Router infected? Seeking assistance with a fake tech support hijack

WCSWood · Apr 23, 2016

Hello there. My internet access is randomly shut down for hours at a time and a fake tech support screen takes over. Also, my wifi dies simultaneously and my phone(wifi only) stops working. After a few hours it all just comes back on. Spybot scans and root kit scans don't solve the problem. Have tried lots of different sites recommendations but to no avail. It won't let me attach the scan of the frst, says it's too large. I did back up the registry. Also attached is a pic of the screen that takes over. Any help would be greatly appreciated. Thanks, -Isaac

Juliet · Apr 23, 2016

HI

Can you search for and post

FRST.txt

~~~~~~~~~~~``

AdwCleaner

Please download AdwCleaner and save the file to your Desktop.
Right-click AdwCleaner.exe and select

Run as administrator to run the programme.
Follow the prompts.
Click

Scan.
Upon completion, click

Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click

Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

======================================================

Please download Junkware Removal Tool
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

~~~~~~~~~~~~~~~~~~~~~
please post
Fixlog.txt
AdwCleaner[C1].txt
JRT.txt

WCSWood · Apr 23, 2016

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by Willis (administrator) on WILLIS-PC (22-04-2016 20:40:17)
Running from C:\Users\Willis\Downloads
Loaded Profiles: Willis (Available Profiles: Willis)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2558890546-1323134406-2902475843-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E510B59C-2187-4F93-B8D1-12B6EE9033BC}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-06] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-22]
CHR Extension: (Google Drive) - C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-21]
CHR Extension: (YouTube) - C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-21]
CHR Extension: (Google Sheets) - C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-21]
CHR Extension: (Google Docs Offline) - C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-21]
CHR Extension: (Gmail) - C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-21]
CHR Extension: (Privacy Badger) - C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2016-04-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-22] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-22 20:40 - 2016-04-22 20:40 - 00007064 _____ C:\Users\Willis\Downloads\FRST.txt
2016-04-22 20:39 - 2016-04-22 20:40 - 00000000 ____D C:\FRST
2016-04-22 20:38 - 2016-04-22 20:39 - 02375680 _____ (Farbar) C:\Users\Willis\Downloads\FRST64.exe
2016-04-22 20:37 - 2016-04-22 20:37 - 00002246 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-04-22 20:37 - 2016-04-22 20:37 - 00000207 _____ C:\Windows\tweaking.com-regbackup-WILLIS-PC-Windows-7-Professional-(64-bit).dat
2016-04-22 20:37 - 2016-04-22 20:37 - 00000000 ____D C:\RegBackup
2016-04-22 20:37 - 2016-04-22 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-04-22 20:37 - 2016-04-22 20:37 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-04-22 20:36 - 2016-04-22 20:37 - 00017993 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2016-04-22 20:21 - 2016-04-22 20:23 - 05523840 _____ (Tweaking.com) C:\Users\Willis\Downloads\tweaking.com_registry_backup_setup.exe
2016-04-22 19:45 - 2016-04-22 19:51 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-22 19:44 - 2016-04-22 19:44 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-22 19:44 - 2016-04-22 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-22 19:44 - 2016-04-22 19:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-22 19:44 - 2016-04-22 19:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-22 19:44 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-22 19:44 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-22 19:44 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-22 19:33 - 2016-04-22 19:42 - 22851472 _____ (Malwarebytes ) C:\Users\Willis\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-22 19:20 - 2016-04-22 19:21 - 01610008 _____ (Malwarebytes) C:\Users\Willis\Downloads\JRT (1).exe
2016-04-22 19:15 - 2016-04-22 19:17 - 00370608 _____ C:\TDSSKiller.3.1.0.9_22.04.2016_19.15.46_log.txt
2016-04-22 19:15 - 2016-04-22 19:15 - 00246848 ____N (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\80902796.sys
2016-04-22 19:13 - 2016-04-22 19:15 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Willis\Downloads\tdsskiller.exe
2016-04-22 19:10 - 2016-04-22 19:10 - 01610008 _____ (Malwarebytes) C:\Users\Willis\Downloads\JRT.exe
2016-04-22 15:56 - 2016-04-22 15:57 - 00000000 ___DC C:\Users\Willis\AppData\Local\MigWiz
2016-04-22 12:28 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2016-04-22 12:28 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2016-04-22 12:28 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2016-04-22 12:28 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2016-04-22 12:28 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2016-04-22 12:28 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2016-04-22 12:28 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2016-04-22 12:28 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2016-04-22 12:28 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2016-04-22 12:26 - 2016-03-29 13:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-22 12:26 - 2014-12-06 00:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2016-04-22 12:26 - 2014-12-05 23:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2016-04-22 12:26 - 2014-12-05 23:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2016-04-22 12:24 - 2016-02-12 14:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-04-22 12:24 - 2016-02-12 14:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-04-22 12:24 - 2016-02-12 14:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-04-22 12:24 - 2016-02-12 14:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-04-22 12:24 - 2016-02-12 14:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-04-22 12:24 - 2016-02-12 14:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-04-22 12:24 - 2016-02-12 14:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-04-22 12:24 - 2016-02-12 14:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-04-22 12:24 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-04-22 12:24 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-04-22 12:24 - 2016-02-12 14:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-04-22 12:24 - 2016-02-12 14:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-04-22 12:24 - 2016-02-12 14:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-04-22 12:24 - 2016-02-12 14:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-04-22 12:24 - 2016-02-12 14:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-04-22 12:24 - 2016-02-12 14:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-04-22 12:22 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2016-04-22 12:22 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2016-04-22 12:21 - 2015-11-10 14:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-04-22 12:21 - 2015-11-10 14:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-04-22 12:21 - 2015-11-10 14:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-04-22 12:21 - 2015-11-10 14:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-04-22 12:21 - 2015-11-10 14:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-04-22 12:21 - 2015-07-01 16:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-04-22 12:21 - 2015-07-01 16:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-04-22 12:21 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-04-22 12:21 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-04-22 12:21 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2016-04-22 12:21 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2016-04-22 12:20 - 2016-02-03 14:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-04-22 12:20 - 2016-02-03 14:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-04-22 12:20 - 2016-02-03 14:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-04-22 12:20 - 2016-02-03 14:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-04-22 12:20 - 2016-02-03 14:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-04-22 12:20 - 2016-01-07 13:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-04-22 12:20 - 2015-11-05 15:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2016-04-22 12:20 - 2015-11-05 15:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2016-04-22 12:20 - 2015-11-05 05:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-04-22 12:20 - 2015-07-14 23:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-04-22 12:20 - 2015-07-14 23:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-22 12:20 - 2015-07-14 23:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2016-04-22 12:20 - 2015-07-14 23:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-22 12:20 - 2015-07-14 22:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2016-04-22 12:20 - 2015-07-14 22:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-22 12:20 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2016-04-22 12:20 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-22 12:20 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2016-04-22 12:20 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2016-04-22 11:18 - 2016-02-11 14:56 - 05572032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-22 11:18 - 2016-02-11 14:52 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-22 11:18 - 2016-02-11 14:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-22 11:18 - 2016-02-11 14:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-22 11:18 - 2016-02-11 14:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-22 11:18 - 2016-02-11 14:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-22 11:18 - 2016-02-11 14:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-22 11:18 - 2016-02-11 14:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-22 11:18 - 2016-02-11 14:47 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-22 11:18 - 2016-02-11 14:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-22 11:18 - 2016-02-11 14:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-22 11:18 - 2016-02-11 14:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-22 11:18 - 2016-02-11 14:44 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-22 11:18 - 2016-02-11 14:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-22 11:18 - 2016-02-11 14:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-22 11:18 - 2016-02-11 14:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-22 11:18 - 2016-02-11 14:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-22 11:18 - 2016-02-11 14:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-22 11:18 - 2016-02-11 14:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-22 11:18 - 2016-02-11 14:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 13:41 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-22 11:18 - 2016-02-11 13:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-22 11:18 - 2016-02-11 13:32 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-22 11:18 - 2016-02-11 13:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-22 11:18 - 2016-02-11 13:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-22 11:18 - 2016-02-11 13:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-22 11:18 - 2016-02-11 13:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-22 11:18 - 2016-02-11 13:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 13:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 13:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-22 11:18 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-22 11:18 - 2015-11-11 14:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-04-22 11:18 - 2015-11-11 14:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-04-22 11:18 - 2015-11-11 14:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-04-22 11:18 - 2015-11-11 14:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2016-04-22 11:16 - 2016-03-15 20:22 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-22 11:16 - 2016-03-15 20:22 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-22 11:16 - 2016-03-15 20:16 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-22 11:16 - 2016-03-15 20:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-22 11:16 - 2016-03-15 20:16 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-22 11:16 - 2016-03-15 20:16 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-22 11:16 - 2016-03-15 20:16 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-22 11:16 - 2016-03-15 20:16 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-22 11:16 - 2016-03-15 20:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-22 11:16 - 2016-03-15 20:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-22 11:16 - 2016-03-15 20:16 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-22 11:16 - 2016-03-15 20:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-22 11:16 - 2016-03-15 20:15 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-22 11:16 - 2016-03-15 20:15 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-22 11:16 - 2016-03-15 20:15 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-22 11:16 - 2016-03-15 20:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-22 11:16 - 2016-03-15 20:14 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-22 11:16 - 2016-03-15 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-22 11:16 - 2016-03-15 20:13 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-22 11:16 - 2016-03-15 20:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-22 11:16 - 2016-03-15 20:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-22 11:16 - 2016-03-15 20:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-22 11:16 - 2016-03-15 19:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-22 11:16 - 2016-03-15 19:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-22 11:16 - 2016-03-15 19:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-22 11:16 - 2016-03-15 19:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-22 11:16 - 2016-03-15 19:53 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-22 11:16 - 2016-03-15 19:53 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-22 11:16 - 2016-03-15 19:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-22 11:16 - 2016-03-15 19:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-22 11:16 - 2016-03-15 19:52 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-22 11:16 - 2016-03-15 19:52 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-22 11:16 - 2016-03-15 19:52 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-22 11:16 - 2016-03-15 19:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-22 11:16 - 2016-03-15 19:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-22 11:16 - 2016-03-15 19:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-22 11:16 - 2016-03-15 19:51 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-22 11:16 - 2016-03-15 19:51 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-22 11:16 - 2016-03-15 19:16 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-22 11:16 - 2016-03-15 19:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-22 11:16 - 2016-03-15 19:03 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-22 11:16 - 2016-03-15 19:02 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-22 11:16 - 2016-03-15 19:02 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-22 11:16 - 2016-03-15 19:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-22 11:16 - 2016-03-15 18:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-22 11:16 - 2016-02-04 21:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-04-22 11:16 - 2016-02-04 14:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-04-22 11:16 - 2015-12-20 14:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-04-22 11:16 - 2015-12-20 14:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-04-22 11:16 - 2015-12-20 10:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-04-22 11:16 - 2015-10-13 12:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-04-22 11:16 - 2015-10-13 12:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-04-22 11:16 - 2015-09-23 09:18 - 00459344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-04-22 11:16 - 2015-09-23 09:18 - 00298192 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-04-22 11:16 - 2015-09-23 09:08 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-04-22 11:16 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-04-22 11:16 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-04-22 11:16 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-04-22 11:16 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-04-22 11:16 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-04-22 11:16 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-04-22 11:16 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-04-22 11:16 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-04-22 11:16 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-04-22 11:16 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-04-22 11:16 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-04-22 11:16 