Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removal of Sirefef.AP and ZeroAccess


  • This topic is locked This topic is locked
14 replies to this topic

#1 dabram

dabram

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 15 August 2012 - 11:59 AM

Hi,

I have been infected with Sirefef.AP and I think this has installed at least one other trojan, ZeroAccess. I have been infected with ZeroAccess before, but CatByte helped me remove it. Sophos detected Sirefef and ZeroAccess and now my browser stops responding if used for a few minutes and I can't open task manager or do anything without a forced shut down. I have a Windows 7 64 bit (didn't run GMER) Lenovo Ideapad Y450. I used the clean up option with the files that were quarantined in Sophos (windows.ini infected with Sirefef.AP) and deleted an intellidownload.vfd file, but didn't delete services.exe (infected by ZeroAccess). The files no longer show up in Sophos after the restart, but might after a system scan. Here is my DDS Log:


DDS Log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by David Abram at 9:42:12 on 2012-08-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3933.2480 [GMT -7:00]
.
AV: Sophos Anti-Virus *Enabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Sophos Anti-Virus *Enabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files (x86)\BitKinex\bitkinexsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\PenExe\TcWS\Ver6.2.0\Bin\LCD.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\David Abram\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Users\David Abram\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://ofweb.stanford.edu/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [c__users_david_abram_appdata_local_google_update_googleupdate.exe] "C:\Users\David Abram\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [c__users_david] C:\Users\David Abram\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
uRun: [Google Update] "C:\Users\David Abram\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage
StartupFolder: C:\Users\DAVIDA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\David Abram\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download with BitKinex - C:\Program Files (x86)\BitKinex\ieext_cp.htm
IE: &Register in BitKinex - C:\Program Files (x86)\BitKinex\ieext_reg.htm
IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBC}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: Interfaces\{15E4CDEA-1A32-4227-AA3C-5877B77301E3} : NameServer = 171.64.7.77,171.64.7.55
TCP: Interfaces\{746FDCEA-B7FD-4EBA-930D-C58F9AFC3128} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{746FDCEA-B7FD-4EBA-930D-C58F9AFC3128}\0596E6B64596765627 : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
TCP: Interfaces\{746FDCEA-B7FD-4EBA-930D-C58F9AFC3128}\071647866696E6465627 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{746FDCEA-B7FD-4EBA-930D-C58F9AFC3128}\14262716D625F657475627D27657563747 : DhcpNameServer = 75.104.160.61
TCP: Interfaces\{746FDCEA-B7FD-4EBA-930D-C58F9AFC3128}\54C6B60234F667560294E6E6 : DhcpNameServer = 192.168.1.1 8.8.8.8
TCP: Interfaces\{746FDCEA-B7FD-4EBA-930D-C58F9AFC3128}\6447E2C4165746D284C67746F514962707F62747D2055726C69636 : DhcpNameServer = 172.21.31.200 172.21.31.201
TCP: Interfaces\{746FDCEA-B7FD-4EBA-930D-C58F9AFC3128}\D425350223031323 : DhcpNameServer = 199.115.243.100 68.177.131.70
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll, C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Sophos Web Content Scanner: {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll, C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David Abram\AppData\Roaming\Mozilla\Firefox\Profiles\dl3kehyw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=
FF - prefs.js: network.proxy.type - 2
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll
FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\NPCDP32.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\David Abram\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\David Abram\AppData\Roaming\Mozilla\Firefox\Profiles\dl3kehyw.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
FF - plugin: C:\Users\David Abram\AppData\Roaming\Mozilla\Firefox\Profiles\dl3kehyw.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Users\David Abram\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\David Abram\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 funfrm;funfrm;C:\windows\system32\drivers\funfrm.sys --> C:\windows\system32\drivers\funfrm.sys [?]
R1 SAVOnAccess;SAVOnAccess;C:\windows\system32\DRIVERS\savonaccess.sys --> C:\windows\system32\DRIVERS\savonaccess.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 BitKinex;BitKinex File Transfer Service;C:\Program Files (x86)\BitKinex\bitkinexsvc.exe DISPATCH --> C:\Program Files (x86)\BitKinex\bitkinexsvc.exe DISPATCH [?]
R2 DDNIMSGService;DDNIMSGService;C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2010-1-21 172720]
R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2011-9-19 87368]
R2 lcdServiceTcWS(6.2.0);PEN LCD Service for TcWS Ver6.2.0;C:\PenExe\TcWS\Ver6.2.0\Bin\LCD.exe [2011-7-26 302610]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-17 655944]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]
R2 msftesql$CSSQL05;SQL Server FullText Search (CSSQL05);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe [2010-3-26 91992]
R2 MSSQL$CSSQL05;SQL Server (CSSQL05);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 SAVAdminService;Sophos Anti-Virus status reporter;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-8 163056]
R2 SAVService;Sophos Anti-Virus;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2010-6-4 97520]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [2012-4-11 232472]
R2 swi_service;Sophos Web Intelligence Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2012-2-21 1543704]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\windows\system32\drivers\IntcHdmi.sys --> C:\windows\system32\drivers\IntcHdmi.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\windows\system32\DRIVERS\itecir.sys --> C:\windows\system32\DRIVERS\itecir.sys [?]
R3 ITECIRfilter;ITECIR Filter Driver;C:\windows\system32\DRIVERS\ITECIRfilter.sys --> C:\windows\system32\DRIVERS\ITECIRfilter.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys --> C:\windows\system32\DRIVERS\NETw5s64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-25 136176]
S2 MotoHelper.exe;Motorola Helper;C:\Program Files (x86)\Motorola\Moto Helper Service\MotoHelper.exe [2010-9-14 6656]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\windows\system32\DRIVERS\motfilt.sys --> C:\windows\system32\DRIVERS\motfilt.sys [?]
S3 btusbflt;Bluetooth USB Filter;C:\windows\system32\drivers\btusbflt.sys --> C:\windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-3-31 1038088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-25 136176]
S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\windows\system32\DRIVERS\motccgp.sys --> C:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\windows\system32\DRIVERS\motccgpfl.sys --> C:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\windows\system32\DRIVERS\Motousbnet.sys --> C:\windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;C:\windows\system32\DRIVERS\motusbdevice.sys --> C:\windows\system32\DRIVERS\motusbdevice.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-10 113120]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\netw5v64.sys --> C:\windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 sdcfilter;sdcfilter;C:\windows\system32\DRIVERS\sdcfilter.sys --> C:\windows\system32\DRIVERS\sdcfilter.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 288112]
S4 SophosBootDriver;SophosBootDriver;C:\windows\system32\DRIVERS\SophosBootDriver.sys --> C:\windows\system32\DRIVERS\SophosBootDriver.sys [?]
.
=============== Created Last 30 ================
.
2012-08-13 18:05:45 -------- d-----w- C:\Program Files\iPod
2012-08-13 18:05:44 -------- d-----w- C:\Program Files\iTunes
2012-08-13 18:05:44 -------- d-----w- C:\Program Files (x86)\iTunes
2012-08-12 06:17:17 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CB026C93-38C5-4229-B761-79E7825F48AA}\offreg.dll
2012-08-12 06:14:48 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CB026C93-38C5-4229-B761-79E7825F48AA}\mpengine.dll
2012-08-06 19:16:48 -------- d-----w- C:\Users\David Abram\AppData\Local\Macromedia
2012-08-06 18:17:20 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-08-04 01:02:25 -------- d--h--w- C:\jexepackres
2012-08-04 01:02:12 -------- d-----w- C:\Program Files (x86)\NoPayPOKER
2012-08-02 18:08:24 -------- d-----w- C:\Users\David Abram\AppData\Local\{B441B490-2175-4B86-A49B-386D12217573}
2012-07-19 22:02:28 -------- d-----w- C:\Users\David Abram\AppData\Local\{EB8ECFB8-11F1-4906-89D3-E2F0E552B20A}
2012-07-19 22:02:03 -------- d-----w- C:\Users\David Abram\AppData\Local\{D67DE8F4-5A94-4559-BBF4-20CBF26A33A0}
.
==================== Find3M ====================
.
2012-08-06 18:17:20 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 20:46:44 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-06-02 22:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-05-31 19:25:12 279656 ------w- C:\windows\System32\MpSigStub.exe
2010-07-26 18:17:08 689560 ----a-w- C:\Program Files\iobituninstaller.exe
.
============= FINISH: 9:44:25.72 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:23 PM

Posted 15 August 2012 - 02:03 PM

Hello dabram,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.


Do you have a USB Flash Drive you can use?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 dabram

dabram
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 15 August 2012 - 04:41 PM

Apparently my previous reply didn't post? I have a working USB key, what is the next step? Thanks for your help.

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:23 PM

Posted 15 August 2012 - 05:53 PM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list][/quote]

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 dabram

dabram
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 15 August 2012 - 06:08 PM

FRST log
Scan result of Farbar Recovery Scan Tool Version: 15-08-2012
Ran by SYSTEM at 15-08-2012 16:04:29
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-06] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1814312 2009-08-14] (Synaptics Incorporated)
HKLM\...\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4366704 2009-09-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [5825536 2009-08-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [162328 2011-02-11] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [386584 2011-02-11] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [417304 2011-02-11] (Intel Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [439536 2010-09-21] (Sophos Plc)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\David Abram\...\Run: [c__users_david_abram_appdata_local_google_update_googleupdate.exe] "C:\Users\David Abram\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-03-27] (Google Inc.)
HKU\David Abram\...\Run: [c__users_david] C:\Users\David Abram\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [79872 2012-01-02] (SanDisk Corporation)
HKU\David Abram\...\Run: [Google Update] "C:\Users\David Abram\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-03-27] (Google Inc.)
HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default\...\RunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage [1475584 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL
Tcpip\..\Interfaces\{15E4CDEA-1A32-4227-AA3C-5877B77301E3}: [NameServer]171.64.7.77,171.64.7.55
Startup: C:\Users\David Abram\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

4 Adobe Version Cue CS4; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [288112 2010-04-11] (Adobe Systems Incorporated)
2 BcmSqlStartupSvc; "C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [30312 2008-01-11] (Microsoft Corporation)
2 BitKinex; C:\Program Files (x86)\BitKinex\bitkinexsvc.exe DISPATCH [32944 2010-07-12] ()
2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [864032 2009-07-01] (Broadcom Corporation.)
2 CVPND; "C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe" [1528616 2010-03-23] (Cisco Systems, Inc.)
2 DeviceMonitorService; "C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe" [87368 2011-09-19] (Nero AG)
2 lcdServiceTcWS(6.2.0); C:\PenExe\TcWS\Ver6.2.0\Bin\LCD.EXE [302610 2001-02-27] (PerkinElmer Instruments)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
2 MotoHelper.exe; "C:\Program Files (x86)\Motorola\Moto Helper Service\MotoHelper.exe" [6656 2010-09-14] (Motorola)
2 MSSQL$CSSQL05; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sCSSQL05 [29293408 2010-12-10] (Microsoft Corporation)
3 MSSQL$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [29293408 2010-12-10] (Microsoft Corporation)
2 RichVideo; "C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe" [244904 2009-07-17] ()
2 SAVAdminService; "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe" [163056 2010-10-08] (Sophos Plc)
2 SAVService; "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe" [97520 2010-06-04] (Sophos Plc)
2 Sophos AutoUpdate Service; "C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe" [232472 2012-04-11] (Sophos Plc)
2 swi_service; "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe" [1543704 2012-02-21] (Sophos Plc)
2 msftesql$CSSQL05; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe" -s:MSSQL.2 -f:CSSQL05 [x]

========================== Drivers (Whitelisted) =============

3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA64.sys [14992 2010-02-08] (Cisco Systems, Inc.)
3 CVPNDRVA; C:\Windows\System32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
3 DNE; C:\Windows\System32\DRIVERS\dne64x.sys [157968 2008-11-16] (Deterministic Networks, Inc.)
1 funfrm; C:\Windows\System32\Drivers\funfrm.sys [58896 2010-02-04] ()
3 ITECIRfilter; C:\Windows\System32\Drivers\ITECIRfilter.sys [28264 2011-03-22] (ITE Tech. Inc. )
3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
1 SAVOnAccess; C:\Windows\System32\Drivers\SAVOnAccess.sys [142328 2010-10-08] (Sophos Plc)
3 sdcfilter; C:\Windows\System32\Drivers\sdcfilter.sys [25592 2009-07-30] (Sophos Plc)
4 SophosBootDriver; C:\Windows\System32\Drivers\SophosBootDriver.sys [25608 2010-07-08] (Sophos Plc)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 MotDev; C:\Windows\System32\DRIVERS\motodrv.sys [x]
3 motport; C:\Windows\System32\DRIVERS\motport.sys [x]
3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-13 10:06 - 2012-08-13 10:06 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-08-13 10:05 - 2012-08-13 10:06 - 00000000 ____D C:\Program Files\iTunes
2012-08-13 10:05 - 2012-08-13 10:06 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-08-13 10:05 - 2012-08-13 10:05 - 00000000 ____D C:\Program Files\iPod
2012-08-06 11:16 - 2012-08-06 11:16 - 00000000 ____D C:\Users\David Abram\AppData\Local\Macromedia
2012-08-06 10:17 - 2012-08-06 10:17 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-03 17:02 - 2012-08-14 15:43 - 00000000 ___HD C:\jexepackres
2012-08-03 17:02 - 2012-08-03 17:02 - 00001035 ____A C:\Users\David Abram\Desktop\NoPayPoker.lnk
2012-08-03 17:02 - 2012-08-03 17:02 - 00000000 ____D C:\Program Files (x86)\NoPayPOKER
2012-08-02 10:08 - 2012-08-02 10:08 - 00000000 ____D C:\Users\David Abram\AppData\Local\{B441B490-2175-4B86-A49B-386D12217573}
2012-07-31 09:43 - 2012-07-31 09:43 - 00000395 ____A C:\Users\David Abram\Desktop\table.txt
2012-07-19 14:02 - 2012-07-19 14:02 - 00000000 ____D C:\Users\David Abram\AppData\Local\{EB8ECFB8-11F1-4906-89D3-E2F0E552B20A}
2012-07-19 14:02 - 2012-07-19 14:02 - 00000000 ____D C:\Users\David Abram\AppData\Local\{D67DE8F4-5A94-4559-BBF4-20CBF26A33A0}


============ 3 Months Modified Files ========================

2012-08-15 14:59 - 2011-11-25 08:38 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-15 14:59 - 2010-03-27 10:42 - 00000932 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1480281642-2266877034-3838737573-1003UA.job
2012-08-15 14:59 - 2010-02-04 18:35 - 01107380 ____A C:\Windows\WindowsUpdate.log
2012-08-15 14:58 - 2011-11-25 08:38 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-15 08:44 - 2009-07-13 21:13 - 00907092 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-15 08:41 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-15 08:41 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-15 08:39 - 2012-08-15 08:42 - 00607260 ____R (Swearware) C:\Users\David Abram\Desktop\dds.com
2012-08-15 08:33 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-15 08:33 - 2009-07-13 20:51 - 00198104 ____A C:\Windows\setupact.log
2012-08-15 07:26 - 2010-03-27 10:42 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1480281642-2266877034-3838737573-1003Core.job
2012-08-14 23:05 - 2010-03-27 10:42 - 00002445 ____A C:\Users\David Abram\Desktop\Google Chrome.lnk
2012-08-14 14:55 - 2010-02-04 19:20 - 00734712 ____A C:\Windows\PFRO.log
2012-08-13 10:06 - 2012-08-13 10:06 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-08-06 10:17 - 2012-08-06 10:17 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-06 10:17 - 2011-07-13 17:16 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-03 17:02 - 2012-08-03 17:02 - 00001035 ____A C:\Users\David Abram\Desktop\NoPayPoker.lnk
2012-07-31 09:43 - 2012-07-31 09:43 - 00000395 ____A C:\Users\David Abram\Desktop\table.txt
2012-07-19 09:41 - 2011-12-05 19:39 - 00002241 ____A C:\Users\David Abram\Desktop\Badger.lnk
2012-07-17 10:21 - 2012-07-09 20:52 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-10 17:13 - 2012-07-10 17:13 - 00448512 ____A (OldTimer Tools) C:\Users\David Abram\Desktop\TFC.exe
2012-07-10 14:40 - 2011-02-04 10:51 - 00000000 ____A C:\Windows\SMMacro.INI
2012-07-10 08:35 - 2012-02-25 14:37 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-10 08:35 - 2012-02-25 14:37 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-10 08:23 - 2012-07-10 08:23 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-07-10 08:18 - 2012-07-10 08:18 - 00028071 ____A C:\ComboFix.txt
2012-07-10 08:09 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-07-06 09:00 - 2011-02-04 15:40 - 00000584 ____A C:\Users\David Abram\Documents\grstyles.stl
2012-07-03 12:46 - 2012-07-09 20:52 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-09 21:20 - 2010-03-26 16:23 - 00001030 ____A C:\Users\David Abram\Desktop\Dropbox.lnk
2012-06-02 14:19 - 2012-06-21 08:38 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 08:38 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 08:38 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 08:37 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 08:37 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-21 08:36 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:15 - 2012-06-21 08:38 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 08:37 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-21 08:36 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-31 11:25 - 2010-07-08 13:28 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-19 15:20 - 2009-07-13 20:45 - 03085304 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-19 14:54 - 2010-03-26 07:44 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3932.61 MB
Available physical RAM: 3304.14 MB
Total Pagefile: 3930.75 MB
Available Pagefile: 3303.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:252.81 GB) (Free:122.73 GB) NTFS
2 Drive d: (LENOVO) (Fixed) (Total:30.33 GB) (Free:29.17 GB) NTFS
4 Drive g: (KINGSTON) (Removable) (Total:7.26 GB) (Free:7.25 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 1024 KB
Disk 1 Online 7441 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 200 MB 1024 KB
Partition 2 Primary 252 GB 201 MB
Partition 0 Extended 30 GB 253 GB
Partition 4 Logical 30 GB 253 GB
Partition 3 OEM 14 GB 283 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y NTFS Partition 200 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 252 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D LENOVO NTFS Partition 30 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 12
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 LENOVO_PART NTFS Partition 14 GB Healthy Hidden

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7437 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G KINGSTON FAT32 Removable 7437 MB Healthy

==================================================================================

Last Boot: 2012-08-15 04:41

======================= End Of Log ==========================

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:23 PM

Posted 15 August 2012 - 06:18 PM

Hello,

I don't see anything in your logs. Let's run a couple of tools and see what they come up with. Can you tell me which browsers this is effecting?

1.
Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 dabram

dabram
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 15 August 2012 - 07:47 PM

I was getting trouble on Mozilla and also IE before. Perhaps the Sophos actions I took actually did something useful to make the logs look clean. System appears to be running a bit smoother now. The TDDSKiller log was huge (589kb), too long for this post or even to attach as one file, so I will attach it in two posts.
First part: Attached File  TDSSKiller.2.8.6.0_15.08.2012_16.40.15_log_Part1.txt   274.78KB   1 downloads
Also, the ComboFix log is below:

ComboFix
ComboFix 12-08-15.01 - David Abram 08/15/2012 17:04:36.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3933.2464 [GMT -7:00]
Running from: c:\users\David Abram\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\intellidownload\gunzip.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-16 00:20 . 2012-08-16 00:20 -------- d-----w- c:\users\Twists\AppData\Local\temp
2012-08-16 00:20 . 2012-08-16 00:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-16 00:20 . 2012-08-16 00:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-15 23:34 . 2012-08-15 23:34 208216 ----a-w- c:\windows\system32\drivers\31848743.sys
2012-08-13 18:05 . 2012-08-13 18:05 -------- d-----w- c:\program files\iPod
2012-08-13 18:05 . 2012-08-13 18:06 -------- d-----w- c:\program files\iTunes
2012-08-13 18:05 . 2012-08-13 18:06 -------- d-----w- c:\program files (x86)\iTunes
2012-08-12 06:17 . 2012-08-15 12:40 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB026C93-38C5-4229-B761-79E7825F48AA}\offreg.dll
2012-08-12 06:14 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB026C93-38C5-4229-B761-79E7825F48AA}\mpengine.dll
2012-08-06 19:16 . 2012-08-06 19:16 -------- d-----w- c:\users\David Abram\AppData\Local\Macromedia
2012-08-06 18:17 . 2012-08-06 18:17 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-04 01:02 . 2012-08-14 23:43 -------- d-----w- C:\jexepackres
2012-08-04 01:02 . 2012-08-04 01:02 -------- d-----w- c:\program files (x86)\NoPayPOKER
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-06 18:17 . 2011-07-14 01:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 20:46 . 2012-07-10 04:52 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-21 16:37 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 16:38 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 16:38 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 16:38 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 16:36 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 16:37 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 16:38 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 16:36 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 16:37 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 19:25 . 2010-07-08 21:28 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-19 22:54 . 2010-03-26 15:44 57848688 ----a-w- c:\windows\system32\MRT.exe
2010-07-26 18:17 . 2010-07-26 18:36 689560 ----a-w- c:\program files\iobituninstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\David Abram\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\David Abram\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\David Abram\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\David Abram\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c__users_david_abram_appdata_local_google_update_googleupdate.exe"="c:\users\David Abram\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-27 136176]
"c__users_david"="c:\users\David Abram\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2012-01-02 79872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]
.
c:\users\David Abram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\David Abram\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-25 136176]
R2 MotoHelper.exe;Motorola Helper;c:\program files (x86)\Motorola\Moto Helper Service\MotoHelper.exe [2010-09-15 6656]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-30 6144]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-08-06 35104]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-31 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-25 136176]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-05-18 143320]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-30 9216]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-06 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-05-14 5435904]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2009-07-30 25592]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-02 1255736]
R3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2010-04-12 288112]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2010-07-08 25608]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-08-12 55856]
S1 funfrm;funfrm; [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2010-10-08 142328]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 BitKinex;BitKinex File Transfer Service;c:\program files (x86)\BitKinex\bitkinexsvc.exe DISPATCH [x]
S2 DDNIMSGService;DDNIMSGService;c:\program files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2010-01-21 172720]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2011-09-19 87368]
S2 lcdServiceTcWS(6.2.0);PEN LCD Service for TcWS Ver6.2.0;c:\penexe\TcWS\Ver6.2.0\Bin\LCD.EXE [2001-02-27 302610]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
S2 msftesql$CSSQL05;SQL Server FullText Search (CSSQL05);c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe [2010-03-26 91992]
S2 MSSQL$CSSQL05;SQL Server (CSSQL05);c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-08 163056]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2010-06-04 97520]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2012-02-21 1543704]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 26128]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-13 69736]
S3 ITECIRfilter;ITECIR Filter Driver;c:\windows\system32\DRIVERS\ITECIRfilter.sys [2011-03-22 28264]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-16 6952960]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 31256421
*NewlyCreated* - 87865922
*Deregistered* - 31256421
*Deregistered* - 87865922
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-25 16:37]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-25 16:37]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1480281642-2266877034-3838737573-1003Core.job
- c:\users\David Abram\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-27 18:42]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1480281642-2266877034-3838737573-1003UA.job
- c:\users\David Abram\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-27 18:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\David Abram\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\David Abram\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\David Abram\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-09-29 4366704]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-08-19 5825536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Supplementary Scan -------
.
uStart Page = https://ofweb.stanford.edu/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download with BitKinex - c:\program files (x86)\BitKinex\ieext_cp.htm
IE: &Register in BitKinex - c:\program files (x86)\BitKinex\ieext_reg.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{15E4CDEA-1A32-4227-AA3C-5877B77301E3}: NameServer = 171.64.7.77,171.64.7.55
FF - ProfilePath - c:\users\David Abram\AppData\Roaming\Mozilla\Firefox\Profiles\dl3kehyw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=
FF - prefs.js: network.proxy.type - 2
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-87865922.sys
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Coral Remote (Chem Optics Lab) - c:\windows\system32\javaws.exe
AddRemove-Coral Remote (SNL) - c:\windows\system32\javaws.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\David Abram\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msftesql$CSSQL05]
"ImagePath"="\"c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe\" -s:MSSQL.2 -f:CSSQL05"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1480281642-2266877034-3838737573-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1480281642-2266877034-3838737573-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-15 17:26:53
ComboFix-quarantined-files.txt 2012-08-16 00:26
ComboFix2.txt 2012-07-10 16:18
.
Pre-Run: 136,685,305,856 bytes free
Post-Run: 137,339,707,392 bytes free
.
- - End Of File - - 07906CE4EAFE8E143F1BBC897C37BF4E

#8 dabram

dabram
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 15 August 2012 - 07:48 PM

Apparently upload size is a cumulative quota. Here is the second half of the TDDSKiller log:


