0A84CE926C6D1B1 ] W32Time         C:\WINDOWS\system32\w32time.dll
23:21:37.0782 0x0da4  W32Time - ok
23:21:37.0782 0x0da4  [ 55D00B785A7587F4263D125817871283, B92400B229099C1E243F2B149881A1423A2E9C8CA2D77D868B9B923BFDEC7FF2 ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
23:21:37.0782 0x0da4  WacomPen - ok
23:21:37.0798 0x0da4  [ 1483BE4D0135C378CB61D3CD73AB3E03, B7309C9E4F370860C507BF52D17234CDF4A7FAE95D2D822714E07EF5DEC0249B ] WalletService   C:\WINDOWS\system32\WalletService.dll
23:21:37.0798 0x0da4  WalletService - ok
23:21:37.0798 0x0da4  [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:21:37.0798 0x0da4  wanarp - ok
23:21:37.0798 0x0da4  [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:21:37.0798 0x0da4  wanarpv6 - ok
23:21:37.0829 0x0da4  [ 68CC5E83B6F220F5BD7B5BC394917505, 24A793E1293608D1D1DB9396627DBF5FE66C9EFD1D49CCCD832CF1762B4E0E7D ] wbengine        C:\WINDOWS\system32\wbengine.exe
23:21:37.0845 0x0da4  wbengine - ok
23:21:37.0845 0x0da4  [ 8C521D161445C3E1F38A494E7649E70D, F00990B2FE1FB52C74A2057E6480C5EBF2BDBC32955CC03C6B63360F20A49A18 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
23:21:37.0860 0x0da4  WbioSrvc - ok
23:21:37.0860 0x0da4  [ E330144B97D493AA886000DCAAA8DAF5, ED86F46F5A76FD8F06CA98BD61B174ADB9AD4B065394356872708DF8B614E4F9 ] wcifs           C:\WINDOWS\system32\drivers\wcifs.sys
23:21:37.0860 0x0da4  wcifs - ok
23:21:37.0876 0x0da4  [ CA10C91D802ABE6E5136E2168C2CD2B4, 5979FF9ED783ED3154257ED0507C7BBAF8C77C081CC30AE835EA8AF7508AAD08 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
23:21:37.0876 0x0da4  Wcmsvc - ok
23:21:37.0891 0x0da4  [ D50645235A507B0546B1B5CF7D0B8849, 19F5FE10C953B8EE8EEDA9A9F7F2E97AA193BB085E7FC364066686089ADD1C9F ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
23:21:37.0891 0x0da4  wcncsvc - ok
23:21:37.0891 0x0da4  [ AEA1093B751339267D8C8C1EF3D669CF, 8F3325E7FB16BD856A0593C36F2E3E018909038C52CD5F92E116E0C1366F31CB ] wcnfs           C:\WINDOWS\system32\drivers\wcnfs.sys
23:21:37.0891 0x0da4  wcnfs - ok
23:21:37.0891 0x0da4  [ D520B1B849B6D4D707AB31722B952C2D, 149BABB7BD63C1F212ADD9306C84FFB2A5CE6DC435BD3213EAB787E9B222C61F ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
23:21:37.0891 0x0da4  WdBoot - ok
23:21:37.0907 0x0da4  [ 5030C76047D756263093A47B82970868, E772F15973F6DE36851DD230F1F4190746CD81CA1E7284DC074711C4BF45CAF0 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
23:21:37.0907 0x0da4  Wdf01000 - ok
23:21:37.0923 0x0da4  [ 29FF9199EDEB4F5470BB134D1A2563D2, 94713F98A6EA6042203D5DD0DE6758F5F0F331F7D4BB05E91EF20CEEEBD6780F ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
23:21:37.0923 0x0da4  WdFilter - ok
23:21:37.0923 0x0da4  [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
23:21:37.0923 0x0da4  WdiServiceHost - ok
23:21:37.0923 0x0da4  [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
23:21:37.0938 0x0da4  WdiSystemHost - ok
23:21:37.0938 0x0da4  [ EDC08B8D3E67F96688774841C247B82A, DB5AFAF87C74431B8EB5420DBF5428691F291B63C2FDE8282EE2E399C76F63F3 ] wdiwifi         C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