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-04-22 11:15 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2016-04-22 11:15 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2016-04-22 11:15 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2016-04-22 11:15 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2016-04-22 11:15 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2016-04-22 11:15 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2016-04-22 11:15 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2016-04-22 11:15 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2016-04-22 11:15 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2016-04-22 11:15 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2016-04-22 11:15 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2016-04-22 11:15 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2016-04-22 11:15 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2016-04-22 11:15 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2016-04-22 11:14 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-04-22 11:14 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-04-22 11:13 - 2016-02-05 14:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-04-22 11:13 - 2016-02-05 14:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-04-22 11:13 - 2016-02-05 14:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-04-22 11:13 - 2016-02-05 14:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-04-22 11:13 - 2016-02-05 14:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-04-22 11:13 - 2016-02-05 14:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-04-22 11:13 - 2016-02-05 14:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-04-22 11:13 - 2016-02-05 13:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-04-22 11:13 - 2016-02-05 13:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-04-22 11:13 - 2016-02-05 13:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-04-22 11:13 - 2015-12-08 17:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-04-22 11:13 - 2015-12-08 15:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-04-22 11:13 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2016-04-22 11:13 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2016-04-22 11:13 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2016-04-22 11:13 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-04-22 11:13 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-04-22 11:13 - 2014-12-11 13:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2016-04-22 11:13 - 2014-08-11 22:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-04-22 11:13 - 2014-08-11 21:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-04-22 11:13 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-04-22 11:12 - 2015-12-08 17:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-04-22 11:12 - 2015-12-08 17:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-04-22 11:12 - 2015-12-08 17:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-04-22 11:12 - 2015-12-08 17:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-04-22 11:12 - 2015-12-08 17:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-04-22 11:12 - 2015-12-08 17:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-04-22 11:12 - 2015-12-08 17:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-04-22 11:12 - 2015-12-08 17:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-04-22 11:12 - 2015-12-08 17:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-04-22 11:12 - 2015-12-08 17:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-04-22 11:12 - 2015-12-08 17:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-04-22 11:12 - 2015-12-08 17:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-04-22 11:12 - 2015-12-08 17:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-04-22 11:12 - 2015-12-08 17:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-04-22 11:12 - 2015-12-08 17:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-04-22 11:12 - 2015-12-08 17:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-04-22 11:12 - 2015-12-08 17:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-04-22 11:12 - 2015-12-08 17:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-04-22 11:12 - 2015-12-08 17:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-04-22 11:12 - 2015-12-08 17:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-04-22 11:12 - 2015-12-08 17:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-04-22 11:12 - 2015-12-08 17:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-04-22 11:12 - 2015-12-08 17:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-04-22 11:12 - 2015-12-08 17:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-04-22 11:12 - 2015-12-08 17:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-04-22 11:12 - 2015-12-08 17:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-04-22 11:12 - 2015-12-08 17:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-04-22 11:12 - 2015-12-08 17:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-04-22 11:12 - 2015-12-08 17:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-04-22 11:12 - 2015-12-08 17:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-04-22 11:12 - 2015-12-08 17:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-04-22 11:12 - 2015-12-08 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-04-22 11:12 - 2015-12-08 17:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-04-22 11:12 - 2015-12-08 17:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-04-22 11:12 - 2015-12-08 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-04-22 11:12 - 2015-12-08 15:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-04-22 11:12 - 2015-12-08 15:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-04-22 11:12 - 2015-12-08 15:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-04-22 11:12 - 2015-12-08 15:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-04-22 11:12 - 2015-12-08 15:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-04-22 11:12 - 2015-12-08 15:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-04-22 11:12 - 2015-12-08 15:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-04-22 11:12 - 2015-12-08 15:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-04-22 11:12 - 2015-12-08 15:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-04-22 11:12 - 2015-12-08 15:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-04-22 11:12 - 2015-12-08 15:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-04-22 11:12 - 2015-12-08 15:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-04-22 11:12 - 2015-12-08 15:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-04-22 11:12 - 2015-12-08 15:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-04-22 11:12 - 2015-12-08 15:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-04-22 11:12 - 2015-12-08 15:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-04-22 11:12 - 2015-12-08 15:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-04-22 11:12 - 2015-12-08 15:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-04-22 11:12 - 2015-12-08 15:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-04-22 11:12 - 2015-12-08 15:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-04-22 11:12 - 2015-12-08 15:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-04-22 11:12 - 2015-12-08 15:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-04-22 11:12 - 2015-12-08 15:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-04-22 11:12 - 2015-12-08 15:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-04-22 11:12 - 2015-12-08 15:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-04-22 11:12 - 2015-12-08 15:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-04-22 11:12 - 2015-12-08 15:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-04-22 11:12 - 2015-12-08 15:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-04-22 11:12 - 2015-12-08 15:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-04-22 11:12 - 2015-12-08 15:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-04-22 11:12 - 2015-12-08 15:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-04-22 11:12 - 2015-12-08 15:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-04-22 11:12 - 2015-12-08 15:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-04-22 11:12 - 2015-12-08 15:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-04-22 11:12 - 2015-12-08 15:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-04-22 11:12 - 2015-12-08 15:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-04-22 11:12 - 2015-12-08 14:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-04-22 11:12 - 2015-12-08 14:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-04-22 11:12 - 2015-12-08 14:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-04-22 11:12 - 2014-11-10 23:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2016-04-22 11:12 - 2014-11-10 22:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2016-04-22 11:10 - 2016-02-09 05:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-04-22 11:10 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2016-04-22 11:10 - 2014-10-02 22:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-04-22 11:10 - 2014-10-02 22:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-04-22 11:10 - 2014-10-02 22:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-04-22 11:10 - 2014-10-02 22:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-04-22 11:10 - 2014-10-02 22:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-04-22 11:10 - 2014-10-02 21:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-04-22 11:10 - 2014-10-02 21:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-04-22 11:10 - 2014-10-02 21:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-04-22 11:05 - 2016-01-16 15:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-22 11:05 - 2016-01-16 14:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-22 11:04 - 2016-01-22 02:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-04-22 11:04 - 2016-01-22 02:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-04-22 11:04 - 2016-01-22 02:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-22 11:04 - 2016-01-22 02:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-04-22 11:04 - 2016-01-22 02:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-04-22 11:04 - 2016-01-22 02:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-22 11:04 - 2016-01-22 02:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-22 11:04 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-04-22 11:04 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-04-22 11:04 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2016-04-22 11:04 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2016-04-22 11:02 - 2016-02-09 05:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-04-22 11:02 - 2016-02-09 05:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-04-22 11:02 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-04-22 11:02 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-04-22 11:02 - 2016-02-09 05:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-04-22 11:02 - 2016-02-09 05:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-04-22 11:02 - 2016-02-09 05:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-04-22 11:02 - 2016-02-09 05:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-04-22 11:02 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-04-22 11:02 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-04-22 11:02 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-04-22 11:02 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-04-22 11:01 - 2016-03-11 14:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-22 11:01 - 2016-03-11 14:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-22 11:01 - 2015-10-13 00:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-04-22 11:01 - 2014-10-24 21:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2016-04-22 11:01 - 2014-10-24 21:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2016-04-22 11:01 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2016-04-22 11:01 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2016-04-22 11:01 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2016-04-22 11:01 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2016-04-22 11:01 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2016-04-22 11:01 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2016-04-22 11:01 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2016-04-22 10:59 - 2015-12-08 17:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-04-22 10:59 - 2015-12-08 15:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-04-22 10:54 - 2015-11-03 15:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-04-22 10:54 - 2015-11-03 14:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2016-04-22 10:54 - 2014-12-07 23:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2016-04-22 10:54 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2016-04-22 10:53 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-04-22 10:53 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2016-04-22 10:53 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2016-04-22 10:52 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-04-22 10:52 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2016-04-22 07:58 - 2016-04-22 07:58 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-22 07:58 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-04-22 06:10 - 2016-04-22 06:10 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-04-22 06:09 - 2016-04-22 12:25 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-04-22 06:09 - 2016-04-22 06:09 - 00001402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-04-22 06:09 - 2016-04-22 06:09 - 00001390 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-04-22 06:09 - 2016-04-22 06:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-04-22 06:09 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-04-22 05:42 - 2016-04-22 07:58 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-04-22 05:41 - 2016-04-22 05:41 - 00558336 _____ (Safer-Networking Ltd. ) C:\Users\Willis\Downloads\spybot2-license.exe
2016-04-21 22:32 - 2014-02-19 13:27 - 00000000 ____D C:\Users\Default\AppData\Roaming\Adobe
2016-04-21 22:32 - 2014-02-19 13:27 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Adobe
2016-04-21 22:32 - 2014-02-19 13:01 - 00000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2016-04-21 22:32 - 2014-02-19 13:01 - 00000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2016-04-21 22:32 - 2014-02-19 13:01 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2016-04-21 22:32 - 2014-02-19 13:01 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
2016-04-21 22:32 - 2014-02-19 12:59 - 00000000 ____D C:\Users\Default\AppData\Local\Apple
2016-04-21 22:32 - 2014-02-19 12:59 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple
2016-04-21 22:32 - 2014-02-19 12:57 - 00000000 ____D C:\Users\Default\AppData\Local\Adobe
2016-04-21 22:32 - 2014-02-19 12:57 - 00000000 ____D C:\Users\Default User\AppData\Local\Adobe
2016-04-21 22:31 - 2016-04-21 22:31 - 00000000 ____D C:\Windows\CSC
2016-04-21 21:03 - 2016-04-21 21:05 - 07368965 _____ C:\Users\Willis\Downloads\TL-WN722N_V1_140918.zip
2016-04-21 20:39 - 2016-04-21 20:39 - 00002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-21 20:18 - 2016-04-22 20:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-21 20:18 - 2016-04-22 20:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-21 20:18 - 2016-04-22 05:59 - 00000000 ____D C:\Users\Willis\AppData\Local\Google
2016-04-21 20:18 - 2016-04-21 20:39 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-21 20:18 - 2016-04-21 20:18 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-21 20:18 - 2016-04-21 20:18 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-21 20:17 - 2016-04-21 20:18 - 00000000 ____D C:\Users\Willis\AppData\Local\Deployment
2016-04-21 20:17 - 2016-04-21 20:17 - 00058016 _____ C:\Users\Willis\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-21 20:17 - 2016-04-21 20:17 - 00000000 ____D C:\Users\Willis\AppData\Local\Apps\2.0
2016-04-21 18:35 - 2016-04-21 18:35 - 00001416 _____ C:\Users\Willis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-21 18:35 - 2016-04-21 18:35 - 00000000 _SHDL C:\Users\Willis\My Documents
2016-04-21 18:35 - 2016-04-21 18:35 - 00000000 _SHDL C:\Users\Willis\Documents\My Videos
2016-04-21 18:35 - 2016-04-21 18:35 - 00000000 _SHDL C:\Users\Willis\Documents\My Pictures
2016-04-21 18:35 - 2016-04-21 18:35 - 00000000 _SHDL C:\Users\Willis\Documents\My Music
2016-04-21 18:35 - 2016-04-21 18:35 - 00000000 ____D C:\Users\Willis\AppData\Local\VirtualStore
2016-04-21 18:35 - 2016-04-21 18:35 - 00000000 ____D C:\Users\Willis
2016-04-21 18:35 - 2014-02-19 13:27 - 00000000 ____D C:\Users\Willis\AppData\Roaming\Adobe
2016-04-21 18:35 - 2014-02-19 13:01 - 00000000 ____D C:\Users\Willis\AppData\Roaming\Apple Computer
2016-04-21 18:35 - 2014-02-19 13:01 - 00000000 ____D C:\Users\Willis\AppData\Local\Apple Computer
2016-04-21 18:35 - 2014-02-19 12:59 - 00000000 ____D C:\Users\Willis\AppData\Local\Apple
2016-04-21 18:35 - 2014-02-19 12:57 - 00000000 ____D C:\Users\Willis\AppData\Local\Adobe
2016-04-21 18:35 - 2010-11-20 22:50 - 00000020 ___SH C:\Users\Willis\ntuser.ini

