Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can somebody unhac this rooting tooting rootkit [Closed]


  • This topic is locked This topic is locked

#1
luvdacowboys2011

luvdacowboys2011

    Member

  • Member
  • PipPip
  • 52 posts
I been fighting this since the last time I was on here.....back in 2010 and many computers, iphones trashed along with write protected usb downloaders from clearwire (where it all started) with a big fat Trojan in it.......! Computer shutsdown on its own, a 2 TB removable drive I cannot remove with nasty looking files from another/different OS, cd/rom drive has a mind of its own like its remotely controlled, every file (antivirus, rootkit I try says it comes from another computer! Tried Hirens, UBCD etc and rarely detects anything except GMER is about the only one! It has something to do with sound and video and also have a usb keyboard along with a mouse in device manager. PLEEEEEEEASE give me a look.....$$$$$! Tired of my emails, computers, phones etc being compromised. I attached a pic of the removable drive also. Thanks in advance!


First OTL run is split in 3 sections

Attached Thumbnails

  • 1961366_748473771832462_1671501498_n.jpg
  • IMG_20140228_023714.jpg

Attached Files


Edited by luvdacowboys2011, 07 March 2014 - 01:16 PM.

  • 0

Advertisements


#2
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hello and welcome to the Geeks to Go Virus, Spyware & Malware Removal forum. My name is Josh and I will be helping you remove your infection. I am only human not superman - I can make errors but will do my best to help you as best I can so we can solve your problems. If you have since resolved the original problem you were having, I would appreciate you letting me know. Please include a clear description of the problems you're having along with any steps you may have performed so far if you haven't already.

Some of the following instructions to begin the malware removal process can be hard to follow - let me know if you have any questions. Please read all of my responses through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. Also please do not attempt any disinfection procedures without my instruction as things can go wrong that way or lengthen the time it takes to disinfect your computer. Also please follow your topic to conclusion or your system may not be completely clean, and it will be more vulnerable to future infections.

Throughout our interactions I will be using canned speeches. These are premade speeches for different scenarios we will encounter. If you find errors like bad links in my canned speeches please let me know so I can fix them.

Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.

One more thing - please refrain from using your computer until it is disinfected unless you absolutely have to (unless you are following my disinfection procedures) - if you do have to use your computer please disconnect it from the Internet - that way the current malware cannot propagate further infections.

Expect no more than 36 hours between your post and my response unless World War 3 breaks out and I will need at most 48 hours for initial analysis of your OTL log. Good luck! After 4 days if a topic is not replied to we assume it has been abandoned and it is closed.

The first step is to get an OTL and aswMBR log by doing the following. Then we can begin disinfection. Please do the following:

Step 1

  • Download OTL from here
  • Double click OTL Posted Image to run it. Make sure all other windows are closed to let it run uninterrupted.
  • Select the Scan All Users box in the middle on the top of the window
  • Under the Custom Scans/Fixes box paste this in:

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    WSHELPER.*
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    dir C:\ /S /A:L /C
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. If you have already run OTL it won't open Extras.txt but Extras.txt will be in the same place as the new OTL.txt so simply open it manually.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Step 2

  • Download aswMBR.exe ( 1870KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • It will ask you if you want to download the latest Avast! virus definitions, answer yes

    Posted Image
  • Click the Scan button to start scan

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply

Things to see in your next log:
OTL.txt
Extras.txt
aswMBR log

  • 0

#3
luvdacowboys2011

luvdacowboys2011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Here is the otl scan minus the extra txt report which was never produced. The ASMBR scan stops working after finding c:\windows\system32\qmgr.dll (bits hidden service). I cannot get into safe mode to do another. Issues are endless from updates wont install, many browser pop ups, cd-rom acts crazy, sometimes I wonder if this machine is virtualized lol because I get a lot of "i'm not the administrator" even though im the only "known" account!? waitin on further instructions. Thanks for your time and help!

OTL logfile created on: 3/8/2014 2:17:05 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bf\AppData\Local\Microsoft\Windows\INetCache\IE\ANWVCRQJ
64bit- Enterprise Edition (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.47 Gb Total Physical Memory | 4.61 Gb Available Physical Memory | 84.25% Memory free
7.04 Gb Paging File | 6.15 Gb Available in Paging File | 87.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.42 Gb Total Space | 446.76 Gb Free Space | 95.99% Space Free | Partition Type: NTFS

Computer Name: BB | User Name: bf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/08 14:15:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bf\AppData\Local\Microsoft\Windows\INetCache\IE\ANWVCRQJ\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2014/01/15 06:30:12 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/01/15 06:30:12 | 000,263,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/01/15 06:28:44 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/01/15 06:25:30 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/01/15 06:25:30 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/01/15 06:22:07 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/01/15 06:22:07 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/01/15 06:22:06 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/01/15 06:18:43 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/01/15 06:17:50 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/12/13 10:23:32 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/12/06 16:06:06 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/08/22 11:12:15 | 000,183,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2013/08/22 11:12:13 | 000,090,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV:64bit: - [2013/08/22 04:32:01 | 000,346,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013/08/22 04:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/22 04:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 03:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 03:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 03:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 03:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 03:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 02:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 02:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/08/22 02:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 01:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2013/08/22 01:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 01:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 01:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 01:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 01:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 01:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 01:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2013/08/22 01:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/08/22 01:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 01:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2014/01/15 06:22:05 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/08/22 04:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/21 19:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 18:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/01/15 06:28:44 | 000,372,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/01/15 06:28:44 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/01/15 06:28:44 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014/01/15 06:28:44 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/01/15 06:28:44 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/01/15 06:25:28 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2014/01/15 06:22:05 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/01/15 06:22:05 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/01/15 06:22:05 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2014/01/15 06:16:59 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/12/13 10:23:36 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/12/13 10:23:36 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/09/19 23:05:02 | 000,059,648 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2.0)
DRV:64bit: - [2013/08/22 11:12:18 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)
DRV:64bit: - [2013/08/22 11:12:15 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/08/22 11:11:58 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:64bit: - [2013/08/22 11:11:58 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2013/08/22 11:11:58 | 000,111,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2013/08/22 11:11:58 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2013/08/22 11:11:58 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2013/08/22 11:11:58 | 000,056,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2013/08/22 11:11:58 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 05:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 05:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 04:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 04:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 04:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 04:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 04:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/08/22 04:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 04:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 04:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 04:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 04:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 04:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 04:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 04:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 04:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 04:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 04:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 04:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 04:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 04:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 04:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 04:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/08/22 04:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 04:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/08/22 04:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 04:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 04:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 04:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 04:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2013/08/22 04:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2013/08/22 04:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2013/08/22 04:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 04:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 04:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 04:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/08/22 04:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013/08/22 04:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/08/22 03:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 03:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 03:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/08/22 03:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 03:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 03:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 03:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 03:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 03:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 03:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 03:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 03:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 03:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 03:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 03:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 03:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 03:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 03:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 03:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 03:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 03:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 03:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 03:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 00:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/19 12:32:10 | 000,032,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Thotkey.sys -- (Thotkey)
DRV:64bit: - [2013/08/15 01:13:32 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2013/08/12 15:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 16:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/31 10:25:43 | 001,936,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2013/07/30 10:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 11:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\..\SearchScopes,DefaultScope =






IE - HKU\S-1-5-21-2328696899-888702991-1813880416-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2328696899-888702991-1813880416-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
IE - HKU\S-1-5-21-2328696899-888702991-1813880416-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2328696899-888702991-1813880416-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CD DB A6 96 5D 3A CF 01 [binary data]
IE - HKU\S-1-5-21-2328696899-888702991-1813880416-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2328696899-888702991-1813880416-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




O1 HOSTS File: ([2014/03/07 03:16:03 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AECF2EAD-69BE-4725-9EC9-45191D811E97}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (UserInit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: lfsvc - C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs:64bit: MsKeyboardFilter - C:\Windows\SysNative\KeyboardFilterSvc.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/03/08 14:15:57 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\bf\Desktop\aswMBR.exe
[2014/03/07 15:35:58 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Roaming\vlc
[2014/03/07 15:35:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2014/03/07 10:12:54 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Roaming\OpenOffice
[2014/03/07 10:09:00 | 000,000,000 | --SD | C] -- C:\Users\bf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
[2014/03/07 10:08:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice 4
[2014/03/07 02:46:32 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Local\AMD
[2014/03/07 02:46:18 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Roaming\ATI
[2014/03/07 02:46:18 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Local\ATI
[2014/03/07 02:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2014/03/07 02:44:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/06 10:42:01 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Roaming\Malwarebytes
[2014/03/06 10:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/03/06 10:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/06 10:41:46 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/03/06 10:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/03/06 10:41:32 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Local\Programs
[2014/03/06 10:33:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2014/03/06 10:33:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced Micro Devices, Inc
[2014/03/06 10:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2014/03/06 10:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2014/03/06 10:32:22 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2014/03/06 10:32:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2014/03/06 10:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/03/06 10:31:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2014/03/06 10:31:27 | 000,000,000 | ---D | C] -- C:\AMD
[2014/03/06 10:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2014/03/06 10:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2014/03/06 09:51:50 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Roaming\Macromedia
[2014/03/06 09:09:24 | 000,000,000 | R--D | C] -- C:\Users\bf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/03/06 09:09:24 | 000,000,000 | R--D | C] -- C:\Users\bf\Searches
[2014/03/06 09:09:24 | 000,000,000 | R--D | C] -- C:\Users\bf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/03/06 09:09:24 | 000,000,000 | -H-D | C] -- C:\Users\bf\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/03/06 09:09:23 | 000,000,000 | R--D | C] -- C:\Users\bf\Contacts
[2014/03/06 09:09:08 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Roaming\Adobe
[2014/03/06 09:09:07 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Local\VirtualStore
[2014/03/06 09:09:03 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Local\Packages
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\AppData\Local\Temporary Internet Files
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\Templates
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\Start Menu
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\SendTo
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\Recent
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\PrintHood
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\NetHood
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\Documents\My Videos
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\Documents\My Pictures
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\Documents\My Music
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\My Documents
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\Local Settings
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\AppData\Local\History
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\Cookies
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\Application Data
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\AppData\Local\Application Data
[2014/03/06 09:08:51 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Local\Temp
[2014/03/06 09:08:51 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Local\Microsoft
[2014/03/06 09:08:50 | 000,000,000 | --SD | C] -- C:\Users\bf\AppData\Roaming\Microsoft
[2014/03/06 09:08:50 | 000,000,000 | R--D | C] -- C:\Users\bf\Videos
[2014/03/06 09:08:50 | 000,000,000 | R--D | C] -- C:\Users\bf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014/03/06 09:08:50 | 000,000,000 | R--D | C] -- C:\Users\bf\Saved Games
[2014/03/06 09:08:50 | 000,000,000 | R--D | C] -- C:\Users\bf\Pictures
[2014/03/06 09:08:50 | 000,000,000 | R--D | C] -- C:\Users\bf\Music
[2014/03/06 09:08:50 | 000,000,000 | R--D | C] -- C:\Users\bf\Links
[2014/03/06 09:08:50 | 000,000,000 | R--D | C] -- C:\Users\bf\Favorites
[2014/03/06 09:08:50 | 000,000,000 | R--D | C] -- C:\Users\bf\Downloads
[2014/03/06 09:08:50 | 000,000,000 | R--D | C] -- C:\Users\bf\Documents
[2014/03/06 09:08:50 | 000,000,000 | R--D | C] -- C:\Users\bf\Desktop
[2014/03/06 09:08:50 | 000,000,000 | R--D | C] -- C:\Users\bf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/03/06 09:08:50 | 000,000,000 | R--D | C] -- C:\Users\bf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014/03/06 09:08:50 | 000,000,000 | -H-D | C] -- C:\Users\bf\AppData
[2014/03/06 09:08:50 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/03/06 09:08:50 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2014/03/06 09:08:23 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/03/06 09:04:35 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2014/03/06 09:03:53 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2014/03/06 09:03:25 | 000,000,000 | ---D | C] -- C:\Windows\Panther

========== Files - Modified Within 30 Days ==========

[2014/03/08 14:16:26 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\bf\Desktop\aswMBR.exe
[2014/03/07 18:22:51 | 000,360,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/07 18:22:41 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/03/07 18:22:20 | 407,990,271 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/07 10:09:01 | 000,001,200 | ---- | M] () -- C:\Users\bf\Desktop\OpenOffice 4.0.1.lnk
[2014/03/07 09:33:04 | 000,003,773 | ---- | M] () -- C:\Users\bf\Desktop\BFresume2.rtf
[2014/03/07 08:53:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2014/03/07 03:16:28 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2014/03/07 03:16:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat
[2014/03/07 03:16:03 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts

========== Files Created - No Company Name ==========

[2014/03/07 10:09:01 | 000,001,200 | ---- | C] () -- C:\Users\bf\Desktop\OpenOffice 4.0.1.lnk
[2014/03/07 09:33:04 | 000,003,773 | ---- | C] () -- C:\Users\bf\Desktop\BFresume2.rtf
[2014/03/07 08:53:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2014/03/07 03:16:28 | 000,360,248 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/07 03:16:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014/03/07 03:16:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2014/03/06 09:06:30 | 407,990,271 | -HS- | C] () -- C:\hiberfil.sys
[2014/03/06 09:03:57 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2014/01/15 06:18:43 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/08/21 23:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013/08/21 19:32:36 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2013/08/21 15:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013/08/21 15:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/01/15 06:30:14 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/01/15 06:30:15 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 01:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 18:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 01:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"ThreadingModel" = Both

========== LOP Check ==========

[2014/03/07 10:12:54 | 000,000,000 | ---D | M] -- C:\Users\bf\AppData\Roaming\OpenOffice

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2013/08/22 03:31:58 | 000,207,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/08/22 03:34:22 | 000,109,568 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2013/08/22 01:53:13 | 000,092,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2013/08/22 02:19:14 | 001,017,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2014/01/15 06:16:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/08/22 01:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2013/08/21 18:48:12 | 000,044,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 01:40:30 | 000,468,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2013/08/21 18:38:29 | 000,329,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2013/08/22 02:00:58 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/08/22 02:01:39 | 000,129,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2013/08/22 01:50:00 | 000,761,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2014/01/15 06:22:05 | 000,353,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2014/01/15 06:22:10 | 000,285,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2014/01/15 06:25:29 | 000,255,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2013/08/22 01:44:18 | 000,107,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (Eaphost)
SRV:64bit: - [2013/08/22 03:34:06 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2013/08/21 20:05:54 | 000,029,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2014/01/15 06:25:30 | 000,433,664 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2013/08/22 01:35:27 | 000,403,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2013/08/22 01:23:23 | 000,716,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2013/08/22 01:54:27 | 000,070,656 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2013/08/22 01:05:22 | 000,254,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2013/08/22 01:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 01:35:48 | 000,387,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2013/08/22 05:25:35 | 000,029,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2013/08/22 03:35:42 | 000,124,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2013/08/22 01:10:12 | 000,798,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
SRV:64bit: - [2013/08/22 03:22:30 | 000,101,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2013/08/22 01:18:58 | 000,534,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2013/08/22 01:50:00 | 000,761,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2013/08/22 03:32:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/08/22 05:25:35 | 000,045,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2013/08/22 01:12:56 | 000,133,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2013/08/22 01:48:09 | 000,324,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2013/08/22 01:24:27 | 000,629,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2013/08/21 18:27:04 | 000,564,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2013/08/22 01:07:32 | 001,212,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2013/08/22 02:55:30 | 000,306,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2013/08/21 19:33:38 | 000,248,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2013/08/22 02:00:18 | 000,050,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2014/01/15 06:25:29 | 000,221,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2013/08/22 01:19:19 | 001,436,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2014/01/15 06:30:12 | 000,834,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv)
SRV:64bit: - [2013/08/22 01:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
No service found with a name of SDRSVC
SRV:64bit: - [2013/08/22 04:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/22 01:44:27 | 001,669,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog)
SRV:64bit: - [2013/08/22 01:23:55 | 000,878,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2013/08/22 02:39:20 | 000,634,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2013/08/22 03:23:10 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2013/08/21 19:56:51 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2013/08/22 01:48:04 | 000,220,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2014/01/15 06:25:29 | 003,532,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2013/08/22 02:30:45 | 000,258,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2014/01/15 06:30:12 | 001,503,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc)
SRV:64bit: - [2013/08/22 01:54:22 | 000,284,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2014/01/15 06:25:30 | 002,065,448 | ---- | M] (Microsoft Corporation) MD5=1A0BC9598E4A58FC84570FFF5A108E58 -- C:\Windows\SysWOW64\explorer.exe
[2014/01/15 06:25:30 | 002,065,448 | ---- | M] (Microsoft Corporation) MD5=1A0BC9598E4A58FC84570FFF5A108E58 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_4ceff22781f6788c\explorer.exe
[2013/08/21 21:25:34 | 002,063,408 | ---- | M] (Microsoft Corporation) MD5=2CA8E3C9335C3C8BAEB335345E48364D -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16384_none_4cc7b16f8214372e\explorer.exe
[2014/01/15 06:25:30 | 002,328,872 | ---- | M] (Microsoft Corporation) MD5=63DC38C3E4564B2405D562855643ABA2 -- C:\Windows\explorer.exe
[2014/01/15 06:25:30 | 002,328,872 | ---- | M] (Microsoft Corporation) MD5=63DC38C3E4564B2405D562855643ABA2 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_429b47d54d95b691\explorer.exe
[2014/01/15 06:22:10 | 002,065,960 | ---- | M] (Microsoft Corporation) MD5=712B0D2ADE5297563168C997DDC2DD13 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16408_none_4d2233dd81cfba29\explorer.exe
[2013/08/22 04:39:51 | 002,328,880 | ---- | M] (Microsoft Corporation) MD5=8479DC46E9A09015C0777A16BC22A15D -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16384_none_4273071d4db37533\explorer.exe
[2014/01/15 06:22:08 | 002,328,328 | ---- | M] (Microsoft Corporation) MD5=C1400519D76A364E974E47BBA62B95B0 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16408_none_42cd898b4d6ef82e\explorer.exe

< MD5 for: SERVICES >
[2013/08/22 07:04:54 | 000,003,777 | ---- | M] () MD5=5EE2D65841D1985E8C1BC68B2EB4357B -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.3.9600.16384_none_25fdfd813908f8a6\services
[2013/08/22 05:25:41 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\_OTL\MovedFiles\03072014_031553\C_Windows\SysNative\drivers\etc\services

< MD5 for: SERVICES.EXE >
[2013/08/22 05:25:40 | 000,405,488 | ---- | M] (Microsoft Corporation) MD5=B4B610BBCB002EC478C6FD80CF915697 -- C:\Windows\SysNative\services.exe
[2013/08/22 05:25:40 | 000,405,488 | ---- | M] (Microsoft Corporation) MD5=B4B610BBCB002EC478C6FD80CF915697 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.3.9600.16384_none_2fd72579d09a45e9\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2013/08/22 11:08:13 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=0626E9CF9F010A5E5D5A8E200A59DDDC -- C:\Windows\SysNative\en-US\services.exe.mui
[2013/08/22 11:08:13 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=0626E9CF9F010A5E5D5A8E200A59DDDC -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.3.9600.16384_en-us_5abba721f9ec3435\services.exe.mui

< MD5 for: SERVICES.JS >
[2013/08/22 11:15:10 | 000,089,002 | ---- | M] () MD5=BCF4AD208163A961EEAF9F67C7DDA943 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.1.174_x64__8wekyb3d8bbwe\common\js\services.js
[2013/08/22 11:15:41 | 000,089,002 | ---- | M] () MD5=BCF4AD208163A961EEAF9F67C7DDA943 -- C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.1.177_x64__8wekyb3d8bbwe\common\js\services.js
[2013/08/22 11:16:00 | 000,089,002 | ---- | M] () MD5=BCF4AD208163A961EEAF9F67C7DDA943 -- C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.1.176_x64__8wekyb3d8bbwe\common\js\services.js
[2013/08/22 11:14:40 | 000,089,002 | ---- | M] () MD5=BCF4AD208163A961EEAF9F67C7DDA943 -- C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.1.174_x64__8wekyb3d8bbwe\common\js\services.js
[2013/08/22 11:14:25 | 000,089,002 | ---- | M] () MD5=BCF4AD208163A961EEAF9F67C7DDA943 -- C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.1.174_x64__8wekyb3d8bbwe\common\js\services.js
[2013/08/22 11:16:59 | 000,089,002 | ---- | M] () MD5=BCF4AD208163A961EEAF9F67C7DDA943 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.1.174_x64__8wekyb3d8bbwe\common\js\services.js
[2013/08/22 11:14:56 | 000,089,002 | ---- | M] () MD5=BCF4AD208163A961EEAF9F67C7DDA943 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.1.174_x64__8wekyb3d8bbwe\common\js\services.js
[2014/03/07 09:15:32 | 000,078,905 | ---- | M] () MD5=DE4B5FF45A106DA53CA566314EFE2E1F -- C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.2.233_x64__8wekyb3d8bbwe\Common\js\services.js

< MD5 for: SERVICES.LNK >
[2013/08/21 22:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2013/08/21 22:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2013/08/21 22:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.3.9600.16384_none_c02242af19b1eb57\services.lnk

< MD5 for: SERVICES.MOF >
[2013/06/18 06:51:33 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2013/06/18 06:51:33 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.3.9600.16384_none_c01e2072a140077e\services.mof

< MD5 for: SERVICES.MSC >
[2013/08/22 11:08:16 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\en-US\services.msc
[2013/06/18 06:47:53 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\services.msc
[2013/08/22 11:08:16 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\en-US\services.msc
[2013/06/18 04:23:54 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\services.msc
[2013/08/22 11:08:16 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.3.9600.16384_en-us_94fd770dd055ce28\services.msc
[2013/06/18 06:47:53 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.3.9600.16384_none_c02242af19b1eb57\services.msc
[2013/06/18 04:23:54 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.3.9600.16384_none_ca76ed014e12ad52\services.msc
[2013/08/22 11:08:16 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.3.9600.16384_en-us_38dedb8a17f85cf2\services.msc

< MD5 for: SERVICES.PTXML >
[2013/08/21 22:45:36 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2013/08/21 22:45:36 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.3.9600.16384_none_c01e2072a140077e\Services.ptxml

< MD5 for: SERVICES.RDB >
[2013/09/17 04:56:16 | 000,186,248 | ---- | M] () MD5=3190DA6D96EAE3A354AE533BA0D35D5F -- C:\Program Files (x86)\OpenOffice 4\program\services.rdb

< MD5 for: SVCHOST.EXE >
[2013/08/21 21:30:58 | 000,031,552 | ---- | M] (Microsoft Corporation) MD5=425E22D9F5C01616AFC92987791B19E9 -- C:\Windows\SysWOW64\svchost.exe
[2013/08/21 21:30:58 | 000,031,552 | ---- | M] (Microsoft Corporation) MD5=425E22D9F5C01616AFC92987791B19E9 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.16384_none_4a5b1e2820e75323\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2013/08/22 04:45:17 | 000,037,768 | ---- | M] (Microsoft Corporation) MD5=E4CA434F251681590D0538BC21C32D2F -- C:\Windows\SysNative\svchost.exe
[2013/08/22 04:45:17 | 000,037,768 | ---- | M] (Microsoft Corporation) MD5=E4CA434F251681590D0538BC21C32D2F -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.16384_none_a679b9abd944c459\svchost.exe

< MD5 for: USERINIT.EXE >
[2013/08/22 02:03:12 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=08C191B2917862BE90C33E31CB6B6D79 -- C:\Windows\SysNative\userinit.exe
[2013/08/22 02:03:12 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=08C191B2917862BE90C33E31CB6B6D79 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.16384_none_cce71a20a5a6fe7f\userinit.exe
[2013/08/21 18:54:12 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=41636F77AD6D9A396EA34E4786B96F2B -- C:\Windows\SysWOW64\userinit.exe
[2013/08/21 18:54:12 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=41636F77AD6D9A396EA34E4786B96F2B -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.16384_none_70c87e9ced498d49\userinit.exe

< MD5 for: WINLOGON.EXE >
[2013/08/22 01:55:08 | 000,564,736 | ---- | M] (Microsoft Corporation) MD5=7C94FDA3809015B8F2208D2E1C221F17 -- C:\Windows\SysNative\winlogon.exe
[2013/08/22 01:55:08 | 000,564,736 | ---- | M] (Microsoft Corporation) MD5=7C94FDA3809015B8F2208D2E1C221F17 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.16384_none_60816121a8e88269\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WSHELPER.DLL >
[2013/08/22 03:17:56 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=A977FE7DAC2FEB57BD64D32DFFAF5C4E -- C:\Windows\SysNative\wshelper.dll
[2013/08/22 03:17:56 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=A977FE7DAC2FEB57BD64D32DFFAF5C4E -- C:\Windows\WinSxS\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.3.9600.16384_none_f5436278cb5201dd\wshelper.dll
[2013/08/21 19:51:16 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=E08FC17019F66263C081D17A00589AE5 -- C:\Windows\SysWOW64\wshelper.dll
[2013/08/21 19:51:16 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=E08FC17019F66263C081D17A00589AE5 -- C:\Windows\WinSxS\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.3.9600.16384_none_ff980ccaffb2c3d8\wshelper.dll

< MD5 for: WSHELPER.DLL.MUI >
[2013/08/22 11:08:22 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=88DD0D603E314FB32C750B0693164867 -- C:\Windows\SysNative\en-US\wshelper.dll.mui
[2013/08/22 11:08:22 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=88DD0D603E314FB32C750B0693164867 -- C:\Windows\SysWOW64\en-US\wshelper.dll.mui
[2013/08/22 11:08:22 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=88DD0D603E314FB32C750B0693164867 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_6.3.9600.16384_en-us_9e9bcbc16cbbf70a\wshelper.dll.mui
[2013/08/22 11:08:22 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=88DD0D603E314FB32C750B0693164867 -- C:\Windows\WinSxS\x86_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_6.3.9600.16384_en-us_427d303db45e85d4\wshelper.dll.mui

< C:\Windows\assembly\tmp\U\*.* /s >
[2013/08/22 06:45:54 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 2C31-A50F
Directory of C:\
08/22/2013 06:45 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
08/22/2013 06:45 AM <JUNCTION> Application Data [C:\ProgramData]
08/22/2013 06:45 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
08/22/2013 06:45 AM <JUNCTION> Documents [C:\Users\Public\Documents]
08/22/2013 06:45 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
08/22/2013 06:45 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
08/22/2013 06:45 AM <SYMLINKD> All Users [C:\ProgramData]
08/22/2013 06:45 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
08/22/2013 06:45 AM <JUNCTION> Application Data [C:\ProgramData]
08/22/2013 06:45 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
08/22/2013 06:45 AM <JUNCTION> Documents [C:\Users\Public\Documents]
08/22/2013 06:45 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
08/22/2013 06:45 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\bf
03/06/2014 09:08 AM <JUNCTION> Application Data [C:\Users\bf\AppData\Roaming]
03/06/2014 09:08 AM <JUNCTION> Cookies [C:\Users\bf\AppData\Local\Microsoft\Windows\INetCookies]
03/06/2014 09:08 AM <JUNCTION> Local Settings [C:\Users\bf\AppData\Local]
03/06/2014 09:08 AM <JUNCTION> My Documents [C:\Users\bf\Documents]
03/06/2014 09:08 AM <JUNCTION> NetHood [C:\Users\bf\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/06/2014 09:08 AM <JUNCTION> PrintHood [C:\Users\bf\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/06/2014 09:08 AM <JUNCTION> Recent [C:\Users\bf\AppData\Roaming\Microsoft\Windows\Recent]
03/06/2014 09:08 AM <JUNCTION> SendTo [C:\Users\bf\AppData\Roaming\Microsoft\Windows\SendTo]
03/06/2014 09:08 AM <JUNCTION> Start Menu [C:\Users\bf\AppData\Roaming\Microsoft\Windows\Start Menu]
03/06/2014 09:08 AM <JUNCTION> Templates [C:\Users\bf\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\bf\AppData\Local
03/06/2014 09:08 AM <JUNCTION> Application Data [C:\Users\bf\AppData\Local]
03/06/2014 09:08 AM <JUNCTION> History [C:\Users\bf\AppData\Local\Microsoft\Windows\History]
03/06/2014 09:08 AM <JUNCTION> Temporary Internet Files [C:\Users\bf\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Users\bf\AppData\Local\Microsoft\Windows
03/06/2014 09:08 AM <JUNCTION> Temporary Internet Files [C:\Users\bf\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Users\bf\AppData\Local\Microsoft\Windows\INetCache
03/08/2014 02:10 PM <JUNCTION> Content.IE5 [C:\Users\bf\AppData\Local\Microsoft\Windows\INetCache\IE\]
0 File(s) 0 bytes
Directory of C:\Users\bf\AppData\Local\Microsoft\Windows\INetCache\Low
03/08/2014 02:10 PM <JUNCTION> Content.IE5 [C:\Users\bf\AppData\Local\Microsoft\Windows\INetCache\Low\IE\]
0 File(s) 0 bytes
Directory of C:\Users\bf\Documents
03/06/2014 09:08 AM <JUNCTION> My Music [C:\Users\bf\Music]
03/06/2014 09:08 AM <JUNCTION> My Pictures [C:\Users\bf\Pictures]
03/06/2014 09:08 AM <JUNCTION> My Videos [C:\Users\bf\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
08/22/2013 06:45 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
08/22/2013 06:45 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCookies]
08/22/2013 06:45 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
08/22/2013 06:45 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
08/22/2013 06:45 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/22/2013 06:45 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/22/2013 06:45 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
08/22/2013 06:45 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
08/22/2013 06:45 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
08/22/2013 06:45 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
08/22/2013 06:45 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
08/22/2013 06:45 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
08/22/2013 06:45 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local\Microsoft\Windows
08/22/2013 06:45 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
08/22/2013 06:45 AM <JUNCTION> My Music [C:\Users\Default\Music]
08/22/2013 06:45 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
08/22/2013 06:45 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
08/22/2013 06:45 AM <JUNCTION> My Music [C:\Users\Public\Music]
08/22/2013 06:45 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
08/22/2013 06:45 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
03/06/2014 10:31 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
03/06/2014 10:31 AM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies]
03/06/2014 10:31 AM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
03/06/2014 10:31 AM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
03/06/2014 10:31 AM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/06/2014 10:31 AM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/06/2014 10:31 AM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
03/06/2014 10:31 AM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
03/06/2014 10:31 AM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
03/06/2014 10:31 AM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
03/06/2014 10:31 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
03/06/2014 10:31 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
03/06/2014 10:31 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows
03/06/2014 10:31 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
03/06/2014 10:31 AM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
03/06/2014 10:31 AM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
03/06/2014 10:31 AM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile
03/06/2014 10:31 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
03/06/2014 10:31 AM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies]
03/06/2014 10:31 AM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
03/06/2014 10:31 AM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
03/06/2014 10:31 AM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/06/2014 10:31 AM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/06/2014 10:31 AM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
03/06/2014 10:31 AM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
03/06/2014 10:31 AM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
03/06/2014 10:31 AM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
03/06/2014 10:31 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
03/06/2014 10:31 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
03/06/2014 10:31 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows
03/06/2014 10:31 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
03/06/2014 10:31 AM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
03/06/2014 10:31 AM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
03/06/2014 10:31 AM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
86 Dir(s) 479,549,235,200 bytes free

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.3.9600
Copyright © 1999-2013 Microsoft Corporation.
On computer: BB
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 System Rese NTFS Partition 350 MB Healthy System
Volume 2 C NTFS Partition 465 GB Healthy Boot
Volume 3 D Removable 0 B No Media

< End of report >
  • 0

#4
luvdacowboys2011

luvdacowboys2011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
I did another scan after seeing it said scan#3 but this also says scan#3 and no extras txt even though I ticked it (safelist) before running it. Heres the re-run:

OTL logfile created on: 3/8/2014 3:01:40 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bf\AppData\Local\Microsoft\Windows\INetCache\IE\ANWVCRQJ
64bit- Enterprise Edition (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.47 Gb Total Physical Memory | 4.30 Gb Available Physical Memory | 78.58% Memory free
7.04 Gb Paging File | 5.96 Gb Available in Paging File | 84.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.42 Gb Total Space | 446.33 Gb Free Space | 95.90% Space Free | Partition Type: NTFS

Computer Name: BB | User Name: bf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/08 14:15:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bf\AppData\Local\Microsoft\Windows\INetCache\IE\ANWVCRQJ\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2014/01/15 06:30:12 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/01/15 06:30:12 | 000,263,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/01/15 06:28:44 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/01/15 06:25:30 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/01/15 06:25:30 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/01/15 06:22:07 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/01/15 06:22:07 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/01/15 06:22:06 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/01/15 06:18:43 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/01/15 06:17:50 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/12/13 10:23:32 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/12/06 16:06:06 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/08/22 11:12:15 | 000,183,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2013/08/22 11:12:13 | 000,090,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV:64bit: - [2013/08/22 04:32:01 | 000,346,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013/08/22 04:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/22 04:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 03:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 03:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 03:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 03:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 03:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 02:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 02:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/08/22 02:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 01:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2013/08/22 01:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 01:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 01:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 01:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 01:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 01:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 01:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2013/08/22 01:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/08/22 01:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 01:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2014/01/15 06:22:05 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/08/22 04:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/21 19:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 18:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/01/15 06:28:44 | 000,372,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/01/15 06:28:44 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/01/15 06:28:44 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014/01/15 06:28:44 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/01/15 06:28:44 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/01/15 06:25:28 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2014/01/15 06:22:05 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/01/15 06:22:05 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/01/15 06:22:05 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2014/01/15 06:16:59 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/12/13 10:23:36 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/12/13 10:23:36 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/09/19 23:05:02 | 000,059,648 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2.0)
DRV:64bit: - [2013/08/22 11:12:18 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)
DRV:64bit: - [2013/08/22 11:12:15 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/08/22 11:11:58 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:64bit: - [2013/08/22 11:11:58 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2013/08/22 11:11:58 | 000,111,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2013/08/22 11:11:58 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2013/08/22 11:11:58 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2013/08/22 11:11:58 | 000,056,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2013/08/22 11:11:58 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 05:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 05:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 04:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 04:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 04:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 04:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 04:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/08/22 04:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 04:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 04:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 04:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 04:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 04:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 04:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 04:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 04:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 04:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 04:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 04:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 04:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 04:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 04:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 04:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/08/22 04:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 04:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/08/22 04:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 04:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 04:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 04:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 04:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2013/08/22 04:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2013/08/22 04:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2013/08/22 04:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 04:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 04:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 04:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/08/22 04:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013/08/22 04:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/08/22 03:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 03:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 03:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/08/22 03:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 03:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 03:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 03:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 03:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 03:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 03:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 03:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 03:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 03:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 03:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 03:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 03:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 03:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 03:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 03:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 03:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 03:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 03:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 03:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 00:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/19 12:32:10 | 000,032,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Thotkey.sys -- (Thotkey)
DRV:64bit: - [2013/08/15 01:13:32 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2013/08/12 15:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 16:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/31 10:25:43 | 001,936,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2013/07/30 10:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 11:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)