16:47:02.0448 5084 [ 945E54F23C72D37B8CD1987AF0DB63BF ] C:\Windows\System32\fveapi.dll
16:47:02.0448 5084 C:\Windows\System32\fveapi.dll - ok
16:47:02.0448 5084 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
16:47:02.0448 5084 C:\Windows\System32\tbs.dll - ok
16:47:02.0464 5084 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
16:47:02.0464 5084 C:\Windows\System32\fvecerts.dll - ok
16:47:02.0464 5084 [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7 ] C:\Windows\System32\taskcomp.dll
16:47:02.0464 5084 C:\Windows\System32\taskcomp.dll - ok
16:47:02.0479 5084 [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
16:47:02.0479 5084 C:\Windows\System32\wiarpc.dll - ok
16:47:02.0495 5084 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] C:\Windows\System32\drivers\http.sys
16:47:02.0495 5084 C:\Windows\System32\drivers\http.sys - ok
16:47:02.0495 5084 [ B96C17B5DC1424D56EEA3A99E97428CD ] C:\Windows\System32\spoolsv.exe
16:47:02.0495 5084 C:\Windows\System32\spoolsv.exe - ok
16:47:02.0510 5084 [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL
16:47:02.0510 5084 C:\Windows\System32\BFE.DLL - ok
16:47:02.0510 5084 [ 27E461F0BE5BFF5FC737328F749538C3 ] C:\Windows\System32\drivers\srvnet.sys
16:47:02.0510 5084 C:\Windows\System32\drivers\srvnet.sys - ok
16:47:02.0526 5084 [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys
16:47:02.0526 5084 C:\Windows\System32\drivers\bowser.sys - ok
16:47:02.0526 5084 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
16:47:02.0526 5084 C:\Windows\System32\drivers\mpsdrv.sys - ok
16:47:02.0542 5084 [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys
16:47:02.0542 5084 C:\Windows\System32\drivers\mrxsmb.sys - ok
16:47:02.0557 5084 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll
16:47:02.0557 5084 C:\Windows\System32\MPSSVC.dll - ok
16:47:02.0557 5084 [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys
16:47:02.0557 5084 C:\Windows\System32\drivers\mrxsmb10.sys - ok
16:47:02.0573 5084 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys
16:47:02.0573 5084 C:\Windows\System32\drivers\mrxsmb20.sys - ok
16:47:02.0573 5084 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] C:\Windows\System32\drivers\srv2.sys
16:47:02.0573 5084 C:\Windows\System32\drivers\srv2.sys - ok
16:47:02.0588 5084 [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
16:47:02.0588 5084 C:\Windows\System32\wfapigp.dll - ok
16:47:02.0588 5084 [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll
16:47:02.0588 5084 C:\Windows\System32\mscms.dll - ok
16:47:02.0604 5084 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
16:47:02.0604 5084 C:\Windows\System32\pcasvc.dll - ok
16:47:02.0604 5084 [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
16:47:02.0604 5084 C:\Windows\System32\netcfgx.dll - ok
16:47:02.0620 5084 [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
16:47:02.0620 5084 C:\Windows\System32\snmptrap.exe - ok
16:47:02.0620 5084 [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll
16:47:02.0620 5084 C:\Windows\System32\wkssvc.dll - ok
16:47:02.0635 5084 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] C:\Windows\System32\drivers\srv.sys
16:47:02.0635 5084 C:\Windows\System32\drivers\srv.sys - ok
16:47:02.0651 5084 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] C:\Windows\System32\drivers\vwifimp.sys
16:47:02.0651 5084 C:\Windows\System32\drivers\vwifimp.sys - ok
16:47:02.0651 5084 [ D9F42719019740BAA6D1C6D536CBDAA6 ] C:\Windows\System32\srvsvc.dll
16:47:02.0651 5084 C:\Windows\System32\srvsvc.dll - ok
16:47:02.0666 5084 [ 8EF0D5C41EC907751B8429162B1239ED ] C:\Windows\System32\browser.dll
16:47:02.0666 5084 C:\Windows\System32\browser.dll - ok
16:47:02.0666 5084 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
16:47:02.0666 5084 C:\Windows\System32\netmsg.dll - ok
16:47:02.0682 5084 [ FF80CAD87555E8E4D2CFD7B9058343F8 ] C:\Windows\System32\sscore.dll
16:47:02.0682 5084 C:\Windows\System32\sscore.dll - ok
16:47:02.0682 5084 [ 81749E073AC5857B044A686B406E5244 ] C:\Windows\System32\clusapi.dll
16:47:02.0682 5084 C:\Windows\System32\clusapi.dll - ok
16:47:02.0698 5084 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
16:47:02.0698 5084 C:\Windows\System32\resutils.dll - ok
16:47:02.0698 5084 [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll
16:47:02.0698 5084 C:\Windows\System32\provsvc.dll - ok
16:47:02.0713 5084 [ 28AD5E311996A34025CFB07E131058DD ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
16:47:02.0713 5084 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok
16:47:02.0729 5084 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
16:47:02.0729 5084 C:\Windows\System32\sstpsvc.dll - ok
16:47:02.0729 5084 [ F9D908DE6B166DAC9B89BF62FA291CE8 ] C:\Program Files\Bonjour\mdnsNSP.dll
16:47:02.0729 5084 C:\Program Files\Bonjour\mdnsNSP.dll - ok
16:47:02.0744 5084 [ D44BCAF639E4E45307C2BC80715273D5 ] C:\Windows\System32\drivers\adfs.sys
16:47:02.0744 5084 C:\Windows\System32\drivers\adfs.sys - ok
16:47:02.0744 5084 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
16:47:02.0744 5084 C:\Windows\System32\rasadhlp.dll - ok
16:47:02.0760 5084 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:47:02.0760 5084 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
16:47:02.0760 5084 [ 454E292861A4EF1D72F43F42BBAF6917 ] C:\Windows\SysWOW64\crypt32.dll
16:47:02.0760 5084 C:\Windows\SysWOW64\crypt32.dll - ok
16:47:02.0776 5084 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
16:47:02.0776 5084 C:\Windows\SysWOW64\msasn1.dll - ok
16:47:02.0791 5084 [ A7D79E9F660340AB20CD73F12910985F ] C:\Windows\SysWOW64\wintrust.dll
16:47:02.0791 5084 C:\Windows\SysWOW64\wintrust.dll - ok
16:47:02.0791 5084 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
16:47:02.0791 5084 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
16:47:02.0807 5084 [ F401929EE0CC92BFE7F15161CA535383 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:47:02.0807 5084 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
16:47:02.0807 5084 [ 6C63DC384A15E2AFD4A860031EF40267 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll
16:47:02.0807 5084 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
16:47:02.0822 5084 [ 53A6FFB9FFF5C3E64B64E9B68C31D4E5 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll
16:47:02.0822 5084 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
16:47:02.0838 5084 [ 67B539D844F804EBAC7A1E3828FDE709 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
16:47:02.0838 5084 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
16:47:02.0838 5084 [ 15530639789C990827E594344EACC465 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
16:47:02.0838 5084 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
16:47:02.0854 5084 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
16:47:02.0854 5084 C:\Windows\SysWOW64\wsock32.dll - ok
16:47:02.0854 5084 [ 32D78DCABFB942275E01363D5232C77D ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
16:47:02.0854 5084 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll - ok
16:47:02.0869 5084 [ 3BDE52411DF2FE4252C9289F51CB0F7E ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
16:47:02.0869 5084 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
16:47:02.0885 5084 [ 9ABB7CDAC0914579C86990048771B1B4 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
16:47:02.0885 5084 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll - ok
16:47:02.0885 5084 [ D47913F993A0E3A0C9F1E88FD02E98C6 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
16:47:02.0885 5084 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
16:47:02.0900 5084 [ 43A0A24CD12B110DC93462D6B035C961 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
16:47:02.0900 5084 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll - ok
16:47:02.0900 5084 [ BA02F01BE7ED88E8974C798ACB3075F5 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
16:47:02.0900 5084 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll - ok
16:47:02.0916 5084 [ 3B7D8EAE5E44CBDA4CD772720594F116 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
16:47:02.0916 5084 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
16:47:02.0916 5084 [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\SysWOW64\wtsapi32.dll
16:47:02.0916 5084 C:\Windows\SysWOW64\wtsapi32.dll - ok
16:47:02.0932 5084 [ 062373995EAE5F0EAC9EAA9192136BFB ] C:\Windows\SysWOW64\dnssd.dll
16:47:02.0932 5084 C:\Windows\SysWOW64\dnssd.dll - ok
16:47:02.0947 5084 [ 6163664C7E9CD110AF70180C126C3FDC ] C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
16:47:02.0947 5084 C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe - ok
16:47:02.0947 5084 [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll
16:47:02.0947 5084 C:\Windows\SysWOW64\mswsock.dll - ok
16:47:02.0963 5084 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
16:47:02.0963 5084 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
16:47:02.0963 5084 [ 7E20A64BE39B4CDEC65C939B653133E4 ] C:\Program Files (x86)\BitKinex\bitkinexsvc.exe
16:47:02.0963 5084 C:\Program Files (x86)\BitKinex\bitkinexsvc.exe - ok
16:47:02.0978 5084 [ 954FB21E456CCED3A86D1AA6CF1C3F7A ] C:\Program Files (x86)\BitKinex\bdstd.dll
16:47:02.0978 5084 C:\Program Files (x86)\BitKinex\bdstd.dll - ok
16:47:02.0994 5084 [ B0BF87F9E247BB0621BCE59EB8CD113F ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll
16:47:02.0994 5084 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
16:47:02.0994 5084 [ 44465367256D1C72B58F5ABAA19E7016 ] C:\Windows\SysWOW64\wininet.dll
16:47:02.0994 5084 C:\Windows\SysWOW64\wininet.dll - ok
16:47:03.0010 5084 [ E2C48CD0132D4D1DC7D0DF9A6BEF686A ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll
16:47:03.0010 5084 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll - ok
16:47:03.0010 5084 [ 1341915D4705A3BA68BC49E83024ADE0 ] C:\Windows\SysWOW64\iertutil.dll
16:47:03.0010 5084 C:\Windows\SysWOW64\iertutil.dll - ok
16:47:03.0025 5084 [ 6CB7291EC99C6BD5E9FF8D1DF6774E4A ] C:\Program Files (x86)\BitKinex\ssleay32.dll
16:47:03.0025 5084 C:\Program Files (x86)\BitKinex\ssleay32.dll - ok
16:47:03.0025 5084 [ 4C162B2A8E175F46DB41B21C77688221 ] C:\Windows\SysWOW64\urlmon.dll
16:47:03.0025 5084 C:\Windows\SysWOW64\urlmon.dll - ok
16:47:03.0041 5084 [ 58B61578D5704E9FC8B8A9861A85069D ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
16:47:03.0041 5084 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll - ok
16:47:03.0056 5084 [ B2996EB944BBB3732AC5FBAA3F69FA64 ] C:\Program Files (x86)\BitKinex\libeay32.dll
16:47:03.0056 5084 C:\Program Files (x86)\BitKinex\libeay32.dll - ok
16:47:03.0056 5084 [ 2636D89DD50F5023D7E326C60426AB38 ] C:\Program Files (x86)\BitKinex\xerces-c_3_1.dll
16:47:03.0056 5084 C:\Program Files (x86)\BitKinex\xerces-c_3_1.dll - ok
16:47:03.0072 5084 [ D612F0C05A3EA2095823AC35000FB62A ] C:\Program Files (x86)\BitKinex\zlib1.dll
16:47:03.0072 5084 C:\Program Files (x86)\BitKinex\zlib1.dll - ok
16:47:03.0072 5084 [ DBAB9599AF12471E2C8571A17E1DF8CE ] C:\Program Files (x86)\BitKinex\libtidy.dll
16:47:03.0072 5084 C:\Program Files (x86)\BitKinex\libtidy.dll - ok
16:47:03.0088 5084 [ 5ECA326DD2C00CB602E1A22BCEB0CDB3 ] C:\Program Files (x86)\BitKinex\python26.dll
16:47:03.0088 5084 C:\Program Files (x86)\BitKinex\python26.dll - ok
16:47:03.0103 5084 [ 28A09777D2D952122567A8A82F1A2C7B ] C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll
16:47:03.0103 5084 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll - ok
16:47:03.0103 5084 [ AF54247F97CCF3539DE7505C09972FF9 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll
16:47:03.0103 5084 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
16:47:03.0119 5084 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] C:\Program Files\Bonjour\mDNSResponder.exe
16:47:03.0119 5084 C:\Program Files\Bonjour\mDNSResponder.exe - ok
16:47:03.0119 5084 [ 8A1CBAE63FC06EDAEDCCE1B23E9C9267 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
16:47:03.0119 5084 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
16:47:03.0134 5084 [ D65AA164ACD0F6706DBCFBBCC9731584 ] C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
16:47:03.0134 5084 C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe - ok
16:47:03.0134 5084 [ 15597883FBE9B056F276ADA3AD87D9AF ] C:\Windows\System32\cryptsvc.dll
16:47:03.0134 5084 C:\Windows\System32\cryptsvc.dll - ok
16:47:03.0150 5084 [ C3C8D359D1FCB72941F75F8A302BFBDE ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
16:47:03.0150 5084 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll - ok
16:47:03.0150 5084 [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
16:47:03.0150 5084 C:\Windows\System32\vssapi.dll - ok
16:47:03.0166 5084 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
16:47:03.0166 5084 C:\Windows\System32\vsstrace.dll - ok
16:47:03.0181 5084 [ 7D0E72093E72B8045D44DEB9384F811E ] C:\Program Files\Lenovo\Bluetooth Software\btins.dll
16:47:03.0181 5084 C:\Program Files\Lenovo\Bluetooth Software\btins.dll - ok
16:47:03.0181 5084 [ FAFAE01E889DC9C05A6CA2138CFC220B ] C:\Windows\System32\tapi32.dll
16:47:03.0181 5084 C:\Windows\System32\tapi32.dll - ok
16:47:03.0197 5084 [ 66257CB4E4FB69887CDDC71663741435 ] C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
16:47:03.0197 5084 C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe - ok
16:47:03.0197 5084 [ B7E663FF6F235820BCA06BA925335AE3 ] C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
16:47:03.0197 5084 C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll - ok
16:47:03.0212 5084 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll
16:47:03.0212 5084 C:\Windows\SysWOW64\rasapi32.dll - ok
16:47:03.0212 5084 [ 038DD7E35A7C8C89623A40E75ABC1FF6 ] C:\Program Files\Lenovo\Bluetooth Software\btwprofpack.dll
16:47:03.0212 5084 C:\Program Files\Lenovo\Bluetooth Software\btwprofpack.dll - ok
16:47:03.0228 5084 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll
16:47:03.0228 5084 C:\Windows\SysWOW64\rasman.dll - ok
16:47:03.0244 5084 [ 126B75D50756FE204283D418AE1A66DF ] C:\Windows\SysWOW64\msvcirt.dll
16:47:03.0244 5084 C:\Windows\SysWOW64\msvcirt.dll - ok
16:47:03.0244 5084 [ 46A6BA9274D075A2C30025C4E96D875A ] C:\Windows\SysWOW64\msvcp60.dll
16:47:03.0244 5084 C:\Windows\SysWOW64\msvcp60.dll - ok
16:47:03.0259 5084 [ DC6612A9EE015A36BA2A27BC9CC12537 ] C:\Windows\SysWOW64\mfc42.dll
16:47:03.0259 5084 C:\Windows\SysWOW64\mfc42.dll - ok
16:47:03.0259 5084 [ 7D34AF98A706230CC2DEDFE0CABF87AB ] C:\Windows\SysWOW64\odbc32.dll
16:47:03.0259 5084 C:\Windows\SysWOW64\odbc32.dll - ok
16:47:03.0275 5084 [ ABA457BFC7EC0B5E130B2F1E0F549DFF ] C:\Windows\SysWOW64\odbcint.dll
16:47:03.0275 5084 C:\Windows\SysWOW64\odbcint.dll - ok
16:47:03.0290 5084 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
16:47:03.0290 5084 C:\Windows\SysWOW64\dhcpcsvc.dll - ok
16:47:03.0290 5084 [ 29CA5974FAB0E8AE4AA7814FE05CF832 ] C:\Windows\SysWOW64\dhcpcsvc6.dll
16:47:03.0290 5084 C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
16:47:03.0306 5084 [ 74C1305F6F784A725B0A40D693FF4A09 ] C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
16:47:03.0306 5084 C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe - ok
16:47:03.0306 5084 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] C:\Windows\System32\dps.dll
16:47:03.0306 5084 C:\Windows\System32\dps.dll - ok
16:47:03.0322 5084 [ 196CBA45EED37C389D809397B99E4515 ] C:\Program Files (x86)\Motorola Media Link\Lite\LiveupdateTactics.dll
16:47:03.0322 5084 C:\Program Files (x86)\Motorola Media Link\Lite\LiveupdateTactics.dll - ok
16:47:03.0337 5084 [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
16:47:03.0337 5084 C:\Windows\System32\taskschd.dll - ok
16:47:03.0337 5084 [ 1FF6FFD63C2C4EC9CC145F18DA52AEE4 ] C:\Program Files (x86)\Motorola Media Link\Lite\NFileMonitorInServices.dll
16:47:03.0337 5084 C:\Program Files (x86)\Motorola Media Link\Lite\NFileMonitorInServices.dll - ok
16:47:03.0353 5084 [ 5538EED60DC1BC13E9E534D067CC0F40 ] C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
16:47:03.0353 5084 C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe - ok
16:47:03.0353 5084 [ 01FC826783621B0367A753DE19DB0A05 ] C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll
16:47:03.0353 5084 C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll - ok
16:47:03.0368 5084 [ 927FE9F7E8C694350E2410DF9FC6EB52 ] C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll
16:47:03.0368 5084 C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll - ok
16:47:03.0368 5084 [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\SysWOW64\dbghelp.dll
16:47:03.0368 5084 C:\Windows\SysWOW64\dbghelp.dll - ok
16:47:03.0384 5084 [ E8E2E03DCB3BDD87B86F0CD03B31546D ] C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll
16:47:03.0384 5084 C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll - ok
16:47:03.0400 5084 [ 0EF1046F1EB68ECCB4538292CDB4FFAE ] C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll
16:47:03.0400 5084 C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll - ok
16:47:03.0400 5084 [ FCD84C381E0140AF901E58D48882D26B ] C:\Windows\System32\IKEEXT.DLL
16:47:03.0400 5084 C:\Windows\System32\IKEEXT.DLL - ok
16:47:03.0415 5084 [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\SysWOW64\winsta.dll
16:47:03.0415 5084 C:\Windows\SysWOW64\winsta.dll - ok
16:47:03.0415 5084 [ C9AA80DE3EB495CDC5D46977A5D95C82 ] C:\PenExe\TcWS\Ver6.2.0\Bin\LCD.exe
16:47:03.0415 5084 C:\PenExe\TcWS\Ver6.2.0\Bin\LCD.exe - ok
16:47:03.0431 5084 [ 99DDB0177459D938E79BB1DA3B7D016B ] C:\Program Files (x86)\Motorola Media Link\Lite\NITuneMonitor.dll
16:47:03.0431 5084 C:\Program Files (x86)\Motorola Media Link\Lite\NITuneMonitor.dll - ok
16:47:03.0431 5084 [ 0CB5737DE7C3DA7A0EEC5DC6A53F356B ] C:\PenExe\TcWS\Ver6.2.0\Bin\StrDataCvt.dll
16:47:03.0431 5084 C:\PenExe\TcWS\Ver6.2.0\Bin\StrDataCvt.dll - ok
16:47:03.0446 5084 [ 77B5035BC6EDF4D1B6265391AECEE4C0 ] C:\Windows\System32\vpnikeapi.dll
16:47:03.0446 5084 C:\Windows\System32\vpnikeapi.dll - ok
16:47:03.0446 5084 [ 449562FACA27C6A1A14C52A5CDB0330A ] C:\Program Files (x86)\Motorola Media Link\Lite\NInstallerHelper.dll
16:47:03.0446 5084 C:\Program Files (x86)\Motorola Media Link\Lite\NInstallerHelper.dll - ok
16:47:03.0462 5084 [ 549C2D37BE64E161C139E9FE1A472042 ] C:\PenExe\TcWS\Ver6.2.0\Bin\pnwlib.dll
16:47:03.0462 5084 C:\PenExe\TcWS\Ver6.2.0\Bin\pnwlib.dll - ok
16:47:03.0478 5084 [ 316216C32A59A798CADD841DF23CECD9 ] C:\PenExe\TcWS\Ver6.2.0\Bin\ResMgr.dll
16:47:03.0478 5084 C:\PenExe\TcWS\Ver6.2.0\Bin\ResMgr.dll - ok
16:47:03.0478 5084 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
16:47:03.0478 5084 C:\Windows\SysWOW64\mpr.dll - ok
16:47:03.0493 5084 [ ED4CFFF756A22AD674898B4B7719DBE2 ] C:\PenExe\TcWS\Ver6.2.0\Bin\VersionDLL.dll
16:47:03.0493 5084 C:\PenExe\TcWS\Ver6.2.0\Bin\VersionDLL.dll - ok
16:47:03.0493 5084 [ 1D2B3ECE8885287700A39B142C1B8CF4 ] C:\PenExe\TcWS\Ver6.2.0\Bin\ExceptionDump.dll
16:47:03.0493 5084 C:\PenExe\TcWS\Ver6.2.0\Bin\ExceptionDump.dll - ok
16:47:03.0509 5084 [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\SysWOW64\imagehlp.dll
16:47:03.0509 5084 C:\Windows\SysWOW64\imagehlp.dll - ok
16:47:03.0524 5084 [ 33C544554FFE92251AAE5750C9B8F718 ] C:\PenExe\TcWS\Ver6.2.0\Bin\pnwrpc.dll
16:47:03.0524 5084 C:\PenExe\TcWS\Ver6.2.0\Bin\pnwrpc.dll - ok
16:47:03.0524 5084 [ 33C0DFC29012C1AB9551D40B95615135 ] C:\PenExe\TcWS\Ver6.2.0\Bin\NTSecurity.dll
16:47:03.0524 5084 C:\PenExe\TcWS\Ver6.2.0\Bin\NTSecurity.dll - ok
16:47:03.0540 5084 [ 181327E2E4CC773C61EA254B21A086D2 ] C:\PenExe\TcWS\Ver6.2.0\Bin\NTService.dll
16:47:03.0540 5084 C:\PenExe\TcWS\Ver6.2.0\Bin\NTService.dll - ok
16:47:03.0540 5084 [ 942B036E5B9AC3ABBD3F6E325DE2D1A9 ] C:\PenExe\TcWS\Ver6.2.0\Bin\lms_client.dll
16:47:03.0540 5084 C:\PenExe\TcWS\Ver6.2.0\Bin\lms_client.dll - ok
16:47:03.0556 5084 [ 522879118436C6E74AF1B8CF8795506C ] C:\PenExe\TcWS\Ver6.2.0\Bin\lms_pak.dll
16:47:03.0556 5084 C:\PenExe\TcWS\Ver6.2.0\Bin\lms_pak.dll - ok
16:47:03.0556 5084 [ 0A8C8715AD3C708C1D25EF989356DAFD ] C:\PenExe\TcWS\Ver6.2.0\Bin\sysconf.dll
16:47:03.0556 5084 C:\PenExe\TcWS\Ver6.2.0\Bin\sysconf.dll - ok
16:47:03.0571 5084 [ 2D09D99F27ED5D084DCA0A781D74ACBF ] C:\PenExe\TcWS\Ver6.2.0\Bin\tcdata.dll
16:47:03.0571 5084 C:\PenExe\TcWS\Ver6.2.0\Bin\tcdata.dll - ok
16:47:03.0587 5084 [ B1A1DEF896DEF835C19EC1FDD6B79F1F ] C:\PenExe\TcWS\Ver6.2.0\Bin\tcfile.dll
16:47:03.0587 5084 C:\PenExe\TcWS\Ver6.2.0\Bin\tcfile.dll - ok
16:47:03.0587 5084 [ 222CF4B498AB92B300D7E6A57F6A848E ] C:\PenExe\TcWS\Ver6.2.0\Bin\mcs_client.dll
16:47:03.0587 5084 C:\PenExe\TcWS\Ver6.2.0\Bin\mcs_client.dll - ok
16:47:03.0602 5084 [ 22FB92FAE0DAD1C66A9CFA0078FB40DB ] C:\PenExe\TcWS\Ver6.2.0\Bin\cam_client.dll
16:47:03.0602 5084 C:\PenExe\TcWS\Ver6.2.0\Bin\cam_client.dll - ok
16:47:03.0602 5084 [ B8A31170523DFE10BA4011212BBB675B ] C:\PenExe\TcWS\Ver6.2.0\Bin\tcutil.dll
16:47:03.0602 5084 C:\PenExe\TcWS\Ver6.2.0\Bin\tcutil.dll - ok
16:47:03.0618 5084 [ E46288F688A9DB3CED1C2C307013DFCA ] C:\PenExe\TcWS\Ver6.2.0\Bin\tcmsg.dll
16:47:03.0618 5084 C:\PenExe\TcWS\Ver6.2.0\Bin\tcmsg.dll - ok
16:47:03.0618 5084 [ 801B69E11CA7DF028464908EBD979752 ] C:\PenExe\TcWS\Ver6.2.0\Bin\aqm_client.dll
16:47:03.0618 5084 C:\PenExe\TcWS\Ver6.2.0\Bin\aqm_client.dll - ok
16:47:03.0634 5084 [ 2016A0EB00DEEB13275CA7C02A22A992 ] C:\PenExe\TcWS\Ver6.2.0\Bin\acq_rpc_client.dll
16:47:03.0634 5084 C:\PenExe\TcWS\Ver6.2.0\Bin\acq_rpc_client.dll - ok
16:47:03.0649 5084 [ 8EA53101FF2B15BDFF934B62A8FB326D ] C:\Windows\SysWOW64\logoncli.dll
16:47:03.0649 5084 C:\Windows\SysWOW64\logoncli.dll - ok
16:47:03.0649 5084 [ 0D8C5DF2295E0E7F2CFE07CEBA697A6E ] C:\Program Files (x86)\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
16:47:03.0649 5084 C:\Program Files (x86)\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll - ok
16:47:03.0665 5084 [ D6692338B985D4A0CA52B828314D897D ] C:\Windows\SysWOW64\drprov.dll
16:47:03.0665 5084 C:\Windows\SysWOW64\drprov.dll - ok
16:47:03.0665 5084 [ D7B7159BC8374E87D8C45A30377A3440 ] C:\Windows\SysWOW64\ntlanman.dll
16:47:03.0665 5084 C:\Windows\SysWOW64\ntlanman.dll - ok
16:47:03.0680 5084 [ 284B59D7B56FC76C80E622AB856B1FAB ] C:\Windows\SysWOW64\davclnt.dll
16:47:03.0680 5084 C:\Windows\SysWOW64\davclnt.dll - ok
16:47:03.0680 5084 [ 179BECE8D1A4C488DDB7191FF9BE3FB0 ] C:\Windows\SysWOW64\davhlpr.dll
16:47:03.0680 5084 C:\Windows\SysWOW64\davhlpr.dll - ok
16:47:03.0696 5084 [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\SysWOW64\cscapi.dll
16:47:03.0696 5084 C:\Windows\SysWOW64\cscapi.dll - ok
16:47:03.0696 5084 [ EFF36A3C9F6A2AEDDA0F86F4EBB8F65F ] C:\PenExe\TcWS\Ver6.2.0\Bin\PnwGresENU.dll
16:47:03.0696 5084 C:\PenExe\TcWS\Ver6.2.0\Bin\PnwGresENU.dll - ok
16:47:03.0712 5084 [ 7CF1B716372B89568AE4C0FE769F5869 ] C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
16:47:03.0712 5084 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe - ok
16:47:03.0727 5084 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\SysWOW64\apphelp.dll
16:47:03.0727 5084 C:\Windows\SysWOW64\apphelp.dll - ok
16:47:03.0727 5084 [ 6D7DE520D8AA80A243347BECD401EB54 ] C:\Windows\AppPatch\acwow64.dll
16:47:03.0727 5084 C:\Windows\AppPatch\acwow64.dll - ok
16:47:03.0743 5084 [ BEC27CF5564827EAB7F08C98EE55B1CC ] C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\pdm.dll
16:47:03.0743 5084 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\pdm.dll - ok
16:47:03.0743 5084 [ 2F1C2B887327CECA18C04041EDDD8F20 ] C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\msdbg2.dll
16:47:03.0743 5084 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\msdbg2.dll - ok
16:47:03.0758 5084 [ 9DFD34E6841C460B5D992A1C5327AE69 ] C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
16:47:03.0758 5084 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe - ok
16:47:03.0774 5084 [ B990CB9E77E4A0A41281B263C055DFC8 ] C:\Program Files (x86)\Motorola\MotoHelper\PST.dll
16:47:03.0774 5084 C:\Program Files (x86)\Motorola\MotoHelper\PST.dll - ok
16:47:03.0774 5084 [ 1F5AFD468EB5E09E9ED75A087529EAB5 ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll
16:47:03.0774 5084 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll - ok
16:47:03.0790 5084 [ 69678722290C78D5D7198C60B5A4E3E8 ] C:\Windows\SysWOW64\secur32.dll
16:47:03.0790 5084 C:\Windows\SysWOW64\secur32.dll - ok
16:47:03.0790 5084 [ 2708DFE5E9ADFC94E56DAEA76DDE614D ] C:\Program Files (x86)\Motorola\Moto Helper Service\MotoHelper.exe
16:47:03.0790 5084 C:\Program Files (x86)\Motorola\Moto Helper Service\MotoHelper.exe - ok
16:47:03.0805 5084 [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\SysWOW64\mscoree.dll
16:47:03.0805 5084 C:\Windows\SysWOW64\mscoree.dll - ok
16:47:03.0821 5084 [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
16:47:03.0821 5084 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
16:47:03.0821 5084 [ 4552F8F61A7975C2359D19673483604D ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
