Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Magecart Attacks Grow Rampant in September

Featured Deal: Get 92% off The Complete Cisco Network Certification Training Bundle

Nasty MBR rootkit

Started by xeobrwsx , Dec 17 2017 05:01 AM

This topic is locked

11 replies to this topic

#1 xeobrwsx

Members
6 posts
OFFLINE

Local time:03:38 AM

Posted 17 December 2017 - 05:01 AM

I have spent almost 2 days on this, I have some techical knowledge but I am stumped.

I need someone who knows what they are doing

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-12-2017
Ran by 5364636 (administrator) on 5364636-PC (17-12-2017 10:27:01)
Running from C:\Users\5364636\Downloads
Loaded Profiles: 5364636 (Available Profiles: 5364636)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2017-12-17] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{F85C6D6F-DD5D-49FF-AE06-25F8DE3E4422}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1301211104-4118676993-3751969790-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: hrpayz8v.default
FF ProfilePath: C:\Users\5364636\AppData\Roaming\Mozilla\Firefox\Profiles\hrpayz8v.default [2017-12-17]
FF Extension: (NoScript) - C:\Users\5364636\AppData\Roaming\Mozilla\Firefox\Profiles\hrpayz8v.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-12-17] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\5364636\AppData\Roaming\Mozilla\Firefox\Profiles\hrpayz8v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-17]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [209184 2016-03-16] (Intel Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-27] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-09] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-25] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31144 2015-07-29] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [180264 2016-02-04] (Intel Corporation)
R3 TBS6280_64; C:\Windows\System32\DRIVERS\TBS6280_64.sys [1900368 2011-09-13] (www.tbsdtv.com)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-17 10:27 - 2017-12-17 10:27 - 000005878 _____ C:\Users\5364636\Downloads\FRST.txt
2017-12-17 10:26 - 2017-12-17 10:27 - 000000000 ____D C:\FRST
2017-12-17 10:25 - 2017-12-17 10:25 - 002392576 _____ (Farbar) C:\Users\5364636\Downloads\FRST64.exe
2017-12-17 10:17 - 2017-12-17 10:17 - 000000000 _____ C:\Users\5364636\defogger_reenable
2017-12-17 10:16 - 2017-12-17 10:16 - 000050477 _____ C:\Users\5364636\Downloads\Defogger.exe
2017-12-17 09:57 - 2017-12-17 09:57 - 000008192 __RSH C:\BOOTSECT.BAK
2017-12-17 09:57 - 2017-12-17 02:01 - 000000000 ____D C:\Windows\Panther
2017-12-17 09:57 - 2010-11-20 12:40 - 000383786 __RSH C:\bootmgr
2017-12-17 09:56 - 2015-07-01 01:44 - 000814376 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2017-12-17 09:56 - 2015-06-27 06:13 - 000403752 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2017-12-17 09:56 - 2015-02-12 21:57 - 000431832 _____ (ASMedia Technology Inc) C:\Windows\system32\Drivers\asmtxhci.sys
2017-12-17 09:56 - 2015-02-12 21:57 - 000139992 _____ (ASMedia Technology Inc) C:\Windows\system32\Drivers\asmthub3.sys
2017-12-17 09:41 - 2017-12-17 09:41 - 000000000 ____D C:\Users\5364636\Desktop\dump
2017-12-17 09:39 - 2017-12-17 10:02 - 000000048 _____ C:\Users\5364636\Desktop\New Text Document.txt
2017-12-17 07:49 - 2017-12-17 07:49 - 000172056 _____ C:\Windows\ntbtlog.txt
2017-12-17 07:49 - 2017-12-17 07:49 - 000000000 ____D C:\Windows\Minidump
2017-12-17 06:32 - 2017-12-17 06:33 - 000000725 _____ C:\Users\5364636\Desktop\TV Recordings.lnk
2017-12-17 06:17 - 2016-07-22 14:58 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-12-17 06:17 - 2016-07-22 14:51 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-12-17 06:08 - 2017-12-17 10:15 - 000000000 ____D C:\Users\5364636\AppData\LocalLow\Mozilla
2017-12-17 06:08 - 2017-12-17 06:22 - 000000000 ____D C:\Users\5364636\AppData\Local\Mozilla
2017-12-17 06:08 - 2017-12-17 06:08 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-17 06:08 - 2017-12-17 06:08 - 000000924 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-12-17 06:08 - 2017-12-17 06:08 - 000000000 ____D C:\Users\5364636\AppData\Roaming\Mozilla
2017-12-17 06:08 - 2017-12-17 06:08 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-17 06:08 - 2017-12-17 06:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-17 06:07 - 2011-02-05 17:10 - 000020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2017-12-17 06:07 - 2011-02-05 17:10 - 000019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2017-12-17 06:07 - 2011-02-05 17:10 - 000017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
2017-12-17 06:01 - 2017-12-17 07:03 - 000000000 ____D C:\ProgramData\TEMP
2017-12-17 06:01 - 2017-12-17 06:32 - 000000000 ____D C:\Users\5364636\AppData\Roaming\VideoReDo-TVSuite4
2017-12-17 06:01 - 2017-12-17 06:31 - 000000000 ____D C:\Users\5364636\Documents\VideoReDo
2017-12-17 06:01 - 2017-12-17 06:02 - 000000000 ____D C:\Program Files (x86)\VideoReDoTVSuite4
2017-12-17 06:01 - 2017-12-17 06:01 - 000001002 _____ C:\Users\Public\Desktop\VideoReDo TVSuite V4.lnk
2017-12-17 06:01 - 2017-12-17 06:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoReDo
2017-12-17 05:48 - 2017-04-27 22:50 - 003550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-12-17 05:48 - 2017-04-12 13:05 - 004296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-12-17 05:48 - 2012-03-01 06:46 - 000023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2017-12-17 05:48 - 2012-03-01 06:28 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2017-12-17 05:48 - 2012-03-01 05:29 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2017-12-17 05:43 - 2016-04-14 16:42 - 000573952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2017-12-17 05:43 - 2016-04-14 15:33 - 000489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2017-12-17 05:43 - 2015-03-04 04:41 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2017-12-17 05:43 - 2015-03-04 04:10 - 000058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2017-12-17 05:43 - 2014-12-08 03:09 - 000406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2017-12-17 05:43 - 2014-12-08 02:46 - 000308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2017-12-17 05:43 - 2012-11-02 05:59 - 000478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2017-12-17 05:43 - 2012-11-02 05:11 - 000376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2017-12-17 05:43 - 2011-12-16 08:46 - 000634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2017-12-17 05:43 - 2011-12-16 07:52 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2017-12-17 05:41 - 2016-04-09 06:58 - 001190912 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-12-17 05:41 - 2016-04-09 06:54 - 001011712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-12-17 05:41 - 2013-10-12 02:30 - 000830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2017-12-17 05:41 - 2013-10-12 02:29 - 000859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2017-12-17 05:41 - 2013-10-12 02:29 - 000324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2017-12-17 05:41 - 2013-10-12 02:03 - 000656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2017-12-17 05:41 - 2013-10-12 02:01 - 000216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2017-12-17 05:40 - 2015-02-04 03:16 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2017-12-17 05:40 - 2015-02-04 02:54 - 000318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2017-12-17 05:25 - 2017-12-17 05:25 - 000000000 ____D C:\Windows\system32\SPReview
2017-12-17 05:25 - 2017-12-17 05:25 - 000000000 ____D C:\Windows\system32\EventProviders
2017-12-17 05:25 - 2010-11-20 13:44 - 001077248 _____ (Microsoft Corporation) C:\Windows\system32\Narrator.exe
2017-12-17 05:25 - 2010-11-20 13:44 - 000133632 _____ (Microsoft Corporation) C:\Windows\system32\NAPHLPR.DLL
2017-12-17 05:25 - 2010-11-20 13:44 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\NAPCRYPT.DLL
2017-12-17 05:25 - 2010-11-20 13:39 - 005066752 _____ (Microsoft Corporation) C:\Windows\system32\AuthFWSnapin.dll
2017-12-17 05:25 - 2010-11-20 13:34 - 000295808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2017-12-17 05:25 - 2010-11-20 13:34 - 000215936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2017-12-17 05:25 - 2010-11-20 13:34 - 000199552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys
2017-12-17 05:25 - 2010-11-20 13:34 - 000071552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2017-12-17 05:25 - 2010-11-20 13:34 - 000046464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmstorfl.sys
2017-12-17 05:25 - 2010-11-20 13:34 - 000034688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsc.sys
2017-12-17 05:25 - 2010-11-20 13:33 - 000410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2017-12-17 05:25 - 2010-11-20 13:33 - 000366976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2017-12-17 05:25 - 2010-11-20 13:33 - 000299392 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2017-12-17 05:25 - 2010-11-20 13:33 - 000289664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2017-12-17 05:25 - 2010-11-20 13:33 - 000273792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2017-12-17 05:25 - 2010-11-20 13:33 - 000263040 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2017-12-17 05:25 - 2010-11-20 13:33 - 000213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2017-12-17 05:25 - 2010-11-20 13:33 - 000189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-12-17 05:25 - 2010-11-20 13:33 - 000184704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2017-12-17 05:25 - 2010-11-20 13:33 - 000171392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys
2017-12-17 05:25 - 2010-11-20 13:33 - 000166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2017-12-17 05:25 - 2010-11-20 13:33 - 000155008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys
2017-12-17 05:25 - 2010-11-20 13:33 - 000148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2017-12-17 05:25 - 2010-11-20 13:33 - 000140672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys
2017-12-17 05:25 - 2010-11-20 13:33 - 000103808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys
2017-12-17 05:25 - 2010-11-20 13:33 - 000078720 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys
2017-12-17 05:25 - 2010-11-20 13:33 - 000063360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2017-12-17 05:25 - 2010-11-20 13:33 - 000052096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winhv.sys
2017-12-17 05:25 - 2010-11-20 13:33 - 000031104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys
2017-12-17 05:25 - 2010-11-20 13:33 - 000027520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2017-12-17 05:25 - 2010-11-20 13:33 - 000014720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys
2017-12-17 05:25 - 2010-11-20 13:32 - 002217856 _____ (Microsoft Corporation) C:\Windows\system32\bootres.dll
2017-12-17 05:25 - 2010-11-20 13:32 - 000334208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2017-12-17 05:25 - 2010-11-20 13:32 - 000179072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2017-12-17 05:25 - 2010-11-20 13:32 - 000155520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2017-12-17 05:25 - 2010-11-20 13:32 - 000107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2017-12-17 05:25 - 2010-11-20 13:32 - 000027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2017-12-17 05:25 - 2010-11-20 13:29 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2017-12-17 05:25 - 2010-11-20 13:28 - 000223248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2017-12-17 05:25 - 2010-11-20 13:28 - 000166784 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 008988160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 003860992 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 003027968 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2017-12-17 05:25 - 2010-11-20 13:27 - 003008000 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 002652160 _____ (Microsoft Corporation) C:\Windows\system32\netshell.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 002543616 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 002262528 _____ (Microsoft Corporation) C:\Windows\system32\SyncCenter.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 002250752 _____ (Microsoft Corporation) C:\Windows\system32\SensorsCpl.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 002193920 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 002146816 _____ (Microsoft Corporation) C:\Windows\system32\networkmap.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 001911808 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 001900544 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 001808384 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 001753088 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 001689600 _____ (Microsoft Corporation) C:\Windows\system32\netcenter.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 001672704 _____ (Microsoft Corporation) C:\Windows\system32\networkexplorer.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 001646080 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 001556992 _____ (Microsoft Corporation) C:\Windows\system32\RacEngn.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 001509888 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 001490944 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 001465344 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 001441280 _____ (Microsoft Corporation) C:\Windows\system32\wlanpref.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 001326080 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 001281024 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 001243136 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 001212416 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 001197056 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 001188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 001158656 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 001120768 _____ (Microsoft Corporation) C:\Windows\system32\sdengin2.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 001098240 _____ (Microsoft Corporation) C:\Windows\system32\Vault.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 001082880 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 001080320 _____ (Microsoft Corporation) C:\Windows\system32\onexui.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 001050624 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 001026560 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000933888 _____ (Microsoft Corporation) C:\Windows\system32\sqlsrv32.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000933376 _____ (Microsoft Corporation) C:\Windows\system32\SmiEngine.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000898560 _____ (Microsoft Corporation) C:\Windows\system32\OobeFldr.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000867840 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000849920 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000812032 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000799744 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000769536 _____ (Microsoft Corporation) C:\Windows\system32\sud.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000762368 _____ (Microsoft Corporation) C:\Windows\system32\sdcpl.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000758272 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000750080 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000720896 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000702464 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000695808 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000691200 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000681472 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000658432 _____ (Microsoft Corporation) C:\Windows\system32\PerfCenterCPL.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000636416 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmdev.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000633344 _____ (Microsoft Corporation) C:\Windows\system32\riched20.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000625664 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000611840 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000582656 _____ (Microsoft Corporation) C:\Windows\system32\sxs.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000580096 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000568832 _____ (Microsoft Corporation) C:\Windows\system32\scrptadm.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000529408 _____ (Microsoft Corporation) C:\Windows\system32\wbemcomn.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000527872 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmnet.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000524288 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000519680 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000501248 _____ (Microsoft Corporation) C:\Windows\system32\WinSATAPI.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\powercpl.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\QAGENTRT.DLL
2017-12-17 05:25 - 2010-11-20 13:27 - 000475136 _____ (Microsoft Corporation) C:\Windows\system32\wlangpui.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000470016 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000462336 _____ (Microsoft Corporation) C:\Windows\system32\wiadefui.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000457216 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000455168 _____ (Microsoft Corporation) C:\Windows\system32\nshipsec.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000451072 _____ (Microsoft Corporation) C:\Windows\system32\shwebsvc.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000448512 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000446976 _____ (Microsoft Corporation) C:\Windows\system32\sqlcese30.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000445952 _____ (Microsoft Corporation) C:\Windows\system32\spwizeng.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000435712 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceStatus.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000431104 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000429568 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000421888 _____ (Microsoft Corporation) C:\Windows\system32\termmgr.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000418816 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\prnfldr.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanui.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000409600 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000403968 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000372736 _____ (Microsoft Corporation) C:\Windows\system32\mtxclu.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\shsvcs.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000367104 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000366080 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000357888 _____ (Microsoft Corporation) C:\Windows\system32\sharemediacpl.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000340992 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000337920 _____ (Microsoft Corporation) C:\Windows\system32\raschap.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000324096 _____ (Microsoft Corporation) C:\Windows\system32\netdiagfx.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\tapisrv.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000303616 _____ (Microsoft Corporation) C:\Windows\system32\scansetting.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000299520 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000290304 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000270848 _____ (Microsoft Corporation) C:\Windows\system32\srrstr.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000268288 _____ (Microsoft Corporation) C:\Windows\system32\MSAC3ENC.DLL
2017-12-17 05:25 - 2010-11-20 13:27 - 000266240 _____ (Microsoft Corporation) C:\Windows\system32\QAGENT.DLL
2017-12-17 05:25 - 2010-11-20 13:27 - 000264192 _____ (Microsoft Corporation) C:\Windows\system32\upnp.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000263168 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000263168 _____ (Microsoft Corporation) C:\Windows\system32\spwizui.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000255488 _____ (Microsoft Corporation) C:\Windows\system32\wavemsp.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000253440 _____ (Microsoft Corporation) C:\Windows\system32\tcpipcfg.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\qdv.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000244736 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000244224 _____ (Microsoft Corporation) C:\Windows\system32\spp.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\taskbarcpl.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000238080 _____ (Microsoft Corporation) C:\Windows\system32\mstask.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000235520 _____ (Microsoft Corporation) C:\Windows\system32\onex.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000232960 _____ (Microsoft Corporation) C:\Windows\system32\scecli.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000232448 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000229888 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000225280 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000224256 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceSyncProvider.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL
2017-12-17 05:25 - 2010-11-20 13:27 - 000222720 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000222208 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000221696 _____ (Microsoft Corporation) C:\Windows\system32\OnLineIDCpl.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\wpdwcn.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000214528 _____ (Microsoft Corporation) C:\Windows\system32\umrdp.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000211456 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000207360 _____ (Microsoft Corporation) C:\Windows\system32\sysclass.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000200192 _____ (Microsoft Corporation) C:\Windows\system32\tscfgwmi.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000200192 _____ (Microsoft Corporation) C:\Windows\system32\syncui.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000193024 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsbas.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000189952 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000188928 _____ (Microsoft Corporation) C:\Windows\system32\netjoin.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000187904 _____ (Microsoft Corporation) C:\Windows\system32\provsvc.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000185856 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000183808 _____ (Microsoft Corporation) C:\Windows\system32\prncache.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000182784 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000181248 _____ (Microsoft Corporation) C:\Windows\system32\qcap.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\twext.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\sdrsvc.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000167424 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000165376 _____ (Microsoft Corporation) C:\Windows\system32\netid.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000161792 _____ (Microsoft Corporation) C:\Windows\system32\ocsetapi.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000156160 _____ (Microsoft Corporation) C:\Windows\system32\prntvpt.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000154624 _____ (Microsoft Corporation) C:\Windows\system32\uxlib.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000153088 _____ (Microsoft Corporation) C:\Windows\system32\remotepg.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000146944 _____ (Microsoft Corporation) C:\Windows\system32\recovery.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000143360 _____ (Microsoft Corporation) C:\Windows\system32\mydocs.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000135168 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\ntlanman.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000128000 _____ (Microsoft Corporation) C:\Windows\system32\srvcli.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\wiavideo.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\QSVRMGMT.DLL
2017-12-17 05:25 - 2010-11-20 13:27 - 000121856 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000121856 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000121856 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000109056 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\QUTIL.DLL
2017-12-17 05:25 - 2010-11-20 13:27 - 000102400 _____ (Microsoft Corporation) C:\Windows\system32\sppnp.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000095232 _____ (Microsoft Corporation) C:\Windows\system32\regapi.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\nci.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\UserAccountControlSettings.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000082944 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000079872 _____ (Microsoft Corporation) C:\Windows\system32\QCLIPROV.DLL
2017-12-17 05:25 - 2010-11-20 13:27 - 000078848 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000078848 _____ (Microsoft Corporation) C:\Windows\system32\spbcd.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000073728 _____ (Microsoft Corporation) C:\Windows\system32\tlscsp.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\unimdmat.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000072192 _____ (Microsoft Corporation) C:\Windows\system32\napdsnap.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\wkscli.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000068096 _____ (Microsoft Corporation) C:\Windows\system32\vfwwdm32.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000068096 _____ (Microsoft Corporation) C:\Windows\system32\rdpd3d.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000067584 _____ (Microsoft Corporation) C:\Windows\system32\samcli.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000066048 _____ (Microsoft Corporation) C:\Windows\system32\ncryptui.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\RpcRtRemote.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\WavDest.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\vss_ps.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\umb.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\odbcconf.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000048128 _____ (Microsoft Corporation) C:\Windows\system32\PrintIsolationProxy.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\vpnikeapi.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\shimgvw.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\wdiasqmmodule.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000035840 _____ (Microsoft Corporation) C:\Windows\system32\msdmo.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\profprov.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000029184 _____ (Microsoft Corporation) C:\Windows\system32\netutils.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\shgina.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\sisbkup.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\schedcli.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\rdprefdrvapi.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000021504 _____ (Microsoft Corporation) C:\Windows\system32\TRAPI.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\spopk.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\syssetup.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\muifontsetup.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000015360 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000015360 _____ (Microsoft Corporation) C:\Windows\system32\nrpsrv.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\tsbyuv.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\wshirda.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\shunimpl.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\riched32.dll
2017-12-17 05:25 - 2010-11-20 13:27 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\rdpcfgex.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 012260864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 003391488 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 002746880 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 002565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 002444288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 002067456 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 001632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 001457664 _____ (Microsoft Corporation) C:\Windows\system32\DxpTaskSync.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 001340416 _____ (Microsoft Corporation) C:\Windows\system32\diagperf.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 001244160 _____ (Microsoft Corporation) C:\Windows\system32\imapi2fs.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 001202176 _____ (Microsoft Corporation) C:\Windows\system32\DiagCpl.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 001087488 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 001066496 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000934912 _____ (Microsoft Corporation) C:\Windows\system32\FirewallControlPanel.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000861184 _____ (Microsoft Corporation) C:\Windows\system32\fontext.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000828416 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000787968 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000701440 _____ (Microsoft Corporation) C:\Windows\system32\dsuiext.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000658944 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000584192 _____ (Microsoft Corporation) C:\Windows\system32\ipsmsnap.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000551936 _____ (Microsoft Corporation) C:\Windows\system32\localsec.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000508928 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCenter.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000503296 _____ (Microsoft Corporation) C:\Windows\system32\imapi2.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000459776 _____ (Microsoft Corporation) C:\Windows\system32\DXP.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000445952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000422912 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000399872 _____ (Microsoft Corporation) C:\Windows\system32\dpx.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000348160 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000332288 _____ (Microsoft Corporation) C:\Windows\system32\hgcpl.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000321024 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000317952 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000313344 _____ (Microsoft Corporation) C:\Windows\system32\dot3ui.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\efscore.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000303616 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000281600 _____ (Microsoft) C:\Windows\system32\DShowRdpFilter.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000279552 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000252928 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000252416 _____ (Microsoft Corporation) C:\Windows\system32\dot3svc.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000240640 _____ (Microsoft Corporation) C:\Windows\system32\MFPlay.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000239616 _____ (Microsoft Corporation) C:\Windows\system32\dskquoui.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000235008 _____ (Microsoft Corporation) C:\Windows\system32\hgprint.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000233984 _____ (Microsoft Corporation) C:\Windows\system32\defaultlocationcpl.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000232448 _____ (Microsoft Corporation) C:\Windows\system32\ListSvc.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000225280 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairingFolder.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000221184 _____ (Microsoft Corporation) C:\Windows\system32\mprapi.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\iasrad.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000211456 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000198656 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000186880 _____ (Microsoft Corporation) C:\Windows\system32\logoncli.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000180736 _____ (Microsoft Corporation) C:\Windows\system32\ifsutil.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000171520 _____ (Microsoft Corporation) C:\Windows\system32\fde.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000162816 _____ (Microsoft Corporation) C:\Windows\system32\dps.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\IPHLPAPI.DLL
2017-12-17 05:25 - 2010-11-20 13:26 - 000144896 _____ (Microsoft Corporation) C:\Windows\system32\EhStorAPI.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000125440 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000121344 _____ (Microsoft Corporation) C:\Windows\system32\fphc.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000118272 _____ (Microsoft Corporation) C:\Windows\system32\dnscmmc.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000116224 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\fms.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\dot3msm.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\iasacct.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000090624 _____ (Microsoft Corporation) C:\Windows\system32\KMSVC.DLL
2017-12-17 05:25 - 2010-11-20 13:26 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\dot3api.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000078848 _____ (Microsoft Corporation) C:\Windows\system32\hbaapi.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000074240 _____ (Microsoft Corporation) C:\Windows\system32\fdProxy.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000072192 _____ (Microsoft Corporation) C:\Windows\system32\fdeploy.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\dot3cfg.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\inetmib1.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\lsmproxy.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\luainstall.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\httpapi.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\mimefilt.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\mciqtz32.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\iscsium.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\dsauth.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000027136 _____ (Microsoft Corporation) C:\Windows\system32\HotStartUserAgent.dll
2017-12-17 05:25 - 2010-11-20 13:26 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\elsTrans.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 003957760 _____ (Microsoft Corporation) C:\Windows\system32\WinSAT.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 003745792 _____ (Microsoft Corporation) C:\Windows\system32\accessibilitycpl.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 003524608 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 001975296 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 001796096 _____ (Microsoft Corporation) C:\Windows\system32\certmgr.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 001600512 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 001504256 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 001264640 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000958464 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000902144 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000897536 _____ (Microsoft Corporation) C:\Windows\system32\azroles.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000780800 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenter.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\batmeter.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayCpl.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000705024 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2017-12-17 05:25 - 2010-11-20 13:25 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\cscsvc.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000598016 _____ (Microsoft Corporation) C:\Windows\system32\spinstall.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000594432 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\AdmTmpl.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000549888 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenterCPL.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000533504 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\biocpl.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000498688 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000479232 _____ (Microsoft Corporation) C:\Windows\system32\appmgr.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000472064 _____ (Microsoft Corporation) C:\Windows\system32\azroleui.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000395776 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000359424 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000349696 _____ (Microsoft Corporation) C:\Windows\system32\slui.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000314368 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000307200 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000305152 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000301568 _____ (Microsoft Corporation) C:\Windows\system32\spreview.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000294912 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgradeResults.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000293888 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000285696 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\sethc.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000273920 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\taskmgr.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000240640 _____ (Microsoft Corporation) C:\Windows\system32\cscobj.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000238080 _____ (Microsoft Corporation) C:\Windows\system32\recdisc.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000226816 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000213504 _____ (Microsoft Corporation) C:\Windows\system32\ActionQueue.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000210944 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000207872 _____ (Microsoft Corporation) C:\Windows\system32\cfgmgr32.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000199168 _____ (Microsoft Corporation) C:\Windows\system32\PkgMgr.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000186368 _____ (Microsoft Corporation) C:\Windows\system32\ocsetup.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000176640 _____ (Microsoft Corporation) C:\Windows\system32\PresentationSettings.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\bcdsrv.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000155136 _____ (Microsoft Corporation) C:\Windows\system32\autoplay.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\net1.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000139264 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000137216 _____ (Microsoft Corporation) C:\Windows\system32\CscMig.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayServices.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000128000 _____ (Microsoft) C:\Windows\system32\Robocopy.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000114688 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\nslookup.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000095232 _____ (Microsoft Corporation) C:\Windows\system32\cca.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000094720 _____ (Microsoft Corporation) C:\Windows\system32\cabinet.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\amstream.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\setupcl.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000080384 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000078848 _____ (Microsoft Corporation) C:\Windows\system32\tabcal.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\CertPolEng.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\takeown.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000062976 _____ (Microsoft Corporation) C:\Windows\system32\PnPUnattend.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\tzutil.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\runonce.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\PushPrinterConnections.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\acppage.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\repair-bde.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\MultiDigiMon.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\proquota.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\AzSqlExt.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\userinit.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000026624 _____ (Microsoft Corporation) C:\Windows\system32\qprocess.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\bitsperf.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\tskill.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\qappsrv.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\tscon.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\tsdiscon.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000021504 _____ (Microsoft Corporation) C:\Windows\system32\shadow.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000021504 _____ (Microsoft Corporation) C:\Windows\system32\rwinsta.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\reset.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\query.exe
2017-12-17 05:25 - 2010-11-20 13:25 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\BWUnpairElevated.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\browseui.dll
2017-12-17 05:25 - 2010-11-20 13:25 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\C_ISCII.DLL
2017-12-17 05:25 - 2010-11-20 13:25 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 002872320 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 001538560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-12-17 05:25 - 2010-11-20 13:24 - 000957440 _____ (Microsoft Corporation) C:\Windows\system32\mblctr.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000899584 _____ (Microsoft Corporation) C:\Windows\system32\Bubbles.scr
2017-12-17 05:25 - 2010-11-20 13:24 - 000850944 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2017-12-17 05:25 - 2010-11-20 13:24 - 000793088 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000777728 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000763904 _____ (Microsoft Corporation) C:\Windows\system32\autofmt.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2017-12-17 05:25 - 2010-11-20 13:24 - 000721408 _____ (Microsoft Corporation) C:\Windows\system32\bthprops.cpl
2017-12-17 05:25 - 2010-11-20 13:24 - 000684032 _____ (Microsoft Corporation) C:\Windows\system32\TabletPC.cpl
2017-12-17 05:25 - 2010-11-20 13:24 - 000653312 _____ (Microsoft Corporation) C:\Windows\system32\lpksetup.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000606208 _____ (Microsoft Corporation) C:\Windows\system32\dfrgui.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2017-12-17 05:25 - 2010-11-20 13:24 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\main.cpl
2017-12-17 05:25 - 2010-11-20 13:24 - 000477696 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2017-12-17 05:25 - 2010-11-20 13:24 - 000442368 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2017-12-17 05:25 - 2010-11-20 13:24 - 000373248 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2017-12-17 05:25 - 2010-11-20 13:24 - 000363520 _____ (Microsoft Corporation) C:\Windows\system32\diskraid.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000359936 _____ (Microsoft Corporation) C:\Windows\system32\eudcedit.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000352768 _____ (Microsoft Corporation) C:\Windows\system32\sysdm.cpl
2017-12-17 05:25 - 2010-11-20 13:24 - 000345088 _____ (Microsoft Corporation) C:\Windows\system32\cmd.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000343040 _____ (Microsoft Corporation) C:\Windows\system32\lsm.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000333824 _____ (Microsoft Corporation) C:\Windows\system32\ssText3d.scr
2017-12-17 05:25 - 2010-11-20 13:24 - 000321536 _____ (Microsoft Corporation) C:\Windows\system32\unimdm.tsp
2017-12-17 05:25 - 2010-11-20 13:24 - 000300032 _____ (Microsoft Corporation) C:\Windows\system32\msconfig.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2017-12-17 05:25 - 2010-11-20 13:24 - 000272896 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000242688 _____ (Microsoft Corporation) C:\Windows\system32\Mystify.scr
2017-12-17 05:25 - 2010-11-20 13:24 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\Ribbons.scr
2017-12-17 05:25 - 2010-11-20 13:24 - 000232448 _____ (Microsoft Corporation) C:\Windows\system32\bitsadmin.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\wdmaud.drv
2017-12-17 05:25 - 2010-11-20 13:24 - 000196096 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax
2017-12-17 05:25 - 2010-11-20 13:24 - 000175616 _____ (Microsoft Corporation) C:\Windows\system32\bcdboot.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000173568 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl
2017-12-17 05:25 - 2010-11-20 13:24 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\diskpart.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\iscsicli.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000146944 _____ (Microsoft Corporation) C:\Windows\system32\MdSched.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\Kswdmcap.ax
2017-12-17 05:25 - 2010-11-20 13:24 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\desk.cpl
2017-12-17 05:25 - 2010-11-20 13:24 - 000122880 _____ (Microsoft Corporation) C:\Windows\system32\aitagent.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax
2017-12-17 05:25 - 2010-11-20 13:24 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\kstvtune.ax
2017-12-17 05:25 - 2010-11-20 13:24 - 000102400 _____ (Microsoft Corporation) C:\Windows\system32\mobsync.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\WSTPager.ax
2017-12-17 05:25 - 2010-11-20 13:24 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\cmstp.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000091648 _____ (Microsoft Corporation) C:\Windows\system32\isoburn.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000079872 _____ (Microsoft Corporation) C:\Windows\system32\manage-bde.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000075776 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2017-12-17 05:25 - 2010-11-20 13:24 - 000071168 _____ (Microsoft Corporation) C:\Windows\system32\findstr.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000071168 _____ (Microsoft Corporation) C:\Windows\bfsvc.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000066048 _____ (Microsoft Corporation) C:\Windows\system32\ksxbar.ax
2017-12-17 05:25 - 2010-11-20 13:24 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\djoin.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\g711codc.ax
2017-12-17 05:25 - 2010-11-20 13:24 - 000048128 _____ (Microsoft Corporation) C:\Windows\system32\ftp.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\vbisurf.ax
2017-12-17 05:25 - 2010-11-20 13:24 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\choice.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000027648 _____ (Microsoft Corporation) C:\Windows\system32\LogonUI.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\chgport.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\chglogon.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000021504 _____ (Microsoft Corporation) C:\Windows\system32\logoff.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000021504 _____ (Microsoft Corporation) C:\Windows\system32\chgusr.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\change.exe
2017-12-17 05:25 - 2010-11-20 13:24 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2017-12-17 05:25 - 2010-11-20 13:15 - 001164800 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2017-12-17 05:25 - 2010-11-20 13:14 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\spwizres.dll
2017-12-17 05:25 - 2010-11-20 13:13 - 000147456 _____ (Microsoft Corporation) C:\Windows\system32\RDPENCDD.dll
2017-12-17 05:25 - 2010-11-20 13:12 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\pifmgr.dll
2017-12-17 05:25 - 2010-11-20 13:09 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\vmicres.dll
2017-12-17 05:25 - 2010-11-20 13:09 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\vmbusres.dll
2017-12-17 05:25 - 2010-11-20 13:09 - 000038400 _____ (Microsoft Corporation) C:\Windows\system32\vmstorfltres.dll
2017-12-17 05:25 - 2010-11-20 13:02 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDTUQ.DLL
2017-12-17 05:25 - 2010-11-20 13:02 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDTUF.DLL
2017-12-17 05:25 - 2010-11-20 13:02 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDSG.DLL
2017-12-17 05:25 - 2010-11-20 13:02 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\kbdlk41a.dll
2017-12-17 05:25 - 2010-11-20 13:02 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDGKL.DLL
2017-12-17 05:25 - 2010-11-20 13:02 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDCZ1.DLL
2017-12-17 05:25 - 2010-11-20 13:02 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDSF.DLL
2017-12-17 05:25 - 2010-11-20 13:02 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDPO.DLL
2017-12-17 05:25 - 2010-11-20 13:02 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDNEPR.DLL
2017-12-17 05:25 - 2010-11-20 13:02 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINTAM.DLL
2017-12-17 05:25 - 2010-11-20 13:02 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINBEN.DLL
2017-12-17 05:25 - 2010-11-20 13:02 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDGR1.DLL
2017-12-17 05:25 - 2010-11-20 13:02 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDUS.DLL
2017-12-17 05:25 - 2010-11-20 13:02 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDUGHR1.DLL
2017-12-17 05:25 - 2010-11-20 13:02 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTURME.DLL
2017-12-17 05:25 - 2010-11-20 13:02 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAJIK.DLL
2017-12-17 05:25 - 2010-11-20 13:02 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDMON.DLL
2017-12-17 05:25 - 2010-11-20 13:02 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDMAORI.DLL
2017-12-17 05:25 - 2010-11-20 13:02 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDLT1.DLL
2017-12-17 05:25 - 2010-11-20 13:02 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINTEL.DLL
2017-12-17 05:25 - 2010-11-20 13:02 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINORI.DLL
2017-12-17 05:25 - 2010-11-20 13:02 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINMAR.DLL
2017-12-17 05:25 - 2010-11-20 13:02 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINKAN.DLL
2017-12-17 05:25 - 2010-11-20 13:02 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINHIN.DLL
2017-12-17 05:25 - 2010-11-20 13:02 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBULG.DLL
2017-12-17 05:25 - 2010-11-20 13:02 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBLR.DLL
2017-12-17 05:25 - 2010-11-20 13:02 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2017-12-17 05:25 - 2010-11-20 13:02 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDGEO.DLL
2017-12-17 05:25 - 2010-11-20 12:58 - 000003072 _____ (Microsoft Corporation) C:\Windows\system32\dpnaddr.dll
2017-12-17 05:25 - 2010-11-20 12:54 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\BlbEvents.dll
2017-12-17 05:25 - 2010-11-20 12:51 - 000424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-12-17 05:25 - 2010-11-20 12:51 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-ums-l1-1-0.dll
2017-12-17 05:25 - 2010-11-20 12:36 - 000107008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NAPHLPR.DLL
2017-12-17 05:25 - 2010-11-20 12:36 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NAPCRYPT.DLL
2017-12-17 05:25 - 2010-11-20 12:32 - 005066752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthFWSnapin.dll
2017-12-17 05:25 - 2010-11-20 12:23 - 000144768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 002983424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 002311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 002202624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsCpl.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 002157568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themecpl.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 002146304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncCenter.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 001712640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 001667584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 001326592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanpref.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 001229824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 001128448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 001115136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RacEngn.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 001003008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMNetMgr.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000980992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000933376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Vault.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000870912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000782336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000778240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqlsrv32.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000755200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sud.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000638976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VAN.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000600064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmdev.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000505856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000473600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\riched20.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000464896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrptadm.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000458752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000436736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmnet.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000428544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shwebsvc.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000416768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiadefui.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000411648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlangpui.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000410624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\systemcpl.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000410112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanui.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000406528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000380416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sxs.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000363008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemcomn.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\termmgr.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwizeng.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000350720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDSp.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000350208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000346624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000335872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSATAPI.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000328192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsvcs.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000327680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\raschap.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqlcese30.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srchadmin.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000283648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000246272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scansetting.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000242176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tapisrv.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000229376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000228352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000222208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wavemsp.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnp.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000198144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdwcn.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcomapi.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdscore.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqmapi.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000186368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000181760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpipcfg.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scecli.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spp.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vdsbas.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\syncui.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remotepg.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twext.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000134656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxlib.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000113664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiavideo.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000108032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShServiceObj.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppinst.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srvcli.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QUTIL.DLL
2017-12-17 05:25 - 2010-11-20 12:21 - 000078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserAccountControlSettings.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\regapi.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tlscsp.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spbcd.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdmat.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vfwwdm32.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpd3d.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000051200 _____ (Twain Working Group) C:\Windows\twain_32.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samcli.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wkscli.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RpcRtRemote.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wtsapi32.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtutils.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshbth.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimgvw.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\utildll.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vpnikeapi.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsdchngr.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TRAPI.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdprefdrvapi.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shgina.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spopk.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000019456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sisbkup.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schedcli.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\syssetup.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsbyuv.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshirda.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shunimpl.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2017-12-17 05:25 - 2010-11-20 12:21 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\riched32.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 002504192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVCORE.DLL
2017-12-17 05:25 - 2010-11-20 12:20 - 002494464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netshell.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 002130944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\networkmap.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 001750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pnidui.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 001661440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\networkexplorer.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 001644032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcenter.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 001160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 001111552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\onexui.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000932352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000859648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OobeFldr.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000801280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NaturalLanguage6.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000600576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PerfCenterCPL.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbc32.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000563712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000547840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceApi.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000441856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercpl.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceStatus.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000406528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000395264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnfldr.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000346112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshipsec.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000324608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000283136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdv.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000225792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netdiagfx.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OnLineIDCpl.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\onex.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000190976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qcap.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000183296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceSyncProvider.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ocsetapi.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QAGENT.DLL
2017-12-17 05:25 - 2010-11-20 12:20 - 000167936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSHVHOST.DLL
2017-12-17 05:25 - 2010-11-20 12:20 - 000166400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netiohlp.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000165376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\provsvc.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netjoin.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000153088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mydocs.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000121344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prntvpt.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netid.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prncache.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSVRMGMT.DLL
2017-12-17 05:25 - 2010-11-20 12:20 - 000090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nci.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olethk32.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QCLIPROV.DLL
2017-12-17 05:25 - 2010-11-20 12:20 - 000069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntlanman.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\napdsnap.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptui.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcconf.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netutils.dll
2017-12-17 05:25 - 2010-11-20 12:20 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfts.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 010990080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 005977600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 002576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 002064384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 001698816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000954752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000954288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40u.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000856576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallControlPanel.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontext.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000732160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi2fs.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000606208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000599552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000592384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000429056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\localsec.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ipsmsnap.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000392192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi2.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000389120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxclu.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hgcpl.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000226304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAC3ENC.DLL
2017-12-17 05:25 - 2010-11-20 12:19 - 000213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MMDevAPI.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstask.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000202752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000186368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFPlay.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasrad.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000167936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msutb.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprapi.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000148992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ifsutil.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logoncli.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000124416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fde.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasrecst.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvfw32.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000114688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IPHLPAPI.DLL
2017-12-17 05:25 - 2010-11-20 12:19 - 000101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\migisol.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fphc.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000096256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000093696 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\SysWOW64\fms.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciavi32.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000082944 _____ (Radius Inc.) C:\Windows\SysWOW64\iccvid.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasacct.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hbaapi.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdeploy.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetmib1.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iyuv_32.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mimefilt.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\luainstall.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciqtz32.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\httpapi.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msasn1.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvidc32.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdmo.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsium.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msyuv.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lsmproxy.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\muifontsetup.dll
2017-12-17 05:25 - 2010-11-20 12:19 - 000013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrle32.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 003727872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\accessibilitycpl.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 002522624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 001828352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 001555456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certmgr.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DxpTaskSync.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 001371136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 001334272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 001040384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000854016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000762880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\azroles.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000744448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenter.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000740864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\batmeter.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000739840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000685056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsuiext.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuxiliaryDisplayCpl.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000537600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenterCPL.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000522752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000508416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000484864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceCenter.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000438272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AdmTmpl.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000333824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3ui.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\azroleui.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000257024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpx.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000252928 _____ (Microsoft) C:\Windows\SysWOW64\DShowRdpFilter.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000243712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodev.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000242176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000222208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\defaultlocationcpl.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000211456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairingFolder.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000205312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efscore.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000202752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\activeds.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dskquoui.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsldp.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoplay.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscobj.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000132608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cabview.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000128512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EhStorAPI.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3msm.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscmmc.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\avifil32.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3api.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3cfg.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cabinet.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\amstream.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cca.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertPolEng.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\acppage.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscapi.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsauth.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000028160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzSqlExt.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscdll.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elsTrans.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000019456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bitsperf.dll
2017-12-17 05:25 - 2010-11-20 12:18 - 000011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\C_ISCII.DLL
2017-12-17 05:25 - 2010-11-20 12:18 - 000010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browseui.dll
2017-12-17 05:25 - 2010-11-20 12:17 - 002616320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000586752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfrgui.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000327680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimserv.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000322048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVol.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000288256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eudcedit.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000280064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000276480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskraid.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sethc.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000227328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskmgr.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PkgMgr.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000197632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ocsetup.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsicli.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\net1.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskpart.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000113152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupugc.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000101376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mobsync.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000098816 _____ (Microsoft) C:\Windows\SysWOW64\Robocopy.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nslookup.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\isoburn.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmstp.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MuiUnattend.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\w32tm.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findstr.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\takeown.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PushPrinterConnections.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\runonce.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzutil.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftp.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unlodctr.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\proquota.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userinit.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netiougc.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgentc.exe
2017-12-17 05:25 - 2010-11-20 12:17 - 000012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2017-12-17 05:25 - 2010-11-20 12:16 - 001466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-12-17 05:25 - 2010-11-20 12:16 - 000905216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2017-12-17 05:25 - 2010-11-20 12:16 - 000878592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Bubbles.scr
2017-12-17 05:25 - 2010-11-20 12:16 - 000776192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2017-12-17 05:25 - 2010-11-20 12:16 - 000692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bthprops.cpl
2017-12-17 05:25 - 2010-11-20 12:16 - 000679424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe
2017-12-17 05:25 - 2010-11-20 12:16 - 000668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2017-12-17 05:25 - 2010-11-20 12:16 - 000658944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autofmt.exe
2017-12-17 05:25 - 2010-11-20 12:16 - 000649216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2017-12-17 05:25 - 2010-11-20 12:16 - 000516096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\main.cpl
2017-12-17 05:25 - 2010-11-20 12:16 - 000478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2017-12-17 05:25 - 2010-11-20 12:16 - 000413696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2017-12-17 05:25 - 2010-11-20 12:16 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2017-12-17 05:25 - 2010-11-20 12:16 - 000326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysdm.cpl
2017-12-17 05:25 - 2010-11-20 12:16 - 000320000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2017-12-17 05:25 - 2010-11-20 12:16 - 000293888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ssText3d.scr
2017-12-17 05:25 - 2010-11-20 12:16 - 000281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdm.tsp
2017-12-17 05:25 - 2010-11-20 12:16 - 000221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mystify.scr
2017-12-17 05:25 - 2010-11-20 12:16 - 000220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Ribbons.scr
2017-12-17 05:25 - 2010-11-20 12:16 - 000204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2017-12-17 05:25 - 2010-11-20 12:16 - 000186368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bitsadmin.exe
2017-12-17 05:25 - 2010-11-20 12:16 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdmaud.drv
2017-12-17 05:25 - 2010-11-20 12:16 - 000153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax
2017-12-17 05:25 - 2010-11-20 12:16 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl
2017-12-17 05:25 - 2010-11-20 12:16 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\desk.cpl
2017-12-17 05:25 - 2010-11-20 12:16 - 000107008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Kswdmcap.ax
2017-12-17 05:25 - 2010-11-20 12:16 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kstvtune.ax
2017-12-17 05:25 - 2010-11-20 12:16 - 000072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2017-12-17 05:25 - 2010-11-20 12:16 - 000068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSTPager.ax
2017-12-17 05:25 - 2010-11-20 12:16 - 000059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2017-12-17 05:25 - 2010-11-20 12:16 - 000048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksxbar.ax
2017-12-17 05:25 - 2010-11-20 12:16 - 000045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\g711codc.ax
2017-12-17 05:25 - 2010-11-20 12:16 - 000033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbisurf.ax
2017-12-17 05:25 - 2010-11-20 12:08 - 000119808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imm32.dll
2017-12-17 05:25 - 2010-11-20 12:08 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTUQ.DLL
2017-12-17 05:25 - 2010-11-20 12:08 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTUF.DLL
2017-12-17 05:25 - 2010-11-20 12:08 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDSG.DLL
2017-12-17 05:25 - 2010-11-20 12:08 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdlk41a.dll
2017-12-17 05:25 - 2010-11-20 12:08 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDGR1.DLL
2017-12-17 05:25 - 2010-11-20 12:08 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDGKL.DLL
2017-12-17 05:25 - 2010-11-20 12:08 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDCZ1.DLL
2017-12-17 05:25 - 2010-11-20 12:08 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDSF.DLL
2017-12-17 05:25 - 2010-11-20 12:08 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDPO.DLL
2017-12-17 05:25 - 2010-11-20 12:08 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDNEPR.DLL
2017-12-17 05:25 - 2010-11-20 12:08 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTAM.DLL
2017-12-17 05:25 - 2010-11-20 12:08 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINORI.DLL
2017-12-17 05:25 - 2010-11-20 12:08 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAR.DLL
2017-12-17 05:25 - 2010-11-20 12:08 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINKAN.DLL
2017-12-17 05:25 - 2010-11-20 12:08 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINHIN.DLL
2017-12-17 05:25 - 2010-11-20 12:08 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBEN.DLL
2017-12-17 05:25 - 2010-11-20 12:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDUS.DLL
2017-12-17 05:25 - 2010-11-20 12:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDUGHR1.DLL
2017-12-17 05:25 - 2010-11-20 12:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTURME.DLL
2017-12-17 05:25 - 2010-11-20 12:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAJIK.DLL
2017-12-17 05:25 - 2010-11-20 12:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDMON.DLL
2017-12-17 05:25 - 2010-11-20 12:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDMAORI.DLL
2017-12-17 05:25 - 2010-11-20 12:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDLT1.DLL
2017-12-17 05:25 - 2010-11-20 12:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTEL.DLL
2017-12-17 05:25 - 2010-11-20 12:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDGEO.DLL
2017-12-17 05:25 - 2010-11-20 12:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBULG.DLL
2017-12-17 05:25 - 2010-11-20 12:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBLR.DLL
2017-12-17 05:25 - 2010-11-20 12:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2017-12-17 05:25 - 2010-11-20 12:07 - 001164800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2017-12-17 05:25 - 2010-11-20 12:07 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwizres.dll
2017-12-17 05:25 - 2010-11-20 12:05 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pifmgr.dll
2017-12-17 05:25 - 2010-11-20 11:57 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
2017-12-17 05:25 - 2010-11-20 11:37 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys
2017-12-17 05:25 - 2010-11-20 11:34 - 000482816 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-12-17 05:25 - 2010-11-20 11:07 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2017-12-17 05:25 - 2010-11-20 11:06 - 000165888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpdr.sys
2017-12-17 05:25 - 2010-11-20 11:05 - 000274944 _____ (Microsoft Corporation) C:\Windows\system32\rdpdd.dll
2017-12-17 05:25 - 2010-11-20 11:04 - 000248832 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2017-12-17 05:25 - 2010-11-20 10:52 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys
2017-12-17 05:25 - 2010-11-20 10:52 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2017-12-17 05:25 - 2010-11-20 10:52 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2017-12-17 05:25 - 2010-11-20 10:52 - 000111104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys
2017-12-17 05:25 - 2010-11-20 10:52 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2017-12-17 05:25 - 2010-11-20 10:52 - 000082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys
2017-12-17 05:25 - 2010-11-20 10:52 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2017-12-17 05:25 - 2010-11-20 10:51 - 000125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2017-12-17 05:25 - 2010-11-20 10:51 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2017-12-17 05:25 - 2010-11-20 10:50 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys
2017-12-17 05:25 - 2010-11-20 10:49 - 000386048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-12-17 05:25 - 2010-11-20 10:44 - 000350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2017-12-17 05:25 - 2010-11-20 10:44 - 000229888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys
2017-12-17 05:25 - 2010-11-20 10:44 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys
2017-12-17 05:25 - 2010-11-20 10:44 - 000032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys
2017-12-17 05:25 - 2010-11-20 10:43 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2017-12-17 05:25 - 2010-11-20 10:43 - 000122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2017-12-17 05:25 - 2010-11-20 10:43 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2017-12-17 05:25 - 2010-11-20 10:42 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2017-12-17 05:25 - 2010-11-20 10:34 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys
2017-12-17 05:25 - 2010-11-20 10:33 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2017-12-17 05:25 - 2010-11-20 10:33 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys
2017-12-17 05:25 - 2010-11-20 10:33 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2017-12-17 05:25 - 2010-11-20 10:09 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys
2017-12-17 05:25 - 2010-11-20 10:04 - 000078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2017-12-17 05:25 - 2010-11-20 09:58 - 000244224 _____ (Microsoft Corporation) C:\Windows\system32\vmicsvc.exe
2017-12-17 05:25 - 2010-11-20 09:57 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\VmbusCoinstaller.dll
2017-12-17 05:25 - 2010-11-20 09:57 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\VmdCoinstall.dll
2017-12-17 05:25 - 2010-11-20 09:57 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\IcCoinstall.dll
2017-12-17 05:25 - 2010-11-20 09:57 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\vmictimeprovider.dll
2017-12-17 05:25 - 2010-11-20 09:57 - 000021760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VMBusHID.sys
2017-12-17 05:25 - 2010-11-20 09:57 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\vmbuspipe.dll
2017-12-17 05:25 - 2010-11-20 09:57 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vms3cap.sys
2017-12-17 05:25 - 2010-11-20 09:30 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys
2017-12-17 05:25 - 2010-11-20 09:27 - 000514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2017-12-17 05:25 - 2010-11-20 09:26 - 000328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2017-12-17 05:25 - 2010-11-20 09:22 - 000026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys
2017-12-17 05:25 - 2010-11-20 09:19 - 000147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys
2017-12-17 05:25 - 2010-11-10 01:48 - 000010429 _____ C:\Windows\system32\ScavengeSpace.xml
2017-12-17 05:25 - 2010-11-05 02:20 - 000347904 _____ C:\Windows\system32\systemsf.ebd
2017-12-17 05:25 - 2010-11-05 02:20 - 000105559 _____ C:\Windows\SysWOW64\RacRules.xml
2017-12-17 05:25 - 2010-11-05 02:20 - 000105559 _____ C:\Windows\system32\RacRules.xml
2017-12-17 05:25 - 2010-11-05 02:11 - 000433512 _____ (Microsoft Corporation) C:\Windows\system32\MCEWMDRMNDBootstrap.dll
2017-12-17 05:25 - 2010-11-05 02:11 - 000312168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCEWMDRMNDBootstrap.dll
2017-12-17 05:25 - 2010-11-05 01:58 - 000297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2017-12-17 05:25 - 2010-11-05 01:58 - 000049488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2017-12-17 05:25 - 2010-11-05 01:57 - 000444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2017-12-17 05:25 - 2010-11-05 01:57 - 000048976 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2017-12-17 05:25 - 2010-11-05 01:53 - 000320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2017-12-17 05:25 - 2010-11-05 01:53 - 000295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2017-12-17 05:25 - 2010-11-05 01:53 - 000109928 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2017-12-17 05:25 - 2010-11-05 01:53 - 000099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2017-12-17 05:25 - 2009-07-14 01:16 - 000629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pmcsnap.dll
2017-12-17 05:25 - 2009-07-14 01:16 - 000238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ppcsnap.dll
2017-12-17 05:25 - 2009-07-14 01:16 - 000061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpmonui.dll
2017-12-17 05:25 - 2009-06-10 21:40 - 000146389 _____ C:\Windows\SysWOW64\printmanagement.msc
2017-12-17 05:25 - 2009-06-10 21:39 - 000001041 _____ C:\Windows\SysWOW64\tcpbidi.xml
2017-12-17 05:21 - 2017-12-17 05:36 - 000000000 ____D C:\Windows\system32\MRT
2017-12-17 05:21 - 2017-12-17 05:35 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-12-17 05:21 - 2017-12-17 05:35 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-12-17 04:42 - 2017-12-17 04:42 - 000000000 ____D C:\SUPERDelete
2017-12-17 04:07 - 2017-12-17 09:35 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-12-17 03:20 - 2011-06-26 06:45 - 000256000 _____ C:\Windows\PEV.exe
2017-12-17 03:20 - 2009-04-20 04:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-12-17 03:20 - 2000-08-31 00:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-12-17 03:20 - 2000-08-31 00:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-12-17 03:20 - 2000-08-31 00:00 - 000098816 _____ C:\Windows\sed.exe
2017-12-17 03:20 - 2000-08-31 00:00 - 000080412 _____ C:\Windows\grep.exe
2017-12-17 03:20 - 2000-08-31 00:00 - 000068096 _____ C:\Windows\zip.exe
2017-12-17 03:19 - 2017-12-17 03:22 - 000000000 ____D C:\Qoobox
2017-12-17 03:19 - 2017-12-17 03:21 - 000000000 ____D C:\Windows\erdnt
2017-12-17 03:14 - 2017-12-17 03:19 - 000000000 ____D C:\ProgramData\RogueKiller
2017-12-17 03:14 - 2017-12-17 03:14 - 000000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-12-17 03:14 - 2017-12-17 03:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-12-17 03:14 - 2017-12-17 03:14 - 000000000 ____D C:\Program Files\RogueKiller
2017-12-17 03:11 - 2017-12-17 03:12 - 000003735 _____ C:\Windows\unins000.dat
2017-12-17 03:11 - 2017-12-17 03:11 - 001174979 _____ C:\Windows\unins000.exe
2017-12-17 03:11 - 2011-09-13 16:23 - 001900368 _____ (www.tbsdtv.com) C:\Windows\system32\Drivers\tbs6280_64.sys
2017-12-17 03:11 - 2011-09-13 16:23 - 000009490 _____ C:\Windows\system32\Drivers\tbs6280_64.cat
2017-12-17 03:11 - 2006-11-02 01:05 - 000080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\devcon.exe
2017-12-17 03:10 - 2017-12-17 03:11 - 000000000 ____D C:\Program Files (x86)\DVBViewer
2017-12-17 03:10 - 2017-12-17 03:10 - 000001905 _____ C:\Users\Public\Desktop\DVBViewer.lnk
2017-12-17 03:10 - 2017-12-17 03:10 - 000000000 ____D C:\Users\5364636\AppData\Roaming\CMUV
2017-12-17 03:10 - 2017-12-17 03:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVBViewer
2017-12-17 03:04 - 2017-12-17 03:04 - 000000000 ____D C:\Windows\pss
2017-12-17 02:53 - 2017-12-17 02:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-12-17 02:51 - 2017-12-17 10:14 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-17 02:51 - 2017-12-17 02:52 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-12-17 02:51 - 2017-12-17 02:52 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-12-17 02:51 - 2017-12-17 02:51 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-12-17 02:51 - 2017-12-17 02:51 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-12-17 02:51 - 2017-11-09 05:06 - 000540600 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-12-17 02:51 - 2017-11-09 05:06 - 000446392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-12-17 02:51 - 2017-10-27 16:36 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2017-12-17 02:51 - 2017-10-27 16:12 - 005960824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-12-17 02:51 - 2017-10-27 16:12 - 002587768 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-12-17 02:51 - 2017-10-27 16:12 - 001766520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-12-17 02:51 - 2017-10-27 16:12 - 000607168 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-12-17 02:51 - 2017-10-27 16:12 - 000449656 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-12-17 02:51 - 2017-10-27 16:12 - 000123000 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-12-17 02:51 - 2017-10-27 16:12 - 000081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-12-17 02:51 - 2017-10-27 16:06 - 000136312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-12-17 02:51 - 2017-10-25 10:33 - 007802921 _____ C:\Windows\system32\nvcoproc.bin
2017-12-17 02:51 - 2017-09-13 23:20 - 000798008 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-12-17 02:51 - 2017-09-13 23:20 - 000490296 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-12-17 02:51 - 2017-09-13 23:19 - 000927544 _____ C:\Windows\system32\vulkan-1.dll
2017-12-17 02:51 - 2017-09-13 23:19 - 000591160 _____ C:\Windows\system32\vulkaninfo.exe
2017-12-17 02:48 - 2017-12-17 02:48 - 000000000 ____D C:\ProgramData\APRP
2017-12-17 02:44 - 2017-12-17 02:44 - 000000000 ____D C:\Intel
2017-12-17 02:36 - 2017-12-17 02:36 - 000057560 _____ C:\Users\5364636\AppData\Local\GDIPFONTCACHEV1.DAT
2017-12-17 02:36 - 2017-12-17 02:36 - 000000000 ____D C:\ProgramData\Microsoft Toolkit
2017-12-17 02:34 - 2017-12-17 05:45 - 000010024 _____ C:\Windows\PE_Rom.dll
2017-12-17 02:34 - 2017-12-17 02:58 - 000000000 ____D C:\Windows\system32\appmgmt
2017-12-17 02:34 - 2014-02-25 00:49 - 000014464 _____ C:\Windows\SysWOW64\Drivers\AsUpIO.sys
2017-12-17 02:30 - 2017-12-17 02:33 - 000000000 ____D C:\ProgramData\Norton
2017-12-17 02:30 - 2017-12-17 02:30 - 000000000 ____D C:\ProgramData\NortonInstaller
2017-12-17 02:29 - 2017-12-17 02:52 - 000000000 ____D C:\Temp
2017-12-17 02:29 - 2017-12-17 02:29 - 000000000 ____D C:\Windows\System32\Tasks\ASUS
2017-12-17 02:29 - 2015-07-29 11:44 - 001462720 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
2017-12-17 02:29 - 2015-07-29 11:44 - 000031144 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorF.sys
2017-12-17 02:28 - 2017-12-17 05:45 - 000000000 ____D C:\ProgramData\Intel
2017-12-17 02:28 - 2017-12-17 02:29 - 000000000 ____D C:\Program Files (x86)\Intel
2017-12-17 02:28 - 2017-12-17 02:28 - 000000000 ____H C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
2017-12-17 02:28 - 2017-12-17 02:28 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2017-12-17 02:27 - 2017-12-17 02:54 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-12-17 02:27 - 2017-12-17 02:54 - 000000000 ____D C:\Program Files (x86)\Realtek
2017-12-17 02:27 - 2015-01-15 06:42 - 000977624 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2017-12-17 02:27 - 2015-01-15 06:42 - 000107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2017-12-17 02:27 - 2015-01-15 06:42 - 000073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2017-12-17 02:21 - 2014-07-23 01:59 - 000003008 ____R C:\Windows\system32\Drivers\DTSU2P.DAT
2017-12-17 02:20 - 2017-12-17 05:44 - 000000000 ____D C:\Program Files\Intel
2017-12-17 02:20 - 2017-12-17 02:20 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-17 02:18 - 2017-12-17 02:58 - 000000000 ____D C:\Program Files (x86)\ASUS
2017-12-17 02:18 - 2017-12-17 02:30 - 000000734 _____ C:\Windows\Ascd_ProcessLog.ini
2017-12-17 02:18 - 2017-12-17 02:18 - 000041768 _____ C:\Windows\Ascd_tmp.ini
2017-12-17 02:18 - 2014-09-09 02:14 - 000028672 ____R (ASUSTek Computer Inc.) C:\Windows\SysWOW64\AsIO.dll
2017-12-17 02:18 - 2014-09-09 02:14 - 000015232 ____R C:\Windows\SysWOW64\Drivers\AsIO.sys
2017-12-17 02:13 - 2017-12-17 02:56 - 000000000 ___HD C:\Program Files (x86)\Temp
2017-12-17 02:13 - 2017-12-17 02:55 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2017-12-17 02:13 - 2017-12-17 02:55 - 000000000 ____D C:\Windows\system32\DAX2
2017-12-17 02:13 - 2017-12-17 02:13 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2017-12-17 02:13 - 2017-12-17 02:13 - 000000000 ____D C:\Program Files\Realtek
2017-12-17 02:13 - 2015-12-25 08:48 - 005804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2017-12-17 02:11 - 2017-12-17 02:11 - 000000000 ____D C:\Users\5364636\Intel
2017-12-17 02:11 - 2017-12-17 02:11 - 000000000 ____D C:\Users\5364636\AppData\Roaming\WinRAR
2017-12-17 02:11 - 2012-07-26 04:55 - 000054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2017-12-17 02:11 - 2012-07-26 02:36 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2017-12-17 02:11 - 2012-06-02 14:35 - 000000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2017-12-17 02:10 - 2017-12-17 02:11 - 000000000 ____D C:\Program Files\WinRAR
2017-12-17 02:10 - 2017-12-17 02:10 - 000000000 ____D C:\Users\5364636\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-12-17 02:10 - 2017-12-17 02:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-12-17 02:07 - 2017-12-17 05:47 - 000720420 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-12-17 02:01 - 2017-12-17 10:17 - 000000000 ____D C:\Users\5364636
2017-12-17 02:01 - 2017-12-17 02:01 - 000000020 ___SH C:\Users\5364636\ntuser.ini
2017-12-17 02:01 - 2017-12-17 02:01 - 000000000 ____D C:\Users\5364636\AppData\Local\VirtualStore
2017-12-17 02:01 - 2009-07-14 07:45 - 000000000 ____D C:\Users\5364636\AppData\Roaming\Media Center Programs
2017-12-17 01:58 - 2017-12-17 01:58 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2017-12-17 01:57 - 2017-12-17 07:49 - 000354388 ____N C:\Windows\Minidump\121717-5304-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-17 10:21 - 2009-07-14 04:45 - 000015856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-17 10:21 - 2009-07-14 04:45 - 000015856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-17 10:19 - 2009-07-14 05:13 - 000736438 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-17 10:19 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\inf
2017-12-17 10:14 - 2009-07-14 05:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-17 09:57 - 2009-07-14 05:32 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2017-12-17 06:04 - 2009-07-14 05:32 - 000000000 ____D C:\Program Files\Windows Defender
2017-12-17 06:04 - 2009-07-14 05:32 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-12-17 06:04 - 2009-07-14 04:45 - 000265552 _____ C:\Windows\system32\FNTCACHE.DAT
2017-12-17 06:04 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
2017-12-17 06:04 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\SysWOW64\migwiz
2017-12-17 06:04 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\SysWOW64\Dism
2017-12-17 06:04 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\system32\Setup
2017-12-17 06:04 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\system32\migwiz
2017-12-17 06:04 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\system32\Dism
2017-12-17 06:04 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2017-12-17 06:04 - 2009-07-14 03:20 - 000000000 ____D C:\Program Files\Common Files\System
2017-12-17 05:52 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\Registration
2017-12-17 05:30 - 2009-07-14 05:32 - 000000000 ____D C:\Program Files\Windows Portable Devices
2017-12-17 05:30 - 2009-07-14 05:32 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-12-17 05:30 - 2009-07-14 05:32 - 000000000 ____D C:\Program Files\DVD Maker
2017-12-17 05:30 - 2009-07-14 05:32 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2017-12-17 05:30 - 2009-07-14 05:32 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-12-17 05:30 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\SysWOW64\oobe
2017-12-17 05:30 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\SysWOW64\manifeststore
2017-12-17 05:30 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2017-12-17 05:30 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\system32\oobe
2017-12-17 05:30 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\system32\manifeststore
2017-12-17 05:30 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2017-12-17 05:30 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\servicing
2017-12-17 05:26 - 2009-07-14 02:36 - 000175616 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2017-12-17 05:26 - 2009-07-14 02:36 - 000152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2017-12-17 03:21 - 2009-07-14 02:34 - 000000215 _____ C:\Windows\system.ini
2017-12-17 02:51 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\Help
2017-12-17 02:00 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\rescache
2017-12-17 01:59 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\system32\sysprep
2017-12-17 01:58 - 2009-07-14 07:46 - 000000000 ____D C:\Windows\CSC

