Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Winrscmde Trojan


  • This topic is locked This topic is locked
18 replies to this topic

#1 Lumbajac24

Lumbajac24

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 11 December 2012 - 11:23 PM

I typically use firefox browser with several security add-ons to surf the web. However, I was using internet explorer a couple of days ago and typed in an economics website address incorrectly which led me to a site that instantly gave me a Trojan that Microsoft Security Essentials picked up on. This Trojan was named Trojan:DOS.Alureon.J

I followed this development up with a Malwarebytes Full System Scan that picked up nothing so I figured all was well. However, today I noticed my computer was running progressively slower and I checked Task Manager Processes and saw that Svchost with description Winrscmde was taking up around 40% CPU. I figured rootkits and downloaded the MalwareBytes Anti-Rootkit tool that removed 5 Trojans. I am posting here to do any scans that are needed to ensure complete eradication of any viruses or trojans on this computer. I have attached DDS.

BC AdBot (Login to Remove)

 


#2 Lumbajac24

Lumbajac24
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 11 December 2012 - 11:41 PM

Actually, now I have attached the DDS file. :wink:

Attached Files



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:39 PM

Posted 12 December 2012 - 12:13 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Lumbajac24

Lumbajac24
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 12 December 2012 - 12:49 PM

Ran all 3 programs with required attachments below! Thanks!

Attached Files



#5 Lumbajac24

Lumbajac24
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 12 December 2012 - 12:54 PM

Ah I just saw that you prefer the full text versions of reports.

Checkup.txt
Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
Java™ 6 Update 30
Java 7 Update 10
Java™ 6 Update 3
Java version out of Date!
Adobe Flash Player 11.5.502.135
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
Mozilla Thunderbird 11.0.1 Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.5.1
Run by George at 11:48:08 on 2012-12-12
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2814 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\PuranDefragS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Puran Defrag\PuranADT.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\George\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [StatusAlerts] "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\George\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\George\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 24.220.0.10 24.220.0.11
TCP: Interfaces\{FAB7B19D-A0BE-4B4F-9690-A6E627351A45} : DHCPNameServer = 24.220.0.10 24.220.0.11
SSODL: WebCheck - <orphaned>
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -
x64-Run: [SoundMan] SOUNDMAN.EXE
x64-Run: [PuranADT] C:\Program Files\Puran Defrag\PuranADT.exe
x64-Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
x64-Run: [SaiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
x64-Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
x64-Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\hy39w7vz.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - ExtSQL: !HIDDEN! 2012-01-21 03:03; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2011-7-8 162816]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]
R2 PuranDefrag;PuranDefrag;C:\Windows\System32\PuranDefragS.exe [2011-9-20 290816]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]
R3 SaiK0728;SaiK0728;C:\Windows\System32\drivers\SaiK0728.sys [2009-9-8 160264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 HP DS Service;HP DS Service;C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [2010-10-27 13824]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-9-21 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-21 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-21 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2012-12-12 17:05:53 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-12 03:42:49 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7A8899B8-6622-4F09-89BE-72763440C31A}\mpengine.dll
2012-12-11 20:45:04 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-11 20:43:49 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-12-11 20:43:49 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-28 15:40:11 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B0281096-9C21-461A-83C0-6630CAEBE938}\gapaengine.dll
2012-11-16 10:17:12 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-16 10:17:12 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-16 10:17:12 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-16 10:17:12 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-16 10:05:55 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-16 10:05:55 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-16 10:05:55 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-16 10:05:54 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-16 10:05:53 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-16 10:05:53 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-16 10:05:53 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-16 07:34:05 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-11-16 07:34:05 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-11-16 07:34:05 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-11-16 07:34:04 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
.
==================== Find3M ====================
.
2012-12-12 02:31:25 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 02:31:25 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-05 21:35:16 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-11-05 20:41:32 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-11-05 20:32:16 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-11-05 20:32:09 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-10-31 22:46:09 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-30 01:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
.
============= FINISH: 11:48:31.19 ===============

Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 9/20/2011 10:48:15 PM
System Uptime: 12/12/2012 10:54:10 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0GC375
Processor: Intel® Pentium® D CPU 3.00GHz | Microprocessor | 2993/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 401.847 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 465.533 GiB free.
F: is Removable
G: is Removable
H: is CDROM (UDF)
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 400 color M451dn
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: Hewlett-Packard
Name: HP LaserJet 400 color M451dn
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP125: 12/6/2012 4:30:05 PM - Windows Update
RP126: 12/10/2012 10:59:51 AM - Windows Update
RP127: 12/11/2012 10:06:18 PM - Malwarebytes Anti-Rootkit Restore Point
RP128: 12/12/2012 10:29:55 AM - Windows Update
RP129: 12/12/2012 11:04:41 AM - Installed Java 7 Update 10
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer
7-Zip 4.65 (x64 edition)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Battlefield 2™
Battlefield 2: Special Forces
Bonjour
BufferChm
C5200
C5200_Help
CCleaner
CleanMem
Company of Heroes
Company of Heroes - FAKEMSI
Copy
CutePDF Writer 2.8
Destinations
DeviceDiscovery
DocProc
Dropbox
Fax
File Uploader
Geosense for Windows
Google Earth Plug-in
Google Update Helper
GPBaseService2
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP LJ300-400 color M351-M451
HP Photosmart All-In-One Driver Software 13.0 Rel. 2
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Unified IO
HP Update
hpbDSService
hpbM351M451DSService
HPLaserJet300-400ColorM351-M451Series_HelpLearnCenter_SI
HPLJDXPHelper
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
hppLaserJetService
hppM351_M451LaserJetService
HPProductAssistant
hppToolboxProxyM351
HPSSupply
hpStatusAlerts
hpStatusAlertsM351_M451
iCloud
ImgBurn
InstanceFinder
iTunes
Java 7 Update 10
Java Auto Updater
Java™ 6 Update 3
Java™ 6 Update 30
JavaFX 2.1.1
LJDXPHelperUI
Malwarebytes Anti-Malware version 1.65.1.1000
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 11.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network64
Nikon Message Center
Nikon Transfer
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 285.62
NVIDIA Control Panel 285.62
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Graphics Driver 285.62
NVIDIA Install Application
NVIDIA Performance
NVIDIA System Monitor
NVIDIA System Update
NVIDIA Update 1.5.20
NVIDIA Update Components
OCR Software by I.R.I.S. 13.0
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
Puran Defrag Free Edition 7.2
PVSonyDll
QuickTime
Realtek AC'97 Audio
Saitek Call Of Duty Modern Warefare 2 Profiles
Saitek Cyborg Keyboard Volume 6.7.3.0
Saitek SD6 Programming Software 6.7.3.0
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Shop for HP Supplies
SimUText
SmartWebPrinting
SolutionCenter
Status
swMSM
System Requirements Lab
Toolbox
ToolboxProxy
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC 9.0 Runtime
WebReg
Win7codecs
x64 Components v3.0.6
ZoneAlarm Toolbar
.
==== Event Viewer Messages From Past Week ========
.
12/6/2012 4:18:48 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
12/6/2012 4:18:48 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
12/6/2012 10:29:26 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/IframeRef&threatid=2147638646 Name: Trojan:JS/IframeRef ID: 2147638646 Severity: Severe Category: Trojan Path: file:_C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJH4M85X\schiffreport_com[1].htm Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files (x86)\Internet Explorer\iexplore.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.141.1173.0, AS: 1.141.1173.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9002.0, NIS: 2.1.8904.0
12/11/2012 10:24:39 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:39 PM

Posted 12 December 2012 - 01:36 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Lumbajac24

Lumbajac24
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 12 December 2012 - 02:13 PM

Security Check
Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
Java™ 6 Update 30
Java 7 Update 10
Java™ 6 Update 3
Java version out of Date!
Adobe Flash Player 11.5.502.135
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
Mozilla Thunderbird 11.0.1 Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


AdwCleaner
# AdwCleaner v2.100 - Logfile created 12/12/2012 at 13:04:59
# Updated 09/12/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : George - GPC1
# Boot Mode : Normal
# Running from : C:\Users\George\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\George\AppData\LocalLow\AskToolbar

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\hy39w7vz.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");

*************************

AdwCleaner[S1].txt - [1175 octets] - [12/12/2012 13:04:59]

########## EOF - C:\AdwCleaner[S1].txt - [1235 octets] ##########


RogueKiller
RogueKiller V8.4.0 [Dec 12 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : George [Admin rights]
Mode : Remove -- Date : 12/12/2012 13:10:09

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 google-analytics.com
127.0.0.1 ssl.google-analytics.com
127.0.0.1 www.google-analytics.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST350063 0AS SCSI Disk Device +++++
--- User ---
[MBR] 0da4ba48651821c2fc92f1aa122d1831
[BSP] cdf38430380a29e7bca8c0205f2caf28 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: ST350032 0AS SCSI Disk Device +++++
--- User ---
[MBR] 38c84779b19c7a12ad31d101890715b3
[BSP] 6db4137646fefb20e18efda62e38d07a : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: Generic 2.0 Reader -0 USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: Generic 2.0 Reader -1 USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_12122012_02d1310.txt >>
RKreport[1]_S_12122012_02d1309.txt ; RKreport[2]_D_12122012_02d1310.txt

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:39 PM

Posted 12 December 2012 - 02:19 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Lumbajac24

Lumbajac24
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 12 December 2012 - 08:55 PM

Computer seems to be fairly normal. But it was normal for a couple of days after the first infection until it flared up yesterday so I'm not sure if that's a good thing yet. Combofix log below. I know the first scans you had me run found a couple of things, but was any of that related to this infection or just unrelated adware?

ComboFix 12-12-10.01 - George 12/12/2012 19:38:49.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.3027 [GMT -6:00]
Running from: c:\users\George\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-13 to 2012-12-13 )))))))))))))))))))))))))))))))
.
.
2012-12-13 01:45 . 2012-12-13 01:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-13 01:45 . 2012-12-13 01:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-12 17:05 . 2012-11-28 16:35 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-12 03:42 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A8899B8-6622-4F09-89BE-72763440C31A}\mpengine.dll
2012-12-11 20:45 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-11 20:43 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-11 20:43 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-11-28 15:40 . 2012-11-28 15:39 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0281096-9C21-461A-83C0-6630CAEBE938}\gapaengine.dll
2012-11-16 10:17 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 10:17 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 10:17 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-16 10:17 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 10:05 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 10:05 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 10:05 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 10:05 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 10:05 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 10:05 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 10:05 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 07:34 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-16 07:34 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-16 07:34 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-16 07:34 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 16:34 . 2011-09-21 05:01 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 02:31 . 2012-07-29 23:06 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 02:31 . 2011-12-07 22:42 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-31 22:46 . 2012-10-31 22:46 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-10-16 08:38 . 2012-11-27 20:01 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 20:01 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 20:01 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-04 16:40 . 2012-12-11 20:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-02 22:58 . 2011-12-06 07:02 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-30 01:54 . 2012-01-22 16:10 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\George\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\George\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\George\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\George\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-16 479232]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"StatusAlerts"="c:\program files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" [2011-07-19 136760]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\George\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-24 26909544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 HP DS Service;HP DS Service;c:\program files (x86)\HP\HPBDSService\HPBDSService.exe [2010-10-27 13824]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-21 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2011-07-08 162816]
S2 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2011-02-15 290816]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
S3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys [2009-09-08 160264]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 02:31]
.
2012-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 21:47]
.
2012-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 21:47]
.
2012-12-12 c:\windows\Tasks\WebReg HP Photosmart C5200 series.job
- c:\program files (x86)\HP\Digital Imaging\bin\hpqwrg.exe [2009-05-22 02:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"PuranADT"="c:\program files\Puran Defrag\PuranADT.exe" [2011-02-15 474624]
"SaiVolume"="c:\program files\Saitek\CyborgKeyboard\SaiVolume.exe" [2009-09-04 186880]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-09-04 357888]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-09-04 194560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 24.220.0.10 24.220.0.11
FF - ProfilePath - c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\hy39w7vz.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - ExtSQL: !HIDDEN! 2012-01-21 03:03; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-12 19:49:30
ComboFix-quarantined-files.txt 2012-12-13 01:49
.
Pre-Run: 430,972,706,816 bytes free
Post-Run: 431,113,666,560 bytes free
.
- - End Of File - - AD1F6C62B6D48801D617921725595E84

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:39 PM

Posted 12 December 2012 - 10:04 PM

Greetings

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Lumbajac24

Lumbajac24
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 12 December 2012 - 10:54 PM