23:21:37.0954 0x0da4  wdiwifi - ok
23:21:37.0954 0x0da4  [ 17CF416CFF408190F5A4CBD79AB12E55, E376C8865C7EA633AE20D2CF940E4C7584AC783BAAF7941780FB6C4C84802F33 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
23:21:37.0954 0x0da4  WdNisDrv - ok
23:21:37.0954 0x0da4  WdNisSvc - ok
23:21:37.0954 0x0da4  [ 3570C4E14F85CE0B537D126727ACA91C, A474C9E6B6E4E5945C63367C1D3D24D4782C4A4FEB00FAE15DFED099D8283078 ] WebClient       C:\WINDOWS\System32\webclnt.dll
23:21:37.0954 0x0da4  WebClient - ok
23:21:37.0970 0x0da4  [ 1785F9C96A0BDEC1F6E0C79EF412F342, D6D4EDA69457BEDDA69C2F60FC4C2FAC97D46CD8E9C1804CCD68F169383583E3 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
23:21:37.0970 0x0da4  Wecsvc - ok
23:21:37.0970 0x0da4  [ B9175D63527B05131F2FA504CF0265F2, 1E43A17788F1B6A29E2889C81E0BE100D64BD3A9DEE7C154D9581F01D2D7D05F ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
23:21:37.0970 0x0da4  WEPHOSTSVC - ok
23:21:37.0970 0x0da4  [ 5C58EC0C9D4DE04DCDE56F6DCEA62080, 8ED386EDF4C39C339CE0BB2AC7E199C38705E5A6B3F56A4987B9A8ABD19BB59F ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
23:21:37.0970 0x0da4  wercplsupport - ok
23:21:37.0985 0x0da4  [ F899B355CC95AF26AB36E84E8A0DD685, C400F2F80FFF6473FEF066943C4A2AFF0FFE988A4F755757A2E5005C2A10DAD8 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
23:21:37.0985 0x0da4  WerSvc - ok
23:21:37.0985 0x0da4  [ E1785942AC51FEE6826CDF02075C5AA9, 56FE7017684086F4F9C3A2C0D3AC00369BA0938BA3987EEBEE9A75B8E3CA0AE1 ] WFPLWFS         C:\WINDOWS\system32\drivers\wfplwfs.sys
23:21:37.0985 0x0da4  WFPLWFS - ok
23:21:37.0985 0x0da4  [ B154618505A6A9026EFA6AB8C4123BF1, 713648D71AA027B4472E7E75B942630DBE7383687984B02A5E99C9E4192C95EB ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
23:21:37.0985 0x0da4  WiaRpc - ok
23:21:38.0001 0x0da4  [ 0CF79A0EACFFBB75A50A469A27696D02, E112BF7B5A8D0B0AD2EA0E7B9FD4E8CFEC9371C8E94A60248292D688AFE715C4 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
23:21:38.0001 0x0da4  WIMMount - ok
23:21:38.0001 0x0da4  WinDefend - ok
23:21:38.0001 0x0da4  [ 0DE131733317EB4BE67028366B0CAAC6, AC7DADBF03A3752B4D33CA19F03DBCEDD6F56893C2DA25C98B0AB07063D990E3 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
23:21:38.0001 0x0da4  WindowsTrustedRT - ok
23:21:38.0001 0x0da4  [ 92EB5D38BDF10C790450F3E46BF93A0E, 0FC027398DBD43EDC1F7D703C0B6DB20294DF34E67C9288442039B1A5663CE1B ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
23:21:38.0001 0x0da4  WindowsTrustedRTProxy - ok
23:21:38.0016 0x0da4  [ 4AB1AC1E60118443A14C241F91AC8FC9, 2B9237AC124874664E31B4F313BAAF8059BD0749653496784B4B89B4B7F66784 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
23:21:38.0032 0x0da4  WinHttpAutoProxySvc - ok
23:21:38.0032 0x0da4  [ F95DE20312ACCA7761446DE152BD1F7C, F6C5ACA500C2182437F4A7402BD81C3A2B77C0BBD78BA31FB574DC1997FCBFE6 ] WinMad          C:\WINDOWS\System32\drivers\winmad.sys
23:21:38.0032 0x0da4  WinMad - ok
23:21:38.0032 0x0da4  [ CD49CA8E3280ACEEC5ECF431A59F5EFD, 75F48EFC6DEE9E06B490703EE47602AFDEA51505285B02D2CF884601E71857CC ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