Some files in TEMP:
====================
2017-12-17 04:07 - 2017-09-13 15:31 - 001732864 _____ (Microsoft Corporation) C:\Users\5364636\AppData\Local\temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-17 01:57

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-12-2017
Ran by 5364636 (17-12-2017 10:27:12)
Running from C:\Users\5364636\Downloads
Windows 7 Professional Service Pack 1 (X64) (2017-12-17 02:01:08)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

5364636 (S-1-5-21-1301211104-4118676993-3751969790-1000 - Administrator - Enabled) => C:\Users\5364636
Administrator (S-1-5-21-1301211104-4118676993-3751969790-500 - Administrator - Disabled)
Guest (S-1-5-21-1301211104-4118676993-3751969790-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

DVBViewer Pro (HKLM-x32\...\DVBViewer Pro_is1) (Version: 4.5.0 - CM&V)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.4.1186 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.0.36 - Intel Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Mozilla Firefox 52.5.2 ESR (x64 en-GB) (HKLM\...\Mozilla Firefox 52.5.2 ESR (x64 en-GB)) (Version: 52.5.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.5.2 - Mozilla)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7982 - Realtek Semiconductor Corp.)
RogueKiller version 12.11.28.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.28.0 - Adlice Software)
TBS 6280 Dual DVBT/T2 Tuner driver 1.0.0.6 for windows (HKLM\...\TBS 6280 Dual DVBT/T2 Tuner driver for windows_is1) (Version: - TBS Technologies)
VideoReDo TVSuite Version 4.20.6.612 (HKLM-x32\...\VideoReDo4_is1) (Version: - DRD Systems, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C2A2115-7240-4623-8A58-3AA5066ADA88} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe
Task: {C98F0DF5-24D8-4DE3-9F9B-221DE50C563A} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel® Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-03-16 01:54 - 2016-03-16 01:54 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0888F409 [146]
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47 [163]
AlternateDataStreams: C:\ProgramData\TEMP:66633281 [140]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2009-06-10 21:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1301211104-4118676993-3751969790-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{260B6EF1-6510-444E-B9F2-8B371DE5CE6A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/17/2017 06:04:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jhi_service.exe, version: 11.0.4.1186, time stamp: 0x56e8a02a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x746974ac
Faulting process id: 0xe7c
Faulting application start time: 0x01d376fa20dc33f4
Faulting application path: C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
Faulting module path: unknown
Report Id: 1dab37dd-e2f0-11e7-978e-d017c2995895

Error: (12/17/2017 06:04:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mscorsvw.exe, version: 4.0.30319.36415, time stamp: 0x59a661e3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x746974ac
Faulting process id: 0xc90
Faulting application start time: 0x01d376fa93eb4801
Faulting application path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Faulting module path: unknown
Report Id: 1d9108bd-e2f0-11e7-978e-d017c2995895

Error: (12/17/2017 05:30:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jhi_service.exe, version: 11.0.0.1162, time stamp: 0x55c3d988
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x74ed6cc4
Faulting process id: 0xb7c
Faulting application start time: 0x01d376f575c61fe7
Faulting application path: C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
Faulting module path: unknown
Report Id: 646f020a-e2eb-11e7-b37a-d017c2995895

Error: (12/17/2017 05:30:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mscorsvw.exe, version: 4.0.30319.34209, time stamp: 0x5348947f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x74ed6cc4
Faulting process id: 0x9a0
Faulting application start time: 0x01d376f5758a9d87
Faulting application path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Faulting module path: unknown
Report Id: 644b4d6a-e2eb-11e7-b37a-d017c2995895

Error: (12/17/2017 04:47:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\SUPERAntiSpyware\sas_enum_cookies.exe".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/17/2017 04:46:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\SUPERAntiSpyware\sas_enum_cookies.exe".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/17/2017 03:20:01 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.