21:32:47.0916 2996 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:32:48.0463 2996 ============================================================
21:32:48.0463 2996 Current date / time: 2012/12/12 21:32:48.0463
21:32:48.0463 2996 SystemInfo:
21:32:48.0463 2996
21:32:48.0463 2996 OS Version: 6.1.7601 ServicePack: 1.0
21:32:48.0463 2996 Product type: Workstation
21:32:48.0463 2996 ComputerName: GPC1
21:32:48.0463 2996 UserName: George
21:32:48.0463 2996 Windows directory: C:\Windows
21:32:48.0463 2996 System windows directory: C:\Windows
21:32:48.0463 2996 Running under WOW64
21:32:48.0463 2996 Processor architecture: Intel x64
21:32:48.0463 2996 Number of processors: 2
21:32:48.0463 2996 Page size: 0x1000
21:32:48.0463 2996 Boot type: Normal boot
21:32:48.0463 2996 ============================================================
21:32:49.0589 2996 BG loaded
21:32:50.0308 2996 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:32:50.0339 2996 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:32:50.0402 2996 ============================================================
21:32:50.0402 2996 \Device\Harddisk0\DR0:
21:32:50.0417 2996 MBR partitions:
21:32:50.0417 2996 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:32:50.0417 2996 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
21:32:50.0417 2996 \Device\Harddisk1\DR1:
21:32:50.0417 2996 GPT partitions:
21:32:50.0433 2996 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {43DB2AF9-5D63-4AE7-BB9B-3EEBFCCEBCCB}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
21:32:50.0433 2996 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {6B273420-314C-420F-A080-98A640292A41}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x3A345000
21:32:50.0433 2996 MBR partitions:
21:32:50.0433 2996 ============================================================
21:32:50.0464 2996 C: <-> \Device\Harddisk0\DR0\Partition2
21:32:50.0480 2996 D: <-> \Device\Harddisk1\DR1\Partition2
21:32:50.0480 2996 ============================================================
21:32:50.0480 2996 Initialize success
21:32:50.0480 2996 ============================================================
21:33:11.0426 4684 ============================================================
21:33:11.0426 4684 Scan started
21:33:11.0426 4684 Mode: Manual; SigCheck; TDLFS;
21:33:11.0426 4684 ============================================================
21:33:13.0755 4684 ================ Scan system memory ========================
21:33:13.0755 4684 System memory - ok
21:33:13.0755 4684 ================ Scan services =============================
21:33:13.0912 4684 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:33:14.0083 4684 1394ohci - ok
21:33:14.0115 4684 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:33:14.0146 4684 ACPI - ok
21:33:14.0162 4684 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:33:14.0208 4684 AcpiPmi - ok
21:33:14.0287 4684 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:33:14.0302 4684 AdobeARMservice - ok
21:33:14.0396 4684 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:33:14.0427 4684 AdobeFlashPlayerUpdateSvc - ok
21:33:14.0458 4684 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:33:14.0490 4684 adp94xx - ok
21:33:14.0505 4684 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:33:14.0537 4684 adpahci - ok
21:33:14.0537 4684 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:33:14.0568 4684 adpu320 - ok
21:33:14.0583 4684 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:33:14.0740 4684 AeLookupSvc - ok
21:33:14.0771 4684 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:33:14.0818 4684 AFD - ok
21:33:14.0849 4684 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:33:14.0865 4684 agp440 - ok
21:33:14.0974 4684 [ 853AD8BD8CA940D0F5AC2679A6ED439B ] ALCXWDM C:\Windows\system32\drivers\RTKVAC64.SYS
21:33:15.0052 4684 ALCXWDM - ok
21:33:15.0068 4684 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:33:15.0131 4684 ALG - ok
21:33:15.0147 4684 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:33:15.0163 4684 aliide - ok
21:33:15.0178 4684 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:33:15.0194 4684 amdide - ok
21:33:15.0225 4684 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:33:15.0272 4684 AmdK8 - ok
21:33:15.0288 4684 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:33:15.0319 4684 AmdPPM - ok
21:33:15.0350 4684 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:33:15.0366 4684 amdsata - ok
21:33:15.0397 4684 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:33:15.0413 4684 amdsbs - ok
21:33:15.0444 4684 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:33:15.0459 4684 amdxata - ok
21:33:15.0491 4684 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:33:15.0647 4684 AppID - ok
21:33:15.0678 4684 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:33:15.0725 4684 AppIDSvc - ok
21:33:15.0756 4684 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:33:15.0819 4684 Appinfo - ok
21:33:15.0897 4684 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:33:15.0913 4684 Apple Mobile Device - ok
21:33:15.0944 4684 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
21:33:15.0991 4684 AppMgmt - ok
21:33:16.0022 4684 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:33:16.0038 4684 arc - ok
21:33:16.0053 4684 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:33:16.0069 4684 arcsas - ok
21:33:16.0100 4684 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:33:16.0147 4684 AsyncMac - ok
21:33:16.0178 4684 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:33:16.0194 4684 atapi - ok
21:33:16.0256 4684 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
21:33:16.0334 4684 athr - ok
21:33:16.0366 4684 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:33:16.0428 4684 AudioEndpointBuilder - ok
21:33:16.0459 4684 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:33:16.0506 4684 AudioSrv - ok
21:33:16.0538 4684 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:33:16.0616 4684 AxInstSV - ok
21:33:16.0663 4684 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:33:16.0709 4684 b06bdrv - ok
21:33:16.0725 4684 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:33:16.0772 4684 b57nd60a - ok
21:33:16.0803 4684 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:33:16.0850 4684 BDESVC - ok
21:33:16.0866 4684 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:33:16.0913 4684 Beep - ok
21:33:16.0975 4684 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:33:17.0022 4684 BFE - ok
21:33:17.0053 4684 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
21:33:17.0131 4684 BITS - ok
21:33:17.0163 4684 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:33:17.0178 4684 blbdrive - ok
21:33:17.0241 4684 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:33:17.0256 4684 Bonjour Service - ok
21:33:17.0288 4684 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:33:17.0303 4684 bowser - ok
21:33:17.0334 4684 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:33:17.0397 4684 BrFiltLo - ok
21:33:17.0413 4684 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:33:17.0444 4684 BrFiltUp - ok
21:33:17.0459 4684 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:33:17.0522 4684 BridgeMP - ok
21:33:17.0538 4684 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:33:17.0569 4684 Browser - ok
21:33:17.0600 4684 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:33:17.0631 4684 Brserid - ok
21:33:17.0647 4684 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:33:17.0678 4684 BrSerWdm - ok
21:33:17.0694 4684 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:33:17.0709 4684 BrUsbMdm - ok
21:33:17.0725 4684 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:33:17.0756 4684 BrUsbSer - ok
21:33:17.0772 4684 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:33:17.0803 4684 BTHMODEM - ok
21:33:17.0819 4684 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:33:17.0881 4684 bthserv - ok
21:33:17.0897 4684 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:33:17.0944 4684 cdfs - ok
21:33:17.0991 4684 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:33:18.0022 4684 cdrom - ok
21:33:18.0053 4684 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:33:18.0100 4684 CertPropSvc - ok
21:33:18.0131 4684 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:33:18.0163 4684 circlass - ok
21:33:18.0194 4684 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:33:18.0209 4684 CLFS - ok
21:33:18.0272 4684 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:33:18.0288 4684 clr_optimization_v2.0.50727_32 - ok
21:33:18.0319 4684 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:33:18.0350 4684 clr_optimization_v2.0.50727_64 - ok
21:33:18.0397 4684 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:33:18.0428 4684 clr_optimization_v4.0.30319_32 - ok
21:33:18.0444 4684 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:33:18.0459 4684 clr_optimization_v4.0.30319_64 - ok
21:33:18.0491 4684 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:33:18.0522 4684 CmBatt - ok
21:33:18.0538 4684 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:33:18.0553 4684 cmdide - ok
21:33:18.0584 4684 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:33:18.0616 4684 CNG - ok
21:33:18.0631 4684 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:33:18.0647 4684 Compbatt - ok
21:33:18.0678 4684 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:33:18.0709 4684 CompositeBus - ok
21:33:18.0709 4684 COMSysApp - ok
21:33:18.0725 4684 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:33:18.0741 4684 crcdisk - ok
21:33:18.0788 4684 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:33:18.0819 4684 CryptSvc - ok
21:33:18.0850 4684 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
21:33:18.0897 4684 CSC - ok
21:33:18.0928 4684 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
21:33:18.0959 4684 CscService - ok
21:33:19.0006 4684 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:33:19.0053 4684 DcomLaunch - ok
21:33:19.0084 4684 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:33:19.0147 4684 defragsvc - ok
21:33:19.0163 4684 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:33:19.0209 4684 DfsC - ok
21:33:19.0241 4684 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:33:19.0272 4684 Dhcp - ok
21:33:19.0288 4684 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:33:19.0350 4684 discache - ok
21:33:19.0366 4684 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:33:19.0381 4684 Disk - ok
21:33:19.0413 4684 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:33:19.0459 4684 Dnscache - ok
21:33:19.0491 4684 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:33:19.0538 4684 dot3svc - ok
21:33:19.0584 4684 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
21:33:19.0600 4684 Dot4 - ok
21:33:19.0616 4684 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:33:19.0647 4684 Dot4Print - ok
21:33:19.0663 4684 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
21:33:19.0678 4684 dot4usb - ok
21:33:19.0709 4684 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:33:19.0756 4684 DPS - ok
21:33:19.0788 4684 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:33:19.0803 4684 drmkaud - ok
21:33:19.0850 4684 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:33:19.0881 4684 DXGKrnl - ok
21:33:19.0913 4684 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:33:19.0959 4684 EapHost - ok
21:33:20.0053 4684 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:33:20.0163 4684 ebdrv - ok
21:33:20.0194 4684 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:33:20.0225 4684 EFS - ok
21:33:20.0288 4684 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:33:20.0350 4684 ehRecvr - ok
21:33:20.0366 4684 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:33:20.0397 4684 ehSched - ok
21:33:20.0444 4684 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:33:20.0459 4684 elxstor - ok
21:33:20.0491 4684 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:33:20.0522 4684 ErrDev - ok
21:33:20.0569 4684 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:33:20.0616 4684 EventSystem - ok
21:33:20.0631 4684 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:33:20.0678 4684 exfat - ok
21:33:20.0709 4684 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:33:20.0756 4684 fastfat - ok
21:33:20.0788 4684 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:33:20.0819 4684 Fax - ok
21:33:20.0834 4684 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:33:20.0866 4684 fdc - ok
21:33:20.0881 4684 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:33:20.0928 4684 fdPHost - ok
21:33:20.0944 4684 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:33:20.0991 4684 FDResPub - ok
21:33:21.0006 4684 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:33:21.0022 4684 FileInfo - ok
21:33:21.0038 4684 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:33:21.0084 4684 Filetrace - ok
21:33:21.0100 4684 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:33:21.0131 4684 flpydisk - ok
21:33:21.0147 4684 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:33:21.0163 4684 FltMgr - ok
21:33:21.0225 4684 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:33:21.0288 4684 FontCache - ok
21:33:21.0334 4684 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:33:21.0350 4684 FontCache3.0.0.0 - ok
21:33:21.0381 4684 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:33:21.0413 4684 FsDepends - ok
21:33:21.0428 4684 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:33:21.0459 4684 Fs_Rec - ok
21:33:21.0491 4684 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:33:21.0522 4684 fvevol - ok
21:33:21.0553 4684 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:33:21.0569 4684 gagp30kx - ok
21:33:21.0616 4684 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:33:21.0631 4684 GEARAspiWDM - ok
21:33:21.0663 4684 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:33:21.0725 4684 gpsvc - ok
21:33:21.0788 4684 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:33:21.0803 4684 gupdate - ok
21:33:21.0834 4684 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:33:21.0850 4684 gupdatem - ok
21:33:21.0866 4684 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:33:21.0913 4684 hcw85cir - ok
21:33:21.0928 4684 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:33:21.0959 4684 HDAudBus - ok
21:33:21.0975 4684 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:33:22.0006 4684 HidBatt - ok
21:33:22.0006 4684 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:33:22.0038 4684 HidBth - ok
21:33:22.0053 4684 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:33:22.0084 4684 HidIr - ok
21:33:22.0100 4684 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
21:33:22.0163 4684 hidserv - ok
21:33:22.0194 4684 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:33:22.0209 4684 HidUsb - ok
21:33:22.0241 4684 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:33:22.0288 4684 hkmsvc - ok
21:33:22.0303 4684 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:33:22.0350 4684 HomeGroupListener - ok
21:33:22.0366 4684 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:33:22.0397 4684 HomeGroupProvider - ok
21:33:22.0475 4684 [ F5F4818A15AF6128A2BADD1B1F102413 ] HP DS Service C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
21:33:22.0491 4684 HP DS Service ( UnsignedFile.Multi.Generic ) - warning
21:33:22.0491 4684 HP DS Service - detected UnsignedFile.Multi.Generic (1)
21:33:22.0522 4684 [ 3755C0F9D2A0CBE1CC0C37410725533A ] HP LaserJet Service C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
21:33:22.0538 4684 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - warning
21:33:22.0538 4684 HP LaserJet Service - detected UnsignedFile.Multi.Generic (1)
21:33:22.0584 4684 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:33:22.0584 4684 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
21:33:22.0584 4684 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
21:33:22.0616 4684 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:33:22.0616 4684 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
21:33:22.0616 4684 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
21:33:22.0647 4684 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:33:22.0663 4684 HpSAMD - ok
21:33:22.0725 4684 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
21:33:22.0756 4684 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
21:33:22.0756 4684 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
21:33:22.0788 4684 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:33:22.0850 4684 HTTP - ok
21:33:22.0866 4684 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:33:22.0881 4684 hwpolicy - ok
21:33:22.0913 4684 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:33:22.0928 4684 i8042prt - ok
21:33:22.0959 4684 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:33:22.0991 4684 iaStorV - ok
21:33:23.0038 4684 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:33:23.0053 4684 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:33:23.0053 4684 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:33:23.0116 4684 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:33:23.0163 4684 idsvc - ok
21:33:23.0209 4684 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:33:23.0225 4684 iirsp - ok
21:33:23.0272 4684 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:33:23.0334 4684 IKEEXT - ok
21:33:23.0350 4684 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:33:23.0366 4684 intelide - ok
21:33:23.0397 4684 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:33:23.0413 4684 intelppm - ok
21:33:23.0444 4684 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:33:23.0506 4684 IPBusEnum - ok
21:33:23.0538 4684 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:33:23.0569 4684 IpFilterDriver - ok
21:33:23.0600 4684 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:33:23.0647 4684 iphlpsvc - ok
21:33:23.0663 4684 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:33:23.0694 4684 IPMIDRV - ok
21:33:23.0709 4684 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:33:23.0772 4684 IPNAT - ok
21:33:23.0819 4684 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:33:23.0850 4684 iPod Service - ok
21:33:23.0866 4684 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:33:23.0913 4684 IRENUM - ok
21:33:23.0944 4684 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:33:23.0975 4684 isapnp - ok
21:33:24.0006 4684 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:33:24.0022 4684 iScsiPrt - ok
21:33:24.0053 4684 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:33:24.0069 4684 kbdclass - ok
21:33:24.0084 4684 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:33:24.0117 4684 kbdhid - ok
21:33:24.0132 4684 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:33:24.0148 4684 KeyIso - ok
21:33:24.0164 4684 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:33:24.0195 4684 KSecDD - ok
21:33:24.0195 4684 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:33:24.0210 4684 KSecPkg - ok
21:33:24.0226 4684 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:33:24.0273 4684 ksthunk - ok
21:33:24.0304 4684 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:33:24.0367 4684 KtmRm - ok
21:33:24.0398 4684 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:33:24.0460 4684 LanmanServer - ok
21:33:24.0476 4684 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:33:24.0523 4684 LanmanWorkstation - ok
21:33:24.0554 4684 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:33:24.0601 4684 lltdio - ok
21:33:24.0632 4684 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:33:24.0679 4684 lltdsvc - ok
21:33:24.0695 4684 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:33:24.0742 4684 lmhosts - ok
21:33:24.0773 4684 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:33:24.0789 4684 LSI_FC - ok
21:33:24.0804 4684 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:33:24.0820 4684 LSI_SAS - ok
21:33:24.0835 4684 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:33:24.0851 4684 LSI_SAS2 - ok
21:33:24.0867 4684 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:33:24.0882 4684 LSI_SCSI - ok
21:33:24.0898 4684 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:33:24.0960 4684 luafv - ok
21:33:24.0976 4684 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:33:25.0007 4684 Mcx2Svc - ok
21:33:25.0007 4684 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:33:25.0023 4684 megasas - ok
21:33:25.0054 4684 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:33:25.0070 4684 MegaSR - ok
21:33:25.0101 4684 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:33:25.0149 4684 MMCSS - ok
21:33:25.0180 4684 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:33:25.0227 4684 Modem - ok
21:33:25.0258 4684 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:33:25.0274 4684 monitor - ok
21:33:25.0290 4684 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:33:25.0305 4684 mouclass - ok
21:33:25.0321 4684 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:33:25.0352 4684 mouhid - ok
21:33:25.0368 4684 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:33:25.0383 4684 mountmgr - ok
21:33:25.0446 4684 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:33:25.0461 4684 MozillaMaintenance - ok
21:33:25.0508 4684 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
21:33:25.0540 4684 MpFilter - ok
21:33:25.0555 4684 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:33:25.0571 4684 mpio - ok
21:33:25.0602 4684 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:33:25.0649 4684 mpsdrv - ok
21:33:25.0696 4684 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:33:25.0758 4684 MpsSvc - ok
21:33:25.0774 4684 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:33:25.0805 4684 MRxDAV - ok
21:33:25.0836 4684 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:33:25.0868 4684 mrxsmb - ok
21:33:25.0883 4684 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:33:25.0899 4684 mrxsmb10 - ok
21:33:25.0930 4684 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:33:25.0946 4684 mrxsmb20 - ok
21:33:25.0961 4684 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:33:25.0977 4684 msahci - ok
21:33:25.0993 4684 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:33:26.0008 4684 msdsm - ok
21:33:26.0040 4684 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:33:26.0071 4684 MSDTC - ok
21:33:26.0102 4684 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:33:26.0149 4684 Msfs - ok
21:33:26.0166 4684 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:33:26.0197 4684 mshidkmdf - ok
21:33:26.0228 4684 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:33:26.0244 4684 msisadrv - ok
21:33:26.0275 4684 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:33:26.0322 4684 MSiSCSI - ok
21:33:26.0337 4684 msiserver - ok
21:33:26.0369 4684 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:33:26.0416 4684 MSKSSRV - ok
21:33:26.0462 4684 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
21:33:26.0478 4684 MsMpSvc - ok
21:33:26.0494 4684 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:33:26.0541 4684 MSPCLOCK - ok
21:33:26.0556 4684 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:33:26.0603 4684 MSPQM - ok
21:33:26.0634 4684 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:33:26.0666 4684 MsRPC - ok
21:33:26.0697 4684 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:33:26.0712 4684 mssmbios - ok
21:33:26.0712 4684 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:33:26.0759 4684 MSTEE - ok
21:33:26.0775 4684 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:33:26.0806 4684 MTConfig - ok
21:33:26.0822 4684 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:33:26.0837 4684 Mup - ok
21:33:26.0869 4684 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:33:26.0916 4684 napagent - ok
21:33:26.0962 4684 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:33:26.0994 4684 NativeWifiP - ok
21:33:27.0041 4684 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:33:27.0087 4684 NDIS - ok
21:33:27.0103 4684 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:33:27.0150 4684 NdisCap - ok
21:33:27.0182 4684 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:33:27.0229 4684 NdisTapi - ok
21:33:27.0260 4684 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:33:27.0307 4684 Ndisuio - ok
21:33:27.0323 4684 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:33:27.0370 4684 NdisWan - ok
21:33:27.0401 4684 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:33:27.0432 4684 NDProxy - ok
21:33:27.0479 4684 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:33:27.0495 4684 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:33:27.0495 4684 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:33:27.0526 4684 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:33:27.0573 4684 NetBIOS - ok
21:33:27.0604 4684 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:33:27.0651 4684 NetBT - ok
21:33:27.0666 4684 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:33:27.0698 4684 Netlogon - ok
21:33:27.0729 4684 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:33:27.0791 4684 Netman - ok
21:33:27.0823 4684 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:33:27.0870 4684 netprofm - ok
21:33:27.0901 4684 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:33:27.0932 4684 NetTcpPortSharing - ok
21:33:27.0963 4684 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:33:27.0979 4684 nfrd960 - ok
21:33:28.0010 4684 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:33:28.0041 4684 NisDrv - ok
21:33:28.0057 4684 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
21:33:28.0088 4684 NisSrv - ok
21:33:28.0104 4684 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:33:28.0135 4684 NlaSvc - ok
21:33:28.0151 4684 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:33:28.0214 4684 Npfs - ok
21:33:28.0246 4684 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:33:28.0292 4684 nsi - ok
21:33:28.0292 4684 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:33:28.0355 4684 nsiproxy - ok
21:33:28.0480 4684 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:33:28.0542 4684 Ntfs - ok
21:33:28.0605 4684 nTuneService - ok
21:33:28.0621 4684 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:33:28.0652 4684 Null - ok
21:33:28.0683 4684 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
21:33:28.0714 4684 NVENETFD - ok
21:33:29.0809 4684 [ B15258B1F45F9571758AC6BB2F043B01 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:33:30.0012 4684 nvlddmkm - ok
21:33:30.0059 4684 [ 8C1D181480796D7D3366A9381FD7782D ] nvoclk64 C:\Windows\system32\DRIVERS\nvoclk64.sys
21:33:30.0075 4684 nvoclk64 - ok
21:33:30.0106 4684 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:33:30.0122 4684 nvraid - ok
21:33:30.0168 4684 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:33:30.0184 4684 nvstor - ok
21:33:30.0263 4684 [ 2D7092FEC9BD2ACA199673BBA2BA9277 ] nvsvc C:\Windows\system32\nvvsvc.exe
21:33:30.0294 4684 nvsvc - ok
21:33:30.0404 4684 [ 7E22DE30E222BFDFCEC7E77032BAF3CD ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
21:33:30.0498 4684 nvUpdatusService - ok
21:33:30.0513 4684 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:33:30.0529 4684 nv_agp - ok
21:33:30.0607 4684 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:33:30.0623 4684 odserv - ok
21:33:30.0654 4684 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:33:30.0669 4684 ohci1394 - ok
21:33:30.0701 4684 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:33:30.0716 4684 ose - ok
21:33:30.0763 4684 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:33:30.0794 4684 p2pimsvc - ok
21:33:30.0810 4684 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:33:30.0841 4684 p2psvc - ok
21:33:30.0873 4684 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:33:30.0888 4684 Parport - ok
21:33:30.0904 4684 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:33:30.0919 4684 partmgr - ok
21:33:30.0935 4684 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:33:30.0966 4684 PcaSvc - ok
21:33:30.0982 4684 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:33:31.0013 4684 pci - ok
21:33:31.0013 4684 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:33:31.0044 4684 pciide - ok
21:33:31.0060 4684 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:33:31.0076 4684 pcmcia - ok
21:33:31.0107 4684 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:33:31.0123 4684 pcw - ok
21:33:31.0138 4684 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:33:31.0185 4684 PEAUTH - ok
21:33:31.0295 4684 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:33:31.0374 4684 PeerDistSvc - ok
21:33:31.0467 4684 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:33:31.0514 4684 PerfHost - ok
21:33:31.0577 4684 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:33:31.0655 4684 pla - ok
21:33:31.0686 4684 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:33:31.0733 4684 PlugPlay - ok
21:33:31.0780 4684 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:33:31.0795 4684 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:33:31.0795 4684 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:33:31.0827 4684 PnkBstrA - ok
21:33:31.0858 4684 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:33:31.0889 4684 PNRPAutoReg - ok
21:33:31.0920 4684 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:33:31.0952 4684 PNRPsvc - ok
21:33:31.0999 4684 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:33:32.0077 4684 PolicyAgent - ok
21:33:32.0108 4684 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:33:32.0170 4684 Power - ok
21:33:32.0202 4684 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:33:32.0250 4684 PptpMiniport - ok
21:33:32.0265 4684 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:33:32.0296 4684 Processor - ok
21:33:32.0328 4684 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:33:32.0375 4684 ProfSvc - ok
21:33:32.0390 4684 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:33:32.0406 4684 ProtectedStorage - ok
21:33:32.0437 4684 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:33:32.0484 4684 Psched - ok
21:33:32.0531 4684 [ D3438A41E02BA2079BA14125DF358BFE ] PuranDefrag C:\Windows\system32\PuranDefragS.exe
21:33:32.0546 4684 PuranDefrag ( UnsignedFile.Multi.Generic ) - warning
21:33:32.0546 4684 PuranDefrag - detected UnsignedFile.Multi.Generic (1)
21:33:32.0625 4684 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:33:32.0687 4684 ql2300 - ok
21:33:32.0703 4684 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:33:32.0718 4684 ql40xx - ok
21:33:32.0765 4684 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:33:32.0796 4684 QWAVE - ok
21:33:32.0828 4684 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:33:32.0843 4684 QWAVEdrv - ok
21:33:32.0859 4684 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:33:32.0906 4684 RasAcd - ok
21:33:32.0937 4684 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:33:32.0968 4684 RasAgileVpn - ok
21:33:33.0000 4684 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:33:33.0046 4684 RasAuto - ok
21:33:33.0078 4684 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:33:33.0125 4684 Rasl2tp - ok
21:33:33.0156 4684 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:33:33.0203 4684 RasMan - ok
21:33:33.0234 4684 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:33:33.0281 4684 RasPppoe - ok
21:33:33.0312 4684 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:33:33.0359 4684 RasSstp - ok
21:33:33.0390 4684 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:33:33.0437 4684 rdbss - ok
21:33:33.0453 4684 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:33:33.0468 4684 rdpbus - ok
21:33:33.0484 4684 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:33:33.0546 4684 RDPCDD - ok
21:33:33.0593 4684 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:33:33.0625 4684 RDPDR - ok
21:33:33.0640 4684 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:33:33.0703 4684 RDPENCDD - ok
21:33:33.0718 4684 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:33:33.0750 4684 RDPREFMP - ok
21:33:33.0812 4684 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:33:33.0859 4684 RdpVideoMiniport - ok
21:33:33.0906 4684 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:33:33.0953 4684 RDPWD - ok
21:33:33.0968 4684 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:33:34.0000 4684 rdyboost - ok
21:33:34.0031 4684 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:33:34.0078 4684 RemoteAccess - ok
21:33:34.0093 4684 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:33:34.0156 4684 RemoteRegistry - ok
21:33:34.0171 4684 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:33:34.0234 4684 RpcEptMapper - ok
21:33:34.0265 4684 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:33:34.0281 4684 RpcLocator - ok
21:33:34.0312 4684 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:33:34.0359 4684 RpcSs - ok
21:33:34.0406 4684 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:33:34.0437 4684 rspndr - ok
21:33:34.0468 4684 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:33:34.0500 4684 s3cap - ok
21:33:34.0546 4684 [ 5D2459A3ED2D9AA1E34D325E48EC8691 ] SaiK0728 C:\Windows\system32\DRIVERS\SaiK0728.sys
21:33:34.0562 4684 SaiK0728 - ok
21:33:34.0578 4684 [ AB0984EAA9C544A64E618B34BB6C2956 ] SaiMini C:\Windows\system32\DRIVERS\SaiMini.sys
21:33:34.0593 4684 SaiMini - ok
21:33:34.0609 4684 [ 5CED372730AFE0CED0ACACC35EDB2376 ] SaiNtBus C:\Windows\system32\drivers\SaiBus.sys
21:33:34.0625 4684 SaiNtBus - ok
21:33:34.0625 4684 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:33:34.0640 4684 SamSs - ok
21:33:34.0656 4684 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:33:34.0671 4684 sbp2port - ok
21:33:34.0718 4684 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:33:34.0781 4684 SCardSvr - ok
21:33:34.0796 4684 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:33:34.0843 4684 scfilter - ok
21:33:35.0000 4684 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:33:35.0062 4684 Schedule - ok
21:33:35.0093 4684 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:33:35.0125 4684 SCPolicySvc - ok
21:33:35.0171 4684 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:33:35.0218 4684 SDRSVC - ok
21:33:35.0250 4684 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:33:35.0297 4684 secdrv - ok
21:33:35.0329 4684 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:33:35.0375 4684 seclogon - ok
21:33:35.0407 4684 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
21:33:35.0454 4684 SENS - ok
21:33:35.0469 4684 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:33:35.0500 4684 SensrSvc - ok
21:33:35.0547 4684 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:33:35.0563 4684 Serenum - ok
21:33:35.0579 4684 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:33:35.0610 4684 Serial - ok
21:33:35.0625 4684 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:33:35.0641 4684 sermouse - ok
21:33:35.0688 4684 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:33:35.0750 4684 SessionEnv - ok
21:33:35.0766 4684 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:33:35.0797 4684 sffdisk - ok
21:33:35.0813 4684 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:33:35.0829 4684 sffp_mmc - ok
21:33:35.0844 4684 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:33:35.0875 4684 sffp_sd - ok
21:33:35.0891 4684 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:33:35.0907 4684 sfloppy - ok
21:33:35.0969 4684 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:33:36.0032 4684 SharedAccess - ok
21:33:36.0047 4684 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:33:36.0110 4684 ShellHWDetection - ok
21:33:36.0125 4684 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:33:36.0141 4684 SiSRaid2 - ok
21:33:36.0157 4684 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:33:36.0172 4684 SiSRaid4 - ok
21:33:36.0188 4684 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:33:36.0235 4684 Smb - ok
21:33:36.0282 4684 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:33:36.0313 4684 SNMPTRAP - ok
21:33:36.0329 4684 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:33:36.0344 4684 spldr - ok
21:33:36.0375 4684 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:33:36.0422 4684 Spooler - ok
21:33:36.0532 4684 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:33:36.0688 4684 sppsvc - ok
21:33:36.0704 4684 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:33:36.0766 4684 sppuinotify - ok
21:33:36.0813 4684 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:33:36.0844 4684 srv - ok
21:33:36.0875 4684 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:33:36.0922 4684 srv2 - ok
21:33:36.0938 4684 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:33:36.0969 4684 srvnet - ok
21:33:36.0985 4684 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:33:37.0047 4684 SSDPSRV - ok
21:33:37.0063 4684 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:33:37.0110 4684 SstpSvc - ok
21:33:37.0125 4684 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:33:37.0141 4684 stexstor - ok
21:33:37.0188 4684 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:33:37.0235 4684 stisvc - ok
21:33:37.0250 4684 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:33:37.0266 4684 storflt - ok
21:33:37.0299 4684 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:33:37.0315 4684 storvsc - ok
21:33:37.0331 4684 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:33:37.0346 4684 swenum - ok
21:33:37.0409 4684 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:33:37.0471 4684 swprv - ok
21:33:37.0487 4684 Synth3dVsc - ok
21:33:37.0534 4684 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:33:37.0596 4684 SysMain - ok
21:33:37.0627 4684 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:33:37.0643 4684 TabletInputService - ok
21:33:37.0674 4684 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:33:37.0721 4684 TapiSrv - ok
21:33:37.0752 4684 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:33:37.0784 4684 TBS - ok
21:33:37.0846 4684 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:33:37.0924 4684 Tcpip - ok
21:33:37.0987 4684 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:33:38.0034 4684 TCPIP6 - ok
21:33:38.0049 4684 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:33:38.0081 4684 tcpipreg - ok
21:33:38.0096 4684 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:33:38.0127 4684 TDPIPE - ok
21:33:38.0143 4684 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:33:38.0174 4684 TDTCP - ok
21:33:38.0206 4684 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:33:38.0237 4684 tdx - ok
21:33:38.0252 4684 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:33:38.0268 4684 TermDD - ok
21:33:38.0364 4684 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:33:38.0442 4684 TermService - ok
21:33:38.0473 4684 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:33:38.0504 4684 Themes - ok
21:33:38.0520 4684 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:33:38.0567 4684 THREADORDER - ok
21:33:38.0598 4684 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:33:38.0661 4684 TrkWks - ok
21:33:38.0708 4684 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:33:38.0770 4684 TrustedInstaller - ok
21:33:38.0801 4684 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:33:38.0864 4684 tssecsrv - ok
21:33:38.0879 4684 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:33:38.0926 4684 TsUsbFlt - ok
21:33:38.0926 4684 tsusbhub - ok
21:33:38.0958 4684 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:33:39.0004 4684 tunnel - ok
21:33:39.0036 4684 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:33:39.0051 4684 uagp35 - ok
21:33:39.0083 4684 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:33:39.0129 4684 udfs - ok
21:33:39.0176 4684 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:33:39.0192 4684 UI0Detect - ok
21:33:39.0223 4684 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:33:39.0239 4684 uliagpkx - ok
21:33:39.0254 4684 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
21:33:39.0286 4684 umbus - ok
21:33:39.0301 4684 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:33:39.0333 4684 UmPass - ok
21:33:39.0348 4684 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
21:33:39.0395 4684 UmRdpService - ok
21:33:39.0411 4684 UpdateCenterService - ok
21:33:39.0442 4684 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:33:39.0489 4684 upnphost - ok
21:33:39.0520 4684 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:33:39.0520 4684 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
21:33:39.0520 4684 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
21:33:39.0551 4684 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:33:39.0583 4684 usbccgp - ok
21:33:39.0614 4684 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:33:39.0629 4684 usbcir - ok
21:33:39.0645 4684 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:33:39.0676 4684 usbehci - ok
21:33:39.0708 4684 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:33:39.0739 4684 usbhub - ok
21:33:39.0739 4684 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:33:39.0770 4684 usbohci - ok
21:33:39.0801 4684 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:33:39.0833 4684 usbprint - ok
21:33:39.0864 4684 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:33:39.0895 4684 usbscan - ok
21:33:39.0911 4684 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:33:39.0942 4684 USBSTOR - ok
21:33:39.0973 4684 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:33:40.0004 4684 usbuhci - ok
21:33:40.0020 4684 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:33:40.0083 4684 UxSms - ok
21:33:40.0083 4684 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:33:40.0114 4684 VaultSvc - ok
21:33:40.0129 4684 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:33:40.0161 4684 vdrvroot - ok
21:33:40.0176 4684 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:33:40.0254 4684 vds - ok
21:33:40.0286 4684 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:33:40.0301 4684 vga - ok
21:33:40.0317 4684 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:33:40.0364 4684 VgaSave - ok
21:33:40.0379 4684 VGPU - ok
21:33:40.0395 4684 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:33:40.0426 4684 vhdmp - ok
21:33:40.0442 4684 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:33:40.0458 4684 viaide - ok
21:33:40.0473 4684 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:33:40.0504 4684 vmbus - ok
21:33:40.0504 4684 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:33:40.0520 4684 VMBusHID - ok
21:33:40.0551 4684 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:33:40.0567 4684 volmgr - ok
21:33:40.0598 4684 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:33:40.0629 4684 volmgrx - ok
21:33:40.0645 4684 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:33:40.0676 4684 volsnap - ok
21:33:40.0708 4684 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:33:40.0723 4684 vsmraid - ok
21:33:40.0786 4684 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:33:40.0895 4684 VSS - ok
21:33:40.0911 4684 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:33:40.0942 4684 vwifibus - ok
21:33:40.0973 4684 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:33:40.0989 4684 vwififlt - ok
21:33:41.0020 4684 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:33:41.0067 4684 W32Time - ok
21:33:41.0083 4684 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:33:41.0098 4684 WacomPen - ok
21:33:41.0145 4684 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:33:41.0192 4684 WANARP - ok
21:33:41.0192 4684 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:33:41.0239 4684 Wanarpv6 - ok
21:33:41.0301 4684 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:33:41.0380 4684 WatAdminSvc - ok
21:33:41.0443 4684 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:33:41.0521 4684 wbengine - ok
21:33:41.0552 4684 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:33:41.0583 4684 WbioSrvc - ok
21:33:41.0615 4684 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:33:41.0662 4684 wcncsvc - ok
21:33:41.0677 4684 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:33:41.0708 4684 WcsPlugInService - ok
21:33:41.0740 4684 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:33:41.0771 4684 Wd - ok
21:33:41.0802 4684 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
21:33:41.0818 4684 WDC_SAM - ok
21:33:41.0865 4684 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:33:41.0896 4684 Wdf01000 - ok
21:33:41.0927 4684 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:33:42.0005 4684 WdiServiceHost - ok
21:33:42.0005 4684 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:33:42.0037 4684 WdiSystemHost - ok
21:33:42.0068 4684 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:33:42.0115 4684 WebClient - ok
21:33:42.0130 4684 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:33:42.0193 4684 Wecsvc - ok
21:33:42.0208 4684 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:33:42.0255 4684 wercplsupport - ok
21:33:42.0271 4684 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:33:42.0318 4684 WerSvc - ok
21:33:42.0350 4684 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:33:42.0397 4684 WfpLwf - ok
21:33:42.0413 4684 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:33:42.0428 4684 WIMMount - ok
21:33:42.0444 4684 WinDefend - ok
21:33:42.0444 4684 WinHttpAutoProxySvc - ok
21:33:42.0491 4684 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:33:42.0538 4684 Winmgmt - ok
21:33:42.0616 4684 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:33:42.0725 4684 WinRM - ok
21:33:42.0772 4684 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:33:42.0788 4684 WinUsb - ok
21:33:42.0834 4684 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:33:42.0881 4684 Wlansvc - ok
21:33:42.0897 4684 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:33:42.0928 4684 WmiAcpi - ok
21:33:42.0959 4684 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:33:42.0991 4684 wmiApSrv - ok
21:33:43.0006 4684 WMPNetworkSvc - ok
21:33:43.0038 4684 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:33:43.0053 4684 WPCSvc - ok
21:33:43.0069 4684 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:33:43.0100 4684 WPDBusEnum - ok
21:33:43.0116 4684 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:33:43.0163 4684 ws2ifsl - ok
21:33:43.0178 4684 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
21:33:43.0209 4684 wscsvc - ok
21:33:43.0225 4684 WSearch - ok
21:33:43.0319 4684 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:33:43.0447 4684 wuauserv - ok
21:33:43.0462 4684 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:33:43.0494 4684 WudfPf - ok
21:33:43.0525 4684 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:33:43.0541 4684 WUDFRd - ok
21:33:43.0556 4684 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:33:43.0587 4684 wudfsvc - ok
21:33:43.0619 4684 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:33:43.0650 4684 WwanSvc - ok
21:33:43.0666 4684 ================ Scan global ===============================
21:33:43.0697 4684 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:33:43.0728 4684 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
21:33:43.0744 4684 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
21:33:43.0775 4684 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:33:43.0822 4684 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:33:43.0822 4684 [Global] - ok
21:33:43.0822 4684 ================ Scan MBR ==================================
21:33:43.0837 4684 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:33:44.0791 4684 \Device\Harddisk0\DR0 - ok
21:33:44.0807 4684 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
21:33:44.0870 4684 \Device\Harddisk1\DR1 - ok
21:33:44.0870 4684 ================ Scan VBR ==================================
21:33:44.0885 4684 [ 2C6285F6DCA308BAAB3A97B0CBAF7072 ] \Device\Harddisk0\DR0\Partition1
21:33:44.0901 4684 \Device\Harddisk0\DR0\Partition1 - ok
21:33:44.0916 4684 [ 177EB49651789F0761167C694085A27E ] \Device\Harddisk0\DR0\Partition2
21:33:44.0932 4684 \Device\Harddisk0\DR0\Partition2 - ok
21:33:44.0932 4684 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
21:33:44.0932 4684 \Device\Harddisk1\DR1\Partition1 - ok