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-22 19:15 - 2009-07-14 01:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-22 19:15 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-04-22 19:09 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-22 19:08 - 2009-07-14 00:45 - 00020896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-22 19:08 - 2009-07-14 00:45 - 00020896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-22 17:16 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-04-22 14:26 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-04-22 14:26 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-04-22 14:23 - 2009-07-14 00:45 - 00267672 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-22 14:22 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-04-22 12:43 - 2014-02-19 13:14 - 00773536 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-04-21 18:35 - 2013-10-16 19:04 - 00000000 ____D C:\Windows\Panther
2016-04-20 11:09 - 2009-07-14 01:32 - 00032768 _____ C:\Windows\system32\config\BCD-Template

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-22 10:04

==================== End of FRST.txt ============================

Juliet · Apr 23, 2016

Thank you for the FRST log.

Were you able to run AdwCleaner and Junkware Removal Tool?

here are the logs they create.
AdwCleaner[C1].txt
JRT.txt

WCSWood · Apr 23, 2016

# AdwCleaner v5.112 - Logfile created 23/04/2016 at 08:57:07
# Updated 17/04/2016 by Xplode
# Database : 2016-04-19.5 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : Willis - WILLIS-PC
# Running from : C:\Users\Willis\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

File Found : C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_spybot-search-destroy.en.softonic.com_0.localstorage
File Found : C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_spybot-search-destroy.en.softonic.com_0.localstorage-journal

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [1072 bytes] - [23/04/2016 08:52:58]
C:\AdwCleaner\AdwCleaner[S2].txt - [995 bytes] - [23/04/2016 08:57:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1067 bytes] ##########

WCSWood · Apr 23, 2016

Hey Juliet,
Thanks for your help. I hope that's what you wanted from adwcleaner.
The jrt scan doesn't seem to produce any log just the following:

Checking for update
================================================================
[ ]
[ Junkware Removal Tool (JRT) by Malwarebytes ]
[ Version 8.0.5 (04.20.2016:1) ]
[ Information about this tool can be found at ]
[ www.malwarebytes.org ]
[ ]
[ This software is free to download and use ]
[ ]
[ Please save any unsaved work before proceeding as ]
[ the program will terminate most applications during cleanup ]
[ ]
[ ]
[ ** DISCLAIMER ** ]
[ ]
[ This software is provided "as is" without ]
[ warranty of any kind. You may use this software ]
[ at your own risk. ]
[ ]
[ Click the [X] in the top-right corner of this window ]
[ if you wish to exit. Otherwise, ]
================================================================

Press any key to continue . . .

Creating restore point... SUCCESS
(* ) Processes
(** ) Startup - Logon
(*** ) Startup - Scheduled Tasks
(**** ) Services
(***** ) File System
(****** ) Browsers

Juliet · Apr 23, 2016

Looks like JRT didn't want to run and we do run into that on occasion.

If you can please post
C:\TDSSKiller.3.1.0.9_22.04.2016_19.15.46_log.txt
~~

Open MalwareBytes
click the History tab.
Click Application Logs, look for the first Scan Log.
Click Export, followed by Copy to Clipboard. Paste the log in your next reply.

~~
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

Backup Internet Explorer Favourites
Backup Firefox Bookmarks
Backup Chrome Bookmarks

~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Proceed with the reset once done.

Internet Explorer: How to reset Internet Explorer settings
Firefox: Reset Firefox
[font=helvetica, arial, sans-serif]