23:21:38.0032 0x0da4  Winmgmt - ok
23:21:38.0063 0x0da4  [ B8C0D620219ECAA23A2AC841EAF454D1, FB527C4D36929D7FAE2A837727C557B7823A72069EBCAB7D16C49E8B21E8D952 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
23:21:38.0095 0x0da4  WinRM - ok
23:21:38.0095 0x0da4  [ 4EFB346BFDAEEB29316AA52BBB9852B1, 4BC5554F44BD9549D0A929D77BD410FA3EB502A7D0170303D369268672505494 ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
23:21:38.0095 0x0da4  WINUSB - ok
23:21:38.0095 0x0da4  [ 8B9AFF5F08E66A6F1F1063DEC9457FB6, 98F2AF6988D125521FD34CAA48B9652922F0C8ECFAE9B0C1DF4B3CE6B9CF500F ] WinVerbs        C:\WINDOWS\System32\drivers\winverbs.sys
23:21:38.0095 0x0da4  WinVerbs - ok
23:21:38.0110 0x0da4  [ 78EA65739A50969CD5FC2E71B9B7697A, C442BE91CE5D4F301368915CFBE055233DD1FB8BDBEBD51CD00DC2C7770C8EE3 ] wisvc           C:\WINDOWS\system32\flightsettings.dll
23:21:38.0110 0x0da4  wisvc - ok
23:21:38.0141 0x0da4  [ 5A7AA8198156DC2BFF9F064E29D11AF5, 9CBAF1B99B54CDE087E0FC0A2601B3F056F81F2F5AF63B5BB71C7389247E496A ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
23:21:38.0157 0x0da4  WlanSvc - ok
23:21:38.0188 0x0da4  [ E15711970C5BE05E8D70B294D0AFF621, 30670CFC4DA57B4A3E0E895E4111100D847BB8041A258A303524CD96DC566482 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
23:21:38.0204 0x0da4  wlidsvc - ok
23:21:38.0204 0x0da4  [ 6F4F4F5A007D1710BD76FB311DA97C07, FC0FEA4364F6BA4E31DBC82735D09D429CA3BE9AFCFF5D5E1263D8B27FC2CE3E ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
23:21:38.0204 0x0da4  WmiAcpi - ok
23:21:38.0220 0x0da4  [ 3CDDFF6CAD962C5EF1C52FD667C358B6, F6F09145E9461EB17172988D26749FCF36920A1A683459334D04A6D072B31A92 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
23:21:38.0220 0x0da4  wmiApSrv - ok
23:21:38.0220 0x0da4  [ 43C8D087B31C592163B33A4BDA540E40, 3A6C4E5E56931B29321DCC723585F2F0E804EF4DCDEAB2A8687F30FC3AE70E43 ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
23:21:38.0220 0x0da4  Wof - ok
23:21:38.0220 0x0da4  [ F02930EB91596042F2221397D60AFCE5, 10E2AB0993B67CBAA9E11C68280608965064EC9F7E0C570F5B453FACADB8AB5D ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
23:21:38.0235 0x0da4  WPDBusEnum - ok
23:21:38.0235 0x0da4  [ 75A9284F01FE7CB1A7D5EAE5C1EB4F33, 390EF23AEA06D8711555F7979FF8BE0620B53C1A551638C4EC6FB7C6678965B3 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
23:21:38.0235 0x0da4  WpdUpFltr - ok
23:21:38.0235 0x0da4  [ 60E2EB3E7B7F15C25E02462159F90707, D8344B529EEC0D4922CAC3E6897CC9F191ACF1376017BE38ED6BF6019F1ED181 ] WpnService      C:\WINDOWS\system32\WpnService.dll
23:21:38.0235 0x0da4  WpnService - ok
23:21:38.0235 0x0da4  [ C7C91FB86A3C6CD7619725A88ED1884C, 132C43C518F37BF303D768BD5FB0AB835F693C43FE693937D804A34E940D770F ] WpnUserService  C:\WINDOWS\System32\WpnUserService.dll
23:21:38.0235 0x0da4  WpnUserService - ok
23:21:38.0251 0x0da4  [ 36D7B73ADC3E10607ED6EC874AFB5D1E, 1737B3E4D2CA76BB27903BF460E4960E6A0BC32D35069AC7C5E4B07F625F3282 ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
23:21:38.0251 0x0da4  ws2ifsl - ok