21:33:44.0948 4684 [ FBFCD10CE36129D51E483D6FA3840A90 ] \Device\Harddisk1\DR1\Partition2
21:33:44.0948 4684 \Device\Harddisk1\DR1\Partition2 - ok
21:33:44.0948 4684 ================ Scan active images ========================
21:33:44.0948 4684 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
21:33:44.0948 4684 C:\Windows\System32\drivers\crashdmp.sys - ok
21:33:44.0963 4684 [ 9BBD8B5855BC6578957F82341F9CDE5A ] C:\Windows\System32\drivers\Diskdump.sys
21:33:44.0963 4684 C:\Windows\System32\drivers\Diskdump.sys - ok
21:33:44.0963 4684 [ DAB0E87525C10052BF65F06152F37E4A ] C:\Windows\System32\drivers\nvstor.sys
21:33:44.0963 4684 C:\Windows\System32\drivers\nvstor.sys - ok
21:33:44.0979 4684 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
21:33:44.0979 4684 C:\Windows\System32\drivers\dumpfve.sys - ok
21:33:44.0979 4684 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
21:33:44.0979 4684 C:\Windows\System32\drivers\beep.sys - ok
21:33:44.0995 4684 [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
21:33:44.0995 4684 C:\Windows\System32\drivers\cdrom.sys - ok
21:33:44.0995 4684 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
21:33:44.0995 4684 C:\Windows\System32\drivers\null.sys - ok
21:33:45.0010 4684 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
21:33:45.0010 4684 C:\Windows\System32\drivers\vga.sys - ok
21:33:45.0010 4684 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
21:33:45.0010 4684 C:\Windows\System32\drivers\videoprt.sys - ok
21:33:45.0010 4684 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
21:33:45.0010 4684 C:\Windows\System32\drivers\watchdog.sys - ok
21:33:45.0026 4684 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
21:33:45.0026 4684 C:\Windows\System32\drivers\RDPCDD.sys - ok
21:33:45.0026 4684 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
21:33:45.0026 4684 C:\Windows\System32\drivers\RDPENCDD.sys - ok
21:33:45.0041 4684 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
21:33:45.0041 4684 C:\Windows\System32\drivers\msfs.sys - ok
21:33:45.0041 4684 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
21:33:45.0041 4684 C:\Windows\System32\drivers\RDPREFMP.sys - ok
21:33:45.0057 4684 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
21:33:45.0057 4684 C:\Windows\System32\drivers\npfs.sys - ok
21:33:45.0057 4684 [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
21:33:45.0057 4684 C:\Windows\System32\drivers\tdi.sys - ok
21:33:45.0073 4684 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
21:33:45.0073 4684 C:\Windows\System32\drivers\tdx.sys - ok
21:33:45.0073 4684 [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
21:33:45.0073 4684 C:\Windows\System32\drivers\afd.sys - ok
21:33:45.0088 4684 [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
21:33:45.0088 4684 C:\Windows\System32\drivers\netbt.sys - ok
21:33:45.0088 4684 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
21:33:45.0088 4684 C:\Windows\System32\drivers\wfplwf.sys - ok
21:33:45.0104 4684 [ 6BCC1D7D2FD2453957C5479A32364E52 ] C:\Windows\System32\drivers\ws2ifsl.sys
21:33:45.0104 4684 C:\Windows\System32\drivers\ws2ifsl.sys - ok
21:33:45.0104 4684 [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
21:33:45.0104 4684 C:\Windows\System32\drivers\pacer.sys - ok
21:33:45.0120 4684 [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
21:33:45.0120 4684 C:\Windows\System32\drivers\vwififlt.sys - ok
21:33:45.0120 4684 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
21:33:45.0120 4684 C:\Windows\System32\drivers\netbios.sys - ok
21:33:45.0135 4684 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] C:\Windows\System32\drivers\serial.sys
21:33:45.0135 4684 C:\Windows\System32\drivers\serial.sys - ok
21:33:45.0135 4684 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
21:33:45.0135 4684 C:\Windows\System32\drivers\termdd.sys - ok
21:33:45.0151 4684 [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys
21:33:45.0151 4684 C:\Windows\System32\drivers\wanarp.sys - ok
21:33:45.0151 4684 [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
21:33:45.0151 4684 C:\Windows\System32\drivers\rdbss.sys - ok
21:33:45.0166 4684 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
21:33:45.0166 4684 C:\Windows\System32\drivers\mssmbios.sys - ok
21:33:45.0166 4684 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
21:33:45.0166 4684 C:\Windows\System32\drivers\nsiproxy.sys - ok
21:33:45.0182 4684 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
21:33:45.0182 4684 C:\Windows\System32\drivers\discache.sys - ok
21:33:45.0182 4684 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] C:\Windows\System32\drivers\csc.sys
21:33:45.0182 4684 C:\Windows\System32\drivers\csc.sys - ok
21:33:45.0198 4684 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
21:33:45.0198 4684 C:\Windows\System32\drivers\blbdrive.sys - ok
21:33:45.0198 4684 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
21:33:45.0198 4684 C:\Windows\System32\drivers\dfsc.sys - ok
21:33:45.0213 4684 [ ADA036632C664CAA754079041CF1F8C1 ] C:\Windows\System32\drivers\intelppm.sys
21:33:45.0213 4684 C:\Windows\System32\drivers\intelppm.sys - ok
21:33:45.0213 4684 [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
21:33:45.0213 4684 C:\Windows\System32\drivers\tunnel.sys - ok
21:33:45.0213 4684 [ B15258B1F45F9571758AC6BB2F043B01 ] C:\Windows\System32\drivers\nvlddmkm.sys
21:33:45.0213 4684 C:\Windows\System32\drivers\nvlddmkm.sys - ok
21:33:45.0229 4684 [ 7EAF04493A6EFD2A197F26F2C5DF9464 ] C:\Windows\System32\drivers\nvBridge.kmd
21:33:45.0229 4684 C:\Windows\System32\drivers\nvBridge.kmd - ok
21:33:45.0229 4684 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
21:33:45.0229 4684 C:\Windows\System32\smss.exe - ok
21:33:45.0245 4684 [ F5BEE30450E18E6B83A5012C100616FD ] C:\Windows\System32\drivers\dxgkrnl.sys
21:33:45.0245 4684 C:\Windows\System32\drivers\dxgkrnl.sys - ok
21:33:45.0245 4684 [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
21:33:45.0245 4684 C:\Windows\System32\ntdll.dll - ok
21:33:45.0260 4684 [ 9CD68BDDF322535C02ADC8331013D13D ] C:\Windows\System32\drivers\dxgmms1.sys
21:33:45.0260 4684 C:\Windows\System32\drivers\dxgmms1.sys - ok
21:33:45.0260 4684 [ D765D19CD8EF61F650C384F62FAC00AB ] C:\Windows\System32\drivers\fdc.sys
21:33:45.0260 4684 C:\Windows\System32\drivers\fdc.sys - ok
21:33:45.0276 4684 [ CB624C0035412AF0DEBEC78C41F5CA1B ] C:\Windows\System32\drivers\serenum.sys
21:33:45.0276 4684 C:\Windows\System32\drivers\serenum.sys - ok
21:33:45.0276 4684 [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys
21:33:45.0276 4684 C:\Windows\System32\drivers\usbport.sys - ok
21:33:45.0291 4684 [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys
21:33:45.0291 4684 C:\Windows\System32\drivers\usbehci.sys - ok
21:33:45.0291 4684 [ 9840FC418B4CBD632D3D0A667A725C31 ] C:\Windows\System32\drivers\usbohci.sys
21:33:45.0291 4684 C:\Windows\System32\drivers\usbohci.sys - ok
21:33:45.0291 4684 [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
21:33:45.0291 4684 C:\Windows\System32\autochk.exe - ok
21:33:45.0307 4684 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
21:33:45.0307 4684 C:\Windows\System32\drivers\drmk.sys - ok
21:33:45.0307 4684 [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
21:33:45.0307 4684 C:\Windows\System32\drivers\ks.sys - ok
21:33:45.0323 4684 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
21:33:45.0323 4684 C:\Windows\System32\drivers\portcls.sys - ok
21:33:45.0323 4684 [ 853AD8BD8CA940D0F5AC2679A6ED439B ] C:\Windows\System32\drivers\RTKVAC64.SYS
21:33:45.0323 4684 C:\Windows\System32\drivers\RTKVAC64.SYS - ok
21:33:45.0338 4684 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
21:33:45.0338 4684 C:\Windows\System32\drivers\ksthunk.sys - ok
21:33:45.0338 4684 [ A87D604AEA360176311474C87A63BB88 ] C:\Windows\System32\drivers\1394ohci.sys
21:33:45.0338 4684 C:\Windows\System32\drivers\1394ohci.sys - ok
21:33:45.0354 4684 [ 8E98D21EE06192492A5671A6144D092F ] C:\Windows\System32\drivers\GEARAspiWDM.sys
21:33:45.0354 4684 C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
21:33:45.0370 4684 [ A85B4F2EF3A7304A5399EF0526423040 ] C:\Windows\System32\drivers\nvm62x64.sys
21:33:45.0370 4684 C:\Windows\System32\drivers\nvm62x64.sys - ok
21:33:45.0370 4684 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] C:\Windows\System32\drivers\athrx.sys
21:33:45.0370 4684 C:\Windows\System32\drivers\athrx.sys - ok
21:33:45.0386 4684 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
21:33:45.0386 4684 C:\Windows\System32\drivers\agilevpn.sys - ok
21:33:45.0402 4684 [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
21:33:45.0402 4684 C:\Windows\System32\drivers\CompositeBus.sys - ok
21:33:45.0402 4684 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys
21:33:45.0402 4684 C:\Windows\System32\drivers\vwifibus.sys - ok
21:33:45.0417 4684 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
21:33:45.0417 4684 C:\Windows\System32\drivers\ndistapi.sys - ok
21:33:45.0417 4684 [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
21:33:45.0417 4684 C:\Windows\System32\drivers\ndiswan.sys - ok
21:33:45.0417 4684 [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
21:33:45.0417 4684 C:\Windows\System32\drivers\rasl2tp.sys - ok
21:33:45.0433 4684 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
21:33:45.0433 4684 C:\Windows\System32\drivers\raspppoe.sys - ok
21:33:45.0433 4684 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
21:33:45.0433 4684 C:\Windows\System32\drivers\raspptp.sys - ok
21:33:45.0449 4684 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
21:33:45.0449 4684 C:\Windows\System32\drivers\kbdclass.sys - ok
21:33:45.0464 4684 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
21:33:45.0464 4684 C:\Windows\System32\drivers\rassstp.sys - ok
21:33:45.0464 4684 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] C:\Windows\System32\drivers\rdpbus.sys
21:33:45.0464 4684 C:\Windows\System32\drivers\rdpbus.sys - ok
21:33:45.0480 4684 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
21:33:45.0480 4684 C:\Windows\System32\drivers\mouclass.sys - ok
21:33:45.0480 4684 [ 5CED372730AFE0CED0ACACC35EDB2376 ] C:\Windows\System32\drivers\SaiBus.sys
21:33:45.0480 4684 C:\Windows\System32\drivers\SaiBus.sys - ok
21:33:45.0496 4684 [ DDA4CAF29D8C0A297F886BFE561E6659 ] C:\Windows\System32\drivers\WUDFRd.sys
21:33:45.0496 4684 C:\Windows\System32\drivers\WUDFRd.sys - ok
21:33:45.0496 4684 [ 8C1D181480796D7D3366A9381FD7782D ] C:\Windows\System32\drivers\nvoclk64.sys
21:33:45.0496 4684 C:\Windows\System32\drivers\nvoclk64.sys - ok
21:33:45.0511 4684 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
21:33:45.0511 4684 C:\Windows\System32\drivers\swenum.sys - ok
21:33:45.0511 4684 [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
21:33:45.0511 4684 C:\Windows\System32\drivers\umbus.sys - ok
21:33:45.0527 4684 [ C172A0F53008EAEB8EA33FE10E177AF5 ] C:\Windows\System32\drivers\flpydisk.sys
21:33:45.0527 4684 C:\Windows\System32\drivers\flpydisk.sys - ok
21:33:45.0527 4684 [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\Windows\System32\drivers\usbhub.sys
21:33:45.0527 4684 C:\Windows\System32\drivers\usbhub.sys - ok
21:33:45.0542 4684 [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
21:33:45.0542 4684 C:\Windows\System32\rpcrt4.dll - ok
21:33:45.0542 4684 [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
21:33:45.0542 4684 C:\Windows\System32\ole32.dll - ok
21:33:45.0558 4684 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
21:33:45.0558 4684 C:\Windows\System32\sechost.dll - ok
21:33:45.0558 4684 [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
21:33:45.0558 4684 C:\Windows\System32\setupapi.dll - ok
21:33:45.0574 4684 [ 5121DB613E10A46A3C5085B479026AA7 ] C:\Windows\System32\wininet.dll
21:33:45.0574 4684 C:\Windows\System32\wininet.dll - ok
21:33:45.0574 4684 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
21:33:45.0574 4684 C:\Windows\System32\advapi32.dll - ok
21:33:45.0589 4684 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
21:33:45.0589 4684 C:\Windows\System32\lpk.dll - ok
21:33:45.0589 4684 [ 2F8B1E3EE3545D3B5A8D56FA1AE07B65 ] C:\Windows\System32\usp10.dll
21:33:45.0589 4684 C:\Windows\System32\usp10.dll - ok
21:33:45.0589 4684 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
21:33:45.0589 4684 C:\Windows\System32\normaliz.dll - ok
21:33:45.0605 4684 [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
21:33:45.0605 4684 C:\Windows\System32\shlwapi.dll - ok
21:33:45.0605 4684 [ 1DBA462CF92D890D8F8E6472E7E8B4B4 ] C:\Windows\System32\urlmon.dll
21:33:45.0605 4684 C:\Windows\System32\urlmon.dll - ok
21:33:45.0621 4684 [ A0F52880DDD164F968BE903C1FECD27E ] C:\Windows\System32\iertutil.dll
21:33:45.0621 4684 C:\Windows\System32\iertutil.dll - ok
21:33:45.0636 4684 [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
21:33:45.0636 4684 C:\Windows\System32\comdlg32.dll - ok
21:33:45.0636 4684 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
21:33:45.0636 4684 C:\Windows\System32\nsi.dll - ok
21:33:45.0652 4684 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
21:33:45.0652 4684 C:\Windows\System32\difxapi.dll - ok
21:33:45.0652 4684 [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
21:33:45.0652 4684 C:\Windows\System32\imagehlp.dll - ok
21:33:45.0667 4684 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
21:33:45.0667 4684 C:\Windows\System32\psapi.dll - ok
21:33:45.0667 4684 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
21:33:45.0667 4684 C:\Windows\System32\clbcatq.dll - ok
21:33:45.0683 4684 [ C6689007B3A749C49A5438DCF36E0CE4 ] C:\Windows\System32\shell32.dll
21:33:45.0683 4684 C:\Windows\System32\shell32.dll - ok
21:33:45.0683 4684 [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
21:33:45.0683 4684 C:\Windows\System32\gdi32.dll - ok
21:33:45.0699 4684 [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
21:33:45.0699 4684 C:\Windows\System32\oleaut32.dll - ok
21:33:45.0699 4684 [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
21:33:45.0699 4684 C:\Windows\System32\msvcrt.dll - ok
21:33:45.0699 4684 [ 1DC3504CA4C57900F1557E9A3F01D272 ] C:\Windows\System32\kernel32.dll
21:33:45.0699 4684 C:\Windows\System32\kernel32.dll - ok
21:33:45.0714 4684 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
21:33:45.0714 4684 C:\Windows\System32\msctf.dll - ok
21:33:45.0714 4684 [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
21:33:45.0714 4684 C:\Windows\System32\user32.dll - ok
21:33:45.0730 4684 [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
21:33:45.0730 4684 C:\Windows\System32\Wldap32.dll - ok
21:33:45.0730 4684 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
21:33:45.0730 4684 C:\Windows\System32\imm32.dll - ok
21:33:45.0746 4684 [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
21:33:45.0746 4684 C:\Windows\System32\ws2_32.dll - ok
21:33:45.0746 4684 [ 12EE6FE9268CEE6D90FDCCBF89236C65 ] C:\Windows\System32\crypt32.dll
21:33:45.0746 4684 C:\Windows\System32\crypt32.dll - ok
21:33:45.0761 4684 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
21:33:45.0761 4684 C:\Windows\System32\comctl32.dll - ok
21:33:45.0761 4684 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
21:33:45.0761 4684 C:\Windows\System32\devobj.dll - ok
21:33:45.0777 4684 [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll
21:33:45.0777 4684 C:\Windows\System32\wintrust.dll - ok
21:33:45.0777 4684 [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
21:33:45.0777 4684 C:\Windows\System32\cfgmgr32.dll - ok
21:33:45.0777 4684 [ 6F2E324703E6D22B9934C33DA48F1F01 ] C:\Windows\System32\KernelBase.dll
21:33:45.0777 4684 C:\Windows\System32\KernelBase.dll - ok
21:33:45.0792 4684 [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
21:33:45.0792 4684 C:\Windows\System32\msasn1.dll - ok
21:33:45.0792 4684 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
21:33:45.0792 4684 C:\Windows\SysWOW64\normaliz.dll - ok
21:33:45.0808 4684 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
21:33:45.0808 4684 C:\Windows\System32\drivers\ndproxy.sys - ok
21:33:45.0808 4684 [ 49EE2E52E6CD03947DAD72F65367BE06 ] C:\Windows\System32\drivers\hidparse.sys
21:33:45.0808 4684 C:\Windows\System32\drivers\hidparse.sys - ok
21:33:45.0824 4684 [ 8B0E40E7E8BBF5ACF390465609D89FF1 ] C:\Windows\System32\drivers\hidclass.sys
21:33:45.0824 4684 C:\Windows\System32\drivers\hidclass.sys - ok
21:33:45.0824 4684 [ AB0984EAA9C544A64E618B34BB6C2956 ] C:\Windows\System32\drivers\SaiMini.sys
21:33:45.0824 4684 C:\Windows\System32\drivers\SaiMini.sys - ok
21:33:45.0839 4684 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] C:\Windows\System32\drivers\kbdhid.sys
21:33:45.0839 4684 C:\Windows\System32\drivers\kbdhid.sys - ok
21:33:45.0839 4684 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] C:\Windows\System32\drivers\mouhid.sys
21:33:45.0839 4684 C:\Windows\System32\drivers\mouhid.sys - ok
21:33:45.0855 4684 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
21:33:45.0855 4684 C:\Windows\System32\drivers\dxapi.sys - ok
21:33:45.0855 4684 [ C58923115CDE6071C3BF2FF063546E9F ] C:\Windows\System32\win32k.sys
21:33:45.0855 4684 C:\Windows\System32\win32k.sys - ok
21:33:45.0871 4684 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
21:33:45.0871 4684 C:\Windows\System32\csrss.exe - ok
21:33:45.0871 4684 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
21:33:45.0871 4684 C:\Windows\System32\basesrv.dll - ok
21:33:45.0886 4684 [ 96F587CA26A6AA894BD8CACE4540CFFC ] C:\Windows\System32\csrsrv.dll
21:33:45.0886 4684 C:\Windows\System32\csrsrv.dll - ok
21:33:45.0886 4684 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\System32\winsrv.dll
21:33:45.0886 4684 C:\Windows\System32\winsrv.dll - ok
21:33:45.0886 4684 [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys
21:33:45.0886 4684 C:\Windows\System32\drivers\usbd.sys - ok
21:33:45.0902 4684 [ 6F1A3157A1C89435352CEB543CDB359C ] C:\Windows\System32\drivers\usbccgp.sys
21:33:45.0902 4684 C:\Windows\System32\drivers\usbccgp.sys - ok
21:33:45.0902 4684 [ 9592090A7E2B61CD582B612B6DF70536 ] C:\Windows\System32\drivers\hidusb.sys
21:33:45.0902 4684 C:\Windows\System32\drivers\hidusb.sys - ok
21:33:45.0917 4684 [ 5D2459A3ED2D9AA1E34D325E48EC8691 ] C:\Windows\System32\drivers\SaiK0728.sys
21:33:45.0917 4684 C:\Windows\System32\drivers\SaiK0728.sys - ok
21:33:45.0917 4684 [ FED648B01349A3C8395A5169DB5FB7D6 ] C:\Windows\System32\drivers\USBSTOR.SYS
21:33:45.0917 4684 C:\Windows\System32\drivers\USBSTOR.SYS - ok
21:33:45.0933 4684 [ FF4232A1A64012BAA1FD97C7B67DF593 ] C:\Windows\System32\drivers\udfs.sys
21:33:45.0933 4684 C:\Windows\System32\drivers\udfs.sys - ok
21:33:45.0933 4684 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
21:33:45.0933 4684 C:\Windows\System32\drivers\monitor.sys - ok
21:33:45.0949 4684 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
21:33:45.0949 4684 C:\Windows\System32\tsddd.dll - ok
21:33:45.0949 4684 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
21:33:45.0949 4684 C:\Windows\System32\sxssrv.dll - ok
21:33:45.0964 4684 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
21:33:45.0964 4684 C:\Windows\System32\wininit.exe - ok
21:33:45.0964 4684 [ 05569A79BF4693670B709144382D02D4 ] C:\Windows\System32\cdd.dll
21:33:45.0964 4684 C:\Windows\System32\cdd.dll - ok
21:33:45.0980 4684 [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL
21:33:45.0980 4684 C:\Windows\System32\KBDUS.DLL - ok
21:33:45.0980 4684 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
21:33:45.0980 4684 C:\Windows\System32\profapi.dll - ok
21:33:45.0996 4684 [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
21:33:45.0996 4684 C:\Windows\System32\RpcRtRemote.dll - ok
21:33:45.0996 4684 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
21:33:45.0996 4684 C:\Windows\System32\WlS0WndH.dll - ok
21:33:46.0011 4684 [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
21:33:46.0011 4684 C:\Windows\System32\sxs.dll - ok
21:33:46.0011 4684 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
21:33:46.0011 4684 C:\Windows\System32\cryptbase.dll - ok
21:33:46.0011 4684 [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
21:33:46.0011 4684 C:\Windows\System32\apphelp.dll - ok
21:33:46.0027 4684 [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
21:33:46.0027 4684 C:\Windows\System32\lsass.exe - ok
21:33:46.0027 4684 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
21:33:46.0027 4684 C:\Windows\System32\services.exe - ok
21:33:46.0042 4684 [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
21:33:46.0042 4684 C:\Windows\System32\lsm.exe - ok
21:33:46.0042 4684 [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
21:33:46.0042 4684 C:\Windows\System32\sspisrv.dll - ok
21:33:46.0058 4684 [ 66A6063D0BAAD3F7B2B9868859E0743B ] C:\Windows\System32\lsasrv.dll
21:33:46.0058 4684 C:\Windows\System32\lsasrv.dll - ok
21:33:46.0058 4684 [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
21:33:46.0058 4684 C:\Windows\System32\sspicli.dll - ok
21:33:46.0074 4684 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
21:33:46.0074 4684 C:\Windows\System32\sysntfy.dll - ok
21:33:46.0074 4684 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
21:33:46.0074 4684 C:\Windows\System32\wmsgapi.dll - ok
21:33:46.0089 4684 [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
21:33:46.0089 4684 C:\Windows\System32\scesrv.dll - ok
21:33:46.0089 4684 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
21:33:46.0089 4684 C:\Windows\System32\scext.dll - ok
21:33:46.0105 4684 [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
21:33:46.0105 4684 C:\Windows\System32\secur32.dll - ok
21:33:46.0105 4684 [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
21:33:46.0105 4684 C:\Windows\System32\samsrv.dll - ok
21:33:46.0105 4684 [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
21:33:46.0105 4684 C:\Windows\System32\srvcli.dll - ok
21:33:46.0121 4684 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
21:33:46.0121 4684 C:\Windows\System32\cryptdll.dll - ok
21:33:46.0121 4684 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
21:33:46.0121 4684 C:\Windows\System32\wevtapi.dll - ok
21:33:46.0136 4684 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
21:33:46.0136 4684 C:\Windows\System32\authz.dll - ok
21:33:46.0136 4684 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
21:33:46.0136 4684 C:\Windows\System32\cngaudit.dll - ok
21:33:46.0152 4684 [ 400645085A91BF3EB0271329B95AE0BE ] C:\Windows\System32\ncrypt.dll
21:33:46.0152 4684 C:\Windows\System32\ncrypt.dll - ok
21:33:46.0152 4684 [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
21:33:46.0152 4684 C:\Windows\System32\winlogon.exe - ok
21:33:46.0167 4684 [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
21:33:46.0167 4684 C:\Windows\System32\winsta.dll - ok
21:33:46.0167 4684 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
21:33:46.0167 4684 C:\Windows\System32\bcrypt.dll - ok
21:33:46.0167 4684 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
21:33:46.0167 4684 C:\Windows\System32\msprivs.dll - ok
21:33:46.0183 4684 [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
21:33:46.0183 4684 C:\Windows\System32\netjoin.dll - ok
21:33:46.0183 4684 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
21:33:46.0183 4684 C:\Windows\System32\negoexts.dll - ok
21:33:46.0199 4684 [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll
21:33:46.0199 4684 C:\Windows\System32\kerberos.dll - ok
21:33:46.0199 4684 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
21:33:46.0199 4684 C:\Windows\System32\cryptsp.dll - ok
21:33:46.0214 4684 [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
21:33:46.0214 4684 C:\Windows\System32\mswsock.dll - ok
21:33:46.0214 4684 [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
21:33:46.0214 4684 C:\Windows\System32\msv1_0.dll - ok
21:33:46.0230 4684 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
21:33:46.0230 4684 C:\Windows\System32\wship6.dll - ok
21:33:46.0230 4684 [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
21:33:46.0230 4684 C:\Windows\System32\netlogon.dll - ok
21:33:46.0246 4684 [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
21:33:46.0246 4684 C:\Windows\System32\dnsapi.dll - ok
21:33:46.0246 4684 [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
21:33:46.0246 4684 C:\Windows\System32\logoncli.dll - ok
21:33:46.0261 4684 [ 1573C45E65DE32B1BC3572634F8F1E8E ] C:\Windows\System32\schannel.dll
21:33:46.0261 4684 C:\Windows\System32\schannel.dll - ok
21:33:46.0261 4684 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
21:33:46.0261 4684 C:\Windows\System32\rsaenh.dll - ok
21:33:46.0277 4684 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
21:33:46.0277 4684 C:\Windows\System32\wdigest.dll - ok
21:33:46.0277 4684 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
21:33:46.0277 4684 C:\Windows\System32\pku2u.dll - ok
21:33:46.0292 4684 [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
21:33:46.0292 4684 C:\Windows\System32\TSpkg.dll - ok
21:33:46.0292 4684 [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
21:33:46.0292 4684 C:\Windows\System32\bcryptprimitives.dll - ok
21:33:46.0292 4684 [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
21:33:46.0292 4684 C:\Windows\System32\credssp.dll - ok
21:33:46.0308 4684 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
21:33:46.0308 4684 C:\Windows\System32\efslsaext.dll - ok
21:33:46.0308 4684 [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
21:33:46.0308 4684 C:\Windows\System32\scecli.dll - ok
21:33:46.0324 4684 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
21:33:46.0324 4684 C:\Windows\System32\ubpm.dll - ok
21:33:46.0324 4684 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
21:33:46.0324 4684 C:\Windows\System32\svchost.exe - ok
21:33:46.0339 4684 [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
21:33:46.0339 4684 C:\Windows\System32\umpnpmgr.dll - ok
21:33:46.0339 4684 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
21:33:46.0339 4684 C:\Windows\System32\SPInf.dll - ok
21:33:46.0355 4684 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
21:33:46.0355 4684 C:\Windows\System32\devrtl.dll - ok
21:33:46.0355 4684 [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
21:33:46.0355 4684 C:\Windows\System32\userenv.dll - ok
21:33:46.0371 4684 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
21:33:46.0371 4684 C:\Windows\System32\gpapi.dll - ok
21:33:46.0371 4684 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
21:33:46.0371 4684 C:\Windows\System32\umpo.dll - ok
21:33:46.0386 4684 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
21:33:46.0386 4684 C:\Windows\System32\pcwum.dll - ok
21:33:46.0386 4684 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
21:33:46.0386 4684 C:\Windows\System32\powrprof.dll - ok
21:33:46.0406 4684 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
21:33:46.0406 4684 C:\Windows\System32\drivers\luafv.sys - ok
21:33:46.0413 4684 [ AB886378EEB55C6C75B4F2D14B6C869F ] C:\Windows\System32\drivers\WUDFPf.sys
21:33:46.0413 4684 C:\Windows\System32\drivers\WUDFPf.sys - ok
21:33:46.0420 4684 [ 2D7092FEC9BD2ACA199673BBA2BA9277 ] C:\Windows\System32\nvvsvc.exe
21:33:46.0420 4684 C:\Windows\System32\nvvsvc.exe - ok
21:33:46.0422 4684 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
21:33:46.0422 4684 C:\Windows\System32\wtsapi32.dll - ok
21:33:46.0438 4684 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
21:33:46.0438 4684 C:\Windows\System32\dwmapi.dll - ok
21:33:46.0438 4684 [ CF6850A72BEB4845A3BFFB3F5E8014B2 ] C:\Windows\System32\pdh.dll
21:33:46.0438 4684 C:\Windows\System32\pdh.dll - ok
21:33:46.0454 4684 [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
21:33:46.0454 4684 C:\Windows\System32\rpcss.dll - ok
21:33:46.0454 4684 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
21:33:46.0454 4684 C:\Windows\System32\RpcEpMap.dll - ok
21:33:46.0469 4684 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
21:33:46.0469 4684 C:\Windows\System32\wshqos.dll - ok
21:33:46.0469 4684 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
21:33:46.0469 4684 C:\Windows\System32\WSHTCPIP.DLL - ok
21:33:46.0469 4684 [ BCF8F2758AA5C451F8E366C66A98BBFE ] C:\Program Files\Microsoft Security Client\MpSvc.dll
21:33:46.0469 4684 C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
21:33:46.0485 4684 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
21:33:46.0485 4684 C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
21:33:46.0485 4684 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
21:33:46.0485 4684 C:\Windows\System32\FirewallAPI.dll - ok
21:33:46.0500 4684 [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
21:33:46.0500 4684 C:\Windows\System32\LogonUI.exe - ok
21:33:46.0500 4684 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
21:33:46.0500 4684 C:\Windows\System32\version.dll - ok
21:33:46.0516 4684 [ 2F67DEE6452EBC9F4A6C97A1CCC232FE ] C:\Program Files\Microsoft Security Client\MpClient.dll
21:33:46.0516 4684 C:\Program Files\Microsoft Security Client\MpClient.dll - ok
21:33:46.0516 4684 [ 0BEE002C68E28CE6DA161DCF1376D7D7 ] C:\Windows\System32\authui.dll
21:33:46.0516 4684 C:\Windows\System32\authui.dll - ok
21:33:46.0532 4684 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
21:33:46.0532 4684 C:\Windows\System32\ntmarta.dll - ok
21:33:46.0532 4684 [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
21:33:46.0532 4684 C:\Windows\System32\cryptui.dll - ok
21:33:46.0547 4684 [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
21:33:46.0547 4684 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
21:33:46.0547 4684 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
21:33:46.0547 4684 C:\Windows\System32\samlib.dll - ok
21:33:46.0563 4684 [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
21:33:46.0563 4684 C:\Windows\System32\shacct.dll - ok
21:33:46.0563 4684 [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
21:33:46.0563 4684 C:\Windows\System32\propsys.dll - ok
21:33:46.0579 4684 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
21:33:46.0579 4684 C:\Windows\System32\uxtheme.dll - ok
21:33:46.0579 4684 [ 179E8401224D557ECFF3695F2016EA5B ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll
21:33:46.0579 4684 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll - ok
21:33:46.0594 4684 [ 5F10310A5A9273475AA04930DFE16742 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
21:33:46.0594 4684 C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
21:33:46.0594 4684 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
21:33:46.0594 4684 C:\Windows\System32\dui70.dll - ok
21:33:46.0610 4684 [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
21:33:46.0610 4684 C:\Windows\System32\wevtsvc.dll - ok
21:33:46.0610 4684 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
21:33:46.0610 4684 C:\Windows\System32\duser.dll - ok
21:33:46.0625 4684 [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
21:33:46.0625 4684 C:\Windows\System32\SndVolSSO.dll - ok
21:33:46.0625 4684 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
21:33:46.0625 4684 C:\Windows\System32\hid.dll - ok
21:33:46.0625 4684 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
21:33:46.0625 4684 C:\Windows\System32\MMDevAPI.dll - ok
21:33:46.0641 4684 [ 6F8B48F3D343E4B186AB6A9E302B7E16 ] C:\Windows\System32\xmllite.dll
21:33:46.0641 4684 C:\Windows\System32\xmllite.dll - ok
21:33:46.0641 4684 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
21:33:46.0641 4684 C:\Windows\System32\netprofm.dll - ok
21:33:46.0657 4684 [ 26B73A85855681500BCC25C7CD9FF5B1 ] C:\Windows\System32\WindowsCodecs.dll
21:33:46.0657 4684 C:\Windows\System32\WindowsCodecs.dll - ok
21:33:46.0657 4684 [ F23FEF6D569FCE88671949894A8BECF1 ] C:\Windows\System32\audiosrv.dll
21:33:46.0657 4684 C:\Windows\System32\audiosrv.dll - ok
21:33:46.0672 4684 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
21:33:46.0672 4684 C:\Windows\System32\avrt.dll - ok
21:33:46.0672 4684 [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
21:33:46.0672 4684 C:\Windows\System32\mmcss.dll - ok
21:33:46.0688 4684 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
21:33:46.0688 4684 C:\Windows\System32\adtschema.dll - ok
21:33:46.0688 4684 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
21:33:46.0688 4684 C:\Windows\System32\winbrand.dll - ok
21:33:46.0704 4684 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
21:33:46.0704 4684 C:\Windows\System32\VaultCredProvider.dll - ok
21:33:46.0704 4684 [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
21:33:46.0704 4684 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
21:33:46.0719 4684 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
21:33:46.0719 4684 C:\Windows\System32\wlansvc.dll - ok
21:33:46.0719 4684 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
21:33:46.0719 4684 C:\Windows\System32\BioCredProv.dll - ok
21:33:46.0735 4684 [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
21:33:46.0735 4684 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
21:33:46.0735 4684 [ B1DF2D87DC8BF6072699AC8301B37796 ] C:\Windows\System32\WUDFPlatform.dll
21:33:46.0735 4684 C:\Windows\System32\WUDFPlatform.dll - ok
21:33:46.0750 4684 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll
21:33:46.0750 4684 C:\Windows\System32\MPSSVC.dll - ok
21:33:46.0750 4684 [ CC0AB40F02D2C2A12209715A3C1B07B8 ] C:\Windows\System32\credui.dll
21:33:46.0750 4684 C:\Windows\System32\credui.dll - ok
21:33:46.0766 4684 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
21:33:46.0766 4684 C:\Windows\System32\winbio.dll - ok
21:33:46.0766 4684 [ EEEA40F0EDB0A6E5359E539E15D0BC77 ] C:\Windows\System32\netapi32.dll
21:33:46.0766 4684 C:\Windows\System32\netapi32.dll - ok
21:33:46.0766 4684 [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
21:33:46.0766 4684 C:\Windows\System32\netutils.dll - ok
21:33:46.0782 4684 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
21:33:46.0782 4684 C:\Windows\System32\vaultcli.dll - ok
21:33:46.0782 4684 [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
21:33:46.0782 4684 C:\Windows\System32\drivers\fltMgr.sys - ok
21:33:46.0797 4684 [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
21:33:46.0797 4684 C:\Windows\System32\samcli.dll - ok
21:33:46.0797 4684 [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
21:33:46.0797 4684 C:\Windows\System32\wkscli.dll - ok
21:33:46.0813 4684 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
21:33:46.0813 4684 C:\Windows\System32\certCredProvider.dll - ok
21:33:46.0813 4684 [ BF62F3BC1BE0700804EC394BB77F02C4 ] C:\Program Files\Microsoft Security Client\MpRTP.dll
21:33:46.0813 4684 C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
21:33:46.0829 4684 [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
21:33:46.0829 4684 C:\Windows\System32\rasplap.dll - ok
21:33:46.0829 4684 [ FF7E814CBFEC3C27922C13BB94667416 ] C:\Program Files\Microsoft Security Client\MsMpLics.dll
21:33:46.0829 4684 C:\Program Files\Microsoft Security Client\MsMpLics.dll - ok
21:33:46.0844 4684 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] C:\Windows\System32\drivers\MpFilter.sys
21:33:46.0844 4684 C:\Windows\System32\drivers\MpFilter.sys - ok
21:33:46.0844 4684 [ F3D202F53A222D5F6944D459B73CF967 ] C:\Windows\System32\fltLib.dll
21:33:46.0844 4684 C:\Windows\System32\fltLib.dll - ok
21:33:46.0860 4684 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] C:\Windows\System32\profsvc.dll
21:33:46.0860 4684 C:\Windows\System32\profsvc.dll - ok
21:33:46.0860 4684 [ 12FD09889C8A6141C8D10F7AE48BBAC8 ] C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll
21:33:46.0860 4684 C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll - ok
21:33:46.0875 4684 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
21:33:46.0875 4684 C:\Windows\System32\PSHED.DLL - ok
21:33:46.0875 4684 [ D5CCA1453B98A5801E6D5FF0FF89DC6C ] C:\Windows\System32\audiodg.exe
21:33:46.0875 4684 C:\Windows\System32\audiodg.exe - ok
21:33:46.0891 4684 [ D527EF4364D2D00443470940B177EAD4 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7A8899B8-6622-4F09-89BE-72763440C31A}\mpengine.dll
21:33:46.0891 4684 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7A8899B8-6622-4F09-89BE-72763440C31A}\mpengine.dll - ok
21:33:46.0891 4684 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
21:33:46.0891 4684 C:\Windows\System32\rasapi32.dll - ok
21:33:46.0907 4684 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] C:\Windows\System32\cscsvc.dll
21:33:46.0907 4684 C:\Windows\System32\cscsvc.dll - ok
21:33:46.0907 4684 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] C:\Windows\System32\gpsvc.dll
21:33:46.0907 4684 C:\Windows\System32\gpsvc.dll - ok
21:33:46.0922 4684 [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
21:33:46.0922 4684 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
21:33:46.0922 4684 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
21:33:46.0922 4684 C:\Windows\System32\rasman.dll - ok
21:33:46.0922 4684 [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll
21:33:46.0922 4684 C:\Windows\System32\rtutils.dll - ok
21:33:46.0938 4684 [ 46BB91A169B9B31FF44EB04C48EC1D41 ] C:\Windows\System32\nlaapi.dll
21:33:46.0938 4684 C:\Windows\System32\nlaapi.dll - ok
21:33:46.0938 4684 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
21:33:46.0938 4684 C:\Windows\System32\atl.dll - ok
21:33:46.0954 4684 [ 29910D50542B1AA0F162EF3339C61B6D ] C:\Windows\System32\PeerDist.dll
21:33:46.0954 4684 C:\Windows\System32\PeerDist.dll - ok
21:33:46.0954 4684 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
21:33:46.0954 4684 C:\Windows\System32\dsrole.dll - ok
21:33:46.0969 4684 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
21:33:46.0969 4684 C:\Windows\System32\slc.dll - ok
21:33:46.0969 4684 [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
21:33:46.0969 4684 C:\Windows\System32\themeservice.dll - ok
21:33:46.0985 4684 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
21:33:46.0985 4684 C:\Windows\System32\es.dll - ok
21:33:46.0985 4684 [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
21:33:46.0985 4684 C:\Windows\System32\taskschd.dll - ok
21:33:47.0000 4684 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
21:33:47.0000 4684 C:\Windows\System32\UXInit.dll - ok
21:33:47.0000 4684 [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
21:33:47.0000 4684 C:\Windows\System32\comres.dll - ok
21:33:47.0016 4684 [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
21:33:47.0016 4684 C:\Windows\System32\Sens.dll - ok
21:33:47.0016 4684 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
21:33:47.0016 4684 C:\Windows\System32\imageres.dll - ok
21:33:47.0032 4684 [ 862596399AAFD2A21DB2AF9270CD4F70 ] C:\Windows\System32\mstask.dll
21:33:47.0032 4684 C:\Windows\System32\mstask.dll - ok
21:33:47.0032 4684 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
21:33:47.0032 4684 C:\Windows\System32\uxsms.dll - ok
21:33:47.0032 4684 [ B20F051B03A966392364C83F009F7D17 ] C:\Windows\System32\WUDFSvc.dll
21:33:47.0032 4684 C:\Windows\System32\WUDFSvc.dll - ok
21:33:47.0047 4684 [ 8ABFE00F213F2571498F1B8FD7939A98 ] C:\Windows\System32\WUDFHost.exe
21:33:47.0047 4684 C:\Windows\System32\WUDFHost.exe - ok
21:33:47.0047 4684 [ 25AE683DCB4AE7E6F1B193A0CB9DB35F ] C:\Windows\System32\WUDFx.dll
21:33:47.0047 4684 C:\Windows\System32\WUDFx.dll - ok
21:33:47.0063 4684 [ 1217C601B093D79F07A64BD848138A07 ] C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
21:33:47.0063 4684 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe - ok
21:33:47.0063 4684 [ 63E9B07FE8660BCBC0A314DEC9298A17 ] C:\Windows\System32\nvsvc64.dll
21:33:47.0063 4684 C:\Windows\System32\nvsvc64.dll - ok
21:33:47.0079 4684 [ C1F2F3716C464BA0F40987600C2EA4BF ] C:\Windows\System32\drivers\UMDF\GeosenseSensor.dll
21:33:47.0079 4684 C:\Windows\System32\drivers\UMDF\GeosenseSensor.dll - ok
21:33:47.0079 4684 [ 19F9B524A525D202194247E96656CB88 ] C:\Windows\System32\mfc42u.dll
21:33:47.0079 4684 C:\Windows\System32\mfc42u.dll - ok
21:33:47.0094 4684 [ 9465BD11AEA3F3D6B96154A86BB1BF28 ] C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll
21:33:47.0094 4684 C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll - ok
21:33:47.0094 4684 [ 7FF8E121AFA05BDAB23B9FEDCDAB7A33 ] C:\Windows\System32\odbc32.dll
21:33:47.0094 4684 C:\Windows\System32\odbc32.dll - ok
21:33:47.0110 4684 [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
21:33:47.0110 4684 C:\Windows\System32\wlanapi.dll - ok
21:33:47.0110 4684 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
21:33:47.0110 4684 C:\Windows\System32\wlanutil.dll - ok
21:33:47.0125 4684 [ 3E466073C3B1033FF92ADE9031E3D4A2 ] C:\Windows\System32\odbcint.dll
21:33:47.0125 4684 C:\Windows\System32\odbcint.dll - ok
21:33:47.0125 4684 [ 5B8580B819BE32EEC18CE1FEC52A4BCE ] C:\Program Files\Microsoft Security Client\MpCmdRun.exe
21:33:47.0125 4684 C:\Program Files\Microsoft Security Client\MpCmdRun.exe - ok
21:33:47.0141 4684 [ 0E7045E24F78351E021D3C01566DBBA3 ] C:\Program Files\Microsoft Security Client\MpAsDesc.dll
21:33:47.0141 4684 C:\Program Files\Microsoft Security Client\MpAsDesc.dll - ok
21:33:47.0141 4684 [ 52BF27158BEC805C9E98FB99D106FD1D ] C:\Program Files\NVIDIA Corporation\Display\nvui.dll
21:33:47.0141 4684 C:\Program Files\NVIDIA Corporation\Display\nvui.dll - ok
21:33:47.0157 4684 [ 3326166011C9BC13D6A8EFD856E9921C ] C:\Windows\System32\conhost.exe
21:33:47.0157 4684 C:\Windows\System32\conhost.exe - ok
21:33:47.0157 4684 [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll
21:33:47.0157 4684 C:\Windows\System32\mscms.dll - ok
21:33:47.0157 4684 [ 218A400108F280428FA22282D3268BBC ] C:\Windows\System32\wscapi.dll
21:33:47.0157 4684 C:\Windows\System32\wscapi.dll - ok
21:33:47.0172 4684 [ FA43D418BC945D27D0625B697B8442B5 ] C:\Windows\System32\cabinet.dll
21:33:47.0172 4684 C:\Windows\System32\cabinet.dll - ok
21:33:47.0172 4684 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
21:33:47.0172 4684 C:\Windows\System32\PortableDeviceTypes.dll - ok
21:33:47.0188 4684 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
21:33:47.0188 4684 C:\Windows\System32\winmm.dll - ok
21:33:47.0188 4684 [ 3130CB59CAF6B16F83FA4075D0AE7366 ] C:\Windows\System32\SensorsClassExtension.dll
21:33:47.0188 4684 C:\Windows\System32\SensorsClassExtension.dll - ok
21:33:47.0204 4684 [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
21:33:47.0204 4684 C:\Windows\System32\IPHLPAPI.DLL - ok
21:33:47.0204 4684 [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
21:33:47.0204 4684 C:\Windows\System32\wdscore.dll - ok
21:33:47.0219 4684 [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
21:33:47.0219 4684 C:\Windows\System32\msimg32.dll - ok
21:33:47.0219 4684 [ 8C3E3C1CC57523884FD012BED66E1D86 ] C:\Windows\System32\nvapi64.dll
21:33:47.0219 4684 C:\Windows\System32\nvapi64.dll - ok
21:33:47.0235 4684 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
21:33:47.0235 4684 C:\Windows\System32\winnsi.dll - ok
21:33:47.0235 4684 [ 92E0508D924512F63FFEEFE498CBD11F ] C:\Windows\System32\p2pcollab.dll
21:33:47.0235 4684 C:\Windows\System32\p2pcollab.dll - ok
21:33:47.0250 4684 [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
21:33:47.0250 4684 C:\Windows\System32\PortableDeviceApi.dll - ok
21:33:47.0250 4684 [ 582AC6D9873E31DFA28A4547270862DD ] C:\Windows\System32\QAGENTRT.DLL
21:33:47.0250 4684 C:\Windows\System32\QAGENTRT.DLL - ok
21:33:47.0266 4684 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
21:33:47.0266 4684 C:\Windows\System32\dllhost.exe - ok
21:33:47.0266 4684 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
21:33:47.0266 4684 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
21:33:47.0282 4684 [ 506A83A3BEEE9FCA09F0170DE9FC7D1B ] C:\Windows\System32\fveui.dll
21:33:47.0282 4684 C:\Windows\System32\fveui.dll - ok
21:33:47.0282 4684 [ 389CA818132C1D7DCF0C791E8D9035DE ] C:\Windows\System32\PortableDeviceClassExtension.dll
21:33:47.0282 4684 C:\Windows\System32\PortableDeviceClassExtension.dll - ok
21:33:47.0297 4684 [ CA9E3BD4752FA2C084F5CD35FD8D0025 ] C:\Program Files\Microsoft Security Client\MsseWat.dll
21:33:47.0297 4684 C:\Program Files\Microsoft Security Client\MsseWat.dll - ok
21:33:47.0297 4684 [ B6D6886149573278CBA6ABD44C4317F5 ] C:\Windows\System32\slwga.dll
21:33:47.0297 4684 C:\Windows\System32\slwga.dll - ok
21:33:47.0313 4684 [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
21:33:47.0313 4684 C:\Windows\System32\drivers\lltdio.sys - ok
21:33:47.0313 4684 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
21:33:47.0313 4684 C:\Windows\System32\IDStore.dll - ok
21:33:47.0329 4684 [ DB76DB15EFC6E4D1153A6C5BC895948D ] C:\Windows\System32\sppc.dll
21:33:47.0329 4684 C:\Windows\System32\sppc.dll - ok
21:33:47.0329 4684 [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe
21:33:47.0329 4684 C:\Windows\System32\AtBroker.exe - ok
21:33:47.0344 4684 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
21:33:47.0344 4684 C:\Windows\System32\mpr.dll - ok
21:33:47.0344 4684 [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
21:33:47.0344 4684 C:\Windows\System32\userinit.exe - ok
21:33:47.0360 4684 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
21:33:47.0360 4684 C:\Windows\System32\drivers\nwifi.sys - ok
21:33:47.0360 4684 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
21:33:47.0360 4684 C:\Windows\System32\dwm.exe - ok
21:33:47.0375 4684 [ 382E64500E3C2FFD2CC8821F7D3DE740 ] C:\Windows\System32\nvcpl.dll
21:33:47.0375 4684 C:\Windows\System32\nvcpl.dll - ok
21:33:47.0375 4684 [ FCFCD1101C5DA23B4B95F93D02B2C169 ] C:\Windows\System32\dwmredir.dll
21:33:47.0375 4684 C:\Windows\System32\dwmredir.dll - ok
21:33:47.0391 4684 [ 4BA77A5EF71C14C764B0ED4701683E3E ] C:\Windows\System32\dwmcore.dll
21:33:47.0391 4684 C:\Windows\System32\dwmcore.dll - ok
21:33:47.0391 4684 [ 136185F9FB2CC61E573E676AA5402356 ] C:\Windows\System32\drivers\ndisuio.sys
21:33:47.0391 4684 C:\Windows\System32\drivers\ndisuio.sys - ok
21:33:47.0391 4684 [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
21:33:47.0391 4684 C:\Windows\System32\drivers\rspndr.sys - ok
21:33:47.0407 4684 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
21:33:47.0407 4684 C:\Windows\System32\lmhsvc.dll - ok
21:33:47.0407 4684 [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll
21:33:47.0407 4684 C:\Windows\System32\nrpsrv.dll - ok
21:33:47.0422 4684 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
21:33:47.0422 4684 C:\Windows\System32\nsisvc.dll - ok
21:33:47.0422 4684 [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
21:33:47.0422 4684 C:\Windows\System32\keyiso.dll - ok
21:33:47.0439 4684 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
21:33:47.0439 4684 C:\Windows\System32\eapsvc.dll - ok
21:33:47.0439 4684 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll
21:33:47.0439 4684 C:\Windows\System32\dhcpcore.dll - ok
21:33:47.0455 4684 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll
21:33:47.0455 4684 C:\Windows\System32\dnsrslvr.dll - ok
21:33:47.0455 4684 [ 87356377F31DA5F20A833811CD59499C ] C:\Windows\System32\eapphost.dll
21:33:47.0455 4684 C:\Windows\System32\eapphost.dll - ok
21:33:47.0470 4684 [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe
21:33:47.0470 4684 C:\Windows\explorer.exe - ok
21:33:47.0470 4684 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
21:33:47.0470 4684 C:\Windows\System32\FWPUCLNT.DLL - ok
21:33:47.0486 4684 [ 3CC16A849E6092E43909F48EF0E60306 ] C:\Windows\System32\dhcpcore6.dll
21:33:47.0486 4684 C:\Windows\System32\dhcpcore6.dll - ok
21:33:47.0486 4684 [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll
21:33:47.0486 4684 C:\Windows\System32\umb.dll - ok
21:33:47.0501 4684 [ A648C4A06DE367065B24056D067B4460 ] C:\Windows\System32\wlanmsm.dll
21:33:47.0501 4684 C:\Windows\System32\wlanmsm.dll - ok
21:33:47.0501 4684 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
21:33:47.0501 4684 C:\Windows\System32\dnsext.dll - ok
21:33:47.0501 4684 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
21:33:47.0501 4684 C:\Windows\System32\dhcpcsvc.dll - ok
21:33:47.0517 4684 [ 3C06D5A929B798D0B13F6481242A0FD2 ] C:\Windows\System32\dhcpcsvc6.dll
21:33:47.0517 4684 C:\Windows\System32\dhcpcsvc6.dll - ok
21:33:47.0517 4684 [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
21:33:47.0517 4684 C:\Windows\System32\wlansec.dll - ok
21:33:47.0533 4684 [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
21:33:47.0533 4684 C:\Windows\System32\winspool.drv - ok