[/font]Chrome: Chrome - Reset browser settings

~~~~~~~~~~~~~~~~~~~

Please post those 2 logs and after you reset browsers please let me know what the computer is doing now.

WCSWood · Apr 23, 2016

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.5 (04.20.2016)
Operating System: Windows 7 Professional x64
Ran by Willis (Administrator) on Sat 04/23/2016 at 9:16:03.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 4

Successfully deleted: C:\Users\Willis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NY90UGGB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Willis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R2Q01I8Q (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NY90UGGB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R2Q01I8Q (Temporary Internet Files Folder)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/23/2016 at 9:38:40.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

WCSWood · Apr 23, 2016

I tried JRT one more time and it ran.

WCSWood · Apr 23, 2016

19:15:46.0092 0x1c9c TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
19:15:51.0250 0x1c9c ============================================================
19:15:51.0250 0x1c9c Current date / time: 2016/04/22 19:15:51.0250
19:15:51.0250 0x1c9c SystemInfo:
19:15:51.0250 0x1c9c
19:15:51.0250 0x1c9c OS Version: 6.1.7601 ServicePack: 1.0
19:15:51.0250 0x1c9c Product type: Workstation
19:15:51.0250 0x1c9c ComputerName: WILLIS-PC
19:15:51.0250 0x1c9c UserName: Willis
19:15:51.0250 0x1c9c Windows directory: C:\Windows
19:15:51.0250 0x1c9c System windows directory: C:\Windows
19:15:51.0250 0x1c9c Running under WOW64
19:15:51.0250 0x1c9c Processor architecture: Intel x64
19:15:51.0250 0x1c9c Number of processors: 2
19:15:51.0250 0x1c9c Page size: 0x1000
19:15:51.0250 0x1c9c Boot type: Normal boot
19:15:51.0250 0x1c9c ============================================================
19:15:52.0892 0x1c9c KLMD registered as C:\Windows\system32\drivers\80902796.sys
19:15:53.0110 0x1c9c System UUID: {E0375049-0E6B-C624-7289-74F253477B82}
19:15:53.0480 0x1c9c Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x4EDBB, SectorsPerTrack: 0x2A, TracksPerCylinder: 0x90, Type 'K0', Flags 0x00000040
19:15:53.0480 0x1c9c ============================================================
19:15:53.0480 0x1c9c \Device\Harddisk0\DR0:
19:15:53.0480 0x1c9c MBR partitions:
19:15:53.0480 0x1c9c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xB5C800, BlocksNum 0x73BA9800
19:15:53.0480 0x1c9c ============================================================
19:15:53.0495 0x1c9c C: <-> \Device\Harddisk0\DR0\Partition1
19:15:53.0495 0x1c9c ============================================================
19:15:53.0495 0x1c9c Initialize success
19:15:53.0495 0x1c9c ============================================================
19:15:54.0754 0x1ed0 ============================================================
19:15:54.0754 0x1ed0 Scan started
19:15:54.0754 0x1ed0 Mode: Manual;
19:15:54.0754 0x1ed0 ============================================================
19:15:54.0754 0x1ed0 KSN ping started
19:15:57.0641 0x1ed0 KSN ping finished: true
19:15:58.0344 0x1ed0 ================ Scan system memory ========================
19:15:58.0344 0x1ed0 System memory - ok
19:15:58.0360 0x1ed0 ================ Scan services =============================
19:15:58.0485 0x1ed0 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:15:58.0485 0x1ed0 1394ohci - ok
19:15:58.0516 0x1ed0 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:15:58.0516 0x1ed0 ACPI - ok
19:15:58.0532 0x1ed0 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:15:58.0532 0x1ed0 AcpiPmi - ok
19:15:58.0578 0x1ed0 [ 52AE4EBD1056D598B9A51990B6D829F0, A2D1881885314152CB2BC03F1F7B4498EC06642D5238DEABD2F21E32C69F3F7A ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
19:15:58.0578 0x1ed0 ADIHdAudAddService - ok
19:15:58.0610 0x1ed0 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:15:58.0610 0x1ed0 AdobeARMservice - ok
19:15:58.0625 0x1ed0 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:15:58.0625 0x1ed0 adp94xx - ok
19:15:58.0656 0x1ed0 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:15:58.0656 0x1ed0 adpahci - ok
19:15:58.0656 0x1ed0 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:15:58.0672 0x1ed0 adpu320 - ok
19:15:58.0688 0x1ed0 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:15:58.0688 0x1ed0 AeLookupSvc - ok
19:15:58.0734 0x1ed0 [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys
19:15:58.0734 0x1ed0 AFD - ok
19:15:58.0750 0x1ed0 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
19:15:58.0750 0x1ed0 agp440 - ok
19:15:58.0766 0x1ed0 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
19:15:58.0766 0x1ed0 ALG - ok
19:15:58.0781 0x1ed0 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
19:15:58.0781 0x1ed0 aliide - ok
19:15:58.0781 0x1ed0 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
19:15:58.0781 0x1ed0 amdide - ok
19:15:58.0781 0x1ed0 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:15:58.0781 0x1ed0 AmdK8 - ok
19:15:58.0797 0x1ed0 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:15:58.0797 0x1ed0 AmdPPM - ok
19:15:58.0797 0x1ed0 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:15:58.0797 0x1ed0 amdsata - ok
19:15:58.0812 0x1ed0 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:15:58.0812 0x1ed0 amdsbs - ok
19:15:58.0828 0x1ed0 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:15:58.0828 0x1ed0 amdxata - ok
19:15:58.0828 0x1ed0 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
19:15:58.0828 0x1ed0 AppID - ok
19:15:58.0844 0x1ed0 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:15:58.0844 0x1ed0 AppIDSvc - ok
19:15:58.0859 0x1ed0 [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo C:\Windows\System32\appinfo.dll
19:15:58.0859 0x1ed0 Appinfo - ok
19:15:58.0875 0x1ed0 [ F518545E5B7623AD49ABE7F8776EFA46, CD39B6EC0D80C6DB857F34D4AC5C31085271B51B8851A56FEFC052B20B7CC40C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:15:58.0890 0x1ed0 Apple Mobile Device - ok
19:15:58.0906 0x1ed0 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
19:15:58.0906 0x1ed0 AppMgmt - ok
19:15:58.0906 0x1ed0 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
19:15:58.0922 0x1ed0 arc - ok
19:15:58.0922 0x1ed0 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:15:58.0922 0x1ed0 arcsas - ok
19:15:58.0984 0x1ed0 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:15:58.0984 0x1ed0 aspnet_state - ok
19:15:59.0000 0x1ed0 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:15:59.0000 0x1ed0 AsyncMac - ok

WCSWood · Apr 23, 2016

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/23/2016
Scan Time: 5:21 AM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.23.01
Rootkit Database: v2016.04.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Willis

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 320112
Time Elapsed: 3 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

WCSWood · Apr 23, 2016

Juliet,
I think that's all of it. Will reset browser now.
Know that if I disappear for awhile it's due to what
I've started to think of as "those fellows in India."

WCSWood · Apr 23, 2016

I have clicked the reset settings button and nothing seems to
have changed.

Juliet · Apr 23, 2016

The TDSS log was incomplete, by chance do you recall if it said it had found anything?

Please reboot the computer and try again.

Do you connect through a router?

If you do
Turn your router off, usually a button on the back. Turn your computer off.

Wait maybe 5 minutes, turn your router back on (flip the switch back on), wait for all lights to stop flashing.

Turn your computer back on.

WCSWood · Apr 23, 2016

13:04:46.0005 0x0eb4 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
13:04:50.0950 0x0eb4 ============================================================
13:04:50.0950 0x0eb4 Current date / time: 2016/04/23 13:04:50.0950
13:04:50.0950 0x0eb4 SystemInfo:
13:04:50.0950 0x0eb4
13:04:50.0950 0x0eb4 OS Version: 6.1.7601 ServicePack: 1.0
13:04:50.0950 0x0eb4 Product type: Workstation
13:04:50.0950 0x0eb4 ComputerName: WILLIS-PC
13:04:50.0950 0x0eb4 UserName: Willis
13:04:50.0950 0x0eb4 Windows directory: C:\Windows
13:04:50.0950 0x0eb4 System windows directory: C:\Windows
13:04:50.0950 0x0eb4 Running under WOW64
13:04:50.0950 0x0eb4 Processor architecture: Intel x64
13:04:50.0950 0x0eb4 Number of processors: 2
13:04:50.0950 0x0eb4 Page size: 0x1000
13:04:50.0950 0x0eb4 Boot type: Normal boot
13:04:50.0950 0x0eb4 ============================================================
13:04:53.0852 0x0eb4 KLMD registered as C:\Windows\system32\drivers\61802085.sys
13:04:54.0023 0x0eb4 System UUID: {E0375049-0E6B-C624-7289-74F253477B82}
13:04:54.0538 0x0eb4 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x4EDBB, SectorsPerTrack: 0x2A, TracksPerCylinder: 0x90, Type 'K0', Flags 0x00000040
13:04:54.0538 0x0eb4 ============================================================
13:04:54.0538 0x0eb4 \Device\Harddisk0\DR0:
13:04:54.0538 0x0eb4 MBR partitions:
13:04:54.0538 0x0eb4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xB5C800, BlocksNum 0x73BA9800
13:04:54.0538 0x0eb4 ============================================================
13:04:54.0569 0x0eb4 C: <-> \Device\Harddisk0\DR0\Partition1
13:04:54.0569 0x0eb4 ============================================================
13:04:54.0569 0x0eb4 Initialize success
13:04:54.0569 0x0eb4 ============================================================
13:04:58.0157 0x0970 ============================================================
13:04:58.0157 0x0970 Scan started
13:04:58.0157 0x0970 Mode: Manual;
13:04:58.0157 0x0970 ============================================================
13:04:58.0157 0x0970 KSN ping started
13:04:58.0235 0x0970 KSN ping finished: false
13:04:58.0672 0x0970 ================ Scan system memory ========================
13:04:58.0672 0x0970 System memory - ok
13:04:58.0672 0x0970 ================ Scan services =============================
13:04:58.0766 0x0970 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:04:58.0766 0x0970 1394ohci - ok
13:04:58.0797 0x0970 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:04:58.0797 0x0970 ACPI - ok
13:04:58.0812 0x0970 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:04:58.0812 0x0970 AcpiPmi - ok
13:04:58.0859 0x0970 [ 52AE4EBD1056D598B9A51990B6D829F0, A2D1881885314152CB2BC03F1F7B4498EC06642D5238DEABD2F21E32C69F3F7A ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
13:04:58.0859 0x0970 ADIHdAudAddService - ok
13:04:58.0890 0x0970 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:04:58.0890 0x0970 AdobeARMservice - ok
13:04:58.0906 0x0970 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:04:58.0922 0x0970 adp94xx - ok
13:04:58.0937 0x0970 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:04:58.0937 0x0970 adpahci - ok
13:04:58.0953 0x0970 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:04:58.0953 0x0970 adpu320 - ok
13:04:58.0968 0x0970 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:04:58.0968 0x0970 AeLookupSvc - ok
13:04:59.0000 0x0970 [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys
13:04:59.0015 0x0970 AFD - ok
13:04:59.0031 0x0970 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
13:04:59.0031 0x0970 agp440 - ok
13:04:59.0031 0x0970 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
13:04:59.0031 0x0970 ALG - ok
13:04:59.0031 0x0970 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
13:04:59.0046 0x0970 aliide - ok
13:04:59.0046 0x0970 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
13:04:59.0046 0x0970 amdide - ok
13:04:59.0046 0x0970 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:04:59.0046 0x0970 AmdK8 - ok
13:04:59.0046 0x0970 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
13:04:59.0062 0x0970 AmdPPM - ok
13:04:59.0062 0x0970 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:04:59.0062 0x0970 amdsata - ok
13:04:59.0062 0x0970 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
13:04:59.0078 0x0970 amdsbs - ok
13:04:59.0078 0x0970 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:04:59.0078 0x0970 amdxata - ok
13:04:59.0124 0x0970 [ A9FB80B0BBA6F765F4E691B7AD4963A7, 06BC740AF47ACECEE3707C433357F872EA0D9F2CA1B9FC2489FA3B421A262EF0 ] AppID C:\Windows\system32\drivers\appid.sys
13:04:59.0124 0x0970 AppID - ok
13:04:59.0156 0x0970 [ C47B6624AF9AEE4146743DCB133A159D, 10D1E6C9F972C3A8CC304F38B0A52818A78D70B4AF71F6E22CE1773397FC2AB4 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:04:59.0171 0x0970 AppIDSvc - ok