Operation:
Instantiating VSS server

Error: (12/17/2017 03:20:01 AM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]

Operation:
Instantiating VSS server

Error: (12/17/2017 03:00:41 AM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F015
Partial Pkey=HVTHH
ACID=ae2ee509-1b34-41c0-acb7-6d4650168915
Detailed Error[?]

Error: (12/17/2017 02:58:04 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\ASUS\APRP\AsTaskSched.dll".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (12/17/2017 10:14:04 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (12/17/2017 07:51:47 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (12/17/2017 07:49:51 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/17/2017 07:49:51 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/17/2017 07:49:51 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/17/2017 07:49:51 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/17/2017 07:49:51 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/17/2017 07:49:51 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/17/2017 07:49:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/17/2017 07:49:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

==================== Memory info ===========================

Processor: Intel® Core™ i7-6700 CPU @ 3.40GHz
Percentage of memory in use: 13%
Total physical RAM: 16327.13 MB
Available physical RAM: 14106.29 MB
Total Virtual: 16341.31 MB
Available Virtual: 13939.07 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:201.13 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (TV & Videos) (Fixed) (Total:886.45 GB) (Free:375.92 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Music & Storage) (Fixed) (Total:976.56 GB) (Free:336.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 9DD63A5E)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 9B5BF978)
Partition 1: (Active) - (Size=886.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=976.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files

FRST.txt 232.92KB 4 downloads
Addition.txt 15.58KB 3 downloads

Edited by Oh My!, 17 December 2017 - 03:36 PM.
Posted shortened and modified report

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Oh My!

Adware and Spyware and Malware.....

Malware Response Instructor
37,502 posts
ONLINE

Gender:Male
Location:California
Local time:08:38 PM

Posted 17 December 2017 - 03:51 PM

Greetings xeobrwsx and :welcome:

to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:

First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
I would like to remind you to make no further changes to your computer unless I direct you to do so.

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Did you disable System Restore?

Why do you think you have an MBR rootkit?

Please do this.

===================================================

Run TDSSKiller by Kaspersky

--------------------

Please download Kaspersky's TDSSKiller and save it to your Desktop
Right-click on TDSSKiller.exe and select Run As Administrator
Click Accept on the End User License Agreement
Click Accept on the KSN Statement
Click Change parameters
Place a check mark in the following boxes

Detect TDLFS file system
Verify file digital signatures

Click OK
Click Start Scan
If the scan completes with nothing found, click Close to exit.
Any objects found will show in the Scan results - Select action for found objects
If an infected file is detected, the default action will be Cure...do not change it
Click Continue > Reboot now to finish the cleaning process.<- Important!!
If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now
Hit the Windows Key + E at the same time
Double click your Local Disk C: drive
Locate the file similar to TDSSKiller_version_date_time_log.txt
Copy and paste the contents of that file in your reply

===================================================

aswMBR

--------------------

Download aswMBR and save it to your desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. For additional help see here and here
Right-click on aswMBR.exe and select Run As Administrator. If requested, allow Avast to update the antivirus engine definitions
Leave the default settings then click Scan
When done, you will see Scan finished successfully. Click on Save log and save the file to your desktop
Copy and paste the contents of the log in your reply

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------

Right click on the FRST icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time

Start::
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\ProgramData\TEMP:0888F409 [146]
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47 [163]
AlternateDataStreams: C:\ProgramData\TEMP:66633281 [140]
zip: C:\Windows\Minidump\121717-5304-01.dmp
emptytemp:
cmd: bcdedit
End::

Click Fix
When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
The tool will also create a zip file on your Desktop with today's date and time, example 05.12.2016_13.04.06.zip. Please attach the file to your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

Reply to questions
TDSSkiller report
aswMBR report
Fixlog
Attached dump file

Gary

If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 xeobrwsx

Topic Starter

Members
6 posts
OFFLINE

Local time:03:38 AM

Posted 17 December 2017 - 06:10 PM

Hi thanks for the quick reply

System started playing up 4 or so weeks ago.
System restore is disabled by me, I keep good back ups every month or so,
my most recent from October was infected as it came back and so I am using (macrium reflect image) from April 2017.

My motherboard manufacturer just released a BIOS update a couple of weeks ago (first new BIOS since 2013) due to a serious security issue.
I updated and installed the new bios & driver but it says it is already installed (Intel Management engine).

Here are the logs:

TDSS Killer

22:29:12.0449 0x0e1c TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02
22:29:12.0449 0x0e1c UEFI system
22:29:46.0541 0x0e1c ============================================================
22:29:46.0541 0x0e1c Current date / time: 2017/12/17 22:29:46.0541
22:29:46.0541 0x0e1c SystemInfo:
22:29:46.0541 0x0e1c
22:29:46.0541 0x0e1c OS Version: 6.1.7601 ServicePack: 1.0
22:29:46.0541 0x0e1c Product type: Workstation
22:29:46.0541 0x0e1c ComputerName: HOST1991
22:29:46.0541 0x0e1c UserName: gs1991
22:29:46.0541 0x0e1c Windows directory: C:\Windows
22:29:46.0541 0x0e1c System windows directory: C:\Windows
22:29:46.0541 0x0e1c Running under WOW64
22:29:46.0542 0x0e1c Processor architecture: Intel x64
22:29:46.0542 0x0e1c Number of processors: 8
22:29:46.0542 0x0e1c Page size: 0x1000
22:29:46.0542 0x0e1c Boot type: Normal boot
22:29:46.0542 0x0e1c CodeIntegrityOptions = 0x00000001
22:29:46.0542 0x0e1c ============================================================
22:29:46.0627 0x0e1c KLMD registered as C:\Windows\system32\drivers\09180619.sys
22:29:46.0627 0x0e1c KLMD ARK init status: drvProperties = 0x7FF00, osBuild = 7601.23915, osProperties = 0x1
22:29:46.0668 0x0e1c System UUID: {E9D340C3-C803-D3D7-5804-B0EBC6C261ED}
22:29:46.0866 0x0e1c Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:29:46.0888 0x0e1c Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:29:46.0900 0x0e1c ============================================================
22:29:46.0900 0x0e1c \Device\Harddisk0\DR0:
22:29:46.0900 0x0e1c GPT partitions:
22:29:46.0901 0x0e1c \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {28CE67BF-64E7-4594-83D4-BD166848135E}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
22:29:46.0901 0x0e1c \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {3FDD961F-CCC5-454A-BF14-6FB92CD6A915}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
22:29:46.0901 0x0e1c \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {959DE4D1-44FF-4715-9352-D61201A47B52}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0x1A2BF000
22:29:46.0901 0x0e1c MBR partitions:
22:29:46.0901 0x0e1c \Device\Harddisk1\DR1:
22:29:46.0902 0x0e1c MBR partitions:
22:29:46.0902 0x0e1c \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6ECE7800
22:29:46.0902 0x0e1c \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x6ECE8000, BlocksNum 0x7A11F800
22:29:46.0902 0x0e1c ============================================================
22:29:46.0903 0x0e1c C: <-> \Device\Harddisk0\DR0\Partition3
22:29:46.0925 0x0e1c E: <-> \Device\Harddisk1\DR1\Partition1
22:29:46.0992 0x0e1c F: <-> \Device\Harddisk1\DR1\Partition2
22:29:46.0992 0x0e1c ============================================================
22:29:46.0992 0x0e1c Initialize success
22:29:46.0992 0x0e1c ============================================================
22:37:42.0348 0x0e54 ============================================================
22:37:42.0348 0x0e54 Scan started
22:37:42.0348 0x0e54 Mode: Manual; SigCheck; TDLFS;
22:37:42.0349 0x0e54 ============================================================
22:37:42.0349 0x0e54 KSN ping started
22:37:42.0524 0x0e54 KSN ping finished: true
22:37:42.0903 0x0e54 ================ Scan system memory ========================
22:37:42.0903 0x0e54 System memory - ok
22:37:42.0903 0x0e54 ================ Scan services =============================
22:37:42.0945 0x0e54 [ E96ECC2315E4F7B42973CEAADC727C18, 8C8644580C8FBF7A772C20CC2DBBD1DE854A3CEF8ECFB986FA98577ED3540A61 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:37:42.0971 0x0e54 1394ohci - ok
22:37:42.0980 0x0e54 [ 6ECB3791368947C1E3588062325CCBD8, AB01591F89B4E16795D8F0FE45381BD9F2519F544DDEC514A82F61DBCAC4D6E5 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:37:42.0990 0x0e54 ACPI - ok
22:37:42.0994 0x0e54 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:37:43.0005 0x0e54 AcpiPmi - ok
22:37:43.0014 0x0e54 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:37:43.0025 0x0e54 adp94xx - ok
22:37:43.0032 0x0e54 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:37:43.0041 0x0e54 adpahci - ok
22:37:43.0045 0x0e54 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:37:43.0051 0x0e54 adpu320 - ok
22:37:43.0055 0x0e54 [ DC3A5D287DC3213E01B9F401D025D04E, 59963E62C9B2179BC64602269B624A51944B48936F5D49F61FB9FF73D0405FD9 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:37:43.0067 0x0e54 AeLookupSvc - ok
22:37:43.0076 0x0e54 [ 0DC2A9882540DEA4A55B08785E09D8FC, 69B15724B0034F9915AACE109A6C596D6AF2DA350FC18C9A0CD98C81CB7EDEE3 ] AFD             C:\Windows\system32\drivers\afd.sys
22:37:43.0092 0x0e54 AFD - ok
22:37:43.0095 0x0e54 [ 2823C845E4108CD74EC035E8ADB32A2B, B42CE70761F524B94BE4D2812DB3CD5486830346FFEBCA69D6D7AD97B8EEB333 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:37:43.0100 0x0e54 agp440 - ok
22:37:43.0103 0x0e54 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
22:37:43.0110 0x0e54 ALG - ok
22:37:43.0112 0x0e54 [ 56F1EA3065D386173EA976E7C8403E07, 9EE711A32D27B167F25FF3D2EF996431BB40815B48848F41C00FA9E80AD46A97 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:37:43.0117 0x0e54 aliide - ok
22:37:43.0119 0x0e54 ALSysIO - ok
22:37:43.0121 0x0e54 [ 9B66BA4D578B18A3A02607A49A46ED15, 8DB7004A1401694D37C81D060C7B6CC1A72ACB25204CF9A25157A355D9955D0E ] amdide          C:\Windows\system32\drivers\amdide.sys
22:37:43.0125 0x0e54 amdide - ok
22:37:43.0128 0x0e54 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:37:43.0135 0x0e54 AmdK8 - ok
22:37:43.0137 0x0e54 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
22:37:43.0143 0x0e54 AmdPPM - ok
22:37:43.0146 0x0e54 [ AA8663311D3E7B711710AFAEE1825A2F, E75CD6FD4E03B5AA303CE950406D3F8C577A9EEDA866CE8EC1F8F065A1D6D0B2 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:37:43.0152 0x0e54 amdsata - ok
22:37:43.0156 0x0e54 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
22:37:43.0163 0x0e54 amdsbs - ok
22:37:43.0165 0x0e54 [ 0B5BFDCF705BF9F462B151FC5BE428B8, 12755113A1022B10DB320D53AB2D6ACD3D529872EB937AB8E27423449AA5B470 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:37:43.0169 0x0e54 amdxata - ok
22:37:43.0172 0x0e54 [ C16B5B379A2A79702CC5FF923EAAE3FD, FD6A1E3C46282CF77AFA9FB4B4ACE2DB6295DFB0C69EA07BE7160538041CDB2F ] AppID           C:\Windows\system32\drivers\appid.sys
22:37:43.0179 0x0e54 AppID - ok
22:37:43.0181 0x0e54 [ 5152D6B29C61EF59537DBDA92BFE2978, 6D426A0FEE016A8899ADE864DD84BE019C5B5DB7E1DB295ED720239877FCB3EF ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:37:43.0186 0x0e54 AppIDSvc - ok
22:37:43.0189 0x0e54 [ DE23E052E557580674785CDF45B613F3, A955ADC6CC7D816BA7CE1065F911E7A3295A1908C22BE0A3C506C38CFEE8DE0D ] Appinfo         C:\Windows\System32\appinfo.dll
22:37:43.0196 0x0e54 Appinfo - ok
22:37:43.0200 0x0e54 [ B8B5C0BA38DDAA1C7CED37EB31B318E6, 23ADC6B393B37208CD6DC6F07DF66CC2AA734A200F8629992F11F240D0514B8C ] AppMgmt         C:\Windows\System32\appmgmts.dll
22:37:43.0208 0x0e54 AppMgmt - ok
22:37:43.0211 0x0e54 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
22:37:43.0216 0x0e54 arc - ok
22:37:43.0219 0x0e54 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:37:43.0225 0x0e54 arcsas - ok
22:37:43.0228 0x0e54 [ A1EB3F68EC05EFD41176819D3CCBE094, 5E2B158F203B5D5D8851068036A60C14E8A04B9EBE72A34589BF6A479ADB06DB ] asmthub3        C:\Windows\system32\drivers\asmthub3.sys
22:37:43.0238 0x0e54 asmthub3 - ok
22:37:43.0246 0x0e54 [ B49B4ED4756D336DA1939D399E851067, 2B7C0526E381EABAF5EDBE7FA2C6B0BCEBC444DECED9DBF0B4C586A65181319B ] asmtxhci        C:\Windows\system32\drivers\asmtxhci.sys
22:37:43.0256 0x0e54 asmtxhci - ok
22:37:43.0265 0x0e54 [ 8637F3119057178364D200F2462E625C, 40CAE47AA6C6B23FEB95961FD06BB3EB075CA63BB91B54CB26215A368371B343 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:37:43.0270 0x0e54 aspnet_state - ok
22:37:43.0287 0x0e54 [ 1392B92179B07B672720763D9B1028A5, B4D47EA790920A4531E3DF5A4B4B0721B7FEA6B49A35679F0652F1E590422602 ] AsUpIO          C:\Windows\syswow64\drivers\AsUpIO.sys
22:37:43.0291 0x0e54 AsUpIO - ok
22:37:43.0293 0x0e54 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:37:43.0320 0x0e54 AsyncMac - ok
22:37:43.0323 0x0e54 [ C8AA50005E6461D5C2C247DBABBF2008, AD8A3FFCE945E8B9D4A3AECC0FFD6FC0484828502A902712E65F133CB54921E7 ] atapi           C:\Windows\system32\drivers\atapi.sys
22:37:43.0327 0x0e54 atapi - ok
22:37:43.0338 0x0e54 [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:37:43.0354 0x0e54 AudioEndpointBuilder - ok
22:37:43.0365 0x0e54 [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:37:43.0378 0x0e54 AudioSrv - ok
22:37:43.0382 0x0e54 [ D3AD54B05D8BA4535D3361F672F272C3, 29627C98475D062A836469EF1429233E2756B64B5809AD39530C648C73CABF3F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:37:43.0391 0x0e54 AxInstSV - ok
22:37:43.0399 0x0e54 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
22:37:43.0410 0x0e54 b06bdrv - ok
22:37:43.0416 0x0e54 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:37:43.0425 0x0e54 b57nd60a - ok
22:37:43.0429 0x0e54 [ A121235D24010DCACE05F4907ACF0B26, 4F5F048A30F996B55F62CAAEB553837CC6E3FD4E1093DBADCA9E96E87A2B2C45 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:37:43.0436 0x0e54 BDESVC - ok
22:37:43.0438 0x0e54 [ B688235B47E8AC299B346692F736A562, C6981AC67C680D2B95B6509D753163D94413261A7931FD60CCAC4F43F28BB9A4 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:37:43.0445 0x0e54 Beep - ok
22:37:43.0457 0x0e54 [ 3B192A21A7F995B9181EA6815466D6F9, 4CBB492402FA424A201244C7660179C689E831F923AF263BCF2348D5F805D975 ] BFE             C:\Windows\System32\bfe.dll
22:37:43.0474 0x0e54 BFE - ok
22:37:43.0487 0x0e54 [ B01E5A72DE3A2B3DC97BA042F90288DF, 33EC152C16E15371DB17AA276C4C2D1E136D57232EA86EA039032561E3C45237 ] BITS            C:\Windows\System32\qmgr.dll
22:37:43.0506 0x0e54 BITS - ok
22:37:43.0509 0x0e54 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:37:43.0515 0x0e54 blbdrive - ok
22:37:43.0517 0x0e54 [ ABA3984C822E4D3F889699912D85D6C5, 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACB ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:37:43.0525 0x0e54 bowser - ok
22:37:43.0527 0x0e54 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
22:37:43.0534 0x0e54 BrFiltLo - ok
22:37:43.0536 0x0e54 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
22:37:43.0542 0x0e54 BrFiltUp - ok
22:37:43.0545 0x0e54 [ 50CD4AB9E87E9A55A816ACD7FB5740B7, 6816E87FBAA1F43611C9DB822F8F105CACC1A1E9A995D0301B921F8C01D6328E ] Browser         C:\Windows\System32\browser.dll
22:37:43.0555 0x0e54 Browser - ok
22:37:43.0560 0x0e54 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:37:43.0570 0x0e54 Brserid - ok
22:37:43.0573 0x0e54 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:37:43.0580 0x0e54 BrSerWdm - ok
22:37:43.0582 0x0e54 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:37:43.0587 0x0e54 BrUsbMdm - ok
22:37:43.0589 0x0e54 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:37:43.0595 0x0e54 BrUsbSer - ok
22:37:43.0597 0x0e54 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:37:43.0604 0x0e54 BTHMODEM - ok
22:37:43.0608 0x0e54 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
22:37:43.0625 0x0e54 bthserv - ok
22:37:43.0628 0x0e54 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:37:43.0645 0x0e54 cdfs - ok
22:37:43.0649 0x0e54 [ 7200A15FCDDECA736E97D2815A32A54F, 2696A042DFFEFAFBBA57C6464CECF6F2944CABCD70ECF09024347AD4EE12F597 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:37:43.0656 0x0e54 cdrom - ok
22:37:43.0658 0x0e54 [ E37B315C170C8DE43592F416264A6C31, 41109BB6A3681763AB43F9BA8FDA58C1ECBEAD8258B5FF65F95AFA072468984A ] CertPropSvc     C:\Windows\System32\certprop.dll
22:37:43.0665 0x0e54 CertPropSvc - ok
22:37:43.0667 0x0e54 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
22:37:43.0674 0x0e54 circlass - ok
22:37:43.0680 0x0e54 [ 3963FEC1892368DD500E6ED1F5C286CE, A04689CB07AF1C1B4B1032B0ACAD88DA3EB03D89A575C59FE602A65E8C246138 ] CLFS            C:\Windows\system32\CLFS.sys
22:37:43.0690 0x0e54 CLFS - ok
22:37:43.0694 0x0e54 [ 382F277620C6C9FD8B9EED8BB658EBCF, 4414EB13A6C32D05BCD10088AD00E9D77FA697AB89434BF4B00F1FC4CC11FD1E ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:37:43.0700 0x0e54 clr_optimization_v2.0.50727_32 - ok
22:37:43.0704 0x0e54 [ A465B5783694F4DDBAED960293884713, 5518FA470C8D9C74E9E6DFF4A8EFFDBBA1DF9F2820E550348B91081B9E9032EE ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:37:43.0710 0x0e54 clr_optimization_v2.0.50727_64 - ok
22:37:43.0717 0x0e54 [ 2BA609641FA64BAB02ACD3C0095672F5, FD1FE403864F0564CA4A2F1D7415649B8FFE16F8ED33C4B44ACB21767118AD5F ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:37:43.0724 0x0e54 clr_optimization_v4.0.30319_32 - ok
22:37:43.0731 0x0e54 [ 7C7502CD2A2CFAB399D0D8DA95DB03E7, 4AE53B468CF597FCFD912A6EEE27E87EE4D9BC73F2A794FB5DF5DA46C1DD1289 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:37:43.0738 0x0e54 clr_optimization_v4.0.30319_64 - ok
22:37:43.0741 0x0e54 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
22:37:43.0745 0x0e54 CmBatt - ok
22:37:43.0747 0x0e54 [ 4B47BBF1744551C2BE1469DAA66C1038, 6B70381FD0602C3A830026ED3CF10496700FD73098019EF51E6C22E95A08ABF1 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:37:43.0751 0x0e54 cmdide - ok
22:37:43.0759 0x0e54 [ A98CED39AD91B445E2E442A9BD67E8B4, B4189DEEF1C0EE22AE983119047B1A40FFDD8F3E163DFFABD7C2706231B0B1B0 ] CNG             C:\Windows\system32\Drivers\cng.sys
22:37:43.0773 0x0e54 CNG - ok
22:37:43.0775 0x0e54 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
22:37:43.0780 0x0e54 Compbatt - ok
22:37:43.0782 0x0e54 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
22:37:43.0788 0x0e54 CompositeBus - ok
22:37:43.0790 0x0e54 COMSysApp - ok
22:37:43.0792 0x0e54 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:37:43.0797 0x0e54 crcdisk - ok
22:37:43.0801 0x0e54 [ 48FEDBE324F1EA9417BA1D62AE863011, 2C3D84F0842237A3BF2838DDB4126807977EB36588FA669B1E6671077584EF18 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:37:43.0810 0x0e54 CryptSvc - ok
22:37:43.0818 0x0e54 [ 44C86C4072E894344C551A3A23FAEF1F, 6B06B43C174138C5B81D3319736AC7CBF4DB3EF8455454A43705744EAA50D470 ] CSC             C:\Windows\system32\drivers\csc.sys
22:37:43.0830 0x0e54 CSC - ok
22:37:43.0842 0x0e54 [ 97CE1455725EB122AEA444164D8F7E26, 9E09515901349E6E44D25214F387A306F01FC793AFD013E45C5DCBF2471D399B ] CscService      C:\Windows\System32\cscsvc.dll
22:37:43.0857 0x0e54 CscService - ok
22:37:43.0866 0x0e54 [ 3F1A199859B4F3F8357B2A0AF5666A54, B0ACE9384088B7D0E54CF82BF48D4FEAA518BDEF98A294BA8F5A37DFF0E45328 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:37:43.0880 0x0e54 DcomLaunch - ok
22:37:43.0886 0x0e54 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
22:37:43.0906 0x0e54 defragsvc - ok
22:37:43.0909 0x0e54 [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:37:43.0916 0x0e54 DfsC - ok
22:37:43.0922 0x0e54 [ 85B0455CB0DA3F8D48EA80CA87AF4BAF, E6A830E0F5A6DA0428A51DCE4C3B7BC654485E304913319263CEFC2D7E38D68D ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:37:43.0931 0x0e54 Dhcp - ok
22:37:43.0935 0x0e54 [ 3322A9E3CD6CD76729CBD1D96C1C3103, D85541CF1F59A21C10C7A8494E2DDB8B4DCBBED49D11D55EC50367650D4206EE ] discache        C:\Windows\system32\drivers\discache.sys
22:37:43.0941 0x0e54 discache - ok
22:37:43.0944 0x0e54 [ 97659D0CEBCF0DB9C265D3DE1B116ECF, 70F6E01CF86B2CCCFBDC0E11A9AFC5E1C132F3830F8BEB7D003F912BC3C3EAE4 ] Disk            C:\Windows\system32\drivers\disk.sys
22:37:43.0949 0x0e54 Disk - ok
22:37:43.0951 0x0e54 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
22:37:43.0957 0x0e54 dmvsc - ok
22:37:43.0961 0x0e54 [ 358D6EE69EE2BF3C96121B66DA63960D, E17666D2AFFA06E592B373564D6EBE59F922C98E55A3A344FB6E4668B0AF47C6 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:37:43.0971 0x0e54 Dnscache - ok
22:37:43.0976 0x0e54 [ 813E257D6A40EF6BEA4B10ECF1AB65D3, 0A6EA3229907DDF02E90486E66109C1EAE7891ECC68F44A7CE268EAAB7ACDE64 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:37:43.0985 0x0e54 dot3svc - ok
22:37:43.0989 0x0e54 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
22:37:44.0020 0x0e54 DPS - ok
22:37:44.0022 0x0e54 [ A1A42D99C70331B86B7B574598BDCA3A, DD04DD77CEC4F636CB02A7E9350FA710B079E7F2592003340A6B9394B0E36DCC ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:37:44.0027 0x0e54 drmkaud - ok
22:37:44.0042 0x0e54 [ 5CEF80AE869336376F550ECAE91E424A, 49152AC35556A5629AE7A4A762FDB2112FAD1C9CDB91E6196172809F74A3149A ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:37:44.0059 0x0e54 DXGKrnl - ok
22:37:44.0062 0x0e54 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
22:37:44.0080 0x0e54 EapHost - ok
22:37:44.0123 0x0e54 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
22:37:44.0176 0x0e54 ebdrv - ok
22:37:44.0180 0x0e54 [ 62056ADD38513A86C4866E912371B56B, 9465E65EB4303BF87483B9621D402E848A50E6D22B05846A621A2761B9516A57 ] EFS             C:\Windows\System32\lsass.exe
22:37:44.0185 0x0e54 EFS - ok
22:37:44.0193 0x0e54 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:37:44.0205 0x0e54 elxstor - ok
22:37:44.0207 0x0e54 [ 7D8430241B482BC2BC8EACFD056C5F14, CC2F77457662422F08EE45D4597B952A101AE99BF5E1BF50EFFE80D9702D335F ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:37:44.0212 0x0e54 ErrDev - ok
22:37:44.0221 0x0e54 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
22:37:44.0242 0x0e54 EventSystem - ok
22:37:44.0247 0x0e54 [ 7E45F8B117419ABA3BB26579F6E70324, 03FE86519860153E1BE571F10ACC9BA58FFB5A661C5C3EBDF3B77973BCD96C84 ] exfat           C:\Windows\system32\drivers\exfat.sys
22:37:44.0255 0x0e54 exfat - ok
22:37:44.0259 0x0e54 [ 6EDFA237D25433C03F42FBFDB16BDD24, A30F89A40F7AFC475D3C2D3591FB9AFC06AE3FEBC915FDCB24ED77946FBA4E2C ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:37:44.0268 0x0e54 fastfat - ok
22:37:44.0270 0x0e54 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
22:37:44.0275 0x0e54 fdc - ok
22:37:44.0277 0x0e54 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
22:37:44.0294 0x0e54 fdPHost - ok
22:37:44.0296 0x0e54 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:37:44.0313 0x0e54 FDResPub - ok
22:37:44.0315 0x0e54 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:37:44.0320 0x0e54 FileInfo - ok
22:37:44.0322 0x0e54 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:37:44.0339 0x0e54 Filetrace - ok
22:37:44.0341 0x0e54 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
22:37:44.0346 0x0e54 flpydisk - ok
22:37:44.0351 0x0e54 [ 1010630ABAA94551C88EF3F111E5DB76, FF806263312E405D2755E574C1F9FE7506EE34FD59844BA2421BEBAAADAA402F ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:37:44.0360 0x0e54 FltMgr - ok
22:37:44.0377 0x0e54 [ 785F474FB5E67E448E1931C98E8D0ABC, 911697D580CBF508A6F4A52D4F95A6976CF9A0EC3549076A8D0B5C8BD947C989 ] FontCache       C:\Windows\system32\FntCache.dll
22:37:44.0399 0x0e54 FontCache - ok
22:37:44.0402 0x0e54 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:37:44.0407 0x0e54 FontCache3.0.0.0 - ok
22:37:44.0409 0x0e54 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:37:44.0414 0x0e54 FsDepends - ok
22:37:44.0416 0x0e54 [ EC4F611CEB6B65672EEF06928C2CEB8C, 1DA5FEE52A85AEC36476CB00064451CF8550B39DE4FCC0820AE74FDB1F10BF28 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:37:44.0420 0x0e54 Fs_Rec - ok
22:37:44.0425 0x0e54 [ 21B39456D89EE661F20F08082292DC9F, B866F33A5649DC004E56D3378FC831684EDC60437A0A3C3C98003EC39786EDD0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:37:44.0433 0x0e54 fvevol - ok
22:37:44.0435 0x0e54 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:37:44.0441 0x0e54 gagp30kx - ok
22:37:44.0453 0x0e54 [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc           C:\Windows\System32\gpsvc.dll
22:37:44.0468 0x0e54 gpsvc - ok
22:37:44.0471 0x0e54 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:37:44.0477 0x0e54 hcw85cir - ok
22:37:44.0483 0x0e54 [ 345AC81C44BC37685725D78CB641F28F, BAC680DBF6A43DF48ADBEDEB128DC2B7D69AF4257619C0D70ED750A6615758E4 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:37:44.0493 0x0e54 HdAudAddService - ok
22:37:44.0497 0x0e54 [ 45DAAFD1056B8942C5038EFFD285658D, 5529F911F71A38614DCF7194E799DF79E846F87048099BCE9CB2C7DD96E9469E ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:37:44.0503 0x0e54 HDAudBus - ok
22:37:44.0505 0x0e54 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
22:37:44.0510 0x0e54 HidBatt - ok
22:37:44.0513 0x0e54 [ 387C19A65ECADEB9D27E80F27D882FCF, E389ACA137C5EA7021CDB8488E85D0055A41153D68A481216585C3579FE63932 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:37:44.0519 0x0e54 HidBth - ok
22:37:44.0521 0x0e54 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:37:44.0528 0x0e54 HidIr - ok
22:37:44.0531 0x0e54 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
22:37:44.0547 0x0e54 hidserv - ok
22:37:44.0550 0x0e54 [ D150C09088401493980E7A80CFA091FE, 40F3F2559E813D3023F83451358B331C11BA4CC137CD11B21B6A1268728EB84B ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:37:44.0555 0x0e54 HidUsb - ok
22:37:44.0558 0x0e54 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:37:44.0575 0x0e54 hkmsvc - ok
22:37:44.0580 0x0e54 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:37:44.0588 0x0e54 HomeGroupListener - ok
22:37:44.0593 0x0e54 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:37:44.0600 0x0e54 HomeGroupProvider - ok
22:37:44.0603 0x0e54 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:37:44.0609 0x0e54 HpSAMD - ok
22:37:44.0620 0x0e54 [ CF5C9BD985120781200D35FD445D0BD5, 91B37F595A196542458CBBCDAD80779721D228A7030A34E55995DDBB06649248 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:37:44.0637 0x0e54 HTTP - ok
22:37:44.0640 0x0e54 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:37:44.0644 0x0e54 hwpolicy - ok
22:37:44.0647 0x0e54 [ 55CCD3E5E4DA18FCF0598F42249D47DF, 9F1EF7E8A1E80C7EEFE60B1F93E42C58B8C5C110F026442DEFC0EE3A1D0EAC0E ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
22:37:44.0653 0x0e54 i8042prt - ok
22:37:44.0674 0x0e54 [ 12859E1215AA083A42E7ADCDE5C061D1, 262F9C65C3FA7EB69C4FA7C6547E1C79DB49697A083309909BC78726A116557F ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
22:37:44.0698 0x0e54 iaStorA - ok
22:37:44.0701 0x0e54 [ 91F97C1A0ABCD7FA487E8EF7A249C15C, 834D85B7833DD1EDE0938320A68237315F60263ABCB6714974E711EBA91178E9 ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
22:37:44.0705 0x0e54 iaStorF - ok
22:37:44.0712 0x0e54 [ 58A8CCA18210A9096B626B08EACC0B28, FF01194265CE1E2C14D0DF44FEFF32574092376B263C9A9871BB4F04531D017E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:37:44.0722 0x0e54 iaStorV - ok
22:37:44.0735 0x0e54 [ 0845EA9630319721B01E49E0A659E109, D4ACF05337E4ED5699124893443092C7969F38FC9A5C72AE185D01950BAC99DF ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:37:44.0752 0x0e54 idsvc - ok
22:37:44.0754 0x0e54 IEEtwCollectorService - ok
22:37:44.0852 0x0e54 [ 8A8DC6F2DF4012FD36C8AF61167902D9, D56E3AA3CD3F1E6FB916F9D18F0E83A1BB264CB176383B3C05479ABBE9CF51DB ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
22:37:44.0975 0x0e54 igfx - ok
22:37:44.0984 0x0e54 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:37:44.0989 0x0e54 iirsp - ok
22:37:45.0002 0x0e54 [ ED13D904AB82A0CA6D1C15AB19D010BD, 95B3A5490F684DC97703FE6B67783E1C6CF616AE19C7A9C6AF03DE48D1323D9A ] IKEEXT          C:\Windows\System32\ikeext.dll
22:37:45.0023 0x0e54 IKEEXT - ok
22:37:45.0088 0x0e54 [ A1DDF4B6FE7C8B764E07FFA5795B5F37, F1FE58E6FB7779DA16EABD9E69C18436E22023A1790A348EC5DFB01615B1483A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:37:45.0152 0x0e54 IntcAzAudAddService - ok
22:37:45.0166 0x0e54 [ A38C7B403BBFD5B30F27C2D6B11AAF25, 25F0E31A9987B49224C8884F30AF85DE3B1181E20BC8C0401C0F85BAA481A7D1 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
22:37:45.0178 0x0e54 IntcDAud - ok
22:37:45.0193 0x0e54 [ AE32376564771525DCDD2F0280619E1A, 233B7B272DCD9080DE7C9593EB7993745D1037EA87B69617E7176F074DFD5968 ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
22:37:45.0216 0x0e54 Intel® Capability Licensing Service TCP IP Interface - ok
22:37:45.0219 0x0e54 [ 74D9B6BDA6F9CDAF7E19F5A33B63EBC9, 2304AE8ED2FCBD550B83E74795E8CBEDDE45CE99E7C506E0AF4CB39A77FC6C18 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:37:45.0223 0x0e54 intelide - ok
22:37:45.0226 0x0e54 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:37:45.0231 0x0e54 intelppm - ok
22:37:45.0235 0x0e54 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:37:45.0253 0x0e54 IPBusEnum - ok
22:37:45.0255 0x0e54 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:37:45.0272 0x0e54 IpFilterDriver - ok