========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\..\SearchScopes,DefaultScope =






IE - HKU\S-1-5-21-2328696899-888702991-1813880416-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2328696899-888702991-1813880416-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
IE - HKU\S-1-5-21-2328696899-888702991-1813880416-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2328696899-888702991-1813880416-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CD DB A6 96 5D 3A CF 01 [binary data]
IE - HKU\S-1-5-21-2328696899-888702991-1813880416-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2328696899-888702991-1813880416-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




O1 HOSTS File: ([2014/03/07 03:16:03 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AECF2EAD-69BE-4725-9EC9-45191D811E97}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (UserInit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: lfsvc - C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs:64bit: MsKeyboardFilter - C:\Windows\SysNative\KeyboardFilterSvc.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/03/08 14:24:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/03/08 14:15:57 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\bf\Desktop\aswMBR.exe
[2014/03/07 15:35:58 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Roaming\vlc
[2014/03/07 15:35:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2014/03/07 10:12:54 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Roaming\OpenOffice
[2014/03/07 10:09:00 | 000,000,000 | --SD | C] -- C:\Users\bf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
[2014/03/07 10:08:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice 4
[2014/03/07 02:46:32 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Local\AMD
[2014/03/07 02:46:18 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Roaming\ATI
[2014/03/07 02:46:18 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Local\ATI
[2014/03/07 02:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2014/03/07 02:44:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/06 10:42:01 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Roaming\Malwarebytes
[2014/03/06 10:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/03/06 10:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/06 10:41:46 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/03/06 10:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/03/06 10:41:32 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Local\Programs
[2014/03/06 10:33:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2014/03/06 10:33:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced Micro Devices, Inc
[2014/03/06 10:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2014/03/06 10:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2014/03/06 10:32:22 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2014/03/06 10:32:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2014/03/06 10:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/03/06 10:31:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2014/03/06 10:31:27 | 000,000,000 | ---D | C] -- C:\AMD
[2014/03/06 10:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2014/03/06 10:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2014/03/06 09:51:50 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Roaming\Macromedia
[2014/03/06 09:09:24 | 000,000,000 | R--D | C] -- C:\Users\bf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/03/06 09:09:24 | 000,000,000 | R--D | C] -- C:\Users\bf\Searches
[2014/03/06 09:09:24 | 000,000,000 | R--D | C] -- C:\Users\bf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/03/06 09:09:24 | 000,000,000 | -H-D | C] -- C:\Users\bf\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/03/06 09:09:23 | 000,000,000 | R--D | C] -- C:\Users\bf\Contacts
[2014/03/06 09:09:08 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Roaming\Adobe
[2014/03/06 09:09:07 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Local\VirtualStore
[2014/03/06 09:09:03 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Local\Packages
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\AppData\Local\Temporary Internet Files
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\Templates
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\Start Menu
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\SendTo
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\Recent
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\PrintHood
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\NetHood
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\Documents\My Videos
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\Documents\My Pictures
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\Documents\My Music
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\My Documents
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\Local Settings
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\AppData\Local\History
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\Cookies
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\Application Data
[2014/03/06 09:08:52 | 000,000,000 | -HSD | C] -- C:\Users\bf\AppData\Local\Application Data
[2014/03/06 09:08:51 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Local\Temp
[2014/03/06 09:08:51 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Local\Microsoft
[2014/03/06 09:08:50 | 000,000,000 | --SD | C] -- C:\Users\bf\AppData\Roaming\Microsoft
[2014/03/06 09:08:50 | 000,000,000 | R--D | C] -- C:\Users\bf\Videos
[2014/03/06 09:08:50 | 000,000,000 | R--D | C] -- C:\Users\bf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014/03/06 09:08:50 | 000,000,000 | R--D | C] -- C:\Users\bf\Saved Games
[2014/03/06 09:08:50 | 000,000,000 | R--D | C] -- C:\Users\bf\Pictures
[2014/03/06 09:08:50 | 000,000,000 | R--D | C] -- C:\Users\bf\Music
[2014/03/06 09:08:50 | 000,000,000 | R--D | C] -- C:\Users\bf\Links
[2014/03/06 09:08:50 | 000,000,000 | R--D | C] -- C:\Users\bf\Favorites
[2014/03/06 09:08:50 | 000,000,000 | R--D | C] -- C:\Users\bf\Downloads
[2014/03/06 09:08:50 | 000,000,000 | R--D | C] -- C:\Users\bf\Documents
[2014/03/06 09:08:50 | 000,000,000 | R--D | C] -- C:\Users\bf\Desktop
[2014/03/06 09:08:50 | 000,000,000 | R--D | C] -- C:\Users\bf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/03/06 09:08:50 | 000,000,000 | R--D | C] -- C:\Users\bf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014/03/06 09:08:50 | 000,000,000 | -H-D | C] -- C:\Users\bf\AppData
[2014/03/06 09:08:50 | 000,000,000 | ---D | C] -- C:\Users\bf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/03/06 09:08:50 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2014/03/06 09:08:23 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/03/06 09:04:35 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2014/03/06 09:03:53 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2014/03/06 09:03:25 | 000,000,000 | ---D | C] -- C:\Windows\Panther

========== Files - Modified Within 30 Days ==========

[2014/03/08 14:16:26 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\bf\Desktop\aswMBR.exe
[2014/03/07 18:22:51 | 000,360,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/07 18:22:41 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/03/07 18:22:20 | 407,990,271 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/07 10:09:01 | 000,001,200 | ---- | M] () -- C:\Users\bf\Desktop\OpenOffice 4.0.1.lnk
[2014/03/07 09:33:04 | 000,003,773 | ---- | M] () -- C:\Users\bf\Desktop\BFresume2.rtf
[2014/03/07 08:53:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2014/03/07 03:16:28 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2014/03/07 03:16:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat
[2014/03/07 03:16:03 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts

========== Files Created - No Company Name ==========

[2014/03/07 10:09:01 | 000,001,200 | ---- | C] () -- C:\Users\bf\Desktop\OpenOffice 4.0.1.lnk
[2014/03/07 09:33:04 | 000,003,773 | ---- | C] () -- C:\Users\bf\Desktop\BFresume2.rtf
[2014/03/07 08:53:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2014/03/07 03:16:28 | 000,360,248 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/07 03:16:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014/03/07 03:16:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2014/03/06 09:06:30 | 407,990,271 | -HS- | C] () -- C:\hiberfil.sys
[2014/03/06 09:03:57 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2014/01/15 06:18:43 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/08/21 23:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013/08/21 19:32:36 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2013/08/21 15:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013/08/21 15:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/01/15 06:30:14 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/01/15 06:30:15 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 01:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 18:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 01:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"ThreadingModel" = Both

========== LOP Check ==========

[2014/03/07 10:12:54 | 000,000,000 | ---D | M] -- C:\Users\bf\AppData\Roaming\OpenOffice

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2013/08/22 03:31:58 | 000,207,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/08/22 03:34:22 | 000,109,568 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2013/08/22 01:53:13 | 000,092,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2013/08/22 02:19:14 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2014/01/15 06:16:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/08/22 01:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2013/08/21 18:48:12 | 000,044,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 01:40:30 | 000,468,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2013/08/21 18:38:29 | 000,329,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2013/08/22 02:00:58 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/08/22 02:01:39 | 000,129,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2013/08/22 01:50:00 | 000,761,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2014/01/15 06:22:05 | 000,353,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2014/01/15 06:22:10 | 000,285,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2014/01/15 06:25:29 | 000,255,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2013/08/22 01:44:18 | 000,107,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (Eaphost)
SRV:64bit: - [2013/08/22 03:34:06 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2013/08/21 20:05:54 | 000,029,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2014/01/15 06:25:30 | 000,433,664 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2013/08/22 01:35:27 | 000,403,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2013/08/22 01:23:23 | 000,716,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2013/08/22 01:54:27 | 000,070,656 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2013/08/22 01:05:22 | 000,254,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2013/08/22 01:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 01:35:48 | 000,387,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2013/08/22 05:25:35 | 000,029,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2013/08/22 03:35:42 | 000,124,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2013/08/22 01:10:12 | 000,798,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
SRV:64bit: - [2013/08/22 03:22:30 | 000,101,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2013/08/22 01:18:58 | 000,534,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2013/08/22 01:50:00 | 000,761,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2013/08/22 03:32:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/08/22 05:25:35 | 000,045,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2013/08/22 01:12:56 | 000,133,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2013/08/22 01:48:09 | 000,324,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2013/08/22 01:24:27 | 000,629,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2013/08/21 18:27:04 | 000,564,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2013/08/22 01:07:32 | 001,212,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2013/08/22 02:55:30 | 000,306,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2013/08/21 19:33:38 | 000,248,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2013/08/22 02:00:18 | 000,050,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2014/01/15 06:25:29 | 000,221,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2013/08/22 01:19:19 | 001,436,160 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2014/01/15 06:30:12 | 000,834,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv)
SRV:64bit: - [2013/08/22 01:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
No service found with a name of SDRSVC
SRV:64bit: - [2013/08/22 04:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/22 01:44:27 | 001,669,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog)
SRV:64bit: - [2013/08/22 01:23:55 | 000,878,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2013/08/22 02:39:20 | 000,634,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2013/08/22 03:23:10 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2013/08/21 19:56:51 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2013/08/22 01:48:04 | 000,220,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2014/01/15 06:25:29 | 003,532,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2013/08/22 02:30:45 | 000,258,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2014/01/15 06:30:12 | 001,503,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc)
SRV:64bit: - [2013/08/22 01:54:22 | 000,284,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2014/01/15 06:25:30 | 002,065,448 | ---- | M] (Microsoft Corporation) MD5=1A0BC9598E4A58FC84570FFF5A108E58 -- C:\Windows\SysWOW64\explorer.exe
[2014/01/15 06:25:30 | 002,065,448 | ---- | M] (Microsoft Corporation) MD5=1A0BC9598E4A58FC84570FFF5A108E58 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_4ceff22781f6788c\explorer.exe
[2013/08/21 21:25:34 | 002,063,408 | ---- | M] (Microsoft Corporation) MD5=2CA8E3C9335C3C8BAEB335345E48364D -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16384_none_4cc7b16f8214372e\explorer.exe
[2014/01/15 06:25:30 | 002,328,872 | ---- | M] (Microsoft Corporation) MD5=63DC38C3E4564B2405D562855643ABA2 -- C:\Windows\explorer.exe
[2014/01/15 06:25:30 | 002,328,872 | ---- | M] (Microsoft Corporation) MD5=63DC38C3E4564B2405D562855643ABA2 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_429b47d54d95b691\explorer.exe
[2014/01/15 06:22:10 | 002,065,960 | ---- | M] (Microsoft Corporation) MD5=712B0D2ADE5297563168C997DDC2DD13 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16408_none_4d2233dd81cfba29\explorer.exe
[2013/08/22 04:39:51 | 002,328,880 | ---- | M] (Microsoft Corporation) MD5=8479DC46E9A09015C0777A16BC22A15D -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16384_none_4273071d4db37533\explorer.exe
[2014/01/15 06:22:08 | 002,328,328 | ---- | M] (Microsoft Corporation) MD5=C1400519D76A364E974E47BBA62B95B0 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16408_none_42cd898b4d6ef82e\explorer.exe

< MD5 for: SERVICES >
[2013/08/22 07:04:54 | 000,003,777 | ---- | M] () MD5=5EE2D65841D1985E8C1BC68B2EB4357B -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.3.9600.16384_none_25fdfd813908f8a6\services
[2013/08/22 05:25:41 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\_OTL\MovedFiles\03072014_031553\C_Windows\SysNative\drivers\etc\services

< MD5 for: SERVICES.EXE >
[2013/08/22 05:25:40 | 000,405,488 | ---- | M] (Microsoft Corporation) MD5=B4B610BBCB002EC478C6FD80CF915697 -- C:\Windows\SysNative\services.exe
[2013/08/22 05:25:40 | 000,405,488 | ---- | M] (Microsoft Corporation) MD5=B4B610BBCB002EC478C6FD80CF915697 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.3.9600.16384_none_2fd72579d09a45e9\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2013/08/22 11:08:13 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=0626E9CF9F010A5E5D5A8E200A59DDDC -- C:\Windows\SysNative\en-US\services.exe.mui
[2013/08/22 11:08:13 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=0626E9CF9F010A5E5D5A8E200A59DDDC -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.3.9600.16384_en-us_5abba721f9ec3435\services.exe.mui

< MD5 for: SERVICES.JS >
[2013/08/22 11:15:10 | 000,089,002 | ---- | M] () MD5=BCF4AD208163A961EEAF9F67C7DDA943 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.1.174_x64__8wekyb3d8bbwe\common\js\services.js
[2013/08/22 11:15:41 | 000,089,002 | ---- | M] () MD5=BCF4AD208163A961EEAF9F67C7DDA943 -- C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.1.177_x64__8wekyb3d8bbwe\common\js\services.js
[2013/08/22 11:16:00 | 000,089,002 | ---- | M] () MD5=BCF4AD208163A961EEAF9F67C7DDA943 -- C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.1.176_x64__8wekyb3d8bbwe\common\js\services.js
[2013/08/22 11:14:40 | 000,089,002 | ---- | M] () MD5=BCF4AD208163A961EEAF9F67C7DDA943 -- C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.1.174_x64__8wekyb3d8bbwe\common\js\services.js
[2013/08/22 11:14:25 | 000,089,002 | ---- | M] () MD5=BCF4AD208163A961EEAF9F67C7DDA943 -- C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.1.174_x64__8wekyb3d8bbwe\common\js\services.js
[2013/08/22 11:14:56 | 000,089,002 | ---- | M] () MD5=BCF4AD208163A961EEAF9F67C7DDA943 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.1.174_x64__8wekyb3d8bbwe\common\js\services.js
[2014/03/07 09:15:32 | 000,078,905 | ---- | M] () MD5=DE4B5FF45A106DA53CA566314EFE2E1F -- C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.2.233_x64__8wekyb3d8bbwe\Common\js\services.js

< MD5 for: SERVICES.LNK >
[2013/08/21 22:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2013/08/21 22:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2013/08/21 22:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.3.9600.16384_none_c02242af19b1eb57\services.lnk

< MD5 for: SERVICES.MOF >
[2013/06/18 06:51:33 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2013/06/18 06:51:33 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.3.9600.16384_none_c01e2072a140077e\services.mof

< MD5 for: SERVICES.MSC >
[2013/08/22 11:08:16 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\en-US\services.msc
[2013/06/18 06:47:53 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\services.msc
[2013/08/22 11:08:16 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\en-US\services.msc
[2013/06/18 04:23:54 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\services.msc
[2013/08/22 11:08:16 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.3.9600.16384_en-us_94fd770dd055ce28\services.msc
[2013/06/18 06:47:53 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.3.9600.16384_none_c02242af19b1eb57\services.msc
[2013/06/18 04:23:54 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.3.9600.16384_none_ca76ed014e12ad52\services.msc
[2013/08/22 11:08:16 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.3.9600.16384_en-us_38dedb8a17f85cf2\services.msc

< MD5 for: SERVICES.PTXML >
[2013/08/21 22:45:36 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2013/08/21 22:45:36 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.3.9600.16384_none_c01e2072a140077e\Services.ptxml

< MD5 for: SERVICES.RDB >
[2013/09/17 04:56:16 | 000,186,248 | ---- | M] () MD5=3190DA6D96EAE3A354AE533BA0D35D5F -- C:\Program Files (x86)\OpenOffice 4\program\services.rdb

< MD5 for: SVCHOST.EXE >
[2013/08/21 21:30:58 | 000,031,552 | ---- | M] (Microsoft Corporation) MD5=425E22D9F5C01616AFC92987791B19E9 -- C:\Windows\SysWOW64\svchost.exe
[2013/08/21 21:30:58 | 000,031,552 | ---- | M] (Microsoft Corporation) MD5=425E22D9F5C01616AFC92987791B19E9 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.16384_none_4a5b1e2820e75323\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2013/08/22 04:45:17 | 000,037,768 | ---- | M] (Microsoft Corporation) MD5=E4CA434F251681590D0538BC21C32D2F -- C:\Windows\SysNative\svchost.exe
[2013/08/22 04:45:17 | 000,037,768 | ---- | M] (Microsoft Corporation) MD5=E4CA434F251681590D0538BC21C32D2F -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.16384_none_a679b9abd944c459\svchost.exe

< MD5 for: USERINIT.EXE >
[2013/08/22 02:03:12 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=08C191B2917862BE90C33E31CB6B6D79 -- C:\Windows\SysNative\userinit.exe
[2013/08/22 02:03:12 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=08C191B2917862BE90C33E31CB6B6D79 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.16384_none_cce71a20a5a6fe7f\userinit.exe
[2013/08/21 18:54:12 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=41636F77AD6D9A396EA34E4786B96F2B -- C:\Windows\SysWOW64\userinit.exe
[2013/08/21 18:54:12 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=41636F77AD6D9A396EA34E4786B96F2B -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.16384_none_70c87e9ced498d49\userinit.exe

< MD5 for: WINLOGON.EXE >
[2013/08/22 01:55:08 | 000,564,736 | ---- | M] (Microsoft Corporation) MD5=7C94FDA3809015B8F2208D2E1C221F17 -- C:\Windows\SysNative\winlogon.exe
[2013/08/22 01:55:08 | 000,564,736 | ---- | M] (Microsoft Corporation) MD5=7C94FDA3809015B8F2208D2E1C221F17 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.16384_none_60816121a8e88269\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WSHELPER.DLL >
[2013/08/22 03:17:56 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=A977FE7DAC2FEB57BD64D32DFFAF5C4E -- C:\Windows\SysNative\wshelper.dll
[2013/08/22 03:17:56 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=A977FE7DAC2FEB57BD64D32DFFAF5C4E -- C:\Windows\WinSxS\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.3.9600.16384_none_f5436278cb5201dd\wshelper.dll
[2013/08/21 19:51:16 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=E08FC17019F66263C081D17A00589AE5 -- C:\Windows\SysWOW64\wshelper.dll
[2013/08/21 19:51:16 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=E08FC17019F66263C081D17A00589AE5 -- C:\Windows\WinSxS\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.3.9600.16384_none_ff980ccaffb2c3d8\wshelper.dll

< MD5 for: WSHELPER.DLL.MUI >
[2013/08/22 11:08:22 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=88DD0D603E314FB32C750B0693164867 -- C:\Windows\SysNative\en-US\wshelper.dll.mui
[2013/08/22 11:08:22 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=88DD0D603E314FB32C750B0693164867 -- C:\Windows\SysWOW64\en-US\wshelper.dll.mui
[2013/08/22 11:08:22 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=88DD0D603E314FB32C750B0693164867 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_6.3.9600.16384_en-us_9e9bcbc16cbbf70a\wshelper.dll.mui
[2013/08/22 11:08:22 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=88DD0D603E314FB32C750B0693164867 -- C:\Windows\WinSxS\x86_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_6.3.9600.16384_en-us_427d303db45e85d4\wshelper.dll.mui

< C:\Windows\assembly\tmp\U\*.* /s >
[2013/08/22 06:45:54 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 2C31-A50F
Directory of C:\
08/22/2013 06:45 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
08/22/2013 06:45 AM <JUNCTION> Application Data [C:\ProgramData]
08/22/2013 06:45 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
08/22/2013 06:45 AM <JUNCTION> Documents [C:\Users\Public\Documents]
08/22/2013 06:45 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
08/22/2013 06:45 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
08/22/2013 06:45 AM <SYMLINKD> All Users [C:\ProgramData]
08/22/2013 06:45 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
08/22/2013 06:45 AM <JUNCTION> Application Data [C:\ProgramData]
08/22/2013 06:45 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
08/22/2013 06:45 AM <JUNCTION> Documents [C:\Users\Public\Documents]
08/22/2013 06:45 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
08/22/2013 06:45 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\bf
03/06/2014 09:08 AM <JUNCTION> Application Data [C:\Users\bf\AppData\Roaming]
03/06/2014 09:08 AM <JUNCTION> Cookies [C:\Users\bf\AppData\Local\Microsoft\Windows\INetCookies]
03/06/2014 09:08 AM <JUNCTION> Local Settings [C:\Users\bf\AppData\Local]
03/06/2014 09:08 AM <JUNCTION> My Documents [C:\Users\bf\Documents]
03/06/2014 09:08 AM <JUNCTION> NetHood [C:\Users\bf\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/06/2014 09:08 AM <JUNCTION> PrintHood [C:\Users\bf\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/06/2014 09:08 AM <JUNCTION> Recent [C:\Users\bf\AppData\Roaming\Microsoft\Windows\Recent]
03/06/2014 09:08 AM <JUNCTION> SendTo [C:\Users\bf\AppData\Roaming\Microsoft\Windows\SendTo]
03/06/2014 09:08 AM <JUNCTION> Start Menu [C:\Users\bf\AppData\Roaming\Microsoft\Windows\Start Menu]
03/06/2014 09:08 AM <JUNCTION> Templates [C:\Users\bf\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\bf\AppData\Local
03/06/2014 09:08 AM <JUNCTION> Application Data [C:\Users\bf\AppData\Local]
03/06/2014 09:08 AM <JUNCTION> History [C:\Users\bf\AppData\Local\Microsoft\Windows\History]
03/06/2014 09:08 AM <JUNCTION> Temporary Internet Files [C:\Users\bf\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Users\bf\AppData\Local\Microsoft\Windows
03/06/2014 09:08 AM <JUNCTION> Temporary Internet Files [C:\Users\bf\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Users\bf\AppData\Local\Microsoft\Windows\INetCache
03/08/2014 02:10 PM <JUNCTION> Content.IE5 [C:\Users\bf\AppData\Local\Microsoft\Windows\INetCache\IE\]
0 File(s) 0 bytes
Directory of C:\Users\bf\AppData\Local\Microsoft\Windows\INetCache\Low
03/08/2014 02:10 PM <JUNCTION> Content.IE5 [C:\Users\bf\AppData\Local\Microsoft\Windows\INetCache\Low\IE\]
0 File(s) 0 bytes
Directory of C:\Users\bf\Documents
03/06/2014 09:08 AM <JUNCTION> My Music [C:\Users\bf\Music]
03/06/2014 09:08 AM <JUNCTION> My Pictures [C:\Users\bf\Pictures]
03/06/2014 09:08 AM <JUNCTION> My Videos [C:\Users\bf\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
08/22/2013 06:45 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
08/22/2013 06:45 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCookies]
08/22/2013 06:45 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
08/22/2013 06:45 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
08/22/2013 06:45 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/22/2013 06:45 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/22/2013 06:45 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
08/22/2013 06:45 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
08/22/2013 06:45 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
08/22/2013 06:45 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
08/22/2013 06:45 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
08/22/2013 06:45 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
08/22/2013 06:45 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local\Microsoft\Windows
08/22/2013 06:45 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
08/22/2013 06:45 AM <JUNCTION> My Music [C:\Users\Default\Music]
08/22/2013 06:45 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
08/22/2013 06:45 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
08/22/2013 06:45 AM <JUNCTION> My Music [C:\Users\Public\Music]
08/22/2013 06:45 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
08/22/2013 06:45 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
03/06/2014 10:31 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
03/06/2014 10:31 AM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies]
03/06/2014 10:31 AM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
03/06/2014 10:31 AM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
03/06/2014 10:31 AM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/06/2014 10:31 AM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/06/2014 10:31 AM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
03/06/2014 10:31 AM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
03/06/2014 10:31 AM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
03/06/2014 10:31 AM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
03/06/2014 10:31 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
03/06/2014 10:31 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
03/06/2014 10:31 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows
03/06/2014 10:31 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
03/06/2014 10:31 AM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
03/06/2014 10:31 AM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
03/06/2014 10:31 AM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile
03/06/2014 10:31 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
03/06/2014 10:31 AM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies]
03/06/2014 10:31 AM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
03/06/2014 10:31 AM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
03/06/2014 10:31 AM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/06/2014 10:31 AM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/06/2014 10:31 AM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
03/06/2014 10:31 AM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
03/06/2014 10:31 AM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
03/06/2014 10:31 AM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
03/06/2014 10:31 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
03/06/2014 10:31 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
03/06/2014 10:31 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows
03/06/2014 10:31 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
03/06/2014 10:31 AM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
03/06/2014 10:31 AM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
03/06/2014 10:31 AM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
86 Dir(s) 479,248,408,576 bytes free

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.3.9600
Copyright © 1999-2013 Microsoft Corporation.
On computer: BB
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 System Rese NTFS Partition 350 MB Healthy System
Volume 2 C NTFS Partition 465 GB Healthy Boot
Volume 3 D Removable 0 B No Media

< >

< >

< End of report >
  • 0

#5
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi luvdacowboys2011. I finished looking at your OTL log. It looks clean. Try running aswMBR without downloading the definitions and see what happens. Also let's try TDSSKiller to see if it finds anything. If not we have another powerful tool to use.

Step 1

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Things to see in your next post:
TDSSKiller log