21:33:47.0533 4684 [ E1374D37477322D4956604711008C69D ] C:\Windows\System32\d3d10_1.dll
21:33:47.0533 4684 C:\Windows\System32\d3d10_1.dll - ok
21:33:47.0548 4684 [ 426BA4E737A7988FD1202AF2F2B2F4A6 ] C:\Windows\System32\d3d10_1core.dll
21:33:47.0548 4684 C:\Windows\System32\d3d10_1core.dll - ok
21:33:47.0548 4684 [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll
21:33:47.0548 4684 C:\Windows\System32\onex.dll - ok
21:33:47.0564 4684 [ 263E9A047D17CD50BAA9D3C02910D18D ] C:\Windows\System32\oledlg.dll
21:33:47.0564 4684 C:\Windows\System32\oledlg.dll - ok
21:33:47.0564 4684 [ CF636C92B762B26F0B39B38E92380A09 ] C:\Windows\System32\oleacc.dll
21:33:47.0564 4684 C:\Windows\System32\oleacc.dll - ok
21:33:47.0580 4684 [ F404E59DB6A0F122AB26BF4F3E2FD0FA ] C:\Windows\System32\dxgi.dll
21:33:47.0580 4684 C:\Windows\System32\dxgi.dll - ok
21:33:47.0580 4684 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
21:33:47.0580 4684 C:\Windows\System32\eappprxy.dll - ok
21:33:47.0595 4684 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
21:33:47.0595 4684 C:\Windows\System32\eappcfg.dll - ok
21:33:47.0595 4684 [ 68A87F45B30210103834966E0FDC3D05 ] C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll
21:33:47.0595 4684 C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll - ok
21:33:47.0611 4684 [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
21:33:47.0611 4684 C:\Windows\System32\l2gpstore.dll - ok
21:33:47.0611 4684 [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
21:33:47.0611 4684 C:\Windows\System32\wlgpclnt.dll - ok
21:33:47.0626 4684 [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
21:33:47.0626 4684 C:\Windows\System32\WinSCard.dll - ok
21:33:47.0626 4684 [ 4FFDE68C4B7C9993FA551E7E36DDB34D ] C:\Windows\System32\msxml6.dll
21:33:47.0626 4684 C:\Windows\System32\msxml6.dll - ok
21:33:47.0642 4684 [ AD976778C4B92F9EC4842295974E9BD9 ] C:\Windows\System32\d3d10level9.dll
21:33:47.0642 4684 C:\Windows\System32\d3d10level9.dll - ok
21:33:47.0642 4684 [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
21:33:47.0642 4684 C:\Windows\System32\ExplorerFrame.dll - ok
21:33:47.0658 4684 [ D9FCBDD7244A238EEA1C12770476A096 ] C:\Windows\System32\nvd3dumx.dll
21:33:47.0658 4684 C:\Windows\System32\nvd3dumx.dll - ok
21:33:47.0658 4684 [ AAF932B4011D14052955D4B212A4DA8D ] C:\Windows\System32\shsvcs.dll
21:33:47.0658 4684 C:\Windows\System32\shsvcs.dll - ok
21:33:47.0658 4684 [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
21:33:47.0658 4684 C:\Windows\System32\netcfgx.dll - ok
21:33:47.0673 4684 [ 5195FD1190D4253C3D1727BD43546212 ] C:\Program Files\NVIDIA Corporation\Display\nvxdplcy.dll
21:33:47.0673 4684 C:\Program Files\NVIDIA Corporation\Display\nvxdplcy.dll - ok
21:33:47.0673 4684 [ 1EEF6ACBBE1D5DCD2EE545895DA87454 ] C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
21:33:47.0673 4684 C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll - ok
21:33:47.0689 4684 [ A7A8CA53D9C9FD90C07AB0EB38E5316B ] C:\Windows\System32\dbghelp.dll
21:33:47.0689 4684 C:\Windows\System32\dbghelp.dll - ok
21:33:47.0689 4684 [ 262F6592C3299C005FD6BEC90FC4463A ] C:\Windows\System32\schedsvc.dll
21:33:47.0689 4684 C:\Windows\System32\schedsvc.dll - ok
21:33:47.0705 4684 [ 1658E808E4D4889C66DE47EC87F1DED1 ] C:\Windows\System32\msvcp60.dll
21:33:47.0705 4684 C:\Windows\System32\msvcp60.dll - ok
21:33:47.0705 4684 [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
21:33:47.0705 4684 C:\Windows\System32\ktmw32.dll - ok
21:33:47.0720 4684 [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7 ] C:\Windows\System32\taskcomp.dll
21:33:47.0720 4684 C:\Windows\System32\taskcomp.dll - ok
21:33:47.0720 4684 [ 945E54F23C72D37B8CD1987AF0DB63BF ] C:\Windows\System32\fveapi.dll
21:33:47.0720 4684 C:\Windows\System32\fveapi.dll - ok
21:33:47.0720 4684 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
21:33:47.0720 4684 C:\Windows\System32\tbs.dll - ok
21:33:47.0736 4684 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
21:33:47.0736 4684 C:\Windows\System32\fvecerts.dll - ok
21:33:47.0736 4684 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
21:33:47.0736 4684 C:\Windows\System32\EhStorShell.dll - ok
21:33:47.0751 4684 [ 32802C0F6FC7C8F561B9D91F52A46421 ] C:\Windows\System32\cscui.dll
21:33:47.0751 4684 C:\Windows\System32\cscui.dll - ok
21:33:47.0751 4684 [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
21:33:47.0751 4684 C:\Windows\System32\wiarpc.dll - ok
21:33:47.0767 4684 [ 517110BD83835338C037269E603DB55D ] C:\Windows\System32\taskhost.exe
21:33:47.0767 4684 C:\Windows\System32\taskhost.exe - ok
21:33:47.0767 4684 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
21:33:47.0767 4684 C:\Windows\System32\PlaySndSrv.dll - ok
21:33:47.0783 4684 [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
21:33:47.0783 4684 C:\Windows\System32\cscapi.dll - ok
21:33:47.0783 4684 [ 7EE5F17A21D9A9101207DF4BC37B085D ] C:\Windows\System32\cscdll.dll
21:33:47.0783 4684 C:\Windows\System32\cscdll.dll - ok
21:33:47.0798 4684 [ 9BB99503D6A4DD62569EDE9E5E2672A5 ] C:\Windows\System32\HotStartUserAgent.dll
21:33:47.0798 4684 C:\Windows\System32\HotStartUserAgent.dll - ok
21:33:47.0798 4684 [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll
21:33:47.0798 4684 C:\Windows\System32\ntshrui.dll - ok
21:33:47.0814 4684 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
21:33:47.0814 4684 C:\Windows\System32\MsCtfMonitor.dll - ok
21:33:47.0814 4684 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
21:33:47.0814 4684 C:\Windows\System32\msutb.dll - ok
21:33:47.0830 4684 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] C:\Windows\System32\drivers\http.sys
21:33:47.0830 4684 C:\Windows\System32\drivers\http.sys - ok
21:33:47.0830 4684 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] C:\Windows\System32\spoolsv.exe
21:33:47.0830 4684 C:\Windows\System32\spoolsv.exe - ok
21:33:47.0845 4684 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
21:33:47.0845 4684 C:\Windows\System32\IconCodecService.dll - ok
21:33:47.0845 4684 [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL
21:33:47.0845 4684 C:\Windows\System32\BFE.DLL - ok
21:33:47.0861 4684 [ 65EA57712340C09B1B0C427B4848AE05 ] C:\Windows\System32\taskeng.exe
21:33:47.0861 4684 C:\Windows\System32\taskeng.exe - ok
21:33:47.0861 4684 [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll
21:33:47.0861 4684 C:\Windows\System32\uDWM.dll - ok
21:33:47.0861 4684 [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys
21:33:47.0861 4684 C:\Windows\System32\drivers\bowser.sys - ok
21:33:47.0876 4684 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
21:33:47.0876 4684 C:\Windows\System32\drivers\mpsdrv.sys - ok
21:33:47.0876 4684 [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys
21:33:47.0876 4684 C:\Windows\System32\drivers\mrxsmb.sys - ok
21:33:47.0892 4684 [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys
21:33:47.0892 4684 C:\Windows\System32\drivers\mrxsmb10.sys - ok
21:33:47.0892 4684 [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
21:33:47.0892 4684 C:\Windows\System32\wfapigp.dll - ok
21:33:47.0908 4684 [ 805A52C5AE26C28E88FDD9BCCFE6F312 ] C:\Windows\System32\TSChannel.dll
21:33:47.0908 4684 C:\Windows\System32\TSChannel.dll - ok
21:33:47.0908 4684 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys
21:33:47.0908 4684 C:\Windows\System32\drivers\mrxsmb20.sys - ok
21:33:47.0923 4684 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
21:33:47.0923 4684 C:\Windows\System32\pcasvc.dll - ok
21:33:47.0923 4684 [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
21:33:47.0923 4684 C:\Windows\System32\snmptrap.exe - ok
21:33:47.0939 4684 [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll
21:33:47.0939 4684 C:\Windows\System32\wkssvc.dll - ok
21:33:47.0939 4684 [ 91A8E32B00BF7899EDAB6783287DDDA6 ] C:\Windows\System32\PeerDistSh.dll
21:33:47.0939 4684 C:\Windows\System32\PeerDistSh.dll - ok
21:33:47.0955 4684 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:33:47.0955 4684 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
21:33:47.0955 4684 [ 506708142BC63DABA64F2D3AD1DCD5BF ] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:33:47.0955 4684 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - ok
21:33:47.0970 4684 [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
21:33:47.0970 4684 C:\Windows\SysWOW64\ntdll.dll - ok
21:33:47.0970 4684 [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll
21:33:47.0970 4684 C:\Windows\System32\provsvc.dll - ok
21:33:47.0986 4684 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
21:33:47.0986 4684 C:\Windows\System32\sstpsvc.dll - ok
21:33:47.0986 4684 [ 15B30F15BD13640B337A0FC37BD48CDE ] C:\Windows\System32\wow64.dll
21:33:47.0986 4684 C:\Windows\System32\wow64.dll - ok
21:33:48.0001 4684 [ 2970785A72054740E1A5DCEB32485486 ] C:\Windows\System32\wow64win.dll
21:33:48.0001 4684 C:\Windows\System32\wow64win.dll - ok
21:33:48.0001 4684 [ 98168B9B0656A01A321FF1BECB2C03E1 ] C:\Windows\System32\wow64cpu.dll
21:33:48.0001 4684 C:\Windows\System32\wow64cpu.dll - ok
21:33:48.0017 4684 [ D4F3176082566CEFA633B4945802D4C4 ] C:\Windows\SysWOW64\kernel32.dll
21:33:48.0017 4684 C:\Windows\SysWOW64\kernel32.dll - ok
21:33:48.0017 4684 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
21:33:48.0017 4684 C:\Windows\SysWOW64\advapi32.dll - ok
21:33:48.0033 4684 [ 0978C2B33BDD0A7E6C563AA337DC8BA0 ] C:\Windows\SysWOW64\KernelBase.dll
21:33:48.0033 4684 C:\Windows\SysWOW64\KernelBase.dll - ok
21:33:48.0033 4684 [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
21:33:48.0033 4684 C:\Windows\SysWOW64\user32.dll - ok
21:33:48.0033 4684 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
21:33:48.0033 4684 C:\Windows\SysWOW64\msvcrt.dll - ok
21:33:48.0048 4684 [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
21:33:48.0048 4684 C:\Windows\SysWOW64\gdi32.dll - ok
21:33:48.0048 4684 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
21:33:48.0048 4684 C:\Windows\SysWOW64\lpk.dll - ok
21:33:48.0064 4684 [ 804AAAFEBB3AD5F49334DD906BCB1DE5 ] C:\Windows\SysWOW64\usp10.dll
21:33:48.0064 4684 C:\Windows\SysWOW64\usp10.dll - ok
21:33:48.0064 4684 [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
21:33:48.0064 4684 C:\Windows\SysWOW64\rpcrt4.dll - ok
21:33:48.0080 4684 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
21:33:48.0080 4684 C:\Windows\SysWOW64\sechost.dll - ok
21:33:48.0080 4684 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
21:33:48.0080 4684 C:\Windows\SysWOW64\cryptbase.dll - ok
21:33:48.0095 4684 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
21:33:48.0095 4684 C:\Windows\SysWOW64\shlwapi.dll - ok
21:33:48.0095 4684 [ EDA7AD21DF8945528F01F0A86D69E524 ] C:\Windows\SysWOW64\sspicli.dll
21:33:48.0095 4684 C:\Windows\SysWOW64\sspicli.dll - ok
21:33:48.0111 4684 [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
21:33:48.0111 4684 C:\Windows\SysWOW64\imm32.dll - ok
21:33:48.0111 4684 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
21:33:48.0111 4684 C:\Windows\SysWOW64\msctf.dll - ok
21:33:48.0126 4684 [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\SysWOW64\shell32.dll
21:33:48.0126 4684 C:\Windows\SysWOW64\shell32.dll - ok
21:33:48.0126 4684 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
21:33:48.0126 4684 C:\Windows\SysWOW64\ole32.dll - ok
21:33:48.0142 4684 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
21:33:48.0142 4684 C:\Windows\SysWOW64\oleaut32.dll - ok
21:33:48.0142 4684 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll
21:33:48.0142 4684 C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll - ok
21:33:48.0158 4684 [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\SysWOW64\crypt32.dll
21:33:48.0158 4684 C:\Windows\SysWOW64\crypt32.dll - ok
21:33:48.0158 4684 [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
21:33:48.0158 4684 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
21:33:48.0173 4684 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
21:33:48.0173 4684 C:\Windows\SysWOW64\msasn1.dll - ok
21:33:48.0173 4684 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
21:33:48.0173 4684 C:\Windows\SysWOW64\nsi.dll - ok
21:33:48.0189 4684 [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\SysWOW64\wintrust.dll
21:33:48.0189 4684 C:\Windows\SysWOW64\wintrust.dll - ok
21:33:48.0189 4684 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
21:33:48.0189 4684 C:\Windows\SysWOW64\winnsi.dll - ok
21:33:48.0189 4684 [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\SysWOW64\netapi32.dll
21:33:48.0189 4684 C:\Windows\SysWOW64\netapi32.dll - ok
21:33:48.0205 4684 [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\SysWOW64\netutils.dll
21:33:48.0205 4684 C:\Windows\SysWOW64\netutils.dll - ok
21:33:48.0205 4684 [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\SysWOW64\srvcli.dll
21:33:48.0205 4684 C:\Windows\SysWOW64\srvcli.dll - ok
21:33:48.0220 4684 [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\SysWOW64\wkscli.dll
21:33:48.0220 4684 C:\Windows\SysWOW64\wkscli.dll - ok
21:33:48.0220 4684 [ B3892E6DA8E2C8CE4B0A9D3EB9A185E5 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcr90.dll
21:33:48.0220 4684 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcr90.dll - ok
21:33:48.0236 4684 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
21:33:48.0236 4684 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
21:33:48.0236 4684 [ A5299D04ED225D64CF07A568A3E1BF8C ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:33:48.0236 4684 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
21:33:48.0251 4684 [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\SysWOW64\imagehlp.dll
21:33:48.0251 4684 C:\Windows\SysWOW64\imagehlp.dll - ok
21:33:48.0251 4684 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
21:33:48.0251 4684 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
21:33:48.0267 4684 [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\SysWOW64\msi.dll
21:33:48.0267 4684 C:\Windows\SysWOW64\msi.dll - ok
21:33:48.0267 4684 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
21:33:48.0267 4684 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
21:33:48.0283 4684 [ 8C22C6088057A00EAE7D963600F26EEB ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll
21:33:48.0283 4684 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
21:33:48.0283 4684 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
21:33:48.0283 4684 C:\Windows\SysWOW64\version.dll - ok
21:33:48.0298 4684 [ D339D7F6E52AECCA9C0898CB547B2902 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll
21:33:48.0298 4684 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
21:33:48.0298 4684 [ 7FA3A810F383588D46220967DE8B64FF ] C:\Windows\SysWOW64\wininet.dll
21:33:48.0298 4684 C:\Windows\SysWOW64\wininet.dll - ok
21:33:48.0314 4684 [ 5F3347EBA403EE64780980A5BAF10304 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
21:33:48.0314 4684 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
21:33:48.0314 4684 [ 780E80E5502015EDAEC91DC0A0C96A79 ] C:\Windows\SysWOW64\iertutil.dll
21:33:48.0314 4684 C:\Windows\SysWOW64\iertutil.dll - ok
21:33:48.0330 4684 [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll
21:33:48.0330 4684 C:\Windows\SysWOW64\ws2_32.dll - ok
21:33:48.0330 4684 [ 32D78DCABFB942275E01363D5232C77D ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
21:33:48.0330 4684 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll - ok
21:33:48.0345 4684 [ 62169BDD927A67C360A35F4526429B01 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
21:33:48.0345 4684 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
21:33:48.0345 4684 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
21:33:48.0345 4684 C:\Windows\SysWOW64\wsock32.dll - ok
21:33:48.0361 4684 [ 09B7E7CD6F202247B3CF2306108589C2 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
21:33:48.0361 4684 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
21:33:48.0361 4684 [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\SysWOW64\winmm.dll
21:33:48.0361 4684 C:\Windows\SysWOW64\winmm.dll - ok
21:33:48.0376 4684 [ 9ABB7CDAC0914579C86990048771B1B4 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
21:33:48.0376 4684 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll - ok
21:33:48.0392 4684 [ 4266A3230981DD4434C55957F6DD497D ] C:\Windows\SysWOW64\urlmon.dll
21:33:48.0392 4684 C:\Windows\SysWOW64\urlmon.dll - ok
21:33:48.0392 4684 [ D47913F993A0E3A0C9F1E88FD02E98C6 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
21:33:48.0392 4684 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
21:33:48.0408 4684 [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\SysWOW64\cscapi.dll
21:33:48.0408 4684 C:\Windows\SysWOW64\cscapi.dll - ok
21:33:48.0408 4684 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
21:33:48.0408 4684 C:\Windows\SysWOW64\ntmarta.dll - ok
21:33:48.0408 4684 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll
21:33:48.0408 4684 C:\Windows\SysWOW64\Wldap32.dll - ok
21:33:48.0423 4684 [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\SysWOW64\dbghelp.dll
21:33:48.0423 4684 C:\Windows\SysWOW64\dbghelp.dll - ok
21:33:48.0423 4684 [ 43A0A24CD12B110DC93462D6B035C961 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
21:33:48.0423 4684 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll - ok
21:33:48.0439 4684 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\SysWOW64\apphelp.dll
21:33:48.0439 4684 C:\Windows\SysWOW64\apphelp.dll - ok
21:33:48.0439 4684 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
21:33:48.0439 4684 C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok
21:33:48.0455 4684 [ 41938F2C1642459CBBA691B5DBD6395A ] C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
21:33:48.0455 4684 C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe - ok
21:33:48.0455 4684 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
21:33:48.0455 4684 C:\Windows\SysWOW64\clbcatq.dll - ok
21:33:48.0470 4684 [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll
21:33:48.0470 4684 C:\Windows\SysWOW64\userenv.dll - ok
21:33:48.0470 4684 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
21:33:48.0470 4684 C:\Windows\SysWOW64\profapi.dll - ok
21:33:48.0486 4684 [ BA02F01BE7ED88E8974C798ACB3075F5 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
21:33:48.0486 4684 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll - ok
21:33:48.0486 4684 [ 4E4EDF9CA82E95BAB2977DD9F21B00F6 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
21:33:48.0486 4684 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
21:33:48.0501 4684 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
21:33:48.0501 4684 C:\Windows\SysWOW64\setupapi.dll - ok
21:33:48.0501 4684 [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
21:33:48.0501 4684 C:\Windows\SysWOW64\cfgmgr32.dll - ok
21:33:48.0517 4684 [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll
21:33:48.0517 4684 C:\Windows\SysWOW64\devobj.dll - ok
21:33:48.0517 4684 [ 062373995EAE5F0EAC9EAA9192136BFB ] C:\Windows\SysWOW64\dnssd.dll
21:33:48.0517 4684 C:\Windows\SysWOW64\dnssd.dll - ok
21:33:48.0533 4684 [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\SysWOW64\wtsapi32.dll
21:33:48.0533 4684 C:\Windows\SysWOW64\wtsapi32.dll - ok
21:33:48.0533 4684 [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll
21:33:48.0533 4684 C:\Windows\SysWOW64\mswsock.dll - ok
21:33:48.0548 4684 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] C:\Program Files\Bonjour\mDNSResponder.exe
21:33:48.0548 4684 C:\Program Files\Bonjour\mDNSResponder.exe - ok
21:33:48.0548 4684 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
21:33:48.0548 4684 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
21:33:48.0564 4684 [ 0E1B02C9CC352A1F61703B7D1A8A2C45 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll
21:33:48.0564 4684 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
21:33:48.0580 4684 [ 58B61578D5704E9FC8B8A9861A85069D ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
21:33:48.0580 4684 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll - ok
21:33:48.0580 4684 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] C:\Windows\System32\dps.dll
21:33:48.0580 4684 C:\Windows\System32\dps.dll - ok
21:33:48.0595 4684 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] C:\Windows\System32\cryptsvc.dll
21:33:48.0595 4684 C:\Windows\System32\cryptsvc.dll - ok
21:33:48.0595 4684 [ 802496CB59A30349F9A6DD22D6947644 ] C:\Windows\System32\FDResPub.dll
21:33:48.0595 4684 C:\Windows\System32\FDResPub.dll - ok
21:33:48.0611 4684 [ 3755C0F9D2A0CBE1CC0C37410725533A ] C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
21:33:48.0611 4684 C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe - ok
21:33:48.0611 4684 [ 8792BAB371B4B1589E015B6FD1ED3B15 ] C:\Windows\System32\cryptnet.dll
21:33:48.0611 4684 C:\Windows\System32\cryptnet.dll - ok
21:33:48.0626 4684 [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\SysWOW64\mscoree.dll
21:33:48.0626 4684 C:\Windows\SysWOW64\mscoree.dll - ok
21:33:48.0626 4684 [ AF54247F97CCF3539DE7505C09972FF9 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll
21:33:48.0626 4684 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
21:33:48.0642 4684 [ F1B205F932F62F94506A5F332C895DAF ] C:\Windows\System32\WSDApi.dll
21:33:48.0642 4684 C:\Windows\System32\WSDApi.dll - ok
21:33:48.0642 4684 [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
21:33:48.0642 4684 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
21:33:48.0658 4684 [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
21:33:48.0658 4684 C:\Windows\System32\vssapi.dll - ok
21:33:48.0658 4684 [ C55516D98DD5D8F0153C2A9B4227DA86 ] C:\Windows\System32\webservices.dll
21:33:48.0658 4684 C:\Windows\System32\webservices.dll - ok
21:33:48.0673 4684 [ 8B92BED5B8D4A8480E7AA631F35A6F35 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
21:33:48.0673 4684 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
21:33:48.0673 4684 [ C5A99A4C0DC9F0F5A95BA0C83D30A549 ] C:\Windows\SysWOW64\mstask.dll
21:33:48.0673 4684 C:\Windows\SysWOW64\mstask.dll - ok
21:33:48.0689 4684 [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
21:33:48.0689 4684 C:\Windows\System32\fundisc.dll - ok
21:33:48.0689 4684 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
21:33:48.0689 4684 C:\Windows\System32\vsstrace.dll - ok
21:33:48.0705 4684 [ 8A1CBAE63FC06EDAEDCCE1B23E9C9267 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
21:33:48.0705 4684 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
21:33:48.0705 4684 [ C3C8D359D1FCB72941F75F8A302BFBDE ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
21:33:48.0705 4684 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll - ok
21:33:48.0720 4684 [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
21:33:48.0720 4684 C:\Windows\System32\winhttp.dll - ok
21:33:48.0720 4684 [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
21:33:48.0720 4684 C:\Windows\System32\webio.dll - ok
21:33:48.0736 4684 [ BCEA9AB347E53BC03B2E36BE0B8BA0EF ] C:\Windows\System32\httpapi.dll
21:33:48.0736 4684 C:\Windows\System32\httpapi.dll - ok
21:33:48.0736 4684 [ 31D59387099070963EAD4CE14C5B5F04 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
21:33:48.0736 4684 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll - ok
21:33:48.0751 4684 [ 75BCC4043512E41D83C8F224B168039C ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
21:33:48.0751 4684 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
21:33:48.0751 4684 [ 6D6596E046CA6A61DE250AD3A281A1AF ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
21:33:48.0751 4684 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll - ok
21:33:48.0767 4684 [ 30B94A855F4C86212F98BB184A30CA96 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll
21:33:48.0767 4684 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll - ok
21:33:48.0767 4684 [ A1699068F9A2187B8D8A8C02EAE6548E ] C:\Program Files (x86)\HP\HPLaserJetService\HPTools.dll
21:33:48.0767 4684 C:\Program Files (x86)\HP\HPLaserJetService\HPTools.dll - ok
21:33:48.0783 4684 [ 43104328E99680FCF282E71CC45CB5D2 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
21:33:48.0783 4684 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll - ok
21:33:48.0783 4684 [ 54A47F6B5E09A77E61649109C6A08866 ] C:\Windows\SysWOW64\svchost.exe
21:33:48.0783 4684 C:\Windows\SysWOW64\svchost.exe - ok
21:33:48.0798 4684 [ 2334DC48997BA203B794DF3EE70521DB ] C:\Windows\System32\HPZinw12.dll
21:33:48.0798 4684 C:\Windows\System32\HPZinw12.dll - ok
21:33:48.0798 4684 [ FCD84C381E0140AF901E58D48882D26B ] C:\Windows\System32\IKEEXT.DLL
21:33:48.0798 4684 C:\Windows\System32\IKEEXT.DLL - ok
21:33:48.0814 4684 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:33:48.0814 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll - ok
21:33:48.0814 4684 [ E36112A8A6C7F840169A7E92C12F4203 ] C:\Windows\System32\wsock32.dll
21:33:48.0814 4684 C:\Windows\System32\wsock32.dll - ok
21:33:48.0830 4684 [ FF39FA39B7865AAC6EDCC185C63D7D14 ] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
21:33:48.0830 4684 C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe - ok
21:33:48.0830 4684 [ 4909501F53DA2EB6603848944C45F524 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddcmn.dll
21:33:48.0830 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddcmn.dll - ok
21:33:48.0845 4684 [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\SysWOW64\winspool.drv
21:33:48.0845 4684 C:\Windows\SysWOW64\winspool.drv - ok
21:33:48.0861 4684 [ 77B5035BC6EDF4D1B6265391AECEE4C0 ] C:\Windows\System32\vpnikeapi.dll
21:33:48.0861 4684 C:\Windows\System32\vpnikeapi.dll - ok
21:33:48.0861 4684 [ DB001FAEA818AE2E14A74E0ADC530FC0 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcp90.dll
21:33:48.0861 4684 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcp90.dll - ok
21:33:48.0876 4684 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
21:33:48.0876 4684 C:\Windows\SysWOW64\cryptsp.dll - ok
21:33:48.0876 4684 [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\SysWOW64\RpcRtRemote.dll
21:33:48.0876 4684 C:\Windows\SysWOW64\RpcRtRemote.dll - ok
21:33:48.0892 4684 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
21:33:48.0892 4684 C:\Windows\SysWOW64\rsaenh.dll - ok
21:33:48.0892 4684 [ BE7BA3EB130E0E7298B780C6399D566D ] C:\Program Files (x86)\NVIDIA Corporation\nTune\MFC71.DLL
21:33:48.0892 4684 C:\Program Files (x86)\NVIDIA Corporation\nTune\MFC71.DLL - ok
21:33:48.0908 4684 [ 7221E380FB8BFCF0160B9D4E704E7E77 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
21:33:48.0908 4684 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll - ok
21:33:48.0908 4684 [ A0617B5753E31126AD29C03154F4F329 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
21:33:48.0908 4684 C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok
21:33:48.0923 4684 [ 05CF8BA70CF293D05E1A1A58E3BC34CE ] C:\Program Files (x86)\NVIDIA Corporation\nTune\msvcr71.dll
21:33:48.0923 4684 C:\Program Files (x86)\NVIDIA Corporation\nTune\msvcr71.dll - ok
21:33:48.0939 4684 [ 36FC586A09EF67AB19F5937AA2467815 ] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneServiceENU.dll
21:33:48.0939 4684 C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneServiceENU.dll - ok
21:33:48.0939 4684 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
21:33:48.0939 4684 C:\Windows\System32\drivers\PEAuth.sys - ok
21:33:48.0955 4684 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] C:\Windows\System32\HPZipm12.dll
21:33:48.0955 4684 C:\Windows\System32\HPZipm12.dll - ok
21:33:48.0970 4684 [ A1DD33D16F277CE34124EE52AB2C0F14 ] C:\Windows\SysWOW64\PnkBstrA.exe
21:33:48.0970 4684 C:\Windows\SysWOW64\PnkBstrA.exe - ok
21:33:48.0970 4684 [ 04369E006E33436906A7756E5147308E ] C:\Program Files (x86)\NVIDIA Corporation\nTune\nvsulib.dll
21:33:48.0970 4684 C:\Program Files (x86)\NVIDIA Corporation\nTune\nvsulib.dll - ok
21:33:48.0986 4684 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
21:33:48.0986 4684 C:\Windows\System32\netman.dll - ok
21:33:48.0986 4684 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
21:33:48.0986 4684 C:\Windows\System32\aepic.dll - ok
21:33:49.0001 4684 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
21:33:49.0001 4684 C:\Windows\System32\sfc.dll - ok
21:33:49.0001 4684 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
21:33:49.0001 4684 C:\Windows\System32\sfc_os.dll - ok
21:33:49.0017 4684 [ 8AD77806D336673F270DB31645267293 ] C:\Windows\System32\nlasvc.dll
21:33:49.0017 4684 C:\Windows\System32\nlasvc.dll - ok
21:33:49.0033 4684 [ D4FAC263861BAE06971C7F7D0A8EBF15 ] C:\Windows\System32\ncsi.dll
21:33:49.0033 4684 C:\Windows\System32\ncsi.dll - ok
21:33:49.0033 4684 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
21:33:49.0033 4684 C:\Windows\System32\ssdpapi.dll - ok
21:33:49.0033 4684 [ D3438A41E02BA2079BA14125DF358BFE ] C:\Windows\System32\PuranDefragS.exe
21:33:49.0033 4684 C:\Windows\System32\PuranDefragS.exe - ok
21:33:49.0048 4684 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
21:33:49.0048 4684 C:\Windows\System32\drivers\secdrv.sys - ok
21:33:49.0048 4684 [ BC617A4E1B4FA8DF523A061739A0BD87 ] C:\Windows\System32\seclogon.dll
21:33:49.0048 4684 C:\Windows\System32\seclogon.dll - ok
21:33:49.0064 4684 [ 27E461F0BE5BFF5FC737328F749538C3 ] C:\Windows\System32\drivers\srvnet.sys
21:33:49.0064 4684 C:\Windows\System32\drivers\srvnet.sys - ok
21:33:49.0064 4684 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] C:\Windows\System32\sysmain.dll
21:33:49.0064 4684 C:\Windows\System32\sysmain.dll - ok
21:33:49.0080 4684 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] C:\Windows\System32\wiaservc.dll
21:33:49.0080 4684 C:\Windows\System32\wiaservc.dll - ok
21:33:49.0080 4684 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] C:\Windows\System32\drivers\tcpipreg.sys
21:33:49.0080 4684 C:\Windows\System32\drivers\tcpipreg.sys - ok
21:33:49.0095 4684 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] C:\Windows\System32\tapisrv.dll
21:33:49.0095 4684 C:\Windows\System32\tapisrv.dll - ok
21:33:49.0095 4684 [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5 ] C:\Windows\System32\wiatrace.dll
21:33:49.0095 4684 C:\Windows\System32\wiatrace.dll - ok
21:33:49.0111 4684 [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
21:33:49.0111 4684 C:\Windows\System32\trkwks.dll - ok
21:33:49.0111 4684 [ 96C716FA972C256C28DFD1E1FA9779A8 ] C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
21:33:49.0111 4684 C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe - ok
21:33:49.0126 4684 [ CF042EC094FB559E33972FC04BD69800 ] C:\Program Files (x86)\NVIDIA Corporation\System Update\msvcp71.dll
21:33:49.0126 4684 C:\Program Files (x86)\NVIDIA Corporation\System Update\msvcp71.dll - ok
21:33:49.0126 4684 [ 3AC5F04724D2597E67DC15F1A2987CF5 ] C:\Program Files (x86)\NVIDIA Corporation\System Update\msvcr71.dll
21:33:49.0126 4684 C:\Program Files (x86)\NVIDIA Corporation\System Update\msvcr71.dll - ok
21:33:49.0142 4684 [ 7E1DE956B21BB6AB34F8C1383ABFF4CC ] C:\Program Files (x86)\NVIDIA Corporation\System Update\MFC71.DLL
21:33:49.0142 4684 C:\Program Files (x86)\NVIDIA Corporation\System Update\MFC71.DLL - ok
21:33:49.0142 4684 [ 4341CD39634552F291E7FAB44E112AEB ] C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterServiceENU.dll
21:33:49.0142 4684 C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterServiceENU.dll - ok
21:33:49.0158 4684 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] C:\Windows\System32\drivers\srv2.sys
21:33:49.0158 4684 C:\Windows\System32\drivers\srv2.sys - ok