13:04:59.0187 0x0970 [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo C:\Windows\System32\appinfo.dll
13:04:59.0202 0x0970 Appinfo - ok
13:04:59.0218 0x0970 [ F518545E5B7623AD49ABE7F8776EFA46, CD39B6EC0D80C6DB857F34D4AC5C31085271B51B8851A56FEFC052B20B7CC40C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:04:59.0218 0x0970 Apple Mobile Device - ok
13:04:59.0218 0x0970 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
13:04:59.0234 0x0970 AppMgmt - ok
13:04:59.0234 0x0970 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
13:04:59.0249 0x0970 arc - ok
13:04:59.0249 0x0970 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:04:59.0249 0x0970 arcsas - ok
13:04:59.0296 0x0970 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:04:59.0327 0x0970 aspnet_state - ok
13:04:59.0343 0x0970 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:04:59.0343 0x0970 AsyncMac - ok
13:04:59.0343 0x0970 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
13:04:59.0343 0x0970 atapi - ok
13:04:59.0374 0x0970 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:04:59.0390 0x0970 AudioEndpointBuilder - ok
13:04:59.0405 0x0970 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:04:59.0421 0x0970 AudioSrv - ok
13:04:59.0452 0x0970 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:04:59.0452 0x0970 AxInstSV - ok
13:04:59.0468 0x0970 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
13:04:59.0483 0x0970 b06bdrv - ok
13:04:59.0499 0x0970 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:04:59.0499 0x0970 b57nd60a - ok
13:04:59.0530 0x0970 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
13:04:59.0530 0x0970 BDESVC - ok
13:04:59.0546 0x0970 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
13:04:59.0546 0x0970 Beep - ok
13:04:59.0561 0x0970 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
13:04:59.0577 0x0970 BFE - ok
13:04:59.0624 0x0970 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
13:04:59.0655 0x0970 BITS - ok
13:04:59.0655 0x0970 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
13:04:59.0655 0x0970 blbdrive - ok
13:04:59.0702 0x0970 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:04:59.0717 0x0970 Bonjour Service - ok
13:04:59.0717 0x0970 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:04:59.0717 0x0970 bowser - ok
13:04:59.0717 0x0970 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
13:04:59.0717 0x0970 BrFiltLo - ok
13:04:59.0717 0x0970 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
13:04:59.0733 0x0970 BrFiltUp - ok
13:04:59.0733 0x0970 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
13:04:59.0733 0x0970 Browser - ok
13:04:59.0748 0x0970 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:04:59.0748 0x0970 Brserid - ok
13:04:59.0764 0x0970 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:04:59.0764 0x0970 BrSerWdm - ok
13:04:59.0764 0x0970 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:04:59.0764 0x0970 BrUsbMdm - ok
13:04:59.0780 0x0970 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:04:59.0780 0x0970 BrUsbSer - ok
13:04:59.0780 0x0970 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:04:59.0780 0x0970 BTHMODEM - ok
13:04:59.0795 0x0970 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
13:04:59.0795 0x0970 bthserv - ok
13:04:59.0795 0x0970 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:04:59.0811 0x0970 cdfs - ok
13:04:59.0811 0x0970 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:04:59.0811 0x0970 cdrom - ok
13:04:59.0826 0x0970 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
13:04:59.0826 0x0970 CertPropSvc - ok
13:04:59.0826 0x0970 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
13:04:59.0826 0x0970 circlass - ok
13:04:59.0858 0x0970 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
13:04:59.0873 0x0970 CLFS - ok
13:04:59.0904 0x0970 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:04:59.0904 0x0970 clr_optimization_v2.0.50727_32 - ok
13:04:59.0936 0x0970 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:04:59.0936 0x0970 clr_optimization_v2.0.50727_64 - ok
13:04:59.0982 0x0970 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:05:00.0014 0x0970 clr_optimization_v4.0.30319_32 - ok
13:05:00.0029 0x0970 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:05:00.0045 0x0970 clr_optimization_v4.0.30319_64 - ok
13:05:00.0045 0x0970 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
13:05:00.0045 0x0970 CmBatt - ok
13:05:00.0045 0x0970 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:05:00.0045 0x0970 cmdide - ok
13:05:00.0060 0x0970 [ CA3FB5A6B626D8A00A89E049CF95954E, CD5E3E40972513195108BA46CEC1D0AEA6B09A67EEBDD17EB759BD1729B07C06 ] CNG C:\Windows\system32\Drivers\cng.sys
13:05:00.0076 0x0970 CNG - ok
13:05:00.0092 0x0970 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
13:05:00.0092 0x0970 Compbatt - ok
13:05:00.0107 0x0970 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:05:00.0107 0x0970 CompositeBus - ok
13:05:00.0123 0x0970 COMSysApp - ok
13:05:00.0123 0x0970 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:05:00.0123 0x0970 crcdisk - ok
13:05:00.0170 0x0970 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:05:00.0170 0x0970 CryptSvc - ok
13:05:00.0185 0x0970 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
13:05:00.0201 0x0970 CSC - ok
13:05:00.0232 0x0970 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
13:05:00.0248 0x0970 CscService - ok
13:05:00.0279 0x0970 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:05:00.0279 0x0970 DcomLaunch - ok
13:05:00.0310 0x0970 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
13:05:00.0310 0x0970 defragsvc - ok
13:05:00.0310 0x0970 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:05:00.0310 0x0970 DfsC - ok
13:05:00.0326 0x0970 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
13:05:00.0341 0x0970 Dhcp - ok
13:05:00.0341 0x0970 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
13:05:00.0341 0x0970 discache - ok
13:05:00.0341 0x0970 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
13:05:00.0341 0x0970 Disk - ok
13:05:00.0357 0x0970 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
13:05:00.0357 0x0970 dmvsc - ok
13:05:00.0372 0x0970 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:05:00.0372 0x0970 Dnscache - ok
13:05:00.0388 0x0970 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
13:05:00.0404 0x0970 dot3svc - ok
13:05:00.0419 0x0970 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
13:05:00.0419 0x0970 DPS - ok
13:05:00.0435 0x0970 [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:05:00.0435 0x0970 drmkaud - ok
13:05:00.0466 0x0970 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:05:00.0482 0x0970 DXGKrnl - ok
13:05:00.0497 0x0970 [ 711405DA1FBC40B820DB5A2B4DD939F0, 64B6D59BFF6DD0B8D2177C58A56F5AF719ACD01DD5F598E183C4BB81D949678B ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys
13:05:00.0513 0x0970 e1kexpress - ok
13:05:00.0528 0x0970 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
13:05:00.0528 0x0970 EapHost - ok
13:05:00.0606 0x0970 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
13:05:00.0684 0x0970 ebdrv - ok
13:05:00.0731 0x0970 [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] EFS C:\Windows\System32\lsass.exe
13:05:00.0731 0x0970 EFS - ok
13:05:00.0794 0x0970 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:05:00.0809 0x0970 ehRecvr - ok
13:05:00.0809 0x0970 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
13:05:00.0809 0x0970 ehSched - ok
13:05:00.0840 0x0970 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:05:00.0856 0x0970 elxstor - ok
13:05:00.0856 0x0970 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:05:00.0856 0x0970 ErrDev - ok
13:05:00.0872 0x0970 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
13:05:00.0887 0x0970 EventSystem - ok
13:05:00.0887 0x0970 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
13:05:00.0887 0x0970 exfat - ok
13:05:00.0903 0x0970 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:05:00.0903 0x0970 fastfat - ok
13:05:00.0934 0x0970 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
13:05:00.0950 0x0970 Fax - ok
13:05:00.0965 0x0970 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
13:05:00.0965 0x0970 fdc - ok
13:05:00.0981 0x0970 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
13:05:00.0981 0x0970 fdPHost - ok
13:05:00.0996 0x0970 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
13:05:00.0996 0x0970 FDResPub - ok
13:05:00.0996 0x0970 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:05:00.0996 0x0970 FileInfo - ok
13:05:01.0012 0x0970 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:05:01.0012 0x0970 Filetrace - ok
13:05:01.0012 0x0970 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
13:05:01.0012 0x0970 flpydisk - ok
13:05:01.0028 0x0970 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:05:01.0028 0x0970 FltMgr - ok
13:05:01.0074 0x0970 [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache C:\Windows\system32\FntCache.dll
13:05:01.0090 0x0970 FontCache - ok
13:05:01.0121 0x0970 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:05:01.0121 0x0970 FontCache3.0.0.0 - ok
13:05:01.0121 0x0970 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:05:01.0121 0x0970 FsDepends - ok
13:05:01.0121 0x0970 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:05:01.0137 0x0970 Fs_Rec - ok
13:05:01.0137 0x0970 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:05:01.0137 0x0970 fvevol - ok
13:05:01.0152 0x0970 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:05:01.0152 0x0970 gagp30kx - ok
13:05:01.0168 0x0970 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:05:01.0168 0x0970 GEARAspiWDM - ok
13:05:01.0199 0x0970 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
13:05:01.0215 0x0970 gpsvc - ok
13:05:01.0246 0x0970 [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:05:01.0246 0x0970 gupdate - ok
13:05:01.0262 0x0970 [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:05:01.0262 0x0970 gupdatem - ok
13:05:01.0277 0x0970 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:05:01.0277 0x0970 hcw85cir - ok
13:05:01.0308 0x0970 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:05:01.0308 0x0970 HdAudAddService - ok
13:05:01.0324 0x0970 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:05:01.0324 0x0970 HDAudBus - ok
13:05:01.0324 0x0970 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
13:05:01.0340 0x0970 HidBatt - ok
13:05:01.0340 0x0970 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:05:01.0340 0x0970 HidBth - ok
13:05:01.0355 0x0970 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
13:05:01.0355 0x0970 HidIr - ok
13:05:01.0355 0x0970 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
13:05:01.0355 0x0970 hidserv - ok
13:05:01.0371 0x0970 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:05:01.0371 0x0970 HidUsb - ok
13:05:01.0386 0x0970 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:05:01.0386 0x0970 hkmsvc - ok
13:05:01.0402 0x0970 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:05:01.0402 0x0970 HomeGroupListener - ok
13:05:01.0418 0x0970 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:05:01.0418 0x0970 HomeGroupProvider - ok
13:05:01.0433 0x0970 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:05:01.0433 0x0970 HpSAMD - ok
13:05:01.0464 0x0970 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:05:01.0480 0x0970 HTTP - ok
13:05:01.0480 0x0970 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:05:01.0480 0x0970 hwpolicy - ok
13:05:01.0511 0x0970 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:05:01.0511 0x0970 i8042prt - ok
13:05:01.0527 0x0970 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:05:01.0542 0x0970 iaStorV - ok
13:05:01.0574 0x0970 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:05:01.0605 0x0970 idsvc - ok
13:05:01.0605 0x0970 IEEtwCollectorService - ok
13:05:01.0839 0x0970 [ C6238C6ABD6AC99F5D152DA4E9439A3D, 6FC490B94CEF523C7C099AEA3D36AB75C9896B1D83D4467D237E698A8E0D9E7B ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
13:05:02.0057 0x0970 igfx - ok
13:05:02.0088 0x0970 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:05:02.0088 0x0970 iirsp - ok
13:05:02.0104 0x0970 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
13:05:02.0135 0x0970 IKEEXT - ok
13:05:02.0151 0x0970 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
13:05:02.0151 0x0970 intelide - ok
13:05:02.0166 0x0970 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys
13:05:02.0166 0x0970 intelppm - ok
13:05:02.0166 0x0970 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:05:02.0182 0x0970 IPBusEnum - ok