  • 0

#6
luvdacowboys2011

luvdacowboys2011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
17:59:01.0693 1972 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:59:02.0255 1972 ============================================================
17:59:02.0255 1972 Current date / time: 2014/03/08 17:59:02.0255
17:59:02.0255 1972 SystemInfo:
17:59:02.0255 1972
17:59:02.0255 1972 OS Version: 6.2.9200 ServicePack: 0.0
17:59:02.0255 1972 Product type: Workstation
17:59:02.0255 1972 ComputerName: BB
17:59:02.0255 1972 UserName: bf
17:59:02.0255 1972 Windows directory: C:\Windows
17:59:02.0255 1972 System windows directory: C:\Windows
17:59:02.0255 1972 Running under WOW64
17:59:02.0255 1972 Processor architecture: Intel x64
17:59:02.0255 1972 Number of processors: 2
17:59:02.0255 1972 Page size: 0x1000
17:59:02.0255 1972 Boot type: Normal boot
17:59:02.0255 1972 ============================================================
17:59:02.0787 1972 BG loaded
17:59:03.0599 1972 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:59:03.0630 1972 ============================================================
17:59:03.0630 1972 \Device\Harddisk0\DR0:
17:59:03.0646 1972 MBR partitions:
17:59:03.0646 1972 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000
17:59:03.0646 1972 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0x3A2D6000
17:59:03.0646 1972 ============================================================
17:59:03.0693 1972 C: <-> \Device\Harddisk0\DR0\Partition2
17:59:03.0693 1972 ============================================================
17:59:03.0693 1972 Initialize success
17:59:03.0693 1972 ============================================================
17:59:20.0364 2224 ============================================================
17:59:20.0364 2224 Scan started
17:59:20.0364 2224 Mode: Manual; SigCheck; TDLFS;
17:59:20.0364 2224 ============================================================
17:59:20.0806 2224 ================ Scan system memory ========================
17:59:20.0806 2224 System memory - ok
17:59:20.0806 2224 ================ Scan services =============================
17:59:20.0933 2224 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
17:59:21.0120 2224 1394ohci - ok
17:59:21.0183 2224 Suspicious service (Hidden): 28002065
17:59:21.0261 2224 28002065 ( HiddenService.Multi.Generic ) - warning
17:59:21.0261 2224 28002065 - detected HiddenService.Multi.Generic (1)
17:59:21.0292 2224 [ AD508A1A46EC21B740AB31C28EFDFDB1 ] 3ware C:\Windows\system32\drivers\3ware.sys
17:59:21.0292 2224 3ware - ok
17:59:21.0354 2224 [ 3D30878A269D934100FA5F972E53AF39 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:59:21.0370 2224 ACPI - ok
17:59:21.0386 2224 [ AC8279D229398BCF05C3154ADCA86813 ] acpiex C:\Windows\system32\Drivers\acpiex.sys
17:59:21.0401 2224 acpiex - ok
17:59:21.0417 2224 [ A8970D9BF23CD309E0403978A1B58F3F ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
17:59:21.0448 2224 acpipagr - ok
17:59:21.0448 2224 [ 111A89C99C5B4F1A7BCE5F643DD86F65 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
17:59:21.0526 2224 AcpiPmi - ok
17:59:21.0542 2224 [ 5758387D68A20AE7D3245011B07E36E7 ] acpitime C:\Windows\System32\drivers\acpitime.sys
17:59:21.0558 2224 acpitime - ok
17:59:21.0604 2224 [ 7C1FDF1B48298CBA7CE4BDD4978951AD ] ADP80XX C:\Windows\system32\drivers\ADP80XX.SYS
17:59:21.0636 2224 ADP80XX - ok
17:59:21.0667 2224 [ B19CA8E441D35AA2B1EE51C10B27DA1B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:59:21.0714 2224 AeLookupSvc - ok
17:59:21.0729 2224 [ 239268BAB58EAE9A3FF4E08334C00451 ] AFD C:\Windows\system32\drivers\afd.sys
17:59:21.0808 2224 AFD - ok
17:59:21.0823 2224 [ 7DFAEBA9AD62D20102B576D5CAC45EC8 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:59:21.0823 2224 agp440 - ok
17:59:21.0854 2224 [ 8E8E34B7BA059050EED827410D0697A2 ] ahcache C:\Windows\system32\DRIVERS\ahcache.sys
17:59:21.0901 2224 ahcache - ok
17:59:21.0917 2224 [ A91D8E1E433EFB32551BCE69037E1CE7 ] ALG C:\Windows\System32\alg.exe
17:59:21.0979 2224 ALG - ok
17:59:22.0026 2224 [ 66B54471B5856E314947881E28263A6D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:59:22.0089 2224 AMD External Events Utility - ok
17:59:22.0151 2224 AMD FUEL Service - ok
17:59:22.0167 2224 [ 7589DE749DB6F71A68489DCE04158729 ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
17:59:22.0245 2224 AmdK8 - ok
17:59:22.0479 2224 [ FBB35875FEFE53D4280259842069ED72 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:59:22.0776 2224 amdkmdag - ok
17:59:22.0792 2224 [ A32BCAD9377E3B75D034CAFBA463A0AE ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:59:22.0839 2224 amdkmdap - ok
17:59:22.0839 2224 [ B46D2D89AFF8A9490FA8C98C7A5616E3 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
17:59:22.0870 2224 AmdPPM - ok
17:59:22.0901 2224 [ D2BF2F94A47D332814910FD47C6BBCD2 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:59:22.0901 2224 amdsata - ok
17:59:22.0917 2224 [ A8E04943C7BBA7219AA50400272C3C6E ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
17:59:22.0933 2224 amdsbs - ok
17:59:22.0933 2224 [ CEA5F4F27CFC08E3A44D576811B35F50 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:59:22.0948 2224 amdxata - ok
17:59:22.0979 2224 [ E8CCB797DAF80779C768BD3A9FC8FCAF ] AODDriver4.2.0 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
17:59:23.0089 2224 AODDriver4.2.0 - ok
17:59:23.0089 2224 [ 04951A9A937CBE28A2D3FEEA360B6D1F ] AppID C:\Windows\system32\drivers\appid.sys
17:59:23.0167 2224 AppID - ok
17:59:23.0198 2224 [ C0DC3F58214A227980AEB091CFD2F973 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:59:23.0229 2224 AppIDSvc - ok
17:59:23.0245 2224 [ 7E790DE2487CEDB349D1750B9E47F090 ] Appinfo C:\Windows\System32\appinfo.dll
17:59:23.0292 2224 Appinfo - ok
17:59:23.0323 2224 [ 8176FBA685178FB0F52D46693474FA50 ] AppMgmt C:\Windows\System32\appmgmts.dll
17:59:23.0370 2224 AppMgmt - ok
17:59:23.0417 2224 [ 4B964AE0DF433A3BFA7BD24713BC2E9B ] AppReadiness C:\Windows\system32\AppReadiness.dll
17:59:23.0479 2224 AppReadiness - ok
17:59:23.0495 2224 [ 0B726D9ED75C787D6FFAF1E3873BCC70 ] AppXSvc C:\Windows\system32\appxdeploymentserver.dll
17:59:23.0573 2224 AppXSvc - ok
17:59:23.0604 2224 [ 65045784366F7EC5FB4E71BCF923187B ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:59:23.0620 2224 arcsas - ok
17:59:23.0636 2224 [ 74B14192CF79A72F7536B27CB8814FBD ] atapi C:\Windows\system32\drivers\atapi.sys
17:59:23.0636 2224 atapi - ok
17:59:23.0667 2224 [ 4903CBC14742B5AB4DCF7A92F7DEC483 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
17:59:23.0714 2224 AudioEndpointBuilder - ok
17:59:23.0745 2224 [ EF276593AD1BDF5A99032F62D6272848 ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:59:23.0776 2224 Audiosrv - ok
17:59:23.0792 2224 [ 96E8CAF20FC4B6C31CAD7816A801EB78 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:59:23.0839 2224 AxInstSV - ok
17:59:23.0870 2224 [ A4A73F631FE2AA2826FBE4A399B04DEF ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
17:59:23.0901 2224 b06bdrv - ok
17:59:23.0933 2224 [ 8CC7F7E4AFCBA605921B137ED7992C68 ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
17:59:23.0980 2224 BasicDisplay - ok
17:59:23.0995 2224 [ 2748E116F8621A4DB0D39FCDD7318C01 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
17:59:24.0011 2224 BasicRender - ok
17:59:24.0042 2224 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21 ] bcmfn2 C:\Windows\System32\drivers\bcmfn2.sys
17:59:24.0042 2224 bcmfn2 - ok
17:59:24.0089 2224 [ BBE61A40665B83488901E41082A6097D ] BDESVC C:\Windows\System32\bdesvc.dll
17:59:24.0136 2224 BDESVC - ok
17:59:24.0151 2224 [ EC19013E4CF87609534165DF897274D6 ] Beep C:\Windows\system32\drivers\Beep.sys
17:59:24.0183 2224 Beep - ok
17:59:24.0198 2224 [ 6468B696C65775D51A06615830E0E79D ] BFE C:\Windows\System32\bfe.dll
17:59:24.0261 2224 BFE - ok
17:59:24.0308 2224 [ 15225081966C785A9192782401643FD4 ] BITS C:\Windows\System32\qmgr.dll
17:59:24.0386 2224 BITS - ok
17:59:24.0401 2224 [ 6B4FFFDDC618FCF64473CAA86E305697 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:59:24.0464 2224 bowser - ok
17:59:24.0511 2224 [ A6207A88B596F726DE558425F3B7E592 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
17:59:24.0542 2224 BrokerInfrastructure - ok
17:59:24.0558 2224 [ D528D6A92D187777691993DD757AF19A ] Browser C:\Windows\System32\browser.dll
17:59:24.0620 2224 Browser - ok
17:59:24.0667 2224 [ A8F23D453A424FF4DE04989C4727ECC7 ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
17:59:24.0714 2224 BthAvrcpTg - ok
17:59:24.0714 2224 [ 746B9F94214915AECDE4B7FEA5FF9664 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
17:59:24.0729 2224 BthHFEnum - ok
17:59:24.0745 2224 [ 71FE2A48E4C93DDB9798C024880B6C07 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
17:59:24.0761 2224 bthhfhid - ok
17:59:24.0761 2224 [ 07E33226AD218A2A162662A05CAFB52F ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
17:59:24.0776 2224 BTHMODEM - ok
17:59:24.0808 2224 [ E5E48FEED73D463175EAB1542495191C ] bthserv C:\Windows\system32\bthserv.dll
17:59:24.0823 2224 bthserv - ok
17:59:24.0839 2224 [ 2FA6510E33F7DEFEC03658B74101A9B9 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:59:24.0854 2224 cdfs - ok
17:59:24.0886 2224 [ C6796EA22B513E3457514D92DCDB1A3D ] cdrom C:\Windows\System32\drivers\cdrom.sys
17:59:24.0886 2224 cdrom - ok
17:59:24.0917 2224 [ AB285CE3431FF3D2ACE669245874C1C7 ] CertPropSvc C:\Windows\System32\certprop.dll
17:59:24.0948 2224 CertPropSvc - ok
17:59:24.0964 2224 [ BE9936EDD3267FAAFF94A7835867F00B ] circlass C:\Windows\System32\drivers\circlass.sys
17:59:24.0979 2224 circlass - ok
17:59:24.0995 2224 [ 7F006813C2AFE622C13D7AF94F56CD07 ] CLFS C:\Windows\system32\drivers\CLFS.sys
17:59:25.0026 2224 CLFS - ok
17:59:25.0042 2224 [ EF6EF85DADC3184A10D8F2F7159973CB ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
17:59:25.0120 2224 CmBatt - ok
17:59:25.0151 2224 [ 825BE21E6395E00698D8A23955A87972 ] CNG C:\Windows\system32\Drivers\cng.sys
17:59:25.0167 2224 CNG - ok
17:59:25.0183 2224 [ 03AAED827C36F35D70900558B8274905 ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
17:59:25.0198 2224 CompositeBus - ok
17:59:25.0198 2224 COMSysApp - ok
17:59:25.0214 2224 [ A1FF7DFBFBE164CF92603C651D304DD2 ] condrv C:\Windows\system32\drivers\condrv.sys
17:59:25.0229 2224 condrv - ok
17:59:25.0261 2224 [ 0EFE4B5884A8032617826A4D76F80969 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:59:25.0323 2224 CryptSvc - ok
17:59:25.0354 2224 [ EE2F3C0D6ADBC975D6B621EC15ACF4E2 ] CSC C:\Windows\system32\drivers\csc.sys
17:59:25.0401 2224 CSC - ok
17:59:25.0448 2224 [ 936D9E2871CEEFF6A33695D98374367B ] CscService C:\Windows\System32\cscsvc.dll
17:59:25.0464 2224 CscService - ok
17:59:25.0495 2224 [ 315BA4BC19316D72B2E037534E048B93 ] dam C:\Windows\system32\drivers\dam.sys
17:59:25.0511 2224 dam - ok
17:59:25.0542 2224 [ 3FD5AE42EC87C6F532A931F96BE731DD ] DcomLaunch C:\Windows\system32\rpcss.dll
17:59:25.0620 2224 DcomLaunch - ok
17:59:25.0651 2224 [ F4CCAADC2C78F57E4F16B24C9201CE22 ] defragsvc C:\Windows\System32\defragsvc.dll
17:59:25.0698 2224 defragsvc - ok
17:59:25.0714 2224 [ 0BC71D4D3B5883903C37BF4E13B0F0C5 ] DeviceAssociationService C:\Windows\system32\das.dll
17:59:25.0776 2224 DeviceAssociationService - ok
17:59:25.0808 2224 [ 752A457320A946E03C3AA86C3ACD735E ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
17:59:25.0839 2224 DeviceInstall - ok
17:59:25.0886 2224 [ 5DB26D7E0216D0BF364A81D3829AD7B9 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
17:59:25.0901 2224 Dfsc - ok
17:59:25.0933 2224 [ 8B107F55FD61654A6C9F1B819AEC5FC4 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:59:25.0995 2224 Dhcp - ok
17:59:26.0011 2224 [ 4D40C9B33F738797CF50E77CB7C53E85 ] disk C:\Windows\system32\drivers\disk.sys
17:59:26.0011 2224 disk - ok
17:59:26.0042 2224 [ EB70A894708D1BC176AFD690FF06085F ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
17:59:26.0105 2224 dmvsc - ok
17:59:26.0136 2224 [ 5BAF7714E68F93515A937A3FA8587EF9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:59:26.0183 2224 Dnscache - ok
17:59:26.0198 2224 [ 50288EA079BB520C2B8C8A154202D518 ] dot3svc C:\Windows\System32\dot3svc.dll
17:59:26.0214 2224 dot3svc - ok
17:59:26.0245 2224 [ 281BEE07BA97E3E98D12A822D923D0D8 ] DPS C:\Windows\system32\dps.dll
17:59:26.0308 2224 DPS - ok
17:59:26.0339 2224 [ DDC11A202207C0400CBE07315B8FDE5E ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:59:26.0354 2224 drmkaud - ok
17:59:26.0386 2224 [ 5B074F14F5DD6418F46EE4CA2DEB7EA8 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
17:59:26.0417 2224 DsmSvc - ok
17:59:26.0448 2224 [ A3D1CB64DF885ACE126543E6D7067348 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:59:26.0495 2224 DXGKrnl - ok
17:59:26.0511 2224 [ 6073537F250B45E1CB2A02E97F0FE1B2 ] Eaphost C:\Windows\System32\eapsvc.dll
17:59:26.0526 2224 Eaphost - ok
17:59:26.0604 2224 [ 114BCFDF367FF37C3F1B0A96AF542E4D ] ebdrv C:\Windows\system32\drivers\evbda.sys
17:59:26.0683 2224 ebdrv - ok
17:59:26.0714 2224 [ F6F209DDB94959BA104FC8FC87C53759 ] EFS C:\Windows\System32\lsass.exe
17:59:26.0729 2224 EFS - ok
17:59:26.0745 2224 [ 43531A5993380CC5113242C29D265FD9 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
17:59:26.0745 2224 EhStorClass - ok
17:59:26.0776 2224 [ 6F8E738A9505A388B1157FDDE7B3101B ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
17:59:26.0792 2224 EhStorTcgDrv - ok
17:59:26.0792 2224 [ DFFFAE1442BA4076E18EED5E406FA0D3 ] ErrDev C:\Windows\System32\drivers\errdev.sys
17:59:26.0808 2224 ErrDev - ok
17:59:26.0839 2224 [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3 ] EventSystem C:\Windows\system32\es.dll
17:59:26.0917 2224 EventSystem - ok
17:59:26.0933 2224 [ 7729D294A555C7AEB281ED8E4D0E01E4 ] exfat C:\Windows\system32\drivers\exfat.sys
17:59:26.0964 2224 exfat - ok
17:59:26.0979 2224 [ 7C4E0D5900B2A1D11EDD626D6DDB937B ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:59:26.0995 2224 fastfat - ok
17:59:27.0026 2224 [ 2BC8532ABF2B3756B78FA1DA54147DDE ] Fax C:\Windows\system32\fxssvc.exe
17:59:27.0073 2224 Fax - ok
17:59:27.0089 2224 [ 5D8402613E778B3BD45E687A8372710B ] fdc C:\Windows\System32\drivers\fdc.sys
17:59:27.0104 2224 fdc - ok
17:59:27.0136 2224 [ DC1A78BCCCB7EE53D6FD3BD615A8E222 ] fdPHost C:\Windows\system32\fdPHost.dll
17:59:27.0167 2224 fdPHost - ok
17:59:27.0183 2224 [ E5AD448F2DC84B1CF387FA7F2A3D1936 ] FDResPub C:\Windows\system32\fdrespub.dll
17:59:27.0214 2224 FDResPub - ok
17:59:27.0229 2224 [ 0046E0BD031213D37123876B0D0FA61C ] fhsvc C:\Windows\system32\fhsvc.dll
17:59:27.0276 2224 fhsvc - ok
17:59:27.0292 2224 [ 957A7A8F5ACCAF23DD9DFF6DAA393CE5 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:59:27.0292 2224 FileInfo - ok
17:59:27.0323 2224 [ A1A66C4FDAFD6B0289523232AFB7D8AF ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:59:27.0354 2224 Filetrace - ok
17:59:27.0354 2224 [ BE743083CF7063C486A4398E3AEFE59A ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
17:59:27.0370 2224 flpydisk - ok
17:59:27.0401 2224 [ 60D5067FCE6D9433D35E04C01D8538B3 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:59:27.0417 2224 FltMgr - ok
17:59:27.0464 2224 [ 183CA7699474FDE235853967D1DA4D9B ] FontCache C:\Windows\system32\FntCache.dll
17:59:27.0558 2224 FontCache - ok
17:59:27.0589 2224 [ 35005534E600E993A90B036E4E599F2B ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:59:27.0604 2224 FsDepends - ok
17:59:27.0620 2224 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:59:27.0636 2224 Fs_Rec - ok
17:59:27.0651 2224 [ 83E1F0983B02A6F8EC764D18E24ECF10 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:59:27.0667 2224 fvevol - ok
17:59:27.0698 2224 [ 9591D0B9351ED489EAFD9D1CE52A8015 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
17:59:27.0714 2224 FxPPM - ok
17:59:27.0714 2224 [ FC3EF65EE20D39F8749C2218DBA681CA ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:59:27.0729 2224 gagp30kx - ok
17:59:27.0776 2224 [ 0BF5CAD281E25F1418E5B8875DC5ADD1 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
17:59:27.0808 2224 gencounter - ok
17:59:27.0839 2224 [ FDA72810CA2F8409D9B31E833C448E34 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
17:59:27.0854 2224 GPIOClx0101 - ok
17:59:27.0901 2224 [ 0BDE0FCF597E9B65600121EF54FF8340 ] gpsvc C:\Windows\System32\gpsvc.dll
17:59:27.0933 2224 gpsvc - ok
17:59:27.0979 2224 [ 56F69F7C25FB67C970997D7066DBC593 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:59:28.0011 2224 HdAudAddService - ok
17:59:28.0011 2224 [ 03909BDBFF0DCACCABF2B2D4ADEE44DC ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
17:59:28.0026 2224 HDAudBus - ok
17:59:28.0058 2224 [ 10A70BC1871CD955D85CD88372724906 ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
17:59:28.0073 2224 HidBatt - ok
17:59:28.0073 2224 [ 1EA1B4FABB8CC348E73CA90DBA22E104 ] HidBth C:\Windows\System32\drivers\hidbth.sys
17:59:28.0089 2224 HidBth - ok
17:59:28.0104 2224 [ C241A8BAFBBFC90176EA0F5240EACC17 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
17:59:28.0120 2224 hidi2c - ok
17:59:28.0120 2224 [ 9BDDEE26255421017E161CCB9D5EDA95 ] HidIr C:\Windows\System32\drivers\hidir.sys
17:59:28.0136 2224 HidIr - ok
17:59:28.0167 2224 [ 449A20A674AA3FAA7F0DD4E33EE2DC20 ] hidserv C:\Windows\system32\hidserv.dll
17:59:28.0183 2224 hidserv - ok
17:59:28.0183 2224 [ F31397220D9687E11EB448649AA6E038 ] HidUsb C:\Windows\System32\drivers\hidusb.sys
17:59:28.0214 2224 HidUsb - ok
17:59:28.0229 2224 [ 7BF3ADCBD021D4F4A84CF40EB49C71B5 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:59:28.0245 2224 hkmsvc - ok
17:59:28.0261 2224 [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:59:28.0323 2224 HomeGroupListener - ok
17:59:28.0354 2224 [ BE5F89BAFBD4272D5A0C0A37B97865ED ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:59:28.0370 2224 HomeGroupProvider - ok
17:59:28.0401 2224 [ A6AACEA4C785789BDA5912AD1FEDA80D ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:59:28.0417 2224 HpSAMD - ok
17:59:28.0448 2224 [ 3502776E366C913D49C0DA928AE3E6CB ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:59:28.0479 2224 HTTP - ok
17:59:28.0495 2224 [ 90656C0B3864804B090434EFC582404F ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:59:28.0511 2224 hwpolicy - ok
17:59:28.0511 2224 [ 6D6F9E3BF0484967E52F7E846BFF1CA1 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
17:59:28.0542 2224 hyperkbd - ok
17:59:28.0542 2224 [ 907C870F8C31F8DDD6F090857B46AB25 ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
17:59:28.0573 2224 HyperVideo - ok
17:59:28.0589 2224 [ 84CFC5EFA97D0C965EDE1D56F116A541 ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
17:59:28.0620 2224 i8042prt - ok
17:59:28.0620 2224 [ 5D90E32E36CE5D4C535D17CE08AEAF05 ] iaLPSSi_GPIO C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
17:59:28.0636 2224 iaLPSSi_GPIO - ok
17:59:28.0636 2224 [ DD05E7E80F52ADE9AEB292819920F32C ] iaLPSSi_I2C C:\Windows\System32\drivers\iaLPSSi_I2C.sys
17:59:28.0651 2224 iaLPSSi_I2C - ok
17:59:28.0683 2224 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC ] iaStorAV C:\Windows\system32\drivers\iaStorAV.sys
17:59:28.0698 2224 iaStorAV - ok
17:59:28.0698 2224 [ A2200C3033FA4EF249FC096A7A7D02A2 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:59:28.0729 2224 iaStorV - ok
17:59:28.0729 2224 IEEtwCollectorService - ok
17:59:28.0761 2224 [ B82255670D270B75D2D2F0F8747D1443 ] IKEEXT C:\Windows\System32\ikeext.dll
17:59:28.0792 2224 IKEEXT - ok
17:59:28.0808 2224 [ 4E448FCFFD00E8D657CD9E48D3E47157 ] intelide C:\Windows\system32\drivers\intelide.sys
17:59:28.0808 2224 intelide - ok
17:59:28.0823 2224 [ 139CFCDCD36B1B1782FD8C0014AC9B0E ] intelpep C:\Windows\system32\drivers\intelpep.sys
17:59:28.0839 2224 intelpep - ok
17:59:28.0839 2224 [ 47E74A8E53C7C24DCE38311E1451C1D9 ] intelppm C:\Windows\System32\drivers\intelppm.sys
17:59:28.0870 2224 intelppm - ok
17:59:28.0870 2224 [ 9DB76D7F9E4E53EFE5DD8C53DE837514 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:59:28.0886 2224 IpFilterDriver - ok
17:59:28.0917 2224 [ DFC4050D58565ADBEE793A8D4AEBDAE6 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:59:28.0964 2224 iphlpsvc - ok
17:59:28.0964 2224 [ 9949A3C7590B8C536C05312205079A82 ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
17:59:29.0011 2224 IPMIDRV - ok
17:59:29.0026 2224 [ B7342B3C58E91107F6E946A93D9D4EFD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:59:29.0073 2224 IPNAT - ok
17:59:29.0089 2224 [ AE44C526AB5F8A487D941CEB57B10C97 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:59:29.0104 2224 IRENUM - ok
17:59:29.0120 2224 [ 8AFEEA3955AA43616A60F133B1D25F21 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:59:29.0120 2224 isapnp - ok
17:59:29.0151 2224 [ 034D4BD9DC67C64F3A4C8A049B5173BF ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
17:59:29.0183 2224 iScsiPrt - ok
17:59:29.0198 2224 [ 8BE92376799B6B44D543E8D07CDCF885 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
17:59:29.0214 2224 kbdclass - ok
17:59:29.0214 2224 [ FB6E47E569D4872ABEB506BE03A45FBA ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
17:59:29.0245 2224 kbdhid - ok
17:59:29.0261 2224 [ DB7A09BC90DF20F44F16F8B0F9ED3491 ] kbldfltr C:\Windows\system32\drivers\kbldfltr.sys
17:59:29.0261 2224 kbldfltr - ok
17:59:29.0292 2224 [ 813871C7D402A05F2E3A7075F9584A05 ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
17:59:29.0354 2224 kdnic - ok
17:59:29.0370 2224 [ F6F209DDB94959BA104FC8FC87C53759 ] KeyIso C:\Windows\system32\lsass.exe
17:59:29.0370 2224 KeyIso - ok
17:59:29.0464 2224 [ ADDECBCC777665BD113BED437E602AB0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:59:29.0479 2224 KSecDD - ok
17:59:29.0495 2224 [ 7296EA420134EAC390798B3232D066A4 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:59:29.0511 2224 KSecPkg - ok
17:59:29.0511 2224 [ 11AFB527AA370B1DAFD5C36F35F6D45F ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:59:29.0526 2224 ksthunk - ok
17:59:29.0558 2224 [ 32B1A8351160F307A8C66BCB0F94A9C2 ] KtmRm C:\Windows\system32\msdtckrm.dll
17:59:29.0589 2224 KtmRm - ok
17:59:29.0604 2224 [ 27B58E16CF895AC1F1A97C04814C2239 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:59:29.0636 2224 LanmanServer - ok
17:59:29.0667 2224 [ D0D9C2ECA4D03A8F06DCD91236B90C98 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:59:29.0698 2224 LanmanWorkstation - ok
17:59:29.0729 2224 [ EE289BD147FDFF95EF1B9BD65D3B974A ] lfsvc C:\Windows\System32\GeofenceMonitorService.dll
17:59:29.0792 2224 lfsvc - ok
17:59:29.0823 2224 [ C09010B3680860131631F53E8FE7BAD8 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:59:29.0839 2224 lltdio - ok
17:59:29.0870 2224 [ 00E070FC0C673311AFD4B068D1242780 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:59:29.0886 2224 lltdsvc - ok
17:59:29.0901 2224 [ D113FAD71A5E67AA94B32A0F8828D265 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:59:29.0933 2224 lmhosts - ok
17:59:29.0964 2224 [ C755AE4635457AA2A11F79C0DF857ABC ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:59:29.0964 2224 LSI_SAS - ok
17:59:29.0979 2224 [ ADAC09CBE7A2040B7F68B5E5C9A75141 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
17:59:29.0995 2224 LSI_SAS2 - ok
17:59:29.0995 2224 [ 04D1274BB9BBCCF12BD12374002AA191 ] LSI_SAS3 C:\Windows\system32\drivers\lsi_sas3.sys
17:59:30.0011 2224 LSI_SAS3 - ok
17:59:30.0011 2224 [ 327469EEF3833D0C584B7E88A76AEC0C ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
17:59:30.0026 2224 LSI_SSS - ok
17:59:30.0073 2224 [ B6B69FF200F68888A7FAFDF204D00C91 ] LSM C:\Windows\System32\lsm.dll
17:59:30.0136 2224 LSM - ok
17:59:30.0151 2224 [ 5EF604B0698F4FA962778285E8C5F1F2 ] luafv C:\Windows\system32\drivers\luafv.sys
17:59:30.0167 2224 luafv - ok
17:59:30.0167 2224 [ EB5C03A070F30D64A6DF80E53B22F53F ] megasas C:\Windows\system32\drivers\megasas.sys
17:59:30.0183 2224 megasas - ok
17:59:30.0198 2224 [ F6F13533196DE7A582D422B0241E4363 ] megasr C:\Windows\system32\drivers\megasr.sys
17:59:30.0214 2224 megasr - ok
17:59:30.0245 2224 [ FD788C2D96EA91469A3C1D13E80D7473 ] MMCSS C:\Windows\system32\mmcss.dll
17:59:30.0292 2224 MMCSS - ok
17:59:30.0292 2224 [ 8B38C44F69259987C95135C9627E2378 ] Modem C:\Windows\system32\drivers\modem.sys
17:59:30.0308 2224 Modem - ok
17:59:30.0323 2224 [ 601589000CC90F0DF8DA2CC254A3CCC9 ] monitor C:\Windows\System32\drivers\monitor.sys
17:59:30.0354 2224 monitor - ok
17:59:30.0370 2224 [ CEAC6D40FE887CE8406C2393CF97DE06 ] mouclass C:\Windows\System32\drivers\mouclass.sys
17:59:30.0370 2224 mouclass - ok
17:59:30.0386 2224 [ 02D98BF804084E9A0D69D1C69B02CCA9 ] mouhid C:\Windows\System32\drivers\mouhid.sys
17:59:30.0401 2224 mouhid - ok
17:59:30.0417 2224 [ 515549560D481138E6E21AF7C6998E56 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:59:30.0417 2224 mountmgr - ok
17:59:30.0433 2224 [ F170510BE94CF45E3C6274578F6204B2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:59:30.0464 2224 mpsdrv - ok
17:59:30.0511 2224 [ D186C5844393252147BE934F3871DB7A ] MpsSvc C:\Windows\system32\mpssvc.dll
17:59:30.0542 2224 MpsSvc - ok
17:59:30.0558 2224 [ 59DCEC7499095DE5AED741358037AE2D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:59:30.0589 2224 MRxDAV - ok
17:59:30.0636 2224 [ 79B6F3DF7CDFD12159871FF71464F0CE ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:59:30.0667 2224 mrxsmb - ok
17:59:30.0683 2224 [ 295771B092D4F7FCF2B62F80CCD14320 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:59:30.0729 2224 mrxsmb10 - ok
17:59:30.0729 2224 [ AAF56E4E84D35411B4E446C445732DFE ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:59:30.0776 2224 mrxsmb20 - ok
17:59:30.0792 2224 [ 4E888019078AC363076A5433E89AA4F8 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
17:59:30.0823 2224 MsBridge - ok
17:59:30.0854 2224 [ A082C17D14D0790E27D064EA4B138AE1 ] MSDTC C:\Windows\System32\msdtc.exe
17:59:30.0870 2224 MSDTC - ok
17:59:30.0886 2224 [ D13329FBF8345B28AB30F44CC247DC08 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:59:30.0886 2224 Msfs - ok
17:59:30.0901 2224 [ C6B474E46F9E543B875981ED3FFE6ADD ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
17:59:30.0917 2224 msgpiowin32 - ok
17:59:30.0933 2224 [ 65C92EB9D08DB5C69F28C7FFD4E84E31 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:59:30.0933 2224 mshidkmdf - ok
17:59:30.0948 2224 [ 52299F086AC2DAFD100DD5DC4A8614BA ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
17:59:30.0964 2224 mshidumdf - ok
17:59:30.0979 2224 [ 36D92AF3343C3A3E57FEF11C449AEA4C ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:59:30.0995 2224 msisadrv - ok
17:59:31.0026 2224 [ 810F8A0A0680662BB0CE44D0E2CEF90C ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:59:31.0042 2224 MSiSCSI - ok
17:59:31.0042 2224 msiserver - ok
17:59:31.0073 2224 [ D22AE5313F6B7EFDDD8C117B5501F4A3 ] MsKeyboardFilter C:\Windows\System32\KeyboardFilterSvc.dll
17:59:31.0089 2224 MsKeyboardFilter - ok
17:59:31.0089 2224 [ A9BBBD2BAE6142253B9195E949AC2E8D ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:59:31.0120 2224 MSKSSRV - ok
17:59:31.0136 2224 [ 375E44168F2DFB91A68B8A3F619C5A7C ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
17:59:31.0167 2224 MsLldp - ok
17:59:31.0167 2224 [ 7B2128EB875DCBC006E6A913211006D6 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:59:31.0183 2224 MSPCLOCK - ok
17:59:31.0183 2224 [ 1E88171579B218115C7A772F8DE04BD8 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:59:31.0198 2224 MSPQM - ok
17:59:31.0214 2224 [ BBE2A455053E63BECBF42C2F9B21FAE0 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:59:31.0245 2224 MsRPC - ok
17:59:31.0261 2224 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
17:59:31.0261 2224 mssmbios - ok
17:59:31.0276 2224 [ 115019AE01E0EB9C048530D2928AB4A2 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:59:31.0276 2224 MSTEE - ok
17:59:31.0292 2224 [ 96D604A35070360F0DD4A7A8AF410B5E ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
17:59:31.0308 2224 MTConfig - ok
17:59:31.0323 2224 [ 619CA29326B82372621DB2C0964D8365 ] Mup C:\Windows\system32\Drivers\mup.sys
17:59:31.0323 2224 Mup - ok
17:59:31.0339 2224 [ B8C35C94DCB2DFEAF03BB42131F2F77F ] mvumis C:\Windows\system32\drivers\mvumis.sys
17:59:31.0339 2224 mvumis - ok
17:59:31.0386 2224 [ 41A45D2A75494EABF2806EA051E00376 ] napagent C:\Windows\system32\qagentRT.dll
17:59:31.0433 2224 napagent - ok
17:59:31.0464 2224 [ CF8B989D89D6807B887690F2CF24EFD9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:59:31.0511 2224 NativeWifiP - ok
17:59:31.0526 2224 [ 71E3C0100AA19D11373CCEB2F51A6008 ] NcaSvc C:\Windows\System32\ncasvc.dll
17:59:31.0573 2224 NcaSvc - ok
17:59:31.0589 2224 [ 51DF09CAB2CAC64FEE3E371D9028ED01 ] NcbService C:\Windows\System32\ncbservice.dll
17:59:31.0667 2224 NcbService - ok
17:59:31.0683 2224 [ 2586C4C167499210DCBF3ECFD8CCE210 ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
17:59:31.0729 2224 NcdAutoSetup - ok
17:59:31.0776 2224 [ ED39D676080A1AEA755F1DEC1A8DF1A4 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:59:31.0823 2224 NDIS - ok
17:59:31.0823 2224 [ C6BB12BC35D1637CA17AE16D3A4725EB ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:59:31.0854 2224 NdisCap - ok
17:59:31.0870 2224 [ 9F1DA20E943BE7AA4ED5F3E1EBA78B37 ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
17:59:31.0917 2224 NdisImPlatform - ok
17:59:31.0917 2224 [ 9423421E735BD5394351E0C47C76BB92 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:59:31.0948 2224 NdisTapi - ok
17:59:31.0964 2224 [ B832B35055BA2B7B4181861FF94D8E59 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:59:31.0979 2224 Ndisuio - ok
17:59:31.0995 2224 [ 1F58E48EF75F34C35D8E93A0DC535CFE ] NdisVirtualBus C:\Windows\System32\drivers\NdisVirtualBus.sys
17:59:32.0011 2224 NdisVirtualBus - ok
17:59:32.0026 2224 [ DEC29080202D4F9F17F55E18BCFCC41A ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:59:32.0042 2224 NdisWan - ok
17:59:32.0058 2224 [ DEC29080202D4F9F17F55E18BCFCC41A ] NdisWanLegacy C:\Windows\system32\DRIVERS\ndiswan.sys
17:59:32.0058 2224 NdisWanLegacy - ok