21:33:49.0158 4684 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
21:33:49.0158 4684 C:\Windows\System32\wbem\WMIsvc.dll - ok
21:33:49.0173 4684 [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
21:33:49.0173 4684 C:\Windows\System32\wbemcomn.dll - ok
21:33:49.0173 4684 [ EE867A0870FC9E4972BA9EAAD35651E2 ] C:\Windows\System32\rasmans.dll
21:33:49.0173 4684 C:\Windows\System32\rasmans.dll - ok
21:33:49.0189 4684 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] C:\Windows\System32\drivers\srv.sys
21:33:49.0189 4684 C:\Windows\System32\drivers\srv.sys - ok
21:33:49.0189 4684 [ 08C2957BB30058E663720C5606885653 ] C:\Windows\System32\iphlpsvc.dll
21:33:49.0189 4684 C:\Windows\System32\iphlpsvc.dll - ok
21:33:49.0205 4684 [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
21:33:49.0205 4684 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
21:33:49.0205 4684 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
21:33:49.0205 4684 C:\Windows\System32\wbem\fastprox.dll - ok
21:33:49.0220 4684 [ 27B9E163740A226B65E4B9E186117911 ] C:\Windows\System32\sqmapi.dll
21:33:49.0220 4684 C:\Windows\System32\sqmapi.dll - ok
21:33:49.0220 4684 [ 44C96B48112EB24AE7764EBF1C527000 ] C:\Windows\System32\rastapi.dll
21:33:49.0220 4684 C:\Windows\System32\rastapi.dll - ok
21:33:49.0236 4684 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
21:33:49.0236 4684 C:\Windows\System32\ntdsapi.dll - ok
21:33:49.0236 4684 [ FAFAE01E889DC9C05A6CA2138CFC220B ] C:\Windows\System32\tapi32.dll
21:33:49.0236 4684 C:\Windows\System32\tapi32.dll - ok
21:33:49.0251 4684 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
21:33:49.0251 4684 C:\Windows\System32\wbem\wbemprox.dll - ok
21:33:49.0251 4684 [ D9F42719019740BAA6D1C6D536CBDAA6 ] C:\Windows\System32\srvsvc.dll
21:33:49.0251 4684 C:\Windows\System32\srvsvc.dll - ok
21:33:49.0267 4684 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
21:33:49.0267 4684 C:\Windows\System32\wbem\WinMgmtR.dll - ok
21:33:49.0267 4684 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] C:\Windows\System32\browser.dll
21:33:49.0267 4684 C:\Windows\System32\browser.dll - ok
21:33:49.0283 4684 [ 81749E073AC5857B044A686B406E5244 ] C:\Windows\System32\clusapi.dll
21:33:49.0283 4684 C:\Windows\System32\clusapi.dll - ok
21:33:49.0283 4684 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
21:33:49.0283 4684 C:\Windows\System32\netmsg.dll - ok
21:33:49.0298 4684 [ FF80CAD87555E8E4D2CFD7B9058343F8 ] C:\Windows\System32\sscore.dll
21:33:49.0298 4684 C:\Windows\System32\sscore.dll - ok
21:33:49.0298 4684 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
21:33:49.0298 4684 C:\Windows\System32\resutils.dll - ok
21:33:49.0314 4684 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
21:33:49.0314 4684 C:\Windows\System32\hnetcfg.dll - ok
21:33:49.0314 4684 [ D2A0FFA75AB181B19B5EB93BB29C7686 ] C:\Windows\System32\unimdm.tsp
21:33:49.0314 4684 C:\Windows\System32\unimdm.tsp - ok
21:33:49.0314 4684 [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
21:33:49.0314 4684 C:\Windows\System32\wbem\wbemcore.dll - ok
21:33:49.0330 4684 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
21:33:49.0330 4684 C:\Windows\System32\aeevts.dll - ok
21:33:49.0330 4684 [ 94B7DF336815B47236724019FAB24B7C ] C:\Windows\System32\uniplat.dll
21:33:49.0330 4684 C:\Windows\System32\uniplat.dll - ok
21:33:49.0345 4684 [ 41326DD08ACC0CDC5F8177AF96C066E8 ] C:\Windows\System32\kmddsp.tsp
21:33:49.0345 4684 C:\Windows\System32\kmddsp.tsp - ok
21:33:49.0345 4684 [ 1D6BC2769DA66C1145F4DA5A65F52E61 ] C:\Windows\System32\ndptsp.tsp
21:33:49.0345 4684 C:\Windows\System32\ndptsp.tsp - ok
21:33:49.0361 4684 [ 7C1BAE7D23D4874FEE256A2B9C00E019 ] C:\Windows\System32\hidphone.tsp
21:33:49.0361 4684 C:\Windows\System32\hidphone.tsp - ok
21:33:49.0361 4684 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
21:33:49.0361 4684 C:\Windows\System32\wbem\esscli.dll - ok
21:33:49.0376 4684 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
21:33:49.0376 4684 C:\Windows\System32\wbem\wbemsvc.dll - ok
21:33:49.0376 4684 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
21:33:49.0376 4684 C:\Windows\System32\wbem\wmiutils.dll - ok
21:33:49.0392 4684 [ A717A35120DBAB5AB707AB40662AF9DD ] C:\Windows\System32\rasppp.dll
21:33:49.0392 4684 C:\Windows\System32\rasppp.dll - ok
21:33:49.0392 4684 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
21:33:49.0392 4684 C:\Windows\System32\wbem\repdrvfs.dll - ok
21:33:49.0408 4684 [ 0FE5CD5F9C9248F42D1EF56E495B182E ] C:\Windows\System32\vpnike.dll
21:33:49.0408 4684 C:\Windows\System32\vpnike.dll - ok
21:33:49.0408 4684 [ 6A84E68B538B8B04608BF2F0D426CE6F ] C:\Windows\System32\raschap.dll
21:33:49.0408 4684 C:\Windows\System32\raschap.dll - ok
21:33:49.0423 4684 [ B95F6501A2F8B2E78C697FEC401970CE ] C:\Windows\System32\ipnathlp.dll
21:33:49.0423 4684 C:\Windows\System32\ipnathlp.dll - ok
21:33:49.0423 4684 [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
21:33:49.0423 4684 C:\Windows\System32\mprapi.dll - ok
21:33:49.0439 4684 [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
21:33:49.0439 4684 C:\Windows\System32\netshell.dll - ok
21:33:49.0439 4684 [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
21:33:49.0439 4684 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
21:33:49.0455 4684 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
21:33:49.0455 4684 C:\Windows\System32\ncobjapi.dll - ok
21:33:49.0455 4684 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
21:33:49.0455 4684 C:\Windows\System32\wbem\wbemess.dll - ok
21:33:49.0470 4684 [ 3D7D2E825C63FF501E896CF008C70D75 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
21:33:49.0470 4684 C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe - ok
21:33:49.0470 4684 [ C1B5307377C98F87E0152C44E9FF8DEE ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
21:33:49.0470 4684 C:\Windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll - ok
21:33:49.0470 4684 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
21:33:49.0470 4684 C:\Windows\SysWOW64\psapi.dll - ok
21:33:49.0486 4684 [ 24FCC3CDAE327F632CB8696E1E40F772 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
21:33:49.0486 4684 C:\Windows\Microsoft.NET\Framework\v2.0.50727\alink.dll - ok
21:33:49.0486 4684 [ F9D908DE6B166DAC9B89BF62FA291CE8 ] C:\Program Files\Bonjour\mdnsNSP.dll
21:33:49.0486 4684 C:\Program Files\Bonjour\mdnsNSP.dll - ok
21:33:49.0501 4684 [ E955300DF949977878C705EC8681009A ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
21:33:49.0501 4684 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll - ok
21:33:49.0501 4684 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
21:33:49.0501 4684 C:\Windows\System32\rasadhlp.dll - ok
21:33:49.0517 4684 [ 45CFBFA8EDC3DF4E2B7FB0D0260FE051 ] C:\Windows\System32\localspl.dll
21:33:49.0517 4684 C:\Windows\System32\localspl.dll - ok
21:33:49.0517 4684 [ 12A0531ADED17176D6B0CBFE8F9B4326 ] C:\Windows\System32\cpwmon64.dll
21:33:49.0517 4684 C:\Windows\System32\cpwmon64.dll - ok
21:33:49.0533 4684 [ C5AC93CF3BA30D367FB49148A2B673B9 ] C:\Windows\System32\PrintIsolationProxy.dll
21:33:49.0533 4684 C:\Windows\System32\PrintIsolationProxy.dll - ok
21:33:49.0533 4684 [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
21:33:49.0533 4684 C:\Windows\System32\spoolss.dll - ok
21:33:49.0548 4684 [ ED797D8DC2C92401985D162E42FFA450 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
21:33:49.0548 4684 C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe - ok
21:33:49.0548 4684 [ 058592F982B2FF22A7BE1733C1915699 ] C:\Windows\System32\HPTcpMon.dll
21:33:49.0548 4684 C:\Windows\System32\HPTcpMon.dll - ok
21:33:49.0564 4684 [ A8F7A64BF6A714A21FB73E5827AF5AA2 ] C:\Windows\System32\HPTcpMUI.dll
21:33:49.0564 4684 C:\Windows\System32\HPTcpMUI.dll - ok
21:33:49.0564 4684 [ CDA5E19B214C8578752D2853B206A114 ] C:\Windows\System32\HpTcpMib.dll
21:33:49.0564 4684 C:\Windows\System32\HpTcpMib.dll - ok
21:33:49.0564 4684 [ EAE1BC3F0A324751E87A3FE32BCF4A08 ] C:\Windows\System32\hpzjrd01.dll
21:33:49.0564 4684 C:\Windows\System32\hpzjrd01.dll - ok
21:33:49.0580 4684 [ EFEC3847B47CC9357D5C33BBAB59B7EB ] C:\Windows\System32\mgmtapi.dll
21:33:49.0580 4684 C:\Windows\System32\mgmtapi.dll - ok
21:33:49.0580 4684 [ 19E41CCCEE697CC9465396B370929792 ] C:\Windows\System32\FXSMON.dll
21:33:49.0580 4684 C:\Windows\System32\FXSMON.dll - ok
21:33:49.0595 4684 [ 62A0ED06E9FF55EEF51B27EC4839EE0B ] C:\Windows\System32\hpz3lw71.dll
21:33:49.0595 4684 C:\Windows\System32\hpz3lw71.dll - ok
21:33:49.0595 4684 [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
21:33:49.0595 4684 C:\Windows\System32\snmpapi.dll - ok
21:33:49.0611 4684 [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
21:33:49.0611 4684 C:\Windows\System32\tcpmon.dll - ok
21:33:49.0611 4684 [ FFF9D00CF16397C64317F213484F94BD ] C:\Windows\System32\wsnmp32.dll
21:33:49.0611 4684 C:\Windows\System32\wsnmp32.dll - ok
21:33:49.0626 4684 [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
21:33:49.0626 4684 C:\Windows\System32\usbmon.dll - ok
21:33:49.0626 4684 [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
21:33:49.0626 4684 C:\Windows\System32\WSDMon.dll - ok
21:33:49.0642 4684 [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
21:33:49.0642 4684 C:\Windows\System32\fdPnp.dll - ok
21:33:49.0642 4684 [ 1D626FE2E13C1CE49CA0136CFF214E93 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
21:33:49.0642 4684 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
21:33:49.0658 4684 [ 2DC3340D4AC340C9E67430F0D4B14502 ] C:\Windows\System32\spool\prtprocs\x64\hpcpp113.DLL
21:33:49.0658 4684 C:\Windows\System32\spool\prtprocs\x64\hpcpp113.DLL - ok
21:33:49.0658 4684 [ 6FB9BE56891EA4E85B4C9BDD4E9AFA69 ] C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll
21:33:49.0658 4684 C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll - ok
21:33:49.0673 4684 [ 548CB980D7876E207CC9F8B60C1587A3 ] C:\Windows\System32\win32spl.dll
21:33:49.0673 4684 C:\Windows\System32\win32spl.dll - ok
21:33:49.0673 4684 [ 507D5567A0A4EE86C4B0CE2CE1777025 ] C:\Windows\System32\inetpp.dll
21:33:49.0673 4684 C:\Windows\System32\inetpp.dll - ok
21:33:49.0673 4684 [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
21:33:49.0673 4684 C:\Windows\System32\NapiNSP.dll - ok
21:33:49.0689 4684 [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
21:33:49.0689 4684 C:\Windows\System32\pnrpnsp.dll - ok
21:33:49.0689 4684 [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
21:33:49.0689 4684 C:\Windows\System32\winrnr.dll - ok
21:33:49.0705 4684 [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\SysWOW64\NapiNSP.dll
21:33:49.0705 4684 C:\Windows\SysWOW64\NapiNSP.dll - ok
21:33:49.0705 4684 [ 0BA65122FFA7E37564EE86422DBF7AE8 ] C:\Windows\SysWOW64\nlaapi.dll
21:33:49.0705 4684 C:\Windows\SysWOW64\nlaapi.dll - ok
21:33:49.0720 4684 [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\SysWOW64\pnrpnsp.dll
21:33:49.0720 4684 C:\Windows\SysWOW64\pnrpnsp.dll - ok
21:33:49.0720 4684 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
21:33:49.0720 4684 C:\Windows\SysWOW64\wship6.dll - ok
21:33:49.0736 4684 [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll
21:33:49.0736 4684 C:\Windows\SysWOW64\dnsapi.dll - ok
21:33:49.0736 4684 [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files (x86)\Bonjour\mdnsNSP.dll
21:33:49.0736 4684 C:\Program Files (x86)\Bonjour\mdnsNSP.dll - ok
21:33:49.0751 4684 [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\SysWOW64\winrnr.dll
21:33:49.0751 4684 C:\Windows\SysWOW64\winrnr.dll - ok
21:33:49.0751 4684 [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\SysWOW64\FWPUCLNT.DLL
21:33:49.0751 4684 C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
21:33:49.0751 4684 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
21:33:49.0751 4684 C:\Windows\SysWOW64\rasadhlp.dll - ok
21:33:49.0767 4684 [ 56D25FA4606340E6F3F779BF7876180E ] C:\Program Files (x86)\HP\HPLaserJetService\HPServiceCommunicator.dll
21:33:49.0767 4684 C:\Program Files (x86)\HP\HPLaserJetService\HPServiceCommunicator.dll - ok
21:33:49.0767 4684 [ 78B476DB024D3245E1E159E50DBB305F ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
21:33:49.0767 4684 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll - ok
21:33:49.0783 4684 [ 79E90A8067069F9323BA8FA4CAE56C65 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
21:33:49.0783 4684 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll - ok
21:33:49.0783 4684 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
21:33:49.0783 4684 C:\Windows\System32\npmproxy.dll - ok
21:33:49.0798 4684 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:33:49.0798 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll - ok
21:33:49.0798 4684 [ F37882F128EFACEFE353E0BAE2766909 ] C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
21:33:49.0798 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL - ok
21:33:49.0814 4684 [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\SysWOW64\shfolder.dll
21:33:49.0814 4684 C:\Windows\SysWOW64\shfolder.dll - ok
21:33:49.0814 4684 [ BD9EB3958F213F96B97B1D897DEE006D ] C:\Windows\System32\hidserv.dll
21:33:49.0814 4684 C:\Windows\System32\hidserv.dll - ok
21:33:49.0830 4684 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
21:33:49.0830 4684 C:\Windows\System32\wdi.dll - ok
21:33:49.0830 4684 [ 93221146D4EBBF314C29B23CD6CC391D ] C:\Windows\System32\wpdbusenum.dll
21:33:49.0830 4684 C:\Windows\System32\wpdbusenum.dll - ok
21:33:49.0845 4684 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] C:\Windows\System32\appinfo.dll
21:33:49.0845 4684 C:\Windows\System32\appinfo.dll - ok
21:33:49.0845 4684 [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\SysWOW64\sxs.dll
21:33:49.0845 4684 C:\Windows\SysWOW64\sxs.dll - ok
21:33:49.0861 4684 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
21:33:49.0861 4684 C:\Windows\System32\Apphlpdm.dll - ok
21:33:49.0861 4684 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
21:33:49.0861 4684 C:\Windows\System32\wer.dll - ok
21:33:49.0861 4684 [ 4449D23E8F197862F1B16F1E6C89C36C ] C:\Windows\System32\diagperf.dll
21:33:49.0861 4684 C:\Windows\System32\diagperf.dll - ok
21:33:49.0876 4684 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
21:33:49.0876 4684 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
21:33:49.0876 4684 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
21:33:49.0876 4684 C:\Windows\System32\pnpts.dll - ok
21:33:49.0892 4684 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
21:33:49.0892 4684 C:\Windows\System32\radardt.dll - ok
21:33:49.0892 4684 [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
21:33:49.0892 4684 C:\Windows\System32\dimsjob.dll - ok
21:33:49.0908 4684 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
21:33:49.0908 4684 C:\Windows\System32\FXSRESM.dll - ok
21:33:49.0908 4684 [ E3FC59AF1CE57FEB743C3A71EBA9BE14 ] C:\Program Files (x86)\HP\HPLaserJetService\HPHTTPProxy.dll
21:33:49.0908 4684 C:\Program Files (x86)\HP\HPLaserJetService\HPHTTPProxy.dll - ok
21:33:49.0923 4684 [ E811F8510B133E70CF6E509FB809824F ] C:\Windows\System32\wdiasqmmodule.dll
21:33:49.0923 4684 C:\Windows\System32\wdiasqmmodule.dll - ok
21:33:49.0923 4684 [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll
21:33:49.0923 4684 C:\Windows\System32\pautoenr.dll - ok
21:33:49.0939 4684 [ 0959A93EFA7A9F6B21E4FF120EABDB04 ] C:\Program Files (x86)\HP\HPLaserJetService\LEDMXMLObjects.dll
21:33:49.0939 4684 C:\Program Files (x86)\HP\HPLaserJetService\LEDMXMLObjects.dll - ok
21:33:49.0939 4684 [ 94DFBB481BF51158B216E23C5C1C9D6E ] C:\Windows\System32\certcli.dll
21:33:49.0939 4684 C:\Windows\System32\certcli.dll - ok
21:33:49.0955 4684 [ 91D6F0AB79AA36FFB932157865206F35 ] C:\Windows\System32\drivers\UMDF\WpdFs.dll
21:33:49.0955 4684 C:\Windows\System32\drivers\UMDF\WpdFs.dll - ok
21:33:49.0955 4684 [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
21:33:49.0955 4684 C:\Windows\System32\runonce.exe - ok
21:33:49.0970 4684 [ 9864D52F15AD32094A636C6B5281D9E7 ] C:\Windows\System32\WMVCORE.DLL
21:33:49.0970 4684 C:\Windows\System32\WMVCORE.DLL - ok
21:33:49.0970 4684 [ 263B26106606A010CF877472B535E4BB ] C:\Windows\System32\CertEnroll.dll
21:33:49.0970 4684 C:\Windows\System32\CertEnroll.dll - ok
21:33:49.0970 4684 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
21:33:49.0970 4684 C:\Windows\SysWOW64\runonce.exe - ok
21:33:49.0986 4684 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
21:33:49.0986 4684 C:\Windows\SysWOW64\uxtheme.dll - ok
21:33:49.0986 4684 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\SysWOW64\propsys.dll
21:33:49.0986 4684 C:\Windows\SysWOW64\propsys.dll - ok
21:33:50.0001 4684 [ AACC48FE239F0DF126DA2F28930A5B83 ] C:\Windows\System32\WMASF.DLL
21:33:50.0001 4684 C:\Windows\System32\WMASF.DLL - ok
21:33:50.0001 4684 [ F93674263F6B07C77956E966953242D9 ] C:\Windows\SysWOW64\secur32.dll
21:33:50.0001 4684 C:\Windows\SysWOW64\secur32.dll - ok
21:33:50.0017 4684 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\SysWOW64\cmd.exe
21:33:50.0017 4684 C:\Windows\SysWOW64\cmd.exe - ok
21:33:50.0017 4684 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
21:33:50.0017 4684 C:\Windows\System32\perftrack.dll - ok
21:33:50.0033 4684 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
21:33:50.0033 4684 C:\Windows\SysWOW64\winbrand.dll - ok
21:33:50.0033 4684 [ 5466DCAEF5A648E04D1B6580F2C901B5 ] C:\Windows\SysWOW64\ieframe.dll
21:33:50.0033 4684 C:\Windows\SysWOW64\ieframe.dll - ok
21:33:50.0048 4684 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
21:33:50.0048 4684 C:\Windows\System32\aelupsvc.dll - ok
21:33:50.0048 4684 [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\SysWOW64\oleacc.dll
21:33:50.0048 4684 C:\Windows\SysWOW64\oleacc.dll - ok
21:33:50.0064 4684 [ BE247AE996A9FDE007A27B51413A6C79 ] C:\Windows\SysWOW64\shdocvw.dll
21:33:50.0064 4684 C:\Windows\SysWOW64\shdocvw.dll - ok
21:33:50.0064 4684 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\George\AppData\Local\Temp\CB872D49-4B40-4BE1-9566-E5E48D7A77A3.exe
21:33:50.0064 4684 C:\Users\George\AppData\Local\Temp\CB872D49-4B40-4BE1-9566-E5E48D7A77A3.exe - ok
21:33:50.0080 4684 [ 591FE0A6CEB19BF886CEB1331F591940 ] C:\Windows\SysWOW64\ncrypt.dll
21:33:50.0080 4684 C:\Windows\SysWOW64\ncrypt.dll - ok
21:33:50.0080 4684 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
21:33:50.0080 4684 C:\Windows\SysWOW64\bcrypt.dll - ok
21:33:50.0095 4684 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
21:33:50.0095 4684 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
21:33:50.0095 4684 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
21:33:50.0095 4684 C:\Windows\SysWOW64\gpapi.dll - ok
21:33:50.0111 4684 [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\SysWOW64\cryptnet.dll
21:33:50.0111 4684 C:\Windows\SysWOW64\cryptnet.dll - ok
21:33:50.0126 4684 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
21:33:50.0126 4684 C:\Windows\SysWOW64\SensApi.dll - ok
21:33:50.0126 4684 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
21:33:50.0126 4684 C:\Windows\SysWOW64\dwmapi.dll - ok
21:33:50.0142 4684 [ 1DB71A41DAEE6B3F8CD0DDA8209FA2D5 ] C:\Windows\SysWOW64\WindowsCodecs.dll
21:33:50.0142 4684 C:\Windows\SysWOW64\WindowsCodecs.dll - ok
21:33:50.0142 4684 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
21:33:50.0142 4684 C:\Windows\SysWOW64\EhStorShell.dll - ok
21:33:50.0158 4684 [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\SysWOW64\ntshrui.dll
21:33:50.0158 4684 C:\Windows\SysWOW64\ntshrui.dll - ok
21:33:50.0158 4684 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
21:33:50.0158 4684 C:\Windows\SysWOW64\slc.dll - ok
21:33:50.0173 4684 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
21:33:50.0173 4684 C:\Windows\SysWOW64\imageres.dll - ok
21:33:50.0173 4684 [ 245739AE97D38DCB48AB4DDFF6D50EA7 ] C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
21:33:50.0173 4684 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe - ok
21:33:50.0189 4684 [ E1DEB2FE778C591D731F1C3112D789EF ] C:\Program Files\NVIDIA Corporation\NvUpdate\NvUpdt.dll
21:33:50.0189 4684 C:\Program Files\NVIDIA Corporation\NvUpdate\NvUpdt.dll - ok
21:33:50.0189 4684 [ 8D32DBFAAFC5DB800117F80765E12155 ] C:\Program Files\NVIDIA Corporation\NvUpdate\NvUpdtr.dll
21:33:50.0189 4684 C:\Program Files\NVIDIA Corporation\NvUpdate\NvUpdtr.dll - ok
21:33:50.0205 4684 [ 00D1A316B9AE9EED43581D63B3E5F415 ] C:\Windows\System32\easyupdatusapiu64.dll
21:33:50.0205 4684 C:\Windows\System32\easyupdatusapiu64.dll - ok
21:33:50.0205 4684 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
21:33:50.0205 4684 C:\Windows\SysWOW64\sfc.dll - ok
21:33:50.0220 4684 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
21:33:50.0220 4684 C:\Windows\SysWOW64\sfc_os.dll - ok
21:33:50.0220 4684 [ 162D247E995EAEBF3EF4289069E1111C ] C:\Windows\SysWOW64\devrtl.dll
21:33:50.0220 4684 C:\Windows\SysWOW64\devrtl.dll - ok
21:33:50.0236 4684 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
21:33:50.0236 4684 C:\Windows\SysWOW64\mpr.dll - ok
21:33:50.0236 4684 [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll
21:33:50.0236 4684 C:\Windows\SysWOW64\winhttp.dll - ok
21:33:50.0251 4684 [ B519848DFA30AE2B306576B51321D102 ] C:\Windows\System32\ie4uinit.exe
21:33:50.0251 4684 C:\Windows\System32\ie4uinit.exe - ok
21:33:50.0251 4684 [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll
21:33:50.0251 4684 C:\Windows\SysWOW64\webio.dll - ok
21:33:50.0267 4684 [ C3E98C42EDF7EF237A4BAB91FEAC7426 ] C:\Windows\System32\iedkcs32.dll
21:33:50.0267 4684 C:\Windows\System32\iedkcs32.dll - ok
21:33:50.0283 4684 [ FB10715E4099AF9FA389C71873245226 ] C:\Windows\System32\timedate.cpl
21:33:50.0283 4684 C:\Windows\System32\timedate.cpl - ok
21:33:50.0298 4684 [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll
21:33:50.0298 4684 C:\Windows\System32\actxprxy.dll - ok
21:33:50.0314 4684 [ C4F40F6CACD796A8E16671D0E9A2F319 ] C:\Windows\System32\shdocvw.dll
21:33:50.0314 4684 C:\Windows\System32\shdocvw.dll - ok
21:33:50.0330 4684 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
21:33:50.0330 4684 C:\Windows\System32\linkinfo.dll - ok
21:33:50.0330 4684 [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
21:33:50.0330 4684 C:\Windows\System32\msiltcfg.dll - ok
21:33:50.0345 4684 [ 5EB6E9C8BE1ACC5830780E0F9A846255 ] C:\Windows\System32\msi.dll
21:33:50.0345 4684 C:\Windows\System32\msi.dll - ok
21:33:50.0345 4684 [ 3504B34CD2DE00BA3CC1A195F1B739BD ] C:\Windows\System32\gameux.dll
21:33:50.0345 4684 C:\Windows\System32\gameux.dll - ok
21:33:50.0361 4684 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
21:33:50.0361 4684 C:\Windows\SysWOW64\credssp.dll - ok
21:33:50.0361 4684 [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
21:33:50.0361 4684 C:\Windows\System32\msftedit.dll - ok
21:33:50.0376 4684 [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
21:33:50.0376 4684 C:\Windows\System32\msls31.dll - ok
21:33:50.0376 4684 [ 4FDA635475F67582522E61AF21A672E6 ] C:\Windows\SOUNDMAN.EXE
21:33:50.0376 4684 C:\Windows\SOUNDMAN.EXE - ok
21:33:50.0392 4684 [ 398C4A44274EBB9C9C64CCDD0C36A256 ] C:\Program Files\Puran Defrag\PuranADT.exe
21:33:50.0392 4684 C:\Program Files\Puran Defrag\PuranADT.exe - ok
21:33:50.0408 4684 [ 63DF770DF74ACB370EF5A16727069AAF ] C:\Windows\SysWOW64\hid.dll
21:33:50.0408 4684 C:\Windows\SysWOW64\hid.dll - ok
21:33:50.0408 4684 [ 4A23A433A291EC152591BB1214D97775 ] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
21:33:50.0408 4684 C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe - ok
21:33:50.0423 4684 [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
21:33:50.0423 4684 C:\Windows\System32\thumbcache.dll - ok
21:33:50.0439 4684 [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
21:33:50.0439 4684 C:\Windows\System32\networkexplorer.dll - ok
21:33:50.0439 4684 [ 4FDFB030EB058C09BC93B8F5CD73BD0B ] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
21:33:50.0439 4684 C:\Program Files\Saitek\SD6\Software\ProfilerU.exe - ok
21:33:50.0455 4684 [ DC220AE6F64819099F7EBD6F137E32E7 ] C:\Windows\System32\AudioSes.dll
21:33:50.0455 4684 C:\Windows\System32\AudioSes.dll - ok
21:33:50.0455 4684 [ 6E42D6759EF29A36BA321823494CCB35 ] C:\Windows\System32\dinput8.dll
21:33:50.0455 4684 C:\Windows\System32\dinput8.dll - ok
21:33:50.0470 4684 [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
21:33:50.0470 4684 C:\Windows\System32\DeviceCenter.dll - ok
21:33:50.0486 4684 [ 597794660ED23331B3A46E979B007504 ] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
21:33:50.0486 4684 C:\Program Files\Saitek\SD6\Software\SaiMfd.exe - ok
21:33:50.0486 4684 [ 0DC6669BC2B552C0ECC905B6B761F508 ] C:\Program Files\Microsoft Security Client\msseces.exe
21:33:50.0486 4684 C:\Program Files\Microsoft Security Client\msseces.exe - ok
21:33:50.0501 4684 [ B54921381A950C8215FB363B485C432B ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
21:33:50.0501 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe - ok
21:33:50.0501 4684 [ ADC791328EA38BA2E3EEC817C95A7D35 ] C:\Users\George\AppData\Roaming\Dropbox\bin\Dropbox.exe
21:33:50.0501 4684 C:\Users\George\AppData\Roaming\Dropbox\bin\Dropbox.exe - ok
21:33:50.0517 4684 [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv
21:33:50.0517 4684 C:\Windows\System32\wdmaud.drv - ok
21:33:50.0517 4684 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
21:33:50.0517 4684 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
21:33:50.0533 4684 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
21:33:50.0533 4684 C:\Windows\System32\ksuser.dll - ok
21:33:50.0548 4684 [ 0B2D65FDDE31069299AA6330F359FF9C ] C:\Windows\System32\msxml3.dll
21:33:50.0548 4684 C:\Windows\System32\msxml3.dll - ok
21:33:50.0548 4684 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Users\George\AppData\Roaming\Dropbox\bin\msvcr71.dll
21:33:50.0548 4684 C:\Users\George\AppData\Roaming\Dropbox\bin\msvcr71.dll - ok
21:33:50.0564 4684 [ DC5B5D3A1BF59A74ECA9C2EBB34574BE ] C:\Program Files\Microsoft Security Client\MsMpRes.dll
21:33:50.0564 4684 C:\Program Files\Microsoft Security Client\MsMpRes.dll - ok
21:33:50.0580 4684 [ 4DD4098B8DEAF4ECCE7EE7CD3F38CB25 ] C:\Program Files\Saitek\SD6\Software\Resources\18D74164-8B1D-4DDD-B9CE-28239D1C8DC9.dll
21:33:50.0580 4684 C:\Program Files\Saitek\SD6\Software\Resources\18D74164-8B1D-4DDD-B9CE-28239D1C8DC9.dll - ok
21:33:50.0580 4684 [ B63E5C7807334A3A8F731062F15462CC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
21:33:50.0580 4684 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
21:33:50.0595 4684 [ 72860972F8196EBB3C896F53D2B95470 ] C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
21:33:50.0595 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe - ok
21:33:50.0595 4684 [ C637FC4638A96165256B28D38DE7B953 ] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
21:33:50.0595 4684 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe - ok
21:33:50.0611 4684 [ 0408F0E5C0411B11B9502D957BCE15E1 ] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
21:33:50.0611 4684 C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe - ok
21:33:50.0611 4684 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\49158193.sys
21:33:50.0611 4684 C:\Windows\System32\drivers\49158193.sys - ok
21:33:50.0626 4684 [ 82CC8F77E9EC61C6B4D48DD4D5CA78E7 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
21:33:50.0626 4684 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
21:33:50.0626 4684 [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\SysWOW64\comdlg32.dll
21:33:50.0626 4684 C:\Windows\SysWOW64\comdlg32.dll - ok
21:33:50.0642 4684 [ 1F5AFD468EB5E09E9ED75A087529EAB5 ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll
21:33:50.0642 4684 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll - ok
21:33:50.0658 4684 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Microsoft Security Client\sqmapi.dll
21:33:50.0658 4684 C:\Program Files\Microsoft Security Client\sqmapi.dll - ok
21:33:50.0658 4684 [ 4DC5F19536A95BD2C6FC088321B4BD4C ] C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
21:33:50.0658 4684 C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe - ok
21:33:50.0673 4684 [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
21:33:50.0673 4684 C:\Windows\System32\midimap.dll - ok
21:33:50.0689 4684 [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
21:33:50.0689 4684 C:\Windows\System32\msacm32.dll - ok
21:33:50.0689 4684 [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
21:33:50.0689 4684 C:\Windows\System32\msacm32.drv - ok
21:33:50.0705 4684 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
21:33:50.0705 4684 C:\Windows\System32\SensApi.dll - ok
21:33:50.0720 4684 [ 916A2C4EB028604783FD5EA169236C1D ] C:\Program Files (x86)\QuickTime\QTTask.exe
21:33:50.0720 4684 C:\Program Files (x86)\QuickTime\QTTask.exe - ok
21:33:50.0720 4684 [ 12916E0642E92561C98B18A2A2D01B14 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
21:33:50.0720 4684 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe - ok
21:33:50.0736 4684 [ 6E9E439517D89EDC9A6CB1E94489620A ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
21:33:50.0736 4684 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll - ok
21:33:50.0736 4684 [ 28A09777D2D952122567A8A82F1A2C7B ] C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll
21:33:50.0736 4684 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll - ok
21:33:50.0751 4684 [ C1648084C395152FBFA1B333D92056BC ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
21:33:50.0751 4684 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe - ok
21:33:50.0767 4684 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
21:33:50.0767 4684 C:\Windows\SysWOW64\riched20.dll - ok
21:33:50.0767 4684 [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
21:33:50.0767 4684 C:\Windows\System32\AudioEng.dll - ok
21:33:50.0783 4684 [ 2E483EC51216B52C711C7EC642798BB7 ] C:\Windows\System32\sti.dll
21:33:50.0783 4684 C:\Windows\System32\sti.dll - ok
21:33:50.0783 4684 [ 4AFFDCAADCB1DBBFFAF06C7F82E7F6FC ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
21:33:50.0783 4684 C:\Program Files (x86)\iTunes\iTunesHelper.exe - ok
21:33:50.0798 4684 [ 8EA53101FF2B15BDFF934B62A8FB326D ] C:\Windows\SysWOW64\logoncli.dll
21:33:50.0798 4684 C:\Windows\SysWOW64\logoncli.dll - ok
21:33:50.0814 4684 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\SysWOW64\ntdsapi.dll
21:33:50.0814 4684 C:\Windows\SysWOW64\ntdsapi.dll - ok
21:33:50.0814 4684 [ 4F6E72B34ED3DC53DCC5E8708E60B61F ] C:\Windows\SysWOW64\security.dll
21:33:50.0814 4684 C:\Windows\SysWOW64\security.dll - ok
21:33:50.0830 4684 [ 5CEDF292F4573A1F36CC7DE598ECCFC7 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
21:33:50.0830 4684 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
21:33:50.0845 4684 [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
21:33:50.0845 4684 C:\Windows\System32\AUDIOKSE.dll - ok
21:33:50.0861 4684 [ 7B845BFE314509D08AB5865CB141E332 ] C:\Program Files (x86)\iTunes\iTunesHelper.dll
21:33:50.0861 4684 C:\Program Files (x86)\iTunes\iTunesHelper.dll - ok
21:33:50.0861 4684 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
21:33:50.0861 4684 C:\Windows\SysWOW64\msimg32.dll - ok
21:33:50.0876 4684 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
21:33:50.0876 4684 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
21:33:50.0892 4684 [ F2A24E4AEC0F8D5DBAB10CB87A8EFED2 ] C:\Windows\SysWOW64\sti.dll
21:33:50.0892 4684 C:\Windows\SysWOW64\sti.dll - ok
21:33:50.0908 4684 [ A7146C0C90D7BA0F251AC073E655D4D2 ] C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.dll
21:33:50.0908 4684 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok
21:33:50.0908 4684 [ 9DEE004269DADEE715BD572410AA6076 ] C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
21:33:50.0908 4684 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok
21:33:50.0923 4684 [ 2A72853494912BB034AF7AC1C86EC04E ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
21:33:50.0923 4684 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll - ok
21:33:50.0939 4684 [ 3C6FA2F4D58611579B21798E0568F548 ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
21:33:50.0939 4684 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe - ok
21:33:50.0955 4684 [ B087F2B901570F6EF62F6C2E01A480F3 ] C:\Windows\SysWOW64\wiatrace.dll
21:33:50.0955 4684 C:\Windows\SysWOW64\wiatrace.dll - ok
21:33:50.0955 4684 [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\SysWOW64\winsta.dll
21:33:50.0955 4684 C:\Windows\SysWOW64\winsta.dll - ok
21:33:50.0970 4684 [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
21:33:50.0970 4684 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok
21:33:50.0986 4684 [ F1278B3514EA6FA9BC39B20D26139AAC ] C:\Windows\SysWOW64\msiltcfg.dll
21:33:50.0986 4684 C:\Windows\SysWOW64\msiltcfg.dll - ok
21:33:50.0986 4684 [ E6B41597405B5BE4BBA61810F9287AFB ] C:\Windows\System32\RtkAPO64.dll
21:33:50.0986 4684 C:\Windows\System32\RtkAPO64.dll - ok
21:33:51.0001 4684 [ 4E2BFC88C6E482EA9483E6FBAC3EB52E ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpquio08.dll
21:33:51.0001 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpquio08.dll - ok
21:33:51.0001 4684 [ 0CAF25ACC9C2E8C5A5682EBDCFD01708 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc
21:33:51.0001 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc - ok
21:33:51.0017 4684 [ C23C087CEBABB8B5CD6EB8DBA08EB7F7 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtao08.dll
21:33:51.0017 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtao08.dll - ok
21:33:51.0017 4684 [ 6F3C559B82F2912354BE5B098744CC8C ] C:\Windows\System32\WMALFXGFXDSP.dll
21:33:51.0017 4684 C:\Windows\System32\WMALFXGFXDSP.dll - ok
21:33:51.0033 4684 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
21:33:51.0033 4684 C:\Windows\SysWOW64\duser.dll - ok
21:33:51.0033 4684 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
21:33:51.0033 4684 C:\Windows\SysWOW64\dui70.dll - ok
21:33:51.0048 4684 [ AC6A3801F3CDE7EB41B3F52E9B0A1C2B ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
21:33:51.0048 4684 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll - ok
21:33:51.0048 4684 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Users\George\AppData\Roaming\Dropbox\bin\msvcp71.dll
21:33:51.0048 4684 C:\Users\George\AppData\Roaming\Dropbox\bin\msvcp71.dll - ok
21:33:51.0064 4684 [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll
21:33:51.0064 4684 C:\Windows\System32\mfplat.dll - ok
21:33:51.0064 4684 [ C2B0B427A7DA2B81AB8B33E150F459A3 ] C:\Program Files (x86)\HP\StatusAlerts\bin\HPTools.dll
21:33:51.0064 4684 C:\Program Files (x86)\HP\StatusAlerts\bin\HPTools.dll - ok
21:33:51.0080 4684 [ 4129A1B0131D7F4C0632AF272222E05F ] C:\Program Files (x86)\HP\StatusAlerts\bin\AppConstants.dll
21:33:51.0080 4684 C:\Program Files (x86)\HP\StatusAlerts\bin\AppConstants.dll - ok
21:33:51.0080 4684 [ E83CF3E4F117C4A82DB4F0177061625D ] C:\Program Files (x86)\HP\StatusAlerts\bin\HPAppTools.dll
21:33:51.0080 4684 C:\Program Files (x86)\HP\StatusAlerts\bin\HPAppTools.dll - ok
21:33:51.0095 4684 [ 74C979C0248B1B6611F3A817BB136B12 ] C:\Program Files (x86)\HP\StatusAlerts\bin\HPToolkit.dll
21:33:51.0095 4684 C:\Program Files (x86)\HP\StatusAlerts\bin\HPToolkit.dll - ok
21:33:51.0095 4684 [ AB781C0E4C09E08F464081D17C0F6184 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
21:33:51.0095 4684 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok
21:33:51.0111 4684 [ 6E50CFA46527B39015B750AAD161C5CC ] C:\Program Files\iPod\bin\iPodService.exe
21:33:51.0111 4684 C:\Program Files\iPod\bin\iPodService.exe - ok
21:33:51.0111 4684 [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
21:33:51.0111 4684 C:\Windows\System32\stobject.dll - ok
21:33:51.0126 4684 [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
21:33:51.0126 4684 C:\Windows\System32\batmeter.dll - ok
21:33:51.0126 4684 [ 264ECECBEBA0FB7608B11A7DDA0822AB ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f2fb3f4856c403795db6db3f354f1f0b\System.Deployment.ni.dll
21:33:51.0126 4684 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f2fb3f4856c403795db6db3f354f1f0b\System.Deployment.ni.dll - ok
21:33:51.0142 4684 [ 8044B0D9959B03894973BBD805CA4F36 ] C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll
21:33:51.0142 4684 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll - ok
21:33:51.0158 4684 [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
21:33:51.0158 4684 C:\Windows\System32\prnfldr.dll - ok
21:33:51.0158 4684 [ 9AF2D062007C2C39BFC04679E13DC0C4 ] C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll
21:33:51.0158 4684 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll - ok
21:33:51.0173 4684 [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
21:33:51.0173 4684 C:\Windows\System32\DXP.dll - ok
21:33:51.0173 4684 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
21:33:51.0173 4684 C:\Windows\System32\Syncreg.dll - ok
21:33:51.0189 4684 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
21:33:51.0189 4684 C:\Windows\ehome\ehSSO.dll - ok
21:33:51.0189 4684 [ AE6C0EC96F26FDB2EB7B2B6BAF306CC7 ] C:\Program Files (x86)\HP\StatusAlerts\bin\HPServiceCommunicator.dll
21:33:51.0189 4684 C:\Program Files (x86)\HP\StatusAlerts\bin\HPServiceCommunicator.dll - ok
21:33:51.0205 4684 [ DD81D91FF3B0763C392422865C9AC12E ] C:\Windows\System32\rundll32.exe
21:33:51.0205 4684 C:\Windows\System32\rundll32.exe - ok
21:33:51.0205 4684 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
21:33:51.0205 4684 C:\Windows\System32\AltTab.dll - ok
21:33:51.0220 4684 [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
21:33:51.0220 4684 C:\Windows\System32\WPDShServiceObj.dll - ok
21:33:51.0220 4684 [ E0B340996A41C9A75DFA3B99BBA9C500 ] C:\Windows\System32\SearchIndexer.exe
21:33:51.0220 4684 C:\Windows\System32\SearchIndexer.exe - ok
21:33:51.0236 4684 [ 589DF683A6C81424A6CECE52ABF98A50 ] C:\Windows\System32\tquery.dll
21:33:51.0236 4684 C:\Windows\System32\tquery.dll - ok
21:33:51.0251 4684 [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
21:33:51.0251 4684 C:\Windows\System32\pnidui.dll - ok
21:33:51.0251 4684 [ 7568CC720ACE4D03B84AF97817E745EF ] C:\Windows\System32\mssrch.dll
21:33:51.0251 4684 C:\Windows\System32\mssrch.dll - ok
21:33:51.0267 4684 [ 3F50200237961034FACE602373838980 ] C:\Windows\SysWOW64\FirewallAPI.dll
21:33:51.0267 4684 C:\Windows\SysWOW64\FirewallAPI.dll - ok
21:33:51.0267 4684 [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
21:33:51.0267 4684 C:\Windows\System32\QUTIL.DLL - ok
21:33:51.0283 4684 [ 234AFA322624B3203A2E720F08292B03 ] C:\Windows\System32\cscobj.dll
21:33:51.0283 4684 C:\Windows\System32\cscobj.dll - ok
21:33:51.0283 4684 [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
21:33:51.0283 4684 C:\Windows\System32\srchadmin.dll - ok
21:33:51.0298 4684 [ 522B0466ED967A0762E9AF5B37D8F40A ] C:\Windows\System32\esent.dll
21:33:51.0298 4684 C:\Windows\System32\esent.dll - ok
21:33:51.0314 4684 [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
21:33:51.0314 4684 C:\Windows\System32\rasdlg.dll - ok
21:33:51.0314 4684 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
21:33:51.0314 4684 C:\Windows\System32\msidle.dll - ok
21:33:51.0330 4684 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
21:33:51.0330 4684 C:\Windows\System32\mssprxy.dll - ok
21:33:51.0345 4684 [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2 ] C:\Windows\System32\dot3api.dll
21:33:51.0345 4684 C:\Windows\System32\dot3api.dll - ok
21:33:51.0345 4684 [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
21:33:51.0345 4684 C:\Windows\System32\wlanhlp.dll - ok
21:33:51.0361 4684 [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
21:33:51.0361 4684 C:\Windows\System32\en-US\tquery.dll.mui - ok
21:33:51.0361 4684 [ 6699A112A3BDC9B52338512894EBA9D6 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
21:33:51.0361 4684 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
21:33:51.0376 4684 [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
21:33:51.0376 4684 C:\Windows\System32\WWanAPI.dll - ok
21:33:51.0376 4684 [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
21:33:51.0376 4684 C:\Windows\System32\wwapi.dll - ok
21:33:51.0376 4684 [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL
21:33:51.0376 4684 C:\Windows\System32\QAGENT.DLL - ok
21:33:51.0392 4684 [ 92DBF0A4C9239169010FC6E07859C82E ] C:\Windows\System32\ActionCenter.dll
21:33:51.0392 4684 C:\Windows\System32\ActionCenter.dll - ok
21:33:51.0392 4684 [ C7494C67A6BF6FE914808E42F8265FEF ] C:\Program Files\Windows Media Player\wmpnssci.dll
21:33:51.0392 4684 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
21:33:51.0408 4684 [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl
21:33:51.0408 4684 C:\Windows\System32\bthprops.cpl - ok
21:33:51.0408 4684 [ A9F3BFC9345F49614D5859EC95B9E994 ] C:\Program Files\Windows Media Player\wmpnetwk.exe
21:33:51.0408 4684 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
21:33:51.0423 4684 [ C71E7ABB1A34E56CE73AE117C8DD566F ] C:\Windows\System32\ieframe.dll
21:33:51.0423 4684 C:\Windows\System32\ieframe.dll - ok
21:33:51.0423 4684 [ 423982DD851406A52B6399DDB196C606 ] C:\Windows\System32\wmdrmdev.dll
21:33:51.0423 4684 C:\Windows\System32\wmdrmdev.dll - ok
21:33:51.0439 4684 [ 2C1055E2C6D42753241FB2A129136994 ] C:\Windows\System32\drmv2clt.dll
21:33:51.0439 4684 C:\Windows\System32\drmv2clt.dll - ok
21:33:51.0439 4684 [ D9E21CBF9E6A87847AFFD39EA3FA28EE ] C:\Windows\System32\SearchProtocolHost.exe
21:33:51.0439 4684 C:\Windows\System32\SearchProtocolHost.exe - ok
21:33:51.0455 4684 [ D2A5B2B09F2AF5ED13BF494508B09788 ] C:\Windows\System32\msshooks.dll
21:33:51.0455 4684 C:\Windows\System32\msshooks.dll - ok
21:33:51.0455 4684 [ 49A3AD5CE578CD77F445F3D244AEAB2D ] C:\Windows\System32\SearchFilterHost.exe
21:33:51.0455 4684 C:\Windows\System32\SearchFilterHost.exe - ok
21:33:51.0470 4684 [ A08C010D859F8EB42BDD7E1D55B8CA27 ] C:\Windows\System32\mscoree.dll
21:33:51.0470 4684 C:\Windows\System32\mscoree.dll - ok
21:33:51.0486 4684 [ AA794B099F776B37ACCDEAD00E0FBFC9 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
21:33:51.0486 4684 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
21:33:51.0486 4684 [ D7CEAEDD5F75D2C8A2E80887D7C114CE ] C:\Windows\System32\webcheck.dll
21:33:51.0486 4684 C:\Windows\System32\webcheck.dll - ok
21:33:51.0501 4684 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
21:33:51.0501 4684 C:\Windows\SysWOW64\dhcpcsvc.dll - ok
21:33:51.0501 4684 [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
21:33:51.0501 4684 C:\Windows\System32\mlang.dll - ok
21:33:51.0517 4684 [ 101797BA603D227946B4B5109867EB19 ] C:\Windows\System32\SyncCenter.dll
21:33:51.0517 4684 C:\Windows\System32\SyncCenter.dll - ok
21:33:51.0517 4684 [ 5DD2D09A0804CF1A9443F5A3D6FE01B0 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.dll
21:33:51.0517 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.dll - ok
21:33:51.0533 4684 [ D9225DB92D870038F1CB95B26408BBC7 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.rsc
21:33:51.0533 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.rsc - ok
21:33:51.0533 4684 [ 384EAA703F243B6D51798BA921B799EA ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotradd.dll
21:33:51.0533 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpotradd.dll - ok
21:33:51.0548 4684 [ 8130391F82D52D36C0441F714136957F ] C:\Windows\System32\imapi2.dll
21:33:51.0548 4684 C:\Windows\System32\imapi2.dll - ok
21:33:51.0548 4684 [ 3C69CE161C7007E9AD53A325492D446A ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqrif08.dll
21:33:51.0548 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqrif08.dll - ok
21:33:51.0564 4684 [ 1EB82516F21F27EED1833B4F9FD9614E ] C:\Windows\System32\wmp.dll
21:33:51.0564 4684 C:\Windows\System32\wmp.dll - ok
21:33:51.0564 4684 [ 97A891E2BF7FDA830BCFC6269DA3F5E9 ] C:\Windows\System32\blackbox.dll
21:33:51.0564 4684 C:\Windows\System32\blackbox.dll - ok
21:33:51.0580 4684 [ AF7038413C6506180FAE58B0194A2F23 ] C:\Program Files (x86)\HP\Digital Imaging\bin\HpqCPTA.dll
21:33:51.0580 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\HpqCPTA.dll - ok
21:33:51.0580 4684 [ 5746BD7E255DD6A8AFA06F7C42C1BA41 ] C:\Windows\System32\cmd.exe
21:33:51.0580 4684 C:\Windows\System32\cmd.exe - ok
21:33:51.0595 4684 [ 96DB78C9C50CEED9DA5050EFFEE272A2 ] C:\Windows\System32\upnp.dll
21:33:51.0595 4684 C:\Windows\System32\upnp.dll - ok
21:33:51.0595 4684 [ E19AD0D49BFF5938B3E374873AC174DE ] C:\Windows\System32\wmploc.DLL
21:33:51.0595 4684 C:\Windows\System32\wmploc.DLL - ok
21:33:51.0611 4684 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] C:\Windows\System32\ssdpsrv.dll
21:33:51.0611 4684 C:\Windows\System32\ssdpsrv.dll - ok
21:33:51.0611 4684 [ 48041BAEB60CE5F34F13CC2A1361E49C ] C:\Windows\System32\mssph.dll
21:33:51.0611 4684 C:\Windows\System32\mssph.dll - ok
21:33:51.0626 4684 [ 00E86A80CA56510D2C9F09E8C6CC25C6 ] C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRTA.dll
21:33:51.0626 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRTA.dll - ok
21:33:51.0626 4684 [ B0A41262968DD6FCE3933527892D4A24 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqmif08.dll
21:33:51.0626 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqmif08.dll - ok
21:33:51.0642 4684 [ 8F4BB0CFECED925D440ABC2481278360 ] C:\Windows\System32\mapi32.dll
21:33:51.0642 4684 C:\Windows\System32\mapi32.dll - ok
21:33:51.0642 4684 [ AC793CBA1A1BFA1DD1408FD0CA08C058 ] C:\Program Files (x86)\HP\StatusAlerts\bin\Alerts.dll
21:33:51.0642 4684 C:\Program Files (x86)\HP\StatusAlerts\bin\Alerts.dll - ok
21:33:51.0658 4684 [ 460DE0952FDD5849D5A021D61DF86C28 ] C:\Program Files (x86)\HP\StatusAlerts\bin\DMBaseObjects.dll
21:33:51.0658 4684 C:\Program Files (x86)\HP\StatusAlerts\bin\DMBaseObjects.dll - ok
21:33:51.0658 4684 [ 3D9D1D7AB6426EF8D1A9C9D263079DAB ] C:\Program Files (x86)\HP\StatusAlerts\bin\LEDMMapperObjects.dll
21:33:51.0658 4684 C:\Program Files (x86)\HP\StatusAlerts\bin\LEDMMapperObjects.dll - ok
21:33:51.0673 4684 [ E083D7D736BC0037C5753E8B748AB35D ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a67380b6387234a8a9032ccd5c3dbf4e\System.Runtime.Serialization.Formatters.Soap.ni.dll
21:33:51.0673 4684 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a67380b6387234a8a9032ccd5c3dbf4e\System.Runtime.Serialization.Formatters.Soap.ni.dll - ok
21:33:51.0673 4684 [ E5E697AB8431EE8144030F81F66D9853 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqxml2.dll
21:33:51.0673 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqxml2.dll - ok
21:33:51.0689 4684 [ 1CDEA9188899E76D4FFD54C9D512CCDB ] C:\Windows\SysWOW64\msxml3.dll
21:33:51.0689 4684 C:\Windows\SysWOW64\msxml3.dll - ok
21:33:51.0689 4684 [ 2424231BBD703A677D115C29983B4293 ] C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
21:33:51.0689 4684 C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL - ok
21:33:51.0705 4684 [ 6A5C1A8AC0B572679361026D0E900420 ] C:\Windows\System32\hgcpl.dll
21:33:51.0705 4684 C:\Windows\System32\hgcpl.dll - ok
21:33:51.0705 4684 [ 0438CAB2E03F4FB61455A7956026FE86 ] C:\Windows\System32\fdPHost.dll
21:33:51.0705 4684 C:\Windows\System32\fdPHost.dll - ok
21:33:51.0720 4684 [ 171D7DB433314A868507C4326E8209DC ] C:\Windows\System32\fdWSD.dll
21:33:51.0720 4684 C:\Windows\System32\fdWSD.dll - ok
21:33:51.0720 4684 [ 296D20653EF75DF04C40D6ACBCE3597C ] C:\Program Files (x86)\HP\StatusAlerts\bin\LEDMXMLObjects.dll
21:33:51.0720 4684 C:\Program Files (x86)\HP\StatusAlerts\bin\LEDMXMLObjects.dll - ok
21:33:51.0736 4684 [ A2E5B2D20954210DCE1A75A1FC8CC36D ] C:\Windows\System32\fdSSDP.dll
21:33:51.0736 4684 C:\Windows\System32\fdSSDP.dll - ok
21:33:51.0736 4684 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
21:33:51.0736 4684 C:\Windows\System32\FXSST.dll - ok
21:33:51.0751 4684 [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
21:33:51.0751 4684 C:\Windows\System32\FXSAPI.dll - ok
21:33:51.0751 4684 [ 2A436796758BF2555A26C770FE8A6FEE ] C:\Windows\System32\fdProxy.dll
21:33:51.0751 4684 C:\Windows\System32\fdProxy.dll - ok
21:33:51.0767 4684 [ C1D0691BE5DDB0C230D8370BD96BBE8B ] C:\Program Files\Internet Explorer\ieproxy.dll
21:33:51.0767 4684 C:\Program Files\Internet Explorer\ieproxy.dll - ok
21:33:51.0767 4684 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
21:33:51.0767 4684 C:\Windows\System32\FXSSVC.exe - ok
21:33:51.0767 4684 [ 355A138ABDFD43FBABCAE3A1B06AB93D ] C:\Windows\System32\wmpps.dll
21:33:51.0767 4684 C:\Windows\System32\wmpps.dll - ok
21:33:51.0783 4684 [ FF2B106909EED48C536DA04742C0324A ] C:\Windows\System32\Query.dll
21:33:51.0783 4684 C:\Windows\System32\Query.dll - ok
21:33:51.0783 4684 [ F149E8CAE538DBF7059B00326673F602 ] C:\Windows\System32\wmpmde.dll
21:33:51.0783 4684 C:\Windows\System32\wmpmde.dll - ok
21:33:51.0798 4684 [ 2D64E8AB4E9EEE20FF5B8E359AF4299C ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpocxi08.dll
21:33:51.0798 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpocxi08.dll - ok
21:33:51.0798 4684 [ EFDFB3DD38A4376F93E7985173813ABD ] C:\Windows\System32\ListSvc.dll
21:33:51.0798 4684 C:\Windows\System32\ListSvc.dll - ok
21:33:51.0814 4684 [ B6411CED931AFD059E48C52DBFBA95B4 ] C:\Windows\System32\P2P.dll
21:33:51.0814 4684 C:\Windows\System32\P2P.dll - ok
21:33:51.0830 4684 [ 4A82EA2807B16FF577AEAF8ADB8779FF ] C:\Windows\System32\IdListen.dll
21:33:51.0830 4684 C:\Windows\System32\IdListen.dll - ok
21:33:51.0830 4684 [ 021287C2050FD5DB4A8B084E2C38139C ] C:\Windows\System32\WinSATAPI.dll
21:33:51.0830 4684 C:\Windows\System32\WinSATAPI.dll - ok
21:33:51.0845 4684 [ A76EF1E73D914B1B6997A9A552DE9115 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcob08.dll
21:33:51.0845 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcob08.dll - ok
21:33:51.0861 4684 [ A0524499F4C63CADA7E1529FC77F5DC1 ] C:\Windows\System32\hgprint.dll
21:33:51.0861 4684 C:\Windows\System32\hgprint.dll - ok
21:33:51.0861 4684 [ B79515AFF098E5A56DFBD316152534DE ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
21:33:51.0861 4684 C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL - ok
21:33:51.0861 4684 [ 3EAC4455472CC2C97107B5291E0DCAFE ] C:\Windows\System32\pnrpsvc.dll
21:33:51.0861 4684 C:\Windows\System32\pnrpsvc.dll - ok
21:33:51.0876 4684 [ 8BC7F8F0B7AE856D910B3FDD895EC50E ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll
21:33:51.0876 4684 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll - ok
21:33:51.0876 4684 [ 28A7D7C7E2FDD1D55F12F750CD6331EC ] C:\Windows\System32\MSMPEG2ENC.DLL
21:33:51.0876 4684 C:\Windows\System32\MSMPEG2ENC.DLL - ok
21:33:51.0892 4684 [ 36624D0BE8C39899A908E81591F45EA1 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpodio08.dll
21:33:51.0892 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpodio08.dll - ok
21:33:51.0892 4684 [ 46767946E7B559D981C1DC04EC0AB36F ] C:\Windows\System32\devenum.dll
21:33:51.0892 4684 C:\Windows\System32\devenum.dll - ok
21:33:51.0908 4684 [ 558C42D165DB5799B4072DC0A9C27C0B ] C:\Windows\System32\msdmo.dll
21:33:51.0908 4684 C:\Windows\System32\msdmo.dll - ok
21:33:51.0908 4684 [ 927463ECB02179F88E4B9A17568C63C3 ] C:\Windows\System32\p2psvc.dll
21:33:51.0908 4684 C:\Windows\System32\p2psvc.dll - ok
21:33:51.0923 4684 [ 3AEE02CEDAA3ACD14F9D7E038E44D6D1 ] C:\Windows\System32\P2PGraph.dll
21:33:51.0923 4684 C:\Windows\System32\P2PGraph.dll - ok
21:33:51.0923 4684 [ D47EC6A8E81633DD18D2436B19BAF6DE ] C:\Windows\System32\upnphost.dll
21:33:51.0923 4684 C:\Windows\System32\upnphost.dll - ok
21:33:51.0939 4684 [ F16EEA6CCA9D8A7D1193AE80E43FBBC7 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
21:33:51.0939 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe - ok
21:33:51.0939 4684 [ 6D74290856347CF8682277A54B433D4B ] C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
21:33:51.0939 4684 C:\Users\George\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll - ok
21:33:51.0955 4684 [ 64ECA1F64E4A988A6C5C93F3E5D66236 ] C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_bdf22a22ab9e15d5\ATL90.dll
21:33:51.0955 4684 C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_bdf22a22ab9e15d5\ATL90.dll - ok
21:33:51.0955 4684 [ 619A67C9F617B7E69315BB28ECD5E1DF ] C:\Windows\System32\wbem\WmiPrvSE.exe
21:33:51.0955 4684 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
21:33:51.0970 4684 [ 07AD88DF9EF73215458867EFC1BFFE9E ] C:\Windows\System32\wbem\wmiprov.dll
21:33:51.0970 4684 C:\Windows\System32\wbem\wmiprov.dll - ok
21:33:51.0970 4684 [ 8A9FACCB684500829F7D0BCC67B386CC ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
21:33:51.0970 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe - ok
21:33:51.0986 4684 [ 80950EC856F2E9DBA3B888ECB7151578 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwso08.dll
21:33:51.0986 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwso08.dll - ok
21:33:51.0986 4684 [ 1CD5C2DFD2A5BF6DA720386679F3C449 ] C:\Windows\SysWOW64\HPZipr12.dll
21:33:51.0986 4684 C:\Windows\SysWOW64\HPZipr12.dll - ok
21:33:52.0001 4684 [ DFC3912556BD5F8B782104E7EB4A6FCE ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsti08.dll
21:33:52.0001 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsti08.dll - ok
21:33:52.0001 4684 [ 347A39B69AC03B8F56D8807B989F5CA8 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpb01.dll
21:33:52.0001 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpb01.dll - ok
21:33:52.0017 4684 [ 883008A9B5BFF94A153D99DBA54CB5C1 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
21:33:52.0017 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe - ok
21:33:52.0017 4684 [ B9030D821E099C79DE1C9125B790E2DA ] C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b81d038aaf540e86\mfc90u.dll
21:33:52.0017 4684 C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b81d038aaf540e86\mfc90u.dll - ok
21:33:52.0033 4684 [ 2229324CE0374811CA64A19EE62F130B ] C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ENU.DLL
21:33:52.0033 4684 C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ENU.DLL - ok
21:33:52.0033 4684 [ 517F9E33B92FDD34DF41C1A5C533EAA2 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.dll
21:33:52.0033 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.dll - ok
21:33:52.0048 4684 [ 5E440AC7EF716581730FB26A0CFEE777 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.rsc
21:33:52.0048 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.rsc - ok
21:33:52.0048 4684 [ 2C9A49F4A54FD09DF13F1847EA2AEDAD ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddusr.dll
21:33:52.0048 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddusr.dll - ok
21:33:52.0064 4684 [ 40B28FBD1E4DEF0910E2AC3EAE4D43CF ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
21:33:52.0064 4684 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll - ok
21:33:52.0080 4684 [ 5610B0425518D185331CB8E968D060E6 ] C:\Windows\SysWOW64\wbem\wmiutils.dll
21:33:52.0080 4684 C:\Windows\SysWOW64\wbem\wmiutils.dll - ok
21:33:52.0080 4684 [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\SysWOW64\wbemcomn.dll
21:33:52.0080 4684 C:\Windows\SysWOW64\wbemcomn.dll - ok
21:33:52.0095 4684 [ 972DCC74D4CDCB64086E7CFACBDB74CB ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
21:33:52.0095 4684 C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll - ok
21:33:52.0095 4684 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\SysWOW64\wbem\wbemprox.dll
21:33:52.0095 4684 C:\Windows\SysWOW64\wbem\wbemprox.dll - ok
21:33:52.0111 4684 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\SysWOW64\wbem\wbemsvc.dll
21:33:52.0111 4684 C:\Windows\SysWOW64\wbem\wbemsvc.dll - ok
21:33:52.0111 4684 [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A ] C:\Windows\SysWOW64\wbem\fastprox.dll
21:33:52.0111 4684 C:\Windows\SysWOW64\wbem\fastprox.dll - ok
21:33:52.0126 4684 [ 6607C2182C6A53ED983813AFE2F85768 ] C:\Windows\System32\wbem\cimwin32.dll
21:33:52.0126 4684 C:\Windows\System32\wbem\cimwin32.dll - ok
21:33:52.0126 4684 [ 71E68F2443A80BD4DA89181889C457EA ] C:\Windows\System32\udhisapi.dll
21:33:52.0126 4684 C:\Windows\System32\udhisapi.dll - ok
21:33:52.0126 4684 [ 1484B9EBF567346582DE571B0E164AE0 ] C:\Windows\System32\framedynos.dll
21:33:52.0126 4684 C:\Windows\System32\framedynos.dll - ok
21:33:52.0142 4684 [ 5F639198C4137075DA50E61C23963C11 ] C:\Windows\System32\drprov.dll
21:33:52.0142 4684 C:\Windows\System32\drprov.dll - ok
21:33:52.0142 4684 [ B3A33600DCDFB84D7FBE09ADEB1C9B8A ] C:\Windows\System32\davclnt.dll
21:33:52.0142 4684 C:\Windows\System32\davclnt.dll - ok
21:33:52.0158 4684 [ BC566D17914B07ABAAB3A5A385CC3300 ] C:\Windows\System32\ntlanman.dll
21:33:52.0158 4684 C:\Windows\System32\ntlanman.dll - ok
21:33:52.0173 4684 [ 45B24A357C801CE62052FE0CDC8BD4D2 ] C:\Windows\System32\davhlpr.dll
21:33:52.0173 4684 C:\Windows\System32\davhlpr.dll - ok
21:33:52.0173 4684 [ 742FB09AA1D034184D9518048F90E7E4 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsem08.rsc
21:33:52.0173 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsem08.rsc - ok
21:33:52.0189 4684 [ F174BE5B944B674FAC0776CB49339AFA ] C:\Program Files (x86)\HP\StatusAlerts\bin\NativeUtils.dll
21:33:52.0189 4684 C:\Program Files (x86)\HP\StatusAlerts\bin\NativeUtils.dll - ok
21:33:52.0189 4684 [ 68CE18072E9CDFE63DD2E083868C7433 ] C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
21:33:52.0189 4684 C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - ok
21:33:52.0205 4684 [ 1897BD995EFE2AA93C87B7BAD50F0791 ] C:\Windows\System32\spool\drivers\x64\3\mxdwdrv.dll
21:33:52.0205 4684 C:\Windows\System32\spool\drivers\x64\3\mxdwdrv.dll - ok
21:33:52.0205 4684 [ CBBAF06C2AC8882D239C8DC5BFA197FD ] C:\Program Files (x86)\HP\Digital Imaging\Product Assistant\bin\hprbevst.dll
21:33:52.0205 4684 C:\Program Files (x86)\HP\Digital Imaging\Product Assistant\bin\hprbevst.dll - ok
21:33:52.0220 4684 [ 5AC3CB53406CB9AABB25D46B3385528F ] C:\Windows\System32\spool\drivers\x64\3\unidrvui.dll
21:33:52.0220 4684 C:\Windows\System32\spool\drivers\x64\3\unidrvui.dll - ok
21:33:52.0220 4684 [ CC190B07E357BCD40C2AFB57B9A67B7F ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpreh.dll
21:33:52.0220 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpreh.dll - ok
21:33:52.0236 4684 [ 02DAB5998E18C2EA4D1BD57AB57C3B94 ] C:\Windows\System32\spool\drivers\x64\3\mxdwdui.dll
21:33:52.0236 4684 C:\Windows\System32\spool\drivers\x64\3\mxdwdui.dll - ok
21:33:52.0236 4684 [ A6189F9CBE3D0CCF546CFCF1238533A1 ] C:\Windows\System32\spool\drivers\x64\3\UNIRES.DLL
21:33:52.0236 4684 C:\Windows\System32\spool\drivers\x64\3\UNIRES.DLL - ok
21:33:52.0251 4684 [ ADE2BCD1FDE5C9669FCE1F4541AB46DD ] C:\Windows\System32\spool\drivers\x64\3\UNIDRV.DLL
21:33:52.0251 4684 C:\Windows\System32\spool\drivers\x64\3\UNIDRV.DLL - ok
21:33:52.0251 4684 [ B6D0EB60B3F01A0B5554894784651190 ] C:\Windows\System32\spool\drivers\x64\3\HPZUIW71.DLL
21:33:52.0251 4684 C:\Windows\System32\spool\drivers\x64\3\HPZUIW71.DLL - ok
21:33:52.0267 4684 [ 22F020C76E339EB2B2187BA73A7E4173 ] C:\Windows\System32\PrintIsolationHost.exe
21:33:52.0267 4684 C:\Windows\System32\PrintIsolationHost.exe - ok
21:33:52.0267 4684 [ 87834A6086B86B63A6844C6719228FF1 ] C:\Windows\System32\spool\drivers\x64\3\HPZSTW71.DLL
21:33:52.0267 4684 C:\Windows\System32\spool\drivers\x64\3\HPZSTW71.DLL - ok
21:33:52.0283 4684 [ 292EB727B24785D00B594ECE33F87CC0 ] C:\Windows\System32\spool\drivers\x64\3\hpmdp113.dll
21:33:52.0283 4684 C:\Windows\System32\spool\drivers\x64\3\hpmdp113.dll - ok
21:33:52.0283 4684 [ 1A6736F75829F18F3C47803FD45122E6 ] C:\Windows\System32\spool\drivers\x64\3\hpcui113.DLL
21:33:52.0283 4684 C:\Windows\System32\spool\drivers\x64\3\hpcui113.DLL - ok
21:33:52.0298 4684 [ CDA59C183B3DB8CF35380836ADD74AAD ] C:\Windows\System32\compstui.dll
21:33:52.0298 4684 C:\Windows\System32\compstui.dll - ok
21:33:52.0314 4684 [ 17D3AB295E1680A257774F4426C53EDE ] C:\Windows\System32\spool\drivers\x64\3\hpcst113.DLL
21:33:52.0314 4684 C:\Windows\System32\spool\drivers\x64\3\hpcst113.DLL - ok
21:33:52.0314 4684 [ A65FE5CD64D3ED79CE699ACC566A38DF ] C:\Windows\System32\spool\drivers\x64\3\FXSDRV.DLL
21:33:52.0314 4684 C:\Windows\System32\spool\drivers\x64\3\FXSDRV.DLL - ok
21:33:52.0330 4684 [ 8EA8FE2BF74844EF6574A3F0A89C54FF ] C:\Windows\System32\spool\drivers\x64\3\FXSUI.DLL
21:33:52.0330 4684 C:\Windows\System32\spool\drivers\x64\3\FXSUI.DLL - ok
21:33:52.0330 4684 [ C2BEBFB3E9695154452E1BE6621BC3FE ] C:\Windows\System32\spool\drivers\x64\3\FXSWZRD.DLL
21:33:52.0330 4684 C:\Windows\System32\spool\drivers\x64\3\FXSWZRD.DLL - ok
21:33:52.0345 4684 [ 43FA401CF9F3343F5B0CB800909506B5 ] C:\Windows\System32\spool\drivers\x64\3\FXSTIFF.DLL
21:33:52.0345 4684 C:\Windows\System32\spool\drivers\x64\3\FXSTIFF.DLL - ok
21:33:52.0345 4684 [ DC806FE054D4F0FAA0AD6455388FFAD2 ] C:\Windows\System32\spool\drivers\x64\3\FXSRES.DLL
21:33:52.0345 4684 C:\Windows\System32\spool\drivers\x64\3\FXSRES.DLL - ok
21:33:52.0361 4684 [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\spool\drivers\x64\3\FXSAPI.DLL
21:33:52.0361 4684 C:\Windows\System32\spool\drivers\x64\3\FXSAPI.DLL - ok
21:33:52.0361 4684 [ FB270D281F4929B9E0894AFC816C9DBE ] C:\Windows\System32\spool\drivers\x64\3\PSCRIPT5.DLL
21:33:52.0361 4684 C:\Windows\System32\spool\drivers\x64\3\PSCRIPT5.DLL - ok
21:33:52.0376 4684 [ 1EDE62E047F4BB3D0398EBA367C16484 ] C:\Windows\System32\spool\drivers\x64\3\PS5UI.DLL
21:33:52.0376 4684 C:\Windows\System32\spool\drivers\x64\3\PS5UI.DLL - ok
21:33:52.0376 4684 [ B4FEBBAC47297242F04EF7F14FE6DF99 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusg.dll
21:33:52.0376 4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusg.dll - ok
21:33:52.0392 4684 ============================================================
21:33:52.0392 4684 Scan finished
21:33:52.0392 4684 ============================================================
21:33:52.0408 4676 Detected object count: 10
21:33:52.0408 4676 Actual detected object count: 10
21:34:42.0321 4676 HP DS Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:42.0321 4676 HP DS Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:42.0321 4676 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:42.0321 4676 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:42.0321 4676 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:42.0321 4676 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:42.0321 4676 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:42.0321 4676 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:42.0321 4676 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:42.0321 4676 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:42.0321 4676 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:42.0321 4676 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:42.0321 4676 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:42.0321 4676 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:42.0336 4676 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:42.0336 4676 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:42.0336 4676 PuranDefrag ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:42.0336 4676 PuranDefrag ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:42.0336 4676 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:42.0336 4676 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:35:54.0814 3000 Deinitialize success