22:37:45.0281 0x0e54 [ 83185D9DB2C3944B296531B95FAB49FE, B570B4777AEE924A4C075692748843BC65C3479BC07E4B7856883B5E9604F364 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:37:45.0296 0x0e54 iphlpsvc - ok
22:37:45.0300 0x0e54 [ 63C9FB04EECFA385BC092D9B41E85990, 2B25E9586A635894E02A81097D9ABF53942A5A19A96AC71E1FD56573E5E69A76 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:37:45.0305 0x0e54 IPMIDRV - ok
22:37:45.0309 0x0e54 [ 9774AA4661A30E0ADCEA48B5A1B9F4B7, 7D1697A93FFF1C0F77D29A6D609623AC895420CCCD3C81BBD0105C0F2E52E143 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:37:45.0316 0x0e54 IPNAT - ok
22:37:45.0318 0x0e54 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:37:45.0326 0x0e54 IRENUM - ok
22:37:45.0328 0x0e54 [ E3DBCD75AA78937303E54E0946669959, E04C0FE50850AEBB47CE5E933AEB6995EF44293694FD619D0951A43DD3123EBE ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:37:45.0332 0x0e54 isapnp - ok
22:37:45.0338 0x0e54 [ 7A9C4A7DAE277FC177D60E4C75164763, 53DFE03F97912676BB31F3B84CD34A404696C3B8BCDB5D6BFFAFEB6B535BB4C0 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:37:45.0346 0x0e54 iScsiPrt - ok
22:37:45.0353 0x0e54 [ A7A2E0D3932B1986990AC7077B1658CD, F8CC75A711E6C4E5299557F05C0C6B957E8508EA496BC74CCF4827385B046CB4 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
22:37:45.0364 0x0e54 iusb3hub - ok
22:37:45.0377 0x0e54 [ FD9C74D20E6F97EDC442091F9DBC1189, 01DD3D862FD7A429E9D79B3B1BC657594628747B0C4C124E976D733065498EDB ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
22:37:45.0395 0x0e54 iusb3xhc - ok
22:37:45.0401 0x0e54 [ 4D9CACDAA9A538857C90A2066C74D258, 810473B5BE929A98EF867FDA59299AA796C621312EAFD257B0D8E4C16DF93F4A ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
22:37:45.0409 0x0e54 jhi_service - ok
22:37:45.0411 0x0e54 [ C3CEAAF93C02A205B0712DEF98BAE544, DEAB391D0A8C454F2423D37D7DAA77B3DAA04F7B50DD76867FD4CD797A5874FB ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:37:45.0416 0x0e54 kbdclass - ok
22:37:45.0418 0x0e54 [ 73DD773AC3F96B229AF7C6BB0D9009FE, 5DDEC781A3A31B764D02DEE234CAAFE386F90A7284A6B09B13B081195E784631 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:37:45.0423 0x0e54 kbdhid - ok
22:37:45.0425 0x0e54 [ 62056ADD38513A86C4866E912371B56B, 9465E65EB4303BF87483B9621D402E848A50E6D22B05846A621A2761B9516A57 ] KeyIso          C:\Windows\system32\lsass.exe
22:37:45.0429 0x0e54 KeyIso - ok
22:37:45.0432 0x0e54 [ DFE85B031220F8E0271716BBB3C4C8FF, 531AB0851AE2F2B25D751605529C483B4734E5D26F94F56DEC0191730DD6A9A4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:37:45.0438 0x0e54 KSecDD - ok
22:37:45.0441 0x0e54 [ 70D7302DD70B979637179BFD8295C924, 7A3498C8A90AC5D7A070E9BCAF1BC0D16F478A7160A9333C58247034C5B3B59F ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:37:45.0447 0x0e54 KSecPkg - ok
22:37:45.0449 0x0e54 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:37:45.0465 0x0e54 ksthunk - ok
22:37:45.0472 0x0e54 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:37:45.0494 0x0e54 KtmRm - ok
22:37:45.0499 0x0e54 [ 119AE0B67CEE5F761304DFCA3C8EE1B5, 0EDED6FA4ACFD86281B9F05D375261286363C52AA38C86089B50CA0C586BF910 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:37:45.0509 0x0e54 LanmanServer - ok
22:37:45.0513 0x0e54 [ 3B86086F7362872AB55983FE225F9E5E, 88092F7C2F21116C01983748AA24BA01CA1402E50F8AD952E40E6662EC73CE78 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:37:45.0522 0x0e54 LanmanWorkstation - ok
22:37:45.0525 0x0e54 [ 5E7641AECAC4CFC7B4B442B461A25C83, 1F6AF4ED863C17A1A326A4CB0D289EAABFAD748A6B0A7CE40CF842694572FDB7 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
22:37:45.0533 0x0e54 LGBusEnum - ok
22:37:45.0536 0x0e54 [ 7D24DEBE7BC0C01A30A9A65806B61453, 342E758AD6F88E3FA83B69F26836A9F54D1A3BE344D1D2F9C6394E085E5FCA92 ] LGJoyXlCore     C:\Windows\system32\drivers\LGJoyXlCore.sys
22:37:45.0543 0x0e54 LGJoyXlCore - ok
22:37:45.0546 0x0e54 [ 94AF1384A67B9FCF5651E70BC9D4C526, 9C025F7BBB5BBE9DAF3DEF2F6385CE77C8F413912C4D16930814F6D19B62B367 ] LGSHidFilt      C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
22:37:45.0550 0x0e54 LGSHidFilt - ok
22:37:45.0553 0x0e54 [ DBEAB45BA2B47C057F3BAE5AD0654173, 9660B803F4AD4BD3427F1A24D09B2712E4DC0E25A18942984AF01750D77C118C ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
22:37:45.0560 0x0e54 LGVirHid - ok
22:37:45.0562 0x0e54 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:37:45.0579 0x0e54 lltdio - ok
22:37:45.0585 0x0e54 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:37:45.0605 0x0e54 lltdsvc - ok
22:37:45.0607 0x0e54 [ 15BAC3E8DC159C701671F3C9D9F86D7F, 750F60062C81B7860292EE9BF47272265E1562B80635B83003B6BD82B624A87A ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:37:45.0615 0x0e54 lmhosts - ok
22:37:45.0622 0x0e54 [ 706F68BC43A5B46A37009FA32C78ED10, 27847B5C50694902A3EB01BAC3432D42825EE9C98411DCB718A3B0C60CC0A4DB ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:37:45.0634 0x0e54 LMS - ok
22:37:45.0638 0x0e54 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:37:45.0644 0x0e54 LSI_FC - ok
22:37:45.0647 0x0e54 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:37:45.0653 0x0e54 LSI_SAS - ok
22:37:45.0655 0x0e54 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
22:37:45.0660 0x0e54 LSI_SAS2 - ok
22:37:45.0663 0x0e54 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:37:45.0669 0x0e54 LSI_SCSI - ok
22:37:45.0672 0x0e54 [ 5416CEB2916BBE635288C4D1075B045E, BEFF99052206C0D774CFFF14AC3305C397726B289B17666C2AD2706C261F2FF0 ] luafv           C:\Windows\system32\drivers\luafv.sys
22:37:45.0679 0x0e54 luafv - ok
22:37:45.0681 0x0e54 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
22:37:45.0686 0x0e54 megasas - ok
22:37:45.0691 0x0e54 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
22:37:45.0699 0x0e54 MegaSR - ok
22:37:45.0704 0x0e54 [ 095C1BB89102A965408B8B1DDCE07FBF, 3C8E9F45EBF9CD918ACFACCA0EEC6D3307A23165F2BDFDBA572A6093A5B7E9A6 ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
22:37:45.0711 0x0e54 MEIx64 - ok
22:37:45.0714 0x0e54 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
22:37:45.0731 0x0e54 MMCSS - ok
22:37:45.0733 0x0e54 [ DFDA7308112839CE14D5F2C92B62607A, 098833170511DE6F65CCDD6A9EC38B01961A3627528467D92504EA7FAEFE480D ] Modem           C:\Windows\system32\drivers\modem.sys
22:37:45.0740 0x0e54 Modem - ok
22:37:45.0742 0x0e54 [ 419D67778CA8B7DFFB39DF3FCE3EE351, 6E6AEECA191DAC838EB2DC8BC341E37F3E4F28458E85E7E1A87174D57E4DCF34 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:37:45.0747 0x0e54 monitor - ok
22:37:45.0749 0x0e54 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:37:45.0754 0x0e54 mouclass - ok
22:37:45.0756 0x0e54 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:37:45.0761 0x0e54 mouhid - ok
22:37:45.0764 0x0e54 [ 072D8646E23ECF8A3F5F0157017B4DB6, EBFB1459ECC5AF94C94FB49CEBC724542612680F0777E24B5AA6E062C0EE5D94 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:37:45.0769 0x0e54 mountmgr - ok
22:37:45.0773 0x0e54 [ AE8932E3B623A75B547F8CB71D70C469, DDF5B8FB3080E0EF1F2970B8F02314F9F16A7E275D53AC81518B272F18D4E317 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:37:45.0779 0x0e54 mpio - ok
22:37:45.0782 0x0e54 [ 5F46B69809CE21701289300B6B668684, 8B7363CCBCB0E84DA1CF9423FEC7B5134E6F56543D43CBA3736B7E98D248351F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:37:45.0790 0x0e54 mpsdrv - ok
22:37:45.0802 0x0e54 [ 041903F4EE7B3CD8DC7CB783C6085E28, 93E51EFA3DC81821698D57C0E5B9FC1DB3FD1D4725DC2D5977A954F35429F27B ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:37:45.0821 0x0e54 MpsSvc - ok
22:37:45.0825 0x0e54 [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:37:45.0832 0x0e54 MRxDAV - ok
22:37:45.0836 0x0e54 [ 767C6DF04C5758B9F0790D400541B44F, BFC38D7BCF19F7246BCAD3E04273A403F6B973432EE0EF6E25B16BA3826A21B7 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:37:45.0844 0x0e54 mrxsmb - ok
22:37:45.0851 0x0e54 [ BD55F604FFABC911F8E5500186AE70E5, 3719EDB070E6FFE9781337A05CA0309C3CD5CD38A292DF091E05C9BA3D5A479F ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:37:45.0861 0x0e54 mrxsmb10 - ok
22:37:45.0864 0x0e54 [ 92EECFB046D4706A4B8D699A4069B6EC, 3B3E232DABA913A500CE55AD8600D8DD8F28E32B0276B9B6C8FD6239688833A4 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:37:45.0872 0x0e54 mrxsmb20 - ok
22:37:45.0874 0x0e54 [ 0C7033B1EF362F6C1F74E3E41B2306B8, 81EA18896C56FE3057CEF48F4555832CFF72A85E36234819F2401736195E96D1 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:37:45.0878 0x0e54 msahci - ok
22:37:45.0882 0x0e54 [ A75ADF411CF22D1C57AE40773BE51CDC, 9A210238AF65EC488431DD2A9A63B66F8619289162051489312F28960F67CDAD ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:37:45.0888 0x0e54 msdsm - ok
22:37:45.0892 0x0e54 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
22:37:45.0899 0x0e54 MSDTC - ok
22:37:45.0902 0x0e54 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:37:45.0919 0x0e54 Msfs - ok
22:37:45.0921 0x0e54 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:37:45.0936 0x0e54 mshidkmdf - ok
22:37:45.0939 0x0e54 [ 5BDBD4F3C00E887B7FA8E416CD146855, 6A17BC29090AA3C712DD5EBD4B5B384C249A96C998B883B891E53965C2E6BE6B ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:37:45.0943 0x0e54 msisadrv - ok
22:37:45.0946 0x0e54 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:37:45.0965 0x0e54 MSiSCSI - ok
22:37:45.0966 0x0e54 msiserver - ok
22:37:45.0968 0x0e54 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:37:45.0985 0x0e54 MSKSSRV - ok
22:37:45.0987 0x0e54 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:37:46.0003 0x0e54 MSPCLOCK - ok
22:37:46.0005 0x0e54 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:37:46.0021 0x0e54 MSPQM - ok
22:37:46.0028 0x0e54 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:37:46.0038 0x0e54 MsRPC - ok
22:37:46.0041 0x0e54 [ AEF3CB71F17CB9D8C6A3B49D3CDE5E22, 01A6072622BA88EE4D41A1FEFAD87256E7A46E2483FC57C31349A3FBAC91163F ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:37:46.0045 0x0e54 mssmbios - ok
22:37:46.0047 0x0e54 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:37:46.0063 0x0e54 MSTEE - ok
22:37:46.0065 0x0e54 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
22:37:46.0071 0x0e54 MTConfig - ok
22:37:46.0074 0x0e54 [ ADF51F0215E71361B35FA2C5D3F49D66, A4065BE1BB0C9F8B012CAC840DB951F4AB10DAB08B771BC277136FCAFF939A7B ] Mup             C:\Windows\system32\Drivers\mup.sys
22:37:46.0079 0x0e54 Mup - ok
22:37:46.0088 0x0e54 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
22:37:46.0111 0x0e54 napagent - ok
22:37:46.0117 0x0e54 [ 9FB2A095B1166CB3C9A06651863B3452, 808105C59C2D28C390FDE0CA48690A5CD052DE3D7F7327864EB45F80187D5BE9 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:37:46.0127 0x0e54 NativeWifiP - ok
22:37:46.0141 0x0e54 [ 8664770EC3CF87492AD1CDDA424FD3CB, F6722F7D402AD8256B518C8E1F7AA0A1729206D33C08EF03C012CA24A75500EB ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:37:46.0158 0x0e54 NDIS - ok
22:37:46.0161 0x0e54 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:37:46.0178 0x0e54 NdisCap - ok
22:37:46.0180 0x0e54 [ 8196473CCF244832109BE0F5BEFD7C4D, F5CB1925163FC590D5A84F8E4B556CE192A637BD031EB12BD16AE05E896F8311 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:37:46.0185 0x0e54 NdisTapi - ok
22:37:46.0188 0x0e54 [ A17CC85238E2D08E0C44A8FE3DC3B192, 8823B58F111991ACC95A4BAADC8E0033A2EE334056C07B989FEC2499567F599A ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:37:46.0194 0x0e54 Ndisuio - ok
22:37:46.0198 0x0e54 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:37:46.0216 0x0e54 NdisWan - ok
22:37:46.0218 0x0e54 [ 357C6186EBE2B4065080A06F740DCB34, 1F4F090D1652260AF0AAF8B765FEC8D8B955CD2A9DA23A9E8F1B68D76DEF2B7D ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:37:46.0225 0x0e54 NDProxy - ok
22:37:46.0227 0x0e54 [ 7FA2D0AC5EA6E10013AC4B7D300BD906, E8ADC114A0E15AFD7C01297ADD0B94517F9DDD36423744D83181CAA7BC824008 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:37:46.0235 0x0e54 NetBIOS - ok
22:37:46.0240 0x0e54 [ 734837208CAFD6E0959A7A0333C95C9D, 0B7CD6E3CE43ABE021DBE6516492E326265EC0273F2F4297187CE70602CB8CE1 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:37:46.0249 0x0e54 NetBT - ok
22:37:46.0252 0x0e54 [ 62056ADD38513A86C4866E912371B56B, 9465E65EB4303BF87483B9621D402E848A50E6D22B05846A621A2761B9516A57 ] Netlogon        C:\Windows\system32\lsass.exe
22:37:46.0257 0x0e54 Netlogon - ok
22:37:46.0263 0x0e54 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
22:37:46.0285 0x0e54 Netman - ok
22:37:46.0289 0x0e54 [ 10D5997E2F5F16FE3BC3BD1A4BF31EA8, 0DDC4855C00A581A35AB2A11D2AAACC844C460F13F524DD9B92B8F00C31173A7 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:37:46.0297 0x0e54 NetMsmqActivator - ok
22:37:46.0300 0x0e54 [ 10D5997E2F5F16FE3BC3BD1A4BF31EA8, 0DDC4855C00A581A35AB2A11D2AAACC844C460F13F524DD9B92B8F00C31173A7 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:37:46.0306 0x0e54 NetPipeActivator - ok
22:37:46.0314 0x0e54 [ 66439DA1B5658290E15EC0A8DA95F71B, C00361B01EBC3903EC4DD0F0DC9888BB0723C92902D785A9BAD7CC9D521E31DA ] netprofm        C:\Windows\System32\netprofm.dll
22:37:46.0328 0x0e54 netprofm - ok
22:37:46.0331 0x0e54 [ 10D5997E2F5F16FE3BC3BD1A4BF31EA8, 0DDC4855C00A581A35AB2A11D2AAACC844C460F13F524DD9B92B8F00C31173A7 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:37:46.0338 0x0e54 NetTcpActivator - ok
22:37:46.0341 0x0e54 [ 10D5997E2F5F16FE3BC3BD1A4BF31EA8, 0DDC4855C00A581A35AB2A11D2AAACC844C460F13F524DD9B92B8F00C31173A7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:37:46.0347 0x0e54 NetTcpPortSharing - ok
22:37:46.0350 0x0e54 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:37:46.0356 0x0e54 nfrd960 - ok
22:37:46.0362 0x0e54 [ 4621514D60E64B17464F192155498077, B1BBDB2FF164BC88D6309F0C5785A7C39CEB6FC7CE4CB6D960C7D5E19E359DC9 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:37:46.0374 0x0e54 NlaSvc - ok
22:37:46.0376 0x0e54 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:37:46.0393 0x0e54 Npfs - ok
22:37:46.0395 0x0e54 [ 668B9EFF5CCA4542F435D2CD9CE3C778, 7409EF35D1DC0DE2BAB752694981FFA1F1855C7F11310366B80BD1EC3513262E ] nsi             C:\Windows\system32\nsisvc.dll
22:37:46.0402 0x0e54 nsi - ok
22:37:46.0404 0x0e54 [ BE313E566EEA2A4B7F9AAC9782A567D4, 377C624737B1A4FBC1DFF988F029B8ED9A368827C33A4FEEBA1B7937A87C2B47 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:37:46.0410 0x0e54 nsiproxy - ok
22:37:46.0433 0x0e54 [ 1065D9AFE491706EB00AD3CBB76C9E54, 7014029663FC61932EACC07682A66EE5483F11968EF58DE9766A9D77238C6812 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:37:46.0461 0x0e54 Ntfs - ok
22:37:46.0464 0x0e54 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
22:37:46.0481 0x0e54 Null - ok
22:37:46.0486 0x0e54 [ 207A78939B7BBA0EFE8BFA947A35E71C, BB7DDFED575F81CAB958DDC7CFF2D798EB14DAE633F49FA2229D98BDC489C0EE ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
22:37:46.0494 0x0e54 NVHDA - ok
22:37:46.0671 0x0e54 [ 5953E6353A3D22275F7CE92A7F00A8BB, 9B83285245684C2919355850EF195C2AD6D9A4CCB0B2C67012F1191E5D184666 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:37:46.0857 0x0e54 nvlddmkm - ok
22:37:46.0871 0x0e54 [ C58189F39002E5E483C0B8BF728E8343, E86730A549F5F35B97109B16A84C32DCD51AC6379D911C1B7379AF449C76FA11 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:37:46.0878 0x0e54 nvraid - ok
22:37:46.0882 0x0e54 [ 77497B64AEAC221A081D2EE7C80B1CF4, 9C887206C24AD2BB276D2F21DCD882F824DF4A9D38731C20B12DAD392F623122 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:37:46.0889 0x0e54 nvstor - ok
22:37:46.0893 0x0e54 [ 1317382EDFDF491DA4CB3BACFF058A52, 393864357771F8658704C726ED3256F3C4FDF6E6CE682F2165F1792C48E12E55 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:37:46.0899 0x0e54 nv_agp - ok
22:37:46.0902 0x0e54 [ C1E10246E2F0436D0AFD147E8F28391F, 740488612F06A0876A7347D90C9D0EB01204F68AB1F5DD9ED579533BA8DAED6B ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:37:46.0909 0x0e54 ohci1394 - ok
22:37:46.0915 0x0e54 [ 1CBF382EAFF5E298F8CAE6F07A321DC0, 1958B6923F16D3D7C2EE6836EC1994CE566036FEBC95B4C2E03C99EC651CA4CC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:37:46.0926 0x0e54 p2pimsvc - ok
22:37:46.0934 0x0e54 [ 27DF5BAA26444B4166F1015193787725, 946BE0655B824F744109F357D8BF43F159605F1354673A7C4D355C84FA66A7B6 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:37:46.0946 0x0e54 p2psvc - ok
22:37:46.0949 0x0e54 [ 0E75370C05A7AB23E3B05840BA9E1935, F1C77B265A8DDB966A69434484D5AC90987B72C43EAC87E6C6A7EE7704537915 ] Parport         C:\Windows\system32\drivers\parport.sys
22:37:46.0956 0x0e54 Parport - ok
22:37:46.0959 0x0e54 [ B38E9BF9A0A43B0E84731CE83541D710, 759DB5086A2966B506B0A22583C60FCCEEFEEE760CA734A65BEC129509F1EAA4 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:37:46.0965 0x0e54 partmgr - ok
22:37:46.0969 0x0e54 [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:37:46.0978 0x0e54 PcaSvc - ok
22:37:46.0983 0x0e54 [ E8EDD0D68FB3D1FD1B1EB410DC8E87BC, 3D590E365BE388E21286AF70D195B9159B70CA6EB43538B5EB9EEA1D55CD09F9 ] pci             C:\Windows\system32\drivers\pci.sys
22:37:46.0990 0x0e54 pci - ok
22:37:46.0992 0x0e54 [ 7D7E0DC331C675B35627B9E2C4ED1B4B, D7898C6638B9DF29DA7614A1EA10CFC4A9095813665275DC91010A56D2D89209 ] pciide          C:\Windows\system32\drivers\pciide.sys
22:37:46.0996 0x0e54 pciide - ok
22:37:47.0001 0x0e54 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:37:47.0008 0x0e54 pcmcia - ok
22:37:47.0011 0x0e54 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:37:47.0015 0x0e54 pcw - ok
22:37:47.0026 0x0e54 [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:37:47.0040 0x0e54 PEAUTH - ok
22:37:47.0060 0x0e54 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
22:37:47.0086 0x0e54 PeerDistSvc - ok
22:37:47.0103 0x0e54 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:37:47.0108 0x0e54 PerfHost - ok
22:37:47.0130 0x0e54 [ BC5F8C5C7ACCD0B884FCB8B67616F537, 5C99E9D7E7095CED52B1F5F4A569E54F124602C573DD2B25731E0D57FDA22A27 ] pla             C:\Windows\system32\pla.dll
22:37:47.0157 0x0e54 pla - ok
22:37:47.0165 0x0e54 [ 9AB25C0B739B432819F0D141BEB3B38A, 354AEB215643B49FB729789BBDB9037B6FA10A538AF1262D882972952D651004 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:37:47.0178 0x0e54 PlugPlay - ok
22:37:47.0181 0x0e54 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:37:47.0186 0x0e54 PNRPAutoReg - ok
22:37:47.0192 0x0e54 [ 1CBF382EAFF5E298F8CAE6F07A321DC0, 1958B6923F16D3D7C2EE6836EC1994CE566036FEBC95B4C2E03C99EC651CA4CC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:37:47.0201 0x0e54 PNRPsvc - ok
22:37:47.0209 0x0e54 [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:37:47.0221 0x0e54 PolicyAgent - ok
22:37:47.0226 0x0e54 [ 94A61BDF895925BAD2A36417E3FBF706, 22F3ABC273C66B64D0C0353B388902368307415E8EBA488DA6C6C1E1330E3D0C ] Power           C:\Windows\system32\umpo.dll
22:37:47.0236 0x0e54 Power - ok
22:37:47.0239 0x0e54 [ 0E13F3D32ED2C76B3485294E43040738, 8CCEEC4D2B5F41704A0393AF299811B305B140C944B16C6D40B58AC5FF7BC548 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:37:47.0246 0x0e54 PptpMiniport - ok
22:37:47.0248 0x0e54 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
22:37:47.0255 0x0e54 Processor - ok
22:37:47.0260 0x0e54 [ 1EA789C00B0ACAD75193CDC6F8829015, C5E830992AC71E5969FCA2825700224812888CD33F84D94EFA60F39AD8FF9B57 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:37:47.0270 0x0e54 ProfSvc - ok
22:37:47.0272 0x0e54 [ 62056ADD38513A86C4866E912371B56B, 9465E65EB4303BF87483B9621D402E848A50E6D22B05846A621A2761B9516A57 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:37:47.0277 0x0e54 ProtectedStorage - ok
22:37:47.0280 0x0e54 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:37:47.0297 0x0e54 Psched - ok
22:37:47.0319 0x0e54 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:37:47.0346 0x0e54 ql2300 - ok
22:37:47.0350 0x0e54 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:37:47.0356 0x0e54 ql40xx - ok
22:37:47.0361 0x0e54 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
22:37:47.0372 0x0e54 QWAVE - ok
22:37:47.0375 0x0e54 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:37:47.0382 0x0e54 QWAVEdrv - ok
22:37:47.0384 0x0e54 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:37:47.0400 0x0e54 RasAcd - ok
22:37:47.0403 0x0e54 [ FCBC6E55B7EAFEE6E26B5AF77441DD2A, CCAB8711CBFD9435609FBF0C0F2013FF5E5174BC23A6DD0B3142147F6770937E ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:37:47.0409 0x0e54 RasAgileVpn - ok
22:37:47.0412 0x0e54 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
22:37:47.0430 0x0e54 RasAuto - ok
22:37:47.0433 0x0e54 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:37:47.0451 0x0e54 Rasl2tp - ok
22:37:47.0459 0x0e54 [ F674C89CC5835F2EB6E914150F59C0D4, 1B753FFCCFDD44E0CC705DE8DBCCAC146D70E8C066564C056A969230929582E5 ] RasMan          C:\Windows\System32\rasmans.dll
22:37:47.0470 0x0e54 RasMan - ok
22:37:47.0473 0x0e54 [ 64908FACD0C3EAE09E4FDF251A4B2792, 1A8F7D28B7A6366B081F774EAC08C92DEC21F03B8BC74B0A918B6AB7CA67B682 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:37:47.0480 0x0e54 RasPppoe - ok
22:37:47.0482 0x0e54 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:37:47.0500 0x0e54 RasSstp - ok
22:37:47.0506 0x0e54 [ FB45727105E27756B3252572A138FA19, B11A375C7377C2DD02175921F5A3BBD23191207DE76DB220ACF72BD5CF74E09A ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:37:47.0516 0x0e54 rdbss - ok
22:37:47.0518 0x0e54 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:37:47.0524 0x0e54 rdpbus - ok
22:37:47.0526 0x0e54 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:37:47.0542 0x0e54 RDPCDD - ok
22:37:47.0547 0x0e54 [ 596C9872717441BF3550927731C1AFE6, 571EDE0CCE575283BAE2C9633CE8B775EDC874DD393711484A2319D39E9B20CD ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
22:37:47.0554 0x0e54 RDPDR - ok
22:37:47.0556 0x0e54 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:37:47.0572 0x0e54 RDPENCDD - ok
22:37:47.0575 0x0e54 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:37:47.0591 0x0e54 RDPREFMP - ok
22:37:47.0596 0x0e54 [ 79062C89658D3E71097E0CB7A85B7E46, 22DE59A0C2DC3207A759DD5570CC0988F31F4DDA64D165D68A4A170D8CB9C2C2 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:37:47.0606 0x0e54 RDPWD - ok
22:37:47.0610 0x0e54 [ 53E15480838EB8550D80A8796982C7EE, F188A30180E8CEBB1157E7A404BC5D6EB414976C5AA1BD49E420715169D3E16A ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:37:47.0617 0x0e54 rdyboost - ok
22:37:47.0663 0x0e54 [ 302266897C0E1C64340F2EA0C4029DCB, E18FA3739223191A941F3518A86DAE43FEB7417C3462892C482F3F9467D2AB92 ] ReflectService.exe C:\Program Files\Macrium\Reflect\ReflectService.exe
22:37:47.0717 0x0e54 ReflectService.exe - ok
22:37:47.0722 0x0e54 [ 0301EEE83B03229F555C6F8025FB5540, 3ABBA482E59FF9FC831A0FEA75A8C937BAE5077108A0EB3F89205C72FEDC2CD9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:37:47.0729 0x0e54 RemoteAccess - ok
22:37:47.0732 0x0e54 [ 71AD40FFF94D90B86748952022ECED2D, A2AEF7FC3B062D2EE2D70B4CA1CE23E353685F7E51F23F5CD493683275CCB0FB ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:37:47.0742 0x0e54 RemoteRegistry - ok
22:37:47.0745 0x0e54 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:37:47.0762 0x0e54 RpcEptMapper - ok
22:37:47.0764 0x0e54 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
22:37:47.0769 0x0e54 RpcLocator - ok
22:37:47.0777 0x0e54 [ 3F1A199859B4F3F8357B2A0AF5666A54, B0ACE9384088B7D0E54CF82BF48D4FEAA518BDEF98A294BA8F5A37DFF0E45328 ] RpcSs           C:\Windows\system32\rpcss.dll
22:37:47.0790 0x0e54 RpcSs - ok
22:37:47.0793 0x0e54 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:37:47.0810 0x0e54 rspndr - ok
22:37:47.0824 0x0e54 [ DCF7221D6588EDA8CD77CB27AE9B1844, 7741A4F513952CC3C4D5056958D0D50F8F2A9D3142C7478707F73A83D3CDE01C ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
22:37:47.0840 0x0e54 RTL8167 - ok
22:37:47.0842 0x0e54 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
22:37:47.0847 0x0e54 s3cap - ok
22:37:47.0849 0x0e54 [ 62056ADD38513A86C4866E912371B56B, 9465E65EB4303BF87483B9621D402E848A50E6D22B05846A621A2761B9516A57 ] SamSs           C:\Windows\system32\lsass.exe
22:37:47.0854 0x0e54 SamSs - ok
22:37:47.0857 0x0e54 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:37:47.0863 0x0e54 sbp2port - ok
22:37:47.0867 0x0e54 [ 9C7ECDB7D4F0113621D0C2806D634DEC, A2CD66F1BB6329309B9423D72112299F6E24F09B8B0F2FB82EFEE57ED67E5C85 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:37:47.0874 0x0e54 SCardSvr - ok