13:05:02.0198 0x0970 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:05:02.0198 0x0970 IpFilterDriver - ok
13:05:02.0213 0x0970 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:05:02.0229 0x0970 iphlpsvc - ok
13:05:02.0229 0x0970 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:05:02.0229 0x0970 IPMIDRV - ok
13:05:02.0229 0x0970 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:05:02.0244 0x0970 IPNAT - ok
13:05:02.0276 0x0970 [ 7E4F8065367AE5BA387262D57B868DF5, 3D09A778748D30AFD37B23603CCC151B028D505FF3CB7763CE393F6CFAED3A9E ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:05:02.0276 0x0970 iPod Service - ok
13:05:02.0291 0x0970 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:05:02.0291 0x0970 IRENUM - ok
13:05:02.0291 0x0970 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:05:02.0291 0x0970 isapnp - ok
13:05:02.0307 0x0970 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:05:02.0307 0x0970 iScsiPrt - ok
13:05:02.0322 0x0970 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:05:02.0322 0x0970 kbdclass - ok
13:05:02.0322 0x0970 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:05:02.0322 0x0970 kbdhid - ok
13:05:02.0338 0x0970 [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] KeyIso C:\Windows\system32\lsass.exe
13:05:02.0354 0x0970 KeyIso - ok
13:05:02.0385 0x0970 [ B6C2FA7F5E5BC1A488A57C6344D29D64, 857245D664CF9ED8121E2087D73F85DA3FED721484DDC6B51AF6A344EC29A27F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:05:02.0385 0x0970 KSecDD - ok
13:05:02.0400 0x0970 [ FB4397DDCC732DB6A7B33B747C7EB708, AD8B9500AAE12C1507B982B74B86731BE75AFAC7F64538332A380AC43EDEC271 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:05:02.0400 0x0970 KSecPkg - ok
13:05:02.0400 0x0970 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:05:02.0400 0x0970 ksthunk - ok
13:05:02.0447 0x0970 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
13:05:02.0463 0x0970 KtmRm - ok
13:05:02.0463 0x0970 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:05:02.0478 0x0970 LanmanServer - ok
13:05:02.0494 0x0970 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:05:02.0494 0x0970 LanmanWorkstation - ok
13:05:02.0510 0x0970 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:05:02.0510 0x0970 lltdio - ok
13:05:02.0525 0x0970 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:05:02.0541 0x0970 lltdsvc - ok
13:05:02.0556 0x0970 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:05:02.0556 0x0970 lmhosts - ok
13:05:02.0572 0x0970 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:05:02.0572 0x0970 LSI_FC - ok
13:05:02.0572 0x0970 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:05:02.0572 0x0970 LSI_SAS - ok
13:05:02.0588 0x0970 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
13:05:02.0588 0x0970 LSI_SAS2 - ok
13:05:02.0588 0x0970 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:05:02.0588 0x0970 LSI_SCSI - ok
13:05:02.0603 0x0970 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
13:05:02.0603 0x0970 luafv - ok
13:05:02.0634 0x0970 [ 78BFF5425E044086E74E78650A359FBB, 294738C10F3ED933D4EC40EA0659372FCF19A3C6D45D356917438CA495F2CB45 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:05:02.0634 0x0970 MBAMProtector - ok
13:05:02.0712 0x0970 [ 9611577752E293259C7DCE19E9026362, 8CB5DFD63FA15603BB6FA6B501E09ED7F4DE0E8F68CB28B78CECAC3711BEFD24 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
13:05:02.0759 0x0970 MBAMScheduler - ok
13:05:02.0790 0x0970 [ F1A89A34388B5626F1548D393B23ECB1, EA00AC76C4C8C9340753B58A3313C9177A9B98F9F1BDE08F184CD0F53D0C186F ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
13:05:02.0806 0x0970 MBAMService - ok
13:05:02.0853 0x0970 [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
13:05:02.0853 0x0970 MBAMSwissArmy - ok
13:05:02.0853 0x0970 [ 452ACB7A9914398D9E18CCCFFCF92208, 754AF45C19731C356E7E84497B04E0333759AC86DC553BA275EFC09845E43E4D ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
13:05:02.0868 0x0970 MBAMWebAccessControl - ok
13:05:02.0868 0x0970 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:05:02.0884 0x0970 Mcx2Svc - ok
13:05:02.0884 0x0970 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
13:05:02.0884 0x0970 megasas - ok
13:05:02.0900 0x0970 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
13:05:02.0900 0x0970 MegaSR - ok
13:05:02.0915 0x0970 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
13:05:02.0915 0x0970 MMCSS - ok
13:05:02.0931 0x0970 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
13:05:02.0931 0x0970 Modem - ok
13:05:02.0931 0x0970 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:05:02.0946 0x0970 monitor - ok
13:05:02.0946 0x0970 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:05:02.0946 0x0970 mouclass - ok
13:05:02.0946 0x0970 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:05:02.0946 0x0970 mouhid - ok
13:05:02.0978 0x0970 [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:05:02.0978 0x0970 mountmgr - ok
13:05:02.0993 0x0970 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
13:05:02.0993 0x0970 mpio - ok
13:05:02.0993 0x0970 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:05:02.0993 0x0970 mpsdrv - ok
13:05:03.0040 0x0970 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:05:03.0056 0x0970 MpsSvc - ok
13:05:03.0087 0x0970 [ D7ADC2B83CA0B0381F75A98351F72CEE, 05476B7CA0486DF770AE492B5A90C85E3D3E7485152EB2FA30A19EC9BE44ED81 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:05:03.0087 0x0970 MRxDAV - ok
13:05:03.0118 0x0970 [ ACEC16415275E1AD6F7983EF472810E3, E5017E157954F6C21AA66233FF2C1A6B1FF3E4685F26648A8A21F2B9718DD97C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:05:03.0118 0x0970 mrxsmb - ok
13:05:03.0149 0x0970 [ 0F276F2F2018296FABC7BD2BCCAAB40B, 378A36F7282EE9FFEC8A1D5783ECD0A428E0215B1774AAA166C5AA09B3C636F7 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:05:03.0165 0x0970 mrxsmb10 - ok
13:05:03.0212 0x0970 [ 1D4B7972375052F5B7877A6FD9BE33A0, B3FD235F6FE975F1869436ED1215913F0E8EB1123BB252FD221C35AB1121C3F5 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:05:03.0212 0x0970 mrxsmb20 - ok
13:05:03.0212 0x0970 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
13:05:03.0212 0x0970 msahci - ok
13:05:03.0243 0x0970 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:05:03.0243 0x0970 msdsm - ok
13:05:03.0258 0x0970 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
13:05:03.0258 0x0970 MSDTC - ok
13:05:03.0258 0x0970 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:05:03.0258 0x0970 Msfs - ok
13:05:03.0274 0x0970 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:05:03.0274 0x0970 mshidkmdf - ok
13:05:03.0274 0x0970 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:05:03.0274 0x0970 msisadrv - ok
13:05:03.0305 0x0970 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:05:03.0305 0x0970 MSiSCSI - ok
13:05:03.0305 0x0970 msiserver - ok
13:05:03.0336 0x0970 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:05:03.0336 0x0970 MSKSSRV - ok
13:05:03.0336 0x0970 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:05:03.0336 0x0970 MSPCLOCK - ok
13:05:03.0336 0x0970 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:05:03.0336 0x0970 MSPQM - ok
13:05:03.0352 0x0970 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:05:03.0352 0x0970 MsRPC - ok
13:05:03.0352 0x0970 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:05:03.0352 0x0970 mssmbios - ok
13:05:03.0368 0x0970 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:05:03.0368 0x0970 MSTEE - ok
13:05:03.0368 0x0970 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
13:05:03.0368 0x0970 MTConfig - ok
13:05:03.0368 0x0970 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
13:05:03.0368 0x0970 Mup - ok
13:05:03.0399 0x0970 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
13:05:03.0414 0x0970 napagent - ok
13:05:03.0430 0x0970 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:05:03.0446 0x0970 NativeWifiP - ok
13:05:03.0492 0x0970 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:05:03.0524 0x0970 NDIS - ok
13:05:03.0524 0x0970 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:05:03.0524 0x0970 NdisCap - ok
13:05:03.0524 0x0970 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:05:03.0524 0x0970 NdisTapi - ok
13:05:03.0555 0x0970 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:05:03.0570 0x0970 Ndisuio - ok
13:05:03.0570 0x0970 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:05:03.0570 0x0970 NdisWan - ok
13:05:03.0570 0x0970 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:05:03.0586 0x0970 NDProxy - ok
13:05:03.0586 0x0970 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:05:03.0586 0x0970 NetBIOS - ok
13:05:03.0586 0x0970 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:05:03.0602 0x0970 NetBT - ok
13:05:03.0617 0x0970 [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] Netlogon C:\Windows\system32\lsass.exe
13:05:03.0617 0x0970 Netlogon - ok
13:05:03.0648 0x0970 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
13:05:03.0664 0x0970 Netman - ok
13:05:03.0680 0x0970 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:05:03.0711 0x0970 NetMsmqActivator - ok
13:05:03.0711 0x0970 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:05:03.0711 0x0970 NetPipeActivator - ok
13:05:03.0758 0x0970 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
13:05:03.0758 0x0970 netprofm - ok
13:05:03.0773 0x0970 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:05:03.0773 0x0970 NetTcpActivator - ok
13:05:03.0773 0x0970 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:05:03.0773 0x0970 NetTcpPortSharing - ok
13:05:03.0789 0x0970 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:05:03.0789 0x0970 nfrd960 - ok
13:05:03.0820 0x0970 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
13:05:03.0820 0x0970 NlaSvc - ok
13:05:03.0820 0x0970 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:05:03.0836 0x0970 Npfs - ok
13:05:03.0836 0x0970 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
13:05:03.0836 0x0970 nsi - ok
13:05:03.0851 0x0970 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:05:03.0851 0x0970 nsiproxy - ok
13:05:03.0882 0x0970 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:05:03.0914 0x0970 Ntfs - ok
13:05:03.0929 0x0970 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
13:05:03.0929 0x0970 Null - ok
13:05:03.0945 0x0970 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:05:03.0945 0x0970 nvraid - ok
13:05:03.0945 0x0970 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:05:03.0960 0x0970 nvstor - ok
13:05:03.0960 0x0970 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:05:03.0960 0x0970 nv_agp - ok
13:05:03.0960 0x0970 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:05:03.0976 0x0970 ohci1394 - ok
13:05:03.0992 0x0970 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:05:03.0992 0x0970 p2pimsvc - ok
13:05:04.0023 0x0970 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
13:05:04.0023 0x0970 p2psvc - ok
13:05:04.0038 0x0970 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
13:05:04.0038 0x0970 Parport - ok
13:05:04.0038 0x0970 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:05:04.0038 0x0970 partmgr - ok
13:05:04.0070 0x0970 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:05:04.0085 0x0970 PcaSvc - ok
13:05:04.0085 0x0970 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
13:05:04.0085 0x0970 pci - ok
13:05:04.0085 0x0970 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
13:05:04.0085 0x0970 pciide - ok
13:05:04.0116 0x0970 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:05:04.0116 0x0970 pcmcia - ok
13:05:04.0116 0x0970 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
13:05:04.0116 0x0970 pcw - ok
13:05:04.0163 0x0970 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:05:04.0179 0x0970 PEAUTH - ok
13:05:04.0226 0x0970 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:05:04.0257 0x0970 PeerDistSvc - ok
13:05:04.0304 0x0970 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:05:04.0304 0x0970 PerfHost - ok
13:05:04.0350 0x0970 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
13:05:04.0382 0x0970 pla - ok
13:05:04.0413 0x0970 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:05:04.0413 0x0970 PlugPlay - ok
13:05:04.0428 0x0970 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:05:04.0428 0x0970 PNRPAutoReg - ok
13:05:04.0428 0x0970 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:05:04.0444 0x0970 PNRPsvc - ok
13:05:04.0475 0x0970 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:05:04.0491 0x0970 PolicyAgent - ok
13:05:04.0491 0x0970 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