17:59:32.0073 2224 [ A5BD69A8812FA79D1A487691DD3FB244 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:59:32.0089 2224 NDProxy - ok
17:59:32.0104 2224 [ 5A072F0B90C29C5233D78BE33EF5ED78 ] Ndu C:\Windows\system32\drivers\Ndu.sys
17:59:32.0120 2224 Ndu - ok
17:59:32.0136 2224 [ A83D67D347A684F10B7D3019C8A6380C ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:59:32.0151 2224 NetBIOS - ok
17:59:32.0151 2224 [ 0217532E19A748F0E5D569307363D5FD ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:59:32.0167 2224 NetBT - ok
17:59:32.0183 2224 [ F6F209DDB94959BA104FC8FC87C53759 ] Netlogon C:\Windows\system32\lsass.exe
17:59:32.0198 2224 Netlogon - ok
17:59:32.0229 2224 [ B7AD851A21FEBA3BA214972627614207 ] Netman C:\Windows\System32\netman.dll
17:59:32.0261 2224 Netman - ok
17:59:32.0292 2224 [ F0F0A372C2EF6358399C4936F91B6131 ] netprofm C:\Windows\System32\netprofmsvc.dll
17:59:32.0308 2224 netprofm - ok
17:59:32.0464 2224 [ 1092B3190E69E0C5ECBCE90F171DE047 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:59:32.0511 2224 NetTcpPortSharing - ok
17:59:32.0542 2224 [ 70414DB660BFBB7BD58FCE8EA4364E1B ] netvsc C:\Windows\system32\DRIVERS\netvsc63.sys
17:59:32.0575 2224 netvsc - ok
17:59:32.0606 2224 [ 3A280F3B3C7A46E29C404ACD46ECBF5E ] NlaSvc C:\Windows\System32\nlasvc.dll
17:59:32.0622 2224 NlaSvc - ok
17:59:32.0653 2224 [ 8F44A2F57C9F1A19AC9C6288C10FB351 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:59:32.0669 2224 Npfs - ok
17:59:32.0669 2224 [ CBDB4F0871C88DF930FC0E8588CA67FC ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
17:59:32.0731 2224 npsvctrig - ok
17:59:32.0825 2224 [ 6E2271ED0C3E95B8E29F3752B91B9E84 ] nsi C:\Windows\system32\nsisvc.dll
17:59:32.0856 2224 nsi - ok
17:59:32.0872 2224 [ E490B459978CB87779E84C761D22B827 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:59:32.0888 2224 nsiproxy - ok
17:59:32.0966 2224 [ 4412D565C0278C401575E11072C7DCE3 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:59:33.0028 2224 Ntfs - ok
17:59:33.0044 2224 [ EF1B290FC9F0E47CC0B537292BEE5904 ] Null C:\Windows\system32\drivers\Null.sys
17:59:33.0059 2224 Null - ok
17:59:33.0091 2224 [ BC6B5942AFF25EBAF62DE43C3807EDF8 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:59:33.0106 2224 nvraid - ok
17:59:33.0122 2224 [ 1F43ABFFAC3D6CA356851D517392966E ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:59:33.0138 2224 nvstor - ok
17:59:33.0153 2224 [ 6934A936A7369DFE37B7DBA93F5E5E49 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:59:33.0169 2224 nv_agp - ok
17:59:33.0200 2224 [ 3B510F20806B94E389784ED09DBD2111 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:59:33.0278 2224 p2pimsvc - ok
17:59:33.0325 2224 [ 2A57A937BC5B1B2D6AFE6A8C5925F50B ] p2psvc C:\Windows\system32\p2psvc.dll
17:59:33.0356 2224 p2psvc - ok
17:59:33.0372 2224 [ 764B1121867B2D9B31C491668AC72B2B ] Parport C:\Windows\System32\drivers\parport.sys
17:59:33.0403 2224 Parport - ok
17:59:33.0419 2224 [ EF0C1749C9A8CEE9A457473D433CC00F ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:59:33.0434 2224 partmgr - ok
17:59:33.0450 2224 [ 9A5309EF92F39346CFD5A4C2C3D1BFAD ] PcaSvc C:\Windows\System32\pcasvc.dll
17:59:33.0481 2224 PcaSvc - ok
17:59:33.0497 2224 [ C0D3F3BC1C84B4BA746D9847314C1164 ] pci C:\Windows\system32\drivers\pci.sys
17:59:33.0513 2224 pci - ok
17:59:33.0528 2224 [ 346E38FCC6859A727DD28AFAD1F0AFF4 ] pciide C:\Windows\system32\drivers\pciide.sys
17:59:33.0544 2224 pciide - ok
17:59:33.0544 2224 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:59:33.0559 2224 pcmcia - ok
17:59:33.0591 2224 [ BF28771D1436C88BE1D297D3098B0F7D ] pcw C:\Windows\system32\drivers\pcw.sys
17:59:33.0606 2224 pcw - ok
17:59:33.0606 2224 [ B9D968D8E2B0F9C6301CEB39CFC9B9E4 ] pdc C:\Windows\system32\drivers\pdc.sys
17:59:33.0622 2224 pdc - ok
17:59:33.0653 2224 [ BA50CC0BD19004AAB88BE37338B6FA0D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:59:33.0684 2224 PEAUTH - ok
17:59:33.0747 2224 [ 084DE525DFE82AE7453DD527390FA110 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:59:33.0825 2224 PeerDistSvc - ok
17:59:33.0872 2224 [ 8E3C640FFF5A963F570233AE99C0FFF3 ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:59:33.0950 2224 PerfHost - ok
17:59:34.0013 2224 [ 928061178CD9856CA6B67FFFCE6BA766 ] pla C:\Windows\system32\pla.dll
17:59:34.0059 2224 pla - ok
17:59:34.0091 2224 [ 752A457320A946E03C3AA86C3ACD735E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:59:34.0106 2224 PlugPlay - ok
17:59:34.0106 2224 [ 045EB4F260606A03BE340D09DEAF3BA4 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:59:34.0138 2224 PNRPAutoReg - ok
17:59:34.0169 2224 [ 3B510F20806B94E389784ED09DBD2111 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:59:34.0184 2224 PNRPsvc - ok
17:59:34.0216 2224 [ C16097D77A232A288D65F299E2E01105 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:59:34.0263 2224 PolicyAgent - ok
17:59:34.0294 2224 [ 00E08B30E7F7C13ECE2CDF4F46A77311 ] Power C:\Windows\system32\umpo.dll
17:59:34.0356 2224 Power - ok
17:59:34.0450 2224 [ B7DB57A000D46D4DE75BC0C563E58072 ] PrintNotify C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
17:59:34.0528 2224 PrintNotify - ok
17:59:34.0559 2224 [ ECD373F9571C745894367CC2635EA44F ] Processor C:\Windows\System32\drivers\processr.sys
17:59:34.0575 2224 Processor - ok
17:59:34.0591 2224 [ 8513A1E7AE4B9DC82C4B4F432C648A58 ] ProfSvc C:\Windows\system32\profsvc.dll
17:59:34.0638 2224 ProfSvc - ok
17:59:34.0669 2224 [ 8528BB05E4D4E25945F78B00B2555FB7 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:59:34.0684 2224 Psched - ok
17:59:34.0700 2224 [ AF90BB44C99D6820BE52C9BBAA523283 ] QWAVE C:\Windows\system32\qwave.dll
17:59:34.0731 2224 QWAVE - ok
17:59:34.0747 2224 [ 3FB466684609A4329858CF2EBD62E0FD ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:59:34.0763 2224 QWAVEdrv - ok
17:59:34.0763 2224 [ 2C56F0EE27E4EF70CA4B4983D3638905 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:59:34.0778 2224 RasAcd - ok
17:59:34.0794 2224 [ 5F061AC45266841A2860C1858ED863B8 ] RasAuto C:\Windows\System32\rasauto.dll
17:59:34.0841 2224 RasAuto - ok
17:59:34.0888 2224 [ BF3B17016764F20F9D28CF1A8DC210C0 ] RasMan C:\Windows\System32\rasmans.dll
17:59:34.0903 2224 RasMan - ok
17:59:34.0903 2224 [ 5247F308C4103CDC4FE12AE1D235800A ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:59:34.0919 2224 RasPppoe - ok
17:59:34.0950 2224 [ B939A2A0F9D6C6C186721E268EB6FA93 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:59:34.0966 2224 rdbss - ok
17:59:34.0981 2224 [ 6B21EBF892CD8CACB71669B35AB5DE32 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
17:59:35.0013 2224 rdpbus - ok
17:59:35.0044 2224 [ 680C1DAE268B6FB67FA21B389A8B79EF ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:59:35.0075 2224 RDPDR - ok
17:59:35.0091 2224 [ 858776908AF838E3790F3261B799CDA6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:59:35.0106 2224 RdpVideoMiniport - ok
17:59:35.0106 2224 [ 847C6A08912C3515807049C93E526D65 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:59:35.0122 2224 rdyboost - ok
17:59:35.0153 2224 [ 036746D54347FD2D0385668E2A4064E4 ] ReFS C:\Windows\system32\drivers\ReFS.sys
17:59:35.0184 2224 ReFS - ok
17:59:35.0216 2224 [ BFFB40FBE6D2C3469F8D06EE5E4934AB ] RemoteAccess C:\Windows\System32\mprdim.dll
17:59:35.0247 2224 RemoteAccess - ok
17:59:35.0278 2224 [ 4DCCABE03D06955ED61BABBD8EF9F30F ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:59:35.0294 2224 RemoteRegistry - ok
17:59:35.0309 2224 [ D894CBD7DA753C881EE8D5E33B583225 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:59:35.0325 2224 RpcEptMapper - ok
17:59:35.0356 2224 [ 5CAE8F47B31D5CFC322B5B898C19E0FE ] RpcLocator C:\Windows\system32\locator.exe
17:59:35.0388 2224 RpcLocator - ok
17:59:35.0419 2224 [ 3FD5AE42EC87C6F532A931F96BE731DD ] RpcSs C:\Windows\system32\rpcss.dll
17:59:35.0434 2224 RpcSs - ok
17:59:35.0466 2224 [ 2D05A5508F4685412F2B89E8C2189ABC ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:59:35.0481 2224 rspndr - ok
17:59:35.0528 2224 [ A307450FE19F99CC8AC750EB13959F94 ] RTWlanE C:\Windows\system32\DRIVERS\rtwlane.sys
17:59:35.0575 2224 RTWlanE - ok
17:59:35.0622 2224 [ 1A063730F221B2746FF00457AE17E4F0 ] s3cap C:\Windows\System32\drivers\vms3cap.sys
17:59:35.0638 2224 s3cap - ok
17:59:35.0653 2224 [ F6F209DDB94959BA104FC8FC87C53759 ] SamSs C:\Windows\system32\lsass.exe
17:59:35.0669 2224 SamSs - ok
17:59:35.0685 2224 [ C624A1B32211C3166EDB3F4AB02A30B7 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:59:35.0700 2224 sbp2port - ok
17:59:35.0731 2224 [ 47C497FA4DDEA908633CAA60CEBE6805 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:59:35.0747 2224 SCardSvr - ok
17:59:35.0763 2224 [ E76C4E98302AE39CC6FA5D20FC8B5438 ] ScDeviceEnum C:\Windows\System32\ScDeviceEnum.dll
17:59:35.0778 2224 ScDeviceEnum - ok
17:59:35.0778 2224 [ ABD0237B15DBD2B4695F4B7D734A58F7 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:59:35.0794 2224 scfilter - ok
17:59:35.0825 2224 [ 888A30EAB651502352C18745367FD179 ] Schedule C:\Windows\system32\schedsvc.dll
17:59:35.0841 2224 Schedule - ok
17:59:35.0872 2224 [ AB285CE3431FF3D2ACE669245874C1C7 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:59:35.0888 2224 SCPolicySvc - ok
17:59:35.0903 2224 [ 2F9A3380B8C0380E5608E29C7AA66899 ] sdbus C:\Windows\System32\drivers\sdbus.sys
17:59:35.0919 2224 sdbus - ok
17:59:35.0919 2224 [ 4EAF4DCF9DBD9A56952A58F56D61C005 ] sdstor C:\Windows\System32\drivers\sdstor.sys
17:59:35.0934 2224 sdstor - ok
17:59:35.0950 2224 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:59:35.0966 2224 secdrv - ok
17:59:35.0981 2224 [ C49009F897BA4F2F4F31043663AA1485 ] seclogon C:\Windows\system32\seclogon.dll
17:59:36.0013 2224 seclogon - ok
17:59:36.0028 2224 [ A88882E64BDC1D8E8D6E727B71CCCC53 ] SENS C:\Windows\System32\sens.dll
17:59:36.0059 2224 SENS - ok
17:59:36.0075 2224 [ E66A7C8CE7ED22DED6DF1CA479FB4790 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:59:36.0138 2224 SensrSvc - ok
17:59:36.0153 2224 [ DB2FF24CE0BDD15FE75870AFE312BA89 ] SerCx C:\Windows\system32\drivers\SerCx.sys
17:59:36.0169 2224 SerCx - ok
17:59:36.0184 2224 [ 0044B31F93946D5D41982314381FE431 ] SerCx2 C:\Windows\system32\drivers\SerCx2.sys
17:59:36.0200 2224 SerCx2 - ok
17:59:36.0200 2224 [ 3CD600C089C1251BEEB4CD4CD5164F9E ] Serenum C:\Windows\System32\drivers\serenum.sys
17:59:36.0216 2224 Serenum - ok
17:59:36.0216 2224 [ D864381BC9C725FAB01D94C060660166 ] Serial C:\Windows\System32\drivers\serial.sys
17:59:36.0247 2224 Serial - ok
17:59:36.0247 2224 [ 0BD2B65DCE756FDE95A2E5CCCBF7705D ] sermouse C:\Windows\System32\drivers\sermouse.sys
17:59:36.0263 2224 sermouse - ok
17:59:36.0294 2224 [ 441E6FF1F34D7A942946DB42A15FB519 ] SessionEnv C:\Windows\system32\sessenv.dll
17:59:36.0356 2224 SessionEnv - ok
17:59:36.0356 2224 [ 472B7A5AC181C050888DB454663DD764 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
17:59:36.0372 2224 sfloppy - ok
17:59:36.0419 2224 [ F4414F57DF2CECB8FC969AA43A6B0D50 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:59:36.0450 2224 SharedAccess - ok
17:59:36.0481 2224 [ 0D190D8B4B20446BE6299AC734DFADF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:59:36.0513 2224 ShellHWDetection - ok
17:59:36.0513 2224 [ 2F518D13DD6F3053837FE606F1A2EA1F ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
17:59:36.0528 2224 SiSRaid2 - ok
17:59:36.0544 2224 [ 1AC9A200A9C49C4508F04AAFFCA34A3F ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:59:36.0544 2224 SiSRaid4 - ok
17:59:36.0575 2224 [ 587ACA15210D1B01FBF272E07A08F91A ] smphost C:\Windows\System32\smphost.dll
17:59:36.0606 2224 smphost - ok
17:59:36.0638 2224 [ 49EEB92DE930B8566EF615D600781DB4 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:59:36.0700 2224 SNMPTRAP - ok
17:59:36.0716 2224 [ F6EBE514D13ECE7EDC23440039CDF9AB ] spaceport C:\Windows\system32\drivers\spaceport.sys
17:59:36.0731 2224 spaceport - ok
17:59:36.0763 2224 [ F337BE11071818FC3F5DC2940B6BDE34 ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
17:59:36.0763 2224 SpbCx - ok
17:59:36.0794 2224 [ FE0CB40F36D3FCDD3A1B312EF72C38D5 ] Spooler C:\Windows\System32\spoolsv.exe
17:59:36.0856 2224 Spooler - ok
17:59:36.0950 2224 [ E6DEC72A2A23FAA53EB9FEC3C7E29D66 ] sppsvc C:\Windows\system32\sppsvc.exe
17:59:37.0122 2224 sppsvc - ok
17:59:37.0138 2224 [ 2B78788A1485F9B99A578A299DF42C02 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:59:37.0200 2224 srv - ok
17:59:37.0216 2224 [ C1AE59C0B0817236EC083A91C396005A ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:59:37.0247 2224 srv2 - ok
17:59:37.0263 2224 [ 77195C32175FC63D6054EBA5A066D727 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:59:37.0294 2224 srvnet - ok
17:59:37.0325 2224 [ BB9ED3EDD8E85008215A7250D325A72E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:59:37.0356 2224 SSDPSRV - ok
17:59:37.0372 2224 [ 3911418AFDE10EA6823B7799E4815524 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:59:37.0388 2224 SstpSvc - ok
17:59:37.0419 2224 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B ] stexstor C:\Windows\system32\drivers\stexstor.sys
17:59:37.0419 2224 stexstor - ok
17:59:37.0466 2224 [ D638904FE86A5FE542A1BA13A9D68E5C ] stisvc C:\Windows\System32\wiaservc.dll
17:59:37.0497 2224 stisvc - ok
17:59:37.0497 2224 [ 0ED2E318ABB68C1A35A8B8038BDB4C90 ] storahci C:\Windows\system32\drivers\storahci.sys
17:59:37.0513 2224 storahci - ok
17:59:37.0528 2224 [ 7A08CEE1535F5A448215634C5EA74E50 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
17:59:37.0544 2224 storflt - ok
17:59:37.0544 2224 [ 6B06E2D11E604BE2B1A406C4CB3B90DE ] stornvme C:\Windows\system32\drivers\stornvme.sys
17:59:37.0559 2224 stornvme - ok
17:59:37.0575 2224 [ 3118058E3D07021A55324A943C6D722B ] StorSvc C:\Windows\system32\storsvc.dll
17:59:37.0624 2224 StorSvc - ok
17:59:37.0639 2224 [ 548759755BC73DAD663250239D7E0B9F ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:59:37.0639 2224 storvsc - ok
17:59:37.0671 2224 [ 03618F935379614837F915D04C45FC0E ] storvsp C:\Windows\System32\drivers\storvsp.sys
17:59:37.0733 2224 storvsp - ok
17:59:37.0749 2224 [ D8E1AE075AB3E8AD56F69C44AA978596 ] svsvc C:\Windows\system32\svsvc.dll
17:59:37.0780 2224 svsvc - ok
17:59:37.0796 2224 [ 84E0F5D41C138C5CC975137A2A98F6D3 ] swenum C:\Windows\System32\drivers\swenum.sys
17:59:37.0811 2224 swenum - ok
17:59:37.0843 2224 [ A5DC2E63F5E5D3C0B843307374998479 ] swprv C:\Windows\System32\swprv.dll
17:59:37.0858 2224 swprv - ok
17:59:37.0905 2224 [ 25F0DA8E7F26416FDB5D77592B5C1A8B ] Synth3dVsc C:\Windows\System32\drivers\Synth3dVsc.sys
17:59:37.0921 2224 Synth3dVsc - ok
17:59:37.0952 2224 [ E45DA7CBBA34510C8B9473AD7D4FFD0B ] SysMain C:\Windows\system32\sysmain.dll
17:59:37.0999 2224 SysMain - ok
17:59:38.0030 2224 [ D65B1C952AEB864C2BAC7A770B17ECCE ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
17:59:38.0077 2224 SystemEventsBroker - ok
17:59:38.0077 2224 [ BA6DD39266A5E15515C8C14DA2DA3E5C ] TabletInputService C:\Windows\System32\TabSvc.dll
17:59:38.0093 2224 TabletInputService - ok
17:59:38.0124 2224 [ B517410F157693043DACA21B19B258A6 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:59:38.0140 2224 TapiSrv - ok
17:59:38.0202 2224 [ 3D9A5AC880D7AA2305812D665D24ED23 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:59:38.0264 2224 Tcpip - ok
17:59:38.0296 2224 [ 3D9A5AC880D7AA2305812D665D24ED23 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:59:38.0358 2224 TCPIP6 - ok
17:59:38.0374 2224 [ 33A7D83EEB15431773A6E186CFAABA21 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:59:38.0405 2224 tcpipreg - ok
17:59:38.0421 2224 [ FFF28F9F6823EB1756C60F1649560BBF ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:59:38.0436 2224 tdx - ok
17:59:38.0452 2224 [ 232D185D2337F141311D0CF1983E1431 ] terminpt C:\Windows\System32\drivers\terminpt.sys
17:59:38.0452 2224 terminpt - ok
17:59:38.0546 2224 [ 2C77831737491F4D684D315B95C62883 ] TermService C:\Windows\System32\termsrv.dll
17:59:38.0593 2224 TermService - ok
17:59:38.0608 2224 [ 05FBE1F7C13E87AF7A414CDF288B1F62 ] Themes C:\Windows\system32\themeservice.dll
17:59:38.0624 2224 Themes - ok
17:59:38.0655 2224 [ 77CF0ECC1C2B5E616B650AB5D4931114 ] Thotkey C:\Windows\System32\drivers\Thotkey.sys
17:59:38.0671 2224 Thotkey - ok
17:59:38.0702 2224 [ FD788C2D96EA91469A3C1D13E80D7473 ] THREADORDER C:\Windows\system32\mmcss.dll
17:59:38.0718 2224 THREADORDER - ok
17:59:38.0733 2224 [ 347A3E49CE18402305B8119A6EC7CFEB ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
17:59:38.0749 2224 TimeBroker - ok
17:59:38.0780 2224 [ 82F909359600D3603FE852DB7F135626 ] TPM C:\Windows\system32\drivers\tpm.sys
17:59:38.0796 2224 TPM - ok
17:59:38.0811 2224 [ C97E14BB6A196B0554D6EB67D8818175 ] TrkWks C:\Windows\System32\trkwks.dll
17:59:38.0843 2224 TrkWks - ok
17:59:38.0905 2224 [ DA56FFA46030E6FEB215E3D5DAA65B11 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:59:38.0921 2224 TrustedInstaller - ok
17:59:38.0936 2224 [ BF8F54CA37E9C9D6582C31C5761F8C93 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:59:39.0014 2224 TsUsbFlt - ok
17:59:39.0014 2224 [ E0088068DCE2EE82897027DDB8E05254 ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
17:59:39.0046 2224 TsUsbGD - ok
17:59:39.0061 2224 [ 4A445D5E44CD996D18E128EF321D54B2 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
17:59:39.0093 2224 tsusbhub - ok
17:59:39.0139 2224 [ C8E0E78B5D284C2FF59BDFFDAF997242 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:59:39.0155 2224 tunnel - ok
17:59:39.0202 2224 [ 54BDBF3D4DED58DA78B702471C68D4CA ] TVALZ C:\Windows\system32\drivers\TVALZ_O.SYS
17:59:39.0218 2224 TVALZ - ok
17:59:39.0233 2224 [ F6EEAD052943B5A3104C1405BB856C54 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:59:39.0249 2224 uagp35 - ok
17:59:39.0264 2224 [ FE6067B1FD4E63650C667B33D080565B ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
17:59:39.0280 2224 UASPStor - ok
17:59:39.0280 2224 [ 5D1B430EA11064C56E7C8F84B90DEB6A ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
17:59:39.0311 2224 UCX01000 - ok
17:59:39.0327 2224 [ 1EC649F112896FAE33250F0B97AC5D0B ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:59:39.0358 2224 udfs - ok
17:59:39.0358 2224 [ 9578691F297E1B1F519970FE6D47CB21 ] UEFI C:\Windows\System32\drivers\UEFI.sys
17:59:39.0374 2224 UEFI - ok
17:59:39.0452 2224 [ 320878AFECDBBD61BBE98624A6CAAC08 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:59:39.0468 2224 UI0Detect - ok
17:59:39.0468 2224 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:59:39.0483 2224 uliagpkx - ok
17:59:39.0483 2224 [ DA34C39A18E60E7C3FA0630566408034 ] umbus C:\Windows\System32\drivers\umbus.sys
17:59:39.0499 2224 umbus - ok
17:59:39.0499 2224 [ AE8294875E5446E359B1E8035D40C05E ] UmPass C:\Windows\System32\drivers\umpass.sys
17:59:39.0514 2224 UmPass - ok
17:59:39.0546 2224 [ E3DDF7D43E05784FAA5E042605EEE528 ] UmRdpService C:\Windows\System32\umrdp.dll
17:59:39.0561 2224 UmRdpService - ok
17:59:39.0593 2224 [ 4A2FFDAC45F317E17DF642C7160EB633 ] upnphost C:\Windows\System32\upnphost.dll
17:59:39.0608 2224 upnphost - ok
17:59:39.0624 2224 [ 433ECDE01A52691FA7ACA51C10C09B70 ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
17:59:39.0639 2224 usbccgp - ok
17:59:39.0639 2224 [ B3D6457D841A0CAEF4C52D88621715F2 ] usbcir C:\Windows\System32\drivers\usbcir.sys
17:59:39.0655 2224 usbcir - ok
17:59:39.0671 2224 [ 5477D6E27C7D266EF8C152B9A25ADE5E ] usbehci C:\Windows\System32\drivers\usbehci.sys
17:59:39.0671 2224 usbehci - ok
17:59:39.0686 2224 [ DF56C2C04EFA328D7A66B69007130266 ] usbhub C:\Windows\System32\drivers\usbhub.sys
17:59:39.0702 2224 usbhub - ok
17:59:39.0733 2224 [ C0E33820326199CE3CFD3B9F27F81D99 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
17:59:39.0749 2224 USBHUB3 - ok
17:59:39.0764 2224 [ 3019097FB6C985EF24C058090FF3BDBD ] usbohci C:\Windows\System32\drivers\usbohci.sys
17:59:39.0780 2224 usbohci - ok
17:59:39.0780 2224 [ 4D655E3B684BE9B0F7FFD8A2935C348C ] usbprint C:\Windows\System32\drivers\usbprint.sys
17:59:39.0796 2224 usbprint - ok
17:59:39.0796 2224 [ 4628B415A84EA9D4D396A56F1D0CB6C6 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
17:59:39.0811 2224 USBSTOR - ok
17:59:39.0811 2224 [ BA4FA655E0FC577DB7436FC963932CE4 ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
17:59:39.0827 2224 usbuhci - ok
17:59:39.0843 2224 [ 3B44CB989757428208CCFCC028C13110 ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
17:59:39.0858 2224 USBXHCI - ok
17:59:39.0874 2224 [ F6F209DDB94959BA104FC8FC87C53759 ] VaultSvc C:\Windows\system32\lsass.exe
17:59:39.0889 2224 VaultSvc - ok
17:59:39.0905 2224 [ FEB26E3B8345A7E8D62F945C4AE86562 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:59:39.0921 2224 vdrvroot - ok
17:59:39.0968 2224 [ CFBAD6B48EDFAA0828A52646B7C4C08D ] vds C:\Windows\System32\vds.exe
17:59:40.0014 2224 vds - ok
17:59:40.0014 2224 [ A026EDEAA5EECAE0B08E2748B616D4BD ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
17:59:40.0030 2224 VerifierExt - ok
17:59:40.0061 2224 [ 041D3EF364E624DBB2703A64A5AADF89 ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
17:59:40.0077 2224 vhdmp - ok
17:59:40.0093 2224 [ 06D38968028E9AB19DE9B618C7B6D199 ] viaide C:\Windows\system32\drivers\viaide.sys
17:59:40.0093 2224 viaide - ok
17:59:40.0124 2224 [ 3CE922E34DB12D9F3C0EA856BC09687C ] Vid C:\Windows\System32\drivers\Vid.sys
17:59:40.0140 2224 Vid - ok
17:59:40.0155 2224 [ C6305BDFC4F7CE51F72BB072C03D4ACE ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:59:40.0171 2224 vmbus - ok
17:59:40.0171 2224 [ DA40BEA0A863CE768C940CA9723BF81F ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
17:59:40.0186 2224 VMBusHID - ok
17:59:40.0186 2224 [ 68F8C26DEA2D42E8DEC0778943433C80 ] vmbusr C:\Windows\System32\drivers\vmbusr.sys
17:59:40.0202 2224 vmbusr - ok
17:59:40.0233 2224 [ 9067880BBB1C18703DBFF27D731D7ECA ] vmicguestinterface C:\Windows\System32\ICSvc.dll
17:59:40.0249 2224 vmicguestinterface - ok
17:59:40.0264 2224 [ 9067880BBB1C18703DBFF27D731D7ECA ] vmicheartbeat C:\Windows\System32\ICSvc.dll
17:59:40.0280 2224 vmicheartbeat - ok
17:59:40.0280 2224 [ 9067880BBB1C18703DBFF27D731D7ECA ] vmickvpexchange C:\Windows\System32\ICSvc.dll
17:59:40.0296 2224 vmickvpexchange - ok
17:59:40.0311 2224 [ 9067880BBB1C18703DBFF27D731D7ECA ] vmicrdv C:\Windows\System32\ICSvc.dll
17:59:40.0327 2224 vmicrdv - ok
17:59:40.0343 2224 [ 9067880BBB1C18703DBFF27D731D7ECA ] vmicshutdown C:\Windows\System32\ICSvc.dll
17:59:40.0358 2224 vmicshutdown - ok
17:59:40.0358 2224 [ 9067880BBB1C18703DBFF27D731D7ECA ] vmictimesync C:\Windows\System32\ICSvc.dll
17:59:40.0374 2224 vmictimesync - ok
17:59:40.0389 2224 [ 9067880BBB1C18703DBFF27D731D7ECA ] vmicvss C:\Windows\System32\ICSvc.dll
17:59:40.0405 2224 vmicvss - ok
17:59:40.0421 2224 [ 55D7D963DE85162F1C49721E502F9744 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:59:40.0436 2224 volmgr - ok
17:59:40.0452 2224 [ CCB9E901F7254BF96D28EB1B0E5329B7 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:59:40.0468 2224 volmgrx - ok
17:59:40.0483 2224 [ 9F9CE33B50611A1C61A46B8911E0B30B ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:59:40.0499 2224 volsnap - ok
17:59:40.0514 2224 [ 01355C98B5C3ED1EC446743CDA848FCE ] vpci C:\Windows\System32\drivers\vpci.sys
17:59:40.0514 2224 vpci - ok
17:59:40.0546 2224 [ ADBE96C33D1A5BB1BBAF90B4BC84F523 ] vpcivsp C:\Windows\System32\drivers\vpcivsp.sys
17:59:40.0561 2224 vpcivsp - ok
17:59:40.0577 2224 [ 4539F45F9F4C9757A86A56C949421E07 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:59:40.0593 2224 vsmraid - ok
17:59:40.0639 2224 [ D51D7EF1EA5ED2BB01E9D07E6E0533BC ] VSS C:\Windows\system32\vssvc.exe
17:59:40.0686 2224 VSS - ok
17:59:40.0718 2224 [ 0849B7260F26FE05EA56DED0672E2F4B ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
17:59:40.0733 2224 VSTXRAID - ok
17:59:40.0749 2224 [ BE970C369E43B509C1EDA2B8FA7CECB0 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:59:40.0780 2224 vwifibus - ok
17:59:40.0796 2224 [ 6B26AD573CCDD5209DF4397438B76354 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:59:40.0811 2224 vwififlt - ok
17:59:40.0827 2224 [ 0B48E0DFB44EE475F4FD8A8EE599AF30 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:59:40.0843 2224 vwifimp - ok
17:59:40.0874 2224 [ 7599E582CA3A6AAA95A18FFE1172D339 ] W32Time C:\Windows\system32\w32time.dll
17:59:40.0889 2224 W32Time - ok
17:59:40.0905 2224 [ 0910AB9ED404C1434E2D0376C2AD5D8B ] WacomPen C:\Windows\System32\drivers\wacompen.sys
17:59:40.0905 2224 WacomPen - ok
17:59:40.0968 2224 [ 92BF4B3EBD6F163B94B7A20C65E7B698 ] wbengine C:\Windows\system32\wbengine.exe
17:59:41.0030 2224 wbengine - ok
17:59:41.0077 2224 [ 58F28103889817C93E5B5AFABC87E709 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:59:41.0108 2224 WbioSrvc - ok
17:59:41.0140 2224 [ 772365894F14652D376B2E5030179DC9 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
17:59:41.0171 2224 Wcmsvc - ok
17:59:41.0202 2224 [ D2726823DF7E19F213F4805A9D6D145F ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:59:41.0233 2224 wcncsvc - ok
17:59:41.0249 2224 [ 846C02A8B48CBD921A3D6AB521AA0DC4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:59:41.0296 2224 WcsPlugInService - ok
17:59:41.0327 2224 [ 694B28DE12AD47031FFB4B052662131A ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
17:59:41.0327 2224 WdBoot - ok
17:59:41.0358 2224 [ CB6C63FF8342B467E2EF76E98D5B934D ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:59:41.0389 2224 Wdf01000 - ok
17:59:41.0389 2224 [ 0B99529A3BECC3528D865DDECB62503B ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
17:59:41.0405 2224 WdFilter - ok
17:59:41.0436 2224 [ 40C67D1A4891120874767F6E6604D6C5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:59:41.0452 2224 WdiServiceHost - ok
17:59:41.0452 2224 [ 40C67D1A4891120874767F6E6604D6C5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:59:41.0468 2224 WdiSystemHost - ok
17:59:41.0483 2224 [ 282E7D46310338FF4A6B7680440EB0DA ] WdNisDrv C:\Windows\system32\Drivers\WdNisDrv.sys
17:59:41.0483 2224 WdNisDrv - ok
17:59:41.0530 2224 WdNisSvc - ok
17:59:41.0546 2224 [ 6588A957873326361AB1CAC4E76F8394 ] WebClient C:\Windows\System32\webclnt.dll
17:59:41.0561 2224 WebClient - ok
17:59:41.0577 2224 [ 3274312F263882B51B964329FAF49734 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:59:41.0593 2224 Wecsvc - ok
17:59:41.0608 2224 [ 7CDD84E0023A0C5C230B06A7965EC65E ] WEPHOSTSVC C:\Windows\system32\wephostsvc.dll
17:59:41.0624 2224 WEPHOSTSVC - ok
17:59:41.0640 2224 [ AA1315B87D9B2E39584165318A59F15D ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:59:41.0655 2224 wercplsupport - ok
17:59:41.0671 2224 [ 22B4C24AB921BFF7827FFBCA1F4E1BB3 ] WerSvc C:\Windows\System32\WerSvc.dll
17:59:41.0702 2224 WerSvc - ok
17:59:41.0733 2224 [ 2E3E82D7B1076B90F4E228A8EF17B261 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
17:59:41.0749 2224 WFPLWFS - ok
17:59:41.0765 2224 [ E06AFE2F94BA7CFA2FE4FD2A449E60E2 ] WiaRpc C:\Windows\System32\wiarpc.dll
17:59:41.0780 2224 WiaRpc - ok
17:59:41.0796 2224 [ 867BCC69ED9C31C501465EB0E8BA9DFA ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:59:41.0811 2224 WIMMount - ok
17:59:41.0811 2224 WinDefend - ok
17:59:41.0858 2224 [ A0D15D8727D0780C51628DF46B7268B3 ] WinDivert1.1 C:\Windows\KMS\WinDivert.sys
17:59:41.0858 2224 WinDivert1.1 - ok
17:59:41.0921 2224 [ DD079EC8F44DCA3A176B345C6ADEFB66 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
17:59:41.0952 2224 WinHttpAutoProxySvc - ok
17:59:41.0999 2224 [ 9DB490F3E823C5C3C070644B96CB9D59 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:59:42.0030 2224 Winmgmt - ok
17:59:42.0093 2224 [ 690C3FC5C9DBD6B9AEDF8341EC720E41 ] WinRM C:\Windows\system32\WsmSvc.dll
17:59:42.0171 2224 WinRM - ok
17:59:42.0233 2224 [ 728D3349FAB251B0265EFA55C67DCA2D ] WlanSvc C:\Windows\System32\wlansvc.dll
17:59:42.0280 2224 WlanSvc - ok
17:59:42.0311 2224 [ C2838466CCC44FAEF2C3D4C1E5971ECB ] wlidsvc C:\Windows\system32\wlidsvc.dll
17:59:42.0343 2224 wlidsvc - ok
17:59:42.0374 2224 [ 2834D9D3B4F554A39C72F00EA3F0E128 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
17:59:42.0389 2224 WmiAcpi - ok
17:59:42.0421 2224 [ 7AFAC828F52D62F304A911EC32F42EEE ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:59:42.0452 2224 wmiApSrv - ok
17:59:42.0468 2224 WMPNetworkSvc - ok
17:59:42.0514 2224 [ E178371E493BF17EB90FE71ABA8BE643 ] workfolderssvc C:\Windows\system32\workfolderssvc.dll
17:59:42.0561 2224 workfolderssvc - ok
17:59:42.0593 2224 [ E746BCDBA2E02CF6B8D6B26FB167FBE0 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
17:59:42.0608 2224 wpcfltr - ok
17:59:42.0624 2224 [ 4E6A0F60DA7EF050D3D26417CD4D24E9 ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:59:42.0733 2224 WPCSvc - ok
17:59:42.0749 2224 [ D27491CFCE452C154CECFA155AD0EBC8 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:59:42.0796 2224 WPDBusEnum - ok
17:59:42.0796 2224 [ 9F2904B55F6CECCD1A8D986B5CE2609A ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
17:59:42.0811 2224 WpdUpFltr - ok
17:59:42.0811 2224 [ AE072B0339D0A18E455DC21666CAD572 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:59:42.0827 2224 ws2ifsl - ok
17:59:42.0843 2224 [ 5CFA46C4ACB2FD70572017052378DAE5 ] wscsvc C:\Windows\System32\wscsvc.dll
17:59:42.0874 2224 wscsvc - ok
17:59:42.0874 2224 WSearch - ok
17:59:43.0061 2224 [ D8E3A4701376CCFD0BE542D745FA4809 ] WSService C:\Windows\System32\WSService.dll
17:59:43.0171 2224 WSService - ok
17:59:43.0249 2224 [ 86D0BF4F792053A50D6EE43DFA5837A5 ] wuauserv C:\Windows\system32\wuaueng.dll
17:59:43.0343 2224 wuauserv - ok
17:59:43.0374 2224 [ 2FEAE33E9B2B56104596E1BA444405A9 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:59:43.0389 2224 WudfPf - ok
17:59:43.0389 2224 [ 19240C13F526125554B5370566F21A0A ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
17:59:43.0405 2224 WUDFRd - ok
17:59:43.0436 2224 [ 19240C13F526125554B5370566F21A0A ] WUDFSensorLP C:\Windows\system32\DRIVERS\WUDFRd.sys
17:59:43.0436 2224 WUDFSensorLP - ok