22:37:47.0877 0x0e54 [ 53CE84F6E4FABFC5AB47375546E1303D, 8FA3B1063ED1EE8B4771DDC5A8CA87AA93E1F0FB7B7A206E0AFFAEBF707FCB6E ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:37:47.0881 0x0e54 scfilter - ok
22:37:47.0897 0x0e54 [ FFF0BE84084D90265A6ED79229CE53AA, 2A0D76E68E15B1821C8977F1BACE7785EEA621DF0B5E804D337D0362CE479544 ] Schedule        C:\Windows\system32\schedsvc.dll
22:37:47.0921 0x0e54 Schedule - ok
22:37:47.0925 0x0e54 [ E37B315C170C8DE43592F416264A6C31, 41109BB6A3681763AB43F9BA8FDA58C1ECBEAD8258B5FF65F95AFA072468984A ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:37:47.0930 0x0e54 SCPolicySvc - ok
22:37:47.0934 0x0e54 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:37:47.0941 0x0e54 SDRSVC - ok
22:37:47.0943 0x0e54 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:37:47.0949 0x0e54 secdrv - ok
22:37:47.0951 0x0e54 [ B17F80360153B9DCED601108B74BDC25, 8AAE54EB719442EADDA8C67887A311838083B848BB714B4C8AF44BF4E9A7B75E ] seclogon        C:\Windows\system32\seclogon.dll
22:37:47.0959 0x0e54 seclogon - ok
22:37:47.0962 0x0e54 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
22:37:47.0979 0x0e54 SENS - ok
22:37:47.0981 0x0e54 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:37:47.0986 0x0e54 SensrSvc - ok
22:37:47.0988 0x0e54 [ 38B4E056D31DF16EC0EB5884F65B1979, 58EF8363103702352B9BB9F4DB47E388E86193F3C93E7392523BCC86A76B46FE ] Serenum         C:\Windows\system32\drivers\serenum.sys
22:37:47.0993 0x0e54 Serenum - ok
22:37:47.0996 0x0e54 [ F9DF63C7E70CBAC77EB07E454B35AB2A, 4FB02E23F48BE9876EE4C6B1CD6B7DAFBD7AE1FD7C61B42B3A1C617F46053EC6 ] Serial          C:\Windows\system32\drivers\serial.sys
22:37:48.0002 0x0e54 Serial - ok
22:37:48.0004 0x0e54 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:37:48.0010 0x0e54 sermouse - ok
22:37:48.0015 0x0e54 [ 8E7762634E03FE9B8774C73309563BAD, 9A56D9E0CE17EA31EC0299F24CF55DF9F3C5462D0EB66BD4165851570BA71670 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:37:48.0024 0x0e54 SessionEnv - ok
22:37:48.0026 0x0e54 [ 5E332126E8DBAB045A21D623EA5A0488, C9EBEEDDD8DBE38CFF061FC6C3E487E871E6C56C06AEBCE0C0CDF5566CD0827D ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:37:48.0031 0x0e54 sffdisk - ok
22:37:48.0033 0x0e54 [ C7CF5601AEBC0AFD053C065998E312B1, 72FB7E64D06B73A9C27ACDEC3B96C8474CF0202FE3C00D51E573965F5CBC74FC ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:37:48.0038 0x0e54 sffp_mmc - ok
22:37:48.0040 0x0e54 [ 4530300DB74296B77FCC9E549E0C3752, 8F830353CBF103EC5B7A95FEF5164E31619121BEBB4940F4405435A71F7207BE ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:37:48.0045 0x0e54 sffp_sd - ok
22:37:48.0046 0x0e54 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:37:48.0052 0x0e54 sfloppy - ok
22:37:48.0058 0x0e54 [ 595D3A71FDAF4ADB4227E4F8FA31FC59, 988F20A2F8B8B56524C82B4B2F6E1C7E7471FD44AB5BA85A468A7B3E51117308 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:37:48.0070 0x0e54 SharedAccess - ok
22:37:48.0077 0x0e54 [ 4B247D567187961DCBAA98FD13D8EB39, 8758021A5303A2EF2DF7549AA3719CE927FCA13D497DD0AE9F4A4BF55EEF8D2F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:37:48.0088 0x0e54 ShellHWDetection - ok
22:37:48.0090 0x0e54 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
22:37:48.0096 0x0e54 SiSRaid2 - ok
22:37:48.0098 0x0e54 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:37:48.0103 0x0e54 SiSRaid4 - ok
22:37:48.0106 0x0e54 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:37:48.0124 0x0e54 Smb - ok
22:37:48.0127 0x0e54 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:37:48.0133 0x0e54 SNMPTRAP - ok
22:37:48.0135 0x0e54 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:37:48.0139 0x0e54 spldr - ok
22:37:48.0148 0x0e54 [ E9B8F49884BDDE8BE466F6133523577F, 9B6E22F340640C8FC97C4F081C0B34F055C4088FCB9B6EFB35E2424DBBEDF842 ] Spooler         C:\Windows\System32\spoolsv.exe
22:37:48.0162 0x0e54 Spooler - ok
22:37:48.0218 0x0e54 [ 19907FFEF003698B25D6D58AD38A256A, BFAFEE132EF82A29ECF69BE37E9A4A12641F22CEB015B9103D3AE200E64EBC03 ] sppsvc          C:\Windows\system32\sppsvc.exe
22:37:48.0290 0x0e54 sppsvc - ok
22:37:48.0295 0x0e54 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:37:48.0312 0x0e54 sppuinotify - ok
22:37:48.0320 0x0e54 [ 72E6A150A8C8530B201832D1C801CDE6, EFBDD5D1FB924979E63D829A6970CB5552A746BEBB7C4D41066684CA16A374E0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:37:48.0332 0x0e54 srv - ok
22:37:48.0340 0x0e54 [ C4F67ABCC5033D334613F28F9E782809, A19E32E2EF790E88E7013C298AF0A34A9957A7CE55DF19FBD7BDF688D3767BA5 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:37:48.0352 0x0e54 srv2 - ok
22:37:48.0356 0x0e54 [ C53CB62B0E57488AAE41FDA0FF8A0AB9, 93614C72C578E348B66690585F8AC2B53C0C19D2C96AAD3E776D3389CA5E43B6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:37:48.0364 0x0e54 srvnet - ok
22:37:48.0368 0x0e54 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:37:48.0388 0x0e54 SSDPSRV - ok
22:37:48.0391 0x0e54 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:37:48.0409 0x0e54 SstpSvc - ok
22:37:48.0411 0x0e54 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
22:37:48.0415 0x0e54 stexstor - ok
22:37:48.0425 0x0e54 [ 82848B4B4D2E4987844C7DC51AAF7313, 2A91F1411228D5B2BFA3B531FE756BFC50C2E84604D1E29724E8CF5964189BE2 ] stisvc          C:\Windows\System32\wiaservc.dll
22:37:48.0439 0x0e54 stisvc - ok
22:37:48.0442 0x0e54 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
22:37:48.0446 0x0e54 storflt - ok
22:37:48.0448 0x0e54 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
22:37:48.0453 0x0e54 StorSvc - ok
22:37:48.0455 0x0e54 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
22:37:48.0460 0x0e54 storvsc - ok
22:37:48.0462 0x0e54 [ 5485470D82D50777757AF985776474BD, 6BCCC3F9379BB02C83CCA29534A899528E42B46E7C16133ED17CFCA60711E15A ] swenum          C:\Windows\system32\drivers\swenum.sys
22:37:48.0466 0x0e54 swenum - ok
22:37:48.0474 0x0e54 [ EFF602790C7B1407510BB6FCCE487D97, BF42D990287773F3FA75486078DDC0C97E3FC43E3C2BB640AA0F9FEA894DB6D8 ] swprv           C:\Windows\System32\swprv.dll
22:37:48.0490 0x0e54 swprv - ok
22:37:48.0514 0x0e54 [ B30860D06FC3296FA04A7C7AB5ED02B9, 98C112F9AB70DA36F622095C28ABBFC13C5BDB816B67940D0C8ACB110427CF15 ] SysMain         C:\Windows\system32\sysmain.dll
22:37:48.0545 0x0e54 SysMain - ok
22:37:48.0549 0x0e54 [ 2682F3E219BDD0FCDC452E1FE7AD7E8B, 764BAF7F52DB774CFCF8E40957A7BA7AE4E729585F37C31154569F04A1A02135 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:37:48.0557 0x0e54 TabletInputService - ok
22:37:48.0562 0x0e54 [ A58C3A68BD01A3A96E3244A8C15CE585, D9EED5BF3E06BC1636A17652171847C4E7C2F541DA818221E37D2B4F201ECDA8 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:37:48.0573 0x0e54 TapiSrv - ok
22:37:48.0598 0x0e54 [ A6350100E6E824D2F5178C88C3693B86, 95FE8FFE3998F7A0B2F709B050BDDF7F51BE511ED9B07F8AC166C5DC505A84B9 ] TBS6280_64      C:\Windows\system32\DRIVERS\TBS6280_64.sys
22:37:48.0626 0x0e54 TBS6280_64 - ok
22:37:48.0652 0x0e54 [ 7FB36A0A036ADDACE0A868E4A43C1C27, AFDCD57C49D06F31C02F37C81B67BA148CDC9B62AD62B771925D31339DDA9012 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:37:48.0684 0x0e54 Tcpip - ok
22:37:48.0711 0x0e54 [ 7FB36A0A036ADDACE0A868E4A43C1C27, AFDCD57C49D06F31C02F37C81B67BA148CDC9B62AD62B771925D31339DDA9012 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:37:48.0739 0x0e54 TCPIP6 - ok
22:37:48.0743 0x0e54 [ 7D5ACA08ACF6F39441C09E0C3E397138, C52AA6ED5892D06CF3D4B5621C0B708A399C6757D29276FD99440CB55CA20A5F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:37:48.0751 0x0e54 tcpipreg - ok
22:37:48.0753 0x0e54 [ 5FB705F7D93059B059900F2C6F7DE76B, F5AEF8C3DA8042FA04124F58B32B66ADF76107DB63D5D1D7B7D9511135524550 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:37:48.0761 0x0e54 TDPIPE - ok
22:37:48.0763 0x0e54 [ CEB11D6BB417E3E26CD0FEFDCAD5A052, 4AB18D67ACAAA66D527E3CA73267C8FC0ABFD9E11866D8849668E5E13F7A783C ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:37:48.0770 0x0e54 TDTCP - ok
22:37:48.0773 0x0e54 [ 4DD986720F7CB7A8A5D1226793097B9A, 9020375B45E9C966BF44CF425C127D7E0EC82EB99C7047F225C25402FF97743D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:37:48.0780 0x0e54 tdx - ok
22:37:48.0783 0x0e54 [ DF87E778D5EDC3F8959C6AB05A9C4E39, 4364E19490D49F99F39FAD8002D269B95566F8CE835E6DF19BA246D840550981 ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:37:48.0788 0x0e54 TermDD - ok
22:37:48.0799 0x0e54 [ 30A3A5BE7A486ADB5E20FFE4324362BF, 81F9B5E10478316F250466B24BCBFA77B38DA9CF43223FAC4CF37379E5DE49E0 ] TermService     C:\Windows\System32\termsrv.dll
22:37:48.0816 0x0e54 TermService - ok
22:37:48.0818 0x0e54 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
22:37:48.0826 0x0e54 Themes - ok
22:37:48.0829 0x0e54 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
22:37:48.0846 0x0e54 THREADORDER - ok
22:37:48.0850 0x0e54 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
22:37:48.0868 0x0e54 TrkWks - ok
22:37:48.0873 0x0e54 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:37:48.0891 0x0e54 TrustedInstaller - ok
22:37:48.0894 0x0e54 [ 2CF58216424757ED29605B4F18EC443C, 9D523FC075F7F41A17F60617670A976A8F2F2943444515DC3834720BDC37DFA0 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:37:48.0901 0x0e54 tssecsrv - ok
22:37:48.0903 0x0e54 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:37:48.0909 0x0e54 TsUsbFlt - ok
22:37:48.0911 0x0e54 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
22:37:48.0916 0x0e54 TsUsbGD - ok
22:37:48.0920 0x0e54 [ 06BC523D39A2E6A9FBAED812C7A5ED6B, F3E2D2B24F52465223D790A8618825024617220FF19AC19006FDCED98739D74F ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:37:48.0927 0x0e54 tunnel - ok
22:37:48.0929 0x0e54 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:37:48.0934 0x0e54 uagp35 - ok
22:37:48.0940 0x0e54 [ 8DE87C94A4938BF4C21C310077DB22BD, 11DCBD0B7B00BC5D51D9575F90083D9F7C57FDB317AAD638EC775EFD9419574E ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:37:48.0952 0x0e54 udfs - ok
22:37:48.0956 0x0e54 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:37:48.0962 0x0e54 UI0Detect - ok
22:37:48.0964 0x0e54 [ F76C937416EE9A617FF5519370EEA1A1, 5036EDEC68F3D039C7A23BD532944FB5724155964FBB10659435C5989BE9FD4A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:37:48.0969 0x0e54 uliagpkx - ok
22:37:48.0972 0x0e54 [ C77B614D818386596EC5540E318AE034, EE4B6D5E612E3C927CFC6C8E9E979CFAEC47EA160FFA4602014B7C8D4644EC58 ] umbus           C:\Windows\system32\drivers\umbus.sys
22:37:48.0977 0x0e54 umbus - ok
22:37:48.0980 0x0e54 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
22:37:48.0985 0x0e54 UmPass - ok
22:37:48.0990 0x0e54 [ CA64FB0D366F3FE8FA20971E35CA0D7C, EF827666C26CF959B7A015BEB576BB603A516A804DDD14B35B745C60AE10C3FC ] UmRdpService    C:\Windows\System32\umrdp.dll
22:37:48.0998 0x0e54 UmRdpService - ok
22:37:49.0004 0x0e54 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
22:37:49.0026 0x0e54 upnphost - ok
22:37:49.0029 0x0e54 [ 18CE87DAF00AF7BA0DC7FAC2A532C170, 305467AA2F7B71E5E2EE54F998A3B5D124FE4296F12A82FF7A4EBF169382ECB1 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
22:37:49.0036 0x0e54 usbaudio - ok
22:37:49.0039 0x0e54 [ 9E68E917FB4B5C983438969643F53BEF, 7148BF1E7AFAFA025A51AA9A26B90ED85328B41C7F7791CB3460D9CF53245985 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
22:37:49.0045 0x0e54 usbccgp - ok
22:37:49.0048 0x0e54 [ 710EE0EEDFF1DB5089397CCBBBD80C58, E6336A6292557FBE49B94F07DF0195A186D5EB2FF137E5AD6DD435F4AC525373 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:37:49.0054 0x0e54 usbcir - ok
22:37:49.0056 0x0e54 [ 3F9D3902CE931E2A28DD8452AE915B67, C8BF042DD84FB2E3AE7FCDBA65923611FCBDAFD6410E42A5E58F8995D99AE16C ] usbehci         C:\Windows\system32\drivers\usbehci.sys
22:37:49.0062 0x0e54 usbehci - ok
22:37:49.0068 0x0e54 [ 86B65EEBC03B936DE8B26E5A18D98FA2, 2981CF5A0FB6B6FE0A38363EA4804DB743C45E3E6E72DC3A2260F583377717C8 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
22:37:49.0078 0x0e54 usbhub - ok
22:37:49.0081 0x0e54 [ 099C2931C6F73EB1B9E13C560F61B50D, 83B64A52173243526E380C8FA0D913C7B07C2AF1806ECC4EC0D0B5523A7CBFAA ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:37:49.0085 0x0e54 usbohci - ok
22:37:49.0087 0x0e54 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
22:37:49.0094 0x0e54 usbprint - ok
22:37:49.0097 0x0e54 [ 18C50A2277BCB1509A27F91A07377263, 8034DF1A6841E029482B6843DFF906E9FBD3F26B8A317191145A670EB07AC0DA ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:37:49.0102 0x0e54 USBSTOR - ok
22:37:49.0107 0x0e54 [ 5D7651347C7D702F4A5DE53603DC024F, F55532D13AB2FF6D4B6058113AF2710AC5C87059C9000942CF517198BABCD6F5 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:37:49.0114 0x0e54 usbuhci - ok
22:37:49.0121 0x0e54 [ 0FD209CC2F2A2B17D07CE2D977087088, E68280D69CF6499B2182AF4257F282D0700B79BA94B2C0B393B049A99BC786F5 ] UxSms           C:\Windows\System32\uxsms.dll
22:37:49.0128 0x0e54 UxSms - ok
22:37:49.0130 0x0e54 [ 62056ADD38513A86C4866E912371B56B, 9465E65EB4303BF87483B9621D402E848A50E6D22B05846A621A2761B9516A57 ] VaultSvc        C:\Windows\system32\lsass.exe
22:37:49.0135 0x0e54 VaultSvc - ok
22:37:49.0138 0x0e54 [ C42E4C5200CCDF94954215910A92ADD6, 3AE0BD3B7DEEAAD2411E87829ED931B7EC365534C141F688EB92FE8351AFC9F3 ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys
22:37:49.0144 0x0e54 VBoxNetAdp - ok
22:37:49.0147 0x0e54 [ 620EAE202E247BD73F4E785B98E37D7A, A5E732FFA69270BDFBF7A4CAE57C0A3D24D37292ED8A255AA6EA5E7C64B1B458 ] VBoxUSB         C:\Windows\system32\Drivers\VBoxUSB.sys
22:37:49.0154 0x0e54 VBoxUSB - ok
22:37:49.0156 0x0e54 [ DB25700CE057D426102AB5A2259F275B, 797ED4C829B827AECF63C25FF93BAA4DBEE7625C6240077E7403F1246988A3AE ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:37:49.0161 0x0e54 vdrvroot - ok
22:37:49.0169 0x0e54 [ 57295E9336C4AE8408725B6246BA6B9A, 58994C975E3378EE29A2A6127CF32EDDA4FF0D64881AE11C36D464DF718A2167 ] vds             C:\Windows\System32\vds.exe
22:37:49.0184 0x0e54 vds - ok
22:37:49.0186 0x0e54 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:37:49.0193 0x0e54 vga - ok
22:37:49.0196 0x0e54 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:37:49.0212 0x0e54 VgaSave - ok
22:37:49.0217 0x0e54 [ FF0E9994E61F7D9778DB1C4E6F3F25F5, F160278446BB09F136AA7678F2920A5F0101A29C2B8E90D3A472AC53DBECC212 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:37:49.0224 0x0e54 vhdmp - ok
22:37:49.0226 0x0e54 [ 2B6E179E984F5A11521F8FE1EA6BAE83, AF9B3C0826C8F9CC7DB37CF4385AD365B623FB03293C5AF907077799F202A7C7 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:37:49.0230 0x0e54 viaide - ok
22:37:49.0234 0x0e54 [ 8F64E493D31328784CAD66101E674377, AEDB807BF395254AEFEBCC20B109EB3B2BAB6597C160EE396F623BC727B4FEAB ] vmbus           C:\Windows\system32\drivers\vmbus.sys
22:37:49.0242 0x0e54 vmbus - ok
22:37:49.0244 0x0e54 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
22:37:49.0248 0x0e54 VMBusHID - ok
22:37:49.0251 0x0e54 [ 95B852EC9A799A1FDAD33A8F8FDE8818, A9511B8E4729D0333F81C1FEF0371407B0EDBB9CB653E679BD8DE8C05B88D52D ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:37:49.0256 0x0e54 volmgr - ok
22:37:49.0263 0x0e54 [ 85C5468BC395819AE2A0C747334BA14C, 75EB4751F90F3347229442A5622539383CE0B1834EE7B995260D0D433BA2E25F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:37:49.0272 0x0e54 volmgrx - ok
22:37:49.0278 0x0e54 [ B52F1F5F55CD773BA89E5739B82E9C34, FBA4EC1EB9564B9EEFB1477AF54FE8862B8F52DCC518CB659B8862697C417A7B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:37:49.0286 0x0e54 volsnap - ok
22:37:49.0291 0x0e54 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:37:49.0297 0x0e54 vsmraid - ok
22:37:49.0319 0x0e54 [ A6B355943A77FC59B4BE54F6CC2C1A06, 422DE0C69A4F34FAD576663587F6BD03A48E20C96F1283D803F7667A288B962D ] VSS             C:\Windows\system32\vssvc.exe
22:37:49.0351 0x0e54 VSS - ok
22:37:49.0354 0x0e54 [ BFCBFD74A7D673AF8311F236AA15D0AF, AE52D49121A6FB173D30DA6F3901A934A1F6C8FF9CF0DCEE8954FE05F111A063 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
22:37:49.0360 0x0e54 vwifibus - ok
22:37:49.0366 0x0e54 [ 77B02662D2485F43C096B32FC7A99B48, 7DB0EE090311CD1BC25629F4EA6F6E72F4B67287B753B02E9F76183A797D1C2F ] W32Time         C:\Windows\system32\w32time.dll
22:37:49.0379 0x0e54 W32Time - ok
22:37:49.0382 0x0e54 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:37:49.0387 0x0e54 WacomPen - ok
22:37:49.0390 0x0e54 [ 7AF9F1F2BAF52266096501BBBEEE62A9, 5B6B908B4F398F64E440DDD703E80F3C3E8537D5EB593CC69028E2E20456F213 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:37:49.0397 0x0e54 WANARP - ok
22:37:49.0400 0x0e54 [ 7AF9F1F2BAF52266096501BBBEEE62A9, 5B6B908B4F398F64E440DDD703E80F3C3E8537D5EB593CC69028E2E20456F213 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:37:49.0406 0x0e54 Wanarpv6 - ok
22:37:49.0424 0x0e54 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:37:49.0447 0x0e54 WatAdminSvc - ok
22:37:49.0468 0x0e54 [ 01037578F5CFE26D347296A03E0801C0, 91405FB934EFD8D0FE9B51CECBB977814B359C2EE1F409E62717C230362D7AFC ] wbengine        C:\Windows\system32\wbengine.exe
22:37:49.0496 0x0e54 wbengine - ok
22:37:49.0502 0x0e54 [ 55E42FA7B170579F9F95AC5A405F82FD, 1F3DA26D8395B9AF53ADCE075FA24E48FF4AA7553FC0F8CAF696B3F032EA6545 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:37:49.0510 0x0e54 WbioSrvc - ok
22:37:49.0517 0x0e54 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:37:49.0530 0x0e54 wcncsvc - ok
22:37:49.0532 0x0e54 [ BC00873272B3771CCDA38336AF2B4D4B, 3E412DEC5F172B4C5FD5C227CD790EE56B90A00A8B538704E8F973D230BE2289 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:37:49.0538 0x0e54 WcsPlugInService - ok
22:37:49.0540 0x0e54 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
22:37:49.0544 0x0e54 Wd - ok
22:37:49.0557 0x0e54 [ 37CE6867FC4A6827009A713A9737262C, D8890524F4EF358E35C4A992BEAF7C8FB5ED647FE4D899D3CF608C2201E218A5 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:37:49.0573 0x0e54 Wdf01000 - ok
22:37:49.0576 0x0e54 [ E8E4226F02B3CDC87FC53C9406F3BEA0, 2CF36989DCC2B534C4E55F95F52C911BD364735D2089D8195E5CB913268A5757 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:37:49.0585 0x0e54 WdiServiceHost - ok
22:37:49.0587 0x0e54 [ E8E4226F02B3CDC87FC53C9406F3BEA0, 2CF36989DCC2B534C4E55F95F52C911BD364735D2089D8195E5CB913268A5757 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:37:49.0595 0x0e54 WdiSystemHost - ok
22:37:49.0601 0x0e54 [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient       C:\Windows\System32\webclnt.dll
22:37:49.0610 0x0e54 WebClient - ok
22:37:49.0615 0x0e54 [ D833A60DE407802A3A4894DD3B2E2AFB, CBB0CA5300A6F67D12EF0BE76F7EA30DE1C64C02D3CF1F835E36C5AD866A1D66 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:37:49.0625 0x0e54 Wecsvc - ok
22:37:49.0628 0x0e54 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:37:49.0646 0x0e54 wercplsupport - ok
22:37:49.0649 0x0e54 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:37:49.0667 0x0e54 WerSvc - ok
22:37:49.0669 0x0e54 [ 7575DC87DF112AC0C6E95A0F87915CDC, 1EC63A4CC0AC3341F639A5483F1A0B710E148DCB2DDA16ADCDDDED6E5EECE549 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:37:49.0673 0x0e54 WfpLwf - ok
22:37:49.0676 0x0e54 [ EACC800ECF26D82A063BC8E49EE1D8BF, DB14CDF030EDD10E174F44AA6EDC953964EC5E26D219480C776C29378BF84314 ] WiaRpc          C:\Windows\System32\wiarpc.dll
22:37:49.0682 0x0e54 WiaRpc - ok
22:37:49.0684 0x0e54 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:37:49.0689 0x0e54 WIMMount - ok
22:37:49.0690 0x0e54 WinDefend - ok
22:37:49.0693 0x0e54 WinHttpAutoProxySvc - ok
22:37:49.0701 0x0e54 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:37:49.0721 0x0e54 Winmgmt - ok
22:37:49.0747 0x0e54 [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM           C:\Windows\system32\WsmSvc.dll
22:37:49.0782 0x0e54 WinRM - ok
22:37:49.0798 0x0e54 [ 4B7912EB80820EAC543EE54806EFCAF0, 4D9186F9FE80F03C85C4DC73342EE5870DF1021BD29974BE33557CEA0D524667 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:37:49.0816 0x0e54 Wlansvc - ok
22:37:49.0819 0x0e54 [ 241A2D103E5F63A69B130D7C344A228D, 26458F76235116F2BD4F689763F1B730BD024C850B7B22238210D60ABB1393D8 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:37:49.0823 0x0e54 WmiAcpi - ok
22:37:49.0828 0x0e54 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:37:49.0837 0x0e54 wmiApSrv - ok
22:37:49.0839 0x0e54 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:37:49.0844 0x0e54 WPCSvc - ok
22:37:49.0847 0x0e54 [ 74D81AAA1AAAA9F74A978D9584EF0CB6, C4377E29C80004767CD9EB66B343DF46A96373A0F92F3D5A6D3536DFB3E3F226 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:37:49.0855 0x0e54 WPDBusEnum - ok
22:37:49.0857 0x0e54 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:37:49.0873 0x0e54 ws2ifsl - ok
22:37:49.0876 0x0e54 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
22:37:49.0885 0x0e54 wscsvc - ok
22:37:49.0887 0x0e54 WSearch - ok
22:37:49.0923 0x0e54 [ 88009DB9E1166B6B6713A858C176FECD, CBF4C63D3C5D14AF3C3F0D9C48E5AC9E7A4323BFB0363E9948FD801963BE1467 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:37:49.0968 0x0e54 wuauserv - ok
22:37:49.0972 0x0e54 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:37:49.0978 0x0e54 WudfPf - ok
22:37:49.0983 0x0e54 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:37:49.0990 0x0e54 WUDFRd - ok
22:37:49.0993 0x0e54 [ 1685B0232BF1306A31DFBC04F36A32B9, E4D98D1636E0E16F7EEAA6E2991307D66A5BA235D4CAF6293F423012E4D6B6B0 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:37:50.0002 0x0e54 wudfsvc - ok
22:37:50.0006 0x0e54 [ 13E19A9868C6E1C9F5584D571DDA7D76, 05F0BFA9C1F089EF35EBA85B9B142CF2AC5BDF82968073739E2950CB8444B4BA ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:37:50.0016 0x0e54 WwanSvc - ok
22:37:50.0027 0x0e54 [ 4A5CE13408945E525503B5F73D29B9C5, D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
22:37:50.0043 0x0e54 xnacc - ok
22:37:50.0045 0x0e54 ================ Scan global ===============================
22:37:50.0047 0x0e54 [ CEC94EC582DBBAD9461EB2BE2BE319A6, A0FAACC5790D8B813415FB55BB56C5DBD1A9E04BD2CE29BB8671D706F4DA1DF6 ] C:\Windows\system32\basesrv.dll
22:37:50.0051 0x0e54 [ 66A8A9412337B08E1735204B8ADEE58C, 766429FBB014A9CA6AEFD39579C3F33625335A3DFD88AB324E4534978695B887 ] C:\Windows\system32\winsrv.dll
22:37:50.0059 0x0e54 [ 66A8A9412337B08E1735204B8ADEE58C, 766429FBB014A9CA6AEFD39579C3F33625335A3DFD88AB324E4534978695B887 ] C:\Windows\system32\winsrv.dll
22:37:50.0063 0x0e54 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
22:37:50.0069 0x0e54 [ 38382A6B73FB37EF692DCBD882AB1FC4, 66B8501C3797C8B4525CD8EC2B141A8751D7A163E24E249C3E1DE42F7C055889 ] C:\Windows\system32\services.exe
22:37:50.0073 0x0e54 [ Global ] - ok
22:37:50.0073 0x0e54 ================ Scan MBR ==================================
22:37:50.0074 0x0e54 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
22:37:50.0090 0x0e54 \Device\Harddisk0\DR0 - ok
22:37:50.0092 0x0e54 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
22:37:50.0174 0x0e54 \Device\Harddisk1\DR1 - ok
22:37:50.0174 0x0e54 ================ Scan VBR ==================================
22:37:50.0180 0x0e54 [ 54012543CCAB7E1819E2AFFF28236B04 ] \Device\Harddisk0\DR0\Partition1
22:37:50.0182 0x0e54 \Device\Harddisk0\DR0\Partition1 - ok
22:37:50.0186 0x0e54 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition2
22:37:50.0186 0x0e54 \Device\Harddisk0\DR0\Partition2 - ok
22:37:50.0192 0x0e54 [ 373F12617A7DE08F5B424A64F2337EDB ] \Device\Harddisk0\DR0\Partition3
22:37:50.0195 0x0e54 \Device\Harddisk0\DR0\Partition3 - ok
22:37:50.0199 0x0e54 [ 7EB05F351E5DAE33C136FC853CE98C0C ] \Device\Harddisk1\DR1\Partition1
22:37:50.0201 0x0e54 \Device\Harddisk1\DR1\Partition1 - ok
22:37:50.0202 0x0e54 [ 96223FF8749D86728903DD8CB79C626C ] \Device\Harddisk1\DR1\Partition2
22:37:50.0203 0x0e54 \Device\Harddisk1\DR1\Partition2 - ok
22:37:50.0203 0x0e54 ================ Scan generic autorun ======================
22:37:50.0204 0x0e54 Sidebar - ok
22:37:50.0207 0x0e54 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:37:50.0219 0x0e54 mctadmin - ok
22:37:50.0220 0x0e54 Sidebar - ok
22:37:50.0223 0x0e54 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:37:50.0234 0x0e54 mctadmin - ok
22:37:50.0235 0x0e54 Waiting for KSN requests completion. In queue: 67
22:37:51.0278 0x0e54 Win FW state via NFP2: enabled ( trusted )
22:37:51.0487 0x0e54 ============================================================
22:37:51.0487 0x0e54 Scan finished
22:37:51.0487 0x0e54 ============================================================
22:37:51.0499 0x0e78 Detected object count: 0
22:37:51.0499 0x0e78 Actual detected object count: 0