23:21:38.0251 0x0da4  [ 9A0E0B836413EB0BC885532D2A5389D6, AFEE4A0578D5581E4D72999A33C0DEA6253BD891F611AFF9AFDE4160A60105F3 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
23:21:38.0251 0x0da4  wscsvc - ok
23:21:38.0251 0x0da4  WSearch - ok
23:21:38.0282 0x0da4  [ 10C4A0CDACAD054C90288D718615B4BA, 76CD5BF3B97DC306B17AB65E1CD841180C6FD147F2CC9EE6A757C27E3AB2D231 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
23:21:38.0298 0x0da4  wuauserv - ok
23:21:38.0313 0x0da4  [ AED7FE551E8672B824A56324076183EB, FFE543AAEFDEFFE6B20C244DB141A9425BDA88ED36F4870F0B70FEC433BDF0C1 ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
23:21:38.0313 0x0da4  WudfPf - ok
23:21:38.0313 0x0da4  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
23:21:38.0313 0x0da4  WUDFRd - ok
23:21:38.0313 0x0da4  [ 47F6450F28BAA32B2AB0D6BE00996249, C8A47D6ADF89AD613AB685C6224B9099DCEFDCD8ABCF703542AFDC356404116E ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
23:21:38.0313 0x0da4  wudfsvc - ok
23:21:38.0329 0x0da4  [ D313FF382A26D1295B212A66EE3E52A8, 59FEF2AF611507BCB6FE036A7D4F1595F3449B76F9B055CDC67DC1BE1D90EEB8 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
23:21:38.0345 0x0da4  WwanSvc - ok
23:21:38.0360 0x0da4  [ 7EF75102A793AAA6AAA45A4F7C15FF4D, A3FB68905F3E3A7DE52B85FAD966ABCB787FAC7E709964CE9BF2A4F9AC8B0653 ] XblAuthManager  C:\WINDOWS\System32\XblAuthManager.dll
23:21:38.0360 0x0da4  XblAuthManager - ok
23:21:38.0376 0x0da4  [ 765FF96467A26C4C03281ECA426EC2D9, 2526B03C518D72F429C29BA4D4F11707AF277BF71520A1A92238A932950AE161 ] XblGameSave     C:\WINDOWS\System32\XblGameSave.dll
23:21:38.0391 0x0da4  XblGameSave - ok
23:21:38.0391 0x0da4  [ DB77764B46D02DCB9777D9E00A3F7D63, 469491E3A57FBB0CB0482A2493823B57410E24A5BD4C1C96D79FE9888F7827BB ] xboxgip         C:\WINDOWS\System32\drivers\xboxgip.sys
23:21:38.0407 0x0da4  xboxgip - ok
23:21:38.0407 0x0da4  [ 1A8D9EA4DD1A3E276B85EDB05B42BEC7, 23FC10AC29BDF917AEDB3AAF82537EC2C72453E52B41836FD83643054FA4F0BE ] XboxNetApiSvc   C:\WINDOWS\system32\XboxNetApiSvc.dll
23:21:38.0423 0x0da4  XboxNetApiSvc - ok
23:21:38.0423 0x0da4  [ 63088A3361D9A308F328F11E9099DD87, E03FDB932FC57F199C8F8A8EADA338BDF7D2F9C6CB8FAB679A92B48B1E5AFE8A ] xinputhid       C:\WINDOWS\System32\drivers\xinputhid.sys
23:21:38.0423 0x0da4  xinputhid - ok
23:21:38.0438 0x0da4  ================ Scan global ===============================
23:21:38.0438 0x0da4  [ 0C710DB449712EE13ACE733695DB7780, BBC7875B38D318CE4E88979D083AC72E8993254A466A8A6882DDE9E0C3B687A3 ] C:\WINDOWS\system32\basesrv.dll
23:21:38.0438 0x0da4  [ 1429740F64D4B84EC4F81C07F21EB3C6, CAD89934800F011736BB964126EFB75169B64AD6349859C3009F35C13371C44D ] C:\WINDOWS\system32\winsrv.dll
23:21:38.0438 0x0da4  [ 1EE06E957B0B2CA52D26DA7861E160EF, 4B743A1C7010138F5F6684BBCF7CAD6FD05F49920BDD3FDB776347AA6B44AB94 ] C:\WINDOWS\system32\sxssrv.dll
23:21:38.0454 0x0da4  [ 3C69CC28665854F1AAB4B4005005FA31, 2750F5ECCD448C07E3402AA64EA625D27C6BC1D000A3FFE57C03D62428BB46C4 ] C:\WINDOWS\system32\services.exe
23:21:38.0454 0x0da4  [ Global ] - ok
23:21:38.0454 0x0da4  ================ Scan MBR ==================================