17:59:43.0468 2224 [ BB73CBC65AABC4EA0A5C6A1474A0A743 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:59:43.0483 2224 wudfsvc - ok
17:59:43.0499 2224 [ 2FA9794CA36147756F3FDFD6CA29B46F ] WwanSvc C:\Windows\System32\wwansvc.dll
17:59:43.0530 2224 WwanSvc - ok
17:59:43.0530 2224 ================ Scan global ===============================
17:59:43.0593 2224 [ C89780A6F58D113C28A96D85D1261DC5 ] C:\Windows\system32\basesrv.dll
17:59:43.0608 2224 [ 599F1244C60E3D6C28A8DA7FBA7A2C13 ] C:\Windows\system32\winsrv.dll
17:59:43.0655 2224 [ 9C1833ABD62876856836C5AE55C7CE86 ] C:\Windows\system32\sxssrv.dll
17:59:43.0718 2224 [ B4B610BBCB002EC478C6FD80CF915697 ] C:\Windows\system32\services.exe
17:59:43.0733 2224 [Global] - ok
17:59:43.0733 2224 ================ Scan MBR ==================================
17:59:43.0749 2224 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:59:44.0394 2224 \Device\Harddisk0\DR0 - ok
17:59:44.0394 2224 ================ Scan VBR ==================================
17:59:44.0410 2224 [ 11392A28ED724C8067C1BFCF80A01A18 ] \Device\Harddisk0\DR0\Partition1
17:59:44.0410 2224 \Device\Harddisk0\DR0\Partition1 - ok
17:59:44.0425 2224 [ 304D78DE052B5F936A27692A6AA0D313 ] \Device\Harddisk0\DR0\Partition2
17:59:44.0457 2224 \Device\Harddisk0\DR0\Partition2 - ok
17:59:44.0457 2224 ================ Scan active images ========================
17:59:44.0472 2224 [ 74B14192CF79A72F7536B27CB8814FBD ] C:\Windows\System32\drivers\atapi.sys
17:59:44.0472 2224 C:\Windows\System32\drivers\atapi.sys - ok
17:59:44.0472 2224 [ FA47B0AA255B7CF4519E995C6404AE22 ] C:\Windows\System32\drivers\crashdmp.sys
17:59:44.0472 2224 C:\Windows\System32\drivers\crashdmp.sys - ok
17:59:44.0472 2224 [ 05F5C162881BE293956C60456EDB0092 ] C:\Windows\System32\drivers\Dumpata.sys
17:59:44.0472 2224 C:\Windows\System32\drivers\Dumpata.sys - ok
17:59:44.0488 2224 [ 05C674A72412E6400D5A2684C867402D ] C:\Windows\System32\drivers\dumpfve.sys
17:59:44.0488 2224 C:\Windows\System32\drivers\dumpfve.sys - ok
17:59:44.0488 2224 [ C6796EA22B513E3457514D92DCDB1A3D ] C:\Windows\System32\drivers\cdrom.sys
17:59:44.0488 2224 C:\Windows\System32\drivers\cdrom.sys - ok
17:59:44.0488 2224 [ EC19013E4CF87609534165DF897274D6 ] C:\Windows\System32\drivers\beep.sys
17:59:44.0488 2224 C:\Windows\System32\drivers\beep.sys - ok
17:59:44.0503 2224 [ EF1B290FC9F0E47CC0B537292BEE5904 ] C:\Windows\System32\drivers\null.sys
17:59:44.0503 2224 C:\Windows\System32\drivers\null.sys - ok
17:59:44.0503 2224 [ 2748E116F8621A4DB0D39FCDD7318C01 ] C:\Windows\System32\drivers\BasicRender.sys
17:59:44.0503 2224 C:\Windows\System32\drivers\BasicRender.sys - ok
17:59:44.0503 2224 [ A3D1CB64DF885ACE126543E6D7067348 ] C:\Windows\System32\drivers\dxgkrnl.sys
17:59:44.0503 2224 C:\Windows\System32\drivers\dxgkrnl.sys - ok
17:59:44.0519 2224 [ 602811E8AAE68030C151345C84A0CDAF ] C:\Windows\System32\drivers\watchdog.sys
17:59:44.0519 2224 C:\Windows\System32\drivers\watchdog.sys - ok
17:59:44.0519 2224 [ 9E167CDB2AEEF7994434543D0543AEEB ] C:\Windows\System32\drivers\dxgmms1.sys
17:59:44.0519 2224 C:\Windows\System32\drivers\dxgmms1.sys - ok
17:59:44.0519 2224 [ 8CC7F7E4AFCBA605921B137ED7992C68 ] C:\Windows\System32\drivers\BasicDisplay.sys
17:59:44.0519 2224 C:\Windows\System32\drivers\BasicDisplay.sys - ok
17:59:44.0535 2224 [ D13329FBF8345B28AB30F44CC247DC08 ] C:\Windows\System32\drivers\msfs.sys
17:59:44.0535 2224 C:\Windows\System32\drivers\msfs.sys - ok
17:59:44.0535 2224 [ 8F44A2F57C9F1A19AC9C6288C10FB351 ] C:\Windows\System32\drivers\npfs.sys
17:59:44.0535 2224 C:\Windows\System32\drivers\npfs.sys - ok
17:59:44.0550 2224 [ 3C7361E0A5A6966DB957B94ECF924A9E ] C:\Windows\System32\drivers\tdi.sys
17:59:44.0550 2224 C:\Windows\System32\drivers\tdi.sys - ok
17:59:44.0550 2224 [ FFF28F9F6823EB1756C60F1649560BBF ] C:\Windows\System32\drivers\tdx.sys
17:59:44.0550 2224 C:\Windows\System32\drivers\tdx.sys - ok
17:59:44.0566 2224 [ 0217532E19A748F0E5D569307363D5FD ] C:\Windows\System32\drivers\netbt.sys
17:59:44.0566 2224 C:\Windows\System32\drivers\netbt.sys - ok
17:59:44.0566 2224 [ 239268BAB58EAE9A3FF4E08334C00451 ] C:\Windows\System32\drivers\afd.sys
17:59:44.0566 2224 C:\Windows\System32\drivers\afd.sys - ok
17:59:44.0566 2224 [ 8528BB05E4D4E25945F78B00B2555FB7 ] C:\Windows\System32\drivers\pacer.sys
17:59:44.0566 2224 C:\Windows\System32\drivers\pacer.sys - ok
17:59:44.0582 2224 [ A83D67D347A684F10B7D3019C8A6380C ] C:\Windows\System32\drivers\netbios.sys
17:59:44.0582 2224 C:\Windows\System32\drivers\netbios.sys - ok
17:59:44.0582 2224 [ 6B26AD573CCDD5209DF4397438B76354 ] C:\Windows\System32\drivers\vwififlt.sys
17:59:44.0582 2224 C:\Windows\System32\drivers\vwififlt.sys - ok
17:59:44.0582 2224 [ B939A2A0F9D6C6C186721E268EB6FA93 ] C:\Windows\System32\drivers\rdbss.sys
17:59:44.0582 2224 C:\Windows\System32\drivers\rdbss.sys - ok
17:59:44.0597 2224 [ EE2F3C0D6ADBC975D6B621EC15ACF4E2 ] C:\Windows\System32\drivers\csc.sys
17:59:44.0597 2224 C:\Windows\System32\drivers\csc.sys - ok
17:59:44.0597 2224 [ E490B459978CB87779E84C761D22B827 ] C:\Windows\System32\drivers\nsiproxy.sys
17:59:44.0597 2224 C:\Windows\System32\drivers\nsiproxy.sys - ok
17:59:44.0597 2224 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E ] C:\Windows\System32\drivers\mssmbios.sys
17:59:44.0597 2224 C:\Windows\System32\drivers\mssmbios.sys - ok
17:59:44.0613 2224 [ CBDB4F0871C88DF930FC0E8588CA67FC ] C:\Windows\System32\drivers\npsvctrig.sys
17:59:44.0613 2224 C:\Windows\System32\drivers\npsvctrig.sys - ok
17:59:44.0613 2224 [ 8E8E34B7BA059050EED827410D0697A2 ] C:\Windows\System32\drivers\ahcache.sys
17:59:44.0613 2224 C:\Windows\System32\drivers\ahcache.sys - ok
17:59:44.0613 2224 [ 315BA4BC19316D72B2E037534E048B93 ] C:\Windows\System32\drivers\dam.sys
17:59:44.0613 2224 C:\Windows\System32\drivers\dam.sys - ok
17:59:44.0628 2224 [ 5DB26D7E0216D0BF364A81D3829AD7B9 ] C:\Windows\System32\drivers\dfsc.sys
17:59:44.0628 2224 C:\Windows\System32\drivers\dfsc.sys - ok
17:59:44.0628 2224 [ 03AAED827C36F35D70900558B8274905 ] C:\Windows\System32\drivers\CompositeBus.sys
17:59:44.0628 2224 C:\Windows\System32\drivers\CompositeBus.sys - ok
17:59:44.0628 2224 [ 813871C7D402A05F2E3A7075F9584A05 ] C:\Windows\System32\drivers\kdnic.sys
17:59:44.0628 2224 C:\Windows\System32\drivers\kdnic.sys - ok
17:59:44.0644 2224 [ D81C3AAEE50F952A20C3548809CB5CE7 ] C:\Windows\System32\ntdll.dll
17:59:44.0644 2224 C:\Windows\System32\ntdll.dll - ok
17:59:44.0644 2224 [ 89B91AEEE4C0C5D3708C0F177C97B630 ] C:\Windows\System32\smss.exe
17:59:44.0644 2224 C:\Windows\System32\smss.exe - ok
17:59:44.0644 2224 [ DA34C39A18E60E7C3FA0630566408034 ] C:\Windows\System32\drivers\umbus.sys
17:59:44.0644 2224 C:\Windows\System32\drivers\umbus.sys - ok
17:59:44.0660 2224 [ B46D2D89AFF8A9490FA8C98C7A5616E3 ] C:\Windows\System32\drivers\amdppm.sys
17:59:44.0660 2224 C:\Windows\System32\drivers\amdppm.sys - ok
17:59:44.0660 2224 [ 2834D9D3B4F554A39C72F00EA3F0E128 ] C:\Windows\System32\drivers\wmiacpi.sys
17:59:44.0660 2224 C:\Windows\System32\drivers\wmiacpi.sys - ok
17:59:44.0660 2224 [ 37D01B8BC15E263F4405367C9A442824 ] C:\Windows\System32\autochk.exe
17:59:44.0660 2224 C:\Windows\System32\autochk.exe - ok
17:59:44.0675 2224 [ A32BCAD9377E3B75D034CAFBA463A0AE ] C:\Windows\System32\drivers\atikmpag.sys
17:59:44.0675 2224 C:\Windows\System32\drivers\atikmpag.sys - ok
17:59:44.0675 2224 [ FBB35875FEFE53D4280259842069ED72 ] C:\Windows\System32\drivers\atikmdag.sys
17:59:44.0675 2224 C:\Windows\System32\drivers\atikmdag.sys - ok
17:59:44.0675 2224 [ 03909BDBFF0DCACCABF2B2D4ADEE44DC ] C:\Windows\System32\drivers\hdaudbus.sys
17:59:44.0675 2224 C:\Windows\System32\drivers\hdaudbus.sys - ok
17:59:44.0691 2224 [ A307450FE19F99CC8AC750EB13959F94 ] C:\Windows\System32\drivers\rtwlane.sys
17:59:44.0691 2224 C:\Windows\System32\drivers\rtwlane.sys - ok
17:59:44.0691 2224 [ BE970C369E43B509C1EDA2B8FA7CECB0 ] C:\Windows\System32\drivers\vwifibus.sys
17:59:44.0691 2224 C:\Windows\System32\drivers\vwifibus.sys - ok
17:59:44.0691 2224 [ 3019097FB6C985EF24C058090FF3BDBD ] C:\Windows\System32\drivers\usbohci.sys
17:59:44.0691 2224 C:\Windows\System32\drivers\usbohci.sys - ok
17:59:44.0707 2224 [ 32F2E6BAD9FA8E14B55E97280661801E ] C:\Windows\System32\drivers\usbport.sys
17:59:44.0707 2224 C:\Windows\System32\drivers\usbport.sys - ok
17:59:44.0707 2224 [ 99387C515F80270F097F6DD9B5315649 ] C:\Windows\System32\drivers\battc.sys
17:59:44.0707 2224 C:\Windows\System32\drivers\battc.sys - ok
17:59:44.0707 2224 [ 84CFC5EFA97D0C965EDE1D56F116A541 ] C:\Windows\System32\drivers\i8042prt.sys
17:59:44.0707 2224 C:\Windows\System32\drivers\i8042prt.sys - ok
17:59:44.0722 2224 [ 8BE92376799B6B44D543E8D07CDCF885 ] C:\Windows\System32\drivers\kbdclass.sys
17:59:44.0722 2224 C:\Windows\System32\drivers\kbdclass.sys - ok
17:59:44.0722 2224 [ CEAC6D40FE887CE8406C2393CF97DE06 ] C:\Windows\System32\drivers\mouclass.sys
17:59:44.0722 2224 C:\Windows\System32\drivers\mouclass.sys - ok
17:59:44.0722 2224 [ 5477D6E27C7D266EF8C152B9A25ADE5E ] C:\Windows\System32\drivers\usbehci.sys
17:59:44.0722 2224 C:\Windows\System32\drivers\usbehci.sys - ok
17:59:44.0738 2224 [ EF6EF85DADC3184A10D8F2F7159973CB ] C:\Windows\System32\drivers\CmBatt.sys
17:59:44.0738 2224 C:\Windows\System32\drivers\CmBatt.sys - ok
17:59:44.0738 2224 [ 7FFB24B4A54B1ACD46CF6899D879CC9F ] C:\Windows\System32\drivers\hidparse.sys
17:59:44.0738 2224 C:\Windows\System32\drivers\hidparse.sys - ok
17:59:44.0753 2224 [ 77CF0ECC1C2B5E616B650AB5D4931114 ] C:\Windows\System32\drivers\Thotkey.sys
17:59:44.0753 2224 C:\Windows\System32\drivers\Thotkey.sys - ok
17:59:44.0753 2224 [ ADB26481D4D247C1D6986EC45FFDAB53 ] C:\Windows\System32\drivers\hidclass.sys
17:59:44.0753 2224 C:\Windows\System32\drivers\hidclass.sys - ok
17:59:44.0753 2224 [ 65EBBB459B66C818E809DD8135DCFFA2 ] C:\Windows\System32\drivers\ks.sys
17:59:44.0753 2224 C:\Windows\System32\drivers\ks.sys - ok
17:59:44.0753 2224 [ 65C92EB9D08DB5C69F28C7FFD4E84E31 ] C:\Windows\System32\drivers\mshidkmdf.sys
17:59:44.0753 2224 C:\Windows\System32\drivers\mshidkmdf.sys - ok
17:59:44.0769 2224 [ 1F58E48EF75F34C35D8E93A0DC535CFE ] C:\Windows\System32\drivers\NdisVirtualBus.sys
17:59:44.0769 2224 C:\Windows\System32\drivers\NdisVirtualBus.sys - ok
17:59:44.0769 2224 [ 6B21EBF892CD8CACB71669B35AB5DE32 ] C:\Windows\System32\drivers\rdpbus.sys
17:59:44.0769 2224 C:\Windows\System32\drivers\rdpbus.sys - ok
17:59:44.0785 2224 [ 84E0F5D41C138C5CC975137A2A98F6D3 ] C:\Windows\System32\drivers\swenum.sys
17:59:44.0785 2224 C:\Windows\System32\drivers\swenum.sys - ok
17:59:44.0785 2224 [ D84E30C42F76768B2040EB2A32A0F6E3 ] C:\Windows\System32\advapi32.dll
17:59:44.0785 2224 C:\Windows\System32\advapi32.dll - ok
17:59:44.0785 2224 [ 882222A9961418A75A08CB68671679D5 ] C:\Windows\System32\drivers\usbd.sys
17:59:44.0785 2224 C:\Windows\System32\drivers\usbd.sys - ok
17:59:44.0785 2224 [ DF56C2C04EFA328D7A66B69007130266 ] C:\Windows\System32\drivers\usbhub.sys
17:59:44.0785 2224 C:\Windows\System32\drivers\usbhub.sys - ok
17:59:44.0800 2224 [ 8ACE1F60D8C4E8209F25BF945A828D96 ] C:\Windows\System32\comdlg32.dll
17:59:44.0800 2224 C:\Windows\System32\comdlg32.dll - ok
17:59:44.0800 2224 [ DB0F2D3A7561ECC396DF8878674B6DD9 ] C:\Windows\System32\ole32.dll
17:59:44.0800 2224 C:\Windows\System32\ole32.dll - ok
17:59:44.0800 2224 [ 74B258D5896FC8F8256E8D03459AC2A2 ] C:\Windows\System32\lpk.dll
17:59:44.0800 2224 C:\Windows\System32\lpk.dll - ok
17:59:44.0816 2224 [ F3A96882598EA84470646C6501917A98 ] C:\Windows\System32\imm32.dll
17:59:44.0816 2224 C:\Windows\System32\imm32.dll - ok
17:59:44.0816 2224 [ CC29613C244DA266D40DBACC108FEAB5 ] C:\Windows\System32\wow64cpu.dll
17:59:44.0816 2224 C:\Windows\System32\wow64cpu.dll - ok
17:59:44.0816 2224 [ B7564AB4F8A12A16C568F256EC6C429B ] C:\Windows\System32\psapi.dll
17:59:44.0816 2224 C:\Windows\System32\psapi.dll - ok
17:59:44.0832 2224 [ A4B86A08CEC7841895C817430CB76CE2 ] C:\Windows\System32\clbcatq.dll
17:59:44.0832 2224 C:\Windows\System32\clbcatq.dll - ok
17:59:44.0832 2224 [ 3E7B2C9026986C821E507A3319EA1D80 ] C:\Windows\System32\combase.dll
17:59:44.0832 2224 C:\Windows\System32\combase.dll - ok
17:59:44.0847 2224 [ 7CE4D5AB5626A26A6E6DFC7397179841 ] C:\Windows\System32\msvcrt.dll
17:59:44.0847 2224 C:\Windows\System32\msvcrt.dll - ok
17:59:44.0847 2224 [ 450C44450C72E3C75CEFA5E9C8371A23 ] C:\Windows\System32\wow64win.dll
17:59:44.0847 2224 C:\Windows\System32\wow64win.dll - ok
17:59:44.0847 2224 [ 3103BBAB41F0C75BE6FA302439C9B9D6 ] C:\Windows\System32\drivers\drmk.sys
17:59:44.0847 2224 C:\Windows\System32\drivers\drmk.sys - ok
17:59:44.0863 2224 [ 56F69F7C25FB67C970997D7066DBC593 ] C:\Windows\System32\drivers\HdAudio.sys
17:59:44.0863 2224 C:\Windows\System32\drivers\HdAudio.sys - ok
17:59:44.0863 2224 [ 11AFB527AA370B1DAFD5C36F35F6D45F ] C:\Windows\System32\drivers\ksthunk.sys
17:59:44.0863 2224 C:\Windows\System32\drivers\ksthunk.sys - ok
17:59:44.0863 2224 [ 486F21443BD82029284AE82F238DA44C ] C:\Windows\System32\drivers\portcls.sys
17:59:44.0863 2224 C:\Windows\System32\drivers\portcls.sys - ok
17:59:44.0878 2224 [ CFCDAAA210D62B277A2183F62FEE068F ] C:\Windows\System32\rpcrt4.dll
17:59:44.0878 2224 C:\Windows\System32\rpcrt4.dll - ok
17:59:44.0878 2224 [ 4628B415A84EA9D4D396A56F1D0CB6C6 ] C:\Windows\System32\drivers\USBSTOR.SYS
17:59:44.0878 2224 C:\Windows\System32\drivers\USBSTOR.SYS - ok
17:59:44.0878 2224 [ AD5CE3C874A6229D4B80F977FAF6EF87 ] C:\Windows\System32\GdiPlus.dll
17:59:44.0878 2224 C:\Windows\System32\GdiPlus.dll - ok
17:59:44.0894 2224 [ 5F9799975EAB95431BF78428B26B4FF6 ] C:\Windows\System32\shell32.dll
17:59:44.0894 2224 C:\Windows\System32\shell32.dll - ok
17:59:44.0894 2224 [ 447CB6699A8EAD2BC516991738A16277 ] C:\Windows\System32\imagehlp.dll
17:59:44.0894 2224 C:\Windows\System32\imagehlp.dll - ok
17:59:44.0894 2224 [ 9E2ABB0CAB26EBD775D968EAB1C1F6EC ] C:\Windows\System32\normaliz.dll
17:59:44.0894 2224 C:\Windows\System32\normaliz.dll - ok
17:59:44.0910 2224 [ FADE737DEAFE3BF4CFC151AD0F548A47 ] C:\Windows\System32\wow64.dll
17:59:44.0910 2224 C:\Windows\System32\wow64.dll - ok
17:59:44.0910 2224 [ B9FC41CEC711DC0E1BFE927EEDC49176 ] C:\Windows\System32\oleaut32.dll
17:59:44.0910 2224 C:\Windows\System32\oleaut32.dll - ok
17:59:44.0910 2224 [ 1A811BAFA2114C2FC878507F9F86566C ] C:\Windows\System32\user32.dll
17:59:44.0910 2224 C:\Windows\System32\user32.dll - ok
17:59:44.0925 2224 [ 75428240F81D41B9F8F7CE5DDB07CA0F ] C:\Windows\System32\nsi.dll
17:59:44.0925 2224 C:\Windows\System32\nsi.dll - ok
17:59:44.0925 2224 [ 179E2B1F19FD949761EEAB36AD5DAB35 ] C:\Windows\System32\msctf.dll
17:59:44.0925 2224 C:\Windows\System32\msctf.dll - ok
17:59:44.0925 2224 [ C49981A2AD6B2793891075FD514F5728 ] C:\Windows\System32\gdi32.dll
17:59:44.0925 2224 C:\Windows\System32\gdi32.dll - ok
17:59:44.0941 2224 [ B65523C830308241407F6EBCC6484E70 ] C:\Windows\System32\sechost.dll
17:59:44.0941 2224 C:\Windows\System32\sechost.dll - ok
17:59:44.0941 2224 [ DACC0040F6BB7F524BAE1D653B9FC329 ] C:\Windows\System32\Wldap32.dll
17:59:44.0941 2224 C:\Windows\System32\Wldap32.dll - ok
17:59:44.0941 2224 [ 6F997D98C6A30D79C622811FBAB9119E ] C:\Windows\System32\ws2_32.dll
17:59:44.0941 2224 C:\Windows\System32\ws2_32.dll - ok
17:59:44.0957 2224 [ 142F612FE5988CBDAEF4DA16E38BD080 ] C:\Windows\System32\kernel32.dll
17:59:44.0957 2224 C:\Windows\System32\kernel32.dll - ok
17:59:44.0957 2224 [ 1AEFA4B25F72772F131D760F664ED7E1 ] C:\Windows\System32\difxapi.dll
17:59:44.0957 2224 C:\Windows\System32\difxapi.dll - ok
17:59:44.0957 2224 [ 905A32D35E8CC1F08F040F77B03697FF ] C:\Windows\System32\shlwapi.dll
17:59:44.0957 2224 C:\Windows\System32\shlwapi.dll - ok
17:59:44.0972 2224 [ 722B699957393AC38AD18C84964EFFA6 ] C:\Windows\System32\setupapi.dll
17:59:44.0972 2224 C:\Windows\System32\setupapi.dll - ok
17:59:44.0972 2224 [ 8D2DF744C20A8960C022BF71505D3B45 ] C:\Windows\System32\cfgmgr32.dll
17:59:44.0972 2224 C:\Windows\System32\cfgmgr32.dll - ok
17:59:44.0972 2224 [ 6EFAF0D87291F9FBD7C0ED3BD56511AA ] C:\Windows\System32\crypt32.dll
17:59:44.0972 2224 C:\Windows\System32\crypt32.dll - ok
17:59:44.0988 2224 [ D13EE1D0B33D2B19C048EFA53DD41A2B ] C:\Windows\System32\KernelBase.dll
17:59:44.0988 2224 C:\Windows\System32\KernelBase.dll - ok
17:59:44.0988 2224 [ 980CDCBF3EDB80CA20921F2C88260406 ] C:\Windows\System32\comctl32.dll
17:59:44.0988 2224 C:\Windows\System32\comctl32.dll - ok
17:59:44.0988 2224 [ 05579A2C16277280E0FAD02245B80C2D ] C:\Windows\System32\wintrust.dll
17:59:44.0988 2224 C:\Windows\System32\wintrust.dll - ok
17:59:45.0003 2224 [ 7DA935827BC3F48AE146BA4B2755F1AD ] C:\Windows\System32\msasn1.dll
17:59:45.0003 2224 C:\Windows\System32\msasn1.dll - ok
17:59:45.0003 2224 [ 00542019B2969529C5E9C68C83BD6F88 ] C:\Windows\SysWOW64\normaliz.dll
17:59:45.0003 2224 C:\Windows\SysWOW64\normaliz.dll - ok
17:59:45.0003 2224 [ 32F9650CD23F6F36706E9EA23ECCF484 ] C:\Windows\SysWOW64\lpk.dll
17:59:45.0003 2224 C:\Windows\SysWOW64\lpk.dll - ok
17:59:45.0019 2224 [ 0E0796E3413D38A396B1C1591CE2B72E ] C:\Windows\System32\win32k.sys
17:59:45.0019 2224 C:\Windows\System32\win32k.sys - ok
17:59:45.0019 2224 [ 885901A37E73FA25F3F87A848BA8033F ] C:\Windows\System32\csrsrv.dll
17:59:45.0019 2224 C:\Windows\System32\csrsrv.dll - ok
17:59:45.0019 2224 [ B2D3F07F5E8A13AF988A8B3C0A800880 ] C:\Windows\System32\csrss.exe
17:59:45.0019 2224 C:\Windows\System32\csrss.exe - ok
17:59:45.0035 2224 [ C89780A6F58D113C28A96D85D1261DC5 ] C:\Windows\System32\basesrv.dll
17:59:45.0035 2224 C:\Windows\System32\basesrv.dll - ok
17:59:45.0035 2224 [ 599F1244C60E3D6C28A8DA7FBA7A2C13 ] C:\Windows\System32\winsrv.dll
17:59:45.0035 2224 C:\Windows\System32\winsrv.dll - ok
17:59:45.0035 2224 [ 601589000CC90F0DF8DA2CC254A3CCC9 ] C:\Windows\System32\drivers\monitor.sys
17:59:45.0035 2224 C:\Windows\System32\drivers\monitor.sys - ok
17:59:45.0050 2224 [ 9C1833ABD62876856836C5AE55C7CE86 ] C:\Windows\System32\sxssrv.dll
17:59:45.0050 2224 C:\Windows\System32\sxssrv.dll - ok
17:59:45.0050 2224 [ 8D3421127B05432B743719C239ABF80F ] C:\Windows\System32\tsddd.dll
17:59:45.0050 2224 C:\Windows\System32\tsddd.dll - ok
17:59:45.0050 2224 [ 48CFA7BE561A7BE144C29BB912055016 ] C:\Windows\System32\wininit.exe
17:59:45.0050 2224 C:\Windows\System32\wininit.exe - ok
17:59:45.0066 2224 [ 5EC5EC3A6118227CA3FFD1353BC61344 ] C:\Windows\System32\cdd.dll
17:59:45.0066 2224 C:\Windows\System32\cdd.dll - ok
17:59:45.0066 2224 [ 8ED638461EFFCF584AF5A8C291A2F9DF ] C:\Windows\System32\profapi.dll
17:59:45.0066 2224 C:\Windows\System32\profapi.dll - ok
17:59:45.0066 2224 [ 55D0BC5BA19B1BA3A82F75A33828BCC0 ] C:\Windows\System32\wininitext.dll
17:59:45.0066 2224 C:\Windows\System32\wininitext.dll - ok
17:59:45.0082 2224 [ A7B9FCF37B64E878310EC62E6DCB9059 ] C:\Windows\System32\KBDUS.DLL
17:59:45.0082 2224 C:\Windows\System32\KBDUS.DLL - ok
17:59:45.0082 2224 [ BC18914CB16B0A7BF5D103A65359FAE4 ] C:\Windows\System32\WlS0WndH.dll
17:59:45.0082 2224 C:\Windows\System32\WlS0WndH.dll - ok
17:59:45.0082 2224 [ BCECD25BCFFE2FC4498374BF2E572DBE ] C:\Windows\System32\sxs.dll
17:59:45.0082 2224 C:\Windows\System32\sxs.dll - ok
17:59:45.0097 2224 [ B83B06508CADBC204B3DAEECC395A571 ] C:\Windows\System32\cryptbase.dll
17:59:45.0097 2224 C:\Windows\System32\cryptbase.dll - ok
17:59:45.0097 2224 [ 876A3E1A4DB8720DF66D653BDBAD3E5D ] C:\Windows\System32\bcryptprimitives.dll
17:59:45.0097 2224 C:\Windows\System32\bcryptprimitives.dll - ok
17:59:45.0097 2224 [ F6F209DDB94959BA104FC8FC87C53759 ] C:\Windows\System32\lsass.exe
17:59:45.0097 2224 C:\Windows\System32\lsass.exe - ok
17:59:45.0113 2224 [ B4B610BBCB002EC478C6FD80CF915697 ] C:\Windows\System32\services.exe
17:59:45.0113 2224 C:\Windows\System32\services.exe - ok
17:59:45.0113 2224 [ 652D7E7BC8D6A909480FF2BBD0E46210 ] C:\Windows\System32\sspicli.dll
17:59:45.0113 2224 C:\Windows\System32\sspicli.dll - ok
17:59:45.0113 2224 [ 7A5CCEC20CF6AA21FF7CC51C0AEBF648 ] C:\Windows\System32\dabapi.dll
17:59:45.0113 2224 C:\Windows\System32\dabapi.dll - ok
17:59:45.0128 2224 [ 61BAE7A83A8650CFC976E8242CE2E4DE ] C:\Windows\System32\EventAggregation.dll
17:59:45.0128 2224 C:\Windows\System32\EventAggregation.dll - ok
17:59:45.0128 2224 [ E18E9C9EBCFCA456B74BB6A80B1DB226 ] C:\Windows\System32\lsasrv.dll
17:59:45.0128 2224 C:\Windows\System32\lsasrv.dll - ok
17:59:45.0128 2224 [ 1B0FCDBFDA0AD5DFCE2D99832BAAF5EC ] C:\Windows\System32\scext.dll
17:59:45.0128 2224 C:\Windows\System32\scext.dll - ok
17:59:45.0144 2224 [ AA9973F611039A02C8D1F71A65F8C775 ] C:\Windows\System32\srvcli.dll
17:59:45.0144 2224 C:\Windows\System32\srvcli.dll - ok
17:59:45.0144 2224 [ 0D85B43A59FB7A63782F6A8969B5BB43 ] C:\Windows\System32\sspisrv.dll
17:59:45.0144 2224 C:\Windows\System32\sspisrv.dll - ok
17:59:45.0144 2224 [ 13E04B8546D3F0D9533DA880A3357F12 ] C:\Windows\System32\SPInf.dll
17:59:45.0144 2224 C:\Windows\System32\SPInf.dll - ok
17:59:45.0160 2224 [ C0F957C92D21EE003BF57DB6B8E77FE5 ] C:\Windows\System32\samsrv.dll
17:59:45.0160 2224 C:\Windows\System32\samsrv.dll - ok
17:59:45.0160 2224 [ 7C94FDA3809015B8F2208D2E1C221F17 ] C:\Windows\System32\winlogon.exe
17:59:45.0160 2224 C:\Windows\System32\winlogon.exe - ok
17:59:45.0160 2224 [ 187926CDEFF85D00FB055FC1CA89C3FB ] C:\Windows\System32\bcrypt.dll
17:59:45.0160 2224 C:\Windows\System32\bcrypt.dll - ok
17:59:45.0175 2224 [ BED41BC388BAF9D31152E9B0B4F88360 ] C:\Windows\System32\ncrypt.dll
17:59:45.0175 2224 C:\Windows\System32\ncrypt.dll - ok
17:59:45.0175 2224 [ 1DBC3C3728F7787A36BEDF2DF7E48AB3 ] C:\Windows\System32\powrprof.dll
17:59:45.0175 2224 C:\Windows\System32\powrprof.dll - ok
17:59:45.0175 2224 [ 5AF14A9AEB3092F4304F5E5EC4328B67 ] C:\Windows\System32\ntasn1.dll
17:59:45.0175 2224 C:\Windows\System32\ntasn1.dll - ok
17:59:45.0175 2224 [ 04F8A9CC544B08634EC932E017434457 ] C:\Windows\System32\winlogonext.dll
17:59:45.0175 2224 C:\Windows\System32\winlogonext.dll - ok
17:59:45.0191 2224 [ FF6AE8D9D0F0264656DC55C7F60C1EE5 ] C:\Windows\System32\msprivs.dll
17:59:45.0191 2224 C:\Windows\System32\msprivs.dll - ok
17:59:45.0191 2224 [ EECF7FE667129D5B52B1CCD54CB9EEF2 ] C:\Windows\System32\netjoin.dll
17:59:45.0191 2224 C:\Windows\System32\netjoin.dll - ok
17:59:45.0207 2224 [ 853037685DDFA140E8386BA66A096BF8 ] C:\Windows\System32\cryptdll.dll
17:59:45.0207 2224 C:\Windows\System32\cryptdll.dll - ok
17:59:45.0207 2224 [ 4D1E2DC40048C2E07CE4B2ADEFF6A020 ] C:\Windows\System32\kerberos.dll
17:59:45.0207 2224 C:\Windows\System32\kerberos.dll - ok
17:59:45.0207 2224 [ 7D4665483FF800B8972E517748726AB6 ] C:\Windows\System32\negoexts.dll
17:59:45.0207 2224 C:\Windows\System32\negoexts.dll - ok
17:59:45.0222 2224 [ 51DA757F8E4B7FB3DCB14184304C9328 ] C:\Windows\System32\cryptsp.dll
17:59:45.0222 2224 C:\Windows\System32\cryptsp.dll - ok
17:59:45.0222 2224 [ 896B307E803430F67EC772807F9CC023 ] C:\Windows\System32\mswsock.dll
17:59:45.0222 2224 C:\Windows\System32\mswsock.dll - ok
17:59:45.0222 2224 [ 53DC027553EB54B3F84B07122DEEE0CC ] C:\Windows\System32\msv1_0.dll
17:59:45.0222 2224 C:\Windows\System32\msv1_0.dll - ok
17:59:45.0238 2224 [ E01B8CE6646E055D2B806AE4DD5A1202 ] C:\Windows\System32\netlogon.dll
17:59:45.0238 2224 C:\Windows\System32\netlogon.dll - ok
17:59:45.0238 2224 [ 5A2020DDCCBB0ED08BAC2355A075F303 ] C:\Windows\System32\dnsapi.dll
17:59:45.0238 2224 C:\Windows\System32\dnsapi.dll - ok
17:59:45.0238 2224 [ 66385FE1DDCEA70EDFB25F57C8507D7B ] C:\Windows\System32\logoncli.dll
17:59:45.0238 2224 C:\Windows\System32\logoncli.dll - ok
17:59:45.0253 2224 [ 40B10EAB69F4087C60DC21B5C92A4702 ] C:\Windows\System32\TSpkg.dll
17:59:45.0253 2224 C:\Windows\System32\TSpkg.dll - ok
17:59:45.0253 2224 [ 64E2C7176D189E4A838D04F7C724CAE7 ] C:\Windows\System32\userenv.dll
17:59:45.0253 2224 C:\Windows\System32\userenv.dll - ok
17:59:45.0253 2224 [ C51CF4D9DA57EA894967752090F6E2CF ] C:\Windows\System32\pku2u.dll
17:59:45.0253 2224 C:\Windows\System32\pku2u.dll - ok
17:59:45.0269 2224 [ A41455649982EE080BE5CA8A72153808 ] C:\Windows\System32\winsta.dll
17:59:45.0269 2224 C:\Windows\System32\winsta.dll - ok
17:59:45.0269 2224 [ D617071B11C99CFE5C4BD0FD82C0609C ] C:\Windows\System32\livessp.dll
17:59:45.0269 2224 C:\Windows\System32\livessp.dll - ok
17:59:45.0269 2224 [ 4CB3F50D37FD6CF3282D018011FE6E87 ] C:\Windows\System32\rsaenh.dll
17:59:45.0269 2224 C:\Windows\System32\rsaenh.dll - ok
17:59:45.0285 2224 [ 45E4A2FADA3579F6DC68F2A0998C3419 ] C:\Windows\System32\wdigest.dll
17:59:45.0285 2224 C:\Windows\System32\wdigest.dll - ok
17:59:45.0285 2224 [ 9D27BB60487764A781FE453F9DED8F1F ] C:\Windows\System32\schannel.dll
17:59:45.0285 2224 C:\Windows\System32\schannel.dll - ok
17:59:45.0285 2224 [ 995F43F02C9C99A895A72AAF8310CFE1 ] C:\Windows\System32\dpapisrv.dll
17:59:45.0285 2224 C:\Windows\System32\dpapisrv.dll - ok
17:59:45.0300 2224 [ 5EBAF77D01D75CAFEF78B47840C75569 ] C:\Windows\System32\efslsaext.dll
17:59:45.0300 2224 C:\Windows\System32\efslsaext.dll - ok
17:59:45.0300 2224 [ 700BB3365D04B1606A03FB1D6B19C138 ] C:\Windows\System32\credssp.dll
17:59:45.0300 2224 C:\Windows\System32\credssp.dll - ok
17:59:45.0300 2224 [ 1F1B8D07708E40E54C55B392C78ECCE2 ] C:\Windows\System32\scecli.dll
17:59:45.0300 2224 C:\Windows\System32\scecli.dll - ok
17:59:45.0316 2224 [ 7172D44ED18787964B43146863466672 ] C:\Windows\System32\scesrv.dll
17:59:45.0316 2224 C:\Windows\System32\scesrv.dll - ok
17:59:45.0316 2224 [ 1FCCB71ADD51C919D003DD0D95FB8992 ] C:\Windows\System32\authz.dll
17:59:45.0316 2224 C:\Windows\System32\authz.dll - ok
17:59:45.0316 2224 [ 296823744D624E98A46759AD58911FC3 ] C:\Windows\System32\netutils.dll
17:59:45.0316 2224 C:\Windows\System32\netutils.dll - ok
17:59:45.0331 2224 [ E4CA434F251681590D0538BC21C32D2F ] C:\Windows\System32\svchost.exe
17:59:45.0331 2224 C:\Windows\System32\svchost.exe - ok
17:59:45.0331 2224 [ 752A457320A946E03C3AA86C3ACD735E ] C:\Windows\System32\umpnpmgr.dll
17:59:45.0331 2224 C:\Windows\System32\umpnpmgr.dll - ok
17:59:45.0331 2224 [ 00E08B30E7F7C13ECE2CDF4F46A77311 ] C:\Windows\System32\umpo.dll
17:59:45.0331 2224 C:\Windows\System32\umpo.dll - ok
17:59:45.0347 2224 [ 2788CA31DD51CF747D9C94772CE93E02 ] C:\Windows\System32\gpapi.dll
17:59:45.0347 2224 C:\Windows\System32\gpapi.dll - ok
17:59:45.0347 2224 [ 85936A752E6BBE740D9FCF156E1AC5E1 ] C:\Windows\System32\hid.dll
17:59:45.0347 2224 C:\Windows\System32\hid.dll - ok
17:59:45.0347 2224 [ 45F36BBDFD50134488ECA96BB9231818 ] C:\Windows\System32\pcwum.dll
17:59:45.0347 2224 C:\Windows\System32\pcwum.dll - ok
17:59:45.0363 2224 [ 9FF64147DB9078337C15F41A6043C74F ] C:\Windows\System32\umpoext.dll
17:59:45.0363 2224 C:\Windows\System32\umpoext.dll - ok
17:59:45.0363 2224 [ D894CBD7DA753C881EE8D5E33B583225 ] C:\Windows\System32\RpcEpMap.dll
17:59:45.0363 2224 C:\Windows\System32\RpcEpMap.dll - ok
17:59:45.0363 2224 [ 3FD5AE42EC87C6F532A931F96BE731DD ] C:\Windows\System32\rpcss.dll
17:59:45.0363 2224 C:\Windows\System32\rpcss.dll - ok
17:59:45.0378 2224 [ 0D86DEB93CC1D2B32CAF658439350241 ] C:\Windows\System32\RpcRtRemote.dll
17:59:45.0378 2224 C:\Windows\System32\RpcRtRemote.dll - ok
17:59:45.0378 2224 [ A6207A88B596F726DE558425F3B7E592 ] C:\Windows\System32\bisrv.dll
17:59:45.0378 2224 C:\Windows\System32\bisrv.dll - ok
17:59:45.0378 2224 [ 3260D5308DD9AE069FE4881D65389A84 ] C:\Windows\System32\FirewallAPI.dll
17:59:45.0378 2224 C:\Windows\System32\FirewallAPI.dll - ok
17:59:45.0394 2224 [ 54A9F4AC86F2A4E7C3ADE47CAE5DE8E0 ] C:\Windows\System32\psmsrv.dll
17:59:45.0394 2224 C:\Windows\System32\psmsrv.dll - ok
17:59:45.0394 2224 [ B6B69FF200F68888A7FAFDF204D00C91 ] C:\Windows\System32\lsm.dll
17:59:45.0394 2224 C:\Windows\System32\lsm.dll - ok
17:59:45.0410 2224 [ 0D50F3C3D50B878CEAE21B9BE3F6A638 ] C:\Windows\System32\kernel.appcore.dll
17:59:45.0410 2224 C:\Windows\System32\kernel.appcore.dll - ok
17:59:45.0410 2224 [ 9A1175EF7B9E297FDC0ADD33783EF8FF ] C:\Windows\System32\sysntfy.dll
17:59:45.0410 2224 C:\Windows\System32\sysntfy.dll - ok
17:59:45.0410 2224 [ 1596DE403BD75918317F724776487262 ] C:\Windows\System32\UXInit.dll
17:59:45.0410 2224 C:\Windows\System32\UXInit.dll - ok
17:59:45.0425 2224 [ E55B850489F154F85110AE3B436A40D6 ] C:\Windows\System32\wmsgapi.dll
17:59:45.0425 2224 C:\Windows\System32\wmsgapi.dll - ok
17:59:45.0425 2224 [ 5B19A3ED994EB972FBD99AC18D0AEA13 ] C:\Windows\System32\devobj.dll
17:59:45.0425 2224 C:\Windows\System32\devobj.dll - ok
17:59:45.0425 2224 [ 3BE05B2695179F8F3CF1136544E46A14 ] C:\Windows\System32\uxtheme.dll
17:59:45.0425 2224 C:\Windows\System32\uxtheme.dll - ok
17:59:45.0425 2224 [ D65B1C952AEB864C2BAC7A770B17ECCE ] C:\Windows\System32\SystemEventsBrokerServer.dll
17:59:45.0425 2224 C:\Windows\System32\SystemEventsBrokerServer.dll - ok
17:59:45.0441 2224 [ F5ED5BA1243201C5078764F916B0387E ] C:\Windows\System32\dab.dll
17:59:45.0441 2224 C:\Windows\System32\dab.dll - ok
17:59:45.0441 2224 [ 92ABF534E992C61730C24F003BBE192A ] C:\Windows\System32\dpapi.dll
17:59:45.0441 2224 C:\Windows\System32\dpapi.dll - ok
17:59:45.0457 2224 [ 5EF604B0698F4FA962778285E8C5F1F2 ] C:\Windows\System32\drivers\luafv.sys
17:59:45.0457 2224 C:\Windows\System32\drivers\luafv.sys - ok
17:59:45.0457 2224 [ CD45E3FE736150D45EFDC9145DA53757 ] C:\Windows\System32\bi.dll
17:59:45.0457 2224 C:\Windows\System32\bi.dll - ok
17:59:45.0457 2224 [ ABDD2AAA3C3842492FF11D68421D7648 ] C:\Windows\System32\apphelp.dll
17:59:45.0457 2224 C:\Windows\System32\apphelp.dll - ok
17:59:45.0472 2224 [ 3710A8A7508B36AD96A97CE79E17403E ] C:\Windows\System32\LogonUI.exe
17:59:45.0472 2224 C:\Windows\System32\LogonUI.exe - ok
17:59:45.0472 2224 [ 9FF95D589B5626852CECA2444C5C5A58 ] C:\Windows\System32\authui.dll
17:59:45.0472 2224 C:\Windows\System32\authui.dll - ok
17:59:45.0472 2224 [ B4BBC6E4998042EF21437EED52EC0273 ] C:\Windows\System32\dwm.exe
17:59:45.0472 2224 C:\Windows\System32\dwm.exe - ok
17:59:45.0488 2224 [ 9E5FB30E22B37AC7A2CDB445F6AF71A1 ] C:\Windows\System32\dwmredir.dll