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2017-12-17 22:42:22
-----------------------------
22:42:22.816    OS Version: Windows x64 6.1.7601 Service Pack 1
22:42:22.816    Number of processors: 8 586 0x5E03
22:42:22.818    ComputerName: HOST1991 UserName: gs1991
22:42:22.966    Initialize success
22:42:22.978    VM: initialized successfully
22:42:22.979    VM: Intel CPU BiosDisabled
22:53:45.564    AVAST engine defs: 17030301
22:55:52.708    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006b
22:55:52.713    Disk 0 Vendor: Samsun_ EMT0 Size: 238475MB BusType: 11
22:55:52.719    Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006c
22:55:52.725    Disk 1 Vendor: ST2000DM CC26 Size: 1907729MB BusType: 11
22:55:52.738    Disk 0 MBR read successfully
22:55:52.745    Disk 0 MBR scan
22:55:52.754    Disk 0 unknown MBR code
22:55:52.761    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
22:55:52.780    Disk 0 scanning C:\Windows\system32\drivers
22:55:54.774    Service scanning
22:55:59.503    Modules scanning
22:55:59.520    Disk 0 trace - called modules:
22:55:59.531    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
22:55:59.534    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d85e790]
22:55:59.539    3 CLASSPNP.SYS[fffff88001ee543f] -> nt!IofCallDriver -> [0xfffffa800d75db60]
22:55:59.550    5 iaStorF.sys[fffff88001a6ba88] -> nt!IofCallDriver -> \Device\0000006b[0xfffffa800cc119c0]
22:55:59.659    AVAST engine scan C:\Windows
22:56:00.061    AVAST engine scan C:\Windows\system32
22:56:41.712    AVAST engine scan C:\Windows\system32\drivers
22:56:43.846    AVAST engine scan C:\Users\gs1991
22:56:46.530    AVAST engine scan C:\ProgramData
22:56:47.615    Disk 0 statistics 3392898/0/0 @ 128.72 MB/s
22:56:47.619    Scan finished successfully
22:57:39.930    Disk 0 MBR has been saved successfully to "C:\Users\gs1991\Desktop\MBR.dat"
22:57:39.936    The log file has been saved successfully to "C:\Users\gs1991\Desktop\aswMBR.txt"