23:21:38.0454 0x0da4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:21:38.0454 0x0da4  \Device\Harddisk0\DR0 - ok
23:21:38.0454 0x0da4  ================ Scan VBR ==================================
23:21:38.0454 0x0da4  [ 21BADF9380AF8B8868FDF5156624BA50 ] \Device\Harddisk0\DR0\Partition1
23:21:38.0454 0x0da4  \Device\Harddisk0\DR0\Partition1 - ok
23:21:38.0454 0x0da4  [ 4D353981D80CFEEB1BB78D1D397F099B ] \Device\Harddisk0\DR0\Partition2
23:21:38.0470 0x0da4  \Device\Harddisk0\DR0\Partition2 - ok
23:21:38.0470 0x0da4  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
23:21:38.0470 0x0da4  \Device\Harddisk0\DR0\Partition3 - ok
23:21:38.0470 0x0da4  [ 6DB4B93D099B6FE6C07D8872845173DE ] \Device\Harddisk0\DR0\Partition4
23:21:38.0470 0x0da4  \Device\Harddisk0\DR0\Partition4 - ok
23:21:38.0470 0x0da4  ================ Scan generic autorun ======================
23:21:38.0548 0x0da4  [ 30880D59F9895948233E0E8828D19A39, 6D5A569A0F522269A4B1F579AFA5ABB987082F104E97CA932FA055DC1F190FC8 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
23:21:38.0626 0x0da4  RTHDVCPL - ok
23:21:38.0657 0x0da4  [ A6A21A7D544675E98C040DA18904CF50, AACB578C297C7AC9FEBDAB4AD20235E5CFF6E3F260E76E6AE18D43DC57D69672 ] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
23:21:38.0673 0x0da4  Malwarebytes TrayApp - ok
23:21:38.0688 0x0da4  [ 56831CF0D755103BB0E7EA141A4895D9, 496A4EA8F84C0A9E79E1267B16B10F60F737F79BECBEECE593416D79F03B1063 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
23:21:38.0688 0x0da4  SunJavaUpdateSched - ok
23:21:38.0782 0x0da4  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
23:21:38.0860 0x0da4  OneDriveSetup - ok
23:21:38.0938 0x0da4  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
23:21:39.0017 0x0da4  OneDriveSetup - ok
23:21:39.0048 0x0da4  [ 2F3E5E6834D1171B2CCF756729AD38BD, 86A95957B3E27A314C1BDEEC327401B5E0789D75ACAEE10F4711AECF2A9142F5 ] C:\Program Files (x86)\Steam\steam.exe
23:21:39.0079 0x0da4  Steam - ok
23:21:39.0079 0x0da4  Waiting for KSN requests completion. In queue: 169
23:21:40.0095 0x0da4  AV detected via SS2: Kaspersky Total Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\wmiav.exe ( 17.0.0.727 ), 0x41000 ( enabled : updated )
23:21:40.0095 0x0da4  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x60100 ( disabled : updated )
23:21:40.0095 0x0da4  AV detected via SS2: Malwarebytes, C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe ( 3.0.0.138 ), 0x61000 ( enabled : updated )
23:21:40.0095 0x0da4  FW detected via SS2: Kaspersky Total Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\wmiav.exe ( 17.0.0.727 ), 0x40010 ( disabled )
23:21:40.0095 0x0da4  Win FW state via NFP2: enabled ( trusted )
23:21:40.0423 0x0da4  ============================================================
23:21:40.0423 0x0da4  Scan finished
23:21:40.0423 0x0da4  ============================================================
23:21:40.0423 0x14f8  Detected object count: 0
23:21:40.0423 0x14f8  Actual detected object count: 0
23:21:42.0861 0x0dac  Deinitialize success
 