13:05:04.0506 0x0970 Power - ok
13:05:04.0506 0x0970 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:05:04.0522 0x0970 PptpMiniport - ok
13:05:04.0522 0x0970 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
13:05:04.0522 0x0970 Processor - ok
13:05:04.0553 0x0970 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
13:05:04.0553 0x0970 ProfSvc - ok
13:05:04.0569 0x0970 [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] ProtectedStorage C:\Windows\system32\lsass.exe
13:05:04.0569 0x0970 ProtectedStorage - ok
13:05:04.0569 0x0970 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:05:04.0584 0x0970 Psched - ok
13:05:04.0631 0x0970 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:05:04.0662 0x0970 ql2300 - ok
13:05:04.0678 0x0970 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:05:04.0678 0x0970 ql40xx - ok
13:05:04.0709 0x0970 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
13:05:04.0709 0x0970 QWAVE - ok
13:05:04.0725 0x0970 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:05:04.0725 0x0970 QWAVEdrv - ok
13:05:04.0740 0x0970 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:05:04.0740 0x0970 RasAcd - ok
13:05:04.0740 0x0970 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:05:04.0740 0x0970 RasAgileVpn - ok
13:05:04.0772 0x0970 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
13:05:04.0772 0x0970 RasAuto - ok
13:05:04.0772 0x0970 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:05:04.0772 0x0970 Rasl2tp - ok
13:05:04.0818 0x0970 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
13:05:04.0818 0x0970 RasMan - ok
13:05:04.0818 0x0970 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:05:04.0834 0x0970 RasPppoe - ok
13:05:04.0834 0x0970 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:05:04.0834 0x0970 RasSstp - ok
13:05:04.0834 0x0970 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:05:04.0850 0x0970 rdbss - ok
13:05:04.0850 0x0970 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
13:05:04.0850 0x0970 rdpbus - ok
13:05:04.0865 0x0970 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:05:04.0865 0x0970 RDPCDD - ok
13:05:04.0881 0x0970 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:05:04.0881 0x0970 RDPDR - ok
13:05:04.0881 0x0970 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:05:04.0881 0x0970 RDPENCDD - ok
13:05:04.0881 0x0970 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:05:04.0881 0x0970 RDPREFMP - ok
13:05:04.0912 0x0970 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:05:04.0912 0x0970 RdpVideoMiniport - ok
13:05:04.0928 0x0970 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:05:04.0943 0x0970 RDPWD - ok
13:05:04.0943 0x0970 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:05:04.0943 0x0970 rdyboost - ok
13:05:04.0959 0x0970 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:05:04.0974 0x0970 RemoteAccess - ok
13:05:04.0974 0x0970 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:05:04.0974 0x0970 RemoteRegistry - ok
13:05:04.0990 0x0970 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:05:04.0990 0x0970 RpcEptMapper - ok
13:05:05.0006 0x0970 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
13:05:05.0006 0x0970 RpcLocator - ok
13:05:05.0021 0x0970 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
13:05:05.0037 0x0970 RpcSs - ok
13:05:05.0037 0x0970 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:05:05.0037 0x0970 rspndr - ok
13:05:05.0052 0x0970 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:05:05.0052 0x0970 s3cap - ok
13:05:05.0052 0x0970 [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] SamSs C:\Windows\system32\lsass.exe
13:05:05.0052 0x0970 SamSs - ok
13:05:05.0052 0x0970 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:05:05.0052 0x0970 sbp2port - ok
13:05:05.0068 0x0970 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:05:05.0084 0x0970 SCardSvr - ok
13:05:05.0084 0x0970 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:05:05.0084 0x0970 scfilter - ok
13:05:05.0130 0x0970 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll
13:05:05.0146 0x0970 Schedule - ok
13:05:05.0177 0x0970 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:05:05.0177 0x0970 SCPolicySvc - ok
13:05:05.0224 0x0970 [ D9CEBA132B17622C4349AF510348EE3E, 52C02367374467F10EE620924B1E47DD50159DA8EA61683F9742EA6704A501CB ] SDHookDriver C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys
13:05:05.0224 0x0970 SDHookDriver - ok
13:05:05.0240 0x0970 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:05:05.0240 0x0970 SDRSVC - ok
13:05:05.0286 0x0970 [ 2ED9CD42F4E46EF13073847F8924B60C, 01AD75364DED7596C131FF73300BB910555C6901C826A669ABDA4A01D0DD2178 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
13:05:05.0318 0x0970 SDScannerService - ok
13:05:05.0380 0x0970 [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
13:05:05.0411 0x0970 SDUpdateService - ok
13:05:05.0427 0x0970 [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
13:05:05.0427 0x0970 SDWSCService - ok
13:05:05.0427 0x0970 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:05:05.0427 0x0970 secdrv - ok
13:05:05.0458 0x0970 [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon C:\Windows\system32\seclogon.dll
13:05:05.0458 0x0970 seclogon - ok
13:05:05.0474 0x0970 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
13:05:05.0474 0x0970 SENS - ok
13:05:05.0474 0x0970 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:05:05.0489 0x0970 SensrSvc - ok
13:05:05.0489 0x0970 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
13:05:05.0489 0x0970 Serenum - ok
13:05:05.0489 0x0970 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
13:05:05.0505 0x0970 Serial - ok
13:05:05.0505 0x0970 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:05:05.0505 0x0970 sermouse - ok
13:05:05.0520 0x0970 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
13:05:05.0520 0x0970 SessionEnv - ok
13:05:05.0536 0x0970 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:05:05.0536 0x0970 sffdisk - ok
13:05:05.0536 0x0970 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:05:05.0536 0x0970 sffp_mmc - ok
13:05:05.0536 0x0970 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:05:05.0536 0x0970 sffp_sd - ok
13:05:05.0552 0x0970 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:05:05.0552 0x0970 sfloppy - ok
13:05:05.0567 0x0970 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:05:05.0567 0x0970 SharedAccess - ok
13:05:05.0583 0x0970 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:05:05.0598 0x0970 ShellHWDetection - ok
13:05:05.0598 0x0970 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
13:05:05.0614 0x0970 SiSRaid2 - ok
13:05:05.0614 0x0970 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:05:05.0614 0x0970 SiSRaid4 - ok
13:05:05.0630 0x0970 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:05:05.0630 0x0970 Smb - ok
13:05:05.0645 0x0970 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:05:05.0645 0x0970 SNMPTRAP - ok
13:05:05.0645 0x0970 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
13:05:05.0645 0x0970 spldr - ok
13:05:05.0661 0x0970 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
13:05:05.0676 0x0970 Spooler - ok
13:05:05.0770 0x0970 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
13:05:05.0848 0x0970 sppsvc - ok
13:05:05.0864 0x0970 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:05:05.0864 0x0970 sppuinotify - ok
13:05:05.0879 0x0970 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:05:05.0879 0x0970 srv - ok
13:05:05.0910 0x0970 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:05:05.0910 0x0970 srv2 - ok
13:05:05.0926 0x0970 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:05:05.0926 0x0970 srvnet - ok
13:05:05.0942 0x0970 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:05:05.0942 0x0970 SSDPSRV - ok
13:05:05.0942 0x0970 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:05:05.0942 0x0970 SstpSvc - ok
13:05:05.0957 0x0970 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
13:05:05.0957 0x0970 stexstor - ok
13:05:05.0973 0x0970 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
13:05:05.0988 0x0970 stisvc - ok
13:05:06.0004 0x0970 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:05:06.0004 0x0970 storflt - ok
13:05:06.0020 0x0970 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
13:05:06.0020 0x0970 StorSvc - ok
13:05:06.0020 0x0970 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:05:06.0020 0x0970 storvsc - ok
13:05:06.0035 0x0970 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
13:05:06.0035 0x0970 swenum - ok
13:05:06.0051 0x0970 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
13:05:06.0066 0x0970 swprv - ok
13:05:06.0129 0x0970 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
13:05:06.0160 0x0970 SysMain - ok
13:05:06.0191 0x0970 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:05:06.0191 0x0970 TabletInputService - ok
13:05:06.0207 0x0970 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
13:05:06.0222 0x0970 TapiSrv - ok
13:05:06.0222 0x0970 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
13:05:06.0238 0x0970 TBS - ok
13:05:06.0300 0x0970 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:05:06.0347 0x0970 Tcpip - ok
13:05:06.0394 0x0970 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:05:06.0425 0x0970 TCPIP6 - ok
13:05:06.0441 0x0970 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:05:06.0441 0x0970 tcpipreg - ok
13:05:06.0456 0x0970 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:05:06.0456 0x0970 TDPIPE - ok
13:05:06.0472 0x0970 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:05:06.0472 0x0970 TDTCP - ok
13:05:06.0488 0x0970 [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:05:06.0488 0x0970 tdx - ok
13:05:06.0503 0x0970 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
13:05:06.0503 0x0970 TermDD - ok
13:05:06.0503 0x0970 [ EF4469AB69EB15E5D3754E6AEAFBCD3D, 3609214C3D5181364B544EBF17E9A109952BE1C4C35BE0A8727BFA8F49ECB130 ] terminpt C:\Windows\system32\drivers\terminpt.sys
13:05:06.0503 0x0970 terminpt - ok
13:05:06.0534 0x0970 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
13:05:06.0566 0x0970 TermService - ok
13:05:06.0566 0x0970 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
13:05:06.0581 0x0970 Themes - ok
13:05:06.0581 0x0970 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
13:05:06.0581 0x0970 THREADORDER - ok
13:05:06.0597 0x0970 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
13:05:06.0597 0x0970 TrkWks - ok
13:05:06.0644 0x0970 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:05:06.0659 0x0970 TrustedInstaller - ok
13:05:06.0675 0x0970 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:05:06.0675 0x0970 tssecsrv - ok
13:05:06.0690 0x0970 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:05:06.0690 0x0970 TsUsbFlt - ok
13:05:06.0690 0x0970 [ D34789988234DCC8FA55FA9A485AF0EC, 5C1A77EFA23261F5F9C971A12145CA6AC701723A94B6A8AE9BE95EEDD3C02919 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
13:05:06.0690 0x0970 TsUsbGD - ok
13:05:06.0722 0x0970 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:05:06.0722 0x0970 tunnel - ok
13:05:06.0722 0x0970 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:05:06.0722 0x0970 uagp35 - ok
13:05:06.0737 0x0970 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:05:06.0737 0x0970 udfs - ok
13:05:06.0753 0x0970 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:05:06.0753 0x0970 UI0Detect - ok
13:05:06.0753 0x0970 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:05:06.0753 0x0970 uliagpkx - ok
13:05:06.0768 0x0970 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:05:06.0768 0x0970 umbus - ok
13:05:06.0768 0x0970 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
13:05:06.0768 0x0970 UmPass - ok
13:05:06.0784 0x0970 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
13:05:06.0784 0x0970 UmRdpService - ok
13:05:06.0800 0x0970 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
13:05:06.0800 0x0970 upnphost - ok
13:05:06.0831 0x0970 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\System32\Drivers\usbaapl64.sys
13:05:06.0831 0x0970 USBAAPL64 - ok
13:05:06.0846 0x0970 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:05:06.0846 0x0970 usbccgp - ok
13:05:06.0846 0x0970 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:05:06.0846 0x0970 usbcir - ok
13:05:06.0846 0x0970 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
13:05:06.0846 0x0970 usbehci - ok
13:05:06.0862 0x0970 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\drivers\usbhub.sys
13:05:06.0862 0x0970 usbhub - ok