#4 xeobrwsx

Topic Starter

Members
6 posts
OFFLINE

Local time:03:38 AM

Posted 17 December 2017 - 06:12 PM

fixlog.txt and the MBR zip - thanks in advance!

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by gs1991 (17-12-2017 23:03:19) Run:1
Running from C:\Users\gs1991\Desktop
Loaded Profiles: gs1991 (Available Profiles: gs1991)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\ProgramData\TEMP:0888F409 [146]
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47 [163]
AlternateDataStreams: C:\ProgramData\TEMP:66633281 [140]
zip: C:\Windows\Minidump\121717-5304-01.dmp
emptytemp:
cmd: bcdedit

*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
C:\ProgramData\TEMP => ":0888F409" ADS removed successfully
C:\ProgramData\TEMP => ":3440EB47" ADS removed successfully
C:\ProgramData\TEMP => ":66633281" ADS removed successfully
================== Zip: ===================
"C:\Windows\Minidump\121717-5304-01.dmp" -> not found
=========== Zip: End ===========

========= bcdedit =========

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
path                    \EFI\MICROSOFT\BOOT\BOOTMGFW.EFI
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {1cfb31a8-3e68-11e6-ab40-d080a4906cc9}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.efi
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {1cfb31aa-3e68-11e6-ab40-d080a4906cc9}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {1cfb31a8-3e68-11e6-ab40-d080a4906cc9}
nx                      OptIn

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22058976 B
Java, Flash, Steam htmlcache => 523 B
Windows/system/drivers => 140 B
Edge => 0 B
Chrome => 0 B
Firefox => 34044254 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 66356 B
LocalService => 66228 B
NetworkService => 66228 B
gs1991 => 520423838 B

RecycleBin => 5897280651 B
EmptyTemp: => 6 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 23:03:22 ====

Attached Files

17.12.2017_23.03.19.zip 22bytes 2 downloads

#5 Oh My!

Adware and Spyware and Malware.....

Malware Response Instructor
37,502 posts
ONLINE

Gender:Male
Location:California
Local time:08:38 PM

Posted 17 December 2017 - 09:34 PM

Thank you for the information.

Your computer is clean. Your system utilizes the GPT (GUID partition table) structure rather than the Master Boot Record boot process.

At one time was your operating system on your second drive?

Please do this.

===================================================

ListParts by Farbar for 64 bit Systems

--------------------

Please download ListParts64.exe (for 64 bit systems), or and save it to your desktop
Double click the icon to launch the program
Select Run
Select Scan
Select OK and wait for a Result - Notepad document to open on your desktop
Please copy and paste the contents in your reply

OS drive
Listparts report

Edited by Oh My!, 18 December 2017 - 08:13 AM.

#6 xeobrwsx

Topic Starter

Members
6 posts
OFFLINE

Local time:03:38 AM

Posted 18 December 2017 - 10:16 AM

THanks for your continued support & help:

My C: drive has only ever been the boot drive on this system, it was built completely by me in June 2016, the 256GB Samsung SSD has always been the boot device but it was an MBR partition table (it used to have 3 windows partitions) this concerns me as my back-up from Macrium was an MBR, but if I run Macrium now it shows it's GPT - How is that possible?

The 2TB Seagate has always been my storage drive (2 x 1TB partitions) it was never a boot drive and was formatted from new by me.

ListParts by Farbar Version: 31-07-2014
Ran by gs1991 (administrator) on 18-12-2017 at 14:55:58
Windows 7 (X64)
Running From: C:\Users\gs1991\Downloads
Language: English (United States)
************************************************************

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 16327.12 MB
Available physical RAM: 14856.16 MB
Total Pagefile: 16325.3 MB
Available Pagefile: 14363.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.92 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:209.37 GB) (Free:188.19 GB) NTFS
2 Drive e: (TV & Videos) (Fixed) (Total:886.45 GB) (Free:336.79 GB) NTFS
3 Drive f: (Music & Storage) (Fixed) (Total:976.56 GB) (Free:352.93 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 23 GB *
Disk 1 Online 1863 GB 1024 KB

Partitions of Disk 0:
===============

Disk ID: {5FB009AC-4D18-4099-B256-A8B8446836AD}

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 System (partition with boot components) 100 MB 1024 KB
Partition 2 Reserved 128 MB 101 MB
Partition 3 Primary 209 GB 229 MB

======================================================================================================

Disk: 0
Partition 1
Type : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 FAT32 Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 3
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 209 GB Healthy Boot

======================================================================================================

Partitions of Disk 1:
===============

Disk ID: 9B5BF978

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 886 GB 1024 KB
Partition 2 Primary 976 GB 886 GB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E TV & Videos NTFS Partition 886 GB Healthy

======================================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F Music & Sto NTFS Partition 976 GB Healthy

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 9DD63A5E

Partition : GPT Partition Type
==============================
Partitions of Disk 1:
===============
Disk ID: 9B5BF978
Partition 1: (Active) - (Size=886 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=977 GB) - (Type=07 NTFS)

****** End Of Log ******

Edited by xeobrwsx, 18 December 2017 - 10:16 AM.

#7 Oh My!

Adware and Spyware and Malware.....

Malware Response Instructor
37,502 posts
ONLINE

Gender:Male
Location:California
Local time:08:38 PM

Posted 18 December 2017 - 11:13 AM

Greetings.

A disk can be changed from MBR to GPT but only if there aren't any volumes or partitions on the drive. If you did not do that, that indicates you have always had GPT on the SSD.

Your second drive contains MBR information and the reason I asked about whether or not that was once your operating system is because one of the partitions on the second drive is set as active, which it should not be. I am wondering if that is what is being picked up in Macrum. We are going to modify that setting.

Partitions of Disk 1:
===============
Disk ID: 9B5BF978
Partition 1: (Active) - (Size=886 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=977 GB) - (Type=07 NTFS)

Please do this.

===================================================

Running a ListParts Fix in Normal Mode

--------------

Press the Windows Key + R at the same time
Type Notepad and press Enter
Copy and paste the contents of the below into Notepad

Disk=1 Partition=1 inactive

Save the file onto your desktop as Fix.txt
Double click the ListParts icon on your dekstop
Press Fix
When finished please press the Scan button
A Result.txt document will appear on your dekstop
Copy and paste the contents in your reply

Result.txt

#8 xeobrwsx

Topic Starter

Members
6 posts
OFFLINE

Local time:03:38 AM

Posted 18 December 2017 - 11:44 AM

Hi again:
I did wipe my SSD /clean all before running my back-up when I realised it was deep rooted, but that should not alter the MBR to GPT as it was a image of the hard drive

ListParts by Farbar Version: 31-07-2014
Ran by gs1991 (administrator) on 18-12-2017 at 16:48:19
Windows 7 (X64)
Running From: C:\Users\gs1991\Desktop
Language: English (United States)
************************************************************

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 16327.12 MB
Available physical RAM: 14583.91 MB
Total Pagefile: 16325.3 MB
Available Pagefile: 13997.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:209.37 GB) (Free:188.12 GB) NTFS
2 Drive e: (TV & Videos) (Fixed) (Total:886.45 GB) (Free:328.61 GB) NTFS
3 Drive f: (Music & Storage) (Fixed) (Total:976.56 GB) (Free:352.93 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 23 GB *
Disk 1 Online 1863 GB 1024 KB

Partitions of Disk 0:
===============

Disk ID: {5FB009AC-4D18-4099-B256-A8B8446836AD}

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 System (partition with boot components) 100 MB 1024 KB
Partition 2 Reserved 128 MB 101 MB
Partition 3 Primary 209 GB 229 MB

======================================================================================================

Disk: 0
Partition 1
Type : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 FAT32 Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 3
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 209 GB Healthy Boot

======================================================================================================

Partitions of Disk 1:
===============

Disk ID: 9B5BF978

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 886 GB 1024 KB
Partition 2 Primary 976 GB 886 GB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E TV & Videos NTFS Partition 886 GB Healthy

======================================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F Music & Sto NTFS Partition 976 GB Healthy

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 9DD63A5E

Partition : GPT Partition Type
==============================
Partitions of Disk 1:
===============
Disk ID: 9B5BF978
Partition 1: (Not Active) - (Size=886 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=977 GB) - (Type=07 NTFS)

****** End Of Log ******

Edited by xeobrwsx, 18 December 2017 - 11:48 AM.

#9 Oh My!

Adware and Spyware and Malware.....

Malware Response Instructor
37,502 posts
ONLINE

Gender:Male
Location:California
Local time:08:38 PM

Posted 18 December 2017 - 12:22 PM

Our efforts were successful as Partition 1 of Disk 1 is now inactive.

In reviewing Macrium information it is apparently possible to use an image with a Master Boot Record and transfer it back to a fresh GPT machine. Not sure if that is what happened but I really don't have a definitive answer for you. Since this is not my area of expertise my suggestion would be to contact Macrium or post a topic in the BleepingComputer Backup, Imaging, and Disk Management Software Forum. They might be able to better address your questions.

The bottom line is I am convinced you do not have an MBR rootkit, nor do I see any evidence of malware whatsoever.

Please let me know what you desire to do.

#10 xeobrwsx

Topic Starter

Members
6 posts
OFFLINE

Local time:03:38 AM

Posted 18 December 2017 - 04:18 PM

Hi, I don't know then, I did remove a lot of stuff before joining up to ask for help, maybe I did enough to kill it, or maybe my BIOS update fixed the exploit service, MB manufacturers do not relase a BIOS update 4 years later without good reason

I'll keep an eye on my system, if it plays up again I'll start a new topic, and this time I will not attempt any fixes myself, I noticed your website info said don't use combofix, but I do use it and had done lol Thank you ever so much for all your help, it's admirable someone would do this for free just to help others, Have a fantastic Christmas

#11 Oh My!

Adware and Spyware and Malware.....

Malware Response Instructor
37,502 posts
ONLINE

Gender:Male
Location:California
Local time:08:38 PM

Posted 18 December 2017 - 05:03 PM

Greetings.

I think monitoring it is a good plan. Combofix was used quite a bit before Windows 8/10. The reason we strongly advise against using it is because it can cause serious damage if used improperly, or the person running the program is not sufficiently educated to decipher the results and actions.

Looks like we are all set!

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------

Download Delfix and save it to your Desktop
Double click the icon
Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

Click Run

===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:

Simple and easy ways to keep your computer safe and secure on the Internet.

In addition, here are some more links you might find of interest:

Windows Defender feature in Windows 10 Fall Creators Update designed to protect your files from ransomware.
Malwarebytes Anti-Ransomware and other similar programs guards against CryptoLocker which encrypts your files making them inaccessible. <<< Very Important. For more information read the explanation by quietman7
So How did I get infected?

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you.

Merry Christmas!

#12 Oh My!

Adware and Spyware and Malware.....

Malware Response Instructor
37,502 posts
ONLINE

Gender:Male
Location:California
Local time:08:38 PM

Posted 19 December 2017 - 10:12 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.