#11 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:37 AM

Posted 12 April 2017 - 10:49 AM

Joe:

Thank you for your logs. As you can see they are clean. There is a remote possibility of a hidden rootkit in your Master Boot Record, so just to be thorough, I am going to ask you to boot into Windows 10 Recovery Mode. I also want to ensure that your copy of FRST is not compromised.

  • Please go to a "clean" computer on that computer insert and format a fresh USB flash drive.
  • Please go to this link to download a fresh copy of FRST64.exe and copy it to the newly formatted USB flash drive, from the "clean" computer. You want the 64-bit version.
  • Now please go to your computer, that we have been scanning, and boot it into Windows 10 recovery mode. The instructions to do so can be found at this link.
  • Select, "Troubleshoot", then select "Advanced Options" and then select "Command Prompt".
  • Once in the Command Prompt, type in notepad and press <Enter>.
  • The Notepad application will open.
  • Copy and paste the text in the code box below into Notepad and save the file as fixlist.txt to the USB drive.
  • Under File menu, select Open.
  • Select "Computer" and find your flash drive letter and locate the FRST64.exe file on the USB flash drive.
  • Right click the FRST64.exe file and click on "Run as Adminstrator".
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.

:spacer:
NOTE: It's important that both files, FRST64.exe and fixlist.txt are both in the same folder and drive, or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.

 

SaveMbr: Drive=0

:spacer:

  • Run FRST64.exe and press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the USB flash drive. (Fixlog.txt).
  • Please copy and paste the contents of the "Fixlog.txt" file into your next reply.
  • This "fixlist.txt" script will also generate a file on your USB flash drive, called "MBRDUMP.txt".
  • Please ATTACH the file "MBRDUMP.txt" to your next reply. Do not copy and paste it into your reply.

.


I will analyze the "MBRDUMP.txt" file to see if there are any rootkits in hidden partitions.

Thank you and have a great day, Joe.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#12 Irontigers

Irontigers
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 12 April 2017 - 10:58 PM

Here are the logs as requested! Thank you for everything, Phil!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by SYSTEM (12-04-2017 23:47:33) Run:3
Running from D:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
SaveMbr: Drive=0
*****************

MBRDUMP.txt is made successfully.

==== End of Fixlog 23:47:33 ====

Attached Files


Edited by Irontigers, 12 April 2017 - 10:59 PM.


#13 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:37 AM

Posted 13 April 2017 - 01:13 PM

Joe:

 

Thank you for the MBRDUMP.txt.  It comes back from both Bitdefender and VirusTotal scans as clean.

 

I cannot find any malware on your computer.  I am not sure where you want to go from here.

 

We've run a complete series of anti-malware scans on your computer.  Whatever the source of information is that others are obtaining, it is not originating with any malware on your computer that I can detect.

 

If you would like, I could ask a senior Instructor to review this thread and provide an assessment.

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#14 Irontigers

Irontigers
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 13 April 2017 - 07:59 PM

Well, this is really good news, and i wanted to thank you for taking the time to assist me as much as you have! The last question i have is concerning the poss of network/packet sniffing, now is it possible since they haven't been able to crack into the new router and infect this recently built machine, could people still obtain info via sniffing if they do indeed have sometime of access to the network lines? Also will using a VPN put a stop to that completely? Thank you!


Edited by Irontigers, 13 April 2017 - 08:00 PM.


#15 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:37 AM

Posted 14 April 2017 - 09:55 AM

Joe:

 

Thank you for your post.  You are most welcome for my assistance.

 

I am not an expert on networking.  If people do have access to your network, then my assumption would be that they could, with the proper software, monitor network activity.

 

I would recommend that you post in either the Networking Forum here, or the General Security Forum where the experts on those matters can be found.

 

As for VPNs, I am not that familiar with them.  I did do some research, for instance, this link, and it does appear that they provide extra security.

 

Do you want me to remove the anti-malware tools and logs that were created by scanning your computer?  I can do so for you.

 

Please let me know.  Have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users