13:05:06.0878 0x0970 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:05:06.0878 0x0970 usbohci - ok
13:05:06.0878 0x0970 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
13:05:06.0878 0x0970 usbprint - ok
13:05:06.0909 0x0970 [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
13:05:06.0924 0x0970 USBSTOR - ok
13:05:06.0924 0x0970 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:05:06.0924 0x0970 usbuhci - ok
13:05:06.0940 0x0970 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
13:05:06.0940 0x0970 UxSms - ok
13:05:06.0971 0x0970 [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] VaultSvc C:\Windows\system32\lsass.exe
13:05:06.0971 0x0970 VaultSvc - ok
13:05:06.0987 0x0970 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:05:06.0987 0x0970 vdrvroot - ok
13:05:07.0018 0x0970 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
13:05:07.0018 0x0970 vds - ok
13:05:07.0034 0x0970 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:05:07.0034 0x0970 vga - ok
13:05:07.0034 0x0970 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:05:07.0034 0x0970 VgaSave - ok
13:05:07.0049 0x0970 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:05:07.0065 0x0970 vhdmp - ok
13:05:07.0065 0x0970 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
13:05:07.0065 0x0970 viaide - ok
13:05:07.0065 0x0970 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:05:07.0080 0x0970 vmbus - ok
13:05:07.0080 0x0970 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:05:07.0080 0x0970 VMBusHID - ok
13:05:07.0096 0x0970 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:05:07.0096 0x0970 volmgr - ok
13:05:07.0096 0x0970 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:05:07.0112 0x0970 volmgrx - ok
13:05:07.0127 0x0970 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:05:07.0127 0x0970 volsnap - ok
13:05:07.0143 0x0970 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:05:07.0143 0x0970 vsmraid - ok
13:05:07.0190 0x0970 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
13:05:07.0236 0x0970 VSS - ok
13:05:07.0236 0x0970 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:05:07.0236 0x0970 vwifibus - ok
13:05:07.0252 0x0970 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
13:05:07.0268 0x0970 W32Time - ok
13:05:07.0268 0x0970 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:05:07.0268 0x0970 WacomPen - ok
13:05:07.0283 0x0970 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:05:07.0283 0x0970 WANARP - ok
13:05:07.0283 0x0970 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:05:07.0283 0x0970 Wanarpv6 - ok
13:05:07.0346 0x0970 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:05:07.0377 0x0970 WatAdminSvc - ok
13:05:07.0408 0x0970 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
13:05:07.0439 0x0970 wbengine - ok
13:05:07.0455 0x0970 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:05:07.0455 0x0970 WbioSrvc - ok
13:05:07.0470 0x0970 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:05:07.0470 0x0970 wcncsvc - ok
13:05:07.0486 0x0970 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:05:07.0502 0x0970 WcsPlugInService - ok
13:05:07.0502 0x0970 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
13:05:07.0502 0x0970 Wd - ok
13:05:07.0517 0x0970 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:05:07.0533 0x0970 Wdf01000 - ok
13:05:07.0533 0x0970 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:05:07.0533 0x0970 WdiServiceHost - ok
13:05:07.0548 0x0970 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:05:07.0548 0x0970 WdiSystemHost - ok
13:05:07.0564 0x0970 [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\Windows\System32\webclnt.dll
13:05:07.0580 0x0970 WebClient - ok
13:05:07.0595 0x0970 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:05:07.0595 0x0970 Wecsvc - ok
13:05:07.0595 0x0970 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:05:07.0611 0x0970 wercplsupport - ok
13:05:07.0611 0x0970 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
13:05:07.0611 0x0970 WerSvc - ok
13:05:07.0611 0x0970 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:05:07.0611 0x0970 WfpLwf - ok
13:05:07.0626 0x0970 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:05:07.0626 0x0970 WIMMount - ok
13:05:07.0626 0x0970 WinDefend - ok
13:05:07.0642 0x0970 WinHttpAutoProxySvc - ok
13:05:07.0673 0x0970 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:05:07.0673 0x0970 Winmgmt - ok
13:05:07.0736 0x0970 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
13:05:07.0798 0x0970 WinRM - ok
13:05:07.0829 0x0970 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:05:07.0860 0x0970 Wlansvc - ok
13:05:07.0860 0x0970 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:05:07.0860 0x0970 WmiAcpi - ok
13:05:07.0876 0x0970 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:05:07.0876 0x0970 wmiApSrv - ok
13:05:07.0892 0x0970 WMPNetworkSvc - ok
13:05:07.0892 0x0970 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:05:07.0892 0x0970 WPCSvc - ok
13:05:07.0907 0x0970 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:05:07.0907 0x0970 WPDBusEnum - ok
13:05:07.0923 0x0970 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:05:07.0923 0x0970 ws2ifsl - ok
13:05:07.0938 0x0970 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
13:05:07.0938 0x0970 wscsvc - ok
13:05:07.0938 0x0970 WSearch - ok
13:05:08.0016 0x0970 [ 86F11B85102AFA6A1A6101DCE2F09386, 68A0F0E628C8F33FDAC114876DA8ED14776DD74E80AC5A6A52257E19DE011091 ] wuauserv C:\Windows\system32\wuaueng.dll
13:05:08.0063 0x0970 wuauserv - ok
13:05:08.0079 0x0970 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:05:08.0079 0x0970 WudfPf - ok
13:05:08.0094 0x0970 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:05:08.0094 0x0970 wudfsvc - ok
13:05:08.0126 0x0970 [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc C:\Windows\System32\wwansvc.dll
13:05:08.0126 0x0970 WwanSvc - ok
13:05:08.0126 0x0970 ================ Scan global ===============================
13:05:08.0157 0x0970 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
13:05:08.0188 0x0970 [ 841BF993597DCD498247684B5D3AE845, B80FDDE2F36F7DC9BCE253FFE0148C918DC3DD4357F37761B364DE7B887239EA ] C:\Windows\system32\winsrv.dll
13:05:08.0204 0x0970 [ 841BF993597DCD498247684B5D3AE845, B80FDDE2F36F7DC9BCE253FFE0148C918DC3DD4357F37761B364DE7B887239EA ] C:\Windows\system32\winsrv.dll
13:05:08.0219 0x0970 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
13:05:08.0235 0x0970 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
13:05:08.0250 0x0970 [ Global ] - ok
13:05:08.0250 0x0970 ================ Scan MBR ==================================
13:05:08.0282 0x0970 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:05:08.0453 0x0970 \Device\Harddisk0\DR0 - ok
13:05:08.0453 0x0970 ================ Scan VBR ==================================
13:05:08.0453 0x0970 [ C254F77E8FF7F6C4724C26A0A0BB81DD ] \Device\Harddisk0\DR0\Partition1
13:05:08.0500 0x0970 \Device\Harddisk0\DR0\Partition1 - ok
13:05:08.0500 0x0970 ================ Scan generic autorun ======================
13:05:08.0547 0x0970 [ 87A4570E9D15A2821015B7FB6B821654, BDF5266905DC3F9ED0DBE41798D9907FC9E8D030DD5C28975BBF9BFD8BD9DA71 ] C:\Windows\system32\igfxtray.exe
13:05:08.0547 0x0970 IgfxTray - ok
13:05:08.0562 0x0970 [ 842683D8F1A58A76E5A03DA35B4962EE, 7D1B1918D69566694D7D0E82A8A1C7537A5C3A1533DC80F60FE212DD2DBC6099 ] C:\Windows\system32\hkcmd.exe
13:05:08.0578 0x0970 HotKeysCmds - ok
13:05:08.0594 0x0970 [ 99F8C1060BFB20D2039716BBF741D6C2, 8C578E288D88697E88AB9BEAE79D33AF23AD6176D830D5916BD2DD42EC6FADC5 ] C:\Windows\system32\igfxpers.exe
13:05:08.0594 0x0970 Persistence - ok
13:05:08.0640 0x0970 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
13:05:08.0640 0x0970 Adobe ARM - ok
13:05:08.0672 0x0970 [ B4E6C1B28AF8806008CB654C716ABAFA, A42929D47D6D77D0A4B2BDAB61F11B2D5CAB0DE1AECEF29AE37BBF47E076BDB5 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
13:05:08.0672 0x0970 iTunesHelper - ok
13:05:08.0718 0x0970 [ E8EF46E036A0A01F175B013DA4537E15, 554EDDB02A52ADD1A80DA260E90F1ABC8D083A49B933B6C311DF284F130B081E ] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
13:05:08.0734 0x0970 SoundMAXPnP - ok
13:05:08.0843 0x0970 [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
13:05:08.0890 0x0970 SDTray - ok
13:05:08.0937 0x0970 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:05:08.0968 0x0970 Sidebar - ok
13:05:08.0984 0x0970 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:05:08.0984 0x0970 mctadmin - ok
13:05:09.0015 0x0970 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:05:09.0030 0x0970 Sidebar - ok
13:05:09.0030 0x0970 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:05:09.0030 0x0970 mctadmin - ok
13:05:09.0062 0x0970 [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
13:05:09.0077 0x0970 SpybotPostWindows10UpgradeReInstall - ok
13:05:09.0186 0x0970 AV detected via SS2: Spybot - Search and Destroy, C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe ( 2.3.39.0 ), 0x61000 ( enabled : updated )
13:05:09.0233 0x0970 Win FW state via NFP2: enabled ( trusted )
13:05:09.0233 0x0970 ============================================================
13:05:09.0233 0x0970 Scan finished
13:05:09.0233 0x0970 ============================================================
13:05:09.0233 0x0d4c Detected object count: 0
13:05:09.0233 0x0d4c Actual detected object count: 0
13:06:17.0109 0x0d94 Deinitialize success

WCSWood · Apr 23, 2016

I did as you instructed. Rebooted and ran a new scan and
power cycled the modem and router as per your instructions.

WCSWood · Apr 23, 2016

Also, I do not recall the results of the previous scan.

Juliet · Apr 23, 2016

Have the fake tech support screens returned?

WCSWood · Apr 23, 2016

I have not lost internet all day. I have been having this problem for
many weeks, maybe a month or more now. Sometimes I don't get
any interruption for several days and I think the problem is solved.
Then I thought it was my old computer not being able to update or
something, so I got a new (refurbished) one and the instant I plugged
it in there was the fake screen. I don't see how anything I've done
here with these logs could have fixed anything today though. Am I
missing something? Also, if it is fixed or gets fixed can I still transfer
files from the old unit? Just some music.

Juliet · Apr 23, 2016

WCSWood said:
I have not lost internet all day. I have been having this problem for many weeks, maybe a month or more now. Sometimes I don't get any interruption for several days and I think the problem is solved.
Then I thought it was my old computer not being able to update or something, so I got a new (refurbished) one and the instant I plugged it in there was the fake screen. I don't see how anything I've done here with these logs could have fixed anything today though. Am I missing something? Also, if it is fixed or gets fixed can I still transfer files from the old unit? Just some music.

I have to make sure I understand all this.

Loosing internet connection can also be a problem from your Internet Service Provider, have you checked with them to see if there is a problem at their end?

(refurbished) one and the instant I plugged it in there was the fake screen <-- it could had been shipped out with the infection, no good way to tell and could be why they wanted to sell , so many different variables there.

I don't see how anything I've done here with these logs could have fixed anything today though. Am I missing something? <--I don't think your missing anything.
What we're trying to do is track down and find anything thats malicious/malware thats causing problems.

Also, if it is fixed or gets fixed can I still transfer files from the old unit? Just some music. <-- You should be able to.

~~~~~~~~~~~`

What we can do now is run an online scan with Eset, a good trusted scanner, reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link.
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click

. If no threats were found, skip the next two bullet points.
Click

and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to

and click

.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

Router infected? Seeking assistance with a fake tech support hijack

New member

Attachments

Security Expert-emeritus

New member

Security Expert-emeritus

New member

New member

Security Expert-emeritus

New member

New member

New member

New member

New member

New member

Security Expert-emeritus

New member

New member

New member

Security Expert-emeritus

New member

Security Expert-emeritus