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-12 21:36:02
-----------------------------
21:36:02.973 OS Version: Windows x64 6.1.7601 Service Pack 1
21:36:02.973 Number of processors: 2 586 0x407
21:36:02.973 ComputerName: GPC1 UserName:
21:36:04.473 Initialize success
21:36:56.130 AVAST engine defs: 12121300
21:37:30.503 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
21:37:30.503 Disk 0 Vendor: ST350063 3.AA Size: 476940MB BusType: 8
21:37:30.519 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000005a
21:37:30.519 Disk 1 Vendor: ST350032 SD15 Size: 476940MB BusType: 8
21:37:30.535 Disk 0 MBR read successfully
21:37:30.535 Disk 0 MBR scan
21:37:30.550 Disk 0 Windows 7 default MBR code
21:37:30.566 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:37:30.613 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
21:37:30.660 Disk 0 scanning C:\Windows\system32\drivers
21:37:39.318 Service scanning
21:38:03.460 Modules scanning
21:38:03.460 Disk 0 trace - called modules:
21:38:03.476 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll nvstor.sys
21:38:03.492 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80054f7060]
21:38:03.492 3 CLASSPNP.SYS[fffff88001b9043f] -> nt!IofCallDriver -> \Device\00000059[0xfffffa80052bc1f0]
21:38:04.977 AVAST engine scan C:\Windows
21:38:08.558 AVAST engine scan C:\Windows\system32
21:42:14.571 AVAST engine scan C:\Windows\system32\drivers
21:42:26.638 AVAST engine scan C:\Users\George
21:46:25.005 AVAST engine scan C:\ProgramData
21:46:58.500 Scan finished successfully
21:48:00.211 Disk 0 MBR has been saved successfully to "C:\Users\George\Desktop\MBR.dat"
21:48:00.227 The log file has been saved successfully to "C:\Users\George\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:39 PM