17:59:45.0488 2224 C:\Windows\System32\dwmredir.dll - ok
17:59:45.0488 2224 [ 4E905C48CA38770B2C62508E32DB974B ] C:\Windows\System32\dwmcore.dll
17:59:45.0488 2224 C:\Windows\System32\dwmcore.dll - ok
17:59:45.0488 2224 [ 2F80A4B09F735EA880F4A836232613A2 ] C:\Windows\System32\SHCore.dll
17:59:45.0488 2224 C:\Windows\System32\SHCore.dll - ok
17:59:45.0503 2224 [ 1A818AF9E4AFC277C19082B9B644C5E7 ] C:\Windows\System32\dcomp.dll
17:59:45.0503 2224 C:\Windows\System32\dcomp.dll - ok
17:59:45.0503 2224 [ 5802776C98F842CA255F04067ACBB355 ] C:\Windows\System32\WindowsCodecs.dll
17:59:45.0503 2224 C:\Windows\System32\WindowsCodecs.dll - ok
17:59:45.0503 2224 [ 37A1B06AB3493CB276195B7358A6A805 ] C:\Windows\System32\avrt.dll
17:59:45.0503 2224 C:\Windows\System32\avrt.dll - ok
17:59:45.0503 2224 [ 18102CA0EB09DCFE520E69152590EE93 ] C:\Windows\System32\d3d11.dll
17:59:45.0519 2224 C:\Windows\System32\d3d11.dll - ok
17:59:45.0519 2224 [ E475BEF9B460F4F678972F88C5FF50D2 ] C:\Windows\System32\wmiclnt.dll
17:59:45.0519 2224 C:\Windows\System32\wmiclnt.dll - ok
17:59:45.0519 2224 [ 59575523BCA5E8555208621719A32F62 ] C:\Windows\System32\dxgi.dll
17:59:45.0519 2224 C:\Windows\System32\dxgi.dll - ok
17:59:45.0519 2224 [ 389C4E97E3A498159B625A7A13EA4560 ] C:\Windows\System32\d3d10warp.dll
17:59:45.0519 2224 C:\Windows\System32\d3d10warp.dll - ok
17:59:45.0535 2224 [ 6443D4EC94E47804389F323A272B5DC2 ] C:\Windows\System32\dui70.dll
17:59:45.0535 2224 C:\Windows\System32\dui70.dll - ok
17:59:45.0535 2224 [ 534677561FABA42D0EA52E054B8334D4 ] C:\Windows\System32\dwmapi.dll
17:59:45.0535 2224 C:\Windows\System32\dwmapi.dll - ok
17:59:45.0535 2224 [ 2527134BDF1302597BC6E531B3B53D2A ] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\comctl32.dll
17:59:45.0535 2224 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\comctl32.dll - ok
17:59:45.0550 2224 [ 4C66C21B6244A09DD671485D67D13DB9 ] C:\Windows\System32\duser.dll
17:59:45.0550 2224 C:\Windows\System32\duser.dll - ok
17:59:45.0550 2224 [ 8476172591FC115D931EA8DBBB4733FF ] C:\Windows\System32\SndVolSSO.dll
17:59:45.0550 2224 C:\Windows\System32\SndVolSSO.dll - ok
17:59:45.0550 2224 [ BFD87A50EB3C37FABF6B1BB072D850E7 ] C:\Windows\System32\MMDevAPI.dll
17:59:45.0566 2224 C:\Windows\System32\MMDevAPI.dll - ok
17:59:45.0566 2224 [ 529011B16EF71630645DCFD195294332 ] C:\Windows\System32\slc.dll
17:59:45.0566 2224 C:\Windows\System32\slc.dll - ok
17:59:45.0566 2224 [ 949906B18AAE3C6AF975D8E4E9AFEC24 ] C:\Windows\System32\sppc.dll
17:59:45.0566 2224 C:\Windows\System32\sppc.dll - ok
17:59:45.0582 2224 [ 3B85C2DC57230C3EA71E2AF88EEB9DEC ] C:\Windows\System32\BCP47Langs.dll
17:59:45.0582 2224 C:\Windows\System32\BCP47Langs.dll - ok
17:59:45.0582 2224 [ 2898E39D1E0CB9074C18988A2F8B73D3 ] C:\Windows\System32\SmartcardCredentialProvider.dll
17:59:45.0582 2224 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
17:59:45.0582 2224 [ D381B446466B468D27BF23A7A372D205 ] C:\Windows\System32\cngcredui.dll
17:59:45.0582 2224 C:\Windows\System32\cngcredui.dll - ok
17:59:45.0597 2224 [ 906664AF9FCE80DD4FDA268A3506FF13 ] C:\Windows\System32\DWrite.dll
17:59:45.0597 2224 C:\Windows\System32\DWrite.dll - ok
17:59:45.0597 2224 [ E521CCD352373B1825BEA80DEC2B7D97 ] C:\Windows\System32\oleacc.dll
17:59:45.0597 2224 C:\Windows\System32\oleacc.dll - ok
17:59:45.0597 2224 [ 9860C19010CFB3F70DC6EDAEB1F1A5E2 ] C:\Windows\System32\wevtsvc.dll
17:59:45.0597 2224 C:\Windows\System32\wevtsvc.dll - ok
17:59:45.0613 2224 [ 7E9AFBB34ACF6CDC4D596006CEEC74E5 ] C:\Windows\System32\BioCredProv.dll
17:59:45.0613 2224 C:\Windows\System32\BioCredProv.dll - ok
17:59:45.0613 2224 [ 8BDD004DC92D09CCD1F3922C59983019 ] C:\Windows\System32\winbio.dll
17:59:45.0613 2224 C:\Windows\System32\winbio.dll - ok
17:59:45.0613 2224 [ 8513A1E7AE4B9DC82C4B4F432C648A58 ] C:\Windows\System32\profsvc.dll
17:59:45.0613 2224 C:\Windows\System32\profsvc.dll - ok
17:59:45.0628 2224 [ 0BDE0FCF597E9B65600121EF54FF8340 ] C:\Windows\System32\gpsvc.dll
17:59:45.0628 2224 C:\Windows\System32\gpsvc.dll - ok
17:59:45.0628 2224 [ A956CC9503FD75F2372A6B673E1C07B2 ] C:\Windows\System32\UIAnimation.dll
17:59:45.0628 2224 C:\Windows\System32\UIAnimation.dll - ok
17:59:45.0628 2224 [ 835D33D2EF07743028475486D0BA5696 ] C:\Windows\System32\wevtapi.dll
17:59:45.0628 2224 C:\Windows\System32\wevtapi.dll - ok
17:59:45.0644 2224 [ 0341F92E52A8FF814671761179C103FB ] C:\Windows\System32\dsrole.dll
17:59:45.0644 2224 C:\Windows\System32\dsrole.dll - ok
17:59:45.0644 2224 [ E5DFD54D2DAA70738F581D1AC74C09CD ] C:\Windows\System32\nlaapi.dll
17:59:45.0644 2224 C:\Windows\System32\nlaapi.dll - ok
17:59:45.0644 2224 [ C77D967840F17DED03DA4BA9D3C40FDB ] C:\Windows\System32\profsvcext.dll
17:59:45.0644 2224 C:\Windows\System32\profsvcext.dll - ok
17:59:45.0660 2224 [ A5F79CC03396AAC79F79C1368DA08A95 ] C:\Windows\System32\ntdsapi.dll
17:59:45.0660 2224 C:\Windows\System32\ntdsapi.dll - ok
17:59:45.0660 2224 [ D60F99ECBFCE0C01BE4C5B06E09435DB ] C:\Windows\System32\atl.dll
17:59:45.0660 2224 C:\Windows\System32\atl.dll - ok
17:59:45.0660 2224 [ BA25717D6694B6C472129AD93893A03D ] C:\Windows\System32\netapi32.dll
17:59:45.0660 2224 C:\Windows\System32\netapi32.dll - ok
17:59:45.0675 2224 [ 05FBE1F7C13E87AF7A414CDF288B1F62 ] C:\Windows\System32\themeservice.dll
17:59:45.0675 2224 C:\Windows\System32\themeservice.dll - ok
17:59:45.0675 2224 [ F71E12EBA575EBD58B499BC7C39D0CD0 ] C:\Windows\System32\wkscli.dll
17:59:45.0675 2224 C:\Windows\System32\wkscli.dll - ok
17:59:45.0675 2224 [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3 ] C:\Windows\System32\es.dll
17:59:45.0675 2224 C:\Windows\System32\es.dll - ok
17:59:45.0691 2224 [ 5E47B467A1CD51943C370BF781E1A4F1 ] C:\Windows\System32\taskschd.dll
17:59:45.0691 2224 C:\Windows\System32\taskschd.dll - ok
17:59:45.0691 2224 [ A88882E64BDC1D8E8D6E727B71CCCC53 ] C:\Windows\System32\Sens.dll
17:59:45.0691 2224 C:\Windows\System32\Sens.dll - ok
17:59:45.0691 2224 [ 8721643ED5447F245762DF0A976AB87A ] C:\Windows\System32\wtsapi32.dll
17:59:45.0691 2224 C:\Windows\System32\wtsapi32.dll - ok
17:59:45.0707 2224 [ 4903CBC14742B5AB4DCF7A92F7DEC483 ] C:\Windows\System32\AudioEndpointBuilder.dll
17:59:45.0707 2224 C:\Windows\System32\AudioEndpointBuilder.dll - ok
17:59:45.0707 2224 [ 183CA7699474FDE235853967D1DA4D9B ] C:\Windows\System32\FntCache.dll
17:59:45.0707 2224 C:\Windows\System32\FntCache.dll - ok
17:59:45.0707 2224 [ FD788C2D96EA91469A3C1D13E80D7473 ] C:\Windows\System32\mmcss.dll
17:59:45.0707 2224 C:\Windows\System32\mmcss.dll - ok
17:59:45.0722 2224 [ EF276593AD1BDF5A99032F62D6272848 ] C:\Windows\System32\audiosrv.dll
17:59:45.0722 2224 C:\Windows\System32\audiosrv.dll - ok
17:59:45.0722 2224 [ C09010B3680860131631F53E8FE7BAD8 ] C:\Windows\System32\drivers\lltdio.sys
17:59:45.0722 2224 C:\Windows\System32\drivers\lltdio.sys - ok
17:59:45.0722 2224 [ B832B35055BA2B7B4181861FF94D8E59 ] C:\Windows\System32\drivers\ndisuio.sys
17:59:45.0722 2224 C:\Windows\System32\drivers\ndisuio.sys - ok
17:59:45.0738 2224 [ CF8B989D89D6807B887690F2CF24EFD9 ] C:\Windows\System32\drivers\nwifi.sys
17:59:45.0738 2224 C:\Windows\System32\drivers\nwifi.sys - ok
17:59:45.0738 2224 [ 2D05A5508F4685412F2B89E8C2189ABC ] C:\Windows\System32\drivers\rspndr.sys
17:59:45.0738 2224 C:\Windows\System32\drivers\rspndr.sys - ok
17:59:45.0738 2224 [ D113FAD71A5E67AA94B32A0F8828D265 ] C:\Windows\System32\lmhsvc.dll
17:59:45.0738 2224 C:\Windows\System32\lmhsvc.dll - ok
17:59:45.0753 2224 [ 50D1A7BF4F35D3897657EAAFA377369D ] C:\Windows\System32\samlib.dll
17:59:45.0753 2224 C:\Windows\System32\samlib.dll - ok
17:59:45.0753 2224 [ F3C88687207F4F75773D288A6D4B61F7 ] C:\Windows\System32\certCredProvider.dll
17:59:45.0753 2224 C:\Windows\System32\certCredProvider.dll - ok
17:59:45.0753 2224 [ 96F4101AA72C55A7554733A05A797088 ] C:\Windows\System32\wlidcredprov.dll
17:59:45.0753 2224 C:\Windows\System32\wlidcredprov.dll - ok
17:59:45.0769 2224 [ 35109E2FBC865F881D5DC61684A513FE ] C:\Windows\System32\aticfx64.dll
17:59:45.0769 2224 C:\Windows\System32\aticfx64.dll - ok
17:59:45.0769 2224 [ 119CE6CF93183EB144F5EA9A4A5A6AB3 ] C:\Windows\System32\rasplap.dll
17:59:45.0769 2224 C:\Windows\System32\rasplap.dll - ok
17:59:45.0769 2224 [ 4D8F3CEF04AFF366972ED6411DB2E0E0 ] C:\Windows\System32\rasapi32.dll
17:59:45.0769 2224 C:\Windows\System32\rasapi32.dll - ok
17:59:45.0785 2224 [ 950E87673E2AE1A536869BCC4E711D67 ] C:\Windows\System32\rtutils.dll
17:59:45.0785 2224 C:\Windows\System32\rtutils.dll - ok
17:59:45.0785 2224 [ 9FB85E37238FEA836E5E6779A93DA461 ] C:\Windows\System32\rasman.dll
17:59:45.0785 2224 C:\Windows\System32\rasman.dll - ok
17:59:45.0785 2224 [ 0D12F606DE18A5739AF27F12A32C6A6E ] C:\Windows\System32\IPHLPAPI.DLL
17:59:45.0785 2224 C:\Windows\System32\IPHLPAPI.DLL - ok
17:59:45.0800 2224 [ DB9657253BD51C172B3262B9CD5463F3 ] C:\Windows\System32\nrpsrv.dll
17:59:45.0800 2224 C:\Windows\System32\nrpsrv.dll - ok
17:59:45.0800 2224 [ 6E2271ED0C3E95B8E29F3752B91B9E84 ] C:\Windows\System32\nsisvc.dll
17:59:45.0800 2224 C:\Windows\System32\nsisvc.dll - ok
17:59:45.0800 2224 [ FD9683552D97156E0C5B948BDABA2569 ] C:\Windows\System32\winnsi.dll
17:59:45.0800 2224 C:\Windows\System32\winnsi.dll - ok
17:59:45.0816 2224 [ 772365894F14652D376B2E5030179DC9 ] C:\Windows\System32\wcmsvc.dll
17:59:45.0816 2224 C:\Windows\System32\wcmsvc.dll - ok
17:59:45.0816 2224 [ 511238503CDDDCA563BB201EED26E7A0 ] C:\Windows\System32\wcmcsp.dll
17:59:45.0816 2224 C:\Windows\System32\wcmcsp.dll - ok
17:59:45.0832 2224 [ 728D3349FAB251B0265EFA55C67DCA2D ] C:\Windows\System32\wlansvc.dll
17:59:45.0832 2224 C:\Windows\System32\wlansvc.dll - ok
17:59:45.0832 2224 [ 8B107F55FD61654A6C9F1B819AEC5FC4 ] C:\Windows\System32\dhcpcore.dll
17:59:45.0832 2224 C:\Windows\System32\dhcpcore.dll - ok
17:59:45.0832 2224 [ 3B03178E65E6903328644E329B24D8B2 ] C:\Windows\System32\version.dll
17:59:45.0832 2224 C:\Windows\System32\version.dll - ok
17:59:45.0847 2224 [ 813292CC10F625BDAAEA76EABDECD82F ] C:\Windows\System32\winbrand.dll
17:59:45.0847 2224 C:\Windows\System32\winbrand.dll - ok
17:59:45.0847 2224 [ 1547E5B7D2EF477D422EBE0FE58508CC ] C:\Windows\System32\AuthExt.dll
17:59:45.0847 2224 C:\Windows\System32\AuthExt.dll - ok
17:59:45.0847 2224 [ 30D839DEBD6B0E89D13B9259C39B3FFA ] C:\Windows\System32\propsys.dll
17:59:45.0847 2224 C:\Windows\System32\propsys.dll - ok
17:59:45.0863 2224 [ EC2DB85DD72A3506D60B428A36F5E27E ] C:\Windows\System32\NetworkStatus.dll
17:59:45.0863 2224 C:\Windows\System32\NetworkStatus.dll - ok
17:59:45.0863 2224 [ 1CE1F2BBF92DF79CF8638FDA04DB4F10 ] C:\Windows\System32\shacct.dll
17:59:45.0863 2224 C:\Windows\System32\shacct.dll - ok
17:59:45.0878 2224 [ 04B39CF60E0E379D400750DAB02D12DB ] C:\Windows\System32\InputSwitch.dll
17:59:45.0878 2224 C:\Windows\System32\InputSwitch.dll - ok
17:59:45.0878 2224 [ F22BC2C1BD805F874540B7595F0C804D ] C:\Windows\System32\IDStore.dll
17:59:45.0878 2224 C:\Windows\System32\IDStore.dll - ok
17:59:45.0878 2224 [ 5EC234995AFB7356A8B1A22C9244F243 ] C:\Windows\System32\wuaext.dll
17:59:45.0878 2224 C:\Windows\System32\wuaext.dll - ok
17:59:45.0894 2224 [ 46E0F92B51247ECCE5A837D613517182 ] C:\Windows\System32\samcli.dll
17:59:45.0894 2224 C:\Windows\System32\samcli.dll - ok
17:59:45.0894 2224 [ 58F28103889817C93E5B5AFABC87E709 ] C:\Windows\System32\wbiosrvc.dll
17:59:45.0894 2224 C:\Windows\System32\wbiosrvc.dll - ok
17:59:45.0894 2224 [ 5BAF7714E68F93515A937A3FA8587EF9 ] C:\Windows\System32\dnsrslvr.dll
17:59:45.0894 2224 C:\Windows\System32\dnsrslvr.dll - ok
17:59:45.0910 2224 [ 1946308C7FF73E4CD47579F34F9F6E1B ] C:\Windows\System32\dhcpcore6.dll
17:59:45.0910 2224 C:\Windows\System32\dhcpcore6.dll - ok
17:59:45.0910 2224 [ 91E000AE0DA97BE6280376FDD477C476 ] C:\Windows\System32\FWPUCLNT.DLL
17:59:45.0910 2224 C:\Windows\System32\FWPUCLNT.DLL - ok
17:59:45.0925 2224 [ 8D25DE2AC85BC807DC19D4DAF6AA6D27 ] C:\Windows\System32\dnsext.dll
17:59:45.0925 2224 C:\Windows\System32\dnsext.dll - ok
17:59:45.0925 2224 [ D4CFAC89188EC0B887CFFCA7C80E495D ] C:\Windows\System32\dhcpcsvc6.dll
17:59:45.0925 2224 C:\Windows\System32\dhcpcsvc6.dll - ok
17:59:45.0941 2224 [ 3378C5241A1FE2F1D34BCC3ABC99F435 ] C:\Windows\System32\dhcpcsvc.dll
17:59:45.0941 2224 C:\Windows\System32\dhcpcsvc.dll - ok
17:59:45.0941 2224 [ 59C04629522B5815BF39F8A310FD2C81 ] C:\Windows\System32\onex.dll
17:59:45.0941 2224 C:\Windows\System32\onex.dll - ok
17:59:45.0941 2224 [ FE04048C1D11EEC3FA40982F78CA0178 ] C:\Windows\System32\wlanmsm.dll
17:59:45.0941 2224 C:\Windows\System32\wlanmsm.dll - ok
17:59:45.0941 2224 [ 8E54F32766CFFC9112800533D721236C ] C:\Windows\System32\wlansec.dll
17:59:45.0941 2224 C:\Windows\System32\wlansec.dll - ok
17:59:45.0957 2224 [ F5946BC89C6D350ADADDA9676DF28CF3 ] C:\Windows\System32\eappprxy.dll
17:59:45.0957 2224 C:\Windows\System32\eappprxy.dll - ok
17:59:45.0957 2224 [ 3B04158DE50AB283B3A5FB5E70C48FB4 ] C:\Windows\System32\wlansvcpal.dll
17:59:45.0957 2224 C:\Windows\System32\wlansvcpal.dll - ok
17:59:45.0972 2224 [ D9D2CC3B8C41B59B1E964D0F89CCA330 ] C:\Windows\System32\msxml6.dll
17:59:45.0972 2224 C:\Windows\System32\msxml6.dll - ok
17:59:45.0972 2224 [ 2244C13A861137EE7D518607592C221D ] C:\Windows\System32\Windows.UI.Immersive.dll
17:59:45.0972 2224 C:\Windows\System32\Windows.UI.Immersive.dll - ok
17:59:45.0972 2224 [ 03CC7C6D00212DF6D6CB5C93432410ED ] C:\Windows\System32\UIAutomationCore.dll
17:59:45.0972 2224 C:\Windows\System32\UIAutomationCore.dll - ok
17:59:45.0988 2224 [ C386F4A32947092776A8E4EB88BFCD9E ] C:\Windows\System32\fveapi.dll
17:59:45.0988 2224 C:\Windows\System32\fveapi.dll - ok
17:59:45.0988 2224 [ 7913D3236FC4EE7EB28B80361B1737BD ] C:\Windows\System32\bcd.dll
17:59:45.0988 2224 C:\Windows\System32\bcd.dll - ok
17:59:45.0988 2224 [ D50705D14E8C876A47FF14B999B4A6C3 ] C:\Windows\System32\fvecerts.dll
17:59:45.0988 2224 C:\Windows\System32\fvecerts.dll - ok
17:59:46.0003 2224 [ 3095D55353A22224E7972F9B552AA69D ] C:\Windows\System32\msftedit.dll
17:59:46.0003 2224 C:\Windows\System32\msftedit.dll - ok
17:59:46.0003 2224 [ 6A5C1EA6E0B31B168FDE21A1FDC078C2 ] C:\Windows\System32\msimg32.dll
17:59:46.0003 2224 C:\Windows\System32\msimg32.dll - ok
17:59:46.0019 2224 [ AC867DEC5E0E12BA342BF9B00D93F2B6 ] C:\Windows\System32\Windows.Globalization.dll
17:59:46.0019 2224 C:\Windows\System32\Windows.Globalization.dll - ok
17:59:46.0019 2224 [ 7A1BAB2BDCF59A506588DDF58ED43E21 ] C:\Windows\System32\globinputhost.dll
17:59:46.0019 2224 C:\Windows\System32\globinputhost.dll - ok
17:59:46.0019 2224 [ 775965CF80FA406DEF00A1415372E82A ] C:\Windows\System32\ninput.dll
17:59:46.0019 2224 C:\Windows\System32\ninput.dll - ok
17:59:46.0035 2224 [ 070B4DE2729515E9F22E4AAFD7B2497C ] C:\Windows\System32\ntmarta.dll
17:59:46.0035 2224 C:\Windows\System32\ntmarta.dll - ok
17:59:46.0035 2224 [ 2EAF0A1F9E4DF34862CC5A2B5437E450 ] C:\Windows\System32\SettingSyncCore.dll
17:59:46.0035 2224 C:\Windows\System32\SettingSyncCore.dll - ok
17:59:46.0050 2224 [ 0934499394EB3D8027B8AB78C07D56CB ] C:\Windows\System32\dllhost.exe
17:59:46.0050 2224 C:\Windows\System32\dllhost.exe - ok
17:59:46.0050 2224 [ 418CE7366D46EB9F008DD8CEDE9A2CEC ] C:\Windows\System32\CredentialMigrationHandler.dll
17:59:46.0050 2224 C:\Windows\System32\CredentialMigrationHandler.dll - ok
17:59:46.0050 2224 [ A50621AF8812D32B9F83ADF5EDD05275 ] C:\Windows\System32\atiuxp64.dll
17:59:46.0050 2224 C:\Windows\System32\atiuxp64.dll - ok
17:59:46.0066 2224 [ 263B6E451526A90FF8B1CEC759F22956 ] C:\Windows\System32\wininet.dll
17:59:46.0066 2224 C:\Windows\System32\wininet.dll - ok
17:59:46.0066 2224 [ 9F5405BA90DBD4E148FA0FD695145192 ] C:\Windows\System32\atidxx64.dll
17:59:46.0066 2224 C:\Windows\System32\atidxx64.dll - ok
17:59:46.0066 2224 [ 6300AD525D639CECBB3D144B6D7B30F9 ] C:\Windows\System32\iertutil.dll
17:59:46.0066 2224 C:\Windows\System32\iertutil.dll - ok
17:59:46.0082 2224 [ 8744BDDA941E77B6402C91D220EFD4F9 ] C:\Windows\System32\AppxAllUserStore.dll
17:59:46.0082 2224 C:\Windows\System32\AppxAllUserStore.dll - ok
17:59:46.0082 2224 [ EF5A9D7523E4530D2030D4EA2D90FEC3 ] C:\Windows\System32\uDWM.dll
17:59:46.0082 2224 C:\Windows\System32\uDWM.dll - ok
17:59:46.0082 2224 [ E41C0291E2F2FDFBF2875E4473F81031 ] C:\Windows\System32\mpr.dll
17:59:46.0082 2224 C:\Windows\System32\mpr.dll - ok
17:59:46.0097 2224 [ 053472337FDD116BD010C88DB0C34DF1 ] C:\Windows\System32\d2d1.dll
17:59:46.0097 2224 C:\Windows\System32\d2d1.dll - ok
17:59:46.0097 2224 [ 08C191B2917862BE90C33E31CB6B6D79 ] C:\Windows\System32\userinit.exe
17:59:46.0097 2224 C:\Windows\System32\userinit.exe - ok
17:59:46.0097 2224 [ D8EB154CC954E526970E7C56B724E659 ] C:\Windows\System32\userinitext.dll
17:59:46.0097 2224 C:\Windows\System32\userinitext.dll - ok
17:59:46.0113 2224 [ 9543FE667E9709640F1D9852BCF97A17 ] C:\Windows\System32\xmllite.dll
17:59:46.0113 2224 C:\Windows\System32\xmllite.dll - ok
17:59:46.0113 2224 [ 0DF0FA32C2841537B0610B4179320A3A ] C:\Windows\System32\TetheringIeProvider.dll
17:59:46.0113 2224 C:\Windows\System32\TetheringIeProvider.dll - ok
17:59:46.0128 2224 [ 9F309FB487DBA2D53EEC8418029D1784 ] C:\Windows\System32\WiFiDisplay.dll
17:59:46.0128 2224 C:\Windows\System32\WiFiDisplay.dll - ok
17:59:46.0128 2224 [ 63DC38C3E4564B2405D562855643ABA2 ] C:\Windows\explorer.exe
17:59:46.0128 2224 C:\Windows\explorer.exe - ok
17:59:46.0128 2224 [ 40932AF9B3D04E307F019784243A18F3 ] C:\Windows\System32\twinapi.dll
17:59:46.0128 2224 C:\Windows\System32\twinapi.dll - ok
17:59:46.0144 2224 [ 4607B84C62D4537B0B7D69B217B8A999 ] C:\Windows\System32\wlanapi.dll
17:59:46.0144 2224 C:\Windows\System32\wlanapi.dll - ok
17:59:46.0144 2224 [ 6234321BF60C3CC6D344D3F1B10F0E7C ] C:\Windows\System32\l2gpstore.dll
17:59:46.0144 2224 C:\Windows\System32\l2gpstore.dll - ok
17:59:46.0144 2224 [ 2988ACC988D3FC47447D368CB5450162 ] C:\Windows\System32\wlanhlp.dll
17:59:46.0144 2224 C:\Windows\System32\wlanhlp.dll - ok
17:59:46.0160 2224 [ 682C1B06C4E00A9DC995E4B2FD626CB2 ] C:\Windows\System32\wlgpclnt.dll
17:59:46.0160 2224 C:\Windows\System32\wlgpclnt.dll - ok
17:59:46.0160 2224 [ 098A6AC9EC3D8958F2404073E488945A ] C:\Windows\System32\netcfgx.dll
17:59:46.0160 2224 C:\Windows\System32\netcfgx.dll - ok
17:59:46.0175 2224 [ 0D190D8B4B20446BE6299AC734DFADF1 ] C:\Windows\System32\shsvcs.dll
17:59:46.0175 2224 C:\Windows\System32\shsvcs.dll - ok
17:59:46.0175 2224 [ 4897A55EEBC1D3F6DFEB1CD94C241F48 ] C:\Windows\System32\SubscriptionMgr.dll
17:59:46.0175 2224 C:\Windows\System32\SubscriptionMgr.dll - ok
17:59:46.0191 2224 [ 888A30EAB651502352C18745367FD179 ] C:\Windows\System32\schedsvc.dll
17:59:46.0191 2224 C:\Windows\System32\schedsvc.dll - ok
17:59:46.0191 2224 [ 0B48E0DFB44EE475F4FD8A8EE599AF30 ] C:\Windows\System32\drivers\vwifimp.sys
17:59:46.0191 2224 C:\Windows\System32\drivers\vwifimp.sys - ok
17:59:46.0191 2224 [ 39435F4007F1CEDEF04356892B18D174 ] C:\Windows\System32\ubpm.dll
17:59:46.0191 2224 C:\Windows\System32\ubpm.dll - ok
17:59:46.0207 2224 [ 5B9290D5540BDC461500DB84FC3606F0 ] C:\Windows\System32\CSystemEventsBrokerClient.dll
17:59:46.0207 2224 C:\Windows\System32\CSystemEventsBrokerClient.dll - ok
17:59:46.0207 2224 [ E04863DDDA4D5386895D316B9A26958F ] C:\Windows\System32\ktmw32.dll
17:59:46.0207 2224 C:\Windows\System32\ktmw32.dll - ok
17:59:46.0207 2224 [ 68DEABD4CB0CF3920D3B6CCAA36173BC ] C:\Windows\System32\taskcomp.dll
17:59:46.0207 2224 C:\Windows\System32\taskcomp.dll - ok
17:59:46.0222 2224 [ 5D9B166EFBA673C8221C5C97CCFB5BFE ] C:\Windows\System32\wcmapi.dll
17:59:46.0222 2224 C:\Windows\System32\wcmapi.dll - ok
17:59:46.0222 2224 [ 1E10B23560C34A90A0FA6ECD26E8565F ] C:\Windows\System32\ProximityService.dll
17:59:46.0222 2224 C:\Windows\System32\ProximityService.dll - ok
17:59:46.0222 2224 [ 02C6DF84328E271C3F844E477CB25169 ] C:\Windows\System32\ProximityServicePal.dll
17:59:46.0222 2224 C:\Windows\System32\ProximityServicePal.dll - ok
17:59:46.0238 2224 [ 02E72187BE9329E4D9255BC5AE6D8286 ] C:\Windows\System32\ProximityCommon.dll
17:59:46.0238 2224 C:\Windows\System32\ProximityCommon.dll - ok
17:59:46.0238 2224 [ 1EE65FEAA57FBC2050AE153D07C8DC3F ] C:\Windows\System32\ProximityCommonPal.dll
17:59:46.0238 2224 C:\Windows\System32\ProximityCommonPal.dll - ok
17:59:46.0238 2224 [ 3502776E366C913D49C0DA928AE3E6CB ] C:\Windows\System32\drivers\http.sys
17:59:46.0238 2224 C:\Windows\System32\drivers\http.sys - ok
17:59:46.0253 2224 [ FE0CB40F36D3FCDD3A1B312EF72C38D5 ] C:\Windows\System32\spoolsv.exe
17:59:46.0253 2224 C:\Windows\System32\spoolsv.exe - ok
17:59:46.0253 2224 [ EDE582496D0CADEE35EA2B1076FF19A8 ] C:\Windows\System32\taskhost.exe
17:59:46.0253 2224 C:\Windows\System32\taskhost.exe - ok
17:59:46.0253 2224 [ 40BD4960734B0FA0872AF71B1E4314CE ] C:\Windows\System32\taskhostex.exe
17:59:46.0253 2224 C:\Windows\System32\taskhostex.exe - ok
17:59:46.0269 2224 [ 91F27BC87BEB6DFDC709FF484F64F1D4 ] C:\Windows\System32\PlaySndSrv.dll
17:59:46.0269 2224 C:\Windows\System32\PlaySndSrv.dll - ok
17:59:46.0269 2224 [ 5E536FD2C9EBFB9388DD76BCC56C7232 ] C:\Windows\System32\MsCtfMonitor.dll
17:59:46.0269 2224 C:\Windows\System32\MsCtfMonitor.dll - ok
17:59:46.0285 2224 [ 9729D3F9896B6F309DC50CE3769AC9C1 ] C:\Windows\System32\msutb.dll
17:59:46.0285 2224 C:\Windows\System32\msutb.dll - ok
17:59:46.0285 2224 [ 6468B696C65775D51A06615830E0E79D ] C:\Windows\System32\BFE.DLL
17:59:46.0285 2224 C:\Windows\System32\BFE.DLL - ok
17:59:46.0285 2224 [ CBCA90CF2ACE96038571ED0A7BD3D756 ] C:\Windows\System32\esent.dll
17:59:46.0285 2224 C:\Windows\System32\esent.dll - ok
17:59:46.0300 2224 [ 6B4FFFDDC618FCF64473CAA86E305697 ] C:\Windows\System32\drivers\bowser.sys
17:59:46.0300 2224 C:\Windows\System32\drivers\bowser.sys - ok
17:59:46.0300 2224 [ F170510BE94CF45E3C6274578F6204B2 ] C:\Windows\System32\drivers\mpsdrv.sys
17:59:46.0300 2224 C:\Windows\System32\drivers\mpsdrv.sys - ok
17:59:46.0316 2224 [ 79B6F3DF7CDFD12159871FF71464F0CE ] C:\Windows\System32\drivers\mrxsmb.sys
17:59:46.0316 2224 C:\Windows\System32\drivers\mrxsmb.sys - ok
17:59:46.0316 2224 [ AAF56E4E84D35411B4E446C445732DFE ] C:\Windows\System32\drivers\mrxsmb20.sys
17:59:46.0316 2224 C:\Windows\System32\drivers\mrxsmb20.sys - ok
17:59:46.0316 2224 [ D186C5844393252147BE934F3871DB7A ] C:\Windows\System32\MPSSVC.dll
17:59:46.0316 2224 C:\Windows\System32\MPSSVC.dll - ok
17:59:46.0332 2224 [ 9B95FCB49595A869F27034916382FE57 ] C:\Windows\System32\adhapi.dll
17:59:46.0332 2224 C:\Windows\System32\adhapi.dll - ok
17:59:46.0332 2224 [ 9DF590DEA96B6756CF8D73C2525797BE ] C:\Windows\System32\wfapigp.dll
17:59:46.0332 2224 C:\Windows\System32\wfapigp.dll - ok
17:59:46.0332 2224 [ D0D9C2ECA4D03A8F06DCD91236B90C98 ] C:\Windows\System32\wkssvc.dll
17:59:46.0332 2224 C:\Windows\System32\wkssvc.dll - ok
17:59:46.0347 2224 [ F2629AF810E939672173CB17ECAC1667 ] C:\Windows\System32\MrmCoreR.dll
17:59:46.0347 2224 C:\Windows\System32\MrmCoreR.dll - ok
17:59:46.0347 2224 [ 22874047B810B5B174C68ACD7C0B6510 ] C:\Windows\System32\urlmon.dll
17:59:46.0347 2224 C:\Windows\System32\urlmon.dll - ok
17:59:46.0363 2224 [ E8CCB797DAF80779C768BD3A9FC8FCAF ] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys
17:59:46.0363 2224 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys - ok
17:59:46.0363 2224 [ 0EFE4B5884A8032617826A4D76F80969 ] C:\Windows\System32\cryptsvc.dll
17:59:46.0363 2224 C:\Windows\System32\cryptsvc.dll - ok
17:59:46.0378 2224 [ 281BEE07BA97E3E98D12A822D923D0D8 ] C:\Windows\System32\dps.dll
17:59:46.0378 2224 C:\Windows\System32\dps.dll - ok
17:59:46.0378 2224 [ 295771B092D4F7FCF2B62F80CCD14320 ] C:\Windows\System32\drivers\mrxsmb10.sys
17:59:46.0378 2224 C:\Windows\System32\drivers\mrxsmb10.sys - ok
17:59:46.0378 2224 [ 6AB51A84C2400F1346CCD6B65766DDCD ] C:\Windows\System32\cryptcatsvc.dll
17:59:46.0378 2224 C:\Windows\System32\cryptcatsvc.dll - ok
17:59:46.0394 2224 [ ED8901D9AF4023CAD4738D3A4DF9645B ] C:\Windows\System32\crypttpmeksvc.dll
17:59:46.0394 2224 C:\Windows\System32\crypttpmeksvc.dll - ok
17:59:46.0394 2224 [ 8FA4755F3BA513F4BAE0A2AF1BE8C5F7 ] C:\Windows\System32\vssapi.dll
17:59:46.0394 2224 C:\Windows\System32\vssapi.dll - ok
17:59:46.0394 2224 [ 5A072F0B90C29C5233D78BE33EF5ED78 ] C:\Windows\System32\drivers\Ndu.sys
17:59:46.0394 2224 C:\Windows\System32\drivers\Ndu.sys - ok
17:59:46.0410 2224 [ BA50CC0BD19004AAB88BE37338B6FA0D ] C:\Windows\System32\drivers\PEAuth.sys
17:59:46.0410 2224 C:\Windows\System32\drivers\PEAuth.sys - ok
17:59:46.0410 2224 [ 9A5309EF92F39346CFD5A4C2C3D1BFAD ] C:\Windows\System32\pcasvc.dll
17:59:46.0410 2224 C:\Windows\System32\pcasvc.dll - ok
17:59:46.0410 2224 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
17:59:46.0410 2224 C:\Windows\System32\drivers\secdrv.sys - ok
17:59:46.0425 2224 [ 77195C32175FC63D6054EBA5A066D727 ] C:\Windows\System32\drivers\srvnet.sys
17:59:46.0425 2224 C:\Windows\System32\drivers\srvnet.sys - ok
17:59:46.0425 2224 [ 941EDC6791A09356EEBEC309C1633CA2 ] C:\Windows\System32\vsstrace.dll
17:59:46.0425 2224 C:\Windows\System32\vsstrace.dll - ok
17:59:46.0425 2224 [ 0D0CD1020D821F4D2AC95280213D2F2E ] C:\Windows\System32\aepic.dll
17:59:46.0425 2224 C:\Windows\System32\aepic.dll - ok
17:59:46.0441 2224 [ 33A7D83EEB15431773A6E186CFAABA21 ] C:\Windows\System32\drivers\tcpipreg.sys
17:59:46.0441 2224 C:\Windows\System32\drivers\tcpipreg.sys - ok
17:59:46.0441 2224 [ 3A280F3B3C7A46E29C404ACD46ECBF5E ] C:\Windows\System32\nlasvc.dll
17:59:46.0441 2224 C:\Windows\System32\nlasvc.dll - ok
17:59:46.0441 2224 [ 770D71782A90BE9C48C4310C5C35E25B ] C:\Windows\System32\sfc_os.dll
17:59:46.0441 2224 C:\Windows\System32\sfc_os.dll - ok
17:59:46.0457 2224 [ E45DA7CBBA34510C8B9473AD7D4FFD0B ] C:\Windows\System32\sysmain.dll
17:59:46.0457 2224 C:\Windows\System32\sysmain.dll - ok
17:59:46.0457 2224 [ 380AA537624F698F4C51C55806D30E69 ] C:\Windows\System32\ncsi.dll
17:59:46.0457 2224 C:\Windows\System32\ncsi.dll - ok
17:59:46.0457 2224 [ 282E7D46310338FF4A6B7680440EB0DA ] C:\Windows\System32\drivers\WdNisDrv.sys
17:59:46.0457 2224 C:\Windows\System32\drivers\WdNisDrv.sys - ok
17:59:46.0472 2224 [ C97E14BB6A196B0554D6EB67D8818175 ] C:\Windows\System32\trkwks.dll
17:59:46.0472 2224 C:\Windows\System32\trkwks.dll - ok
17:59:46.0472 2224 [ DD079EC8F44DCA3A176B345C6ADEFB66 ] C:\Windows\System32\winhttp.dll
17:59:46.0472 2224 C:\Windows\System32\winhttp.dll - ok
17:59:46.0488 2224 [ 2EDEA049EF63BDC17CDEB17090788DC2 ] C:\Program Files\Windows Defender\MpSvc.dll
17:59:46.0488 2224 C:\Program Files\Windows Defender\MpSvc.dll - ok
17:59:46.0488 2224 [ 90B85FFBDEEAD1BE861D59134EA985B0 ] C:\Program Files\Windows Defender\MsMpEng.exe
17:59:46.0488 2224 C:\Program Files\Windows Defender\MsMpEng.exe - ok
17:59:46.0488 2224 [ 90B06AD0BA271ABDD56A77040B39C525 ] C:\Windows\System32\ssdpapi.dll
17:59:46.0488 2224 C:\Windows\System32\ssdpapi.dll - ok
17:59:46.0503 2224 [ 86BEAB5F847094D30E057F7F2C7122B6 ] C:\Program Files\Windows Defender\MpClient.dll
17:59:46.0503 2224 C:\Program Files\Windows Defender\MpClient.dll - ok
17:59:46.0503 2224 [ 9DB490F3E823C5C3C070644B96CB9D59 ] C:\Windows\System32\wbem\WMIsvc.dll
17:59:46.0503 2224 C:\Windows\System32\wbem\WMIsvc.dll - ok
17:59:46.0503 2224 [ 2B78788A1485F9B99A578A299DF42C02 ] C:\Windows\System32\drivers\srv.sys
17:59:46.0503 2224 C:\Windows\System32\drivers\srv.sys - ok
17:59:46.0519 2224 [ C1AE59C0B0817236EC083A91C396005A ] C:\Windows\System32\drivers\srv2.sys
17:59:46.0519 2224 C:\Windows\System32\drivers\srv2.sys - ok
17:59:46.0519 2224 [ 527429623E2A20C53DB246C51E6F2726 ] C:\Windows\System32\wbemcomn.dll
17:59:46.0519 2224 C:\Windows\System32\wbemcomn.dll - ok
17:59:46.0519 2224 [ 27B58E16CF895AC1F1A97C04814C2239 ] C:\Windows\System32\srvsvc.dll
17:59:46.0519 2224 C:\Windows\System32\srvsvc.dll - ok
17:59:46.0535 2224 [ DFC4050D58565ADBEE793A8D4AEBDAE6 ] C:\Windows\System32\iphlpsvc.dll
17:59:46.0535 2224 C:\Windows\System32\iphlpsvc.dll - ok
17:59:46.0535 2224 [ 70DAA70A39D15868A0DDEDC46B7A823F ] C:\Windows\System32\httpprxm.dll
17:59:46.0535 2224 C:\Windows\System32\httpprxm.dll - ok
17:59:46.0535 2224 [ 1B8B4F73EE08B5A6EC5A70C96DA90667 ] C:\Windows\System32\adhsvc.dll
17:59:46.0535 2224 C:\Windows\System32\adhsvc.dll - ok
17:59:46.0550 2224 [ 056A7F991CCBDACB5A132419FA244C3E ] C:\Windows\System32\mi.dll
17:59:46.0550 2224 C:\Windows\System32\mi.dll - ok
17:59:46.0550 2224 [ E8E50E7703204AE06C6B5FEFE2F701E7 ] C:\Windows\System32\miutils.dll
17:59:46.0550 2224 C:\Windows\System32\miutils.dll - ok
17:59:46.0550 2224 [ 830445350C7CDEC426FA5E1F9E1B0DAD ] C:\Windows\System32\sscore.dll
17:59:46.0550 2224 C:\Windows\System32\sscore.dll - ok
17:59:46.0566 2224 [ 3A8A50121A2600AEC63E4713AF6F25E7 ] C:\Windows\System32\sscoreext.dll
17:59:46.0566 2224 C:\Windows\System32\sscoreext.dll - ok
17:59:46.0566 2224 [ 38DF4E3D3559F58793E70ED8093A6F2B ] C:\Windows\System32\wmidcom.dll
17:59:46.0566 2224 C:\Windows\System32\wmidcom.dll - ok
17:59:46.0566 2224 [ 66F78ECB93F16BBDA095D9EA71CD712B ] C:\Windows\System32\resutils.dll
17:59:46.0566 2224 C:\Windows\System32\resutils.dll - ok
17:59:46.0582 2224 [ 0F9594CB8B35FAF12825285415414F85 ] C:\Windows\System32\clusapi.dll
17:59:46.0582 2224 C:\Windows\System32\clusapi.dll - ok
17:59:46.0582 2224 [ 582ED9A6D0B34F2F55607562FDA263E9 ] C:\Windows\System32\sqmapi.dll
17:59:46.0582 2224 C:\Windows\System32\sqmapi.dll - ok
17:59:46.0582 2224 [ BA0655E1856A16A14C9BC1FB27B111B9 ] C:\Windows\System32\TpmTasks.dll
17:59:46.0582 2224 C:\Windows\System32\TpmTasks.dll - ok
17:59:46.0597 2224 [ 5CEC21295040B8FA8F26CB07D650954D ] C:\Windows\System32\netprofm.dll
17:59:46.0597 2224 C:\Windows\System32\netprofm.dll - ok
17:59:46.0597 2224 [ D1A3B6C2F8F39EC7F75D03740A8112A1 ] C:\Windows\System32\tbs.dll
17:59:46.0597 2224 C:\Windows\System32\tbs.dll - ok
17:59:46.0597 2224 [ E372BBF897005442ECEB7843CEB394D2 ] C:\Windows\System32\rasadhlp.dll
17:59:46.0597 2224 C:\Windows\System32\rasadhlp.dll - ok
17:59:46.0613 2224 [ 6E98157791491AEBF64B1392293E48A7 ] C:\Windows\System32\nci.dll