16:47:03.0821 5084 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
16:47:03.0836 5084 [ C2335D714EFAFFFB4C7A3C164F2024B1 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
16:47:03.0836 5084 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll - ok
16:47:03.0836 5084 [ 75BCC4043512E41D83C8F224B168039C ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
16:47:03.0836 5084 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
16:47:03.0852 5084 [ 26A68554F95A344B62E5771AF598E0E8 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
16:47:03.0852 5084 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll - ok
16:47:03.0868 5084 [ 68B1CED7C49F20C35947309D13149487 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5abddd1112204bd1e3347be519eaa28f\System.ServiceProcess.ni.dll
16:47:03.0868 5084 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5abddd1112204bd1e3347be519eaa28f\System.ServiceProcess.ni.dll - ok
16:47:03.0868 5084 [ 609784D09E4B57E8DFA5507482B70E58 ] C:\Program Files (x86)\Motorola\Moto Helper Service\Listener.exe
16:47:03.0868 5084 C:\Program Files (x86)\Motorola\Moto Helper Service\Listener.exe - ok
16:47:03.0883 5084 [ 54819FC5C79E4B2C6E896F9DE440494D ] C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
16:47:03.0883 5084 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe - ok
16:47:03.0883 5084 [ A0617B5753E31126AD29C03154F4F329 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
16:47:03.0883 5084 C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok
16:47:03.0899 5084 [ A4EE689ED27DF3BF89C0855D274876E2 ] C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msfte.dll
16:47:03.0899 5084 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msfte.dll - ok
16:47:03.0914 5084 [ 288A3127F85C9416E9A3FD07EDAEDCBD ] C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\DBGHELP.DLL
16:47:03.0914 5084 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\DBGHELP.DLL - ok
16:47:03.0914 5084 [ 7B46A076184B73AEDC1A66A71D9131E8 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
16:47:03.0914 5084 C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll - ok
16:47:03.0930 5084 [ 893C44082C97F7AED3E7C180FA1F93D8 ] C:\Windows\System32\mpnotify.exe
16:47:03.0930 5084 C:\Windows\System32\mpnotify.exe - ok
16:47:03.0930 5084 [ 837608240884733792DDAE81E50B802A ] C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
16:47:03.0930 5084 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe - ok
16:47:03.0946 5084 [ D6D4130C0BBC0D18C2DA703CC38260A9 ] C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlos.dll
16:47:03.0946 5084 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlos.dll - ok
16:47:03.0961 5084 [ E111CED19D6A9FF9BBA5C219D0C5A3CE ] C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\opends60.dll
16:47:03.0961 5084 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\opends60.dll - ok
16:47:03.0961 5084 [ 7B193BA3F0245D5867B71AD1CF631474 ] C:\Program Files (x86)\Microsoft SQL Server\90\Shared\instapi.dll
16:47:03.0961 5084 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\instapi.dll - ok
16:47:03.0977 5084 [ 1AF54261C283BAFB021B3D84A7BAE978 ] C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLBOOT.dll
16:47:03.0977 5084 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLBOOT.dll - ok
16:47:03.0977 5084 [ 1EE99A89CC788ADA662441D1E9830529 ] C:\Windows\System32\nlasvc.dll
16:47:03.0977 5084 C:\Windows\System32\nlasvc.dll - ok
16:47:03.0992 5084 [ 4A435F95B940E93A88FEC144BD409789 ] C:\Windows\System32\ncsi.dll
16:47:03.0992 5084 C:\Windows\System32\ncsi.dll - ok
16:47:04.0008 5084 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
16:47:04.0008 5084 C:\Windows\System32\netman.dll - ok
16:47:04.0008 5084 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
16:47:04.0008 5084 C:\Windows\System32\drivers\PEAuth.sys - ok
16:47:04.0024 5084 [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
16:47:04.0024 5084 C:\Windows\System32\winhttp.dll - ok
16:47:04.0024 5084 [ 247FE8DEFBB95A4319C7B4B215F92891 ] C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\Resources\1033\sqlevn70.rll
16:47:04.0024 5084 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\Resources\1033\sqlevn70.rll - ok
16:47:04.0039 5084 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
16:47:04.0039 5084 C:\Windows\System32\aepic.dll - ok
16:47:04.0055 5084 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
16:47:04.0055 5084 C:\Windows\System32\sfc.dll - ok
16:47:04.0055 5084 [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
16:47:04.0055 5084 C:\Windows\System32\webio.dll - ok
16:47:04.0070 5084 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
16:47:04.0070 5084 C:\Windows\System32\sfc_os.dll - ok
16:47:04.0070 5084 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
16:47:04.0070 5084 C:\Windows\System32\mpr.dll - ok
16:47:04.0086 5084 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
16:47:04.0086 5084 C:\Windows\System32\ssdpapi.dll - ok
16:47:04.0102 5084 [ 291223D3BBDE7E80ED1A604BEEDD8961 ] C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
16:47:04.0102 5084 C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll - ok
16:47:04.0102 5084 [ F485770EEC8959684CC4C4786B63C06C ] C:\Windows\System32\HPZIPM12.DLL
16:47:04.0102 5084 C:\Windows\System32\HPZIPM12.DLL - ok
16:47:04.0117 5084 [ E36112A8A6C7F840169A7E92C12F4203 ] C:\Windows\System32\wsock32.dll
16:47:04.0117 5084 C:\Windows\System32\wsock32.dll - ok
16:47:04.0117 5084 [ F12A68ED55053940CADD59CA5E3468DD ] C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
16:47:04.0117 5084 C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe - ok
16:47:04.0133 5084 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] C:\Windows\System32\IPSECSVC.DLL
16:47:04.0133 5084 C:\Windows\System32\IPSECSVC.DLL - ok
16:47:04.0148 5084 [ 9BC93C9ACFA34DB5A41B89357B31E4ED ] C:\Windows\System32\FwRemoteSvr.dll
16:47:04.0148 5084 C:\Windows\System32\FwRemoteSvr.dll - ok
16:47:04.0148 5084 [ BD57B12FA4C21B1CE7DA3570410BF12D ] C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
16:47:04.0148 5084 C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe - ok
16:47:04.0164 5084 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
16:47:04.0164 5084 C:\Windows\System32\drivers\secdrv.sys - ok
16:47:04.0180 5084 [ 8ED9C992A106C2F8C6E6A1C80AE5D86D ] C:\PROGRA~2\Sophos\SOPHOS~1\WSCClient.exe
16:47:04.0180 5084 C:\PROGRA~2\Sophos\SOPHOS~1\WSCClient.exe - ok
16:47:04.0180 5084 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
16:47:04.0180 5084 C:\Windows\System32\aeevts.dll - ok
16:47:04.0195 5084 [ BC617A4E1B4FA8DF523A061739A0BD87 ] C:\Windows\System32\seclogon.dll
16:47:04.0195 5084 C:\Windows\System32\seclogon.dll - ok
16:47:04.0195 5084 [ B5774835A13B5ED31378AABD07746262 ] C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
16:47:04.0195 5084 C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe - ok
16:47:04.0211 5084 [ A94DC60A90EFD7A35C36D971E3EE7470 ] C:\Program Files (x86)\Sophos\AutoUpdate\msvcp71.dll
16:47:04.0211 5084 C:\Program Files (x86)\Sophos\AutoUpdate\msvcp71.dll - ok
16:47:04.0226 5084 [ B84E2D174DC84916A536572BB8F691A8 ] C:\Windows\System32\wscisvif.dll
16:47:04.0226 5084 C:\Windows\System32\wscisvif.dll - ok
16:47:04.0226 5084 [ CA2F560921B7B8BE1CF555A5A18D54C3 ] C:\Program Files (x86)\Sophos\AutoUpdate\msvcr71.dll
16:47:04.0226 5084 C:\Program Files (x86)\Sophos\AutoUpdate\msvcr71.dll - ok
16:47:04.0242 5084 [ 218A400108F280428FA22282D3268BBC ] C:\Windows\System32\wscapi.dll
16:47:04.0242 5084 C:\Windows\System32\wscapi.dll - ok
16:47:04.0258 5084 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
16:47:04.0258 5084 C:\Windows\System32\dllhost.exe - ok
16:47:04.0258 5084 [ 9C17DCD6DDFEB1A012544FAF4F2789F6 ] C:\Windows\AppPatch\AcGenral.dll
16:47:04.0258 5084 C:\Windows\AppPatch\AcGenral.dll - ok
16:47:04.0273 5084 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\SysWOW64\wbem\wbemprox.dll
16:47:04.0273 5084 C:\Windows\SysWOW64\wbem\wbemprox.dll - ok
16:47:04.0273 5084 [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\SysWOW64\wbemcomn.dll
16:47:04.0273 5084 C:\Windows\SysWOW64\wbemcomn.dll - ok
16:47:04.0289 5084 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
16:47:04.0289 5084 C:\Windows\SysWOW64\uxtheme.dll - ok
16:47:04.0304 5084 [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\SysWOW64\msacm32.dll
16:47:04.0304 5084 C:\Windows\SysWOW64\msacm32.dll - ok
16:47:04.0304 5084 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
16:47:04.0304 5084 C:\Windows\SysWOW64\sfc.dll - ok
16:47:04.0320 5084 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
16:47:04.0320 5084 C:\Windows\SysWOW64\sfc_os.dll - ok
16:47:04.0320 5084 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
16:47:04.0320 5084 C:\Windows\SysWOW64\dwmapi.dll - ok
16:47:04.0336 5084 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
16:47:04.0336 5084 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
16:47:04.0336 5084 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
16:47:04.0336 5084 C:\Windows\System32\IDStore.dll - ok
16:47:04.0351 5084 [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe
16:47:04.0351 5084 C:\Windows\System32\AtBroker.exe - ok
16:47:04.0367 5084 [ 517110BD83835338C037269E603DB55D ] C:\Windows\System32\taskhost.exe
16:47:04.0367 5084 C:\Windows\System32\taskhost.exe - ok
16:47:04.0367 5084 [ 45760EECC8B74B251171BE4F247F17CB ] C:\Windows\SysWOW64\browcli.dll
16:47:04.0367 5084 C:\Windows\SysWOW64\browcli.dll - ok
16:47:04.0382 5084 [ FB4EB9352B7D698E6B3C2AA2ED724DAD ] C:\Windows\SysWOW64\authz.dll
16:47:04.0382 5084 C:\Windows\SysWOW64\authz.dll - ok
16:47:04.0382 5084 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
16:47:04.0382 5084 C:\Windows\SysWOW64\bcrypt.dll - ok
16:47:04.0398 5084 [ 5F639198C4137075DA50E61C23963C11 ] C:\Windows\System32\drprov.dll
16:47:04.0398 5084 C:\Windows\System32\drprov.dll - ok
16:47:04.0398 5084 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
16:47:04.0398 5084 C:\Windows\SysWOW64\credssp.dll - ok
16:47:04.0414 5084 [ BC566D17914B07ABAAB3A5A385CC3300 ] C:\Windows\System32\ntlanman.dll
16:47:04.0414 5084 C:\Windows\System32\ntlanman.dll - ok
16:47:04.0414 5084 [ B3A33600DCDFB84D7FBE09ADEB1C9B8A ] C:\Windows\System32\davclnt.dll
16:47:04.0429 5084 C:\Windows\System32\davclnt.dll - ok
16:47:04.0429 5084 [ 45B24A357C801CE62052FE0CDC8BD4D2 ] C:\Windows\System32\davhlpr.dll
16:47:04.0429 5084 C:\Windows\System32\davhlpr.dll - ok
16:47:04.0445 5084 [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
16:47:04.0445 5084 C:\Windows\System32\cscapi.dll - ok
16:47:04.0445 5084 [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
16:47:04.0445 5084 C:\Windows\System32\NapiNSP.dll - ok
16:47:04.0460 5084 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
16:47:04.0460 5084 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe - ok
16:47:04.0460 5084 [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
16:47:04.0460 5084 C:\Windows\System32\pnrpnsp.dll - ok
16:47:04.0476 5084 [ 4C1E16B9A53102C8D6FBA587CBCB95DE ] C:\Windows\SysWOW64\msv1_0.dll
16:47:04.0476 5084 C:\Windows\SysWOW64\msv1_0.dll - ok
16:47:04.0476 5084 [ 2F4348DC0D06A0EBA5F5C4CB435790C1 ] C:\Windows\SysWOW64\kerberos.dll
16:47:04.0476 5084 C:\Windows\SysWOW64\kerberos.dll - ok
16:47:04.0492 5084 [ 748849C42DEA24C723048E24BCA1BD55 ] C:\Windows\System32\wshbth.dll
16:47:04.0492 5084 C:\Windows\System32\wshbth.dll - ok
16:47:04.0492 5084 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
16:47:04.0492 5084 C:\Windows\System32\PlaySndSrv.dll - ok
16:47:04.0507 5084 [ BF000DAB9748F4E597D39A6521C854D4 ] C:\Program Files (x86)\Sophos\AutoUpdate\config.dll
16:47:04.0507 5084 C:\Program Files (x86)\Sophos\AutoUpdate\config.dll - ok
16:47:04.0523 5084 [ 1AFFB765AF1FDCC0C185C38E9DDDDAEE ] C:\Windows\SysWOW64\schannel.dll
16:47:04.0523 5084 C:\Windows\SysWOW64\schannel.dll - ok
16:47:04.0523 5084 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
16:47:04.0523 5084 C:\Windows\System32\MsCtfMonitor.dll - ok
16:47:04.0538 5084 [ 4F6E72B34ED3DC53DCC5E8708E60B61F ] C:\Windows\SysWOW64\security.dll
16:47:04.0538 5084 C:\Windows\SysWOW64\security.dll - ok
16:47:04.0538 5084 [ AA6957EE45DB8E5B65FB244DEAA4259D ] C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
16:47:04.0538 5084 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe - ok
16:47:04.0554 5084 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
16:47:04.0554 5084 C:\Windows\System32\msutb.dll - ok
16:47:04.0554 5084 [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
16:47:04.0554 5084 C:\Windows\System32\dssenh.dll - ok
16:47:04.0570 5084 [ 3C432A96363097870995E2A3C8B66ABD ] C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
16:47:04.0570 5084 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe - ok
16:47:04.0585 5084 [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
16:47:04.0585 5084 C:\Windows\System32\winrnr.dll - ok
16:47:04.0585 5084 [ 9BB99503D6A4DD62569EDE9E5E2672A5 ] C:\Windows\System32\HotStartUserAgent.dll
16:47:04.0585 5084 C:\Windows\System32\HotStartUserAgent.dll - ok
16:47:04.0601 5084 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
16:47:04.0601 5084 C:\Windows\SysWOW64\wship6.dll - ok
16:47:04.0616 5084 [ D8EB517679EB142F011D2FD56EE94C68 ] C:\Program Files\Microsoft SQL Server\90\Shared\sqlwvss.dll
16:47:04.0616 5084 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwvss.dll - ok
16:47:04.0616 5084 [ 89B89AE23491F5D4E338499A3D568269 ] C:\Windows\System32\localspl.dll
16:47:04.0616 5084 C:\Windows\System32\localspl.dll - ok
16:47:04.0632 5084 [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
16:47:04.0632 5084 C:\Windows\System32\spoolss.dll - ok
16:47:04.0632 5084 [ BCEA9AB347E53BC03B2E36BE0B8BA0EF ] C:\Windows\System32\httpapi.dll
16:47:04.0648 5084 C:\Windows\System32\httpapi.dll - ok
16:47:04.0648 5084 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] C:\Windows\System32\wiaservc.dll
16:47:04.0648 5084 C:\Windows\System32\wiaservc.dll - ok
16:47:04.0663 5084 [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5 ] C:\Windows\System32\wiatrace.dll
16:47:04.0663 5084 C:\Windows\System32\wiatrace.dll - ok
16:47:04.0663 5084 [ 65EA57712340C09B1B0C427B4848AE05 ] C:\Windows\System32\taskeng.exe
16:47:04.0663 5084 C:\Windows\System32\taskeng.exe - ok
16:47:04.0679 5084 [ C5AC93CF3BA30D367FB49148A2B673B9 ] C:\Windows\System32\PrintIsolationProxy.dll
16:47:04.0679 5084 C:\Windows\System32\PrintIsolationProxy.dll - ok
16:47:04.0679 5084 [ 89DE13F1046D1CA77B254A81E7A2CD81 ] C:\Windows\System32\AdobePDF.dll
16:47:04.0694 5084 C:\Windows\System32\AdobePDF.dll - ok
16:47:04.0694 5084 [ AA5CA4A5F87C1576FF550A0372B3ED84 ] C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
16:47:04.0694 5084 C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe - ok
16:47:04.0710 5084 [ A8704A10FFDE468F4AB18EBF82A9A86F ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcp80.dll
16:47:04.0710 5084 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcp80.dll - ok
16:47:04.0710 5084 [ 19E41CCCEE697CC9465396B370929792 ] C:\Windows\System32\FXSMON.dll
16:47:04.0710 5084 C:\Windows\System32\FXSMON.dll - ok
16:47:04.0726 5084 [ 8537E304DEE5F29E1BD2E7177FCB167F ] C:\Windows\System32\novamno5.dll
16:47:04.0726 5084 C:\Windows\System32\novamno5.dll - ok
16:47:04.0726 5084 [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll
16:47:04.0726 5084 C:\Windows\SysWOW64\dnsapi.dll - ok
16:47:04.0741 5084 [ 1658E808E4D4889C66DE47EC87F1DED1 ] C:\Windows\System32\msvcp60.dll
16:47:04.0741 5084 C:\Windows\System32\msvcp60.dll - ok
16:47:04.0741 5084 [ E16C433D8D23B08A40A664A9D8348649 ] C:\Windows\System32\hpz3lw72.dll
16:47:04.0741 5084 C:\Windows\System32\hpz3lw72.dll - ok
16:47:04.0757 5084 [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
16:47:04.0757 5084 C:\Windows\System32\tcpmon.dll - ok
16:47:04.0757 5084 [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
16:47:04.0757 5084 C:\Windows\System32\snmpapi.dll - ok
16:47:04.0772 5084 [ DF687E3D8836BFB04FCC0615BF15A519 ] C:\Windows\System32\drivers\tcpipreg.sys
16:47:04.0772 5084 C:\Windows\System32\drivers\tcpipreg.sys - ok
16:47:04.0788 5084 [ 4205CA4CD43E725DB9FF02B0A588A8C6 ] C:\Windows\SysWOW64\msxml3.dll
16:47:04.0788 5084 C:\Windows\SysWOW64\msxml3.dll - ok
16:47:04.0788 5084 [ FFF9D00CF16397C64317F213484F94BD ] C:\Windows\System32\wsnmp32.dll
16:47:04.0788 5084 C:\Windows\System32\wsnmp32.dll - ok
16:47:04.0804 5084 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] C:\Windows\System32\tapisrv.dll
16:47:04.0804 5084 C:\Windows\System32\tapisrv.dll - ok
16:47:04.0804 5084 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] C:\Windows\System32\sysmain.dll
16:47:04.0804 5084 C:\Windows\System32\sysmain.dll - ok
16:47:04.0819 5084 [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
16:47:04.0819 5084 C:\Windows\System32\usbmon.dll - ok
16:47:04.0819 5084 [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
16:47:04.0819 5084 C:\Windows\System32\WSDMon.dll - ok
16:47:04.0835 5084 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
16:47:04.0835 5084 C:\Windows\System32\wbem\WMIsvc.dll - ok
16:47:04.0850 5084 [ F1B205F932F62F94506A5F332C895DAF ] C:\Windows\System32\WSDApi.dll
16:47:04.0850 5084 C:\Windows\System32\WSDApi.dll - ok
16:47:04.0850 5084 [ CF318F60A84F15AF352439465A8D05F4 ] C:\Program Files\Windows Defender\MpSvc.dll
16:47:04.0850 5084 C:\Program Files\Windows Defender\MpSvc.dll - ok
16:47:04.0866 5084 [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
16:47:04.0866 5084 C:\Windows\System32\wbemcomn.dll - ok
16:47:04.0866 5084 [ ADF3E771F429940E762AC097F5A54EAF ] C:\Program Files\Windows Defender\MpClient.dll
16:47:04.0866 5084 C:\Program Files\Windows Defender\MpClient.dll - ok
16:47:04.0882 5084 [ C55516D98DD5D8F0153C2A9B4227DA86 ] C:\Windows\System32\webservices.dll
16:47:04.0882 5084 C:\Windows\System32\webservices.dll - ok
16:47:04.0897 5084 [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
16:47:04.0897 5084 C:\Windows\System32\trkwks.dll - ok
16:47:04.0897 5084 [ 805A52C5AE26C28E88FDD9BCCFE6F312 ] C:\Windows\System32\TSChannel.dll
16:47:04.0897 5084 C:\Windows\System32\TSChannel.dll - ok
16:47:04.0913 5084 [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
16:47:04.0913 5084 C:\Windows\System32\fundisc.dll - ok
16:47:04.0913 5084 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:47:04.0913 5084 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok
16:47:04.0928 5084 [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
16:47:04.0928 5084 C:\Windows\System32\fdPnp.dll - ok
16:47:04.0928 5084 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
16:47:04.0928 5084 C:\Windows\System32\wbem\WinMgmtR.dll - ok
16:47:04.0944 5084 [ 1D626FE2E13C1CE49CA0136CFF214E93 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
16:47:04.0944 5084 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
16:47:04.0960 5084 [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
16:47:04.0960 5084 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
16:47:04.0960 5084 [ 62FD1461C7C88D9927CAFF8FA827DAA8 ] C:\Windows\System32\spool\prtprocs\x64\hpzppw72.dll
16:47:04.0960 5084 C:\Windows\System32\spool\prtprocs\x64\hpzppw72.dll - ok
16:47:04.0975 5084 [ 8F1C949FD695C83C4E30C3BFC004C81F ] C:\Windows\System32\spool\prtprocs\x64\HPZPPWN7.DLL
16:47:04.0975 5084 C:\Windows\System32\spool\prtprocs\x64\HPZPPWN7.DLL - ok
16:47:04.0975 5084 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
16:47:04.0975 5084 C:\Windows\System32\wbem\fastprox.dll - ok
16:47:04.0991 5084 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
16:47:04.0991 5084 C:\Windows\System32\ntdsapi.dll - ok
16:47:04.0991 5084 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
16:47:04.0991 5084 C:\Windows\System32\wbem\wbemprox.dll - ok
16:47:05.0006 5084 [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
16:47:05.0006 5084 C:\Windows\System32\wbem\wbemcore.dll - ok
16:47:05.0006 5084 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
16:47:05.0006 5084 C:\Windows\System32\wbem\esscli.dll - ok
16:47:05.0022 5084 [ 2AC11BE0F5D9A01433732AAB8BA21774 ] C:\Windows\System32\win32spl.dll
16:47:05.0022 5084 C:\Windows\System32\win32spl.dll - ok
16:47:05.0038 5084 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
16:47:05.0038 5084 C:\Windows\System32\wbem\wbemsvc.dll - ok
16:47:05.0038 5084 [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:47:05.0038 5084 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - ok
16:47:05.0053 5084 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\SysWOW64\wbem\wbemsvc.dll
16:47:05.0053 5084 C:\Windows\SysWOW64\wbem\wbemsvc.dll - ok
16:47:05.0069 5084 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
16:47:05.0069 5084 C:\Windows\System32\wbem\wmiutils.dll - ok
16:47:05.0069 5084 [ 507D5567A0A4EE86C4B0CE2CE1777025 ] C:\Windows\System32\inetpp.dll
16:47:05.0069 5084 C:\Windows\System32\inetpp.dll - ok
16:47:05.0084 5084 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
16:47:05.0084 5084 C:\Windows\System32\wbem\repdrvfs.dll - ok
16:47:05.0084 5084 [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A ] C:\Windows\SysWOW64\wbem\fastprox.dll
16:47:05.0084 5084 C:\Windows\SysWOW64\wbem\fastprox.dll - ok
16:47:05.0100 5084 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\SysWOW64\ntdsapi.dll
16:47:05.0100 5084 C:\Windows\SysWOW64\ntdsapi.dll - ok
16:47:05.0100 5084 [ 1B0EC94520CAB89A9CE1B2DA405166AF ] C:\Windows\SysWOW64\p2pcollab.dll
16:47:05.0100 5084 C:\Windows\SysWOW64\p2pcollab.dll - ok
16:47:05.0116 5084 [ C20FF1A17726C357461A7AC5B3BFC3AD ] C:\Windows\SysWOW64\ncrypt.dll
16:47:05.0116 5084 C:\Windows\SysWOW64\ncrypt.dll - ok
16:47:05.0131 5084 [ 1737183424D10E716D4035C5CA2ECAB4 ] C:\Windows\System32\cryptnet.dll
16:47:05.0131 5084 C:\Windows\System32\cryptnet.dll - ok
16:47:05.0131 5084 [ 39C5FCF8AA3B83D79A0E853ECB38BF25 ] C:\Program Files (x86)\Google\Update\1.3.21.115\goopdate.dll
16:47:05.0131 5084 C:\Program Files (x86)\Google\Update\1.3.21.115\goopdate.dll - ok
16:47:05.0147 5084 [ 7DB1794A38AC456FFE04C97558381F43 ] C:\Windows\SysWOW64\sqlncli.dll
16:47:05.0147 5084 C:\Windows\SysWOW64\sqlncli.dll - ok
16:47:05.0147 5084 [ 5AC3CB53406CB9AABB25D46B3385528F ] C:\Windows\System32\spool\drivers\x64\3\unidrvui.dll
16:47:05.0147 5084 C:\Windows\System32\spool\drivers\x64\3\unidrvui.dll - ok
16:47:05.0162 5084 [ E81F5A2F6D52215C0E84F2849503EBA8 ] C:\Windows\System32\tcpmib.dll
16:47:05.0162 5084 C:\Windows\System32\tcpmib.dll - ok
16:47:05.0162 5084 [ 522B0466ED967A0762E9AF5B37D8F40A ] C:\Windows\System32\esent.dll
16:47:05.0162 5084 C:\Windows\System32\esent.dll - ok
16:47:05.0178 5084 [ EFEC3847B47CC9357D5C33BBAB59B7EB ] C:\Windows\System32\mgmtapi.dll
16:47:05.0178 5084 C:\Windows\System32\mgmtapi.dll - ok
16:47:05.0194 5084 [ 22F020C76E339EB2B2187BA73A7E4173 ] C:\Windows\System32\PrintIsolationHost.exe
16:47:05.0194 5084 C:\Windows\System32\PrintIsolationHost.exe - ok
16:47:05.0194 5084 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
16:47:05.0194 5084 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
16:47:05.0209 5084 [ 19E8E01FA6BFEDD71F92E2ADF3725D50 ] C:\Windows\SysWOW64\sqlnclir.rll
16:47:05.0209 5084 C:\Windows\SysWOW64\sqlnclir.rll - ok
16:47:05.0225 5084 [ 807B6562009E5858C93E1C0F435C0382 ] C:\Windows\SysWOW64\netbios.dll
16:47:05.0225 5084 C:\Windows\SysWOW64\netbios.dll - ok
16:47:05.0225 5084 [ 2C0A17AA3BBBC206699962857F5D4787 ] C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftepxy.dll
16:47:05.0225 5084 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftepxy.dll - ok
16:47:05.0240 5084 [ 93F29E6964BAEF31E53D203992B0AFD4 ] C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
16:47:05.0240 5084 C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe - ok
16:47:05.0256 5084 [ FE05D03B73000CFF476E1D29109F3A84 ] C:\Program Files\Windows Defender\MpEvMsg.dll
16:47:05.0256 5084 C:\Program Files\Windows Defender\MpEvMsg.dll - ok
16:47:05.0256 5084 [ ADE2BCD1FDE5C9669FCE1F4541AB46DD ] C:\Windows\System32\spool\drivers\x64\3\unidrv.dll
16:47:05.0256 5084 C:\Windows\System32\spool\drivers\x64\3\unidrv.dll - ok
16:47:05.0272 5084 [ C282F4A84FDA6EF4376996542F7A1249 ] C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
16:47:05.0272 5084 C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler64.exe - ok
16:47:05.0287 5084 [ C5A99A4C0DC9F0F5A95BA0C83D30A549 ] C:\Windows\SysWOW64\mstask.dll
16:47:05.0287 5084 C:\Windows\SysWOW64\mstask.dll - ok
16:47:05.0287 5084 [ 6797CEB7D07B09A0D79612657BCC6CCA ] C:\Windows\System32\spool\drivers\x64\3\HPZUIWN7.DLL
16:47:05.0287 5084 C:\Windows\System32\spool\drivers\x64\3\HPZUIWN7.DLL - ok
16:47:05.0303 5084 [ CDA59C183B3DB8CF35380836ADD74AAD ] C:\Windows\System32\compstui.dll
16:47:05.0303 5084 C:\Windows\System32\compstui.dll - ok
16:47:05.0318 5084 [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
16:47:05.0318 5084 C:\Windows\System32\msimg32.dll - ok
16:47:05.0318 5084 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
16:47:05.0318 5084 C:\Windows\System32\SensApi.dll - ok
16:47:05.0334 5084 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
16:47:05.0334 5084 C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok
16:47:05.0350 5084 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
16:47:05.0350 5084 C:\Windows\System32\wer.dll - ok
16:47:05.0350 5084 [ 0E899D0DB39617AA0B2F992E7E95B5EB ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
16:47:05.0350 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe - ok
16:47:05.0365 5084 [ 63DCDFFCBB7E41540F4D64CCED66536B ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
16:47:05.0365 5084 C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll - ok
16:47:05.0365 5084 [ 022B05CEE68D7826A93AEDB4F1EB369E ] C:\Windows\System32\msxml3.dll
16:47:05.0365 5084 C:\Windows\System32\msxml3.dll - ok
16:47:05.0381 5084 [ 5621D03ADC16EADE46D2242C39E1A99C ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ISDI.dll
16:47:05.0381 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ISDI.dll - ok
16:47:05.0396 5084 [ 70A176BF2ED362862944C371838262F8 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
16:47:05.0396 5084 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok
16:47:05.0396 5084 [ A34A587FFFD45FA649FBA6D03784D257 ] C:\Windows\System32\iphlpsvc.dll
16:47:05.0396 5084 C:\Windows\System32\iphlpsvc.dll - ok
16:47:05.0412 5084 [ 27B9E163740A226B65E4B9E186117911 ] C:\Windows\System32\sqmapi.dll
16:47:05.0412 5084 C:\Windows\System32\sqmapi.dll - ok
16:47:05.0428 5084 [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
16:47:05.0428 5084 C:\Windows\System32\wdscore.dll - ok
16:47:05.0428 5084 [ EE867A0870FC9E4972BA9EAAD35651E2 ] C:\Windows\System32\rasmans.dll
16:47:05.0428 5084 C:\Windows\System32\rasmans.dll - ok
16:47:05.0443 5084 [ 44C96B48112EB24AE7764EBF1C527000 ] C:\Windows\System32\rastapi.dll
16:47:05.0443 5084 C:\Windows\System32\rastapi.dll - ok
16:47:05.0443 5084 [ C6E1152DC27B6101C8D587806A77D889 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ARA\Shell_ARA.dll
16:47:05.0443 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ARA\Shell_ARA.dll - ok
16:47:05.0459 5084 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
16:47:05.0459 5084 C:\Windows\System32\hnetcfg.dll - ok
16:47:05.0474 5084 [ 98DB86E42FCC424B7E310ECDDA748423 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\CHS\Shell_CHS.dll
16:47:05.0474 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\CHS\Shell_CHS.dll - ok
16:47:05.0474 5084 [ D2A0FFA75AB181B19B5EB93BB29C7686 ] C:\Windows\System32\unimdm.tsp
16:47:05.0474 5084 C:\Windows\System32\unimdm.tsp - ok
16:47:05.0490 5084 [ FEB91B4DA0D540865260A33838654FA3 ] C:\Windows\System32\nci.dll
16:47:05.0490 5084 C:\Windows\System32\nci.dll - ok
16:47:05.0490 5084 [ 9D47DCEA181D036E6718487BDEAE3516 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\CHT\Shell_CHT.dll
16:47:05.0490 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\CHT\Shell_CHT.dll - ok
16:47:05.0506 5084 [ 94B7DF336815B47236724019FAB24B7C ] C:\Windows\System32\uniplat.dll
16:47:05.0506 5084 C:\Windows\System32\uniplat.dll - ok
16:47:05.0521 5084 [ 93A8B8561FA7DC2E94CF57AD8B90304C ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\CSY\Shell_CSY.dll
16:47:05.0521 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\CSY\Shell_CSY.dll - ok
16:47:05.0521 5084 [ 41326DD08ACC0CDC5F8177AF96C066E8 ] C:\Windows\System32\kmddsp.tsp
16:47:05.0521 5084 C:\Windows\System32\kmddsp.tsp - ok
16:47:05.0537 5084 [ 1D6BC2769DA66C1145F4DA5A65F52E61 ] C:\Windows\System32\ndptsp.tsp
16:47:05.0537 5084 C:\Windows\System32\ndptsp.tsp - ok
16:47:05.0537 5084 [ 7C1BAE7D23D4874FEE256A2B9C00E019 ] C:\Windows\System32\hidphone.tsp
16:47:05.0537 5084 C:\Windows\System32\hidphone.tsp - ok
16:47:05.0552 5084 [ 36F89B9897CD6625260696F2184570DA ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\DAN\Shell_DAN.dll
16:47:05.0552 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\DAN\Shell_DAN.dll - ok
16:47:05.0568 5084 [ 0784EF853BF5DEBC09A9E8198552FDD9 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\DEU\Shell_DEU.dll
16:47:05.0568 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\DEU\Shell_DEU.dll - ok
16:47:05.0568 5084 [ A717A35120DBAB5AB707AB40662AF9DD ] C:\Windows\System32\rasppp.dll
16:47:05.0568 5084 C:\Windows\System32\rasppp.dll - ok
16:47:05.0584 5084 [ 33E152EE8FCAE5D24522BF9D583DFFA6 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ELL\Shell_ELL.dll
16:47:05.0584 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ELL\Shell_ELL.dll - ok
16:47:05.0584 5084 [ 0FE5CD5F9C9248F42D1EF56E495B182E ] C:\Windows\System32\vpnike.dll
16:47:05.0584 5084 C:\Windows\System32\vpnike.dll - ok
16:47:05.0599 5084 [ 6A84E68B538B8B04608BF2F0D426CE6F ] C:\Windows\System32\raschap.dll
16:47:05.0599 5084 C:\Windows\System32\raschap.dll - ok
16:47:05.0615 5084 [ A74A5322ABE5AC634A9CAEFBFC1B3AE3 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\Shell_ENU.dll
16:47:05.0615 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\Shell_ENU.dll - ok
16:47:05.0615 5084 [ FA43D418BC945D27D0625B697B8442B5 ] C:\Windows\System32\cabinet.dll
16:47:05.0615 5084 C:\Windows\System32\cabinet.dll - ok
16:47:05.0630 5084 [ BC6882DA4E6D6E1507A919BBDE17E1BF ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ESP\Shell_ESP.dll
16:47:05.0630 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ESP\Shell_ESP.dll - ok
16:47:05.0630 5084 [ C5783AB6D8B1B77F58B7F5CC6FCE2064 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\FIN\Shell_FIN.dll
16:47:05.0646 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\FIN\Shell_FIN.dll - ok
16:47:05.0646 5084 [ EE41AC148D669592B0B8E5C28340395B ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\FRA\Shell_FRA.dll
16:47:05.0646 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\FRA\Shell_FRA.dll - ok
16:47:05.0662 5084 [ B95F6501A2F8B2E78C697FEC401970CE ] C:\Windows\System32\ipnathlp.dll
16:47:05.0662 5084 C:\Windows\System32\ipnathlp.dll - ok
16:47:05.0662 5084 [ 2DC014947C56B34D57F9DFC3B19B14E8 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\HEB\Shell_HEB.dll
16:47:05.0662 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\HEB\Shell_HEB.dll - ok
16:47:05.0677 5084 [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
16:47:05.0677 5084 C:\Windows\System32\netshell.dll - ok
16:47:05.0693 5084 [ 114FE97883B62DAA40CB4E42D840ABA8 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\HUN\Shell_HUN.dll
16:47:05.0693 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\HUN\Shell_HUN.dll - ok
16:47:05.0708 5084 [ EA85A754721A6406D19309893D8BE55C ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ITA\Shell_ITA.dll
16:47:05.0708 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ITA\Shell_ITA.dll - ok
16:47:05.0724 5084 [ 6466F63B0537BD3DF7BDB4A46E82D1BF ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\JPN\Shell_JPN.dll
16:47:05.0724 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\JPN\Shell_JPN.dll - ok
16:47:05.0724 5084 [ 3AD85074B225CB2E25D4707EAD1E5C93 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\KOR\Shell_KOR.dll
16:47:05.0724 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\KOR\Shell_KOR.dll - ok
16:47:05.0740 5084 [ D20E872E6811ABFDF3A9A32E03E14968 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\NLD\Shell_NLD.dll
16:47:05.0740 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\NLD\Shell_NLD.dll - ok
16:47:05.0740 5084 [ D2227BED108DC8AB658AA0E6A06CD9E4 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\NOR\Shell_NOR.dll
16:47:05.0740 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\NOR\Shell_NOR.dll - ok
16:47:05.0755 5084 [ AC9A7B6B2CD43C8B157B305425901D40 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\PLK\Shell_PLK.dll
16:47:05.0755 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\PLK\Shell_PLK.dll - ok
16:47:05.0771 5084 [ B02F2758364DA1E24A0CA45D5A5827A5 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\PTB\Shell_PTB.dll
16:47:05.0771 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\PTB\Shell_PTB.dll - ok
16:47:05.0771 5084 [ 9E1B6FB5FC5F57D27CA7BDBB715C07D3 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\PTG\Shell_PTG.dll
16:47:05.0771 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\PTG\Shell_PTG.dll - ok
16:47:05.0786 5084 [ 81A85CECAA1FA6A6C6DE357B644218ED ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RUS\Shell_RUS.dll
16:47:05.0786 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RUS\Shell_RUS.dll - ok
16:47:05.0786 5084 [ 79AFFC7FEEA9CD2FEFEA5EF3B631A02C ] C:\Windows\System32\ndiscapCfg.dll
16:47:05.0786 5084 C:\Windows\System32\ndiscapCfg.dll - ok
16:47:05.0802 5084 [ 3D6AF45673C4B31CDECD7F80AF09D443 ] C:\Windows\System32\rascfg.dll
16:47:05.0802 5084 C:\Windows\System32\rascfg.dll - ok
16:47:05.0802 5084 [ BE57788FA26D7BA92DF7AB62E35E6655 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\SVE\Shell_SVE.dll
16:47:05.0802 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\SVE\Shell_SVE.dll - ok
16:47:05.0818 5084 [ 1CF21800E337F4039AAD4C94B4280EE4 ] C:\Windows\System32\mprmsg.dll
16:47:05.0818 5084 C:\Windows\System32\mprmsg.dll - ok
16:47:05.0833 5084 [ 55DE45B116711881C852D2841E4C84DD ] C:\Windows\System32\tcpipcfg.dll
16:47:05.0833 5084 C:\Windows\System32\tcpipcfg.dll - ok
16:47:05.0833 5084 [ CF9A645210D85743B9A30812C6170E36 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\THA\Shell_THA.dll
16:47:05.0833 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\THA\Shell_THA.dll - ok
16:47:05.0849 5084 [ 85D370418F5AB3E7BBF28F86E9556106 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\TRK\Shell_TRK.dll
16:47:05.0849 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\TRK\Shell_TRK.dll - ok
16:47:05.0849 5084 [ F8BA8A317B5675629854FC9700F8AF6D ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\PlugInRAID_ENU.dll
16:47:05.0849 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\PlugInRAID_ENU.dll - ok
16:47:05.0864 5084 [ AC0C9CEA1218DAB1994AF8B28E680BD9 ] C:\Windows\System32\wlaninst.dll
16:47:05.0864 5084 C:\Windows\System32\wlaninst.dll - ok
16:47:05.0880 5084 [ 5A406C9C8E0880D3EABADC5DFD1ACDAE ] C:\Windows\System32\wwaninst.dll
16:47:05.0880 5084 C:\Windows\System32\wwaninst.dll - ok
16:47:05.0880 5084 [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
16:47:05.0880 5084 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
16:47:05.0896 5084 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
16:47:05.0896 5084 C:\Windows\System32\ncobjapi.dll - ok
16:47:05.0896 5084 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
16:47:05.0896 5084 C:\Windows\System32\wbem\wbemess.dll - ok
16:47:05.0911 5084 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
16:47:05.0911 5084 C:\Windows\System32\npmproxy.dll - ok
16:47:05.0911 5084 [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
16:47:05.0911 5084 C:\Windows\System32\wbem\NCProv.dll - ok
16:47:05.0927 5084 [ 5D5F5D4F9ABF02AEB268EBCE8BD44FE8 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\PlugInRAID.pin
16:47:05.0927 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\PlugInRAID.pin - ok
16:47:05.0942 5084 [ CC8E52DAA9826064BA464DBE531F2BB5 ] C:\Windows\System32\drivers\CVPNDRVA.sys
16:47:05.0942 5084 C:\Windows\System32\drivers\CVPNDRVA.sys - ok
16:47:05.0958 5084 [ B6CAC0C662A334C19BF0DF479F675F08 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RAIDWizM.dll
16:47:05.0958 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RAIDWizM.dll - ok
16:47:05.0958 5084 [ 653DD317EFBE8E6D1EA44FC807D26552 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RAIDWizD.dll
16:47:05.0958 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RAIDWizD.dll - ok
16:47:05.0974 5084 [ C2C4849161C778641E3A73106AC115F4 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RAIDWizR.dll
16:47:05.0974 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RAIDWizR.dll - ok
16:47:05.0989 5084 [ EBC36161D7BF42E6BDCD719BB3A7E701 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RaidWizCnG.dll
16:47:05.0989 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RaidWizCnG.dll - ok
16:47:05.0989 5084 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
16:47:05.0989 5084 C:\Windows\System32\wdi.dll - ok
16:47:06.0005 5084 [ DEE23F98A46BC6500E64A647B6CE4E83 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RAIDWizC.dll
16:47:06.0005 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RAIDWizC.dll - ok
16:47:06.0005 5084 [ BD9EB3958F213F96B97B1D897DEE006D ] C:\Windows\System32\hidserv.dll
16:47:06.0005 5084 C:\Windows\System32\hidserv.dll - ok
16:47:06.0020 5084 [ 10C2C77EC8A9B81B4E95CAF8F7D84234 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RAIDWizCFE.dll
16:47:06.0020 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RAIDWizCFE.dll - ok
16:47:06.0036 5084 [ 93221146D4EBBF314C29B23CD6CC391D ] C:\Windows\System32\wpdbusenum.dll
16:47:06.0036 5084 C:\Windows\System32\wpdbusenum.dll - ok
16:47:06.0036 5084 [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\SysWOW64\NapiNSP.dll
16:47:06.0036 5084 C:\Windows\SysWOW64\NapiNSP.dll - ok
16:47:06.0052 5084 [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
16:47:06.0052 5084 C:\Windows\System32\PortableDeviceApi.dll - ok
16:47:06.0052 5084 [ 4449D23E8F197862F1B16F1E6C89C36C ] C:\Windows\System32\diagperf.dll
16:47:06.0052 5084 C:\Windows\System32\diagperf.dll - ok
16:47:06.0067 5084 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
16:47:06.0067 5084 C:\Windows\System32\perftrack.dll - ok
16:47:06.0067 5084 [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\SysWOW64\pnrpnsp.dll
16:47:06.0067 5084 C:\Windows\SysWOW64\pnrpnsp.dll - ok
16:47:06.0083 5084 [ 0B1B7568CED61ABF5FD717F28175C96A ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
16:47:06.0083 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe - ok
16:47:06.0083 5084 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
16:47:06.0083 5084 C:\Windows\System32\Apphlpdm.dll - ok
16:47:06.0098 5084 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
16:47:06.0098 5084 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
16:47:06.0114 5084 [ AC122407B29378FF9646F03404AC7C54 ] C:\Windows\SysWOW64\wshbth.dll
16:47:06.0114 5084 C:\Windows\SysWOW64\wshbth.dll - ok
16:47:06.0114 5084 [ 9D4A1690AF93F233E15380398BEC7431 ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
16:47:06.0114 5084 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
16:47:06.0130 5084 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
16:47:06.0130 5084 C:\Windows\System32\pnpts.dll - ok
16:47:06.0130 5084 [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\SysWOW64\winrnr.dll
16:47:06.0130 5084 C:\Windows\SysWOW64\winrnr.dll - ok
16:47:06.0145 5084 [ E811F8510B133E70CF6E509FB809824F ] C:\Windows\System32\wdiasqmmodule.dll
16:47:06.0145 5084 C:\Windows\System32\wdiasqmmodule.dll - ok
16:47:06.0145 5084 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
16:47:06.0145 5084 C:\Windows\System32\radardt.dll - ok
16:47:06.0161 5084 [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files (x86)\Bonjour\mdnsNSP.dll
16:47:06.0161 5084 C:\Program Files (x86)\Bonjour\mdnsNSP.dll - ok
16:47:06.0176 5084 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
16:47:06.0176 5084 C:\Windows\SysWOW64\rasadhlp.dll - ok
16:47:06.0176 5084 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
16:47:06.0176 5084 C:\Windows\System32\aelupsvc.dll - ok
16:47:06.0192 5084 [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
16:47:06.0192 5084 C:\Windows\System32\dimsjob.dll - ok
16:47:06.0192 5084 [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll
16:47:06.0192 5084 C:\Windows\System32\pautoenr.dll - ok
16:47:06.0208 5084 [ 94DFBB481BF51158B216E23C5C1C9D6E ] C:\Windows\System32\certcli.dll
16:47:06.0208 5084 C:\Windows\System32\certcli.dll - ok
16:47:06.0223 5084 [ 263B26106606A010CF877472B535E4BB ] C:\Windows\System32\CertEnroll.dll
16:47:06.0223 5084 C:\Windows\System32\CertEnroll.dll - ok
16:47:06.0223 5084 [ DD81D91FF3B0763C392422865C9AC12E ] C:\Windows\System32\rundll32.exe
16:47:06.0223 5084 C:\Windows\System32\rundll32.exe - ok
16:47:06.0239 5084 [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll
16:47:06.0239 5084 C:\Windows\System32\actxprxy.dll - ok
16:47:06.0239 5084 [ 4FDFA3F219692D17011BF1B428857C1E ] C:\Program Files\Windows Defender\MpRTP.dll
16:47:06.0239 5084 C:\Program Files\Windows Defender\MpRTP.dll - ok
16:47:06.0254 5084 [ FBD879D17B26D49DD7A48FF58062FAE6 ] C:\Windows\System32\tdh.dll
16:47:06.0254 5084 C:\Windows\System32\tdh.dll - ok
16:47:06.0254 5084 [ 4AB30A1E63CE139BE363F920220EDB83 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CB026C93-38C5-4229-B761-79E7825F48AA}\mpengine.dll
16:47:06.0254 5084 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CB026C93-38C5-4229-B761-79E7825F48AA}\mpengine.dll - ok
16:47:06.0270 5084 [ 7914E02F598F1DED9EDAF35268173877 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CB026C93-38C5-4229-B761-79E7825F48AA}\mpasbase.vdm
16:47:06.0270 5084 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CB026C93-38C5-4229-B761-79E7825F48AA}\mpasbase.vdm - ok
16:47:06.0286 5084 [ CEA9E2C6B5F0B6E14339A0D079366FD2 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CB026C93-38C5-4229-B761-79E7825F48AA}\mpasdlta.vdm
16:47:06.0286 5084 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CB026C93-38C5-4229-B761-79E7825F48AA}\mpasdlta.vdm - ok
16:47:06.0286 5084 [ 93BB66044FA76734E882C6F3E8EE1900 ] C:\Program Files\Windows Defender\MsMpLics.dll
16:47:06.0286 5084 C:\Program Files\Windows Defender\MsMpLics.dll - ok
16:47:06.0301 5084 [ 6C1E3C43B35268C17833244C8ED96430 ] C:\Windows\System32\wscproxystub.dll
16:47:06.0301 5084 C:\Windows\System32\wscproxystub.dll - ok
16:47:06.0301 5084 [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
16:47:06.0301 5084 C:\Windows\System32\userinit.exe - ok
16:47:06.0317 5084 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
16:47:06.0317 5084 C:\Windows\System32\dwm.exe - ok
16:47:06.0317 5084 [ FCFCD1101C5DA23B4B95F93D02B2C169 ] C:\Windows\System32\dwmredir.dll
16:47:06.0317 5084 C:\Windows\System32\dwmredir.dll - ok
16:47:06.0332 5084 [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe
16:47:06.0332 5084 C:\Windows\explorer.exe - ok
16:47:06.0348 5084 [ 4BA77A5EF71C14C764B0ED4701683E3E ] C:\Windows\System32\dwmcore.dll
16:47:06.0348 5084 C:\Windows\System32\dwmcore.dll - ok
16:47:06.0348 5084 [ E1374D37477322D4956604711008C69D ] C:\Windows\System32\d3d10_1.dll
16:47:06.0348 5084 C:\Windows\System32\d3d10_1.dll - ok
16:47:06.0364 5084 [ 426BA4E737A7988FD1202AF2F2B2F4A6 ] C:\Windows\System32\d3d10_1core.dll
16:47:06.0364 5084 C:\Windows\System32\d3d10_1core.dll - ok
16:47:06.0379 5084 [ F404E59DB6A0F122AB26BF4F3E2FD0FA ] C:\Windows\System32\dxgi.dll
16:47:06.0379 5084 C:\Windows\System32\dxgi.dll - ok
16:47:06.0379 5084 [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
16:47:06.0379 5084 C:\Windows\System32\ExplorerFrame.dll - ok
16:47:06.0395 5084 [ 8F19AA7A891F429578D19753E3659A16 ] C:\Windows\System32\igd10umd64.dll
16:47:06.0395 5084 C:\Windows\System32\igd10umd64.dll - ok
16:47:06.0410 5084 [ 1EEF6ACBBE1D5DCD2EE545895DA87454 ] C:\Users\David Abram\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
16:47:06.0410 5084 C:\Users\David Abram\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll - ok
16:47:06.0410 5084 [ A7A8CA53D9C9FD90C07AB0EB38E5316B ] C:\Windows\System32\dbghelp.dll
16:47:06.0410 5084 C:\Windows\System32\dbghelp.dll - ok
16:47:06.0426 5084 [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll
16:47:06.0426 5084 C:\Windows\System32\uDWM.dll - ok
16:47:06.0426 5084 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
16:47:06.0426 5084 C:\Windows\System32\EhStorShell.dll - ok
16:47:06.0442 5084 [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll
16:47:06.0442 5084 C:\Windows\System32\ntshrui.dll - ok
16:47:06.0457 5084 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
16:47:06.0457 5084 C:\Windows\System32\IconCodecService.dll - ok
16:47:06.0457 5084 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] C:\Windows\System32\appinfo.dll
16:47:06.0457 5084 C:\Windows\System32\appinfo.dll - ok
16:47:06.0473 5084 [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
16:47:06.0473 5084 C:\Windows\System32\runonce.exe - ok
16:47:06.0473 5084 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
16:47:06.0473 5084 C:\Windows\SysWOW64\runonce.exe - ok
16:47:06.0488 5084 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\SysWOW64\propsys.dll
16:47:06.0488 5084 C:\Windows\SysWOW64\propsys.dll - ok
16:47:06.0488 5084 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\SysWOW64\cmd.exe
16:47:06.0488 5084 C:\Windows\SysWOW64\cmd.exe - ok
16:47:06.0504 5084 [ 448BF22538F1DFCB3412AE2B1CF123A9 ] C:\Windows\System32\conhost.exe
16:47:06.0504 5084 C:\Windows\System32\conhost.exe - ok
16:47:06.0520 5084 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
16:47:06.0520 5084 C:\Windows\SysWOW64\winbrand.dll - ok
16:47:06.0520 5084 [ B23137887833D849EDB4F03ED8124E71 ] C:\Windows\SysWOW64\ieframe.dll
16:47:06.0520 5084 C:\Windows\SysWOW64\ieframe.dll - ok
16:47:06.0535 5084 [ BE247AE996A9FDE007A27B51413A6C79 ] C:\Windows\SysWOW64\shdocvw.dll
16:47:06.0535 5084 C:\Windows\SysWOW64\shdocvw.dll - ok
16:47:06.0535 5084 [ 3BE18EEB1A93CC5F70F5A9C977B71A75 ] C:\Users\David Abram\AppData\Local\Temp\61ABB5B4-6377-41AD-AA5F-32D72F16E6EF.exe
16:47:06.0535 5084 C:\Users\David Abram\AppData\Local\Temp\61ABB5B4-6377-41AD-AA5F-32D72F16E6EF.exe - ok
16:47:06.0551 5084 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
16:47:06.0551 5084 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
16:47:06.0566 5084 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
16:47:06.0566 5084 C:\Windows\SysWOW64\gpapi.dll - ok
16:47:06.0566 5084 [ 04D16553664796613FE98D441A0C35D7 ] C:\Windows\SysWOW64\cryptnet.dll
16:47:06.0566 5084 C:\Windows\SysWOW64\cryptnet.dll - ok
16:47:06.0582 5084 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
16:47:06.0582 5084 C:\Windows\SysWOW64\SensApi.dll - ok
16:47:06.0598 5084 [ 7A6986DD659B96398A11AF5173892715 ] C:\Windows\SysWOW64\cabinet.dll
16:47:06.0598 5084 C:\Windows\SysWOW64\cabinet.dll - ok
16:47:06.0598 5084 [ 162D247E995EAEBF3EF4289069E1111C ] C:\Windows\SysWOW64\devrtl.dll
16:47:06.0598 5084 C:\Windows\SysWOW64\devrtl.dll - ok
16:47:06.0613 5084 [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\SysWOW64\FWPUCLNT.DLL
16:47:06.0613 5084 C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
16:47:06.0613 5084 [ 1DB71A41DAEE6B3F8CD0DDA8209FA2D5 ] C:\Windows\SysWOW64\WindowsCodecs.dll
16:47:06.0613 5084 C:\Windows\SysWOW64\WindowsCodecs.dll - ok
16:47:06.0629 5084 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
16:47:06.0629 5084 C:\Windows\SysWOW64\EhStorShell.dll - ok
16:47:06.0644 5084 [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\SysWOW64\ntshrui.dll
16:47:06.0644 5084 C:\Windows\SysWOW64\ntshrui.dll - ok
16:47:06.0644 5084 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
16:47:06.0644 5084 C:\Windows\SysWOW64\slc.dll - ok
16:47:06.0660 5084 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
16:47:06.0660 5084 C:\Windows\SysWOW64\imageres.dll - ok
16:47:06.0660 5084 [ B519848DFA30AE2B306576B51321D102 ] C:\Windows\System32\ie4uinit.exe
16:47:06.0660 5084 C:\Windows\System32\ie4uinit.exe - ok
16:47:06.0676 5084 [ C3E98C42EDF7EF237A4BAB91FEAC7426 ] C:\Windows\System32\iedkcs32.dll
16:47:06.0676 5084 C:\Windows\System32\iedkcs32.dll - ok
16:47:06.0691 5084 [ FB10715E4099AF9FA389C71873245226 ] C:\Windows\System32\timedate.cpl
16:47:06.0691 5084 C:\Windows\System32\timedate.cpl - ok
16:47:06.0691 5084 [ C4F40F6CACD796A8E16671D0E9A2F319 ] C:\Windows\System32\shdocvw.dll
16:47:06.0691 5084 C:\Windows\System32\shdocvw.dll - ok
16:47:06.0707 5084 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
16:47:06.0707 5084 C:\Windows\System32\linkinfo.dll - ok
16:47:06.0722 5084 [ FA752544EE1EE59E8AD938CBB43CAC93 ] C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll
16:47:06.0722 5084 C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll - ok
16:47:06.0722 5084 [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
16:47:06.0722 5084 C:\Windows\System32\msftedit.dll - ok
16:47:06.0738 5084 [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
16:47:06.0738 5084 C:\Windows\System32\msls31.dll - ok
16:47:06.0738 5084 [ 7DBA84667DC18877AEF693E3543DFAD7 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
16:47:06.0738 5084 C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
16:47:06.0754 5084 [ 3504B34CD2DE00BA3CC1A195F1B739BD ] C:\Windows\System32\gameux.dll
16:47:06.0754 5084 C:\Windows\System32\gameux.dll - ok
16:47:06.0754 5084 [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
16:47:06.0754 5084 C:\Windows\System32\DeviceCenter.dll - ok
16:47:06.0769 5084 [ 5F45D87B172CFCA862B7F1BED641F263 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
16:47:06.0769 5084 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - ok
16:47:06.0785 5084 [ C0CE1FD30CE222852A061207A579A6FC ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\iaaMon_ENU.dll
16:47:06.0785 5084 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\iaaMon_ENU.dll - ok
16:47:06.0785 5084 [ E7D38DBCFA8D80C1C05FBE1AACD3FFCC ] C:\Windows\System32\SynCOM.dll
16:47:06.0785 5084 C:\Windows\System32\SynCOM.dll - ok
16:47:06.0800 5084 [ 41F2A2F9EDFC2F0A2C99FD4A39E9F7CF ] C:\Windows\System32\SynTPAPI.dll
16:47:06.0800 5084 C:\Windows\System32\SynTPAPI.dll - ok
16:47:06.0800 5084 [ 11C14242823CB62262B14CD37E57A2D6 ] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
16:47:06.0800 5084 C:\Program Files (x86)\Lenovo\Energy Management\utility.exe - ok
16:47:06.0816 5084 [ B15DFB916F0D7AFEA5802A014E0A3715 ] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
16:47:06.0816 5084 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe - ok
16:47:06.0832 5084 [ 0B5511674394666E9D221F8681B2C2E6 ] C:\Windows\System32\consent.exe
16:47:06.0832 5084 C:\Windows\System32\consent.exe - ok
16:47:06.0832 5084 [ 263E9A047D17CD50BAA9D3C02910D18D ] C:\Windows\System32\oledlg.dll
16:47:06.0832 5084 C:\Windows\System32\oledlg.dll - ok
16:47:06.0847 5084 [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
16:47:06.0847 5084 C:\Windows\System32\thumbcache.dll - ok
16:47:06.0847 5084 [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
16:47:06.0847 5084 C:\Windows\System32\networkexplorer.dll - ok
16:47:06.0863 5084 [ 17E03B6C08DE84D8E88F0577A6BC0974 ] C:\Program Files (x86)\Lenovo\Energy Management\KbdHook.dll
16:47:06.0863 5084 C:\Program Files (x86)\Lenovo\Energy Management\KbdHook.dll - ok
16:47:06.0863 5084 [ B2A4E7F9CEBD75B2D1A2A2E6283AA00C ] C:\Program Files (x86)\Lenovo\Energy Management\Open EnergyManagement.exe
16:47:06.0863 5084 C:\Program Files (x86)\Lenovo\Energy Management\Open EnergyManagement.exe - ok
16:47:06.0878 5084 [ 73B8ABDD911E0E90D238FF223354650C ] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
16:47:06.0878 5084 C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe - ok
16:47:06.0878 5084 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\11149333.sys
16:47:06.0878 5084 C:\Windows\System32\drivers\11149333.sys - ok
16:47:06.0894 5084 [ 87A4570E9D15A2821015B7FB6B821654 ] C:\Windows\System32\igfxtray.exe
16:47:06.0894 5084 C:\Windows\System32\igfxtray.exe - ok
16:47:06.0910 5084 [ 706AA831C8C83FC0F7583B109B9CFC7F ] C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
16:47:06.0910 5084 C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll - ok
16:47:06.0910 5084 [ 82BD1656314D2FA949A0E8522828F837 ] C:\Windows\System32\hccutils.dll
16:47:06.0910 5084 C:\Windows\System32\hccutils.dll - ok
16:47:06.0925 5084 [ 842683D8F1A58A76E5A03DA35B4962EE ] C:\Windows\System32\hkcmd.exe
16:47:06.0925 5084 C:\Windows\System32\hkcmd.exe - ok
16:47:06.0941 5084 [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
16:47:06.0941 5084 C:\Windows\System32\stobject.dll - ok
16:47:06.0941 5084 [ 7CB55ECF3860D14DEA2DED97461A08B0 ] C:\Windows\System32\igfxsrvc.exe
16:47:06.0941 5084 C:\Windows\System32\igfxsrvc.exe - ok
16:47:06.0956 5084 [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
16:47:06.0956 5084 C:\Windows\System32\batmeter.dll - ok
16:47:06.0956 5084 [ 99F8C1060BFB20D2039716BBF741D6C2 ] C:\Windows\System32\igfxpers.exe
16:47:06.0956 5084 C:\Windows\System32\igfxpers.exe - ok
16:47:06.0972 5084 [ F02A533F517EB38333CB12A9E8963773 ] C:\Users\David Abram\AppData\Local\Google\Update\GoogleUpdate.exe
16:47:06.0972 5084 C:\Users\David Abram\AppData\Local\Google\Update\GoogleUpdate.exe - ok
16:47:06.0988 5084 [ B95E9630242E2154A320F042EBF20DB1 ] C:\Windows\System32\igfxsrvc.dll
16:47:06.0988 5084 C:\Windows\System32\igfxsrvc.dll - ok
16:47:06.0988 5084 [ E634A88CFA85F413E2D41476520D61BC ] C:\Users\David Abram\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
16:47:06.0988 5084 C:\Users\David Abram\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe - ok
16:47:07.0003 5084 [ 026E1B4D80750DC88357694443724729 ] C:\Windows\System32\igfxdev.dll
16:47:07.0003 5084 C:\Windows\System32\igfxdev.dll - ok
16:47:07.0003 5084 [ 39C5FCF8AA3B83D79A0E853ECB38BF25 ] C:\Users\David Abram\AppData\Local\Google\Update\1.3.21.115\goopdate.dll
16:47:07.0003 5084 C:\Users\David Abram\AppData\Local\Google\Update\1.3.21.115\goopdate.dll - ok
16:47:07.0019 5084 [ 135255E6557AD2B342A4BB4D892AE2DB ] C:\Windows\System32\igfxrenu.lrc
16:47:07.0019 5084 C:\Windows\System32\igfxrenu.lrc - ok
16:47:07.0019 5084 [ 15FFBB6BAD65E3E043929546F84B9C6C ] C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
16:47:07.0019 5084 C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe - ok
16:47:07.0034 5084 [ DC8C18F595AE36655911326593361F13 ] C:\Windows\System32\ieframe.dll
16:47:07.0034 5084 C:\Windows\System32\ieframe.dll - ok
16:47:07.0050 5084 [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
16:47:07.0050 5084 C:\Windows\System32\prnfldr.dll - ok
16:47:07.0050 5084 [ 93F29E6964BAEF31E53D203992B0AFD4 ] C:\Users\David Abram\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
16:47:07.0050 5084 C:\Users\David Abram\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe - ok
16:47:07.0066 5084 [ B45F2C4076ACFD9714037B7C69D90167 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
16:47:07.0066 5084 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
16:47:07.0081 5084 [ 05A58F9A6BBA37412CDEACD055FAEB37 ] C:\Windows\System32\igfxress.dll
16:47:07.0081 5084 C:\Windows\System32\igfxress.dll - ok
16:47:07.0081 5084 [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
16:47:07.0081 5084 C:\Windows\System32\DXP.dll - ok
16:47:07.0097 5084 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
16:47:07.0097 5084 C:\Windows\System32\Syncreg.dll - ok
16:47:07.0097 5084 [ 84DB35F319E5B67838A4877C11748866 ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
16:47:07.0097 5084 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe - ok
16:47:07.0112 5084 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
16:47:07.0112 5084 C:\Windows\ehome\ehSSO.dll - ok
16:47:07.0112 5084 [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
16:47:07.0112 5084 C:\Windows\System32\WPDShServiceObj.dll - ok
16:47:07.0128 5084 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
16:47:07.0128 5084 C:\Windows\System32\PortableDeviceTypes.dll - ok
16:47:07.0128 5084 [ B8E421C0890356CD4A793D8A346D9096 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
16:47:07.0128 5084 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
16:47:07.0144 5084 [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
16:47:07.0144 5084 C:\Windows\System32\srchadmin.dll - ok
16:47:07.0159 5084 [ C282F4A84FDA6EF4376996542F7A1249 ] C:\Users\David Abram\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
16:47:07.0159 5084 C:\Users\David Abram\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler64.exe - ok
16:47:07.0159 5084 [ 995BEB69AE5C50D354894354F5A6CD5A ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
16:47:07.0159 5084 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe - ok
16:47:07.0175 5084 [ 31FF2ADF99197E63F8F35AB983801845 ] C:\Program Files (x86)\BitKinex\x64\bitkinexwe.dll
16:47:07.0175 5084 C:\Program Files (x86)\BitKinex\x64\bitkinexwe.dll - ok
16:47:07.0175 5084 [ E0B340996A41C9A75DFA3B99BBA9C500 ] C:\Windows\System32\SearchIndexer.exe
16:47:07.0175 5084 C:\Windows\System32\SearchIndexer.exe - ok
16:47:07.0190 5084 [ 34086F1DBB4065047EA3671CB70505CC ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
16:47:07.0190 5084 C:\Program Files (x86)\iTunes\iTunesHelper.exe - ok
16:47:07.0190 5084 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
16:47:07.0190 5084 C:\Windows\System32\AltTab.dll - ok
16:47:07.0206 5084 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
16:47:07.0206 5084 C:\Windows\SysWOW64\riched20.dll - ok
16:47:07.0222 5084 [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
16:47:07.0222 5084 C:\Windows\System32\pnidui.dll - ok
16:47:07.0222 5084 [ CAF01663BA1865FBBB1958D060B5D514 ] C:\Program Files\Lenovo\Bluetooth Software\BTNCopy.dll
16:47:07.0222 5084 C:\Program Files\Lenovo\Bluetooth Software\BTNCopy.dll - ok
16:47:07.0237 5084 [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
16:47:07.0237 5084 C:\Windows\System32\QUTIL.DLL - ok
16:47:07.0237 5084 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
16:47:07.0237 5084 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
16:47:07.0253 5084 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
16:47:07.0253 5084 C:\Windows\System32\FXSST.dll - ok
16:47:07.0253 5084 [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
16:47:07.0253 5084 C:\Windows\System32\FXSAPI.dll - ok
16:47:07.0268 5084 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
16:47:07.0268 5084 C:\Windows\System32\FXSRESM.dll - ok
16:47:07.0284 5084 [ 589DF683A6C81424A6CECE52ABF98A50 ] C:\Windows\System32\tquery.dll
16:47:07.0284 5084 C:\Windows\System32\tquery.dll - ok
16:47:07.0284 5084 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
16:47:07.0284 5084 C:\Windows\SysWOW64\duser.dll - ok
16:47:07.0300 5084 [ FB665485B6C8EE16FED0619ADFF8B27A ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
16:47:07.0300 5084 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll - ok
16:47:07.0300 5084 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
16:47:07.0300 5084 C:\Windows\SysWOW64\dui70.dll - ok
16:47:07.0315 5084 [ 51464B6C373CD07E7D4A6CC9294ED67C ] C:\Users\David Abram\AppData\Roaming\Dropbox\bin\Dropbox.exe
16:47:07.0315 5084 C:\Users\David Abram\AppData\Roaming\Dropbox\bin\Dropbox.exe - ok
16:47:07.0315 5084 [ 7568CC720ACE4D03B84AF97817E745EF ] C:\Windows\System32\mssrch.dll
16:47:07.0315 5084 C:\Windows\System32\mssrch.dll - ok
16:47:07.0331 5084 [ B1CA4AA760FF0DDFA1C38E95D19CFEFB ] C:\Program Files (x86)\iTunes\iTunesHelper.dll
16:47:07.0331 5084 C:\Program Files (x86)\iTunes\iTunesHelper.dll - ok
16:47:07.0346 5084 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
16:47:07.0346 5084 C:\Windows\System32\msidle.dll - ok
16:47:07.0346 5084 [ 0654195051D1024C005E7BE135A6FEE7 ] C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.dll
16:47:07.0346 5084 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok
16:47:07.0362 5084 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
16:47:07.0362 5084 C:\Windows\System32\FXSSVC.exe - ok
16:47:07.0378 5084 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
16:47:07.0378 5084 C:\Windows\System32\mssprxy.dll - ok
16:47:07.0378 5084 [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
16:47:07.0378 5084 C:\Windows\System32\wlanhlp.dll - ok
16:47:07.0393 5084 [ 24744F14E76174927AA2BD4600709192 ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll
16:47:07.0393 5084 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll - ok
16:47:07.0409 5084 [ E7FE89F69C3CC65CAD3D1ADC5D6A9F41 ] C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
16:47:07.0409 5084 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok
16:47:07.0409 5084 [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
16:47:07.0409 5084 C:\Windows\System32\wlanapi.dll - ok
16:47:07.0424 5084 [ E0CD5872CA4552056C4C705361A6BB5A ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
16:47:07.0424 5084 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
16:47:07.0424 5084 [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2 ] C:\Windows\System32\dot3api.dll
16:47:07.0424 5084 C:\Windows\System32\dot3api.dll - ok
16:47:07.0440 5084 [ 88468536D51F79E1FC42620FCED503D7 ] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
16:47:07.0440 5084 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe - ok
16:47:07.0440 5084 [ F35A584E947A5B401FEB0FE01DB4A0D7 ] C:\Program Files (x86)\Sophos\AutoUpdate\MFC71.dll
16:47:07.0440 5084 C:\Program Files (x86)\Sophos\AutoUpdate\MFC71.dll - ok
16:47:07.0456 5084 [ BAF751E7061FF626AA60F56D1D5D1FDC ] C:\Windows\SysWOW64\MFC71ENU.DLL
16:47:07.0456 5084 C:\Windows\SysWOW64\MFC71ENU.DLL - ok
16:47:07.0471 5084 [ CBA3C6E3492C45D8BDF03262E2550617 ] C:\Program Files (x86)\Sophos\AutoUpdate\swlocale.dll
16:47:07.0471 5084 C:\Program Files (x86)\Sophos\AutoUpdate\swlocale.dll - ok
16:47:07.0471 5084 [ 07CDD5732A8A084BA8EC10287CADDD36 ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
16:47:07.0471 5084 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe - ok
16:47:07.0487 5084 [ 4E8012DFB94BEB686DB3E020D4B366DC ] C:\Program Files (x86)\Sophos\AutoUpdate\en\almonres.dll
16:47:07.0487 5084 C:\Program Files (x86)\Sophos\AutoUpdate\en\almonres.dll - ok
16:47:07.0502 5084 [ 4E8E3880A3E0632AA5C8F7EF8B37E2B2 ] C:\Windows\System32\GfxUI.exe
16:47:07.0502 5084 C:\Windows\System32\GfxUI.exe - ok
16:47:07.0502 5084 [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
16:47:07.0502 5084 C:\Windows\System32\WWanAPI.dll - ok
16:47:07.0518 5084 [ A08C010D859F8EB42BDD7E1D55B8CA27 ] C:\Windows\System32\mscoree.dll
16:47:07.0518 5084 C:\Windows\System32\mscoree.dll - ok
16:47:07.0534 5084 [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
16:47:07.0534 5084 C:\Windows\System32\wwapi.dll - ok
16:47:07.0534 5084 [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
16:47:07.0534 5084 C:\Windows\System32\en-US\tquery.dll.mui - ok
16:47:07.0549 5084 [ AA794B099F776B37ACCDEAD00E0FBFC9 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
16:47:07.0549 5084 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
16:47:07.0549 5084 [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL
16:47:07.0549 5084 C:\Windows\System32\QAGENT.DLL - ok
16:47:07.0565 5084 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Users\David Abram\AppData\Roaming\Dropbox\bin\msvcr71.dll
16:47:07.0565 5084 C:\Users\David Abram\AppData\Roaming\Dropbox\bin\msvcr71.dll - ok
16:47:07.0565 5084 [ 9E3DB741CD90B26284C41494684EB238 ] C:\Program Files (x86)\Sophos\Sophos Anti-Virus\DesktopMessaging.dll
16:47:07.0565 5084 C:\Program Files (x86)\Sophos\Sophos Anti-Virus\DesktopMessaging.dll - ok
16:47:07.0580 5084 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
16:47:07.0580 5084 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
16:47:07.0596 5084 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
16:47:07.0596 5084 C:\Windows\SysWOW64\msimg32.dll - ok
16:47:07.0596 5084 [ 1EA7969E3271CBC59E1730697DC74682 ] C:\Windows\System32\qmgr.dll
16:47:07.0596 5084 C:\Windows\System32\qmgr.dll - ok
16:47:07.0612 5084 [ 75B3F2285F2E9BD2044EB820F1823370 ] C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavNeutralRes.dll
16:47:07.0612 5084 C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavNeutralRes.dll - ok
16:47:07.0612 5084 [ 29409ED7400CA5BCCC30C0EE5147A60D ] C:\Windows\System32\bitsperf.dll
16:47:07.0612 5084 C:\Windows\System32\bitsperf.dll - ok
16:47:07.0627 5084 [ D9431DCF90B0253773F51FDEFE7FD42F ] C:\Windows\System32\bitsigd.dll
16:47:07.0627 5084 C:\Windows\System32\bitsigd.dll - ok
16:47:07.0643 5084 [ 97F17505834562D6115B1734A0AEAFD4 ] C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavResEng.dll
16:47:07.0643 5084 C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavResEng.dll - ok
16:47:07.0658 5084 [ 96DB78C9C50CEED9DA5050EFFEE272A2 ] C:\Windows\System32\upnp.dll
16:47:07.0658 5084 C:\Windows\System32\upnp.dll - ok
16:47:07.0658 5084 [ A05C0003E8D7CEA359A439690554F8BB ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
16:47:07.0658 5084 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll - ok
16:47:07.0674 5084 [ 94D0BF03AEB90598923173E3379CB1DD ] C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavProxy.exe
16:47:07.0674 5084 C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavProxy.exe - ok
16:47:07.0690 5084 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] C:\Windows\System32\ssdpsrv.dll
16:47:07.0690 5084 C:\Windows\System32\ssdpsrv.dll - ok
16:47:07.0690 5084 [ D5369247B6C11EAE2C0650D8303E23B4 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
16:47:07.0690 5084 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok
16:47:07.0705 5084 [ A9AB99EE7D39725EAFEC82732D2B3271 ] C:\Program Files\iPod\bin\iPodService.exe
16:47:07.0705 5084 C:\Program Files\iPod\bin\iPodService.exe - ok
16:47:07.0705 5084 [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
16:47:07.0705 5084 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok
16:47:07.0721 5084 [ 5CB4174FB02E0BD4639B6EBDE31EC8E1 ] C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll
16:47:07.0721 5084 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll - ok
16:47:07.0736 5084 [ BFC43967D25EA76082B9369B619AE5A7 ] C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll
16:47:07.0736 5084 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll - ok
16:47:07.0736 5084 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Users\David Abram\AppData\Roaming\Dropbox\bin\msvcp71.dll
16:47:07.0736 5084 C:\Users\David Abram\AppData\Roaming\Dropbox\bin\msvcp71.dll - ok
16:47:07.0752 5084 [ AC5DF873913B00E554D8F553459BC431 ] C:\Windows\System32\qmgrprxy.dll
16:47:07.0752 5084 C:\Windows\System32\qmgrprxy.dll - ok
16:47:07.0768 5084 [ 76CDA84DCB30EBDEF0D86051A72E0C0F ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\f73f0a9c9a83dcd3ff428be509a7992f\mscorlib.ni.dll
16:47:07.0768 5084 C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\f73f0a9c9a83dcd3ff428be509a7992f\mscorlib.ni.dll - ok
16:47:07.0768 5084 [ 85B45B4B285B159ACDB355FC8C1E8925 ] C:\Windows\SysWOW64\qmgrprxy.dll
16:47:07.0768 5084 C:\Windows\SysWOW64\qmgrprxy.dll - ok
16:47:07.0783 5084 [ 327695074718E1BDAC226B2A16F425E2 ] C:\Windows\SysWOW64\jsproxy.dll
16:47:07.0783 5084 C:\Windows\SysWOW64\jsproxy.dll - ok
16:47:07.0783 5084 [ BA48FCD5653B8A62F39AAF2663EC5D10 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System\c40ec0f4cd203c880298f94c0427dd54\System.ni.dll
16:47:07.0783 5084 C:\Windows\assembly\NativeImages_v2.0.50727_64\System\c40ec0f4cd203c880298f94c0427dd54\System.ni.dll - ok
16:47:07.0799 5084 [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll
16:47:07.0799 5084 C:\Windows\System32\UIAnimation.dll - ok
16:47:07.0814 5084 [ 92CBA4EBF1EAC5329662A967C079F660 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\4bcc5a6e9e9d25e068fc304bd7eda6af\WindowsBase.ni.dll
16:47:07.0814 5084 C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\4bcc5a6e9e9d25e068fc304bd7eda6af\WindowsBase.ni.dll - ok
16:47:07.0814 5084 [ 3F50200237961034FACE602373838980 ] C:\Windows\SysWOW64\FirewallAPI.dll
16:47:07.0814 5084 C:\Windows\SysWOW64\FirewallAPI.dll - ok
16:47:07.0830 5084 [ D9E21CBF9E6A87847AFFD39EA3FA28EE ] C:\Windows\System32\SearchProtocolHost.exe
16:47:07.0830 5084 C:\Windows\System32\SearchProtocolHost.exe - ok
16:47:07.0830 5084 [ D7CEAEDD5F75D2C8A2E80887D7C114CE ] C:\Windows\System32\webcheck.dll
16:47:07.0830 5084 C:\Windows\System32\webcheck.dll - ok
16:47:07.0846 5084 [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
16:47:07.0846 5084 C:\Windows\System32\mlang.dll - ok
16:47:07.0846 5084 [ D2A5B2B09F2AF5ED13BF494508B09788 ] C:\Windows\System32\msshooks.dll
16:47:07.0846 5084 C:\Windows\System32\msshooks.dll - ok
16:47:07.0861 5084 [ 49A3AD5CE578CD77F445F3D244AEAB2D ] C:\Windows\System32\SearchFilterHost.exe
16:47:07.0861 5084 C:\Windows\System32\SearchFilterHost.exe - ok
16:47:07.0877 5084 [ 101797BA603D227946B4B5109867EB19 ] C:\Windows\System32\SyncCenter.dll
16:47:07.0877 5084 C:\Windows\System32\SyncCenter.dll - ok
16:47:07.0877 5084 [ 8130391F82D52D36C0441F714136957F ] C:\Windows\System32\imapi2.dll
16:47:07.0877 5084 C:\Windows\System32\imapi2.dll - ok
16:47:07.0892 5084 [ 48041BAEB60CE5F34F13CC2A1361E49C ] C:\Windows\System32\mssph.dll
16:47:07.0892 5084 C:\Windows\System32\mssph.dll - ok
16:47:07.0892 5084 [ 6A5C1A8AC0B572679361026D0E900420 ] C:\Windows\System32\hgcpl.dll
16:47:07.0892 5084 C:\Windows\System32\hgcpl.dll - ok
16:47:07.0908 5084 [ 8F4BB0CFECED925D440ABC2481278360 ] C:\Windows\System32\mapi32.dll
16:47:07.0908 5084 C:\Windows\System32\mapi32.dll - ok
16:47:07.0908 5084 [ 596F1BA567C8A772EB9B5D8649E9668B ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\4dc6e89ac37368291890ba27c374208b\PresentationCore.ni.dll
16:47:07.0908 5084 C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\4dc6e89ac37368291890ba27c374208b\PresentationCore.ni.dll - ok
16:47:07.0924 5084 [ 5746BD7E255DD6A8AFA06F7C42C1BA41 ] C:\Windows\System32\cmd.exe
16:47:07.0924 5084 C:\Windows\System32\cmd.exe - ok
16:47:07.0924 5084 [ FF2B106909EED48C536DA04742C0324A ] C:\Windows\System32\Query.dll
16:47:07.0924 5084 C:\Windows\System32\Query.dll - ok
16:47:07.0955 5084 [ 01E2855FB06C422E721D890AF201C2D7 ] C:\Windows\System32\NaturalLanguage6.dll
16:47:07.0955 5084 C:\Windows\System32\NaturalLanguage6.dll - ok
16:47:07.0955 5084 [ 701D9F5F3F21580936638D5C5F86B460 ] C:\Windows\System32\NlsData0009.dll
16:47:07.0955 5084 C:\Windows\System32\NlsData0009.dll - ok
16:47:07.0970 5084 [ 148A733B93A2AC104280495DA09D3CC2 ] C:\Windows\System32\NlsLexicons0009.dll
16:47:07.0970 5084 C:\Windows\System32\NlsLexicons0009.dll - ok
16:47:07.0970 5084 [ 76D86E65FF7D10292886A1F2DB93A911 ] C:\Windows\System32\ELSCore.dll
16:47:07.0970 5084 C:\Windows\System32\ELSCore.dll - ok
16:47:07.0986 5084 [ 12929BDE96189F4E968AD035573424F0 ] C:\Windows\System32\elsTrans.dll
16:47:07.0986 5084 C:\Windows\System32\elsTrans.dll - ok
16:47:07.0986 5084 [ AEE087CF7423BA44CC2DE03CC565E399 ] C:\Windows\System32\elslad.dll
16:47:07.0986 5084 C:\Windows\System32\elslad.dll - ok
16:47:08.0002 5084 [ 54DAF1C69DE1A5E2A6A9D6B43CCAEB68 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\9aa6320f06da2553fb04e78722c739c8\PresentationFramework.ni.dll
16:47:08.0002 5084 C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\9aa6320f06da2553fb04e78722c739c8\PresentationFramework.ni.dll - ok
16:47:08.0017 5084 [ 6D74290856347CF8682277A54B433D4B ] C:\Users\David Abram\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
16:47:08.0017 5084 C:\Users\David Abram\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll - ok
16:47:08.0017 5084 [ 11542EC1F1C53EDB3CCF5AADF4C9972F ] C:\Windows\System32\NlsData0000.dll
16:47:08.0017 5084 C:\Windows\System32\NlsData0000.dll - ok
16:47:08.0033 5084 [ C264145F107437CBD3B30303733AEE4F ] C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
16:47:08.0033 5084 C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll - ok
16:47:08.0048 5084 [ 51272A935F4F482A70F2A7D1C3A67AEE ] C:\Windows\System32\NlsData000c.dll
16:47:08.0048 5084 C:\Windows\System32\NlsData000c.dll - ok
16:47:08.0048 5084 [ C8541AECCCA9260DE93C85F214110FA8 ] C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll
16:47:08.0048 5084 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll - ok
16:47:08.0064 5084 [ C2142407A2BE3462247500849B3FF8C7 ] C:\Windows\System32\NlsLexicons000c.dll
16:47:08.0064 5084 C:\Windows\System32\NlsLexicons000c.dll - ok
16:47:08.0080 5084 [ 3ABB7ADB9CCBCD24D6C55201A3842A94 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
16:47:08.0080 5084 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll - ok
16:47:08.0080 5084 [ D64D99EC088B54FFE8EE67A480386C20 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
16:47:08.0080 5084 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll - ok
16:47:08.0095 5084 [ A18C3579512D96D02C8BEC1400454BE8 ] C:\Windows\System32\gfxSrvc.dll
16:47:08.0095 5084 C:\Windows\System32\gfxSrvc.dll - ok
16:47:08.0095 5084 [ 90E03A12E4BAD479257ACB33E7BDE9DC ] C:\Windows\System32\IGFXDEVLib.dll
16:47:08.0095 5084 C:\Windows\System32\IGFXDEVLib.dll - ok
16:47:08.0111 5084 [ 4C3DAEE652B005B483F16B8E9131C99D ] C:\Windows\System32\d3d9.dll
16:47:08.0111 5084 C:\Windows\System32\d3d9.dll - ok
16:47:08.0126 5084 [ 3044D07ABDF4BBEA27E2EE7B1E0C0C65 ] C:\Windows\System32\d3d8thk.dll
16:47:08.0126 5084 C:\Windows\System32\d3d8thk.dll - ok
16:47:08.0126 5084 [ 7D631675030CE69C78FB131912E0E3DF ] C:\Windows\System32\igdumd64.dll
16:47:08.0126 5084 C:\Windows\System32\igdumd64.dll - ok
16:47:08.0142 5084 [ 37C813CF6B4E892E2CDA6FEF3B871AFC ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\24d1b7ccbedaa3602bae6a6acea9929e\System.Xml.ni.dll
16:47:08.0142 5084 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\24d1b7ccbedaa3602bae6a6acea9929e\System.Xml.ni.dll - ok
16:47:08.0158 5084 [ 857F78A80A36BF9BE8B10D85E49CE2C4 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\193d03ca60573c92f92d9b07fa5bc243\System.Configuration.ni.dll
16:47:08.0158 5084 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\193d03ca60573c92f92d9b07fa5bc243\System.Configuration.ni.dll - ok
16:47:08.0158 5084 [ 80C834BA6B844C4B717F2465C4E8EC0F ] C:\Windows\System32\WindowsCodecsExt.dll
16:47:08.0158 5084 C:\Windows\System32\WindowsCodecsExt.dll - ok
16:47:08.0173 5084 [ 1D296F090ED401967B30BD2B970DC306 ] C:\Windows\System32\icm32.dll
16:47:08.0173 5084 C:\Windows\System32\icm32.dll - ok
16:47:08.0189 5084 [ BE63879E3ED6893F84309DF1EBECF26D ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\4f3567165e2a444fc9a62980c4d0ea82\PresentationFramework.Aero.ni.dll
16:47:08.0189 5084 C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\4f3567165e2a444fc9a62980c4d0ea82\PresentationFramework.Aero.ni.dll - ok
16:47:08.0189 5084 [ FC3001B4B9DF50B61F3CCA615759EFE7 ] C:\Windows\System32\PhotoMetadataHandler.dll
16:47:08.0189 5084 C:\Windows\System32\PhotoMetadataHandler.dll - ok
16:47:08.0204 5084 [ B20F286B301D03F4CCA3A59194D303EA ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\92c038385ee5b9840e941f9c84b988df\System.Drawing.ni.dll
16:47:08.0204 5084 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\92c038385ee5b9840e941f9c84b988df\System.Drawing.ni.dll - ok
16:47:08.0220 5084 [ C5413BC4F10CEB4C3070BBF04D324117 ] C:\Windows\SysWOW64\msisip.dll
16:47:08.0220 5084 C:\Windows\SysWOW64\msisip.dll - ok
16:47:08.0236 5084 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:47:08.0236 5084 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
16:47:08.0236 5084 [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\SysWOW64\msvcr100_clr0400.dll
16:47:08.0236 5084 C:\Windows\SysWOW64\msvcr100_clr0400.dll - ok
16:47:08.0251 5084 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:47:08.0251 5084 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe - ok
16:47:08.0267 5084 [ CB21CD39637AC13F3455454B2F648257 ] C:\Windows\System32\msvcr100_clr0400.dll
16:47:08.0267 5084 C:\Windows\System32\msvcr100_clr0400.dll - ok
16:47:08.0267 5084 [ 1FA2E249364050217091CA073F5CF9EB ] C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
16:47:08.0267 5084 C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe - ok
16:47:08.0282 5084 [ 39DB65B51524C2AFC46D310D420F2F8A ] C:\Program Files (x86)\DDNI\Lenovo Idea Notes\Win32Utils.dll
16:47:08.0282 5084 C:\Program Files (x86)\DDNI\Lenovo Idea Notes\Win32Utils.dll - ok
16:47:08.0298 5084 [ 8F308D6855836B1E343AEB68C568BEF8 ] C:\Program Files (x86)\DDNI\Lenovo Idea Notes\BitsUtil.dll
16:47:08.0298 5084 C:\Program Files (x86)\DDNI\Lenovo Idea Notes\BitsUtil.dll - ok
16:47:08.0298 5084 [ 5C4CB4086FB83115B153E47ADD961A0C ] C:\Windows\System32\FntCache.dll
16:47:08.0298 5084 C:\Windows\System32\FntCache.dll - ok
16:47:08.0314 5084 [ 85F0CCD6E2C2694793ADF04B6B6658AA ] C:\Program Files (x86)\Google\Update\1.3.21.115\goopdateres_en.dll
16:47:08.0314 5084 C:\Program Files (x86)\Google\Update\1.3.21.115\goopdateres_en.dll - ok
16:47:08.0314 5084 [ DC8490812A3B72811AE534F423B4C206 ] C:\Windows\System32\drivers\mbam.sys
16:47:08.0314 5084 C:\Windows\System32\drivers\mbam.sys - ok
16:47:08.0329 5084 [ 43683E970F008C93C9429EF428147A54 ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:47:08.0329 5084 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe - ok
16:47:08.0345 5084 [ 8F233C5BC68E34D18D38257B283CE96C ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.dll
16:47:08.0345 5084 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.dll - ok
16:47:08.0360 5084 [ E17E0188BB90FAE42D83E98707EFA59C ] C:\Windows\System32\sppsvc.exe
16:47:08.0360 5084 C:\Windows\System32\sppsvc.exe - ok
16:47:08.0376 5084 [ FFF95479C7AB1550F0750A5D01744211 ] C:\Windows\System32\drivers\spsys.sys
16:47:08.0376 5084 C:\Windows\System32\drivers\spsys.sys - ok
16:47:08.0392 5084 [ E8B1FE6669397D1772D8196DF0E57A9E ] C:\Windows\System32\wscsvc.dll
16:47:08.0392 5084 C:\Windows\System32\wscsvc.dll - ok
16:47:08.0516 5084 [ 92E0508D924512F63FFEEFE498CBD11F ] C:\Windows\System32\p2pcollab.dll
16:47:08.0516 5084 C:\Windows\System32\p2pcollab.dll - ok
16:47:08.0532 5084 [ 582AC6D9873E31DFA28A4547270862DD ] C:\Windows\System32\QAGENTRT.DLL
16:47:08.0532 5084 C:\Windows\System32\QAGENTRT.DLL - ok
16:47:08.0532 5084 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] C:\Windows\System32\wuaueng.dll
16:47:08.0532 5084 C:\Windows\System32\wuaueng.dll - ok
16:47:08.0548 5084 [ 506A83A3BEEE9FCA09F0170DE9FC7D1B ] C:\Windows\System32\fveui.dll
16:47:08.0548 5084 C:\Windows\System32\fveui.dll - ok
16:47:08.0563 5084 [ 617F6EC0AC677C685479C1D0D1E76C6F ] C:\Windows\System32\mspatcha.dll
16:47:08.0563 5084 C:\Windows\System32\mspatcha.dll - ok
16:47:08.0563 5084 [ C47F35CC6FA4F1BDBEF8F87AC1A46537 ] C:\Windows\System32\wuapi.dll
16:47:08.0563 5084 C:\Windows\System32\wuapi.dll - ok
16:47:08.0579 5084 [ E746ED90132C6B6313CE9179F56BD31D ] C:\Windows\System32\wups.dll
16:47:08.0579 5084 C:\Windows\System32\wups.dll - ok
16:47:08.0594 5084 [ F6F22291024906E43D135A4B1705FEAC ] C:\Windows\System32\sppwinob.dll
16:47:08.0594 5084 C:\Windows\System32\sppwinob.dll - ok
16:47:08.0610 5084 [ 7FE0D0C8F53735EA17C9AE93EFE7AD5A ] C:\Windows\System32\wups2.dll
16:47:08.0610 5084 C:\Windows\System32\wups2.dll - ok
16:47:08.0626 5084 [ 2B373B5F7E36B5ED5DA176D4400EF091 ] C:\Windows\System32\sppobjs.dll
16:47:08.0626 5084 C:\Windows\System32\sppobjs.dll - ok
16:47:08.0626 5084 [ 39E9AACC4C5FB3C3C0B12DE6D491553D ] C:\Windows\SysWOW64\WindowsCodecsExt.dll
16:47:08.0626 5084 C:\Windows\SysWOW64\WindowsCodecsExt.dll - ok
16:47:08.0641 5084 [ 590D5C506044FE02FF7643E32FF9BDAC ] C:\Windows\SysWOW64\wer.dll
16:47:08.0641 5084 C:\Windows\SysWOW64\wer.dll - ok
16:47:08.0657 5084 [ 4FB491AC8D46AAF22BA8BC5C73DABEF7 ] C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
16:47:08.0657 5084 C:\Windows\SysWOW64\wbem\WmiPrvSE.exe - ok
16:47:08.0657 5084 [ 619A67C9F617B7E69315BB28ECD5E1DF ] C:\Windows\System32\wbem\WmiPrvSE.exe
16:47:08.0657 5084 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
16:47:08.0672 5084 [ 2F03490092C032392FB6FF635222B9B2 ] C:\Windows\SysWOW64\apisetschema.dll
16:47:08.0672 5084 C:\Windows\SysWOW64\apisetschema.dll - ok
16:47:08.0672 5084 [ A4CC7227A452C4909F9499D91B184364 ] C:\Windows\SysWOW64\ncobjapi.dll
16:47:08.0672 5084 C:\Windows\SysWOW64\ncobjapi.dll - ok
16:47:08.0688 5084 [ 5610B0425518D185331CB8E968D060E6 ] C:\Windows\SysWOW64\wbem\wmiutils.dll
16:47:08.0688 5084 C:\Windows\SysWOW64\wbem\wmiutils.dll - ok
16:47:08.0688 5084 [ 6607C2182C6A53ED983813AFE2F85768 ] C:\Windows\System32\wbem\cimwin32.dll
16:47:08.0688 5084 C:\Windows\System32\wbem\cimwin32.dll - ok
16:47:08.0704 5084 [ D0481FB85BEEDD30A0884BE327880F80 ] C:\Windows\SysWOW64\framedynos.dll
16:47:08.0704 5084 C:\Windows\SysWOW64\framedynos.dll - ok
16:47:08.0719 5084 [ A42E7748BE906434C5FD17161D168C20 ] C:\Windows\SysWOW64\schedcli.dll
16:47:08.0719 5084 C:\Windows\SysWOW64\schedcli.dll - ok
16:47:08.0719 5084 [ 1484B9EBF567346582DE571B0E164AE0 ] C:\Windows\System32\framedynos.dll
16:47:08.0719 5084 C:\Windows\System32\framedynos.dll - ok
16:47:08.0735 5084 [ 0D893F8D145D3B125B0226727C243A69 ] C:\Windows\System32\security.dll
16:47:08.0735 5084 C:\Windows\System32\security.dll - ok
16:47:08.0735 5084 [ A5A70AF023570C1D26501B14338C1D6C ] C:\Windows\System32\browcli.dll
16:47:08.0735 5084 C:\Windows\System32\browcli.dll - ok
16:47:08.0750 5084 [ C4BFE4B61086416B0529212F92BCE081 ] C:\Windows\System32\schedcli.dll
16:47:08.0750 5084 C:\Windows\System32\schedcli.dll - ok
16:47:08.0750 5084 [ 2F040CF0613A6D64DCBBA9EE81F5A5AE ] C:\Windows\SysWOW64\dsrole.dll
16:47:08.0750 5084 C:\Windows\SysWOW64\dsrole.dll - ok
16:47:08.0766 5084 [ 5EA9A0950F322BFA382AF277801C0307 ] C:\Windows\System32\wbem\wmipcima.dll
16:47:08.0766 5084 C:\Windows\System32\wbem\wmipcima.dll - ok
16:47:08.0782 5084 [ 907281ED4AD35D41B29FFDC211EBAD80 ] C:\Windows\SysWOW64\wmi.dll
16:47:08.0782 5084 C:\Windows\SysWOW64\wmi.dll - ok
16:47:08.0782 5084 [ C00DB14550E4BD49737F311C644E45FF ] C:\Windows\System32\wmi.dll
16:47:08.0782 5084 C:\Windows\System32\wmi.dll - ok
16:47:08.0797 5084 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\SysWOW64\powrprof.dll
16:47:08.0797 5084 C:\Windows\SysWOW64\powrprof.dll - ok
16:47:08.0797 5084 [ 816FA57475CE5032E063BF69BFCD4C85 ] C:\Windows\SysWOW64\NlsData0021.dll
16:47:08.0797 5084 C:\Windows\SysWOW64\NlsData0021.dll - ok
16:47:08.0813 5084 [ A42FBC61385A5F5F444209EE94D89F27 ] C:\Windows\System32\NlsData0021.dll
16:47:08.0813 5084 C:\Windows\System32\NlsData0021.dll - ok
16:47:08.0813 5084 [ 5003ADEC6FF342D5C0BBAB94B76FE5E0 ] C:\Windows\SysWOW64\NlsLexicons0021.dll
16:47:08.0813 5084 C:\Windows\SysWOW64\NlsLexicons0021.dll - ok
16:47:08.0828 5084 [ E5283AFD7590ECC37F8D62C4D6F1FB48 ] C:\Windows\System32\NlsLexicons0021.dll
16:47:08.0828 5084 C:\Windows\System32\NlsLexicons0021.dll - ok
16:47:08.0828 5084 [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\SysWOW64\linkinfo.dll
16:47:08.0828 5084 C:\Windows\SysWOW64\linkinfo.dll - ok
16:47:08.0844 5084 [ D8F67CCCCF4DE5EBD0E1F79121AFA79E ] C:\Windows\SysWOW64\NlsData0010.dll
16:47:08.0844 5084 C:\Windows\SysWOW64\NlsData0010.dll - ok
16:47:08.0860 5084 [ 2B0605ABC47532155FFBFDC1693317D8 ] C:\Windows\System32\NlsData0010.dll
16:47:08.0860 5084 C:\Windows\System32\NlsData0010.dll - ok
16:47:08.0860 5084 [ 8EA11B7DF3200D72D10FB7D33F750EF4 ] C:\Windows\SysWOW64\NlsLexicons0010.dll
16:47:08.0860 5084 C:\Windows\SysWOW64\NlsLexicons0010.dll - ok
16:47:08.0875 5084 [ 362ACF8F7476637A5F76BE5953F4F258 ] C:\Windows\System32\NlsLexicons0010.dll
16:47:08.0875 5084 C:\Windows\System32\NlsLexicons0010.dll - ok
16:47:08.0875 5084 [ D36E3D5D98C607E3B7A02171860DC138 ] C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll
16:47:08.0875 5084 C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll - ok
16:47:08.0891 5084 [ D233C7FEAE3FAA25F93A9E6B46815ADC ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll
16:47:08.0891 5084 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll - ok
16:47:08.0906 5084 [ 7C74C407EEFE30A423B49E2D10850281 ] C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
16:47:08.0906 5084 C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll - ok
16:47:08.0906 5084 [ C1C03EA437EDDA8A7D4D8786E5AE6751 ] C:\Windows\System32\wuauclt.exe
16:47:08.0906 5084 C:\Windows\System32\wuauclt.exe - ok
16:47:08.0922 5084 [ 420DB712B24607220C11FC08A9F9371C ] C:\Windows\SysWOW64\NlsData0416.dll
16:47:08.0922 5084 C:\Windows\SysWOW64\NlsData0416.dll - ok
16:47:08.0922 5084 [ 50EBD31C3527366FAFA468BD609F7352 ] C:\Windows\System32\wucltux.dll
16:47:08.0922 5084 C:\Windows\System32\wucltux.dll - ok
16:47:08.0938 5084 [ A094DF70FC58677D79B1E8F045AC2883 ] C:\Windows\System32\NlsData0416.dll
16:47:08.0938 5084 C:\Windows\System32\NlsData0416.dll - ok
16:47:08.0953 5084 [ 3688E3B7C22A9C354E0F000D99D1D48C ] C:\Windows\System32\en-US\wucltux.dll.mui
16:47:08.0953 5084 C:\Windows\System32\en-US\wucltux.dll.mui - ok
16:47:08.0953 5084 [ 859F28C52BDF512B6F14DB7F41D4B2BE ] C:\Windows\SysWOW64\NlsLexicons0416.dll
16:47:08.0953 5084 C:\Windows\SysWOW64\NlsLexicons0416.dll - ok
16:47:08.0969 5084 [ 371821A1C47A2B80275A23483FA36BB2 ] C:\Windows\System32\NlsLexicons0416.dll
16:47:08.0969 5084 C:\Windows\System32\NlsLexicons0416.dll - ok
16:47:08.0969 5084 [ 47A65753EE82949D01364105AD85D29E ] C:\Windows\SysWOW64\tzres.dll
16:47:08.0969 5084 C:\Windows\SysWOW64\tzres.dll - ok
16:47:08.0984 5084 [ 90FB1802D488FFA9029854A77D4F3F27 ] C:\Windows\SysWOW64\oleaccrc.dll
16:47:08.0984 5084 C:\Windows\SysWOW64\oleaccrc.dll - ok
16:47:09.0000 5084 [ A79FFFBA93697FB09584F11BD09AB636 ] C:\Windows\SysWOW64\NlsData0018.dll
16:47:09.0000 5084 C:\Windows\SysWOW64\NlsData0018.dll - ok
16:47:09.0000 5084 [ 9BDB62D5C4B3AE8807CB61F7503784E7 ] C:\Windows\System32\NlsData0018.dll
16:47:09.0000 5084 C:\Windows\System32\NlsData0018.dll - ok
16:47:09.0016 5084 [ A4308D8E2B90C3365B124AD2448ED1A2 ] C:\Windows\SysWOW64\NlsLexicons0018.dll
16:47:09.0016 5084 C:\Windows\SysWOW64\NlsLexicons0018.dll - ok
16:47:09.0016 5084 [ 3A84190D1D472A3BB9CC4AF141326F13 ] C:\Windows\System32\NlsLexicons0018.dll
16:47:09.0016 5084 C:\Windows\System32\NlsLexicons0018.dll - ok
16:47:09.0031 5084 [ 6687AF3B9617379577FFA53B84F562FC ] C:\Windows\SysWOW64\NlsData001b.dll
16:47:09.0031 5084 C:\Windows\SysWOW64\NlsData001b.dll - ok
16:47:09.0031 5084 [ 916DB4FEB392BC58239D1C5825E33EA3 ] C:\Windows\System32\NlsData001b.dll
16:47:09.0031 5084 C:\Windows\System32\NlsData001b.dll - ok
16:47:09.0047 5084 [ 88DEA9BB0501708383A45B16173E3F95 ] C:\Windows\SysWOW64\NlsLexicons001b.dll
16:47:09.0047 5084 C:\Windows\SysWOW64\NlsLexicons001b.dll - ok
16:47:09.0062 5084 [ EE44FD66D54E14694E7DD21C4E1E6599 ] C:\Windows\System32\NlsLexicons001b.dll
16:47:09.0062 5084 C:\Windows\System32\NlsLexicons001b.dll - ok
16:47:09.0062 5084 [ A6CD6B3F71E13E2E45B727FB8A47EA87 ] C:\Windows\SysWOW64\SearchFilterHost.exe
16:47:09.0062 5084 C:\Windows\SysWOW64\SearchFilterHost.exe - ok
16:47:09.0078 5084 [ 465DBF63A5049E4DB4BC5C12FFE781CB ] C:\Windows\SysWOW64\tquery.dll
16:47:09.0078 5084 C:\Windows\SysWOW64\tquery.dll - ok
16:47:09.0078 5084 [ A5D237B8673025B052C0E6FDB6A883E8 ] C:\Windows\SysWOW64\msshooks.dll
16:47:09.0078 5084 C:\Windows\SysWOW64\msshooks.dll - ok
16:47:09.0094 5084 [ 1CBF15FDB0310345A68972EB5C5B948F ] C:\Windows\SysWOW64\mssprxy.dll
16:47:09.0094 5084 C:\Windows\SysWOW64\mssprxy.dll - ok
16:47:09.0094 5084 [ D0E2272A41640708F630258101E96E15 ] C:\Windows\SysWOW64\NlsData001d.dll
16:47:09.0094 5084 C:\Windows\SysWOW64\NlsData001d.dll - ok
16:47:09.0109 5084 [ 3211DAAA9D7D6D723EC5ADC07E739DB8 ] C:\Windows\System32\NlsData001d.dll
16:47:09.0109 5084 C:\Windows\System32\NlsData001d.dll - ok
16:47:09.0125 5084 [ 7AD593A3BF85A6CCB279374C16C83054 ] C:\Windows\SysWOW64\NlsLexicons001d.dll
16:47:09.0125 5084 C:\Windows\SysWOW64\NlsLexicons001d.dll - ok
16:47:09.0125 5084 [ 8CF3DE426173F4C820C9AF0932E6CF58 ] C:\Windows\System32\NlsLexicons001d.dll
16:47:09.0125 5084 C:\Windows\System32\NlsLexicons001d.dll - ok
16:47:09.0140 5084 [ 52799EAD792B0E9AE7FD4BA5BD18FE5C ] C:\Windows\SysWOW64\wbem\WMIADAP.exe
16:47:09.0140 5084 C:\Windows\SysWOW64\wbem\WMIADAP.exe - ok
16:47:09.0140 5084 [ 005247E3057BC5D5C3F8C6F886FFC10C ] C:\Windows\System32\wbem\WMIADAP.exe
16:47:09.0140 5084 C:\Windows\System32\wbem\WMIADAP.exe - ok
16:47:09.0156 5084 [ 529879612A7FAE235914E3AA6A9A669C ] C:\Windows\SysWOW64\loadperf.dll
16:47:09.0156 5084 C:\Windows\SysWOW64\loadperf.dll - ok
16:47:09.0172 5084 [ 9FE3ED67345F0FF829A4A53B90E09672 ] C:\Windows\System32\loadperf.dll
16:47:09.0172 5084 C:\Windows\System32\loadperf.dll - ok
16:47:09.0172 5084 [ 917F27908F54CD8DF1BA8EEDE9C1937F ] C:\Windows\SysWOW64\NlsData0027.dll
16:47:09.0172 5084 C:\Windows\SysWOW64\NlsData0027.dll - ok
16:47:09.0187 5084 [ 2F3ADE3D7094478F185DB4D58EFBC519 ] C:\Windows\System32\NlsData0027.dll
16:47:09.0187 5084 C:\Windows\System32\NlsData0027.dll - ok
16:47:09.0187 5084 [ F334F0D5F2DA3563F8A364988A8539DE ] C:\Windows\SysWOW64\NlsLexicons0027.dll
16:47:09.0187 5084 C:\Windows\SysWOW64\NlsLexicons0027.dll - ok
16:47:09.0203 5084 [ 5841765E95A74F6C8B808327B7054E2C ] C:\Windows\System32\NlsLexicons0027.dll
16:47:09.0203 5084 C:\Windows\System32\NlsLexicons0027.dll - ok
16:47:09.0218 5084 [ 63B282FB2550893724647A359BA2323F ] C:\Windows\SysWOW64\Query.dll
16:47:09.0218 5084 C:\Windows\SysWOW64\Query.dll - ok
16:47:09.0218 5084 [ A4D7E12EDCA8BDA7EECEE69BB8D32353 ] C:\Windows\SysWOW64\NlsData002a.dll
16:47:09.0218 5084 C:\Windows\SysWOW64\NlsData002a.dll - ok
16:47:09.0234 5084 [ 76B153B2E0B248461BC0BA6CF0D3D337 ] C:\Windows\System32\NlsData002a.dll
16:47:09.0234 5084 C:\Windows\System32\NlsData002a.dll - ok
16:47:09.0250 5084 [ F02C8DC1DB4B4E35202A28B0E2F8AE3D ] C:\Windows\SysWOW64\NlsLexicons002a.dll
16:47:09.0250 5084 C:\Windows\SysWOW64\NlsLexicons002a.dll - ok
16:47:09.0250 5084 [ 5C1ADBE943202ACFEF37F9283C1C2295 ] C:\Windows\System32\NlsLexicons002a.dll
16:47:09.0250 5084 C:\Windows\System32\NlsLexicons002a.dll - ok
16:47:09.0265 5084 [ 0BDF121EBD33DA510BD82051C795E199 ] C:\Windows\SysWOW64\NlsData0003.dll
16:47:09.0265 5084 C:\Windows\SysWOW64\NlsData0003.dll - ok
16:47:09.0265 5084 [ 28943370E3AF1D34D77D22911F891213 ] C:\Windows\System32\NlsData0003.dll
16:47:09.0265 5084 C:\Windows\System32\NlsData0003.dll - ok
16:47:09.0281 5084 [ E08BD8A403E169971B499E59203B0FB8 ] C:\Windows\SysWOW64\NlsLexicons0003.dll
16:47:09.0281 5084 C:\Windows\SysWOW64\NlsLexicons0003.dll - ok
16:47:09.0296 5084 [ 4F0429B763D05E721C0DD50693B7EFBE ] C:\Windows\System32\NlsLexicons0003.dll
16:47:09.0296 5084 C:\Windows\System32\NlsLexicons0003.dll - ok
16:47:09.0296 5084 [ 28C53E0F0BBC13EA7ACE9150E23A2B35 ] C:\Windows\SysWOW64\NlsData001a.dll
16:47:09.0296 5084 C:\Windows\SysWOW64\NlsData001a.dll - ok
16:47:09.0312 5084 [ A9263F43A5F55F8920DEFA5DB13915D3 ] C:\Windows\System32\NlsData001a.dll
16:47:09.0312 5084 C:\Windows\System32\NlsData001a.dll - ok
16:47:09.0312 5084 [ 6A60563AAE7F396B81273876D269C2FE ] C:\Windows\SysWOW64\NlsLexicons001a.dll
16:47:09.0312 5084 C:\Windows\SysWOW64\NlsLexicons001a.dll - ok
16:47:09.0328 5084 [ 916A505D363C3864B5B1CF52A43276A2 ] C:\Windows\System32\NlsLexicons001a.dll
16:47:09.0328 5084 C:\Windows\System32\NlsLexicons001a.dll - ok
16:47:09.0328 5084 [ 6F778263DEB34EDA9EA7156FF3ABB26B ] C:\Windows\SysWOW64\NlsData0007.dll
16:47:09.0328 5084 C:\Windows\SysWOW64\NlsData0007.dll - ok
16:47:09.0343 5084 [ 164647BBD819458CE5AA8A8C097B83AC ] C:\Windows\System32\NlsData0007.dll
16:47:09.0343 5084 C:\Windows\System32\NlsData0007.dll - ok
16:47:09.0343 5084 [ 5E09C2AB22939CB7A637B7F1C5AE7D4F ] C:\Windows\SysWOW64\NlsLexicons0007.dll
16:47:09.0343 5084 C:\Windows\SysWOW64\NlsLexicons0007.dll - ok
16:47:09.0359 5084 [ 37A2FBCBD0AF846BEF609CBEB61EEA68 ] C:\Windows\System32\NlsLexicons0007.dll
16:47:09.0359 5084 C:\Windows\System32\NlsLexicons0007.dll - ok
16:47:09.0374 5084 [ CCCD41DB1BFEF9FE46E4AEBBCA7699B4 ] C:\Windows\SysWOW64\NlsData000a.dll
16:47:09.0374 5084 C:\Windows\SysWOW64\NlsData000a.dll - ok
16:47:09.0374 5084 [ 061A78FEFA0457FD64F62DF791939466 ] C:\Windows\System32\NlsData000a.dll
16:47:09.0374 5084 C:\Windows\System32\NlsData000a.dll - ok
16:47:09.0390 5084 [ 3DF31EF7B0FCE66CDC89737C72D82C25 ] C:\Windows\SysWOW64\NlsLexicons000a.dll
16:47:09.0390 5084 C:\Windows\SysWOW64\NlsLexicons000a.dll - ok
16:47:09.0390 5084 [ CDDF26D22DF0C095BC3DF44BBCDC426C ] C:\Windows\System32\NlsLexicons000a.dll
16:47:09.0390 5084 C:\Windows\System32\NlsLexicons000a.dll - ok
16:47:09.0406 5084 [ 315111B5C7D1DE03D005F85C704FD1BF ] C:\Windows\SysWOW64\offfilt.dll
16:47:09.0406 5084 C:\Windows\SysWOW64\offfilt.dll - ok
16:47:09.0421 5084 [ A9035C4CA57ACB80419ED878FE1EB161 ] C:\Windows\System32\offfilt.dll
16:47:09.0421 5084 C:\Windows\System32\offfilt.dll - ok
16:47:09.0421 5084 [ CDEBD55FFBDA3889AA2A8CE52B9DC097 ] C:\Windows\System32\sdclt.exe
16:47:09.0421 5084 C:\Windows\System32\sdclt.exe - ok
16:47:09.0437 5084 [ 7015964571A7D78E376F61BF5D08F0BA ] C:\Program Files (x86)\Sophos\AutoUpdate\inetconn.dll
16:47:09.0437 5084 C:\Program Files (x86)\Sophos\AutoUpdate\inetconn.dll - ok
16:47:09.0437 5084 [ 13337A3FB17F2242487FD45488ED0485 ] C:\Windows\SysWOW64\vssapi.dll
16:47:09.0437 5084 C:\Windows\SysWOW64\vssapi.dll - ok
16:47:09.0452 5084 [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\SysWOW64\atl.dll
16:47:09.0452 5084 C:\Windows\SysWOW64\atl.dll - ok
16:47:09.0468 5084 [ B940289C83121046BD6A60ACC6028593 ] C:\Windows\SysWOW64\vsstrace.dll
16:47:09.0468 5084 C:\Windows\SysWOW64\vsstrace.dll - ok
16:47:09.0468 5084 [ 3CC04CB09FAFAD87942437FDDEE11EE3 ] C:\Windows\SysWOW64\ReAgent.dll
16:47:09.0468 5084 C:\Windows\SysWOW64\ReAgent.dll - ok
16:47:09.0484 5084 [ 8CE1C165396F2453012B3E23ADD9DF76 ] C:\Windows\System32\ReAgent.dll
16:47:09.0484 5084 C:\Windows\System32\ReAgent.dll - ok
16:47:09.0499 5084 [ A399514D3B28C9A3453A486BBAAFF1C7 ] C:\Windows\SysWOW64\wdscore.dll
16:47:09.0499 5084 C:\Windows\SysWOW64\wdscore.dll - ok
16:47:09.0499 5084 [ 971A36C4827AD1AE2A54E6407478921A ] C:\Windows\SysWOW64\spp.dll
16:47:09.0499 5084 C:\Windows\SysWOW64\spp.dll - ok
16:47:09.0515 5084 [ B7AC66C1CCD87D7C49256B5451DED4FA ] C:\Windows\System32\spp.dll
16:47:09.0515 5084 C:\Windows\System32\spp.dll - ok
16:47:09.0530 5084 [ 8CAC93E088836E3C479CE9AA33BB3F8F ] C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\ALUpdate.exe
16:47:09.0530 5084 C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\ALUpdate.exe - ok
16:47:09.0546 5084 [ EAFC149CD3BD78C443E31BB157841197 ] C:\Windows\SysWOW64\tbs.dll
16:47:09.0546 5084 C:\Windows\SysWOW64\tbs.dll - ok
16:47:09.0546 5084 [ 11C405A2DCF38E098316FD904A4FB662 ] C:\Windows\System32\sdengin2.dll
16:47:09.0546 5084 C:\Windows\System32\sdengin2.dll - ok
16:47:09.0562 5084 [ 108C2CFA5527458C096A699929ECBD80 ] C:\Windows\SysWOW64\credui.dll
16:47:09.0562 5084 C:\Windows\SysWOW64\credui.dll - ok
16:47:09.0562 5084 [ 544EFF88AC6C85DF5A4D6F18DFE08CFC ] C:\Windows\SysWOW64\taskschd.dll
16:47:09.0562 5084 C:\Windows\SysWOW64\taskschd.dll - ok
16:47:09.0577 5084 [ 08459651100581629CDE10FCD47FF50B ] C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\crypto.dll
16:47:09.0577 5084 C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\crypto.dll - ok
16:47:09.0593 5084 [ A94DC60A90EFD7A35C36D971E3EE7470 ] C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\MSVCP71.DLL
16:47:09.0593 5084 C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\MSVCP71.DLL - ok
16:47:09.0593 5084 [ CA2F560921B7B8BE1CF555A5A18D54C3 ] C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\MSVCR71.DLL
16:47:09.0593 5084 C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\MSVCR71.DLL - ok
16:47:09.0608 5084 [ 04966D956F02E1960EA58D91F753D997 ] C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\ChannelUpdater.dll
16:47:09.0608 5084 C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\ChannelUpdater.dll - ok
16:47:09.0624 5084 [ CC4859C34DC7DFB521716AF5DBDCA22F ] C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\retailer.dll
16:47:09.0624 5084 C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\retailer.dll - ok
16:47:09.0624 5084 [ EDF2A5E96BEC469DA3F64E9BDD386111 ] C:\Windows\SysWOW64\xmllite.dll
16:47:09.0624 5084 C:\Windows\SysWOW64\xmllite.dll - ok
16:47:09.0640 5084 [ 4D902C188F9D3F483B70754FBE75660F ] C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\xmlcpp.dll
16:47:09.0640 5084 C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\xmlcpp.dll - ok
16:47:09.0655 5084 [ F35DC586D2E3258633D12F253AFF39E3 ] C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\libeay32.dll
16:47:09.0655 5084 C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\libeay32.dll - ok
16:47:09.0671 5084 [ 54A47F6B5E09A77E61649109C6A08866 ] C:\Windows\SysWOW64\svchost.exe
16:47:09.0671 5084 C:\Windows\SysWOW64\svchost.exe - ok
16:47:09.0671 5084 [ 9BF7BDBD1EC69D44EA8D9BE222FC93BB ] C:\Windows\SysWOW64\sxshared.dll
16:47:09.0671 5084 C:\Windows\SysWOW64\sxshared.dll - ok
16:47:09.0686 5084 [ DD7596A0BC60AFFCCEB07E64F876FB59 ] C:\Windows\SysWOW64\sxproxy.dll
16:47:09.0686 5084 C:\Windows\SysWOW64\sxproxy.dll - ok
16:47:09.0702 5084 [ 6EA4234DC55346E0709560FE7C2C1972 ] C:\Windows\System32\sdrsvc.dll
16:47:09.0702 5084 C:\Windows\System32\sdrsvc.dll - ok
16:47:09.0702 5084 [ 755B1B41B8CED83AD221D9E491765C56 ] C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\SharedRes.dll
16:47:09.0702 5084 C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\SharedRes.dll - ok
16:47:09.0718 5084 [ E7FBBF3193E248EE05CBC9562810C44A ] C:\Windows\System32\sxshared.dll
16:47:09.0718 5084 C:\Windows\System32\sxshared.dll - ok
16:47:09.0718 5084 [ 89F4D0DD6606A2FE15931E6888DBBC8D ] C:\Windows\SysWOW64\stdole2.tlb
16:47:09.0718 5084 C:\Windows\SysWOW64\stdole2.tlb - ok
16:47:09.0733 5084 [ 55BA6C87FFB2C478E1C9351FA631CC1A ] C:\Windows\System32\sxproxy.dll
16:47:09.0733 5084 C:\Windows\System32\sxproxy.dll - ok
16:47:09.0733 5084 [ 25113014D4B2DA9AB1CC13C7A52209C4 ] C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\libcurl.dll
16:47:09.0733 5084 C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\libcurl.dll - ok
16:47:09.0749 5084 [ 9EF6BB771ECE62E966E6F54542E61D1B ] C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\CidSync.dll
16:47:09.0749 5084 C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\CidSync.dll - ok
16:47:09.0764 5084 [ F6916EFC29D9953D5D0DF06882AE8E16 ] C:\Windows\SysWOW64\es.dll
16:47:09.0764 5084 C:\Windows\SysWOW64\es.dll - ok
16:47:09.0764 5084 [ A943D670747778C7597987A4B5B9A679 ] C:\Windows\System32\WFS.exe
16:47:09.0764 5084 C:\Windows\System32\WFS.exe - ok
16:47:09.0780 5084 [ F1E9A22C1D4F5D3AC7BA555D4E95329C ] C:\Windows\SysWOW64\sud.dll
16:47:09.0780 5084 C:\Windows\SysWOW64\sud.dll - ok
16:47:09.0796 5084 [ 8BCF1DCE05F4494C8891F33EEA450D0A ] C:\Windows\SysWOW64\wdc.dll
16:47:09.0796 5084 C:\Windows\SysWOW64\wdc.dll - ok
16:47:09.0796 5084 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] C:\Windows\SysWOW64\wdi.dll
16:47:09.0796 5084 C:\Windows\SysWOW64\wdi.dll - ok
16:47:09.0811 5084 [ 53DA0477158774940C7FB45AC70645AA ] C:\Windows\SysWOW64\clb.dll
16:47:09.0811 5084 C:\Windows\SysWOW64\clb.dll - ok
16:47:09.0827 5084 [ 8D47D01378347889A662D54037A988CC ] C:\Windows\SysWOW64\tdh.dll
16:47:09.0827 5084 C:\Windows\SysWOW64\tdh.dll - ok
16:47:09.0827 5084 [ 737AFC772243C75E6AD17A7A8E8E23F9 ] C:\Windows\SysWOW64\fms.dll
16:47:09.0827 5084 C:\Windows\SysWOW64\fms.dll - ok
16:47:09.0842 5084 [ 45D9F6CD2469CDB6A640DD4BD2B01471 ] C:\Windows\SysWOW64\nci.dll
16:47:09.0842 5084 C:\Windows\SysWOW64\nci.dll - ok
16:47:09.0842 5084 [ 63DF770DF74ACB370EF5A16727069AAF ] C:\Windows\SysWOW64\hid.dll
16:47:09.0842 5084 C:\Windows\SysWOW64\hid.dll - ok
16:47:09.0858 5084 [ 0411B7958C524BB2E91EE1B3035FE321 ] C:\Windows\SysWOW64\dxgi.dll
16:47:09.0858 5084 C:\Windows\SysWOW64\dxgi.dll - ok
16:47:09.0858 5084 [ DCB7FCDCC97F87360F75D77425B81737 ] C:\Windows\SysWOW64\Sens.dll
16:47:09.0858 5084 C:\Windows\SysWOW64\Sens.dll - ok
16:47:09.0874 5084 [ 954EA9B34F155C844B11F4047A8F6F89 ] C:\Windows\SysWOW64\upnp.dll
16:47:09.0874 5084 C:\Windows\SysWOW64\upnp.dll - ok
16:47:09.0874 5084 [ F93C84B307573327779AE0DA41115957 ] C:\Windows\SysWOW64\ulib.dll
16:47:09.0874 5084 C:\Windows\SysWOW64\ulib.dll - ok
16:47:09.0889 5084 [ 079D12BFED9E3E03D02A44BAF8FFA3A9 ] C:\Windows\SysWOW64\desk.cpl
16:47:09.0889 5084 C:\Windows\SysWOW64\desk.cpl - ok
16:47:09.0905 5084 [ 7D44EE5DBCC3A6E90EB60EDF72B66D99 ] C:\Windows\SysWOW64\apds.dll
16:47:09.0905 5084 C:\Windows\SysWOW64\apds.dll - ok
16:47:09.0905 5084 [ 21B62252D283FBF75A5F67849EBD9B2E ] C:\Windows\System32\WFSR.dll
16:47:09.0905 5084 C:\Windows\System32\WFSR.dll - ok
16:47:09.0920 5084 [ 75EA62927355189876081EF863064982 ] C:\Windows\SysWOW64\ncsi.dll
16:47:09.0920 5084 C:\Windows\SysWOW64\ncsi.dll - ok
16:47:09.0920 5084 [ E8C2C855AADAEEA8CBB879246BFA7B9E ] C:\Windows\System32\batt.dll
16:47:09.0920 5084 C:\Windows\System32\batt.dll - ok
16:47:09.0936 5084 [ 139D3AB6AA920C34C50CBFFB9EB7D222 ] C:\Windows\SysWOW64\avrt.dll
16:47:09.0936 5084 C:\Windows\SysWOW64\avrt.dll - ok
16:47:09.0936 5084 [ F748F53FE09D21D8ECBB6421E6792024 ] C:\Windows\SysWOW64\onex.dll
16:47:09.0936 5084 C:\Windows\SysWOW64\onex.dll - ok
16:47:09.0952 5084 [ BA2B249CD7C8CE15E1A8D69ECAEE5FA3 ] C:\Windows\SysWOW64\main.cpl
16:47:09.0952 5084 C:\Windows\SysWOW64\main.cpl - ok
16:47:09.0967 5084 [ 2E2C17DF779AD51A7209754685B010A1 ] C:\Windows\SysWOW64\apss.dll
16:47:09.0967 5084 C:\Windows\SysWOW64\apss.dll - ok
16:47:09.0967 5084 [ 7222995615BF93B628DCEA4BD6CCACF7 ] C:\Windows\SysWOW64\ubpm.dll
16:47:09.0967 5084 C:\Windows\SysWOW64\ubpm.dll - ok
16:47:09.0983 5084 [ 061CBB1058A10C0875D18CAFF835AE97 ] C:\Windows\SysWOW64\mshta.exe
16:47:09.0983 5084 C:\Windows\SysWOW64\mshta.exe - ok
16:47:09.0983 5084 [ 31DF8B79EF2B1985FFBB113D7A03B0AA ] C:\Windows\System32\bthci.dll
16:47:09.0983 5084 C:\Windows\System32\bthci.dll - ok
16:47:09.0998 5084 [ 53E054880ADBB856ECE6EB10EDBB8A32 ] C:\Windows\SysWOW64\mmsys.cpl
16:47:09.0998 5084 C:\Windows\SysWOW64\mmsys.cpl - ok
16:47:10.0014 5084 [ 1F4C97B6D0BD2515BCDF8B15DC65F2E3 ] C:\Windows\System32\sccls.dll
16:47:10.0014 5084 C:\Windows\System32\sccls.dll - ok
16:47:10.0014 5084 [ D29E45078CF4020CE0AAC82EC652D1EA ] C:\Windows\SysWOW64\TSpkg.dll
16:47:10.0014 5084 C:\Windows\SysWOW64\TSpkg.dll - ok
16:47:10.0030 5084 [ 7D4DC95A1F5E0818E74A399960569EA1 ] C:\Windows\SysWOW64\wuapi.dll
16:47:10.0030 5084 C:\Windows\SysWOW64\wuapi.dll - ok
16:47:10.0045 5084 [ F2ED6D00921CA138289E5E0CCB9ABF87 ] C:\Windows\SysWOW64\wwapi.dll
16:47:10.0045 5084 C:\Windows\SysWOW64\wwapi.dll - ok
16:47:10.0045 5084 [ DB67C7C62038BDE813CB6486581A7611 ] C:\Windows\SysWOW64\mssph.dll
16:47:10.0045 5084 C:\Windows\SysWOW64\mssph.dll - ok
16:47:10.0061 5084 [ C7952D0A4C43A965A1741916BB134751 ] C:\Windows\SysWOW64\hgcpl.dll
16:47:10.0061 5084 C:\Windows\SysWOW64\hgcpl.dll - ok
16:47:10.0076 5084 [ 7FD5532C142DB6C9CC47AA4DCF71FDEC ] C:\Windows\SysWOW64\wscui.cpl
16:47:10.0076 5084 C:\Windows\SysWOW64\wscui.cpl - ok
16:47:10.0076 5084 [ 4BDBBE5E4208022DD794F7EEEB0F7366 ] C:\Windows\SysWOW64\SPInf.dll
16:47:10.0076 5084 C:\Windows\SysWOW64\SPInf.dll - ok
16:47:10.0092 5084 [ 37CC990D4E2CDFAE12AC47F6B620FC13 ] C:\Windows\SysWOW64\pku2u.dll
16:47:10.0092 5084 C:\Windows\SysWOW64\pku2u.dll - ok
16:47:10.0108 5084 [ DAB5808E0C26740577AE67878A87136E ] C:\Windows\SysWOW64\aclui.dll
16:47:10.0108 5084 C:\Windows\SysWOW64\aclui.dll - ok
16:47:10.0108 5084 [ 71C4F42DC8DB668E826DA79462EA741E ] C:\Windows\SysWOW64\KBDUS.DLL
16:47:10.0108 5084 C:\Windows\SysWOW64\KBDUS.DLL - ok
16:47:10.0123 5084 [ C9708C9F3DBA3DBFB1D2FEE1E9DABAD0 ] C:\Windows\SysWOW64\twext.dll
16:47:10.0123 5084 C:\Windows\SysWOW64\twext.dll - ok
16:47:10.0123 5084 [ 2572E1F0254E2267E97DE1B15D099EC4 ] C:\Windows\SysWOW64\d3d10.dll
16:47:10.0123 5084 C:\Windows\SysWOW64\d3d10.dll - ok
16:47:10.0139 5084 [ 25ECEE9FE6D1E638E3980F71E77DB32C ] C:\Windows\SysWOW64\wuapp.exe
16:47:10.0139 5084 C:\Windows\SysWOW64\wuapp.exe - ok
16:47:10.0139 5084 [ E7B1B5D5A1D1E4C77AE995D725A1FEE5 ] C:\Windows\System32\sdcpl.dll
16:47:10.0139 5084 C:\Windows\System32\sdcpl.dll - ok
16:47:10.0154 5084 [ BD626EF05967D14C772B8096292731A3 ] C:\Windows\SysWOW64\QUTIL.DLL
16:47:10.0154 5084 C:\Windows\SysWOW64\QUTIL.DLL - ok
16:47:10.0170 5084 [ 56CEED370508F69A1BA04939BD1BADDA ] C:\Windows\SysWOW64\msutb.dll
16:47:10.0170 5084 C:\Windows\SysWOW64\msutb.dll - ok
16:47:10.0170 5084 [ 5C3F9DBA818CD93379D1A0F215270374 ] C:\Windows\SysWOW64\esent.dll
16:47:10.0170 5084 C:\Windows\SysWOW64\esent.dll - ok
16:47:10.0186 5084 [ 987323F0247D023AD1AE52195540ECE0 ] C:\Windows\SysWOW64\mssvp.dll
16:47:10.0186 5084 C:\Windows\SysWOW64\mssvp.dll - ok
16:47:10.0201 5084 [ 387E72E739E15E3D37907A86D9FF98E2 ] C:\Windows\System32\KMSVC.DLL
16:47:10.0201 5084 C:\Windows\System32\KMSVC.DLL - ok
16:47:10.0201 5084 [ D01628AF9F7FB3F415B357D446FBE6D9 ] C:\Windows\splwow64.exe
16:47:10.0201 5084 C:\Windows\splwow64.exe - ok
16:47:10.0217 5084 [ EB7B4563D6D20FC663F15FE8581D0BF2 ] C:\Windows\SysWOW64\dmocx.dll
16:47:10.0217 5084 C:\Windows\SysWOW64\dmocx.dll - ok
16:47:10.0232 5084 [ 370349F79315D4DB86CD992CACEFEE61 ] C:\Windows\SysWOW64\VAN.dll
16:47:10.0232 5084 C:\Windows\SysWOW64\VAN.dll - ok
16:47:10.0232 5084 [ 5893EBDCE371174AC89ECD7731DD6D77 ] C:\Windows\SysWOW64\pcwum.dll
16:47:10.0232 5084 C:\Windows\SysWOW64\pcwum.dll - ok
16:47:10.0248 5084 [ 487F44B08EFEAF5AD087878357B9403D ] C:\Windows\SysWOW64\pdh.dll
16:47:10.0248 5084 C:\Windows\SysWOW64\pdh.dll - ok
16:47:10.0264 5084 [ C555046481601ED19920F2D3E76B8A36 ] C:\Windows\SysWOW64\tsgqec.dll
16:47:10.0264 5084 C:\Windows\SysWOW64\tsgqec.dll - ok
16:47:10.0264 5084 [ 02A2ED8497F437EA200DF3ACED255AFE ] C:\Windows\SysWOW64\elslad.dll
16:47:10.0264 5084 C:\Windows\SysWOW64\elslad.dll - ok
16:47:10.0279 5084 [ 35CEDE6439FF0D8903223A0817FFE46C ] C:\Windows\SysWOW64\d2d1.dll
16:47:10.0279 5084 C:\Windows\SysWOW64\d2d1.dll - ok
16:47:10.0279 5084 [ 7AA994D0757EF3FDB4F3F7656E1E4D60 ] C:\Windows\SysWOW64\dfscli.dll
16:47:10.0279 5084 C:\Windows\SysWOW64\dfscli.dll - ok
16:47:10.0295 5084 [ 809F27F4C0E30691D0FE7109BF78293F ] C:\Windows\SysWOW64\FM20.DLL
16:47:10.0295 5084 C:\Windows\SysWOW64\FM20.DLL - ok
16:47:10.0310 5084 [ 6EF5F3F18413C367195F06E503AB86A6 ] C:\Windows\SysWOW64\d3d9.dll
16:47:10.0310 5084 C:\Windows\SysWOW64\d3d9.dll - ok
16:47:10.0310 5084 [ A8CDF3768604FF95B54669E20053D569 ] C:\Windows\SysWOW64\wscapi.dll
16:47:10.0310 5084 C:\Windows\SysWOW64\wscapi.dll - ok
16:47:10.0326 5084 [ 35AAE2E841AA1A949775168E119482C9 ] C:\Windows\SysWOW64\msls31.dll
16:47:10.0326 5084 C:\Windows\SysWOW64\msls31.dll - ok
16:47:10.0342 5084 [ 414DA952A35BF5D50192E28263B40577 ] C:\Windows\SysWOW64\shsvcs.dll
16:47:10.0342 5084 C:\Windows\SysWOW64\shsvcs.dll - ok
16:47:10.0357 5084 [ 1D1EAA16D193C6A2D45981ED3914D22A ] C:\Windows\SysWOW64\msimtf.dll
16:47:10.0357 5084 C:\Windows\SysWOW64\msimtf.dll - ok
16:47:10.0357 5084 [ 104A1070E90F1C530328E69B49718841 ] C:\Windows\SysWOW64\nlaapi.dll
16:47:10.0357 5084 C:\Windows\SysWOW64\nlaapi.dll - ok
16:47:10.0373 5084 [ 1F27643C4C626457FCE8F047AE1CD7E1 ] C:\Windows\SysWOW64\dxva2.dll
16:47:10.0373 5084 C:\Windows\SysWOW64\dxva2.dll - ok
16:47:10.0388 5084 [ BF6BF2F25C73CB4A5204DCC1924A8A14 ] C:\Windows\System32\sti_ci.dll
16:47:10.0388 5084 C:\Windows\System32\sti_ci.dll - ok
16:47:10.0388 5084 [ C30A3E5DEEEBA22E782AC54C5AF5F352 ] C:\Windows\SysWOW64\samlib.dll
16:47:10.0388 5084 C:\Windows\SysWOW64\samlib.dll - ok
16:47:10.0404 5084 [ CDD35C1CE1EBFE80C055691CDC8DF443 ] C:\Windows\SysWOW64\authui.dll
16:47:10.0404 5084 C:\Windows\SysWOW64\authui.dll - ok
16:47:10.0404 5084 [ 7F8678C59F188528D60104E697C2361E ] C:\Windows\SysWOW64\mscms.dll
16:47:10.0404 5084 C:\Windows\SysWOW64\mscms.dll - ok
16:47:10.0420 5084 [ E8F6851E4600CD3674422487EE240941 ] C:\Windows\SysWOW64\wshext.dll
16:47:10.0420 5084 C:\Windows\SysWOW64\wshext.dll - ok
16:47:10.0435 5084 [ 9C67F6BBDA3881CFD02095160CF91576 ] C:\Windows\SysWOW64\ksuser.dll
16:47:10.0435 5084 C:\Windows\SysWOW64\ksuser.dll - ok
16:47:10.0451 5084 [ 816B681CC308FAA128EDCB90643DCED7 ] C:\Windows\SysWOW64\icm32.dll
16:47:10.0451 5084 C:\Windows\SysWOW64\icm32.dll - ok
16:47:10.0451 5084 [ AF75DBA674E55221B7A055B0A4345F16 ] C:\Windows\SysWOW64\keyiso.dll
16:47:10.0451 5084 C:\Windows\SysWOW64\keyiso.dll - ok
16:47:10.0466 5084 [ 38B13C0DF479DBA23ECFA815159BA86E ] C:\Windows\SysWOW64\ktmw32.dll
16:47:10.0466 5084 C:\Windows\SysWOW64\ktmw32.dll - ok
16:47:10.0466 5084 [ 01073F2BA36792C9BFD1BD622A6247B3 ] C:\Windows\System32\wpccpl.dll
16:47:10.0466 5084 C:\Windows\System32\wpccpl.dll - ok
16:47:10.0482 5084 [ 27F3D44B29E14658EDE13D7D044E7420 ] C:\Windows\SysWOW64\RASMM.dll
16:47:10.0482 5084 C:\Windows\SysWOW64\RASMM.dll - ok
16:47:10.0498 5084 [ 81600E2E27ED61427AAD865B9BCDDB9D ] C:\Windows\SysWOW64\msidle.dll
16:47:10.0498 5084 C:\Windows\SysWOW64\msidle.dll - ok
16:47:10.0498 5084 [ 2305BFF2966D73694972FD7531BC5BAA ] C:\Windows\SysWOW64\SndVol.exe
16:47:10.0498 5084 C:\Windows\SysWOW64\SndVol.exe - ok
16:47:10.0513 5084 [ C3489639EC8E181044F6C6BFD3D01AC9 ] C:\Windows\System32\SndVol.exe
16:47:10.0513 5084 C:\Windows\System32\SndVol.exe - ok
16:47:10.0513 5084 [ 243974EC02F7AE49E4179C54624143AB ] C:\Windows\SysWOW64\MMDevAPI.dll
16:47:10.0513 5084 C:\Windows\SysWOW64\MMDevAPI.dll - ok
16:47:10.0529 5084 [ 3D6F22551D422F97AACB0BB927E4C846 ] C:\Windows\SysWOW64\pnidui.dll
16:47:10.0529 5084 C:\Windows\SysWOW64\pnidui.dll - ok
16:47:10.0529 5084 [ 4B8441782918424827F2937CFB669136 ] C:\Windows\SysWOW64\WlanMM.dll
16:47:10.0544 5084 C:\Windows\SysWOW64\WlanMM.dll - ok
16:47:10.0544 5084 [ 942E57152F1CD0533644AB30EF1A4728 ] C:\Windows\SysWOW64\FXSAPI.dll
16:47:10.0544 5084 C:\Windows\SysWOW64\FXSAPI.dll - ok
16:47:10.0560 5084 [ C940F2F5C60B3727C5F18840735B229C ] C:\Windows\SysWOW64\AudioSes.dll
16:47:10.0560 5084 C:\Windows\SysWOW64\AudioSes.dll - ok
16:47:10.0576 5084 [ 89E783711AF91AF09E1EF30EF3107446 ] C:\Windows\SysWOW64\sscore.dll
16:47:10.0576 5084 C:\Windows\SysWOW64\sscore.dll - ok
16:47:10.0576 5084 [ B2B3DAE040F6B5AE1DF52B0CD7631A18 ] C:\Windows\SysWOW64\AltTab.dll
16:47:10.0576 5084 C:\Windows\SysWOW64\AltTab.dll - ok
16:47:10.0591 5084 [ 40B82688907A7DBA4DB3B5ADDE3EAB3B ] C:\Windows\SysWOW64\mfplat.dll
16:47:10.0591 5084 C:\Windows\SysWOW64\mfplat.dll - ok
16:47:10.0591 5084 [ D205C24A9D069049FE2DF2A1B38726A7 ] C:\Windows\SysWOW64\wdmaud.drv
16:47:10.0591 5084 C:\Windows\SysWOW64\wdmaud.drv - ok
16:47:10.0607 5084 [ F5F9CB23EDBF2C77AAE5A2A2FC4FC333 ] C:\Windows\SysWOW64\devmgr.dll
16:47:10.0607 5084 C:\Windows\SysWOW64\devmgr.dll - ok
16:47:10.0622 5084 [ 07393A09C46083588E751B63B03C8301 ] C:\Windows\SysWOW64\msacm32.drv
16:47:10.0622 5084 C:\Windows\SysWOW64\msacm32.drv - ok
16:47:10.0622 5084 [ 5A12C364AD1D4FCC0AD0E56DBBC34462 ] C:\Windows\SysWOW64\midimap.dll
16:47:10.0622 5084 C:\Windows\SysWOW64\midimap.dll - ok
16:47:10.0638 5084 [ 0241CB16136B9A4939CA0395768AE286 ] C:\Windows\SysWOW64\mssrch.dll
16:47:10.0638 5084 C:\Windows\SysWOW64\mssrch.dll - ok
16:47:10.0638 5084 [ 909C11946AC04EA54A98C97792DC3C18 ] C:\Windows\SysWOW64\puiobj.dll
16:47:10.0638 5084 C:\Windows\SysWOW64\puiobj.dll - ok
16:47:10.0654 5084 [ F41831D2A3D6E2152525EA3F75316ACD ] C:\Windows\System32\wpd_ci.dll
16:47:10.0654 5084 C:\Windows\System32\wpd_ci.dll - ok
16:47:10.0654 5084 [ 3FAD263CE1E2A6FFF40D00043B2275E3 ] C:\Windows\SysWOW64\winbio.dll
16:47:10.0654 5084 C:\Windows\SysWOW64\winbio.dll - ok
16:47:10.0669 5084 [ 69A1D7C29CFF256BECBD4E39E2159636 ] C:\Windows\SysWOW64\scrrun.dll
16:47:10.0669 5084 C:\Windows\SysWOW64\scrrun.dll - ok
16:47:10.0669 5084 [ CE292C4C10B8DB6070F262EA2733F0DC ] C:\Windows\SysWOW64\sqmapi.dll
16:47:10.0669 5084 C:\Windows\SysWOW64\sqmapi.dll - ok
16:47:10.0685 5084 [ A6154A954F08E99D27CEA4D3B9563172 ] C:\Windows\SysWOW64\newdev.dll
16:47:10.0685 5084 C:\Windows\SysWOW64\newdev.dll - ok
16:47:10.0700 5084 [ 0E85C11F8850D524B02181C6E02BA9AE ] C:\Windows\SysWOW64\dsound.dll
16:47:10.0700 5084 C:\Windows\SysWOW64\dsound.dll - ok
16:47:10.0700 5084 [ 894611A2264EE383F14C67660CE1D0F2 ] C:\Windows\System32\dispci.dll
16:47:10.0700 5084 C:\Windows\System32\dispci.dll - ok
16:47:10.0716 5084 [ 5D68F68E12B8BCD35ADE5A7B4FE5F456 ] C:\Windows\System32\wwanmm.dll
16:47:10.0716 5084 C:\Windows\System32\wwanmm.dll - ok
16:47:10.0732 5084 [ 2607A85B6466C0110EA8ABB9D8CC83FC ] C:\Windows\SysWOW64\regapi.dll
16:47:10.0732 5084 C:\Windows\SysWOW64\regapi.dll - ok
16:47:10.0732 5084 [ C9905EA4C326DAB778B9297BA5BD1889 ] C:\Windows\SysWOW64\wermgr.exe
16:47:10.0732 5084 C:\Windows\SysWOW64\wermgr.exe - ok
16:47:10.0747 5084 [ 808D8A8B2A3074002852BC856D419576 ] C:\Windows\SysWOW64\comres.dll
16:47:10.0747 5084 C:\Windows\SysWOW64\comres.dll - ok
16:47:10.0763 5084 [ A29D734F650F958424743BE3BAA052C8 ] C:\Windows\SysWOW64\DWrite.dll
16:47:10.0763 5084 C:\Windows\SysWOW64\DWrite.dll - ok
16:47:10.0763 5084 [ 24CAEDCD73B5B0E22226283B7B2468C7 ] C:\Windows\SysWOW64\mfc42u.dll
16:47:10.0763 5084 C:\Windows\SysWOW64\mfc42u.dll - ok
16:47:10.0778 5084 [ D378BFFB70923139D6A4F546864AA61C ] C:\Windows\SysWOW64\notepad.exe
16:47:10.0778 5084 C:\Windows\SysWOW64\notepad.exe - ok
16:47:10.0778 5084 [ 250AA41DE690561AF1282D598914564C ] C:\Windows\SysWOW64\scesrv.dll
16:47:10.0778 5084 C:\Windows\SysWOW64\scesrv.dll - ok
16:47:10.0794 5084 [ 99B9343280AF6A4C0F27CF2E28E94BBF ] C:\Windows\SysWOW64\dssenh.dll
16:47:10.0794 5084 C:\Windows\SysWOW64\dssenh.dll - ok
16:47:10.0794 5084 [ 2DE90400A63818FA38C4C5C9ADB166BF ] C:\Windows\SysWOW64\d3d10_1.dll
16:47:10.0794 5084 C:\Windows\SysWOW64\d3d10_1.dll - ok
16:47:10.0810 5084 [ CFD8B8537036CF35F6254192997A4D8E ] C:\Windows\SysWOW64\shgina.dll
16:47:10.0810 5084 C:\Windows\SysWOW64\shgina.dll - ok
16:47:10.0810 5084 [ 3FF0FA0A81910617739644A06D06D016 ] C:\Windows\SysWOW64\fdProxy.dll
16:47:10.0810 5084 C:\Windows\SysWOW64\fdProxy.dll - ok
16:47:10.0825 5084 [ 9FA14FFC9150B48C5D582DCF6A79D6F2 ] C:\Windows\SysWOW64\EAPQEC.DLL
16:47:10.0825 5084 C:\Windows\SysWOW64\EAPQEC.DLL - ok
16:47:10.0841 5084 [ A12829E9974F57E9B5DBFEA7C93190F6 ] C:\Windows\SysWOW64\UXInit.dll
16:47:10.0841 5084 C:\Windows\SysWOW64\UXInit.dll - ok
16:47:10.0841 5084 [ 7E236CC26FF0C2513819FA453E2C5371 ] C:\Windows\System32\icaapi.dll
16:47:10.0841 5084 C:\Windows\System32\icaapi.dll - ok
16:47:10.0856 5084 [ 198366199A9F342EF87978D79308B49F ] C:\Windows\SysWOW64\RacEngn.dll
16:47:10.0856 5084 C:\Windows\SysWOW64\RacEngn.dll - ok
16:47:10.0856 5084 [ F82BF2CB075B49E9FAB5FF213C45C020 ] C:\Windows\SysWOW64\mshtml.dll
16:47:10.0856 5084 C:\Windows\SysWOW64\mshtml.dll - ok
16:47:10.0872 5084 [ 82C089EA2A3EEFADF3588EA71E8BDADA ] C:\Windows\SysWOW64\wevtapi.dll
16:47:10.0872 5084 C:\Windows\SysWOW64\wevtapi.dll - ok
16:47:10.0872 5084 [ 2D11BC8B460957E62E4420373A0D8BDA ] C:\Windows\SysWOW64\imapi2.dll
16:47:10.0872 5084 C:\Windows\SysWOW64\imapi2.dll - ok
16:47:10.0888 5084 [ 4FE6AA4422BEC5DC3995051C670FFB26 ] C:\Windows\SysWOW64\advpack.dll
16:47:10.0888 5084 C:\Windows\SysWOW64\advpack.dll - ok
16:47:10.0903 5084 [ 2978077B7DD5B5E24A0A7C0A75B08A5A ] C:\Windows\SysWOW64\jscript.dll
16:47:10.0903 5084 C:\Windows\SysWOW64\jscript.dll - ok
16:47:10.0919 5084 [ A2F0B6A45EF5B68173AAA2A39690904E ] C:\Windows\SysWOW64\zipfldr.dll
16:47:10.0919 5084 C:\Windows\SysWOW64\zipfldr.dll - ok
16:47:10.0934 5084 [ 497E59D9F01C6F247E72222A61835119 ] C:\Windows\SysWOW64\dwmcore.dll
16:47:10.0934 5084 C:\Windows\SysWOW64\dwmcore.dll - ok
16:47:10.0950 5084 [ 617FFBBB59D5FEB3B1F8552C2E7C1AAE ] C:\Windows\SysWOW64\prnntfy.dll
16:47:10.0950 5084 C:\Windows\SysWOW64\prnntfy.dll - ok
16:47:10.0950 5084 [ 8063046AA70B97CA9985672B8848FB2E ] C:\Windows\SysWOW64\wlanhlp.dll
16:47:10.0950 5084 C:\Windows\SysWOW64\wlanhlp.dll - ok
16:47:10.0966 5084 [ D4191EFAB91E00FC09257AA5EBAF503B ] C:\Windows\SysWOW64\mprapi.dll
16:47:10.0966 5084 C:\Windows\SysWOW64\mprapi.dll - ok
16:47:10.0966 5084 [ 02530B0B7E048DD5AC8D52DAEACAEB2B ] C:\Windows\SysWOW64\QAGENT.DLL
16:47:10.0966 5084 C:\Windows\SysWOW64\QAGENT.DLL - ok
16:47:10.0981 5084 [ 57A51217581614DE07F30E34D6BB4993 ] C:\Windows\SysWOW64\cscdll.dll
16:47:10.0981 5084 C:\Windows\SysWOW64\cscdll.dll - ok
16:47:10.0997 5084 [ 20A20A911CD79A6F6839167149A05668 ] C:\Windows\SysWOW64\syncui.dll
16:47:10.0997 5084 C:\Windows\SysWOW64\syncui.dll - ok
16:47:10.0997 5084 [ 47FC6F0D7C1DF9D38D85B1CD3452A19D ] C:\Windows\SysWOW64\WLanConn.dll
16:47:10.0997 5084 C:\Windows\SysWOW64\WLanConn.dll - ok
16:47:11.0012 5084 [ 8124944EC89D6A1815E4E53F5B96AAF4 ] C:\Windows\SysWOW64\scecli.dll
16:47:11.0012 5084 C:\Windows\SysWOW64\scecli.dll - ok
16:47:11.0012 5084 [ 3CCE7C726B88918915A1EF712B9D5F58 ] C:\Windows\AppPatch\AcXtrnal.dll
16:47:11.0012 5084 C:\Windows\AppPatch\AcXtrnal.dll - ok
16:47:11.0028 5084 [ 3F677172F23FC17283D9BCE4B42E3F65 ] C:\Program Files (x86)\Mozilla Firefox\firefox.exe
16:47:11.0028 5084 C:\Program Files (x86)\Mozilla Firefox\firefox.exe - ok
16:47:11.0044 5084 [ F14A9B1778376D0B1788E402AC1F831A ] C:\Windows\SysWOW64\shacct.dll
16:47:11.0044 5084 C:\Windows\SysWOW64\shacct.dll - ok
16:47:11.0044 5084 [ 8BC9DB92C4B2F3BE89185BEAB2AFC1F6 ] C:\Windows\SysWOW64\mapi32.dll
16:47:11.0044 5084 C:\Windows\SysWOW64\mapi32.dll - ok
16:47:11.0059 5084 [ 328E900311D5C31F399730C7CCC8883A ] C:\Windows\SysWOW64\jscript9.dll
16:47:11.0059 5084 C:\Windows\SysWOW64\jscript9.dll - ok
16:47:11.0059 5084 [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
16:47:11.0059 5084 C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll - ok
16:47:11.0075 5084 [ C4096CA42199428B3D63DC206C197F0E ] C:\Windows\SysWOW64\FXSRESM.dll
16:47:11.0075 5084 C:\Windows\SysWOW64\FXSRESM.dll - ok
16:47:11.0075 5084 [ 4009ACA971C4D4E5FA8891B076917069 ] C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
16:47:11.0075 5084 C:\Program Files (x86)\Mozilla Firefox\mozglue.dll - ok
16:47:11.0090 5084 [ E343CABBD8D600ABAF3F11625D33B3D0 ] C:\Windows\SysWOW64\netjoin.dll
16:47:11.0090 5084 C:\Windows\SysWOW64\netjoin.dll - ok
16:47:11.0106 5084 [ D7CB45BEAD7FF63B8D82ABBFB9D74102 ] C:\Program Files (x86)\Mozilla Firefox\nspr4.dll
16:47:11.0106 5084 C:\Program Files (x86)\Mozilla Firefox\nspr4.dll - ok
16:47:11.0122 5084 [ 476F7D54970AEA25DEA456825C64D733 ] C:\Program Files (x86)\Mozilla Firefox\plc4.dll
16:47:11.0122 5084 C:\Program Files (x86)\Mozilla Firefox\plc4.dll - ok
16:47:11.0122 5084 [ 5127CDC241D32568DD458CB0D1C4CEA1 ] C:\Program Files (x86)\Mozilla Firefox\plds4.dll
16:47:11.0122 5084 C:\Program Files (x86)\Mozilla Firefox\plds4.dll - ok
16:47:11.0137 5084 [ D44761290B0861C8DF045CDE34EB0705 ] C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
16:47:11.0137 5084 C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll - ok
16:47:11.0137 5084 [ FDE476CFA50F0E1C3CA7B732334B5C3A ] C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
16:47:11.0137 5084 C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll - ok
16:47:11.0153 5084 [ 80D6B31FA7618B97CA9A0112B7CBB0EA ] C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll
16:47:11.0153 5084 C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll - ok
16:47:11.0168 5084 [ DD74FB796F5D9A2BF5B4F24201429AB8 ] C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
16:47:11.0168 5084 C:\Program Files (x86)\Mozilla Firefox\softokn3.dll - ok
16:47:11.0168 5084 [ 714E3F17D0E2E23354F15FD01B4F4EA8 ] C:\Program Files (x86)\Mozilla Firefox\nss3.dll
16:47:11.0168 5084 C:\Program Files (x86)\Mozilla Firefox\nss3.dll - ok
16:47:11.0184 5084 [ B5C5DCAD3899512020D135600129D665 ] C:\Windows\SysWOW64\wininit.exe
16:47:11.0184 5084 C:\Windows\SysWOW64\wininit.exe - ok
16:47:11.0184 5084 [ A5A40243D737326E61D296ABD4C8AECE ] C:\Program Files (x86)\Mozilla Firefox\ssl3.dll
16:47:11.0184 5084 C:\Program Files (x86)\Mozilla Firefox\ssl3.dll - ok
16:47:11.0200 5084 [ 93A690B9DCDE48B64DE7A87AAC2CC9BC ] C:\Windows\SysWOW64\xwizards.dll
16:47:11.0200 5084 C:\Windows\SysWOW64\xwizards.dll - ok
16:47:11.0200 5084 [ BA6DB597377C3D29128AA201E1D94297 ] C:\Program Files (x86)\Mozilla Firefox\smime3.dll
16:47:11.0200 5084 C:\Program Files (x86)\Mozilla Firefox\smime3.dll - ok
16:47:11.0215 5084 [ 0FCE648F8031872F7B8049F13FA0EDC4 ] C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
16:47:11.0215 5084 C:\Program Files (x86)\Mozilla Firefox\mozjs.dll - ok
16:47:11.0215 5084 [ 0BDD5B8AC394DE23EDBBF8998CBBE2A7 ] C:\Program Files (x86)\Mozilla Firefox\xul.dll
16:47:11.0215 5084 C:\Program Files (x86)\Mozilla Firefox\xul.dll - ok
16:47:11.0231 5084 [ 28CA821606669BB9215CE010767720FA ] C:\Windows\SysWOW64\cryptui.dll
16:47:11.0231 5084 C:\Windows\SysWOW64\cryptui.dll - ok
16:47:11.0246 5084 [ BE005B2321B30219B43986C713ED31A0 ] C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
16:47:11.0246 5084 C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll - ok
16:47:11.0246 5084 [ 03E9314004F504A14A61C3D364B62F66 ] C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
16:47:11.0246 5084 C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll - ok
16:47:11.0262 5084 [ A24CDF378DF91A4304A1F3E7247BD513 ] C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
16:47:11.0262 5084 C:\Program Files (x86)\Mozilla Firefox\xpcom.dll - ok
16:47:11.0262 5084 [ 6D3CE6A1FE3BE6D51A90C3AEF6D545AC ] C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
16:47:11.0262 5084 C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll - ok
16:47:11.0278 5084 [ A2631C4465BBCE72B7E371DFB924A9D3 ] C:\Windows\SysWOW64\feclient.dll
16:47:11.0278 5084 C:\Windows\SysWOW64\feclient.dll - ok
16:47:11.0293 5084 [ 9C36A3CA80F9B204C670336D344F5DF8 ] C:\Windows\SysWOW64\d3d10_1core.dll
16:47:11.0293 5084 C:\Windows\SysWOW64\d3d10_1core.dll - ok
16:47:11.0293 5084 [ 833FBB672460EFCE8011D262175FAD33 ] C:\Windows\SysWOW64\upnphost.dll
16:47:11.0293 5084 C:\Windows\SysWOW64\upnphost.dll - ok
16:47:11.0309 5084 [ EEFF5623465B383677699A06070BECEA ] C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
16:47:11.0309 5084 C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll - ok
16:47:11.0324 5084 [ F661ECDDF6B287683139F4BD365478CB ] C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
16:47:11.0324 5084 C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll - ok
16:47:11.0324 5084 [ 00D7AB9A8E5C9A84CFCA19AD9E583E6F ] C:\Windows\SysWOW64\mmcbase.dll
16:47:11.0324 5084 C:\Windows\SysWOW64\mmcbase.dll - ok
16:47:11.0340 5084 [ A63DC5C2EA944E6657203E0C8EDEAF61 ] C:\Windows\SysWOW64\dllhost.exe
16:47:11.0340 5084 C:\Windows\SysWOW64\dllhost.exe - ok
16:47:11.0340 5084 ============================================================
16:47:11.0340 5084 Scan finished
16:47:11.0340 5084 ============================================================
16:47:11.0371 3576 Detected object count: 5
16:47:11.0371 3576 Actual detected object count: 5
16:50:02.0614 3576 lcdServiceTcWS(6.2.0) ( UnsignedFile.Multi.Generic ) - skipped by user
16:50:02.0614 3576 lcdServiceTcWS(6.2.0) ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:50:02.0614 3576 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
16:50:02.0614 3576 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:50:02.0629 3576 MotoHelper.exe ( UnsignedFile.Multi.Generic ) - skipped by user
16:50:02.0629 3576 MotoHelper.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:50:02.0629 3576 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
16:50:02.0629 3576 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:50:02.0629 3576 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
16:50:02.0629 3576 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:52:10.0659 4044 Deinitialize success

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:23 PM

Posted 15 August 2012 - 08:24 PM

Hello,

Let's run a couple other scanners to make sure no other leftovers.


1.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

2.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Things to include in your next reply::
MBAM log
Eset log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 dabram

dabram
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 16 August 2012 - 01:43 AM

Looks like ESET found some things.


MBAM log
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.15.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
David Abram :: MOM [administrator]

8/15/2012 6:26:58 PM
mbam-log-2012-08-15 (18-26-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222228
Time elapsed: 3 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)























ESET log
C:\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan deleted - quarantined
C:\Program Files (x86)\intellidownload\torrent.exe Win32/BundleInstaller application cleaned by deleting - quarantined
C:\Program Files (x86)\RegInOut\engine.dll a variant of Win32/Adware.AntiMalwarePro.AD application cleaned by deleting - quarantined
C:\Program Files (x86)\RegInOut\RegInOut.exe probably a variant of Win32/Adware.PCFresher.A application cleaned by deleting - quarantined
C:\Users\David Abram\Documents\Usenet.nl\alt.binaries.games\Midisa.Soft.SQL.Editor.v18.7.4.6.WinAll.Cracked-CRD.rar MSIL/TrojanDownloader.Agent.BC trojan deleted - quarantined
C:\Users\David Abram\Documents\Usenet.nl\alt.binaries.warez\Thomson.Reuters.EndNote.X4.v14.0.0.4845.Cracked-EAT.rar a variant of Win32/Injector.ITQ trojan deleted - quarantined
C:\Users\David Abram\Downloads\freeripmp3-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\David Abram\Downloads\reginout_setup.exe multiple threats cleaned by deleting - quarantined
C:\Users\David Abram\Downloads\RegistryQuick_setup.exe Win32/Adware.RegistryQuick application cleaned by deleting - quarantined
C:\Users\Twists\Downloads\mirc717.exe Win32/OpenCandy application cleaned by deleting - quarantined

#11 dabram

dabram
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 16 August 2012 - 02:48 AM

Also, after a restart I tried to reenable my Sophos security settings. It froze on me and I couldn't do anything but a force shut down.
Restarted again, and tried to open Sophos only for it to freeze the whole computer again.
Whatever is wrong with my computer is not gone.

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:23 PM

Posted 16 August 2012 - 01:37 PM

Also, after a restart I tried to reenable my Sophos security settings. It froze on me and I couldn't do anything but a force shut down.
Restarted again, and tried to open Sophos only for it to freeze the whole computer again.
Whatever is wrong with my computer is not gone.


Please uninstall and reinstall Sophos that should fix the problem.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:23 PM

Posted 18 August 2012 - 01:34 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 dabram

dabram
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 20 August 2012 - 12:40 AM

Computer seems to have been running fine even without uninstalling Sophos. I think the topic can be closed. Thank you for your help.

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:23 PM

Posted 20 August 2012 - 05:23 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users