Posted 12 December 2012 - 11:36 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Lumbajac24

Lumbajac24
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 13 December 2012 - 01:44 AM

Computer seems normal. Not sure if in the clear.

ComboFix 12-12-12.01 - George 12/13/2012 0:33.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2602 [GMT -6:00]
Running from: c:\users\George\Desktop\ComboFix.exe
Command switches used :: c:\users\George\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-13 to 2012-12-13 )))))))))))))))))))))))))))))))
.
.
2012-12-13 06:40 . 2012-12-13 06:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-13 06:40 . 2012-12-13 06:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-12 17:05 . 2012-11-28 16:35 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-12 03:42 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A8899B8-6622-4F09-89BE-72763440C31A}\mpengine.dll
2012-12-11 20:45 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-11 20:43 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-11 20:43 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-11-28 15:40 . 2012-11-28 15:39 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0281096-9C21-461A-83C0-6630CAEBE938}\gapaengine.dll
2012-11-16 10:17 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 10:17 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 10:17 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-16 10:17 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 10:05 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 10:05 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 10:05 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 10:05 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 10:05 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 10:05 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 10:05 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 07:34 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-16 07:34 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-16 07:34 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-16 07:34 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 16:34 . 2011-09-21 05:01 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 02:31 . 2012-07-29 23:06 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 02:31 . 2011-12-07 22:42 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-31 22:46 . 2012-10-31 22:46 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-10-16 08:38 . 2012-11-27 20:01 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 20:01 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 20:01 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-04 16:40 . 2012-12-11 20:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-02 22:58 . 2011-12-06 07:02 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-30 01:54 . 2012-01-22 16:10 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\George\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\George\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\George\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\George\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-16 479232]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"StatusAlerts"="c:\program files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" [2011-07-19 136760]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\George\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-24 26909544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 HP DS Service;HP DS Service;c:\program files (x86)\HP\HPBDSService\HPBDSService.exe [2010-10-27 13824]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-21 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2011-07-08 162816]
S2 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2011-02-15 290816]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
S3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys [2009-09-08 160264]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 02:31]
.
2012-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 21:47]
.
2012-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 21:47]
.
2012-12-12 c:\windows\Tasks\WebReg HP Photosmart C5200 series.job
- c:\program files (x86)\HP\Digital Imaging\bin\hpqwrg.exe [2009-05-22 02:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\George\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"PuranADT"="c:\program files\Puran Defrag\PuranADT.exe" [2011-02-15 474624]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [BU]
"SaiVolume"="c:\program files\Saitek\CyborgKeyboard\SaiVolume.exe" [2009-09-04 186880]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-09-04 357888]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-09-04 194560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 24.220.0.10 24.220.0.11
FF - ProfilePath - c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\hy39w7vz.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - ExtSQL: !HIDDEN! 2012-01-21 03:03; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-43799736.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-13 00:42:43
ComboFix-quarantined-files.txt 2012-12-13 06:42
ComboFix2.txt 2012-12-13 01:49
.
Pre-Run: 430,975,614,976 bytes free
Post-Run: 430,852,431,872 bytes free
.
- - End Of File - - 5D923A97400C1015BFDF2F68D1D3C1CF

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:39 PM

Posted 13 December 2012 - 08:29 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 3
Java™ 6 Update 30
JavaFX 2.1.1
ZoneAlarm Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Lumbajac24

Lumbajac24
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 13 December 2012 - 05:45 PM

Computer seems okay. Thanks for your help so far!!


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.13.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
George :: GPC1 [administrator]

12/13/2012 12:58:36 PM
mbam-log-2012-12-13 (12-58-36).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 361402
Time elapsed: 45 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:44:45 PM, on 12/13/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\SOUNDMAN.EXE
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\George\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\George\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (file missing)
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [StatusAlerts] "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-21-2148732690-2413601061-1691127966-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2148732690-2413601061-1691127966-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = George\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP DS Service - Hewlett-Packard Company - C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PuranDefrag - Unknown owner - C:\Windows\system32\PuranDefragS.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9974 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users