17:59:46.0613 2224 C:\Windows\System32\nci.dll - ok
17:59:46.0613 2224 [ F0F0A372C2EF6358399C4936F91B6131 ] C:\Windows\System32\netprofmsvc.dll
17:59:46.0613 2224 C:\Windows\System32\netprofmsvc.dll - ok
17:59:46.0613 2224 [ 449A20A674AA3FAA7F0DD4E33EE2DC20 ] C:\Windows\System32\hidserv.dll
17:59:46.0613 2224 C:\Windows\System32\hidserv.dll - ok
17:59:46.0628 2224 [ 28C35503056748FA88499DAECF3D5557 ] C:\Windows\System32\npmproxy.dll
17:59:46.0628 2224 C:\Windows\System32\npmproxy.dll - ok
17:59:46.0628 2224 [ 5FE61B0E223FAC7316526A7B588E9F2D ] C:\Windows\System32\wdscore.dll
17:59:46.0628 2224 C:\Windows\System32\wdscore.dll - ok
17:59:46.0644 2224 [ 40C67D1A4891120874767F6E6604D6C5 ] C:\Windows\System32\wdi.dll
17:59:46.0644 2224 C:\Windows\System32\wdi.dll - ok
17:59:46.0644 2224 [ D27491CFCE452C154CECFA155AD0EBC8 ] C:\Windows\System32\wpdbusenum.dll
17:59:46.0644 2224 C:\Windows\System32\wpdbusenum.dll - ok
17:59:46.0644 2224 [ 03694A8350222AC9F0E8693986E92BE2 ] C:\Windows\System32\diagperf.dll
17:59:46.0644 2224 C:\Windows\System32\diagperf.dll - ok
17:59:46.0660 2224 [ F0DF4F8D9F1F8FA36BA30ACAC213D03D ] C:\Windows\System32\PortableDeviceApi.dll
17:59:46.0660 2224 C:\Windows\System32\PortableDeviceApi.dll - ok
17:59:46.0660 2224 [ B4FC38795A0AFC18539E220F56348764 ] C:\Windows\System32\PortableDeviceConnectApi.dll
17:59:46.0660 2224 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
17:59:46.0660 2224 [ 397006C14C023F8E494093E0EAFADC2A ] C:\Windows\System32\perftrack.dll
17:59:46.0660 2224 C:\Windows\System32\perftrack.dll - ok
17:59:46.0675 2224 [ 59A343C3BD792AF308400B2EE5E1A924 ] C:\Windows\System32\wer.dll
17:59:46.0675 2224 C:\Windows\System32\wer.dll - ok
17:59:46.0675 2224 [ E90A3C2460984362BE38F572842C890A ] C:\Windows\System32\activeds.dll
17:59:46.0675 2224 C:\Windows\System32\activeds.dll - ok
17:59:46.0675 2224 [ 647B3E3A60DED8DAECF4F798A058EADB ] C:\Windows\System32\srumsvc.dll
17:59:46.0675 2224 C:\Windows\System32\srumsvc.dll - ok
17:59:46.0691 2224 [ 205B59C8B291A707B24C97B123834E70 ] C:\Windows\System32\pnpts.dll
17:59:46.0691 2224 C:\Windows\System32\pnpts.dll - ok
17:59:46.0691 2224 [ 1FC8997292BE3362A5B40EBBBD137982 ] C:\Windows\System32\radardt.dll
17:59:46.0691 2224 C:\Windows\System32\radardt.dll - ok
17:59:46.0691 2224 [ 6AF7948D08E59B5690D3559AEB8E0F93 ] C:\Windows\System32\wdiasqmmodule.dll
17:59:46.0691 2224 C:\Windows\System32\wdiasqmmodule.dll - ok
17:59:46.0707 2224 [ E7CD6B5449030F4F9B29C742664B63B3 ] C:\Windows\System32\adsldpc.dll
17:59:46.0707 2224 C:\Windows\System32\adsldpc.dll - ok
17:59:46.0707 2224 [ 7E790DE2487CEDB349D1750B9E47F090 ] C:\Windows\System32\appinfo.dll
17:59:46.0707 2224 C:\Windows\System32\appinfo.dll - ok
17:59:46.0707 2224 [ 17C9CEA667906DA7CAA1175DE437F4FC ] C:\Windows\System32\runonce.exe
17:59:46.0707 2224 C:\Windows\System32\runonce.exe - ok
17:59:46.0707 2224 [ A7316E660E2DAC6D94A3B1D820C3A7F4 ] C:\Windows\SysWOW64\ntdll.dll
17:59:46.0707 2224 C:\Windows\SysWOW64\ntdll.dll - ok
17:59:46.0722 2224 [ 8BE1C89BD0C6F659C3AE3A2C8D0955C4 ] C:\Windows\SysWOW64\runonce.exe
17:59:46.0722 2224 C:\Windows\SysWOW64\runonce.exe - ok
17:59:46.0722 2224 [ D736E64AE79B7650CCFD03F9B7EB1311 ] C:\Windows\SysWOW64\kernel32.dll
17:59:46.0722 2224 C:\Windows\SysWOW64\kernel32.dll - ok
17:59:46.0722 2224 [ 94443607F11CA635408A89F598C16DDD ] C:\Windows\SysWOW64\KernelBase.dll
17:59:46.0722 2224 C:\Windows\SysWOW64\KernelBase.dll - ok
17:59:46.0738 2224 [ 80B7844BF20D44E1789EA6F46FC9CA9B ] C:\Windows\SysWOW64\advapi32.dll
17:59:46.0738 2224 C:\Windows\SysWOW64\advapi32.dll - ok
17:59:46.0738 2224 [ E46E5AC5AFF7DB8E39E2405AD6083138 ] C:\Windows\SysWOW64\gdi32.dll
17:59:46.0738 2224 C:\Windows\SysWOW64\gdi32.dll - ok
17:59:46.0753 2224 [ C72456BFFE941714CF05B0AA0BEE5B45 ] C:\Windows\SysWOW64\user32.dll
17:59:46.0753 2224 C:\Windows\SysWOW64\user32.dll - ok
17:59:46.0753 2224 [ 6EBA4AA97BA64CEB363C1C8CE12214F9 ] C:\Windows\SysWOW64\msvcrt.dll
17:59:46.0753 2224 C:\Windows\SysWOW64\msvcrt.dll - ok
17:59:46.0753 2224 [ 6CB5CFF7F48B8E226523BF2E849AA6E5 ] C:\Windows\SysWOW64\shlwapi.dll
17:59:46.0753 2224 C:\Windows\SysWOW64\shlwapi.dll - ok
17:59:46.0769 2224 [ DD5B2173CFD5A32C66497B5C83D2F38D ] C:\Windows\SysWOW64\ole32.dll
17:59:46.0769 2224 C:\Windows\SysWOW64\ole32.dll - ok
17:59:46.0769 2224 [ 8325177BBD77C2DAD43ED031A4EAE843 ] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09\comctl32.dll
17:59:46.0769 2224 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09\comctl32.dll - ok
17:59:46.0769 2224 [ E0C156E4380CE5C64CFBF2650895038D ] C:\Windows\SysWOW64\shell32.dll
17:59:46.0769 2224 C:\Windows\SysWOW64\shell32.dll - ok
17:59:46.0785 2224 [ 98693D5B381F42BB76012BCAB23FCC54 ] C:\Program Files\Windows Defender\MpRtp.dll
17:59:46.0785 2224 C:\Program Files\Windows Defender\MpRtp.dll - ok
17:59:46.0785 2224 [ ADD4BF666238FD0AC47B5B8EF23C908C ] C:\Program Files\Windows Defender\NisIpsPlugin.dll
17:59:46.0785 2224 C:\Program Files\Windows Defender\NisIpsPlugin.dll - ok
17:59:46.0785 2224 [ 57540FE9167823B79A6B9582732ABE50 ] C:\Windows\System32\fltLib.dll
17:59:46.0785 2224 C:\Windows\System32\fltLib.dll - ok
17:59:46.0800 2224 [ 3503F1397CB9BEE0D9684A7CA4C1C315 ] C:\Windows\SysWOW64\sechost.dll
17:59:46.0800 2224 C:\Windows\SysWOW64\sechost.dll - ok
17:59:46.0800 2224 [ 2294AB089A055F4621FDE40DDFAD4D7E ] C:\Windows\SysWOW64\rpcrt4.dll
17:59:46.0800 2224 C:\Windows\SysWOW64\rpcrt4.dll - ok
17:59:46.0800 2224 [ A6A82DE8976069DBA0256AE5327110B5 ] C:\Windows\SysWOW64\combase.dll
17:59:46.0800 2224 C:\Windows\SysWOW64\combase.dll - ok
17:59:46.0816 2224 [ 1CF1F62F2484C996DFB99D511E18D662 ] C:\Windows\SysWOW64\sspicli.dll
17:59:46.0816 2224 C:\Windows\SysWOW64\sspicli.dll - ok
17:59:46.0816 2224 [ FCA4D9D06C44BA66878DD01D132CD816 ] C:\Windows\SysWOW64\SHCore.dll
17:59:46.0816 2224 C:\Windows\SysWOW64\SHCore.dll - ok
17:59:46.0816 2224 [ C70E652B7D507AAB25208E1602B29B89 ] C:\Windows\SysWOW64\cryptbase.dll
17:59:46.0816 2224 C:\Windows\SysWOW64\cryptbase.dll - ok
17:59:46.0832 2224 [ 623825C1F07CC2C80C550FBD6CD3E65B ] C:\Windows\SysWOW64\bcryptprimitives.dll
17:59:46.0832 2224 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
17:59:46.0832 2224 [ A49453C2A68A410B0A9801954B99AA16 ] C:\Windows\SysWOW64\imm32.dll
17:59:46.0832 2224 C:\Windows\SysWOW64\imm32.dll - ok
17:59:46.0832 2224 [ 88F8095C355E6BA4ACCBF2F3E07552E7 ] C:\Windows\SysWOW64\msctf.dll
17:59:46.0832 2224 C:\Windows\SysWOW64\msctf.dll - ok
17:59:46.0847 2224 [ AA21423B380157AFAA2F82E96D910E0F ] C:\Windows\SysWOW64\kernel.appcore.dll
17:59:46.0847 2224 C:\Windows\SysWOW64\kernel.appcore.dll - ok
17:59:46.0847 2224 [ 2C95C9CB5DA80E779BF8A1C0ACD803A3 ] C:\Windows\SysWOW64\uxtheme.dll
17:59:46.0847 2224 C:\Windows\SysWOW64\uxtheme.dll - ok
17:59:46.0847 2224 [ CF4C3815E577C7DC32BB8DB90F0B34C1 ] C:\Windows\SysWOW64\oleaut32.dll
17:59:46.0847 2224 C:\Windows\SysWOW64\oleaut32.dll - ok
17:59:46.0863 2224 [ 0601A49C6C32740BB25FD2AF759F5960 ] C:\Windows\SysWOW64\setupapi.dll
17:59:46.0863 2224 C:\Windows\SysWOW64\setupapi.dll - ok
17:59:46.0863 2224 [ A56878CE81935A6E3269C1B1669F9354 ] C:\Windows\SysWOW64\cfgmgr32.dll
17:59:46.0863 2224 C:\Windows\SysWOW64\cfgmgr32.dll - ok
17:59:46.0863 2224 [ A7DDBD5DA334F3BA342EB828012FD1A5 ] C:\Windows\SysWOW64\clbcatq.dll
17:59:46.0863 2224 C:\Windows\SysWOW64\clbcatq.dll - ok
17:59:46.0878 2224 [ 46C6D8A6B4DEBBB55B6DA6B92C100599 ] C:\Windows\SysWOW64\propsys.dll
17:59:46.0878 2224 C:\Windows\SysWOW64\propsys.dll - ok
17:59:46.0878 2224 [ CC877931A205C47710456FFEE0BEF29D ] C:\Windows\SysWOW64\profapi.dll
17:59:46.0878 2224 C:\Windows\SysWOW64\profapi.dll - ok
17:59:46.0878 2224 [ 9D519CCC49EBEF2AB0F3282C097B141B ] C:\Windows\SysWOW64\cryptsp.dll
17:59:46.0878 2224 C:\Windows\SysWOW64\cryptsp.dll - ok
17:59:46.0894 2224 [ 68516BC692B58959933B5029747F2A2A ] C:\Windows\SysWOW64\rsaenh.dll
17:59:46.0894 2224 C:\Windows\SysWOW64\rsaenh.dll - ok
17:59:46.0894 2224 [ B832E4D96463DBF77FC3AC35EC6390B3 ] C:\Windows\SysWOW64\bcrypt.dll
17:59:46.0894 2224 C:\Windows\SysWOW64\bcrypt.dll - ok
17:59:46.0894 2224 [ 5D9DC6332A4FC66388B09BBE7CF53750 ] C:\Windows\SysWOW64\urlmon.dll
17:59:46.0894 2224 C:\Windows\SysWOW64\urlmon.dll - ok
17:59:46.0910 2224 [ 34CBED7698D557DDB43F8732FBC2ACB9 ] C:\Windows\SysWOW64\iertutil.dll
17:59:46.0910 2224 C:\Windows\SysWOW64\iertutil.dll - ok
17:59:46.0910 2224 [ 448D8F8B51F785EAB56947D94EBDFC66 ] C:\Windows\System32\hnetcfg.dll
17:59:46.0910 2224 C:\Windows\System32\hnetcfg.dll - ok
17:59:46.0910 2224 [ 9C89246184979A070B0C6CCF61C68136 ] C:\Windows\SysWOW64\wininet.dll
17:59:46.0910 2224 C:\Windows\SysWOW64\wininet.dll - ok
17:59:46.0925 2224 [ E572557FD4CA855642A0B26CC9F3C788 ] C:\Windows\SysWOW64\secur32.dll
17:59:46.0925 2224 C:\Windows\SysWOW64\secur32.dll - ok
17:59:46.0925 2224 [ 59A1D4FACD7B333F76C4142CD42D3ABA ] C:\Windows\SysWOW64\cmd.exe
17:59:46.0925 2224 C:\Windows\SysWOW64\cmd.exe - ok
17:59:46.0925 2224 [ A1FF7DFBFBE164CF92603C651D304DD2 ] C:\Windows\System32\drivers\condrv.sys
17:59:46.0925 2224 C:\Windows\System32\drivers\condrv.sys - ok
17:59:46.0941 2224 [ 626A9EC445D06FBC1502BF53A1E3356B ] C:\Windows\System32\conhost.exe
17:59:46.0941 2224 C:\Windows\System32\conhost.exe - ok
17:59:46.0941 2224 [ 4C50680BDC98B551CE5C173BAB1C62D7 ] C:\Windows\SysWOW64\cmdext.dll
17:59:46.0941 2224 C:\Windows\SysWOW64\cmdext.dll - ok
17:59:46.0941 2224 [ 0488E461EEE18F5CFCE7C1774BBFCBB3 ] C:\Windows\System32\adsldp.dll
17:59:46.0941 2224 C:\Windows\System32\adsldp.dll - ok
17:59:46.0957 2224 [ 88028A645052327CE652A4CFCA16DBC9 ] C:\Windows\SysWOW64\apphelp.dll
17:59:46.0957 2224 C:\Windows\SysWOW64\apphelp.dll - ok
17:59:46.0957 2224 [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\bf\AppData\Local\Temp\A66441D1-C46F-40F1-9B01-8363DED2AF3B.exe
17:59:46.0957 2224 C:\Users\bf\AppData\Local\Temp\A66441D1-C46F-40F1-9B01-8363DED2AF3B.exe - ok
17:59:46.0957 2224 [ 0320929A497A57A243ED157BA082896D ] C:\Windows\SysWOW64\pcacli.dll
17:59:46.0957 2224 C:\Windows\SysWOW64\pcacli.dll - ok
17:59:46.0972 2224 [ 5D7148704D8715482695A534887359FA ] C:\Windows\SysWOW64\mpr.dll
17:59:46.0972 2224 C:\Windows\SysWOW64\mpr.dll - ok
17:59:46.0972 2224 [ EB5BB44DBA9F55DB59076E58F6E42C03 ] C:\Windows\SysWOW64\sfc_os.dll
17:59:46.0972 2224 C:\Windows\SysWOW64\sfc_os.dll - ok
17:59:46.0972 2224 [ B19CA8E441D35AA2B1EE51C10B27DA1B ] C:\Windows\System32\aelupsvc.dll
17:59:46.0972 2224 C:\Windows\System32\aelupsvc.dll - ok
17:59:46.0988 2224 [ 6AA868B3C2A014AE76ECF53B667BF086 ] C:\Windows\System32\winmm.dll
17:59:46.0988 2224 C:\Windows\System32\winmm.dll - ok
17:59:46.0988 2224 [ D9053149D55CEB13C66A69A00A1B6D7D ] C:\Windows\System32\wbem\wbemprox.dll
17:59:46.0988 2224 C:\Windows\System32\wbem\wbemprox.dll - ok
17:59:46.0988 2224 [ AB8DC63BB90A2A3DE13B38D8B64B4DC6 ] C:\Windows\System32\cscapi.dll
17:59:46.0988 2224 C:\Windows\System32\cscapi.dll - ok
17:59:47.0003 2224 [ DD02C0806C03506E03A24C984502B92B ] C:\Windows\System32\secur32.dll
17:59:47.0003 2224 C:\Windows\System32\secur32.dll - ok
17:59:47.0003 2224 [ E1D793FCCD26B862839217612830ECFC ] C:\Windows\System32\wbem\wbemcore.dll
17:59:47.0003 2224 C:\Windows\System32\wbem\wbemcore.dll - ok
17:59:47.0003 2224 [ 2C6B75D50B9917766FE7BA0C11A1FA23 ] C:\Windows\System32\wbem\esscli.dll
17:59:47.0003 2224 C:\Windows\System32\wbem\esscli.dll - ok
17:59:47.0019 2224 [ C510810D292782189F8BE12A1B0E366E ] C:\Windows\System32\wbem\fastprox.dll
17:59:47.0019 2224 C:\Windows\System32\wbem\fastprox.dll - ok
17:59:47.0019 2224 [ 36BC2FF91264BB032FEB927B03DE4C29 ] C:\Windows\System32\wbem\wbemsvc.dll
17:59:47.0019 2224 C:\Windows\System32\wbem\wbemsvc.dll - ok
17:59:47.0019 2224 [ 5FB52C4367FCABB27373F701C714192C ] C:\Windows\System32\wbem\wmiutils.dll
17:59:47.0019 2224 C:\Windows\System32\wbem\wmiutils.dll - ok
17:59:47.0035 2224 [ 4845FC917AB257CAE4F16A80ADC15412 ] C:\Windows\System32\wbem\repdrvfs.dll
17:59:47.0035 2224 C:\Windows\System32\wbem\repdrvfs.dll - ok
17:59:47.0035 2224 [ C3C9B251ABFA347AA454B6AA17068FA1 ] C:\Windows\SysWOW64\devrtl.dll
17:59:47.0035 2224 C:\Windows\SysWOW64\devrtl.dll - ok
17:59:47.0035 2224 [ F30A16105C6C685390074EE69BC175B0 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3FADFC51-52F2-492A-B6FF-EB6A6A2B7EC3}\mpengine.dll
17:59:47.0035 2224 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3FADFC51-52F2-492A-B6FF-EB6A6A2B7EC3}\mpengine.dll - ok
17:59:47.0050 2224 [ 7C2E3117F0BF7B6F010B8C071253404C ] C:\Windows\System32\cryptnet.dll
17:59:47.0050 2224 C:\Windows\System32\cryptnet.dll - ok
17:59:47.0050 2224 [ BEA157D1857FA63205558750720D9071 ] C:\Windows\System32\appsruprov.dll
17:59:47.0050 2224 C:\Windows\System32\appsruprov.dll - ok
17:59:47.0050 2224 [ F06F60158842691FA4B5DE0E08F55B29 ] C:\Windows\System32\ncuprov.dll
17:59:47.0050 2224 C:\Windows\System32\ncuprov.dll - ok
17:59:47.0066 2224 [ 8449B6B3E281AF44BEA98D318D7481A5 ] C:\Windows\System32\nduprov.dll
17:59:47.0066 2224 C:\Windows\System32\nduprov.dll - ok
17:59:47.0066 2224 [ D3F794546CE8666B663A0A906CA97DCA ] C:\Windows\System32\wpnsruprov.dll
17:59:47.0066 2224 C:\Windows\System32\wpnsruprov.dll - ok
17:59:47.0066 2224 [ F12B563360D2BA8AD323A74986AF8A5B ] C:\Windows\System32\wwapi.dll
17:59:47.0066 2224 C:\Windows\System32\wwapi.dll - ok
17:59:47.0082 2224 [ E32D2083EB6EC8EBD56D1A509268492B ] C:\Windows\System32\energyprov.dll
17:59:47.0082 2224 C:\Windows\System32\energyprov.dll - ok
17:59:47.0082 2224 [ 90AC8D4574103FCF8942C526998F46BF ] C:\Windows\System32\srumapi.dll
17:59:47.0082 2224 C:\Windows\System32\srumapi.dll - ok
17:59:47.0082 2224 [ F12D8EB9E944BEB0FB4C5E4F1336401B ] C:\Windows\System32\winmmbase.dll
17:59:47.0082 2224 C:\Windows\System32\winmmbase.dll - ok
17:59:47.0097 2224 [ 480C100DFBDACA7A702736E0F81F5080 ] C:\Windows\System32\PCPKsp.dll
17:59:47.0097 2224 C:\Windows\System32\PCPKsp.dll - ok
17:59:47.0097 2224 [ BCCB98D8E406576180B5E808731510BF ] C:\Windows\System32\PCPTpm12.dll
17:59:47.0097 2224 C:\Windows\System32\PCPTpm12.dll - ok
17:59:47.0097 2224 [ E9286577AD0D3BE9158DCE178A879123 ] C:\Windows\System32\devrtl.dll
17:59:47.0097 2224 C:\Windows\System32\devrtl.dll - ok
17:59:47.0113 2224 [ 9FAC7693213C54B25D0DC48BC20686CF ] C:\Windows\SysWOW64\crypt32.dll
17:59:47.0113 2224 C:\Windows\SysWOW64\crypt32.dll - ok
17:59:47.0113 2224 [ CFEB08503784A596CE9E28D2E9FDDEF7 ] C:\Windows\System32\SettingSyncPolicy.dll
17:59:47.0113 2224 C:\Windows\System32\SettingSyncPolicy.dll - ok
17:59:47.0128 2224 [ 14B4AB502E572B142C4917A949B29706 ] C:\Windows\System32\themeui.dll
17:59:47.0128 2224 C:\Windows\System32\themeui.dll - ok
17:59:47.0128 2224 [ DB530B4C83DC2439EA2397613C841AF4 ] C:\Windows\SysWOW64\version.dll
17:59:47.0128 2224 C:\Windows\SysWOW64\version.dll - ok
17:59:47.0128 2224 [ 984B3226C7A4CFC9FE91D7BACA133D8D ] C:\Windows\SysWOW64\winhttp.dll
17:59:47.0128 2224 C:\Windows\SysWOW64\winhttp.dll - ok
17:59:47.0144 2224 [ 5BD47B7C7DF76203FD639F2568A8C7B7 ] C:\Windows\System32\twinui.dll
17:59:47.0144 2224 C:\Windows\System32\twinui.dll - ok
17:59:47.0144 2224 [ E947B141DAAC7CBCD7C59FE2E63AFBBE ] C:\Windows\SysWOW64\wintrust.dll
17:59:47.0144 2224 C:\Windows\SysWOW64\wintrust.dll - ok
17:59:47.0144 2224 [ 8685F31A9319FB0FA882C736783F5F5E ] C:\Windows\SysWOW64\msasn1.dll
17:59:47.0144 2224 C:\Windows\SysWOW64\msasn1.dll - ok
17:59:47.0160 2224 [ 4878EB5F04D9DD02E76190D2105EC0F9 ] C:\Windows\System32\twinapi.appcore.dll
17:59:47.0160 2224 C:\Windows\System32\twinapi.appcore.dll - ok
17:59:47.0160 2224 [ 1968E2E5143D2EB964F836BA19A51104 ] C:\Windows\System32\actxprxy.dll
17:59:47.0160 2224 C:\Windows\System32\actxprxy.dll - ok
17:59:47.0160 2224 [ 7254BFFB866CA443285A4D62294250BB ] C:\Windows\SysWOW64\dwmapi.dll
17:59:47.0160 2224 C:\Windows\SysWOW64\dwmapi.dll - ok
17:59:47.0175 2224 [ CF879A95A0D4B7BACCA5CF68579ACCEB ] C:\Windows\System32\ExplorerFrame.dll
17:59:47.0175 2224 C:\Windows\System32\ExplorerFrame.dll - ok
17:59:47.0175 2224 [ 428AF7FA03FF09CE1CD373ABFEBAD8A3 ] C:\Windows\SysWOW64\ws2_32.dll
17:59:47.0175 2224 C:\Windows\SysWOW64\ws2_32.dll - ok
17:59:47.0175 2224 [ 64A5D80882CF405F515A1A1D3F136B6A ] C:\Windows\SysWOW64\nsi.dll
17:59:47.0175 2224 C:\Windows\SysWOW64\nsi.dll - ok
17:59:47.0191 2224 [ 74541452095D89F4A9F5426AC53CB416 ] C:\Windows\System32\windows.immersiveshell.serviceprovider.dll
17:59:47.0191 2224 C:\Windows\System32\windows.immersiveshell.serviceprovider.dll - ok
17:59:47.0191 2224 [ 4CEC4C390F0B53AC8AEA2407D88A0ABF ] C:\Windows\SysWOW64\webio.dll
17:59:47.0191 2224 C:\Windows\SysWOW64\webio.dll - ok
17:59:47.0207 2224 [ 5B4FF009D24F73F6FC6EB4870A789843 ] C:\Windows\SysWOW64\mswsock.dll
17:59:47.0207 2224 C:\Windows\SysWOW64\mswsock.dll - ok
17:59:47.0207 2224 [ 63CB763FE4CEADFFF5F047332814E8F9 ] C:\Windows\System32\wldp.dll
17:59:47.0207 2224 C:\Windows\System32\wldp.dll - ok
17:59:47.0207 2224 [ ACBA82820AF2B51B31969A0570A993F7 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
17:59:47.0207 2224 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
17:59:47.0207 2224 [ D8E54AB89C84C0AD065EE0BDEBD50A99 ] C:\Windows\System32\twinui.appcore.dll
17:59:47.0207 2224 C:\Windows\System32\twinui.appcore.dll - ok
17:59:47.0222 2224 [ 3265F568468AB87950342764F6D77E78 ] C:\Windows\SysWOW64\winnsi.dll
17:59:47.0222 2224 C:\Windows\SysWOW64\winnsi.dll - ok
17:59:47.0222 2224 [ 2B9EED6835D269F35B310DC03D0F5768 ] C:\Windows\SysWOW64\dnsapi.dll
17:59:47.0222 2224 C:\Windows\SysWOW64\dnsapi.dll - ok
17:59:47.0222 2224 [ 56FCA8AA450BD181A0BA94F25E244C46 ] C:\Windows\System32\wpncore.dll
17:59:47.0222 2224 C:\Windows\System32\wpncore.dll - ok
17:59:47.0238 2224 [ B6C010F42053ED92E421EE5476E10645 ] C:\Windows\SysWOW64\rasadhlp.dll
17:59:47.0238 2224 C:\Windows\SysWOW64\rasadhlp.dll - ok
17:59:47.0238 2224 [ 824BC775A6B475D872431F6B36DD8BA3 ] C:\Windows\System32\wbem\WmiPrvSD.dll
17:59:47.0238 2224 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
17:59:47.0238 2224 [ A19F9B39E739E89698E662896F4A76B5 ] C:\Windows\System32\ncobjapi.dll
17:59:47.0238 2224 C:\Windows\System32\ncobjapi.dll - ok
17:59:47.0253 2224 [ B2CF1AF98C13B3C19FDD7EF1EF56C05F ] C:\Windows\System32\wbem\wbemess.dll
17:59:47.0253 2224 C:\Windows\System32\wbem\wbemess.dll - ok
17:59:47.0253 2224 [ CF9076FE886AABE8C5ED6FBFCDF70DA1 ] C:\Windows\System32\wlidprov.dll
17:59:47.0253 2224 C:\Windows\System32\wlidprov.dll - ok
17:59:47.0253 2224 [ F78580C6B84E2129867B5C94077EB4D4 ] C:\Windows\System32\thumbcache.dll
17:59:47.0253 2224 C:\Windows\System32\thumbcache.dll - ok
17:59:47.0269 2224 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\30085988.sys
17:59:47.0269 2224 C:\Windows\System32\drivers\30085988.sys - ok
17:59:47.0269 2224 [ 813B52550153A284ED6583A5EAAC44AF ] C:\Windows\System32\Windows.Networking.Connectivity.dll
17:59:47.0269 2224 C:\Windows\System32\Windows.Networking.Connectivity.dll - ok
17:59:47.0269 2224 [ 51DF09CAB2CAC64FEE3E371D9028ED01 ] C:\Windows\System32\ncbservice.dll
17:59:47.0269 2224 C:\Windows\System32\ncbservice.dll - ok
17:59:47.0285 2224 [ E8511D133B449BEE41CABFCA6EB35526 ] C:\Windows\System32\BrokerLib.dll
17:59:47.0285 2224 C:\Windows\System32\BrokerLib.dll - ok
17:59:47.0285 2224 [ E617B946FE0BCBE709F60BE611724618 ] C:\Windows\System32\stobject.dll
17:59:47.0285 2224 C:\Windows\System32\stobject.dll - ok
17:59:47.0285 2224 [ 347A3E49CE18402305B8119A6EC7CFEB ] C:\Windows\System32\TimeBrokerServer.dll
17:59:47.0285 2224 C:\Windows\System32\TimeBrokerServer.dll - ok
17:59:47.0300 2224 [ 059D36ABEC9F2D3F677B8EA9240405CD ] C:\Windows\System32\batmeter.dll
17:59:47.0300 2224 C:\Windows\System32\batmeter.dll - ok
17:59:47.0300 2224 [ 570444FD34EE07261E22536122ECD720 ] C:\Windows\System32\Windows.UI.Search.dll
17:59:47.0300 2224 C:\Windows\System32\Windows.UI.Search.dll - ok
17:59:47.0300 2224 [ 99D8A8A6713314B0D1EB22C9C441361A ] C:\Windows\System32\wincorlib.dll
17:59:47.0300 2224 C:\Windows\System32\wincorlib.dll - ok
17:59:47.0316 2224 [ 294AAE73D0D7BDAACC5224BC7334077B ] C:\Windows\System32\WSClient.dll
17:59:47.0316 2224 C:\Windows\System32\WSClient.dll - ok
17:59:47.0316 2224 [ 8491F03503076D67196436D29D153A2C ] C:\Windows\SysWOW64\msi.dll
17:59:47.0316 2224 C:\Windows\SysWOW64\msi.dll - ok
17:59:47.0332 2224 [ E3E168E733B0E8383BA5635542FDB96F ] C:\Windows\System32\WSShared.dll
17:59:47.0332 2224 C:\Windows\System32\WSShared.dll - ok
17:59:47.0332 2224 [ 839CF25B9B8614CE7319BC5CF1F5C01F ] C:\Windows\System32\WSSync.dll
17:59:47.0332 2224 C:\Windows\System32\WSSync.dll - ok
17:59:47.0332 2224 [ D4E3BC36A7A0D7A445DCF7342DCB3566 ] C:\Windows\System32\ELSCore.dll
17:59:47.0332 2224 C:\Windows\System32\ELSCore.dll - ok
17:59:47.0347 2224 [ DFD3F397BE9B1EE411A25DE34B6D58CE ] C:\Windows\SysWOW64\userenv.dll
17:59:47.0347 2224 C:\Windows\SysWOW64\userenv.dll - ok
17:59:47.0347 2224 [ 7668892E7ABC6FE867DCB097B36B6F3C ] C:\Windows\System32\Windows.UI.dll
17:59:47.0347 2224 C:\Windows\System32\Windows.UI.dll - ok
17:59:47.0347 2224 [ 2B96525A8E9A3FDD6516A0FFB6E7C0AF ] C:\Windows\System32\prnfldr.dll
17:59:47.0347 2224 C:\Windows\System32\prnfldr.dll - ok
17:59:47.0363 2224 [ 45566BEAE514B157C3AC821EBE6A8784 ] C:\Windows\System32\winspool.drv
17:59:47.0363 2224 C:\Windows\System32\winspool.drv - ok
17:59:47.0363 2224 [ 9D2136DDE6753B36A0771FF34337B5D1 ] C:\Windows\SysWOW64\riched20.dll
17:59:47.0363 2224 C:\Windows\SysWOW64\riched20.dll - ok
17:59:47.0363 2224 [ 013BB1B12833CD646175312307768F93 ] C:\Windows\System32\Windows.UI.Xaml.dll
17:59:47.0363 2224 C:\Windows\System32\Windows.UI.Xaml.dll - ok
17:59:47.0378 2224 [ A2D053D11E3756DB3C5642AACA84E69B ] C:\Windows\SysWOW64\usp10.dll
17:59:47.0378 2224 C:\Windows\SysWOW64\usp10.dll - ok
17:59:47.0378 2224 [ 2FE534AC99FE081D9A6950C0C8032751 ] C:\Windows\SysWOW64\msls31.dll
17:59:47.0378 2224 C:\Windows\SysWOW64\msls31.dll - ok
17:59:47.0378 2224 [ EF9A6365F4E2A331E79CA1DBBA9D0141 ] C:\Windows\System32\VAN.dll
17:59:47.0378 2224 C:\Windows\System32\VAN.dll - ok
17:59:47.0394 2224 [ 8387AF7783F772EC1D208409080CB5B8 ] C:\Windows\SysWOW64\ExplorerFrame.dll
17:59:47.0394 2224 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
17:59:47.0394 2224 [ CFE23A35E84A2CCA5DE8DF34DC238782 ] C:\Windows\SysWOW64\duser.dll
17:59:47.0394 2224 C:\Windows\SysWOW64\duser.dll - ok
17:59:47.0394 2224 [ C399CCD155AB26F2CC8A9045FC569BBC ] C:\Windows\System32\WinTypes.dll
17:59:47.0394 2224 C:\Windows\System32\WinTypes.dll - ok
17:59:47.0410 2224 [ FB34E929D9C8082D30EF87F6661C3A31 ] C:\Windows\SysWOW64\dui70.dll
17:59:47.0410 2224 C:\Windows\SysWOW64\dui70.dll - ok
17:59:47.0410 2224 [ DB5F0DFF669AB88296134F82258AEFB8 ] C:\Windows\System32\AudioSes.dll
17:59:47.0410 2224 C:\Windows\System32\AudioSes.dll - ok
17:59:47.0410 2224 [ 9415D8364F64C603853D4CA27CECB3BA ] C:\Windows\System32\DXP.dll
17:59:47.0410 2224 C:\Windows\System32\DXP.dll - ok
17:59:47.0425 2224 [ 17F26A480391D5AB4935AE77D4F6F18A ] C:\Windows\System32\shdocvw.dll
17:59:47.0425 2224 C:\Windows\System32\shdocvw.dll - ok
17:59:47.0425 2224 [ 9590CA2728AACAD7ECE35008D789C3B6 ] C:\Windows\System32\Syncreg.dll
17:59:47.0425 2224 C:\Windows\System32\Syncreg.dll - ok
17:59:47.0425 2224 [ A9154084EBC2A190943548AE4275A0E9 ] C:\Windows\System32\SearchFolder.dll
17:59:47.0425 2224 C:\Windows\System32\SearchFolder.dll - ok
17:59:47.0441 2224 [ F4DD265D2D7F23C903FCF502B7A1C508 ] C:\Windows\System32\wscapi.dll
17:59:47.0441 2224 C:\Windows\System32\wscapi.dll - ok
17:59:47.0441 2224 [ 6CA842F30CB19D0789F1B599B7A62B76 ] C:\Windows\System32\StructuredQuery.dll
17:59:47.0441 2224 C:\Windows\System32\StructuredQuery.dll - ok
17:59:47.0441 2224 [ 9079D01C4785CB8D69DC162ADFCE6172 ] C:\Windows\System32\AltTab.dll
17:59:47.0441 2224 C:\Windows\System32\AltTab.dll - ok
17:59:47.0457 2224 [ FF61A6193677644D25C9CE1361676AFB ] C:\Windows\System32\pnidui.dll
17:59:47.0457 2224 C:\Windows\System32\pnidui.dll - ok
17:59:47.0457 2224 [ DE320127B1ED10BF465AF9FB7EBD4557 ] C:\Windows\System32\PortableDeviceTypes.dll
17:59:47.0457 2224 C:\Windows\System32\PortableDeviceTypes.dll - ok
17:59:47.0457 2224 [ 776F9D8FA4186E2976DBC89D99CB59A6 ] C:\Windows\System32\WPDShServiceObj.dll
17:59:47.0457 2224 C:\Windows\System32\WPDShServiceObj.dll - ok
17:59:47.0472 2224 [ 9ECF75FE375E7244C9CBB3FAA18AAB44 ] C:\Windows\System32\cscui.dll
17:59:47.0472 2224 C:\Windows\System32\cscui.dll - ok
17:59:47.0472 2224 [ 938E981BBD070540DE2B28C59839A41B ] C:\Windows\System32\cscdll.dll
17:59:47.0472 2224 C:\Windows\System32\cscdll.dll - ok
17:59:47.0472 2224 [ D1FAEE5CFEB7E87975766D7A29E48342 ] C:\Windows\System32\cscobj.dll
17:59:47.0472 2224 C:\Windows\System32\cscobj.dll - ok
17:59:47.0488 2224 [ D0BB041536BB107963F55D6852298DAA ] C:\Program Files\Windows Portable Devices\sqmapi.dll
17:59:47.0488 2224 C:\Program Files\Windows Portable Devices\sqmapi.dll - ok
17:59:47.0488 2224 [ 226572AB3AF54C551072D623FE29255A ] C:\Windows\System32\SettingMonitor.dll
17:59:47.0488 2224 C:\Windows\System32\SettingMonitor.dll - ok
17:59:47.0488 2224 [ B9B896F671BB26960E3F6BF1BA525F68 ] C:\Windows\System32\srchadmin.dll
17:59:47.0488 2224 C:\Windows\System32\srchadmin.dll - ok
17:59:47.0503 2224 [ 7101124E9C48FDBCD7C3DA690990010B ] C:\Windows\System32\bthprops.cpl
17:59:47.0503 2224 C:\Windows\System32\bthprops.cpl - ok
17:59:47.0503 2224 [ 89C84BF2D5A2A5DD867E046488B8DDE3 ] C:\Windows\System32\BluetoothApis.dll
17:59:47.0503 2224 C:\Windows\System32\BluetoothApis.dll - ok
17:59:47.0503 2224 [ F310AB7C5A54C42C38C4DA974BDB4271 ] C:\Windows\System32\ActionCenter.dll
17:59:47.0503 2224 C:\Windows\System32\ActionCenter.dll - ok
17:59:47.0519 2224 [ 78ABEA36C5228E99D849D478A7F3C814 ] C:\Program Files\Windows Defender\NisSrv.exe
17:59:47.0519 2224 C:\Program Files\Windows Defender\NisSrv.exe - ok
17:59:47.0519 2224 [ BD96C24E11DF052D6A8175C640F2EB83 ] C:\Program Files\Windows Defender\NisLog.dll
17:59:47.0519 2224 C:\Program Files\Windows Defender\NisLog.dll - ok
17:59:47.0519 2224 [ 79227C1E2225DE455F365B607A6D46FB ] C:\Windows\System32\SearchIndexer.exe
17:59:47.0519 2224 C:\Windows\System32\SearchIndexer.exe - ok
17:59:47.0535 2224 [ 7A865523E3E0F4FA421787FAED4A04CD ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3D0F91D3-AE68-4768-8228-30D9EA43A5E3}\gapaengine.dll
17:59:47.0535 2224 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3D0F91D3-AE68-4768-8228-30D9EA43A5E3}\gapaengine.dll - ok
17:59:47.0535 2224 [ D1852D42D01C19066C6C75289D4A5C6F ] C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
17:59:47.0535 2224 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll - ok
17:59:47.0550 2224 [ 616DF4ADC4E04753BB4951D3464B8157 ] C:\Windows\System32\tquery.dll
17:59:47.0550 2224 C:\Windows\System32\tquery.dll - ok
17:59:47.0550 2224 [ 96BD578CA0CDCEC566A3259D73C4330C ] C:\Windows\System32\mssrch.dll
17:59:47.0550 2224 C:\Windows\System32\mssrch.dll - ok
17:59:47.0550 2224 [ 951AECDFBE4925B59769D49873DD8051 ] C:\Windows\System32\msidle.dll
17:59:47.0550 2224 C:\Windows\System32\msidle.dll - ok
17:59:47.0566 2224 [ 1300F74B95965CD749A2F3E66FBC4EBB ] C:\Windows\System32\mssprxy.dll
17:59:47.0566 2224 C:\Windows\System32\mssprxy.dll - ok
17:59:47.0566 2224 [ 8A0B04A69BFFDA2E7DA712EC2CCB19E9 ] C:\Windows\System32\SyncCenter.dll
17:59:47.0566 2224 C:\Windows\System32\SyncCenter.dll - ok
17:59:47.0566 2224 [ DB02F4D37E5F7F07A0D0F9FAA68249EE ] C:\Windows\System32\ieframe.dll
17:59:47.0566 2224 C:\Windows\System32\ieframe.dll - ok
17:59:47.0582 2224 [ 0515B5D282D87678EE47D23AF95A948A ] C:\Windows\System32\imapi2.dll
17:59:47.0582 2224 C:\Windows\System32\imapi2.dll - ok
17:59:47.0582 2224 [ FD18FDF7A70803A42ECEA1D7C9709E7C ] C:\Windows\System32\mssvp.dll
17:59:47.0582 2224 C:\Windows\System32\mssvp.dll - ok
17:59:47.0582 2224 [ 4A895F718857F9A7F6198951F3B106CB ] C:\Windows\System32\mapi32.dll
17:59:47.0582 2224 C:\Windows\System32\mapi32.dll - ok
17:59:47.0597 2224 [ EB248189E980B367D09C36A1C2A6FC3D ] C:\Windows\System32\linkinfo.dll
17:59:47.0597 2224 C:\Windows\System32\linkinfo.dll - ok
17:59:47.0597 2224 [ 7C514A95C3EAB34547DDBEA9AB09FC19 ] C:\Windows\System32\hgcpl.dll
17:59:47.0597 2224 C:\Windows\System32\hgcpl.dll - ok
17:59:47.0597 2224 [ BE5F89BAFBD4272D5A0C0A37B97865ED ] C:\Windows\System32\provsvc.dll
17:59:47.0597 2224 C:\Windows\System32\provsvc.dll - ok
17:59:47.0613 2224 [ 31FC5EBF5C8CE2237CADCFAD3AED7D4F ] C:\Windows\System32\mobsync.exe
17:59:47.0613 2224 C:\Windows\System32\mobsync.exe - ok
17:59:47.0613 2224 [ EB34CE5EFA1591915F973EB30C77A1D8 ] C:\Windows\System32\Windows.Globalization.Fontgroups.dll
17:59:47.0613 2224 C:\Windows\System32\Windows.Globalization.Fontgroups.dll - ok
17:59:47.0613 2224 [ 27E9C23E43FE41702B0C244B9CA3F318 ] C:\Windows\System32\SyncInfrastructure.dll
17:59:47.0613 2224 C:\Windows\System32\SyncInfrastructure.dll - ok
17:59:47.0628 2224 [ 858CE77F3476265F64250BD2F7927C6D ] C:\Windows\System32\gameux.dll
17:59:47.0628 2224 C:\Windows\System32\gameux.dll - ok
17:59:47.0628 2224 [ BA247631B40720DAEA89BEFAA4632EB6 ] C:\Windows\System32\PhotoMetadataHandler.dll
17:59:47.0628 2224 C:\Windows\System32\PhotoMetadataHandler.dll - ok
17:59:47.0628 2224 [ F611E6125B86F2CFB6D2C6A4F98E487A ] C:\Windows\System32\ntshrui.dll
17:59:47.0628 2224 C:\Windows\System32\ntshrui.dll - ok
17:59:47.0644 2224 [ E6B65614304E4695C87FC4BD8894F3B3 ] C:\Windows\System32\networkexplorer.dll
17:59:47.0644 2224 C:\Windows\System32\networkexplorer.dll - ok
17:59:47.0644 2224 [ 51E0339BAA4C418D894B0BF888A344A6 ] C:\Windows\System32\EhStorShell.dll
17:59:47.0644 2224 C:\Windows\System32\EhStorShell.dll - ok
17:59:47.0644 2224 ============================================================
17:59:47.0644 2224 Scan finished
17:59:47.0644 2224 ============================================================
17:59:47.0660 2216 Detected object count: 1
17:59:47.0660 2216 Actual detected object count: 1
18:00:14.0544 2216 28002065 ( HiddenService.Multi.Generic ) - skipped by user
18:00:14.0544 2216 28002065 ( HiddenService.Multi.Generic ) - User select action: Skip
  • 0

#7
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi just an update - I'll have a reply for you tomorrow afternoon.
  • 0

#8
luvdacowboys2011

luvdacowboys2011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
ok
  • 0

#9
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi again luvdacowboys2011. Here's the next step:

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.

Things to see in your next post:
GMER.txt log

  • 0

#10
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
BTW you probably have what's called a rootkit which is a virus that can hide from traditional antivirus and non-specialized scan utilities like OTL. That's where TDSSKiller and GMER come into play.
  • 0

Advertisements


#11
luvdacowboys2011

luvdacowboys2011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Here is the GMER log along with some screen shots. That recycle.bin at the bottom on the left is Documents and Settings once you open it up and another drive according to hirens....TDSS killer will find over a 100 multi generic unsigned files before crashing and you'll notice it looks like I have a usb plugged in but I don't. Its like a nightmare....formatting, new hard drives, etc will not do it.... I-phones that apple claim to be impervious to malware....the crash logs are horrific lol! GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-03-10 07:44:24
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500LM012_HN-M500MBB rev.2BA30001 465.76GB
Running: gmer.exe; Driver: C:\Users\bf\AppData\Local\Temp\pxldqpow.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files\Windows Defender\MsMpEng.exe[1396] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffc7aef169a 4 bytes [EF, 7A, FC, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1396] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffc7aef16a2 4 bytes [EF, 7A, FC, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1396] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffc7aef181a 4 bytes [EF, 7A, FC, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1396] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffc7aef1832 4 bytes [EF, 7A, FC, 7F]

---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\csrss.exe [396:2224] fffff960009624d0
Thread C:\Windows\Explorer.EXE [2188:1064] 00007ffc6e35d6bc
Thread C:\Program Files\Internet Explorer\iexplore.exe [3424:1724] 00007ffc6effd6bc
---- Processes - GMER 2.1 ----

Process C:\Users\bf\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe (*** suspicious ***) @ C:\Users\bf\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe [400](2014-01-29 01:36:04) 0000000000400000

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{06DDBA98-7A52-40A0-AB8C-D49CD6DFE834}\Connection@Name isatap.{B731FB25-6A5C-4AC1-B5F0-CF30B2A24A6D}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1815809540
Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{ea8aca84-f78a-43dd-a64d-805195b1b759}@LastProbeTime 1377134626
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{06DDBA98-7A52-40A0-AB8C-D49CD6DFE834}@InterfaceName isatap.{B731FB25-6A5C-4AC1-B5F0-CF30B2A24A6D}
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{06DDBA98-7A52-40A0-AB8C-D49CD6DFE834}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{06DDBA98-7A52-40A0-AB8C-D49CD6DFE834}@DefunctTimestamp 0x1A 0xBC 0x1D 0x53 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 578
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 6
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B731FB25-6A5C-4AC1-B5F0-CF30B2A24A6D}@LeaseObtainedTime 1394457625
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B731FB25-6A5C-4AC1-B5F0-CF30B2A24A6D}@T1 1394500825
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B731FB25-6A5C-4AC1-B5F0-CF30B2A24A6D}@T2 1394533225
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B731FB25-6A5C-4AC1-B5F0-CF30B2A24A6D}@LeaseTerminatesTime 1394544025
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Count 130
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Blocked 130

---- Files - GMER 2.1 ----

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6F7A4EF8-0FB3-4C83-A9D4-8191A6A5957D} 7380 bytes
File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{0D17F281-D27F-4281-95C1-308340567DF3} 7380 bytes
File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{147AD176-B0CE-4FDD-BF57-3FA2805AAC46} 7380 bytes
File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{18ECCB4E-F395-41F3-9FF9-65E0ED809256} 7380 bytes
File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1F2BA8C1-CF9C-4EFF-99CA-1FB18BF8D66A} 7380 bytes
File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2282D7B9-89DE-4E21-B169-ED72FD8EA49C} 7380 bytes
File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{28592FCA-F63E-4572-BF3F-2034E4E628EA} 7380 bytes
File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{527BA7E6-50F8-40DA-83E5-5B868DE84DFD} 7380 bytes
File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{597CDD03-EEE3-4D51-9A16-7C35DD8877CF} 7380 bytes
File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{89FBAA91-B882-433A-847B-3EAD507DB8BF} 7380 bytes
File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{8A8FA391-885C-4CA2-AC16-00E17FCFA3BE} 7380 bytes
File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A35AD36B-D666-4923-99A6-F1D7F762D6B3} 7380 bytes
File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B149DB9B-C1AD-4511-B4AD-0C4CF076B38C} 7380 bytes
File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BC9272CE-5CD8-4242-8196-6F2BBA7E8718} 7380 bytes
File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BF67DC78-9C35-41EF-BBDF-3689BCE319BF} 7380 bytes
File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CB903A00-0F76-4056-BC66-D1B39D666FF1} 7380 bytes
File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{EB7BC4D4-4CCB-4DFC-A42F-9AE236CCF689} 7380 bytes
File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F74E0D43-AF84-42E1-B62F-332182A32C3A} 7380 bytes
File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F8611AB2-8A9B-43B4-8BD8-3E45BD120AF8} 7380 bytes
File C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-08222013-010455-00000003-ffffffff.bin 20480 bytes
File C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-08222013-074556-00000003-ffffffff.bin 1253376 bytes
File C:\Users\bf\AppData\Local\Microsoft\Windows\Explorer\TileCacheDefault-224578_80.dat 3874816 bytes
File C:\Users\bf\AppData\Local\Microsoft\Windows\Explorer\TileCacheLogo-215437_100.dat 389120 bytes
File C:\Users\bf\AppData\Local\Microsoft\Windows\Explorer\TileCacheStartView-219281_80.dat 3981312 bytes

---- EOF - GMER 2.1 ----

Attached Thumbnails

  • Screenshot (6).png
  • Screenshot (5).png
  • Screenshot (4).png
  • Screenshot (3).png
  • Screenshot (2).png

  • 0

#12
luvdacowboys2011

luvdacowboys2011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Here is some things malrwarebytes found using hirens but cant remove along with superantispyware finding usbrootkit (all registry entries) and take a look at what is supposed to be a battery? Thanks for the help!

Attached Thumbnails

  • Screenshot (7).png
  • Screenshot (8).png

  • 0

#13
luvdacowboys2011

luvdacowboys2011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
I got aswMBR to complete after a few rounds with this one of a kind box. Thanks!


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-10 09:03:21
-----------------------------
09:03:21.800 OS Version: Windows x64 6.2.9200
09:03:21.800 Number of processors: 2 586 0x1001
09:03:21.800 ComputerName: bff UserName: bf
09:03:23.021 Initialize success
09:04:17.891 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:04:17.895 Disk 0 Vendor: ST500LM012_HN-M500MBB 2BA30001 Size: 476940MB BusType: 3
09:04:18.077 Disk 0 MBR read successfully
09:04:18.081 Disk 0 MBR scan
09:04:18.085 Disk 0 Windows 7 default MBR code
09:04:18.089 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 350 MB offset 2048
09:04:18.120 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476588 MB offset 718848
09:04:18.174 Disk 0 scanning C:\Windows\system32\drivers
09:04:23.019 Service scanning
09:04:29.299 Service TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe **HIDDEN**
09:04:31.533 Modules scanning
09:04:31.537 Disk 0 trace - called modules:
09:04:31.569 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys hal.dll PCIIDEX.SYS atapi.sys
09:04:31.573 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000015e2060]
09:04:31.577 3 CLASSPNP.SYS[fffff80000b80abb] -> nt!IofCallDriver -> [0xffffe00001186040]
09:04:31.581 5 ACPI.sys[fffff800002025f1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xffffe00001180060]
09:04:31.589 Scan finished successfully
09:43:43.818 Disk 0 MBR has been saved successfully to "C:\Users\bf\Desktop\MBR.dat"
09:43:43.898 The log file has been saved successfully to "C:\Users\bf\Desktop\aswMBR.txt"
  • 0

#14
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi luvdacowboys2011. All your logs look clean except the Malwarebytes log. The only things that look suspicious to me are the malwarebytes scan results, the cd-rom behavior, and the 200 TB drive. What do you mean when you say that the cd-rom is behaving weirdly? Also please go to Control Panel --> Administrative Tools --> Computer Management --> Disk Management and take a screenshot of all the drives listed in the window then post in your next reply. If you can't access disk management that way you can press windows key + R then type diskmgmt.msc in the run dialog box and press enter. Do you know what drive X: is referring to in the Malwarebytes scan? Also please run Malwarebytes, do a quick scan, then click the Logs tab in MBAM and copy&Paste the quick scan report in your next reply.
  • 0

#15
luvdacowboys2011

luvdacowboys2011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Well the cd-rom starts and stops and it seems at the worst times to do it and I used parted and it is partitioned (by file) with unknown disk I.D....maybe that is normal I don't really know. I went in event logs and many many special log ons with security changes, time changes, account impersonations, etc which I took screenshots of! What Is happening is they are logging on as a service which the event logs even state. I'm think or it looks to me as if everything runs in memory on a ramdisk.....I know it sounds crazy but I can be out on a job waaaay in the mountains of Colorado where cell service quit working 50 miles back and i'll do a netstat -o -b -a etc and my ports will NOT be listening! I'll ping it, tracert, nslookup and server out of korea, japan etc! What ever it is they need to be looked into cause I'd bet it's good enough to banks, govt. etc! That good! anyway here are the screenshots... im'a acces that drive again and take a screenshot because it is a different O.S.! Oh and I'm the only one using this computer and I make the account bf but you'll notice a administrator account.

Attached Thumbnails

  • Screenshot (25).png
  • Screenshot (26).png
  • Screenshot (27).png
  • Screenshot (28).png
  • Screenshot (29).png
  • Screenshot (10).png
  • Screenshot (12).png
  • Screenshot (16).png
  • Screenshot (21).png
  • Screenshot (33).png
  • Screenshot (32).png
  • Screenshot (31).png

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP