Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud-C.generic showing up when running Spybot, cannot be deleted


  • This topic is locked This topic is locked
22 replies to this topic

#1 Retcon

Retcon

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 12 December 2012 - 03:36 AM

So earlier today, my laptop restarted of its own accord for no particular reason. Thinking this odd, I ran spybot search & destroy which came up with Smitfraud-C.generic. When I tried removing it, it told me I needed administrator privilidges, which I do have. I right-clicked and ran as administrator. When I deleted smitfraud then it seemed to work, but I restarted my computer, reran Spybot and it was still there. So I then downloaded Malwarebytes, ran it and tried deleting and restarting and still no luck. My search for this issue led me here. "Help me bleeping computer, you're my only hope." Seriously though, any help you can provide me with would be much appreciated. Thank you for your time!

I've included the log from DDS below:


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2
Run by Joshua Barham at 0:03:48 on 2012-12-12
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4030.1272 [GMT -8:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\vcsFPService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [HP HD Webcam [Fixed]_Monitor] C:\Program Files (x86)\HP HD Webcam [Fixed]\monitor.exe
mRun: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
mRun: [HPQuickWebProxy] "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{DA9A8B42-BF5C-4BA8-89EE-7A23E47EDBC4} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{DA9A8B42-BF5C-4BA8-89EE-7A23E47EDBC4}\2375942554939333 : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: DeviceNP - DeviceNP.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = EpePcNp64 DPPassFilter scecli
x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MfeEpeOpal;MfeEpeOpal;C:\windows\System32\drivers\MfeEpeOpal.sys [2012-4-5 100808]
R0 MfeEpePc;MfeEpePc;C:\windows\System32\drivers\MfeEpePc.sys [2012-4-5 158920]
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1207020.003\symds64.sys [2012-8-10 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1207020.003\symefa64.sys [2012-8-10 912504]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111027.001\BHDrvx64.sys [2011-11-8 1155704]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111109.030\IDSviA64.sys [2011-11-10 488568]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1207020.003\ironx64.sys [2012-8-10 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1207020.003\symnets.sys [2012-8-10 386168]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-8-16 89600]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-1-6 138400]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-1-6 53920]
R2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-7-15 137272]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPDayStarterService;HP DayStarter Service;C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-1-28 133688]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]
R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-2-7 320000]
R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-6-20 523680]
R2 hpsrv;HP Service;C:\windows\System32\hpservice.exe [2012-2-28 31000]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-25 13336]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-4-5 1323008]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-8-10 130008]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-5-2 1128952]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-8-16 113264]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-10 1153368]
R2 uArcCapture;ArcCapture;C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe [2011-8-25 502464]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-25 2656280]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\windows\System32\vcsFPService.exe [2012-2-15 2602576]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;C:\windows\System32\drivers\ArcSoftVCapture.sys [2011-8-25 32192]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2011-1-6 28832]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-10 138360]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-8-15 317440]
R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2012-8-15 173656]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-5-2 406632]
R3 SPUVCbv;SPUVCb Driver Service;C:\windows\System32\drivers\SPUVCBv_x64.sys [2011-8-25 2611704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2011-3-7 62184]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2011-1-6 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2011-1-6 298144]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2011-1-6 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2011-1-6 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2011-1-6 154272]
S3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2011-1-6 279200]
S3 DAMDrv;DAMDrv;C:\windows\System32\drivers\DAMDrv64.sys [2011-2-7 63336]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2011-9-5 476728]
S3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-1-11 1255736]
.
=============== File Associations ===============
.
ShellExec: DigitalTheatre.exe: open="c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTStart.exe" "%1"
.
=============== Created Last 30 ================
.
2012-12-12 07:45:16 20480 ----a-w- C:\windows\svchost.exe
2012-12-12 07:38:57 -------- d-----w- C:\Users\Joshua Barham\AppData\Roaming\Malwarebytes
2012-12-12 07:38:42 -------- d-----w- C:\ProgramData\Malwarebytes
2012-12-12 07:38:41 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-12-12 07:38:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-12 06:34:57 95184 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-12 04:58:01 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\106D.tmp
2012-12-12 04:58:01 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\106C.tmp
2012-11-30 01:43:30 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2012-11-28 09:46:04 443008 ----a-w- C:\windows\System32\athihvs.dll
2012-11-28 09:45:14 -------- d-----w- C:\ProgramData\Qualcomm Atheros
2012-11-15 01:28:07 95744 ----a-w- C:\windows\System32\synceng.dll
2012-11-15 01:28:07 78336 ----a-w- C:\windows\SysWow64\synceng.dll
.
==================== Find3M ====================
.
2012-12-12 06:34:41 859072 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-12-12 06:34:41 779704 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-11-22 08:20:36 3147264 ----a-w- C:\windows\System32\win32k.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-11-09 05:34:27 2048 ----a-w- C:\windows\System32\tzres.dll
2012-11-09 04:49:37 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-11-05 16:25:51 46080 ----a-w- C:\windows\System32\atmlib.dll
2012-11-05 14:17:16 367616 ----a-w- C:\windows\System32\atmfd.dll
2012-11-05 14:03:21 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
2012-11-05 14:03:13 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2012-11-02 05:27:51 478208 ----a-w- C:\windows\System32\dpnet.dll
2012-11-02 04:48:28 376832 ----a-w- C:\windows\SysWow64\dpnet.dll
2012-10-04 17:38:56 362496 ----a-w- C:\windows\System32\wow64win.dll
2012-10-04 17:38:56 243200 ----a-w- C:\windows\System32\wow64.dll
2012-10-04 17:38:56 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2012-10-04 17:38:24 215040 ----a-w- C:\windows\System32\winsrv.dll
2012-10-04 17:35:22 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2012-10-04 17:32:16 425984 ----a-w- C:\windows\System32\KernelBase.dll
2012-10-04 16:54:18 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2012-10-04 16:54:17 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2012-10-04 15:19:57 338432 ----a-w- C:\windows\System32\conhost.exe
2012-10-04 14:49:27 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2012-10-04 14:49:24 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2012-10-04 14:49:22 2048 ----a-w- C:\windows\SysWow64\user.exe
2012-10-04 14:49:22 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2012-10-04 14:44:29 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:44:29 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:44:29 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:44:29 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 0:04:48.87 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:09 PM

Posted 12 December 2012 - 12:05 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Retcon

Retcon
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 12 December 2012 - 06:02 PM

Nice to meet you Gringo! Thanks for the welcome and for taking the time to help me out with this.
I'll normally be available to check this thread from 5:00-11:00 Central Time if that helps you in any way. I might be able to check it during throughout the day, but that's just a maybe.


Currently,my computer seems to be functioning normally.


Security Check


Results of screen317's Security Check version 0.99.56
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.4
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
Java 7 Update 10
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````

#4 Retcon

Retcon
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 12 December 2012 - 06:10 PM

Computer still functioning normally


AdwCleaner

# AdwCleaner v2.100 - Logfile created 12/12/2012 at 15:04:31
# Updated 09/12/2012 by Xplode
# Operating system : Windows 7 Professional (64 bits)
# User : Joshua Barham - JOSHUABARHAM-HP
# Boot Mode : Normal
# Running from : C:\Users\Joshua Barham\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [867 octets] - [12/12/2012 15:04:31]

########## EOF - C:\AdwCleaner[S1].txt - [926 octets] ##########

#5 Retcon

Retcon
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 12 December 2012 - 06:18 PM

Apologies, forgot to run it as administrator first time around, so that would be why it's filename is [3] instead of [1]
Computer continues to function normally


RogueKiller


RogueKiller V8.4.0 [Dec 12 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Joshua Barham [Admin rights]
Mode : Remove -- Date : 12/12/2012 15:12:46

Bad processes : 1
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

Registry Entries : 4
[RUN][ROGUE ST] HKLM\[...]\Run : HPPowerAssistant (C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

Driver : [NOT LOADED]

HOSTS File:
--> C:\windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: Hitachi HTS727550A9E364 +++++
--- User ---
[MBR] 4c957e12445f52276e12340e3b52f2b7
[BSP] 6bb5e8e25746c888030f29af8ab12f40 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 454145 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 930705408 | Size: 17371 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 966281216 | Size: 5115 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] d2c4f511a566f4b66a45c40ab04d273c
[BSP] 6bb5e8e25746c888030f29af8ab12f40 : Windows 7/8 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 454145 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 930705408 | Size: 17371 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 4571f5c52ac61e069cd22019eadbae19
[BSP] 6bb5e8e25746c888030f29af8ab12f40 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 61440 Mo
2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167999488 | Size: 1001 Mo
3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 171999232 | Size: 2000 Mo

Finished : << RKreport[3]_D_12122012_02d1512.txt >>
RKreport[1]_S_12122012_02d1512.txt ; RKreport[2]_S_12122012_02d1512.txt ; RKreport[3]_D_12122012_02d1512.txt

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:09 PM

Posted 12 December 2012 - 10:19 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Retcon

Retcon
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 12 December 2012 - 11:16 PM

No problems with ComboFix. It only restarted once after it was done running.
The only two differences I can see for my computer are:
1) There's now a folder with my name on the desktop
2) When I open Internet Explorer, I now get a Security Alert pop-up that says: "You are about to leave a secure internet connection. It will be possible for others to view information you send." And I have the options of: Yes, No, More Info

Everything else seems to be running normally.


ComboFix Log

ComboFix 12-12-12.01 - Joshua Barham 12/12/2012 19:44:42.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4030.2647 [GMT -8:00]
Running from: c:\users\Joshua Barham\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\106C.tmp
c:\programdata\Microsoft\Windows\DRM\106D.tmp
c:\windows\svchost.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-11-13 to 2012-12-13 )))))))))))))))))))))))))))))))
.
.
2012-12-13 03:50 . 2012-12-13 03:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-12 07:38 . 2012-12-12 07:38 -------- d-----w- c:\users\Joshua Barham\AppData\Roaming\Malwarebytes
2012-12-12 07:38 . 2012-12-12 07:38 -------- d-----w- c:\programdata\Malwarebytes
2012-12-12 07:38 . 2012-12-12 07:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-12 07:38 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-12 06:34 . 2012-12-12 06:34 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-12 06:34 . 2012-12-12 06:34 -------- d-----w- c:\program files (x86)\Java
2012-12-12 01:48 . 2012-11-09 05:34 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-30 01:43 . 2012-11-30 01:43 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2012-11-28 09:46 . 2012-08-27 11:55 443008 ----a-w- c:\windows\system32\athihvs.dll
2012-11-28 09:45 . 2012-11-28 09:46 -------- d-----w- c:\programdata\Qualcomm Atheros
2012-11-15 01:28 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 01:28 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 06:34 . 2012-08-23 21:11 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-12 06:34 . 2012-08-23 21:11 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-04 16:45 . 2012-12-12 01:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2011-02-07 12274688]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"HP HD Webcam [Fixed]_Monitor"="c:\program files (x86)\HP HD Webcam [Fixed]\monitor.exe" [2010-11-26 11:31 267128]
"DTRun"="c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2010-11-24 517456]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-02-11 76344]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2012-06-20 333728]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-02-03 22:09 75360 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-07-15 137272]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-03-07 62184]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-01-07 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-01-07 298144]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-01-07 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-01-07 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-01-07 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-01-07 279200]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2011-02-07 63336]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2011-09-05 476728]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-05-23 1098296]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-11 1255736]
S0 MfeEpeOpal;MfeEpeOpal; [x]
S0 MfeEpePc;MfeEpePc; [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111027.001\BHDrvx64.sys [2011-10-15 1155704]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111109.030\IDSvia64.sys [2011-11-04 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-08-16 89600]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-01-07 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-07 53920]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-01-28 133688]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-02-07 320000]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2012-06-20 523680]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2012-02-28 31000]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-04-06 1323008]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-08-12 1128952]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-03-16 113264]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2012-02-15 2602576]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2010-11-11 32192]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-01-07 28832]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-08-16 317440]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2012-08-16 173656]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 406632]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys [2011-01-12 2611704]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-12 c:\windows\Tasks\HPCeeScheduleForJoshua Barham.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-07 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-07 379040]
"MfeEpePcMonitor"="c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" [2012-04-06 200704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-16 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-16 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-16 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-08-16 1424896]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-12-12 19:59:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-13 03:59
.
Pre-Run: 403,924,901,888 bytes free
Post-Run: 403,505,479,680 bytes free
.
- - End Of File - - 55D52B1FBA6097FDC9DCB0217C5C3CBD

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:09 PM

Posted 12 December 2012 - 11:40 PM

Greetings

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Retcon

Retcon
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 13 December 2012 - 12:13 AM

No problems running it. It did open up again automatically upon restart after it rebooted for the cleaning process though.
There were three logs for TDSS; I assume two of them were just from opening the program, so I have provided the one I believe is from the actual scan since it was 501KB and the other two were just ~4KB. Let me know if you need the other two that showed up.

It told me the post was too long, so this log is seperated into multiple posts.

TDSSKiller Log


20:54:51.0804 4384 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:54:52.0506 4384 ============================================================
20:54:52.0506 4384 Current date / time: 2012/12/12 20:54:52.0506
20:54:52.0506 4384 SystemInfo:
20:54:52.0506 4384
20:54:52.0506 4384 OS Version: 6.1.7600 ServicePack: 0.0
20:54:52.0506 4384 Product type: Workstation
20:54:52.0506 4384 ComputerName: JOSHUABARHAM-HP
20:54:52.0506 4384 UserName: Joshua Barham
20:54:52.0506 4384 Windows directory: C:\windows
20:54:52.0506 4384 System windows directory: C:\windows
20:54:52.0506 4384 Running under WOW64
20:54:52.0506 4384 Processor architecture: Intel x64
20:54:52.0506 4384 Number of processors: 4
20:54:52.0506 4384 Page size: 0x1000
20:54:52.0506 4384 Boot type: Normal boot
20:54:52.0506 4384 ============================================================
20:54:53.0005 4384 BG loaded
20:54:53.0737 4384 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:54:53.0747 4384 ============================================================
20:54:53.0747 4384 \Device\Harddisk0\DR0:
20:54:53.0757 4384 MBR partitions:
20:54:53.0757 4384 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
20:54:53.0757 4384 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x37700800
20:54:53.0757 4384 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x37797000, BlocksNum 0x21ED800
20:54:53.0757 4384 ============================================================
20:54:53.0957 4384 C: <-> \Device\Harddisk0\DR0\Partition2
20:54:54.0087 4384 E: <-> \Device\Harddisk0\DR0\Partition3
20:54:54.0087 4384 ============================================================
20:54:54.0087 4384 Initialize success
20:54:54.0087 4384 ============================================================
20:55:39.0077 0536 ============================================================
20:55:39.0077 0536 Scan started
20:55:39.0077 0536 Mode: Manual; SigCheck; TDLFS;
20:55:39.0077 0536 ============================================================
20:55:41.0979 0536 ================ Scan system memory ========================
20:55:41.0979 0536 System memory - ok
20:55:41.0979 0536 ================ Scan services =============================
20:55:42.0353 0536 [ 69AA89A20DEE08BFA650AAB6CE37BD10 ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
20:55:42.0447 0536 1394ohci - ok
20:55:42.0494 0536 [ A3D3A95303269011060BBCFB97CA1DD5 ] Accelerometer C:\windows\system32\DRIVERS\Accelerometer.sys
20:55:42.0494 0536 Accelerometer - ok
20:55:42.0618 0536 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
20:55:42.0650 0536 ACDaemon - ok
20:55:42.0681 0536 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
20:55:42.0712 0536 ACPI - ok
20:55:42.0743 0536 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\windows\system32\DRIVERS\acpipmi.sys
20:55:42.0837 0536 AcpiPmi - ok
20:55:42.0915 0536 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
20:55:42.0962 0536 adp94xx - ok
20:55:42.0993 0536 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
20:55:43.0008 0536 adpahci - ok
20:55:43.0024 0536 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
20:55:43.0071 0536 adpu320 - ok
20:55:43.0086 0536 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
20:55:43.0258 0536 AeLookupSvc - ok
20:55:43.0352 0536 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
20:55:43.0414 0536 AESTFilters - ok
20:55:43.0554 0536 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\windows\syswow64\drivers\Afc.sys
20:55:43.0586 0536 Afc - ok
20:55:43.0648 0536 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\windows\system32\drivers\afd.sys
20:55:43.0710 0536 AFD - ok
20:55:43.0757 0536 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\windows\system32\DRIVERS\agrsm64.sys
20:55:43.0851 0536 AgereSoftModem - ok
20:55:43.0898 0536 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\DRIVERS\agp440.sys
20:55:43.0898 0536 agp440 - ok
20:55:43.0944 0536 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
20:55:44.0022 0536 ALG - ok
20:55:44.0054 0536 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\DRIVERS\aliide.sys
20:55:44.0085 0536 aliide - ok
20:55:44.0085 0536 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\DRIVERS\amdide.sys
20:55:44.0100 0536 amdide - ok
20:55:44.0116 0536 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
20:55:44.0178 0536 AmdK8 - ok
20:55:44.0194 0536 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
20:55:44.0241 0536 AmdPPM - ok
20:55:44.0272 0536 [ AB3166C09438A161FBDE13099A72E0AF ] amdsata C:\windows\system32\DRIVERS\amdsata.sys
20:55:44.0319 0536 amdsata - ok
20:55:44.0350 0536 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
20:55:44.0366 0536 amdsbs - ok
20:55:44.0381 0536 [ 5118DCD2065D8C8D752AD5EC0B2D6AA6 ] amdxata C:\windows\system32\DRIVERS\amdxata.sys
20:55:44.0397 0536 amdxata - ok
20:55:44.0428 0536 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\windows\system32\drivers\appid.sys
20:55:44.0522 0536 AppID - ok
20:55:44.0537 0536 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
20:55:44.0584 0536 AppIDSvc - ok
20:55:44.0615 0536 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\windows\System32\appinfo.dll
20:55:44.0678 0536 Appinfo - ok
20:55:44.0693 0536 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\windows\System32\appmgmts.dll
20:55:44.0740 0536 AppMgmt - ok
20:55:44.0787 0536 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
20:55:44.0834 0536 arc - ok
20:55:44.0849 0536 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
20:55:44.0865 0536 arcsas - ok
20:55:44.0912 0536 [ 357635F16D28558C50870F4EF8AA4712 ] ARCVCAM C:\windows\system32\DRIVERS\ArcSoftVCapture.sys
20:55:44.0912 0536 ARCVCAM - ok
20:55:45.0036 0536 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:55:45.0083 0536 aspnet_state - ok
20:55:45.0130 0536 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
20:55:45.0208 0536 AsyncMac - ok
20:55:45.0239 0536 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\DRIVERS\atapi.sys
20:55:45.0255 0536 atapi - ok
20:55:45.0286 0536 [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort C:\windows\system32\DRIVERS\btath_flt.sys
20:55:45.0302 0536 AthBTPort - ok
20:55:45.0364 0536 [ 4C4A576818EA028257C624AE36FF7A03 ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
20:55:45.0380 0536 Atheros Bt&Wlan Coex Agent - ok
20:55:45.0395 0536 [ 684B36CA4067DA7000CF95771A3CF0E7 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
20:55:45.0411 0536 AtherosSvc - ok
20:55:45.0614 0536 [ C98A57379FC6E043D95FF7C3DFC2D2B7 ] athr C:\windows\system32\DRIVERS\athrx.sys
20:55:45.0723 0536 athr - ok
20:55:45.0770 0536 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
20:55:45.0832 0536 AudioEndpointBuilder - ok
20:55:45.0863 0536 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\windows\System32\Audiosrv.dll
20:55:45.0894 0536 AudioSrv - ok
20:55:45.0941 0536 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\windows\System32\AxInstSV.dll
20:55:46.0019 0536 AxInstSV - ok
20:55:46.0066 0536 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
20:55:46.0113 0536 b06bdrv - ok
20:55:46.0160 0536 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
20:55:46.0222 0536 b57nd60a - ok
20:55:46.0269 0536 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
20:55:46.0316 0536 BDESVC - ok
20:55:46.0331 0536 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
20:55:46.0394 0536 Beep - ok
20:55:46.0472 0536 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\windows\System32\bfe.dll
20:55:46.0550 0536 BFE - ok
20:55:46.0752 0536 [ CD0ECB395666FC9AE23D7381E9E3370D ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111027.001\BHDrvx64.sys
20:55:46.0799 0536 BHDrvx64 - ok
20:55:46.0877 0536 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\windows\system32\qmgr.dll
20:55:46.0940 0536 BITS - ok
20:55:46.0971 0536 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
20:55:46.0986 0536 blbdrive - ok
20:55:47.0033 0536 [ 19D20159708E152267E53B66677A4995 ] bowser C:\windows\system32\DRIVERS\bowser.sys
20:55:47.0111 0536 bowser - ok
20:55:47.0142 0536 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
20:55:47.0205 0536 BrFiltLo - ok
20:55:47.0220 0536 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
20:55:47.0252 0536 BrFiltUp - ok
20:55:47.0298 0536 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
20:55:47.0361 0536 BridgeMP - ok
20:55:47.0408 0536 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\windows\System32\browser.dll
20:55:47.0454 0536 Browser - ok
20:55:47.0486 0536 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
20:55:47.0517 0536 Brserid - ok
20:55:47.0532 0536 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
20:55:47.0579 0536 BrSerWdm - ok
20:55:47.0595 0536 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
20:55:47.0626 0536 BrUsbMdm - ok
20:55:47.0642 0536 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
20:55:47.0673 0536 BrUsbSer - ok
20:55:47.0720 0536 [ 227C8F308DE4AF4808E587465CEAB838 ] BTATH_A2DP C:\windows\system32\drivers\btath_a2dp.sys
20:55:47.0720 0536 BTATH_A2DP - ok
20:55:47.0751 0536 [ A83A91D07D1FE6BBE7A9DB46CA00434B ] BTATH_BUS C:\windows\system32\DRIVERS\btath_bus.sys
20:55:47.0751 0536 BTATH_BUS - ok
20:55:47.0782 0536 [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP C:\windows\system32\DRIVERS\btath_hcrp.sys
20:55:47.0798 0536 BTATH_HCRP - ok
20:55:47.0813 0536 [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT C:\windows\system32\DRIVERS\btath_lwflt.sys
20:55:47.0813 0536 BTATH_LWFLT - ok
20:55:47.0829 0536 [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP C:\windows\system32\DRIVERS\btath_rcp.sys
20:55:47.0829 0536 BTATH_RCP - ok
20:55:47.0891 0536 [ FF8B065F96E4D9525AA7227299FBD05C ] BtFilter C:\windows\system32\DRIVERS\btfilter.sys
20:55:47.0922 0536 BtFilter - ok
20:55:47.0969 0536 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
20:55:48.0016 0536 BthEnum - ok
20:55:48.0063 0536 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
20:55:48.0094 0536 BTHMODEM - ok
20:55:48.0094 0536 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
20:55:48.0125 0536 BthPan - ok
20:55:48.0156 0536 [ 538392664FEE486620DFEA146F2500BC ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
20:55:48.0219 0536 BTHPORT - ok
20:55:48.0266 0536 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
20:55:48.0328 0536 bthserv - ok
20:55:48.0344 0536 [ 6E71522E317B22257D8E37A1584B5829 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
20:55:48.0375 0536 BTHUSB - ok
20:55:48.0390 0536 catchme - ok
20:55:48.0422 0536 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
20:55:48.0500 0536 cdfs - ok
20:55:48.0546 0536 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
20:55:48.0578 0536 cdrom - ok
20:55:48.0609 0536 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\windows\System32\certprop.dll
20:55:48.0687 0536 CertPropSvc - ok
20:55:48.0718 0536 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
20:55:48.0749 0536 circlass - ok
20:55:48.0765 0536 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
20:55:48.0780 0536 CLFS - ok
20:55:48.0843 0536 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:55:48.0858 0536 clr_optimization_v2.0.50727_32 - ok
20:55:48.0983 0536 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:55:48.0999 0536 clr_optimization_v2.0.50727_64 - ok
20:55:49.0077 0536 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:55:49.0186 0536 clr_optimization_v4.0.30319_32 - ok
20:55:49.0202 0536 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:55:49.0233 0536 clr_optimization_v4.0.30319_64 - ok
20:55:49.0280 0536 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
20:55:49.0326 0536 CmBatt - ok
20:55:49.0358 0536 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\DRIVERS\cmdide.sys
20:55:49.0404 0536 cmdide - ok
20:55:49.0451 0536 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\windows\system32\Drivers\cng.sys
20:55:49.0482 0536 CNG - ok
20:55:49.0514 0536 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
20:55:49.0514 0536 Compbatt - ok
20:55:49.0545 0536 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
20:55:49.0576 0536 CompositeBus - ok
20:55:49.0592 0536 COMSysApp - ok
20:55:49.0638 0536 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
20:55:49.0670 0536 crcdisk - ok
20:55:49.0716 0536 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\windows\system32\cryptsvc.dll
20:55:49.0748 0536 CryptSvc - ok
20:55:49.0779 0536 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\windows\system32\drivers\csc.sys
20:55:49.0810 0536 CSC - ok
20:55:49.0857 0536 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\windows\System32\cscsvc.dll
20:55:49.0919 0536 CscService - ok
20:55:49.0982 0536 [ 2E3374F9F0B5A3247B779978980C24CB ] DAMDrv C:\windows\system32\DRIVERS\DAMDrv64.sys
20:55:50.0013 0536 DAMDrv - ok
20:55:50.0060 0536 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\windows\system32\rpcss.dll
20:55:50.0122 0536 DcomLaunch - ok
20:55:50.0169 0536 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
20:55:50.0231 0536 defragsvc - ok
20:55:50.0262 0536 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\windows\system32\Drivers\dfsc.sys
20:55:50.0294 0536 DfsC - ok
20:55:50.0356 0536 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\windows\system32\dhcpcore.dll
20:55:50.0450 0536 Dhcp - ok
20:55:50.0481 0536 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
20:55:50.0559 0536 discache - ok
20:55:50.0590 0536 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
20:55:50.0621 0536 Disk - ok
20:55:50.0652 0536 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\windows\System32\dnsrslvr.dll
20:55:50.0699 0536 Dnscache - ok
20:55:50.0746 0536 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\windows\System32\dot3svc.dll
20:55:50.0824 0536 dot3svc - ok
20:55:50.0918 0536 [ 0B9134A45E88DCF0657382F277242F62 ] DpHost C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
20:55:50.0933 0536 DpHost - ok
20:55:50.0964 0536 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\windows\system32\dps.dll
20:55:51.0027 0536 DPS - ok
20:55:51.0042 0536 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
20:55:51.0074 0536 drmkaud - ok
20:55:51.0120 0536 [ 46156D3D372B502CD8C063C8E2B1CDC2 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
20:55:51.0136 0536 DXGKrnl - ok
20:55:51.0136 0536 EagleX64 - ok
20:55:51.0167 0536 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
20:55:51.0214 0536 EapHost - ok
20:55:51.0323 0536 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
20:55:51.0401 0536 ebdrv - ok
20:55:51.0432 0536 [ 5CCF1BE80930AEB1CDEBF561666325E8 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:55:51.0464 0536 eeCtrl - ok
20:55:51.0495 0536 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\windows\System32\lsass.exe
20:55:51.0542 0536 EFS - ok
20:55:51.0604 0536 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\windows\ehome\ehRecvr.exe
20:55:51.0698 0536 ehRecvr - ok
20:55:51.0729 0536 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
20:55:51.0776 0536 ehSched - ok
20:55:51.0807 0536 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
20:55:51.0838 0536 elxstor - ok
20:55:51.0885 0536 [ 7A898E4A744621711BE7E7B796C69876 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:55:51.0900 0536 EraserUtilRebootDrv - ok
20:55:51.0916 0536 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\DRIVERS\errdev.sys
20:55:51.0932 0536 ErrDev - ok
20:55:51.0978 0536 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
20:55:52.0056 0536 EventSystem - ok
20:55:52.0072 0536 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
20:55:52.0103 0536 exfat - ok
20:55:52.0150 0536 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
20:55:52.0228 0536 fastfat - ok
20:55:52.0259 0536 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\windows\system32\fxssvc.exe
20:55:52.0290 0536 Fax - ok
20:55:52.0306 0536 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
20:55:52.0322 0536 fdc - ok
20:55:52.0368 0536 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
20:55:52.0400 0536 fdPHost - ok
20:55:52.0415 0536 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
20:55:52.0462 0536 FDResPub - ok
20:55:52.0493 0536 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
20:55:52.0493 0536 FileInfo - ok
20:55:52.0509 0536 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
20:55:52.0556 0536 Filetrace - ok
20:55:52.0727 0536 [ A814979613C50457ED25FD60C872EBBC ] FLCDLOCK c:\Windows\SysWOW64\flcdlock.exe
20:55:52.0758 0536 FLCDLOCK - ok
20:55:52.0790 0536 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
20:55:52.0805 0536 flpydisk - ok
20:55:52.0836 0536 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
20:55:52.0868 0536 FltMgr - ok
20:55:52.0914 0536 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\windows\system32\FntCache.dll
20:55:52.0961 0536 FontCache - ok
20:55:53.0039 0536 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:55:53.0070 0536 FontCache3.0.0.0 - ok
20:55:53.0086 0536 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
20:55:53.0117 0536 FsDepends - ok
20:55:53.0164 0536 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
20:55:53.0180 0536 Fs_Rec - ok
20:55:53.0195 0536 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
20:55:53.0226 0536 fvevol - ok
20:55:53.0258 0536 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
20:55:53.0258 0536 gagp30kx - ok
20:55:53.0320 0536 [ 551D463E4CCEB5240234DA6718C93A44 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
20:55:53.0351 0536 GameConsoleService - ok
20:55:53.0414 0536 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\windows\System32\gpsvc.dll
20:55:53.0476 0536 gpsvc - ok
20:55:53.0492 0536 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
20:55:53.0538 0536 hcw85cir - ok
20:55:53.0601 0536 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
20:55:53.0648 0536 HdAudAddService - ok
20:55:53.0694 0536 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
20:55:53.0757 0536 HDAudBus - ok
20:55:53.0757 0536 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
20:55:53.0772 0536 HidBatt - ok
20:55:53.0804 0536 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
20:55:53.0835 0536 HidBth - ok
20:55:53.0866 0536 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
20:55:53.0882 0536 HidIr - ok
20:55:53.0913 0536 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
20:55:53.0960 0536 hidserv - ok
20:55:53.0991 0536 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
20:55:54.0006 0536 HidUsb - ok
20:55:54.0038 0536 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\windows\system32\kmsvc.dll
20:55:54.0116 0536 hkmsvc - ok
20:55:54.0147 0536 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\windows\system32\ListSvc.dll
20:55:54.0194 0536 HomeGroupListener - ok
20:55:54.0225 0536 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\windows\system32\provsvc.dll
20:55:54.0256 0536 HomeGroupProvider - ok
20:55:54.0303 0536 [ E8F8A94109429A327521C83AE2C25941 ] HP Power Assistant Service C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
20:55:54.0334 0536 HP Power Assistant Service - ok
20:55:54.0396 0536 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
20:55:54.0412 0536 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
20:55:54.0412 0536 HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
20:55:54.0490 0536 [ C5D2F308E1C12A5C328EF549696DBC05 ] hpCMSrv C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
20:55:54.0537 0536 hpCMSrv - ok
20:55:54.0599 0536 [ A9FC4D7EA174BBF5A675B299FFAD80A2 ] HPDayStarterService c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
20:55:54.0630 0536 HPDayStarterService - ok
20:55:54.0693 0536 [ B7382BEC806B7B00FC84B3E2061FF48E ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
20:55:54.0724 0536 HPDrvMntSvc.exe - ok
20:55:54.0755 0536 [ 4EC5F601B46C00DF87323CD58E8AA1A3 ] hpdskflt C:\windows\system32\DRIVERS\hpdskflt.sys
20:55:54.0786 0536 hpdskflt - ok
20:55:54.0833 0536 [ 98FAB0413C7365C9069994D7CE47F3EC ] HPFSService C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
20:55:54.0864 0536 HPFSService ( UnsignedFile.Multi.Generic ) - warning
20:55:54.0864 0536 HPFSService - detected UnsignedFile.Multi.Generic (1)
20:55:54.0942 0536 [ 4968C0728E257B3B6210244A9CDE2A08 ] hpHotkeyMonitor C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
20:55:54.0974 0536 hpHotkeyMonitor - ok
20:55:55.0005 0536 [ B98EE5D4535A685634B90F7E04DE0DF7 ] HpqKbFiltr C:\windows\system32\DRIVERS\HpqKbFiltr.sys
20:55:55.0020 0536 HpqKbFiltr - ok
20:55:55.0083 0536 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
20:55:55.0114 0536 hpqwmiex - ok
20:55:55.0145 0536 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\windows\system32\DRIVERS\HpSAMD.sys
20:55:55.0161 0536 HpSAMD - ok
20:55:55.0176 0536 [ 3A63CD2EAC2188CF2660A8E8DA701AB7 ] hpsrv C:\windows\system32\Hpservice.exe
20:55:55.0176 0536 hpsrv - ok
20:55:55.0239 0536 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\windows\system32\drivers\HTTP.sys
20:55:55.0317 0536 HTTP - ok
20:55:55.0332 0536 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
20:55:55.0348 0536 hwpolicy - ok
20:55:55.0395 0536 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
20:55:55.0410 0536 i8042prt - ok
20:55:55.0473 0536 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
20:55:55.0488 0536 iaStor - ok
20:55:55.0566 0536 [ 117FF657E0D9BBD61B5C3E71E63D3919 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
20:55:55.0598 0536 IAStorDataMgrSvc - ok
20:55:55.0629 0536 [ 513DC087CFED7D2BB82F005385D3531F ] iaStorV C:\windows\system32\DRIVERS\iaStorV.sys
20:55:55.0676 0536 iaStorV - ok
20:55:55.0738 0536 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:55:55.0800 0536 idsvc - ok
20:55:55.0972 0536 [ 0B97F1A640AD3D159A7B5D2164C42E50 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111109.030\IDSvia64.sys
20:55:56.0003 0536 IDSVia64 - ok
20:55:56.0440 0536 [ 0089B53F1BEFD34B7D8CA4AB021335FA ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
20:55:56.0643 0536 igfx - ok
20:55:56.0690 0536 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
20:55:56.0721 0536 iirsp - ok
20:55:56.0799 0536 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\windows\System32\ikeext.dll
20:55:56.0861 0536 IKEEXT - ok
20:55:56.0939 0536 [ AE594CC17C33AC146739494615E14851 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
20:55:56.0970 0536 IntcDAud - ok
20:55:57.0002 0536 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\DRIVERS\intelide.sys
20:55:57.0017 0536 intelide - ok
20:55:57.0048 0536 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
20:55:57.0064 0536 intelppm - ok
20:55:57.0095 0536 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
20:55:57.0142 0536 IPBusEnum - ok
20:55:57.0173 0536 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
20:55:57.0204 0536 IpFilterDriver - ok
20:55:57.0251 0536 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
20:55:57.0282 0536 iphlpsvc - ok
20:55:57.0314 0536 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\windows\system32\DRIVERS\IPMIDrv.sys
20:55:57.0360 0536 IPMIDRV - ok
20:55:57.0360 0536 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
20:55:57.0407 0536 IPNAT - ok
20:55:57.0423 0536 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
20:55:57.0438 0536 IRENUM - ok
20:55:57.0454 0536 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
20:55:57.0470 0536 isapnp - ok
20:55:57.0470 0536 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
20:55:57.0485 0536 iScsiPrt - ok
20:55:57.0532 0536 [ 3B794CA0DE73790420DEBA3C759F1502 ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
20:55:57.0563 0536 jhi_service - ok
20:55:57.0610 0536 [ B0C3023507CD1C2EB63249FC952504AE ] JMCR C:\windows\system32\DRIVERS\jmcr.sys
20:55:57.0610 0536 JMCR - ok
20:55:57.0657 0536 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
20:55:57.0672 0536 kbdclass - ok
20:55:57.0688 0536 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
20:55:57.0704 0536 kbdhid - ok
20:55:57.0719 0536 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\windows\system32\lsass.exe
20:55:57.0735 0536 KeyIso - ok
20:55:57.0766 0536 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
20:55:57.0766 0536 KSecDD - ok
20:55:57.0782 0536 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
20:55:57.0797 0536 KSecPkg - ok
20:55:57.0813 0536 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
20:55:57.0844 0536 ksthunk - ok
20:55:57.0860 0536 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
20:55:57.0906 0536 KtmRm - ok
20:55:57.0938 0536 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\windows\System32\srvsvc.dll
20:55:57.0969 0536 LanmanServer - ok
20:55:58.0000 0536 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
20:55:58.0094 0536 LanmanWorkstation - ok
20:55:58.0125 0536 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
20:55:58.0156 0536 lltdio - ok
20:55:58.0187 0536 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
20:55:58.0218 0536 lltdsvc - ok
20:55:58.0250 0536 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
20:55:58.0296 0536 lmhosts - ok
20:55:58.0343 0536 [ 97F9EAAC985A663394CD8F54DCD3E73A ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:55:58.0390 0536 LMS - ok
20:55:58.0421 0536 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
20:55:58.0437 0536 LSI_FC - ok
20:55:58.0468 0536 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
20:55:58.0484 0536 LSI_SAS - ok
20:55:58.0499 0536 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
20:55:58.0515 0536 LSI_SAS2 - ok
20:55:58.0530 0536 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
20:55:58.0546 0536 LSI_SCSI - ok
20:55:58.0577 0536 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
20:55:58.0640 0536 luafv - ok
20:55:58.0749 0536 [ 9B6B1F995F70AD951496088B16BC6782 ] McAfee Endpoint Encryption Agent C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
20:55:58.0796 0536 McAfee Endpoint Encryption Agent ( UnsignedFile.Multi.Generic ) - warning
20:55:58.0796 0536 McAfee Endpoint Encryption Agent - detected UnsignedFile.Multi.Generic (1)
20:55:58.0827 0536 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
20:55:58.0842 0536 Mcx2Svc - ok
20:55:58.0874 0536 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
20:55:58.0874 0536 megasas - ok
20:55:58.0920 0536 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
20:55:58.0952 0536 MegaSR - ok
20:55:58.0983 0536 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
20:55:58.0998 0536 MEIx64 - ok
20:55:59.0030 0536 [ 1D0535ABA49C80D20807DB748CA756DF ] MfeEpeOpal C:\windows\system32\drivers\MfeEpeOpal.sys
20:55:59.0045 0536 MfeEpeOpal - ok
20:55:59.0061 0536 [ 01446E52580019F8A9C77BB6840BC1FC ] MfeEpePc C:\windows\system32\drivers\MfeEpePc.sys
20:55:59.0076 0536 MfeEpePc - ok
20:55:59.0108 0536 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
20:55:59.0170 0536 MMCSS - ok
20:55:59.0186 0536 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
20:55:59.0232 0536 Modem - ok
20:55:59.0264 0536 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
20:55:59.0295 0536 monitor - ok
20:55:59.0342 0536 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
20:55:59.0357 0536 mouclass - ok
20:55:59.0404 0536 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
20:55:59.0435 0536 mouhid - ok
20:55:59.0451 0536 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
20:55:59.0482 0536 mountmgr - ok
20:55:59.0498 0536 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\windows\system32\DRIVERS\mpio.sys
20:55:59.0513 0536 mpio - ok
20:55:59.0544 0536 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
20:55:59.0591 0536 mpsdrv - ok
20:55:59.0654 0536 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\windows\system32\mpssvc.dll
20:55:59.0732 0536 MpsSvc - ok
20:55:59.0747 0536 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
20:55:59.0778 0536 MRxDAV - ok
20:55:59.0810 0536 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
20:55:59.0856 0536 mrxsmb - ok
20:55:59.0888 0536 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
20:55:59.0903 0536 mrxsmb10 - ok
20:55:59.0934 0536 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
20:55:59.0966 0536 mrxsmb20 - ok
20:55:59.0981 0536 [ 2BA4FF3D5EB68587DD662A896F649C7D ] msahci C:\windows\system32\DRIVERS\msahci.sys
20:55:59.0997 0536 msahci - ok
20:56:00.0012 0536 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\windows\system32\DRIVERS\msdsm.sys
20:56:00.0028 0536 msdsm - ok
20:56:00.0075 0536 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
20:56:00.0106 0536 MSDTC - ok
20:56:00.0137 0536 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
20:56:00.0184 0536 Msfs - ok
20:56:00.0215 0536 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
20:56:00.0246 0536 mshidkmdf - ok
20:56:00.0278 0536 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\DRIVERS\msisadrv.sys
20:56:00.0278 0536 msisadrv - ok
20:56:00.0309 0536 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
20:56:00.0371 0536 MSiSCSI - ok
20:56:00.0371 0536 msiserver - ok
20:56:00.0387 0536 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
20:56:00.0434 0536 MSKSSRV - ok
20:56:00.0434 0536 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
20:56:00.0465 0536 MSPCLOCK - ok
20:56:00.0465 0536 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
20:56:00.0496 0536 MSPQM - ok
20:56:00.0512 0536 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
20:56:00.0527 0536 MsRPC - ok
20:56:00.0558 0536 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
20:56:00.0558 0536 mssmbios - ok
20:56:00.0574 0536 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
20:56:00.0605 0536 MSTEE - ok
20:56:00.0636 0536 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
20:56:00.0652 0536 MTConfig - ok
20:56:00.0668 0536 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
20:56:00.0683 0536 Mup - ok
20:56:00.0699 0536 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\windows\system32\qagentRT.dll
20:56:00.0730 0536 napagent - ok
20:56:00.0761 0536 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
20:56:00.0792 0536 NativeWifiP - ok
20:56:00.0839 0536 [ 2DBE90210DE76BE6E1653BB20EC70EC2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111109.035\ENG64.SYS
20:56:00.0855 0536 NAVENG - ok
20:56:00.0917 0536 [ 346DA70E203B8E2C850277713DE8F71B ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111109.035\EX64.SYS
20:56:00.0964 0536 NAVEX15 - ok
20:56:01.0026 0536 [ A3151B3463EEA7E47F618F115D0D142E ] NDIS C:\windows\system32\drivers\ndis.sys
20:56:01.0073 0536 NDIS - ok
20:56:01.0089 0536 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
20:56:01.0136 0536 NdisCap - ok
20:56:01.0167 0536 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
20:56:01.0198 0536 NdisTapi - ok
20:56:01.0214 0536 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
20:56:01.0260 0536 Ndisuio - ok
20:56:01.0260 0536 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
20:56:01.0307 0536 NdisWan - ok
20:56:01.0323 0536 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\windows\system32\drivers\NDProxy.sys
20:56:01.0354 0536 NDProxy - ok
20:56:01.0401 0536 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
20:56:01.0463 0536 NetBIOS - ok
20:56:01.0494 0536 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\windows\system32\DRIVERS\netbt.sys
20:56:01.0541 0536 NetBT - ok
20:56:01.0557 0536 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\windows\system32\lsass.exe
20:56:01.0557 0536 Netlogon - ok
20:56:01.0604 0536 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
20:56:01.0635 0536 Netman - ok
20:56:01.0713 0536 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:56:01.0744 0536 NetMsmqActivator - ok
20:56:01.0760 0536 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:56:01.0760 0536 NetPipeActivator - ok
20:56:01.0791 0536 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
20:56:01.0853 0536 netprofm - ok
20:56:01.0869 0536 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:56:01.0869 0536 NetTcpActivator - ok
20:56:01.0869 0536 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:56:01.0884 0536 NetTcpPortSharing - ok
20:56:01.0931 0536 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
20:56:01.0947 0536 nfrd960 - ok
20:56:01.0994 0536 [ E78A365CC3E0FBFC018A33DCE01909F8 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
20:56:02.0025 0536 NIS - ok
20:56:02.0072 0536 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\windows\System32\nlasvc.dll
20:56:02.0150 0536 NlaSvc - ok
20:56:02.0165 0536 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
20:56:02.0212 0536 Npfs - ok
20:56:02.0212 0536 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
20:56:02.0243 0536 nsi - ok
20:56:02.0243 0536 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
20:56:02.0290 0536 nsiproxy - ok
20:56:02.0337 0536 [ 1AD8FEF2D6AC7116B68B887A9782FD33 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
20:56:02.0368 0536 Ntfs - ok
20:56:02.0368 0536 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
20:56:02.0430 0536 Null - ok
20:56:02.0462 0536 [ DEAB10231CBDB0881FC25428EBE11506 ] nvraid C:\windows\system32\DRIVERS\nvraid.sys
20:56:02.0477 0536 nvraid - ok
20:56:02.0508 0536 [ 0AF7B8136794E23E87BE138992880E64 ] nvstor C:\windows\system32\DRIVERS\nvstor.sys
20:56:02.0508 0536 nvstor - ok
20:56:02.0524 0536 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\DRIVERS\nv_agp.sys
20:56:02.0540 0536 nv_agp - ok
20:56:02.0555 0536 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
20:56:02.0602 0536 ohci1394 - ok
20:56:02.0633 0536 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
20:56:02.0680 0536 p2pimsvc - ok
20:56:02.0711 0536 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
20:56:02.0742 0536 p2psvc - ok
20:56:02.0774 0536 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
20:56:02.0789 0536 Parport - ok
20:56:02.0805 0536 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\windows\system32\drivers\partmgr.sys
20:56:02.0820 0536 partmgr - ok
20:56:02.0836 0536 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
20:56:02.0867 0536 PcaSvc - ok
20:56:02.0883 0536 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\windows\system32\DRIVERS\pci.sys
20:56:02.0898 0536 pci - ok
20:56:02.0930 0536 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
20:56:02.0945 0536 pciide - ok
20:56:02.0976 0536 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
20:56:02.0992 0536 pcmcia - ok
20:56:03.0023 0536 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
20:56:03.0039 0536 pcw - ok
20:56:03.0086 0536 pdfcDispatcher - ok
20:56:03.0132 0536 [ 4A8CC4D25525F456069887D5E8C53225 ] PdiService C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
20:56:03.0148 0536 PdiService - ok
20:56:03.0195 0536 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
20:56:03.0242 0536 PEAUTH - ok
20:56:03.0288 0536 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\windows\system32\peerdistsvc.dll
20:56:03.0351 0536 PeerDistSvc - ok
20:56:03.0429 0536 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
20:56:03.0476 0536 PerfHost - ok
20:56:03.0554 0536 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\windows\system32\pla.dll
20:56:03.0616 0536 pla - ok
20:56:03.0663 0536 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\windows\system32\umpnpmgr.dll
20:56:03.0725 0536 PlugPlay - ok
20:56:03.0741 0536 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
20:56:03.0788 0536 PNRPAutoReg - ok
20:56:03.0819 0536 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
20:56:03.0834 0536 PNRPsvc - ok
20:56:03.0866 0536 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
20:56:03.0928 0536 PolicyAgent - ok
20:56:03.0959 0536 [ 6C2384E20F6EC6B9833AF80BAB607813 ] Power C:\windows\system32\umpo.dll
20:56:03.0990 0536 Power - ok
20:56:04.0037 0536 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
20:56:04.0084 0536 PptpMiniport - ok
20:56:04.0100 0536 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
20:56:04.0115 0536 Processor - ok
20:56:04.0178 0536 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\windows\system32\profsvc.dll
20:56:04.0256 0536 ProfSvc - ok
20:56:04.0271 0536 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\windows\system32\lsass.exe
20:56:04.0287 0536 ProtectedStorage - ok
20:56:04.0318 0536 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\windows\system32\DRIVERS\pacer.sys
20:56:04.0349 0536 Psched - ok
20:56:04.0396 0536 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
20:56:04.0443 0536 ql2300 - ok
20:56:04.0443 0536 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
20:56:04.0458 0536 ql40xx - ok
20:56:04.0474 0536 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
20:56:04.0521 0536 QWAVE - ok
20:56:04.0583 0536 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
20:56:04.0630 0536 QWAVEdrv - ok
20:56:04.0646 0536 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
20:56:04.0692 0536 RasAcd - ok
20:56:04.0708 0536 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
20:56:04.0739 0536 RasAgileVpn - ok
20:56:04.0770 0536 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
20:56:04.0848 0536 RasAuto - ok
20:56:04.0880 0536 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
20:56:04.0958 0536 Rasl2tp - ok
20:56:04.0989 0536 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\windows\System32\rasmans.dll
20:56:05.0051 0536 RasMan - ok
20:56:05.0082 0536 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
20:56:05.0114 0536 RasPppoe - ok
20:56:05.0129 0536 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
20:56:05.0192 0536 RasSstp - ok
20:56:05.0223 0536 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
20:56:05.0254 0536 rdbss - ok
20:56:05.0270 0536 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
20:56:05.0316 0536 rdpbus - ok
20:56:05.0348 0536 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
20:56:05.0379 0536 RDPCDD - ok
20:56:05.0410 0536 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\windows\system32\drivers\rdpdr.sys
20:56:05.0441 0536 RDPDR - ok
20:56:05.0457 0536 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
20:56:05.0488 0536 RDPENCDD - ok
20:56:05.0504 0536 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
20:56:05.0519 0536 RDPREFMP - ok
20:56:05.0566 0536 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
20:56:05.0582 0536 RDPWD - ok
20:56:05.0613 0536 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\windows\system32\drivers\rdyboost.sys
20:56:05.0628 0536 rdyboost - ok
20:56:05.0644 0536 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
20:56:05.0675 0536 RemoteAccess - ok
20:56:05.0706 0536 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
20:56:05.0753 0536 RemoteRegistry - ok
20:56:05.0784 0536 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
20:56:05.0816 0536 RFCOMM - ok
20:56:05.0831 0536 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
20:56:05.0862 0536 RpcEptMapper - ok
20:56:05.0909 0536 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
20:56:05.0972 0536 RpcLocator - ok
20:56:06.0143 0536 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\windows\system32\rpcss.dll
20:56:06.0206 0536 RpcSs - ok
20:56:06.0346 0536 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
20:56:06.0408 0536 rspndr - ok
20:56:06.0549 0536 [ 2777226EE8BF50B059D7A7C90177E99C ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
20:56:06.0580 0536 RTL8167 - ok
20:56:06.0658 0536 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\windows\system32\DRIVERS\vms3cap.sys
20:56:06.0767 0536 s3cap - ok
20:56:06.0798 0536 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\windows\system32\lsass.exe
20:56:06.0798 0536 SamSs - ok
20:56:06.0876 0536 [ 9F0439389FBD5B5F900966C5C66BCFAB ] sbp2port C:\windows\system32\DRIVERS\sbp2port.sys
20:56:06.0923 0536 sbp2port - ok
20:56:06.0986 0536 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
20:56:07.0001 0536 SBSDWSCService - ok
20:56:07.0048 0536 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
20:56:07.0110 0536 SCardSvr - ok
20:56:07.0142 0536 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
20:56:07.0204 0536 scfilter - ok
20:56:07.0282 0536 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\windows\system32\schedsvc.dll
20:56:07.0344 0536 Schedule - ok
20:56:07.0376 0536 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\windows\System32\certprop.dll
20:56:07.0391 0536 SCPolicySvc - ok
20:56:07.0422 0536 [ 2C8D162EFAF73ABD36D8BCBB6340CAE7 ] sdbus C:\windows\system32\DRIVERS\sdbus.sys
20:56:07.0454 0536 sdbus - ok
20:56:07.0500 0536 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\windows\System32\SDRSVC.dll
20:56:07.0547 0536 SDRSVC - ok
20:56:07.0610 0536 [ 331E7BDE228914574FC9AE6CD520DAFA ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
20:56:07.0641 0536 SeaPort - ok
20:56:07.0672 0536 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
20:56:07.0766 0536 secdrv - ok
20:56:07.0797 0536 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\windows\system32\seclogon.dll
20:56:07.0844 0536 seclogon - ok
20:56:07.0875 0536 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
20:56:07.0906 0536 SENS - ok
20:56:07.0937 0536 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
20:56:07.0984 0536 SensrSvc - ok
20:56:08.0000 0536 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
20:56:08.0015 0536 Serenum - ok
20:56:08.0031 0536 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
20:56:08.0062 0536 Serial - ok
20:56:08.0093 0536 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
20:56:08.0109 0536 sermouse - ok
20:56:08.0140 0536 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\windows\system32\sessenv.dll
20:56:08.0218 0536 SessionEnv - ok
20:56:08.0234 0536 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\DRIVERS\sffdisk.sys
20:56:08.0234 0536 sffdisk - ok
20:56:08.0249 0536 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\DRIVERS\sffp_mmc.sys
20:56:08.0265 0536 sffp_mmc - ok
20:56:08.0280 0536 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\windows\system32\DRIVERS\sffp_sd.sys
20:56:08.0296 0536 sffp_sd - ok
20:56:08.0312 0536 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
20:56:08.0358 0536 sfloppy - ok
20:56:08.0390 0536 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
20:56:08.0436 0536 SharedAccess - ok
20:56:08.0468 0536 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\windows\System32\shsvcs.dll
20:56:08.0499 0536 ShellHWDetection - ok
20:56:08.0530 0536 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
20:56:08.0546 0536 SiSRaid2 - ok
20:56:08.0546 0536 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
20:56:08.0561 0536 SiSRaid4 - ok
20:56:08.0608 0536 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
20:56:08.0686 0536 Smb - ok
20:56:08.0733 0536 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
20:56:08.0780 0536 SNMPTRAP - ok
20:56:08.0795 0536 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
20:56:08.0795 0536 spldr - ok
20:56:08.0826 0536 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\windows\System32\spoolsv.exe
20:56:08.0889 0536 Spooler - ok
20:56:08.0982 0536 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\windows\system32\sppsvc.exe
20:56:09.0060 0536 sppsvc - ok
20:56:09.0076 0536 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
20:56:09.0107 0536 sppuinotify - ok
20:56:09.0216 0536 [ DC3458CE25D50152CEA22DC8230E5AAD ] SPUVCbv C:\windows\system32\Drivers\SPUVCbv_x64.sys
20:56:09.0294 0536 SPUVCbv - ok
20:56:09.0419 0536 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS
20:56:09.0482 0536 SRTSP - ok
20:56:09.0497 0536 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
20:56:09.0513 0536 SRTSPX - ok
20:56:09.0528 0536 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\windows\system32\DRIVERS\srv.sys
20:56:09.0575 0536 srv - ok
20:56:09.0591 0536 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
20:56:09.0606 0536 srv2 - ok
20:56:09.0606 0536 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
20:56:09.0638 0536 srvnet - ok
20:56:09.0669 0536 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
20:56:09.0762 0536 SSDPSRV - ok
20:56:09.0778 0536 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
20:56:09.0809 0536 SstpSvc - ok
20:56:09.0918 0536 [ D343109DF7DAFEC3C75AC65446F5A1A9 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
20:56:09.0965 0536 STacSV - ok
20:56:09.0981 0536 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
20:56:10.0012 0536 stexstor - ok
20:56:10.0043 0536 [ 8C490A03D0E44165D8BB48CEA4787F47 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
20:56:10.0074 0536 STHDA - ok
20:56:10.0137 0536 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\windows\System32\wiaservc.dll
20:56:10.0184 0536 stisvc - ok
20:56:10.0215 0536 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\windows\system32\DRIVERS\vmstorfl.sys
20:56:10.0230 0536 storflt - ok
20:56:10.0246 0536 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\windows\system32\storsvc.dll
20:56:10.0262 0536 StorSvc - ok
20:56:10.0293 0536 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\windows\system32\DRIVERS\storvsc.sys
20:56:10.0308 0536 storvsc - ok
20:56:10.0324 0536 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
20:56:10.0340 0536 swenum - ok
20:56:10.0371 0536 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
20:56:10.0433 0536 swprv - ok
20:56:10.0464 0536 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
20:56:10.0480 0536 SymDS - ok
20:56:10.0511 0536 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
20:56:10.0527 0536 SymEFA - ok
20:56:10.0558 0536 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS
20:56:10.0574 0536 SymEvent - ok
20:56:10.0589 0536 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS
20:56:10.0605 0536 SymIRON - ok
20:56:10.0620 0536 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
20:56:10.0636 0536 SymNetS - ok
20:56:10.0683 0536 [ 48A191AE1F810F3F76F04187BA6B0F14 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
20:56:10.0714 0536 SynTP - ok
20:56:10.0761 0536 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\windows\system32\sysmain.dll
20:56:10.0792 0536 SysMain - ok
20:56:10.0808 0536 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\windows\System32\TabSvc.dll
20:56:10.0823 0536 TabletInputService - ok
20:56:10.0854 0536 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\windows\System32\tapisrv.dll
20:56:10.0886 0536 TapiSrv - ok
20:56:10.0917 0536 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
20:56:10.0932 0536 TBS - ok
20:56:11.0010 0536 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
20:56:11.0073 0536 Tcpip - ok
20:56:11.0104 0536 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
20:56:11.0135 0536 TCPIP6 - ok
20:56:11.0151 0536 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
20:56:11.0182 0536 tcpipreg - ok
20:56:11.0213 0536 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
20:56:11.0260 0536 TDPIPE - ok
20:56:11.0291 0536 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
20:56:11.0322 0536 TDTCP - ok
20:56:11.0354 0536 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\windows\system32\DRIVERS\tdx.sys
20:56:11.0432 0536 tdx - ok
20:56:11.0463 0536 [ C448651339196C0E869A355171875522 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
20:56:11.0463 0536 TermDD - ok
20:56:11.0525 0536 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\windows\System32\termsrv.dll
20:56:11.0603 0536 TermService - ok
20:56:11.0619 0536 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
20:56:11.0650 0536 Themes - ok
20:56:11.0666 0536 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
20:56:11.0697 0536 THREADORDER - ok
20:56:11.0712 0536 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\windows\system32\drivers\tpm.sys
20:56:11.0728 0536 TPM - ok
20:56:11.0775 0536 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
20:56:11.0822 0536 TrkWks - ok
20:56:11.0868 0536 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
20:56:11.0884 0536 TrustedInstaller - ok
20:56:11.0884 0536 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
20:56:11.0915 0536 tssecsrv - ok
20:56:11.0962 0536 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
20:56:12.0009 0536 tunnel - ok
20:56:12.0024 0536 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
20:56:12.0040 0536 uagp35 - ok
20:56:12.0087 0536 [ D5994AB5C2B2D72D6320A7004D52617C ] uArcCapture C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
20:56:12.0134 0536 uArcCapture - ok
20:56:12.0165 0536 [ 0E5E962B5649D544BE54E8C90761EA2B ] udfs C:\windows\system32\DRIVERS\udfs.sys
20:56:12.0243 0536 udfs - ok
20:56:12.0290 0536 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
20:56:12.0336 0536 UI0Detect - ok
20:56:12.0352 0536 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\DRIVERS\uliagpkx.sys
20:56:12.0368 0536 uliagpkx - ok
20:56:12.0461 0536 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\windows\system32\DRIVERS\umbus.sys
20:56:12.0508 0536 umbus - ok
20:56:12.0570 0536 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
20:56:12.0617 0536 UmPass - ok
20:56:12.0633 0536 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\windows\System32\umrdp.dll
20:56:12.0680 0536 UmRdpService - ok
20:56:12.0804 0536 [ A69CD6BDB82872999D2E46F9324ADA83 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:56:12.0929 0536 UNS - ok
20:56:12.0960 0536 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
20:56:12.0992 0536 upnphost - ok
20:56:13.0007 0536 [ 8517ADD80777FED001AFF7E9996F3D87 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
20:56:13.0070 0536 usbccgp - ok
20:56:13.0085 0536 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\DRIVERS\usbcir.sys
20:56:13.0116 0536 usbcir - ok
20:56:13.0148 0536 [ 1686804D5B9EF75E4AB806F447DF590D ] usbehci C:\windows\system32\drivers\usbehci.sys
20:56:13.0210 0536 usbehci - ok
20:56:13.0288 0536 [ 0ECDDD7F97E35BC8986C7EC7DB48D8E4 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
20:56:13.0319 0536 usbhub - ok
20:56:13.0335 0536 [ 429CEFD22417C82AA7BF93AECB567CF8 ] usbohci C:\windows\system32\drivers\usbohci.sys
20:56:13.0382 0536 usbohci - ok
20:56:13.0428 0536 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
20:56:13.0444 0536 usbprint - ok
20:56:13.0491 0536 [ A60E7E0FA88FF067D049D525547CD5E9 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
20:56:13.0538 0536 USBSTOR - ok
20:56:13.0584 0536 [ 3CF27BFA1D06B7806F517FC889264290 ] usbuhci C:\windows\system32\drivers\usbuhci.sys
20:56:13.0616 0536 usbuhci - ok
20:56:13.0694 0536 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
20:56:13.0725 0536 usbvideo - ok
20:56:13.0756 0536 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
20:56:13.0834 0536 UxSms - ok
20:56:13.0881 0536 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\windows\system32\lsass.exe
20:56:13.0881 0536 VaultSvc - ok
20:56:13.0974 0536 [ 0AD1CFB05AE55ADEF7D05B91017ED6D1 ] vcsFPService C:\windows\system32\vcsFPService.exe
20:56:14.0021 0536 vcsFPService - ok
20:56:14.0037 0536 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\DRIVERS\vdrvroot.sys
20:56:14.0052 0536 vdrvroot - ok
20:56:14.0084 0536 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\windows\System32\vds.exe
20:56:14.0099 0536 vds - ok
20:56:14.0146 0536 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
20:56:14.0193 0536 vga - ok
20:56:14.0193 0536 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
20:56:14.0240 0536 VgaSave - ok
20:56:14.0286 0536 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\windows\system32\DRIVERS\vhdmp.sys
20:56:14.0302 0536 vhdmp - ok
20:56:14.0333 0536 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\DRIVERS\viaide.sys
20:56:14.0349 0536 viaide - ok
20:56:14.0364 0536 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\windows\system32\DRIVERS\vmbus.sys
20:56:14.0380 0536 vmbus - ok
20:56:14.0396 0536 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\windows\system32\DRIVERS\VMBusHID.sys
20:56:14.0458 0536 VMBusHID - ok
20:56:14.0536 0536 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\windows\system32\DRIVERS\volmgr.sys
20:56:14.0583 0536 volmgr - ok
20:56:14.0614 0536 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\windows\system32\drivers\volmgrx.sys
20:56:14.0645 0536 volmgrx - ok
20:56:14.0692 0536 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\windows\system32\drivers\volsnap.sys
20:56:14.0723 0536 volsnap - ok
20:56:14.0848 0536 [ ABD9B4A7E2D0AE51A3B8DF1AF3152D61 ] vpcbus C:\windows\system32\DRIVERS\vpchbus.sys
20:56:14.0942 0536 vpcbus - ok
20:56:14.0973 0536 [ 8ACDA395841538CE9713A67FE8B2A3EB ] vpcnfltr C:\windows\system32\DRIVERS\vpcnfltr.sys
20:56:14.0988 0536 vpcnfltr - ok
20:56:15.0051 0536 [ 31924E31BC315773E6D149B157DB46D5 ] vpcusb C:\windows\system32\DRIVERS\vpcusb.sys
20:56:15.0098 0536 vpcusb - ok
20:56:15.0144 0536 [ 510D250A08C09850F5C78CA2011B3B62 ] vpcvmm C:\windows\system32\drivers\vpcvmm.sys
20:56:15.0160 0536 vpcvmm - ok
20:56:15.0207 0536 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
20:56:15.0238 0536 vsmraid - ok
20:56:15.0285 0536 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\windows\system32\vssvc.exe
20:56:15.0410 0536 VSS - ok
20:56:15.0550 0536 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
20:56:15.0628 0536 vwifibus - ok
20:56:15.0800 0536 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
20:56:15.0893 0536 vwififlt - ok
20:56:16.0034 0536 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
20:56:16.0158 0536 W32Time - ok
20:56:16.0190 0536 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
20:56:16.0221 0536 WacomPen - ok
20:56:16.0268 0536 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
20:56:16.0314 0536 WANARP - ok
20:56:16.0314 0536 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
20:56:16.0346 0536 Wanarpv6 - ok
20:56:16.0455 0536 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
20:56:16.0533 0536 WatAdminSvc - ok
20:56:16.0642 0536 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\windows\system32\wbengine.exe
20:56:16.0720 0536 wbengine - ok
20:56:16.0736 0536 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
20:56:16.0767 0536 WbioSrvc - ok
20:56:16.0798 0536 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\windows\System32\wcncsvc.dll
20:56:16.0860 0536 wcncsvc - ok
20:56:16.0923 0536 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
20:56:17.0001 0536 WcsPlugInService - ok
20:56:17.0032 0536 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
20:56:17.0032 0536 Wd - ok
20:56:17.0141 0536 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
20:56:17.0219 0536 Wdf01000 - ok
20:56:17.0235 0536 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
20:56:17.0266 0536 WdiServiceHost - ok
20:56:17.0282 0536 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
20:56:17.0297 0536 WdiSystemHost - ok
20:56:17.0344 0536 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\windows\System32\webclnt.dll
20:56:17.0422 0536 WebClient - ok
20:56:17.0453 0536 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
20:56:17.0547 0536 Wecsvc - ok
20:56:17.0547 0536 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
20:56:17.0656 0536 wercplsupport - ok
20:56:17.0687 0536 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
20:56:17.0734 0536 WerSvc - ok
20:56:17.0781 0536 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
20:56:17.0828 0536 WfpLwf - ok
20:56:17.0874 0536 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
20:56:17.0906 0536 WIMMount - ok
20:56:17.0937 0536 WinDefend - ok
20:56:17.0937 0536 WinHttpAutoProxySvc - ok
20:56:17.0999 0536 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
20:56:18.0077 0536 Winmgmt - ok
20:56:18.0202 0536 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\windows\system32\WsmSvc.dll
20:56:18.0311 0536 WinRM - ok
20:56:18.0358 0536 [ 4D52C872018AF7E18D078978DCC3F6F2 ] WinUSB C:\windows\system32\DRIVERS\WinUSB.sys
20:56:18.0389 0536 WinUSB - ok
20:56:18.0420 0536 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
20:56:18.0436 0536 Wlansvc - ok
20:56:18.0592 0536 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:56:18.0639 0536 wlidsvc - ok
20:56:18.0686 0536 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
20:56:18.0717 0536 WmiAcpi - ok
20:56:18.0748 0536 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
20:56:18.0795 0536 wmiApSrv - ok
20:56:18.0826 0536 WMPNetworkSvc - ok
20:56:18.0873 0536 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
20:56:18.0935 0536 WPCSvc - ok
20:56:18.0951 0536 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
20:56:19.0013 0536 WPDBusEnum - ok
20:56:19.0044 0536 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
20:56:19.0091 0536 ws2ifsl - ok
20:56:19.0122 0536 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\windows\system32\wscsvc.dll
20:56:19.0138 0536 wscsvc - ok
20:56:19.0138 0536 WSearch - ok
20:56:19.0247 0536 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
20:56:19.0325 0536 wuauserv - ok
20:56:19.0356 0536 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
20:56:19.0403 0536 WudfPf - ok
20:56:19.0466 0536 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
20:56:19.0512 0536 WUDFRd - ok
20:56:19.0544 0536 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\windows\System32\WUDFSvc.dll
20:56:19.0575 0536 wudfsvc - ok
20:56:19.0622 0536 [ 61F4421BF69637F588041C8698600546 ] WwanSvc C:\windows\System32\wwansvc.dll
20:56:19.0653 0536 WwanSvc - ok
20:56:19.0700 0536 [ A35820791F940822C31908F58F91D973 ] XobniService C:\Program Files (x86)\Xobni\XobniService.exe
20:56:19.0700 0536 XobniService - ok
20:56:19.0731 0536 ================ Scan global ===============================
20:56:19.0746 0536 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
20:56:19.0778 0536 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\windows\system32\winsrv.dll
20:56:19.0793 0536 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\windows\system32\winsrv.dll
20:56:19.0809 0536 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
20:56:19.0824 0536 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
20:56:19.0840 0536 [Global] - ok

#10 Retcon

Retcon
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 13 December 2012 - 12:16 AM

TDSSKiller Log PART 2





20:56:19.0840 0536 ================ Scan MBR ==================================
20:56:19.0840 0536 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:56:19.0840 0536 Suspicious mbr (Forged): \Device\Harddisk0\DR0
20:56:19.0902 0536 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
20:56:19.0902 0536 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
20:56:19.0996 0536 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:56:19.0996 0536 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:56:20.0012 0536 ================ Scan VBR ==================================
20:56:20.0012 0536 [ 5F721BD2D1A12DC4478A6709804AB247 ] \Device\Harddisk0\DR0\Partition1
20:56:20.0012 0536 \Device\Harddisk0\DR0\Partition1 - ok
20:56:20.0027 0536 [ F18A26FF609C212D8A0E14D2550C9719 ] \Device\Harddisk0\DR0\Partition2
20:56:20.0027 0536 \Device\Harddisk0\DR0\Partition2 - ok
20:56:20.0058 0536 [ 55BB8D07CCC6FFCDDE1A0295EDC398B2 ] \Device\Harddisk0\DR0\Partition3
20:56:20.0058 0536 \Device\Harddisk0\DR0\Partition3 - ok
20:56:20.0058 0536 ================ Scan active images ========================
20:56:20.0058 0536 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
20:56:20.0058 0536 C:\Windows\System32\drivers\crashdmp.sys - ok
20:56:20.0058 0536 [ D469B77687E12FE43E344806740B624D ] C:\Windows\System32\drivers\iaStor.sys
20:56:20.0058 0536 C:\Windows\System32\drivers\iaStor.sys - ok
20:56:20.0074 0536 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
20:56:20.0074 0536 C:\Windows\System32\drivers\dumpfve.sys - ok
20:56:20.0074 0536 [ BE1A26F02AAF52C536E3A92FD4510FD7 ] C:\Windows\System32\drivers\MfeEpeHb.sys
20:56:20.0074 0536 C:\Windows\System32\drivers\MfeEpeHb.sys - ok
20:56:20.0074 0536 [ 83D2D75E1EFB81B3450C18131443F7DB ] C:\Windows\System32\drivers\cdrom.sys
20:56:20.0074 0536 C:\Windows\System32\drivers\cdrom.sys - ok
20:56:20.0074 0536 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
20:56:20.0074 0536 C:\Windows\System32\drivers\beep.sys - ok
20:56:20.0090 0536 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
20:56:20.0090 0536 C:\Windows\System32\drivers\null.sys - ok
20:56:20.0090 0536 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
20:56:20.0090 0536 C:\Windows\System32\drivers\videoprt.sys - ok
20:56:20.0090 0536 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
20:56:20.0090 0536 C:\Windows\System32\drivers\watchdog.sys - ok
20:56:20.0090 0536 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
20:56:20.0090 0536 C:\Windows\System32\drivers\vga.sys - ok
20:56:20.0105 0536 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
20:56:20.0105 0536 C:\Windows\System32\drivers\RDPCDD.sys - ok
20:56:20.0105 0536 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
20:56:20.0105 0536 C:\Windows\System32\drivers\RDPENCDD.sys - ok
20:56:20.0105 0536 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
20:56:20.0105 0536 C:\Windows\System32\drivers\RDPREFMP.sys - ok
20:56:20.0105 0536 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
20:56:20.0105 0536 C:\Windows\System32\drivers\msfs.sys - ok
20:56:20.0105 0536 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
20:56:20.0105 0536 C:\Windows\System32\drivers\npfs.sys - ok
20:56:20.0121 0536 [ 0CA6FE26ACC7FFEE1BD0463F40835F32 ] C:\Windows\System32\drivers\tdi.sys
20:56:20.0121 0536 C:\Windows\System32\drivers\tdi.sys - ok
20:56:20.0121 0536 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] C:\Windows\System32\drivers\tdx.sys
20:56:20.0121 0536 C:\Windows\System32\drivers\tdx.sys - ok
20:56:20.0121 0536 [ DB9D6C6B2CD95A9CA414D045B627422E ] C:\Windows\System32\drivers\afd.sys
20:56:20.0121 0536 C:\Windows\System32\drivers\afd.sys - ok
20:56:20.0136 0536 [ 9162B273A44AB9DCE5B44362731D062A ] C:\Windows\System32\drivers\netbt.sys
20:56:20.0136 0536 C:\Windows\System32\drivers\netbt.sys - ok
20:56:20.0136 0536 [ EE992183BD8EAEFD9973F352E587A299 ] C:\Windows\System32\drivers\pacer.sys
20:56:20.0136 0536 C:\Windows\System32\drivers\pacer.sys - ok
20:56:20.0136 0536 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
20:56:20.0136 0536 C:\Windows\System32\drivers\wfplwf.sys - ok
20:56:20.0136 0536 [ 6BCC1D7D2FD2453957C5479A32364E52 ] C:\Windows\System32\drivers\ws2ifsl.sys
20:56:20.0136 0536 C:\Windows\System32\drivers\ws2ifsl.sys - ok
20:56:20.0152 0536 [ 8ACDA395841538CE9713A67FE8B2A3EB ] C:\Windows\System32\drivers\vpcnfltr.sys
20:56:20.0152 0536 C:\Windows\System32\drivers\vpcnfltr.sys - ok
20:56:20.0152 0536 [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
20:56:20.0152 0536 C:\Windows\System32\drivers\vwififlt.sys - ok
20:56:20.0152 0536 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
20:56:20.0152 0536 C:\Windows\System32\drivers\netbios.sys - ok
20:56:20.0152 0536 [ 510D250A08C09850F5C78CA2011B3B62 ] C:\Windows\System32\drivers\vpcvmm.sys
20:56:20.0152 0536 C:\Windows\System32\drivers\vpcvmm.sys - ok
20:56:20.0168 0536 [ 47CA49400643EFFD3F1C9A27E1D69324 ] C:\Windows\System32\drivers\wanarp.sys
20:56:20.0168 0536 C:\Windows\System32\drivers\wanarp.sys - ok
20:56:20.0168 0536 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys
20:56:20.0168 0536 C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys - ok
20:56:20.0168 0536 [ C448651339196C0E869A355171875522 ] C:\Windows\System32\drivers\termdd.sys
20:56:20.0168 0536 C:\Windows\System32\drivers\termdd.sys - ok
20:56:20.0168 0536 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] C:\Windows\System32\drivers\SYMEVENT64x86.SYS
20:56:20.0168 0536 C:\Windows\System32\drivers\SYMEVENT64x86.SYS - ok
20:56:20.0183 0536 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys
20:56:20.0183 0536 C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys - ok
20:56:20.0183 0536 [ C513E8A5E7978DA49077F5484344EE1B ] C:\Windows\System32\drivers\NISx64\1207020.003\srtspx64.sys
20:56:20.0183 0536 C:\Windows\System32\drivers\NISx64\1207020.003\srtspx64.sys - ok
20:56:20.0183 0536 [ 3BAC8142102C15D59A87757C1D41DCE5 ] C:\Windows\System32\drivers\rdbss.sys
20:56:20.0183 0536 C:\Windows\System32\drivers\rdbss.sys - ok
20:56:20.0183 0536 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
20:56:20.0183 0536 C:\Windows\System32\drivers\mssmbios.sys - ok
20:56:20.0199 0536 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
20:56:20.0199 0536 C:\Windows\System32\drivers\nsiproxy.sys - ok
20:56:20.0199 0536 [ 0B97F1A640AD3D159A7B5D2164C42E50 ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111109.030\IDSviA64.sys
20:56:20.0199 0536 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111109.030\IDSviA64.sys - ok
20:56:20.0199 0536 [ 5CCF1BE80930AEB1CDEBF561666325E8 ] C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:56:20.0199 0536 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys - ok
20:56:20.0214 0536 [ 7A898E4A744621711BE7E7B796C69876 ] C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:56:20.0214 0536 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys - ok
20:56:20.0214 0536 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
20:56:20.0214 0536 C:\Windows\System32\drivers\blbdrive.sys - ok
20:56:20.0214 0536 [ 4A6173C2279B498CD8F57CAE504564CB ] C:\Windows\System32\drivers\csc.sys
20:56:20.0214 0536 C:\Windows\System32\drivers\csc.sys - ok
20:56:20.0214 0536 [ 9C253CE7311CA60FC11C774692A13208 ] C:\Windows\System32\drivers\dfsc.sys
20:56:20.0214 0536 C:\Windows\System32\drivers\dfsc.sys - ok
20:56:20.0230 0536 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
20:56:20.0230 0536 C:\Windows\System32\drivers\discache.sys - ok
20:56:20.0230 0536 [ CD0ECB395666FC9AE23D7381E9E3370D ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111027.001\BHDrvx64.sys
20:56:20.0230 0536 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111027.001\BHDrvx64.sys - ok
20:56:20.0230 0536 [ ADA036632C664CAA754079041CF1F8C1 ] C:\Windows\System32\drivers\intelppm.sys
20:56:20.0230 0536 C:\Windows\System32\drivers\intelppm.sys - ok
20:56:20.0230 0536 [ 3836171A2CDF3AF8EF10856DB9835A70 ] C:\Windows\System32\drivers\tunnel.sys
20:56:20.0230 0536 C:\Windows\System32\drivers\tunnel.sys - ok
20:56:20.0246 0536 [ 68DB778AC4FD7896CE2F153353BA15C8 ] C:\Windows\System32\ntdll.dll
20:56:20.0246 0536 C:\Windows\System32\ntdll.dll - ok
20:56:20.0246 0536 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
20:56:20.0246 0536 C:\Windows\System32\smss.exe - ok
20:56:20.0246 0536 [ 3AE12EC776AB9830462E8197FB5C88CF ] C:\Windows\System32\autochk.exe
20:56:20.0246 0536 C:\Windows\System32\autochk.exe - ok
20:56:20.0246 0536 [ 0089B53F1BEFD34B7D8CA4AB021335FA ] C:\Windows\System32\drivers\igdkmd64.sys
20:56:20.0246 0536 C:\Windows\System32\drivers\igdkmd64.sys - ok
20:56:20.0261 0536 [ 46156D3D372B502CD8C063C8E2B1CDC2 ] C:\Windows\System32\drivers\dxgkrnl.sys
20:56:20.0261 0536 C:\Windows\System32\drivers\dxgkrnl.sys - ok
20:56:20.0261 0536 [ 02C14C4D56071B9AC6C7D76F8D91C725 ] C:\Windows\System32\drivers\dxgmms1.sys
20:56:20.0261 0536 C:\Windows\System32\drivers\dxgmms1.sys - ok
20:56:20.0261 0536 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] C:\Windows\System32\drivers\HECIx64.sys
20:56:20.0261 0536 C:\Windows\System32\drivers\HECIx64.sys - ok
20:56:20.0261 0536 [ CBA29A6104A5092B93BEFFDFD87AB2B9 ] C:\Windows\System32\drivers\usbport.sys
20:56:20.0261 0536 C:\Windows\System32\drivers\usbport.sys - ok
20:56:20.0277 0536 [ 0A49913402747A0B67DE940FB42CBDBB ] C:\Windows\System32\drivers\hdaudbus.sys
20:56:20.0277 0536 C:\Windows\System32\drivers\hdaudbus.sys - ok
20:56:20.0277 0536 [ B0C3023507CD1C2EB63249FC952504AE ] C:\Windows\System32\drivers\jmcr.sys
20:56:20.0277 0536 C:\Windows\System32\drivers\jmcr.sys - ok
20:56:20.0277 0536 [ AD3A6838A059D65FB55D2F61CF0A6C1F ] C:\Windows\System32\drivers\scsiport.sys
20:56:20.0277 0536 C:\Windows\System32\drivers\scsiport.sys - ok
20:56:20.0277 0536 [ 1686804D5B9EF75E4AB806F447DF590D ] C:\Windows\System32\drivers\usbehci.sys
20:56:20.0277 0536 C:\Windows\System32\drivers\usbehci.sys - ok
20:56:20.0292 0536 [ C98A57379FC6E043D95FF7C3DFC2D2B7 ] C:\Windows\System32\drivers\athrx.sys
20:56:20.0292 0536 C:\Windows\System32\drivers\athrx.sys - ok
20:56:20.0292 0536 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys
20:56:20.0292 0536 C:\Windows\System32\drivers\vwifibus.sys - ok
20:56:20.0292 0536 [ B98EE5D4535A685634B90F7E04DE0DF7 ] C:\Windows\System32\drivers\HpqKbFiltr.sys
20:56:20.0292 0536 C:\Windows\System32\drivers\HpqKbFiltr.sys - ok
20:56:20.0308 0536 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] C:\Windows\System32\drivers\i8042prt.sys
20:56:20.0308 0536 C:\Windows\System32\drivers\i8042prt.sys - ok
20:56:20.0308 0536 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
20:56:20.0308 0536 C:\Windows\System32\drivers\kbdclass.sys - ok
20:56:20.0308 0536 [ 2777226EE8BF50B059D7A7C90177E99C ] C:\Windows\System32\drivers\Rt64win7.sys
20:56:20.0308 0536 C:\Windows\System32\drivers\Rt64win7.sys - ok
20:56:20.0308 0536 [ 85B49C293FAEA418E5E3B72CD9EA49E5 ] C:\Windows\System32\drivers\usbd.sys
20:56:20.0308 0536 C:\Windows\System32\drivers\usbd.sys - ok
20:56:20.0324 0536 [ 48A191AE1F810F3F76F04187BA6B0F14 ] C:\Windows\System32\drivers\SynTP.sys
20:56:20.0324 0536 C:\Windows\System32\drivers\SynTP.sys - ok
20:56:20.0324 0536 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
20:56:20.0324 0536 C:\Windows\System32\drivers\mouclass.sys - ok
20:56:20.0324 0536 [ A3D3A95303269011060BBCFB97CA1DD5 ] C:\Windows\System32\drivers\Accelerometer.sys
20:56:20.0324 0536 C:\Windows\System32\drivers\Accelerometer.sys - ok
20:56:20.0324 0536 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] C:\Windows\SysWOW64\drivers\afc.sys
20:56:20.0324 0536 C:\Windows\SysWOW64\drivers\afc.sys - ok
20:56:20.0339 0536 [ 0840155D0BDDF1190F84A663C284BD33 ] C:\Windows\System32\drivers\CmBatt.sys
20:56:20.0339 0536 C:\Windows\System32\drivers\CmBatt.sys - ok
20:56:20.0339 0536 [ F26B3A86F6FA87CA360B879581AB4123 ] C:\Windows\System32\drivers\CompositeBus.sys
20:56:20.0339 0536 C:\Windows\System32\drivers\CompositeBus.sys - ok
20:56:20.0339 0536 [ F6FF8944478594D0E414D3F048F0D778 ] C:\Windows\System32\drivers\wmiacpi.sys
20:56:20.0339 0536 C:\Windows\System32\drivers\wmiacpi.sys - ok
20:56:20.0339 0536 [ 357635F16D28558C50870F4EF8AA4712 ] C:\Windows\System32\drivers\ArcSoftVCapture.sys
20:56:20.0339 0536 C:\Windows\System32\drivers\ArcSoftVCapture.sys - ok
20:56:20.0339 0536 [ 5C7AF4A20F5BF67042B2E613D123D111 ] C:\Windows\System32\drivers\ks.sys
20:56:20.0339 0536 C:\Windows\System32\drivers\ks.sys - ok
20:56:20.0355 0536 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
20:56:20.0355 0536 C:\Windows\System32\drivers\ksthunk.sys - ok
20:56:20.0355 0536 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
20:56:20.0355 0536 C:\Windows\System32\drivers\agilevpn.sys - ok
20:56:20.0355 0536 [ E1B1255D3A4B3367FE4E9C71E62E3B5A ] C:\Windows\System32\gdi32.dll
20:56:20.0355 0536 C:\Windows\System32\gdi32.dll - ok
20:56:20.0355 0536 [ AC8F79017C5C1FB316930EDEAD0AF517 ] C:\Windows\System32\ole32.dll
20:56:20.0355 0536 C:\Windows\System32\ole32.dll - ok
20:56:20.0370 0536 [ 5121DB613E10A46A3C5085B479026AA7 ] C:\Windows\System32\wininet.dll
20:56:20.0370 0536 C:\Windows\System32\wininet.dll - ok
20:56:20.0370 0536 [ 7083F463788CB34FCC42F565D56F89E8 ] C:\Windows\System32\ws2_32.dll
20:56:20.0370 0536 C:\Windows\System32\ws2_32.dll - ok
20:56:20.0370 0536 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
20:56:20.0370 0536 C:\Windows\System32\msctf.dll - ok
20:56:20.0370 0536 [ F94B8644F3AFE040EC6E1B6FBC9EFAA9 ] C:\Windows\System32\comdlg32.dll
20:56:20.0370 0536 C:\Windows\System32\comdlg32.dll - ok
20:56:20.0370 0536 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
20:56:20.0370 0536 C:\Windows\System32\imm32.dll - ok
20:56:20.0386 0536 [ 2A46451EE42BCD2C842D8AA4923FAC16 ] C:\Windows\System32\oleaut32.dll
20:56:20.0386 0536 C:\Windows\System32\oleaut32.dll - ok
20:56:20.0386 0536 [ 1DDCACAB8DA5399E5521051923016B18 ] C:\Windows\System32\kernel32.dll
20:56:20.0386 0536 C:\Windows\System32\kernel32.dll - ok
20:56:20.0386 0536 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
20:56:20.0386 0536 C:\Windows\System32\psapi.dll - ok
20:56:20.0386 0536 [ A0F52880DDD164F968BE903C1FECD27E ] C:\Windows\System32\iertutil.dll
20:56:20.0386 0536 C:\Windows\System32\iertutil.dll - ok
20:56:20.0402 0536 [ 48C903068B6BDAB5EF650B9CBEE85295 ] C:\Windows\System32\rpcrt4.dll
20:56:20.0402 0536 C:\Windows\System32\rpcrt4.dll - ok
20:56:20.0402 0536 [ 48CC125A6AB6C72A13E3D3E9C39AD9D9 ] C:\Windows\System32\shell32.dll
20:56:20.0402 0536 C:\Windows\System32\shell32.dll - ok
20:56:20.0402 0536 [ 579F6AFC6A6561951FA2202EFC3FE485 ] C:\Windows\System32\msvcrt.dll
20:56:20.0402 0536 C:\Windows\System32\msvcrt.dll - ok
20:56:20.0402 0536 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
20:56:20.0402 0536 C:\Windows\System32\clbcatq.dll - ok
20:56:20.0402 0536 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
20:56:20.0402 0536 C:\Windows\System32\difxapi.dll - ok
20:56:20.0417 0536 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
20:56:20.0417 0536 C:\Windows\System32\lpk.dll - ok
20:56:20.0417 0536 [ 1DBA462CF92D890D8F8E6472E7E8B4B4 ] C:\Windows\System32\urlmon.dll
20:56:20.0417 0536 C:\Windows\System32\urlmon.dll - ok
20:56:20.0417 0536 [ E5CBF5F8623BBD1DB7B8148A66F6EBA4 ] C:\Windows\System32\Wldap32.dll
20:56:20.0417 0536 C:\Windows\System32\Wldap32.dll - ok
20:56:20.0417 0536 [ 15A54626213EBF003F7D4C9D8380A656 ] C:\Windows\System32\imagehlp.dll
20:56:20.0417 0536 C:\Windows\System32\imagehlp.dll - ok
20:56:20.0417 0536 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
20:56:20.0417 0536 C:\Windows\System32\sechost.dll - ok
20:56:20.0433 0536 [ DC1A1EF50CD61E15632BC6B57AD3C8B6 ] C:\Windows\System32\usp10.dll
20:56:20.0433 0536 C:\Windows\System32\usp10.dll - ok
20:56:20.0433 0536 [ 15BDC173EB5FA4F92B67D9FFB269A6EA ] C:\Windows\System32\shlwapi.dll
20:56:20.0433 0536 C:\Windows\System32\shlwapi.dll - ok
20:56:20.0433 0536 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
20:56:20.0433 0536 C:\Windows\System32\advapi32.dll - ok
20:56:20.0433 0536 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
20:56:20.0433 0536 C:\Windows\System32\normaliz.dll - ok
20:56:20.0448 0536 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
20:56:20.0448 0536 C:\Windows\System32\nsi.dll - ok
20:56:20.0448 0536 [ 72D7B3EA16946E8F0CF7458150031CC6 ] C:\Windows\System32\user32.dll
20:56:20.0448 0536 C:\Windows\System32\user32.dll - ok
20:56:20.0448 0536 [ 6A4EA4C29FBF78112AE20013FB71E9C1 ] C:\Windows\System32\setupapi.dll
20:56:20.0448 0536 C:\Windows\System32\setupapi.dll - ok
20:56:20.0448 0536 [ BC052EFAD10ACA1AD69545B629F50D99 ] C:\Windows\System32\comctl32.dll
20:56:20.0448 0536 C:\Windows\System32\comctl32.dll - ok
20:56:20.0448 0536 [ 987508ED06FC097E754A91BA8A8AAD0E ] C:\Windows\System32\wintrust.dll
20:56:20.0448 0536 C:\Windows\System32\wintrust.dll - ok
20:56:20.0464 0536 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
20:56:20.0464 0536 C:\Windows\System32\devobj.dll - ok
20:56:20.0464 0536 [ BEF628534A47580F5BBF16719CE8DD95 ] C:\Windows\System32\KernelBase.dll
20:56:20.0464 0536 C:\Windows\System32\KernelBase.dll - ok
20:56:20.0464 0536 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
20:56:20.0464 0536 C:\Windows\System32\drivers\ndistapi.sys - ok
20:56:20.0464 0536 [ 87A6E852A22991580D6D39ADC4790463 ] C:\Windows\System32\drivers\rasl2tp.sys
20:56:20.0464 0536 C:\Windows\System32\drivers\rasl2tp.sys - ok
20:56:20.0464 0536 [ D05E03C1B2824236531F5E37334B6A8A ] C:\Windows\System32\cfgmgr32.dll
20:56:20.0464 0536 C:\Windows\System32\cfgmgr32.dll - ok
20:56:20.0480 0536 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] C:\Windows\System32\drivers\ndiswan.sys
20:56:20.0480 0536 C:\Windows\System32\drivers\ndiswan.sys - ok
20:56:20.0480 0536 [ D256EB74BF77026FC9A3D7193861C7AD ] C:\Windows\System32\crypt32.dll
20:56:20.0480 0536 C:\Windows\System32\crypt32.dll - ok
20:56:20.0480 0536 [ 98FB7DD3B28A92E3C0E5B4BD9D63EF01 ] C:\Windows\System32\msasn1.dll
20:56:20.0480 0536 C:\Windows\System32\msasn1.dll - ok
20:56:20.0480 0536 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
20:56:20.0480 0536 C:\Windows\System32\drivers\raspppoe.sys - ok
20:56:20.0480 0536 [ 27CC19E81BA5E3403C48302127BDA717 ] C:\Windows\System32\drivers\raspptp.sys
20:56:20.0480 0536 C:\Windows\System32\drivers\raspptp.sys - ok
20:56:20.0495 0536 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
20:56:20.0495 0536 C:\Windows\System32\drivers\rassstp.sys - ok
20:56:20.0495 0536 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] C:\Windows\System32\drivers\rdpbus.sys
20:56:20.0495 0536 C:\Windows\System32\drivers\rdpbus.sys - ok
20:56:20.0495 0536 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
20:56:20.0495 0536 C:\Windows\System32\drivers\swenum.sys - ok
20:56:20.0495 0536 [ A83A91D07D1FE6BBE7A9DB46CA00434B ] C:\Windows\System32\drivers\btath_bus.sys
20:56:20.0495 0536 C:\Windows\System32\drivers\btath_bus.sys - ok
20:56:20.0511 0536 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] C:\Windows\System32\drivers\umbus.sys
20:56:20.0511 0536 C:\Windows\System32\drivers\umbus.sys - ok
20:56:20.0511 0536 [ 8F0D9D2EA6CFED2730B5BAFB9B5B11C2 ] C:\Windows\System32\drivers\usbrpm.sys
20:56:20.0511 0536 C:\Windows\System32\drivers\usbrpm.sys - ok
20:56:20.0511 0536 [ 31924E31BC315773E6D149B157DB46D5 ] C:\Windows\System32\drivers\vpcusb.sys
20:56:20.0511 0536 C:\Windows\System32\drivers\vpcusb.sys - ok
20:56:20.0511 0536 [ ABD9B4A7E2D0AE51A3B8DF1AF3152D61 ] C:\Windows\System32\drivers\vpchbus.sys
20:56:20.0511 0536 C:\Windows\System32\drivers\vpchbus.sys - ok
20:56:20.0511 0536 [ 0ECDDD7F97E35BC8986C7EC7DB48D8E4 ] C:\Windows\System32\drivers\usbhub.sys
20:56:20.0511 0536 C:\Windows\System32\drivers\usbhub.sys - ok
20:56:20.0526 0536 [ 659B74FB74B86228D6338D643CD3E3CF ] C:\Windows\System32\drivers\ndproxy.sys
20:56:20.0526 0536 C:\Windows\System32\drivers\ndproxy.sys - ok
20:56:20.0526 0536 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
20:56:20.0526 0536 C:\Windows\SysWOW64\normaliz.dll - ok
20:56:20.0526 0536 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
20:56:20.0526 0536 C:\Windows\System32\drivers\drmk.sys - ok
20:56:20.0526 0536 [ AE594CC17C33AC146739494615E14851 ] C:\Windows\System32\drivers\IntcDAud.sys
20:56:20.0526 0536 C:\Windows\System32\drivers\IntcDAud.sys - ok
20:56:20.0526 0536 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
20:56:20.0526 0536 C:\Windows\System32\drivers\portcls.sys - ok
20:56:20.0542 0536 [ 8C490A03D0E44165D8BB48CEA4787F47 ] C:\Windows\System32\drivers\stwrt64.sys
20:56:20.0542 0536 C:\Windows\System32\drivers\stwrt64.sys - ok
20:56:20.0542 0536 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
20:56:20.0542 0536 C:\Windows\System32\drivers\dxapi.sys - ok
20:56:20.0542 0536 [ F8410E860A7250CC7E645C6CA4A4D9E6 ] C:\Windows\System32\win32k.sys
20:56:20.0542 0536 C:\Windows\System32\win32k.sys - ok
20:56:20.0542 0536 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
20:56:20.0542 0536 C:\Windows\System32\basesrv.dll - ok
20:56:20.0558 0536 [ E730EADB8F176DB06A378435BEB2E823 ] C:\Windows\System32\csrsrv.dll
20:56:20.0558 0536 C:\Windows\System32\csrsrv.dll - ok
20:56:20.0558 0536 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
20:56:20.0558 0536 C:\Windows\System32\csrss.exe - ok
20:56:20.0558 0536 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\System32\winsrv.dll
20:56:20.0558 0536 C:\Windows\System32\winsrv.dll - ok
20:56:20.0558 0536 [ 4D52C872018AF7E18D078978DCC3F6F2 ] C:\Windows\System32\drivers\winusb.sys
20:56:20.0558 0536 C:\Windows\System32\drivers\winusb.sys - ok
20:56:20.0558 0536 [ 8517ADD80777FED001AFF7E9996F3D87 ] C:\Windows\System32\drivers\usbccgp.sys
20:56:20.0558 0536 C:\Windows\System32\drivers\usbccgp.sys - ok
20:56:20.0573 0536 [ 001CC10FA5E71AE1119115E126C8750D ] C:\Windows\System32\drivers\stream.sys
20:56:20.0573 0536 C:\Windows\System32\drivers\stream.sys - ok
20:56:20.0573 0536 [ DC3458CE25D50152CEA22DC8230E5AAD ] C:\Windows\System32\drivers\SPUVCBv_x64.sys
20:56:20.0573 0536 C:\Windows\System32\drivers\SPUVCBv_x64.sys - ok
20:56:20.0573 0536 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
20:56:20.0573 0536 C:\Windows\System32\drivers\monitor.sys - ok
20:56:20.0573 0536 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
20:56:20.0573 0536 C:\Windows\System32\sxssrv.dll - ok
20:56:20.0573 0536 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
20:56:20.0573 0536 C:\Windows\System32\tsddd.dll - ok
20:56:20.0589 0536 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
20:56:20.0589 0536 C:\Windows\System32\wininit.exe - ok
20:56:20.0589 0536 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
20:56:20.0589 0536 C:\Windows\System32\profapi.dll - ok
20:56:20.0589 0536 [ B9520EB96D7153D5D784657D924D6BB9 ] C:\Windows\System32\cdd.dll
20:56:20.0589 0536 C:\Windows\System32\cdd.dll - ok
20:56:20.0589 0536 [ B9A047D231D32FDF5AF2F281E4326A9D ] C:\Windows\System32\KBDUS.DLL
20:56:20.0589 0536 C:\Windows\System32\KBDUS.DLL - ok
20:56:20.0589 0536 [ F4389DA7DBDA2E7D292D360CF8E400C7 ] C:\Windows\System32\RpcRtRemote.dll
20:56:20.0589 0536 C:\Windows\System32\RpcRtRemote.dll - ok
20:56:20.0604 0536 [ 456C92A9D8DB51B9938A6234BBC65FC9 ] C:\Windows\System32\sxs.dll
20:56:20.0604 0536 C:\Windows\System32\sxs.dll - ok
20:56:20.0604 0536 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
20:56:20.0604 0536 C:\Windows\System32\WlS0WndH.dll - ok
20:56:20.0604 0536 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
20:56:20.0604 0536 C:\Windows\System32\cryptbase.dll - ok
20:56:20.0604 0536 [ 01A465AC251BCCF6037DF2EF28AA4292 ] C:\Windows\System32\apphelp.dll
20:56:20.0604 0536 C:\Windows\System32\apphelp.dll - ok
20:56:20.0604 0536 [ DA3E2A6FA9660CC75B471530CE88453A ] C:\Windows\System32\winlogon.exe
20:56:20.0604 0536 C:\Windows\System32\winlogon.exe - ok
20:56:20.0620 0536 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
20:56:20.0620 0536 C:\Windows\System32\services.exe - ok
20:56:20.0620 0536 [ 156F6159457D0AA7E59B62681B56EB90 ] C:\Windows\System32\lsass.exe
20:56:20.0620 0536 C:\Windows\System32\lsass.exe - ok
20:56:20.0620 0536 [ 04FCA22B77A2E37332CC8226187AF87B ] C:\Windows\System32\lsm.exe
20:56:20.0620 0536 C:\Windows\System32\lsm.exe - ok
20:56:20.0620 0536 [ 1F582C6C84D5243692F9C3E04D0A663F ] C:\Windows\System32\sspicli.dll
20:56:20.0620 0536 C:\Windows\System32\sspicli.dll - ok
20:56:20.0636 0536 [ 68EA2513CA68AD8F741FF4F5B8D8590C ] C:\Windows\System32\sspisrv.dll
20:56:20.0636 0536 C:\Windows\System32\sspisrv.dll - ok
20:56:20.0636 0536 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
20:56:20.0636 0536 C:\Windows\System32\sysntfy.dll - ok
20:56:20.0636 0536 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
20:56:20.0636 0536 C:\Windows\System32\wmsgapi.dll - ok
20:56:20.0636 0536 [ BFA69408620587AFDEC2E8C12CA60492 ] C:\Windows\System32\lsasrv.dll
20:56:20.0636 0536 C:\Windows\System32\lsasrv.dll - ok
20:56:20.0636 0536 [ B160ADAEFC76031D92C4FBAC0918B033 ] C:\Windows\System32\samsrv.dll
20:56:20.0636 0536 C:\Windows\System32\samsrv.dll - ok
20:56:20.0651 0536 [ 941AF3C8B0DE1B359BE22DD3288A8C8E ] C:\Windows\System32\scesrv.dll
20:56:20.0651 0536 C:\Windows\System32\scesrv.dll - ok
20:56:20.0651 0536 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
20:56:20.0651 0536 C:\Windows\System32\scext.dll - ok
20:56:20.0651 0536 [ 74A0871810BF0F2AA3EB6681E9BECDD3 ] C:\Windows\System32\secur32.dll
20:56:20.0651 0536 C:\Windows\System32\secur32.dll - ok
20:56:20.0651 0536 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
20:56:20.0651 0536 C:\Windows\System32\cryptdll.dll - ok
20:56:20.0651 0536 [ D23371AB9607651937C7641A38CD52BC ] C:\Windows\System32\srvcli.dll
20:56:20.0651 0536 C:\Windows\System32\srvcli.dll - ok
20:56:20.0667 0536 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
20:56:20.0667 0536 C:\Windows\System32\wevtapi.dll - ok
20:56:20.0667 0536 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
20:56:20.0667 0536 C:\Windows\System32\authz.dll - ok
20:56:20.0667 0536 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
20:56:20.0667 0536 C:\Windows\System32\cngaudit.dll - ok
20:56:20.0667 0536 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
20:56:20.0667 0536 C:\Windows\System32\bcrypt.dll - ok
20:56:20.0667 0536 [ E08926B4E52F92FF8852BECC0E2F358A ] C:\Windows\System32\ncrypt.dll
20:56:20.0667 0536 C:\Windows\System32\ncrypt.dll - ok
20:56:20.0682 0536 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
20:56:20.0682 0536 C:\Windows\System32\msprivs.dll - ok
20:56:20.0682 0536 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
20:56:20.0682 0536 C:\Windows\System32\negoexts.dll - ok
20:56:20.0682 0536 [ B561B451320B0B40908A8BFD81705262 ] C:\Windows\System32\netjoin.dll
20:56:20.0682 0536 C:\Windows\System32\netjoin.dll - ok
20:56:20.0682 0536 [ B238D2F325AEB0219C0F709A48E46B80 ] C:\Windows\System32\atmfd.dll
20:56:20.0682 0536 C:\Windows\System32\atmfd.dll - ok
20:56:20.0698 0536 [ 00B40A10E3DB79E4D3E127B9C2233A6B ] C:\Windows\System32\kerberos.dll
20:56:20.0698 0536 C:\Windows\System32\kerberos.dll - ok
20:56:20.0698 0536 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
20:56:20.0698 0536 C:\Windows\System32\cryptsp.dll - ok
20:56:20.0698 0536 [ FC76FE3C1E1FDB761244D4F74EF560FD ] C:\Windows\System32\mswsock.dll
20:56:20.0698 0536 C:\Windows\System32\mswsock.dll - ok
20:56:20.0698 0536 [ FA4DB05923DDDEDE3196ABD09AE0F1E9 ] C:\Windows\System32\msv1_0.dll
20:56:20.0698 0536 C:\Windows\System32\msv1_0.dll - ok
20:56:20.0698 0536 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
20:56:20.0698 0536 C:\Windows\System32\wship6.dll - ok
20:56:20.0714 0536 [ 956D030D375F207B22FB111E06EF9C35 ] C:\Windows\System32\netlogon.dll
20:56:20.0714 0536 C:\Windows\System32\netlogon.dll - ok
20:56:20.0714 0536 [ E247E7DEB20C0CF0801A8AC39E9CE1DF ] C:\Windows\System32\dnsapi.dll
20:56:20.0714 0536 C:\Windows\System32\dnsapi.dll - ok
20:56:20.0714 0536 [ 8CE22E63F08613036DF8C7B00FBDF36B ] C:\Windows\System32\logoncli.dll
20:56:20.0714 0536 C:\Windows\System32\logoncli.dll - ok
20:56:20.0714 0536 [ 90B780886BD813882CB382FF3E90E092 ] C:\Windows\System32\schannel.dll
20:56:20.0714 0536 C:\Windows\System32\schannel.dll - ok
20:56:20.0714 0536 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
20:56:20.0714 0536 C:\Windows\System32\wdigest.dll - ok
20:56:20.0729 0536 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
20:56:20.0729 0536 C:\Windows\System32\rsaenh.dll - ok
20:56:20.0729 0536 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
20:56:20.0729 0536 C:\Windows\System32\pku2u.dll - ok
20:56:20.0729 0536 [ 0DEFD5FBF801DD8F83BC0ED09861A8EC ] C:\Windows\System32\TSpkg.dll
20:56:20.0729 0536 C:\Windows\System32\TSpkg.dll - ok
20:56:20.0729 0536 [ 55C892560C1B42BC57FB61AEFCED2F22 ] C:\Windows\System32\LIVESSP.DLL
20:56:20.0729 0536 C:\Windows\System32\LIVESSP.DLL - ok
20:56:20.0729 0536 [ DA090E97E57DCB48888015B5D3C749CD ] C:\Windows\System32\bcryptprimitives.dll
20:56:20.0729 0536 C:\Windows\System32\bcryptprimitives.dll - ok
20:56:20.0745 0536 [ 9301B8810B2DA4EB6AD55DB75FC1E339 ] C:\Windows\System32\credssp.dll
20:56:20.0745 0536 C:\Windows\System32\credssp.dll - ok
20:56:20.0745 0536 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
20:56:20.0745 0536 C:\Windows\System32\efslsaext.dll - ok
20:56:20.0745 0536 [ 98E3C7502E9468F7523DD879A48EBC0C ] C:\Windows\System32\DPPassFilter.dll
20:56:20.0745 0536 C:\Windows\System32\DPPassFilter.dll - ok
20:56:20.0745 0536 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
20:56:20.0745 0536 C:\Windows\System32\ubpm.dll - ok
20:56:20.0745 0536 [ 7D7EFE33003AFFCDF93AFF76196C4F22 ] C:\Windows\System32\DPFPApi.dll
20:56:20.0745 0536 C:\Windows\System32\DPFPApi.dll - ok
20:56:20.0760 0536 [ 3C27B50BC43D5FED43081A784DD17190 ] C:\Windows\System32\netapi32.dll
20:56:20.0760 0536 C:\Windows\System32\netapi32.dll - ok
20:56:20.0760 0536 [ 4C8C2F987FC397DCE98874D6C9C0736A ] C:\Windows\System32\netutils.dll
20:56:20.0760 0536 C:\Windows\System32\netutils.dll - ok
20:56:20.0760 0536 [ A87205FE194B239D8D96E4972B779CC1 ] C:\Windows\System32\samcli.dll
20:56:20.0760 0536 C:\Windows\System32\samcli.dll - ok
20:56:20.0760 0536 [ 0776CF79590BDEF0A2728B0B9A813B96 ] C:\Windows\System32\userenv.dll
20:56:20.0760 0536 C:\Windows\System32\userenv.dll - ok
20:56:20.0760 0536 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
20:56:20.0776 0536 C:\Windows\System32\version.dll - ok
20:56:20.0776 0536 [ D8C88512BA9544AE1CC2034F50ECFA12 ] C:\Windows\System32\winsta.dll
20:56:20.0776 0536 C:\Windows\System32\winsta.dll - ok
20:56:20.0776 0536 [ B33CBD1A8C2A33121321D0FEBD7DD870 ] C:\Windows\System32\wkscli.dll
20:56:20.0776 0536 C:\Windows\System32\wkscli.dll - ok
20:56:20.0776 0536 [ 398712DDDAEFB85EDF61DF6A07B65C79 ] C:\Windows\System32\scecli.dll
20:56:20.0776 0536 C:\Windows\System32\scecli.dll - ok
20:56:20.0776 0536 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
20:56:20.0776 0536 C:\Windows\System32\svchost.exe - ok
20:56:20.0792 0536 [ 98B1721B8718164293B9701B98C52D77 ] C:\Windows\System32\umpnpmgr.dll
20:56:20.0792 0536 C:\Windows\System32\umpnpmgr.dll - ok
20:56:20.0792 0536 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
20:56:20.0792 0536 C:\Windows\System32\devrtl.dll - ok
20:56:20.0792 0536 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
20:56:20.0792 0536 C:\Windows\System32\gpapi.dll - ok
20:56:20.0792 0536 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
20:56:20.0792 0536 C:\Windows\System32\SPInf.dll - ok
20:56:20.0792 0536 [ 6C2384E20F6EC6B9833AF80BAB607813 ] C:\Windows\System32\umpo.dll
20:56:20.0792 0536 C:\Windows\System32\umpo.dll - ok
20:56:20.0807 0536 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
20:56:20.0807 0536 C:\Windows\System32\pcwum.dll - ok
20:56:20.0807 0536 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
20:56:20.0807 0536 C:\Windows\System32\powrprof.dll - ok
20:56:20.0807 0536 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
20:56:20.0807 0536 C:\Windows\System32\drivers\luafv.sys - ok
20:56:20.0807 0536 [ 7CADC74271DD6461C452C271B30BD378 ] C:\Windows\System32\drivers\WUDFPf.sys
20:56:20.0807 0536 C:\Windows\System32\drivers\WUDFPf.sys - ok
20:56:20.0807 0536 [ 98FAB0413C7365C9069994D7CE47F3EC ] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
20:56:20.0807 0536 C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe - ok
20:56:20.0823 0536 [ DB6DD54A93522CA3572D04B56C5DB890 ] C:\Windows\SysWOW64\ntdll.dll
20:56:20.0823 0536 C:\Windows\SysWOW64\ntdll.dll - ok
20:56:20.0823 0536 [ F90C76ED345B71CF5FBDFDEED6E7F3D6 ] C:\Windows\System32\wow64.dll
20:56:20.0823 0536 C:\Windows\System32\wow64.dll - ok
20:56:20.0823 0536 [ E9C7E340941DF96680F1AEC14DF476A0 ] C:\Windows\System32\wow64win.dll
20:56:20.0823 0536 C:\Windows\System32\wow64win.dll - ok
20:56:20.0823 0536 [ F8347C662D2E708323AA348DF8EDE676 ] C:\Windows\System32\wow64cpu.dll
20:56:20.0823 0536 C:\Windows\System32\wow64cpu.dll - ok
20:56:20.0823 0536 [ A6778FC49011313995A4D718F624CC74 ] C:\Windows\SysWOW64\kernel32.dll
20:56:20.0823 0536 C:\Windows\SysWOW64\kernel32.dll - ok
20:56:20.0838 0536 [ 0C65FA8214D6F8378D1D3BA1CA46AF0A ] C:\Windows\SysWOW64\advapi32.dll
20:56:20.0838 0536 C:\Windows\SysWOW64\advapi32.dll - ok
20:56:20.0838 0536 [ D1B5FE2E4EF4B8C6D5B5A9752271457E ] C:\Windows\SysWOW64\KernelBase.dll
20:56:20.0838 0536 C:\Windows\SysWOW64\KernelBase.dll - ok
20:56:20.0838 0536 [ F8A61B2E713309B4616D107919BDAB6E ] C:\Windows\SysWOW64\msvcrt.dll
20:56:20.0838 0536 C:\Windows\SysWOW64\msvcrt.dll - ok
20:56:20.0838 0536 [ 90385551B6B3793E949DF310A11D64E7 ] C:\Windows\SysWOW64\rpcrt4.dll
20:56:20.0838 0536 C:\Windows\SysWOW64\rpcrt4.dll - ok
20:56:20.0854 0536 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
20:56:20.0854 0536 C:\Windows\SysWOW64\sechost.dll - ok
20:56:20.0854 0536 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
20:56:20.0854 0536 C:\Windows\SysWOW64\cryptbase.dll - ok
20:56:20.0854 0536 [ 351F62085F1D007533B4BB159C9EFDE3 ] C:\Windows\SysWOW64\sspicli.dll
20:56:20.0854 0536 C:\Windows\SysWOW64\sspicli.dll - ok
20:56:20.0854 0536 [ E8B0FFC209E504CB7E79FC24E6C085F0 ] C:\Windows\SysWOW64\user32.dll
20:56:20.0854 0536 C:\Windows\SysWOW64\user32.dll - ok
20:56:20.0854 0536 [ FBE1E0B9EF53B5BB7C36763AA6A685CF ] C:\Windows\SysWOW64\gdi32.dll
20:56:20.0854 0536 C:\Windows\SysWOW64\gdi32.dll - ok
20:56:20.0870 0536 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
20:56:20.0870 0536 C:\Windows\SysWOW64\lpk.dll - ok
20:56:20.0870 0536 [ 10D9785FAE834598CE23191799C613A3 ] C:\Windows\SysWOW64\usp10.dll
20:56:20.0870 0536 C:\Windows\SysWOW64\usp10.dll - ok
20:56:20.0870 0536 [ 61E02CC3184B63FAFE0B83EAC8B3B8EF ] C:\Windows\SysWOW64\winspool.drv
20:56:20.0870 0536 C:\Windows\SysWOW64\winspool.drv - ok
20:56:20.0870 0536 [ 2CBC35E872BA9B46474890135B56DD66 ] C:\Windows\SysWOW64\shell32.dll
20:56:20.0870 0536 C:\Windows\SysWOW64\shell32.dll - ok
20:56:20.0870 0536 [ E2C2D8C982316C8ABF800C6CE3F28FAB ] C:\Windows\SysWOW64\ole32.dll
20:56:20.0870 0536 C:\Windows\SysWOW64\ole32.dll - ok
20:56:20.0885 0536 [ F037DB14CF6165C62F4A64D12A25B07C ] C:\Windows\SysWOW64\shlwapi.dll
20:56:20.0885 0536 C:\Windows\SysWOW64\shlwapi.dll - ok
20:56:20.0885 0536 [ 705C210EFC5564BE49EB026BD7AFF27A ] C:\Windows\SysWOW64\oleaut32.dll
20:56:20.0885 0536 C:\Windows\SysWOW64\oleaut32.dll - ok
20:56:20.0885 0536 [ 0DE3069D6E09BA262856EF31C941BEFE ] C:\Windows\SysWOW64\imm32.dll
20:56:20.0885 0536 C:\Windows\SysWOW64\imm32.dll - ok
20:56:20.0885 0536 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
20:56:20.0885 0536 C:\Windows\SysWOW64\msctf.dll - ok
20:56:20.0885 0536 [ DAAE8A9B8C0ACC7F858454132553C30D ] C:\Windows\SysWOW64\ws2_32.dll
20:56:20.0901 0536 C:\Windows\SysWOW64\ws2_32.dll - ok
20:56:20.0901 0536 [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\SysWOW64\atl.dll
20:56:20.0901 0536 C:\Windows\SysWOW64\atl.dll - ok
20:56:20.0901 0536 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
20:56:20.0901 0536 C:\Windows\SysWOW64\nsi.dll - ok
20:56:20.0901 0536 [ 7FA3A810F383588D46220967DE8B64FF ] C:\Windows\SysWOW64\wininet.dll
20:56:20.0901 0536 C:\Windows\SysWOW64\wininet.dll - ok
20:56:20.0901 0536 [ 780E80E5502015EDAEC91DC0A0C96A79 ] C:\Windows\SysWOW64\iertutil.dll
20:56:20.0901 0536 C:\Windows\SysWOW64\iertutil.dll - ok
20:56:20.0916 0536 [ 4266A3230981DD4434C55957F6DD497D ] C:\Windows\SysWOW64\urlmon.dll
20:56:20.0916 0536 C:\Windows\SysWOW64\urlmon.dll - ok
20:56:20.0916 0536 [ 26A634B2E0FD87F23541AD13A503CA72 ] C:\Windows\SysWOW64\winmm.dll
20:56:20.0916 0536 C:\Windows\SysWOW64\winmm.dll - ok
20:56:20.0916 0536 [ 7266972E86890E2B30C0C322E906B027 ] C:\Windows\System32\rpcss.dll
20:56:20.0916 0536 C:\Windows\System32\rpcss.dll - ok
20:56:20.0916 0536 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
20:56:20.0916 0536 C:\Windows\System32\RpcEpMap.dll - ok
20:56:20.0916 0536 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
20:56:20.0916 0536 C:\Windows\System32\wshqos.dll - ok
20:56:20.0932 0536 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
20:56:20.0932 0536 C:\Windows\System32\WSHTCPIP.DLL - ok
20:56:20.0932 0536 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
20:56:20.0932 0536 C:\Windows\System32\FirewallAPI.dll - ok
20:56:20.0932 0536 [ 93E6A39B1DB898F7C949FA5567E774CF ] C:\Windows\System32\LogonUI.exe
20:56:20.0932 0536 C:\Windows\System32\LogonUI.exe - ok
20:56:20.0932 0536 [ BCF0A980D21711E47D0803BDB0E99CAD ] C:\Windows\System32\authui.dll
20:56:20.0932 0536 C:\Windows\System32\authui.dll - ok
20:56:20.0948 0536 [ DBA90306A721FB922FDACED9E9728C28 ] C:\Windows\System32\cryptui.dll
20:56:20.0948 0536 C:\Windows\System32\cryptui.dll - ok
20:56:20.0948 0536 [ 99ABDA9C92EC76CBAF52F00239D909C9 ] C:\Windows\System32\wevtsvc.dll
20:56:20.0948 0536 C:\Windows\System32\wevtsvc.dll - ok
20:56:20.0948 0536 [ 113921FC4A80A3DDF646852998B836D0 ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll
20:56:20.0948 0536 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll - ok
20:56:20.0948 0536 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
20:56:20.0948 0536 C:\Windows\System32\netprofm.dll - ok
20:56:20.0948 0536 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
20:56:20.0948 0536 C:\Windows\System32\adtschema.dll - ok
20:56:20.0963 0536 [ 07721A77180EDD4D39CCB865BF63C7FD ] C:\Windows\System32\audiosrv.dll
20:56:20.0963 0536 C:\Windows\System32\audiosrv.dll - ok
20:56:20.0963 0536 [ B27EA141A7E748B607600A8551A44D5A ] C:\Windows\System32\propsys.dll
20:56:20.0963 0536 C:\Windows\System32\propsys.dll - ok
20:56:20.0963 0536 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
20:56:20.0963 0536 C:\Windows\System32\samlib.dll - ok
20:56:20.0963 0536 [ 84F8C8B9FB1F12532999D25F5DD7E77C ] C:\Windows\System32\shacct.dll
20:56:20.0963 0536 C:\Windows\System32\shacct.dll - ok
20:56:20.0963 0536 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
20:56:20.0963 0536 C:\Windows\System32\MMDevAPI.dll - ok
20:56:20.0979 0536 [ D343109DF7DAFEC3C75AC65446F5A1A9 ] C:\Program Files\IDT\WDM\stacsv64.exe
20:56:20.0979 0536 C:\Program Files\IDT\WDM\stacsv64.exe - ok
20:56:20.0979 0536 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
20:56:20.0979 0536 C:\Windows\System32\avrt.dll - ok
20:56:20.0979 0536 [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
20:56:20.0979 0536 C:\Windows\System32\mmcss.dll - ok
20:56:20.0979 0536 [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
20:56:20.0979 0536 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
20:56:20.0979 0536 [ F7866AF72ABBAF84B1FA5AA195378C59 ] C:\Windows\System32\drivers\fltMgr.sys
20:56:20.0979 0536 C:\Windows\System32\drivers\fltMgr.sys - ok
20:56:20.0994 0536 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
20:56:20.0994 0536 C:\Windows\System32\PSHED.DLL - ok
20:56:20.0994 0536 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
20:56:20.0994 0536 C:\Windows\System32\atl.dll - ok
20:56:20.0994 0536 [ 9110FFAD124283F37D38771BB60556AF ] C:\Windows\System32\dsound.dll
20:56:20.0994 0536 C:\Windows\System32\dsound.dll - ok
20:56:20.0994 0536 [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
20:56:20.0994 0536 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
20:56:21.0010 0536 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
20:56:21.0010 0536 C:\Windows\System32\uxtheme.dll - ok
20:56:21.0010 0536 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
20:56:21.0010 0536 C:\Windows\System32\winmm.dll - ok
20:56:21.0010 0536 [ DD0701DE0AAA010E6EBD0F53B672DCEE ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_2b47185a719d6182\GdiPlus.dll
20:56:21.0010 0536 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_2b47185a719d6182\GdiPlus.dll - ok
20:56:21.0010 0536 [ 9CCADC255FDC0B435BEE4B494BA48FB8 ] C:\Windows\System32\stapi64.dll
20:56:21.0010 0536 C:\Windows\System32\stapi64.dll - ok
20:56:21.0010 0536 [ D152EBC32A23069F8AA1D1F24B15E3F9 ] C:\Windows\System32\audiodg.exe
20:56:21.0010 0536 C:\Windows\System32\audiodg.exe - ok
20:56:21.0026 0536 [ 81D64E8D70E5FBF9F7ABF2D41154F54D ] C:\Windows\System32\AudioSes.dll
20:56:21.0026 0536 C:\Windows\System32\AudioSes.dll - ok
20:56:21.0026 0536 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
20:56:21.0026 0536 C:\Windows\System32\ntmarta.dll - ok
20:56:21.0026 0536 [ 873FBF927C06E5CEE04DEC617502F8FD ] C:\Windows\System32\cscsvc.dll
20:56:21.0026 0536 C:\Windows\System32\cscsvc.dll - ok
20:56:21.0026 0536 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
20:56:21.0026 0536 C:\Windows\System32\dui70.dll - ok
20:56:21.0041 0536 [ FE5AB4525BC2EC68B9119A6E5D40128B ] C:\Windows\System32\gpsvc.dll
20:56:21.0041 0536 C:\Windows\System32\gpsvc.dll - ok
20:56:21.0041 0536 [ F381975E1F4346DE875CB07339CE8D3A ] C:\Windows\System32\profsvc.dll
20:56:21.0041 0536 C:\Windows\System32\profsvc.dll - ok
20:56:21.0041 0536 [ 29910D50542B1AA0F162EF3339C61B6D ] C:\Windows\System32\PeerDist.dll
20:56:21.0041 0536 C:\Windows\System32\PeerDist.dll - ok
20:56:21.0041 0536 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
20:56:21.0041 0536 C:\Windows\System32\dsrole.dll - ok
20:56:21.0041 0536 [ 86E3822A34D454032D8E88C72AE8CF2D ] C:\Windows\System32\nlaapi.dll
20:56:21.0041 0536 C:\Windows\System32\nlaapi.dll - ok
20:56:21.0057 0536 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
20:56:21.0057 0536 C:\Windows\System32\slc.dll - ok
20:56:21.0057 0536 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
20:56:21.0057 0536 C:\Windows\System32\es.dll - ok
20:56:21.0057 0536 [ DC57BAF15064ECB79F6D2CCF352E1D88 ] C:\Windows\System32\taskschd.dll
20:56:21.0057 0536 C:\Windows\System32\taskschd.dll - ok
20:56:21.0057 0536 [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
20:56:21.0057 0536 C:\Windows\System32\themeservice.dll - ok
20:56:21.0072 0536 [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
20:56:21.0072 0536 C:\Windows\System32\comres.dll - ok
20:56:21.0072 0536 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
20:56:21.0072 0536 C:\Windows\System32\duser.dll - ok
20:56:21.0072 0536 [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
20:56:21.0072 0536 C:\Windows\System32\Sens.dll - ok
20:56:21.0072 0536 [ 30F9BACA07F8251D7DD1805A9E919CE0 ] C:\Windows\System32\wdmaud.drv
20:56:21.0072 0536 C:\Windows\System32\wdmaud.drv - ok
20:56:21.0088 0536 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
20:56:21.0088 0536 C:\Windows\System32\ksuser.dll - ok
20:56:21.0088 0536 [ F66A12ACF2B2DB8C73A2C180F562E3EC ] C:\Windows\System32\mstask.dll
20:56:21.0088 0536 C:\Windows\System32\mstask.dll - ok
20:56:21.0088 0536 [ B2E3D4BB3389817FB5E4CD9378BC8791 ] C:\Windows\System32\SndVolSSO.dll
20:56:21.0088 0536 C:\Windows\System32\SndVolSSO.dll - ok
20:56:21.0088 0536 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
20:56:21.0088 0536 C:\Windows\System32\hid.dll - ok
20:56:21.0088 0536 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
20:56:21.0088 0536 C:\Windows\System32\dwmapi.dll - ok
20:56:21.0104 0536 [ D6F630C1FD7F436316093AE500363B19 ] C:\Windows\System32\xmllite.dll
20:56:21.0104 0536 C:\Windows\System32\xmllite.dll - ok
20:56:21.0104 0536 [ 3A63CD2EAC2188CF2660A8E8DA701AB7 ] C:\Windows\System32\hpservice.exe
20:56:21.0104 0536 C:\Windows\System32\hpservice.exe - ok
20:56:21.0104 0536 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
20:56:21.0104 0536 C:\Windows\System32\wtsapi32.dll - ok
20:56:21.0104 0536 [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
20:56:21.0104 0536 C:\Windows\System32\midimap.dll - ok
20:56:21.0104 0536 [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
20:56:21.0104 0536 C:\Windows\System32\msacm32.dll - ok
20:56:21.0119 0536 [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
20:56:21.0119 0536 C:\Windows\System32\msacm32.drv - ok
20:56:21.0119 0536 [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
20:56:21.0119 0536 C:\Windows\System32\AudioEng.dll - ok
20:56:21.0119 0536 [ EA99F234843BBDDA1ABD2767111ADE25 ] C:\Windows\System32\WindowsCodecs.dll
20:56:21.0119 0536 C:\Windows\System32\WindowsCodecs.dll - ok
20:56:21.0119 0536 [ 0ABCA5A037A8B4D744991544B286D847 ] C:\Windows\System32\mfc42u.dll
20:56:21.0119 0536 C:\Windows\System32\mfc42u.dll - ok
20:56:21.0135 0536 [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
20:56:21.0135 0536 C:\Windows\System32\AUDIOKSE.dll - ok
20:56:21.0135 0536 [ 90852F14B4A628C1606FA2CC8AA8D9A4 ] C:\Windows\System32\stapo64.dll
20:56:21.0135 0536 C:\Windows\System32\stapo64.dll - ok
20:56:21.0135 0536 [ DFF4993094A11275601E7ADBF1D1BD25 ] C:\Windows\System32\odbc32.dll
20:56:21.0135 0536 C:\Windows\System32\odbc32.dll - ok
20:56:21.0135 0536 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
20:56:21.0135 0536 C:\Windows\System32\VaultCredProvider.dll - ok
20:56:21.0135 0536 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
20:56:21.0135 0536 C:\Windows\System32\winbrand.dll - ok
20:56:21.0150 0536 [ 0B4B848744E88FA6FE583B06A4EFEFC5 ] C:\Windows\System32\accelerometerdll.DLL
20:56:21.0150 0536 C:\Windows\System32\accelerometerdll.DLL - ok
20:56:21.0150 0536 [ 2A381A9740165D7A1405148B6DFB3E38 ] C:\Windows\System32\SmartcardCredentialProvider.dll
20:56:21.0150 0536 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
20:56:21.0150 0536 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
20:56:21.0150 0536 C:\Windows\System32\BioCredProv.dll - ok
20:56:21.0150 0536 [ 3E466073C3B1033FF92ADE9031E3D4A2 ] C:\Windows\System32\odbcint.dll
20:56:21.0150 0536 C:\Windows\System32\odbcint.dll - ok
20:56:21.0166 0536 [ EF90FD1AA4B9ED4B0372E4BCAC761126 ] C:\Windows\System32\AESTAR64.dll
20:56:21.0166 0536 C:\Windows\System32\AESTAR64.dll - ok
20:56:21.0166 0536 [ 3D9FC44CA93001B423F89876369F1348 ] C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo64.dll
20:56:21.0166 0536 C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo64.dll - ok
20:56:21.0166 0536 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
20:56:21.0166 0536 C:\Windows\System32\winbio.dll - ok
20:56:21.0166 0536 [ 97D38371502AA797DB14EB1FA5FCE4CD ] C:\Windows\System32\credui.dll
20:56:21.0166 0536 C:\Windows\System32\credui.dll - ok
20:56:21.0166 0536 [ B6F0676FC23D543452FE81D8B71D24E7 ] C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcshp64.dll
20:56:21.0166 0536 C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcshp64.dll - ok
20:56:21.0182 0536 [ F7BA79CEFBD9DF4AF781E00356FBF48E ] C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slh36064.dll
20:56:21.0182 0536 C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slh36064.dll - ok
20:56:21.0182 0536 [ 79E25E0628A2FF7A74356EAEF5011C26 ] C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sltshd64.dll
20:56:21.0182 0536 C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sltshd64.dll - ok
20:56:21.0182 0536 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
20:56:21.0182 0536 C:\Windows\System32\uxsms.dll - ok
20:56:21.0182 0536 [ 37B68E458C0BC255DF2FB7454D0798D3 ] C:\Windows\System32\WUDFPlatform.dll
20:56:21.0182 0536 C:\Windows\System32\WUDFPlatform.dll - ok
20:56:21.0182 0536 [ B551D6637AA0E132C18AC6E504F7B79B ] C:\Windows\System32\WUDFSvc.dll
20:56:21.0182 0536 C:\Windows\System32\WUDFSvc.dll - ok
20:56:21.0197 0536 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
20:56:21.0197 0536 C:\Windows\System32\certCredProvider.dll - ok
20:56:21.0197 0536 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
20:56:21.0197 0536 C:\Windows\System32\vaultcli.dll - ok
20:56:21.0197 0536 [ 0AD1CFB05AE55ADEF7D05B91017ED6D1 ] C:\Windows\System32\vcsFPService.exe
20:56:21.0197 0536 C:\Windows\System32\vcsFPService.exe - ok
20:56:21.0197 0536 [ 7097425051CE67B450EBF2B1390AE492 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
20:56:21.0197 0536 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL - ok
20:56:21.0213 0536 [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
20:56:21.0213 0536 C:\Windows\System32\rasplap.dll - ok
20:56:21.0213 0536 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
20:56:21.0213 0536 C:\Windows\System32\rasapi32.dll - ok
20:56:21.0213 0536 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
20:56:21.0213 0536 C:\Windows\System32\rasman.dll - ok
20:56:21.0213 0536 [ F5A61F0A0030C80DF319B0C14A4C8885 ] C:\Windows\System32\rtutils.dll
20:56:21.0213 0536 C:\Windows\System32\rtutils.dll - ok
20:56:21.0213 0536 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
20:56:21.0213 0536 C:\Windows\System32\UXInit.dll - ok
20:56:21.0228 0536 [ EC6BA7C92FA5B2AA4AFDF4DF22AEDAB7 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll
20:56:21.0228 0536 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll - ok
20:56:21.0228 0536 [ E36112A8A6C7F840169A7E92C12F4203 ] C:\Windows\System32\wsock32.dll
20:56:21.0228 0536 C:\Windows\System32\wsock32.dll - ok
20:56:21.0228 0536 [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
20:56:21.0228 0536 C:\Windows\System32\drivers\lltdio.sys - ok
20:56:21.0228 0536 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
20:56:21.0228 0536 C:\Windows\System32\drivers\nwifi.sys - ok
20:56:21.0228 0536 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
20:56:21.0228 0536 C:\Windows\System32\imageres.dll - ok
20:56:21.0244 0536 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] C:\Windows\System32\drivers\ndisuio.sys
20:56:21.0244 0536 C:\Windows\System32\drivers\ndisuio.sys - ok
20:56:21.0244 0536 [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
20:56:21.0244 0536 C:\Windows\System32\drivers\rspndr.sys - ok
20:56:21.0244 0536 [ 57FE2CFC2F25C200499D5D934EA24EB5 ] C:\Windows\System32\IPHLPAPI.DLL
20:56:21.0244 0536 C:\Windows\System32\IPHLPAPI.DLL - ok
20:56:21.0244 0536 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
20:56:21.0244 0536 C:\Windows\System32\lmhsvc.dll - ok
20:56:21.0244 0536 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
20:56:21.0244 0536 C:\Windows\System32\nsisvc.dll - ok
20:56:21.0260 0536 [ CE3B9562D997F69B330D181A8875960F ] C:\Windows\System32\dhcpcore.dll
20:56:21.0260 0536 C:\Windows\System32\dhcpcore.dll - ok
20:56:21.0260 0536 [ FD5BA198F7190DFE9BE1947EB8710396 ] C:\Windows\System32\nrpsrv.dll
20:56:21.0260 0536 C:\Windows\System32\nrpsrv.dll - ok
20:56:21.0260 0536 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
20:56:21.0260 0536 C:\Windows\System32\winnsi.dll - ok
20:56:21.0260 0536 [ 85CF424C74A1D5EC33533E1DBFF9920A ] C:\Windows\System32\dnsrslvr.dll
20:56:21.0260 0536 C:\Windows\System32\dnsrslvr.dll - ok
20:56:21.0260 0536 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
20:56:21.0260 0536 C:\Windows\System32\eapsvc.dll - ok
20:56:21.0275 0536 [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
20:56:21.0275 0536 C:\Windows\System32\keyiso.dll - ok
20:56:21.0275 0536 [ 71C7B65B6557B75B99907E76956AE4B8 ] C:\Windows\System32\dhcpcore6.dll
20:56:21.0275 0536 C:\Windows\System32\dhcpcore6.dll - ok
20:56:21.0275 0536 [ 982F5395AD181179320083A4FA7E7CA8 ] C:\Windows\System32\eapphost.dll
20:56:21.0275 0536 C:\Windows\System32\eapphost.dll - ok
20:56:21.0275 0536 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
20:56:21.0275 0536 C:\Windows\System32\FWPUCLNT.DLL - ok
20:56:21.0291 0536 [ 2017BFE87CAB3D7EF632CFD2AA08D3F0 ] C:\Windows\System32\umb.dll
20:56:21.0291 0536 C:\Windows\System32\umb.dll - ok
20:56:21.0291 0536 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
20:56:21.0291 0536 C:\Windows\System32\wlansvc.dll - ok
20:56:21.0291 0536 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
20:56:21.0291 0536 C:\Windows\System32\dnsext.dll - ok
20:56:21.0291 0536 [ 48A31B7CF046702059A86836DC21D786 ] C:\Windows\System32\wlanmsm.dll
20:56:21.0291 0536 C:\Windows\System32\wlanmsm.dll - ok
20:56:21.0291 0536 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
20:56:21.0291 0536 C:\Windows\System32\dhcpcsvc.dll - ok
20:56:21.0306 0536 [ 4CBCC37856EA2039C27A2FB661DDA0E5 ] C:\Windows\System32\dhcpcsvc6.dll
20:56:21.0306 0536 C:\Windows\System32\dhcpcsvc6.dll - ok
20:56:21.0306 0536 [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
20:56:21.0306 0536 C:\Windows\System32\wlansec.dll - ok
20:56:21.0306 0536 [ D2B0D1C2BE5ECA80387F7CB8626DCAFE ] C:\Windows\System32\onex.dll
20:56:21.0306 0536 C:\Windows\System32\onex.dll - ok
20:56:21.0306 0536 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
20:56:21.0306 0536 C:\Windows\System32\eappcfg.dll - ok
20:56:21.0306 0536 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
20:56:21.0306 0536 C:\Windows\System32\eappprxy.dll - ok
20:56:21.0322 0536 [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
20:56:21.0322 0536 C:\Windows\System32\l2gpstore.dll - ok
20:56:21.0322 0536 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
20:56:21.0322 0536 C:\Windows\System32\wlanutil.dll - ok
20:56:21.0322 0536 [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
20:56:21.0322 0536 C:\Windows\System32\wlgpclnt.dll - ok
20:56:21.0322 0536 [ 22E7431E7DAE8463AF94A79A054276E5 ] C:\Windows\System32\WinSCard.dll
20:56:21.0322 0536 C:\Windows\System32\WinSCard.dll - ok
20:56:21.0322 0536 [ 72D3D64526765C34DBFC7D895B4FBDF6 ] C:\Windows\System32\msxml6.dll
20:56:21.0322 0536 C:\Windows\System32\msxml6.dll - ok
20:56:21.0338 0536 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] C:\Windows\System32\shsvcs.dll
20:56:21.0338 0536 C:\Windows\System32\shsvcs.dll - ok
20:56:21.0338 0536 [ 624D0F5FF99428BB90A5B8A4123E918E ] C:\Windows\System32\schedsvc.dll
20:56:21.0338 0536 C:\Windows\System32\schedsvc.dll - ok
20:56:21.0338 0536 [ 43FAB56AE5F639AD59D7209693F4C4C2 ] C:\Windows\System32\wlanext.exe
20:56:21.0338 0536 C:\Windows\System32\wlanext.exe - ok
20:56:21.0338 0536 [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
20:56:21.0338 0536 C:\Windows\System32\ktmw32.dll - ok
20:56:21.0338 0536 [ A19ACD209BC143F8A9CFBCEFA3C564F5 ] C:\Windows\System32\conhost.exe
20:56:21.0338 0536 C:\Windows\System32\conhost.exe - ok
20:56:21.0353 0536 [ 1B38A0F123FCF1546FACEAF1EFAFAA00 ] C:\Windows\System32\fveapi.dll
20:56:21.0353 0536 C:\Windows\System32\fveapi.dll - ok
20:56:21.0353 0536 [ C31F2F80D79E91E48C8FB7E992AED887 ] C:\Windows\System32\athihvs.dll
20:56:21.0353 0536 C:\Windows\System32\athihvs.dll - ok
20:56:21.0353 0536 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
20:56:21.0353 0536 C:\Windows\System32\fvecerts.dll - ok
20:56:21.0353 0536 [ 1B547066D0A6CD40EB3BAAC6A9C7E7A9 ] C:\Windows\System32\taskcomp.dll
20:56:21.0353 0536 C:\Windows\System32\taskcomp.dll - ok
20:56:21.0369 0536 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
20:56:21.0369 0536 C:\Windows\System32\tbs.dll - ok
20:56:21.0369 0536 [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
20:56:21.0369 0536 C:\Windows\System32\wlanapi.dll - ok
20:56:21.0369 0536 [ 8F6D9A20F1FB06F0602A7D5A82840DBF ] C:\Windows\System32\netcfgx.dll
20:56:21.0369 0536 C:\Windows\System32\netcfgx.dll - ok
20:56:21.0369 0536 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] C:\Windows\System32\drivers\http.sys
20:56:21.0369 0536 C:\Windows\System32\drivers\http.sys - ok
20:56:21.0369 0536 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] C:\Windows\System32\spoolsv.exe
20:56:21.0369 0536 C:\Windows\System32\spoolsv.exe - ok
20:56:21.0384 0536 [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
20:56:21.0384 0536 C:\Windows\System32\wiarpc.dll - ok
20:56:21.0384 0536 [ 0B9134A45E88DCF0657382F277242F62 ] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
20:56:21.0384 0536 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe - ok
20:56:21.0384 0536 [ 6E8901DEBBD377BEE3B36E692E0E43C5 ] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPPTUtils.dll
20:56:21.0384 0536 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPPTUtils.dll - ok
20:56:21.0384 0536 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
20:56:21.0384 0536 C:\Windows\System32\ntdsapi.dll - ok
20:56:21.0384 0536 [ 9EB4D7E74920BEA2F9E5F897E7ED8191 ] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPOtpMgr.dll
20:56:21.0384 0536 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPOtpMgr.dll - ok
20:56:21.0400 0536 [ 1808D4A2CEC5337BA7469F6772B3021A ] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPRecTok.dll
20:56:21.0400 0536 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPRecTok.dll - ok
20:56:21.0400 0536 [ 664FA9983459F38B6789EBA0694E65FB ] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAthTok.dll
20:56:21.0400 0536 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAthTok.dll - ok
20:56:21.0400 0536 [ C281648DE6E05E1897B8508E3A418C5C ] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAuthEn.dll
20:56:21.0400 0536 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAuthEn.dll - ok
20:56:21.0400 0536 [ 14D36C1C2CF35EEFEC7541E17D09DC87 ] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCOper2.dll
20:56:21.0400 0536 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCOper2.dll - ok
20:56:21.0416 0536 [ E39298482D093651BC407785D45157FF ] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCrStor.dll
20:56:21.0416 0536 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCrStor.dll - ok
20:56:21.0416 0536 [ A58E887E75C331A40BB60A651B59D9F9 ] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPDB.dll
20:56:21.0416 0536 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPDB.dll - ok
20:56:21.0416 0536 [ 63D0DD78CC94C045B33FE997193D1C70 ] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPDomAcv.dll
20:56:21.0416 0536 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPDomAcv.dll - ok
20:56:21.0416 0536 [ 5B596ABA5A0C562CCFC1A511538FBA7B ] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPDomSyn.dll
20:56:21.0416 0536 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPDomSyn.dll - ok
20:56:21.0431 0536 [ 79B60F22CB14ABEFE399EC1DF1F92157 ] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPILPro.dll
20:56:21.0431 0536 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPILPro.dll - ok
20:56:21.0431 0536 [ 2312D905FC6C2113525617353369166A ] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPMux.dll
20:56:21.0431 0536 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPMux.dll - ok
20:56:21.0431 0536 [ D4BE068252F10FD893E6A0991D099655 ] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPPasswordAuthProvider.dll
20:56:21.0431 0536 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPPasswordAuthProvider.dll - ok
20:56:21.0431 0536 [ A740605DB7DBEE59E4CDB2D062F604FD ] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpSvInfo2.dll
20:56:21.0431 0536 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpSvInfo2.dll - ok
20:56:21.0447 0536 [ 22A04AC1B56D2FE4AA17CF7D43B0AE86 ] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPWgCl.dll
20:56:21.0447 0536 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPWgCl.dll - ok
20:56:21.0447 0536 [ 089EE6063A4FCFC1A04DA6842B13D7FE ] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPDeviceValidity301.dll
20:56:21.0447 0536 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPDeviceValidity301.dll - ok
20:56:21.0447 0536 [ 23846B908A4DE580583B8954FD3B1C60 ] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAppSyn.dll
20:56:21.0447 0536 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAppSyn.dll - ok
20:56:21.0447 0536 [ 95D70543E6E26A3151C25F7806DE8112 ] C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
20:56:21.0447 0536 C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll - ok
20:56:21.0462 0536 [ FD44E475FE43A46BC5699C8508297494 ] C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
20:56:21.0462 0536 C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll - ok
20:56:21.0462 0536 [ F05A5CF74BB52EDC4636243A58300F5D ] C:\Windows\System32\DPClback.dll
20:56:21.0462 0536 C:\Windows\System32\DPClback.dll - ok
20:56:21.0462 0536 [ 2A2640E9DE4D0AF2562DC9CBA0AD7E87 ] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPDevice2.dll
20:56:21.0462 0536 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPDevice2.dll - ok
20:56:21.0462 0536 [ 03D5DFC34081146754D001AB84914B91 ] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPDeviceValidityVcs.dll
20:56:21.0462 0536 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPDeviceValidityVcs.dll - ok
20:56:21.0462 0536 [ 968E978C4ACEA97C71142234D11CFD8F ] C:\Windows\System32\DPLic.dll
20:56:21.0462 0536 C:\Windows\System32\DPLic.dll - ok
20:56:21.0478 0536 [ F679260F7A17497D4AA014B8393EC9E1 ] C:\Program Files (x86)\Intel\Services\IPT\otpIha64.dll
20:56:21.0478 0536 C:\Program Files (x86)\Intel\Services\IPT\otpIha64.dll - ok
20:56:21.0478 0536 [ A709BDB7E7515112B6591EB6EEA48177 ] C:\Program Files\Symantec\VIP Access SDK\VIPOTPProv64.dll
20:56:21.0478 0536 C:\Program Files\Symantec\VIP Access SDK\VIPOTPProv64.dll - ok
20:56:21.0478 0536 [ 5FF7D057E48DA861BDBB47D314B6DA7D ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_08e1a05ba83fe554\msvcr90.dll
20:56:21.0478 0536 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_08e1a05ba83fe554\msvcr90.dll - ok
20:56:21.0478 0536 [ 0BF0C2A72F2CB0BA4382C392D3E331AF ] C:\Windows\System32\winhttp.dll
20:56:21.0478 0536 C:\Windows\System32\winhttp.dll - ok
20:56:21.0494 0536 [ 2196CDBFA4B99BEEDAE300FA21DFE718 ] C:\Windows\System32\webio.dll
20:56:21.0494 0536 C:\Windows\System32\webio.dll - ok
20:56:21.0494 0536 [ B95F748C4F100DD0F6E8115CC0968670 ] C:\Windows\winsxs\amd64_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8a1dd9552ed7f8d8\ATL80.dll
20:56:21.0494 0536 C:\Windows\winsxs\amd64_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8a1dd9552ed7f8d8\ATL80.dll - ok
20:56:21.0494 0536 [ 4D7FF3DD6D6557463D598FBBF264EE39 ] C:\Windows\System32\KEYLIB64.dll
20:56:21.0494 0536 C:\Windows\System32\KEYLIB64.dll - ok
20:56:21.0494 0536 [ C4520B75B35F9CA5CEBB5F8FE3E9C059 ] C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTLsaFltr64.dll
20:56:21.0494 0536 C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTLsaFltr64.dll - ok
20:56:21.0494 0536 [ EE62B97A1DD9B4585F4762E548B4CDBD ] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPSKeyTok.dll
20:56:21.0494 0536 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPSKeyTok.dll - ok
20:56:21.0509 0536 [ 5A492D5EE13F1A2896EFE6790528C7F6 ] C:\Program Files\Hewlett-Packard\Face Recognition for HP ProtectTools\BSWPTToken.dll
20:56:21.0509 0536 C:\Program Files\Hewlett-Packard\Face Recognition for HP ProtectTools\BSWPTToken.dll - ok
20:56:21.0509 0536 [ 00BDF16483DA15057A6CB13061821C9D ] C:\Windows\System32\SUPSDK.dll
20:56:21.0509 0536 C:\Windows\System32\SUPSDK.dll - ok
20:56:21.0509 0536 [ D569489D66A5EB5982E12D149F12F4F5 ] C:\Windows\System32\CgtFace_Dll.dll
20:56:21.0509 0536 C:\Windows\System32\CgtFace_Dll.dll - ok
20:56:21.0509 0536 [ B3B396551F902F18C2FD48445F83EDE6 ] C:\Windows\System32\iconv.dll
20:56:21.0509 0536 C:\Windows\System32\iconv.dll - ok
20:56:21.0509 0536 [ 4E49CEDBC1F794450E1A72C3C84FB2DB ] C:\Windows\System32\intl.dll
20:56:21.0509 0536 C:\Windows\System32\intl.dll - ok
20:56:21.0525 0536 [ FDADEFC187B07309E41BD7D76073E99A ] C:\Windows\System32\CoBluetoothSDK.dll
20:56:21.0525 0536 C:\Windows\System32\CoBluetoothSDK.dll - ok
20:56:21.0525 0536 [ 27BCAB5F583C96BA0EE3CE3ECE527C71 ] C:\Windows\System32\CoBluetoothProvider.dll
20:56:21.0525 0536 C:\Windows\System32\CoBluetoothProvider.dll - ok
20:56:21.0525 0536 [ B1FDCFFF7609E121C10751A669AB1611 ] C:\Windows\winsxs\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8448b2bd328df189\mfc80u.dll
20:56:21.0525 0536 C:\Windows\winsxs\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8448b2bd328df189\mfc80u.dll - ok
20:56:21.0525 0536 [ A8704A10FFDE468F4AB18EBF82A9A86F ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcp80.dll
20:56:21.0525 0536 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcp80.dll - ok
20:56:21.0540 0536 [ C47196CE43AC60658DB906FF7736CC4C ] C:\Windows\System32\OEMComponentProvider.dll
20:56:21.0540 0536 C:\Windows\System32\OEMComponentProvider.dll - ok
20:56:21.0540 0536 [ 57279A23F33EEC680C80620935AA8838 ] C:\Windows\System32\xerces-c_3_0.dll
20:56:21.0540 0536 C:\Windows\System32\xerces-c_3_0.dll - ok
20:56:21.0540 0536 [ D2173E4EF025DA800827FFBA70636D06 ] C:\Windows\System32\libeay32.dll
20:56:21.0540 0536 C:\Windows\System32\libeay32.dll - ok
20:56:21.0540 0536 [ B93EFDC03AF11FF74ED7870E0F02FB38 ] C:\Windows\System32\BSWSDK.dll
20:56:21.0540 0536 C:\Windows\System32\BSWSDK.dll - ok
20:56:21.0540 0536 [ A4D64E62171CFE864410DB201400558C ] C:\Windows\System32\BSWAuthImp.dll
20:56:21.0540 0536 C:\Windows\System32\BSWAuthImp.dll - ok
20:56:21.0556 0536 [ 011F0B067E47612F57C4ECE377D9C9DF ] C:\Windows\System32\activeds.dll
20:56:21.0556 0536 C:\Windows\System32\activeds.dll - ok
20:56:21.0556 0536 [ 05F620B4B2E7DEB9409C0C6A4FEDD2A4 ] C:\Windows\System32\adsldpc.dll
20:56:21.0556 0536 C:\Windows\System32\adsldpc.dll - ok
20:56:21.0556 0536 [ 9D008FE31D33851134E469862D1FB7F7 ] C:\Windows\System32\BSWComm.dll
20:56:21.0556 0536 C:\Windows\System32\BSWComm.dll - ok
20:56:21.0556 0536 [ D222579C912E5871100838F5A4FCCA77 ] C:\Windows\System32\RpcNs4.dll
20:56:21.0556 0536 C:\Windows\System32\RpcNs4.dll - ok
20:56:21.0572 0536 [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
20:56:21.0572 0536 C:\Windows\System32\snmpapi.dll - ok
20:56:21.0572 0536 [ 442235AC4F20B195F932990CAE47408E ] C:\Windows\winsxs\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_bc20f59b0bdd1acd\mfc80ENU.dll
20:56:21.0572 0536 C:\Windows\winsxs\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_bc20f59b0bdd1acd\mfc80ENU.dll - ok
20:56:21.0572 0536 [ 345DF0BBE6E39CF90C8F1556C5F857E9 ] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPSCTok.dll
20:56:21.0572 0536 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPSCTok.dll - ok
20:56:21.0572 0536 [ A35DA84261BC0C129C268A356F7B4CC7 ] C:\Windows\System32\dpHMatch.dll
20:56:21.0572 0536 C:\Windows\System32\dpHMatch.dll - ok
20:56:21.0587 0536 [ D0FCAE6AFF89C442C1F99B77A835472C ] C:\Windows\System32\vcsAPIShared.dll
20:56:21.0587 0536 C:\Windows\System32\vcsAPIShared.dll - ok
20:56:21.0587 0536 [ 4992C609A6315671463E30F6512BC022 ] C:\Windows\System32\BFE.DLL
20:56:21.0587 0536 C:\Windows\System32\BFE.DLL - ok
20:56:21.0587 0536 [ 19D20159708E152267E53B66677A4995 ] C:\Windows\System32\drivers\bowser.sys
20:56:21.0587 0536 C:\Windows\System32\drivers\bowser.sys - ok
20:56:21.0587 0536 [ 5D0F03EEF3205F66ECFBE72A7CBBAD1F ] C:\Windows\System32\winusb.dll
20:56:21.0587 0536 C:\Windows\System32\winusb.dll - ok
20:56:21.0603 0536 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
20:56:21.0603 0536 C:\Windows\System32\drivers\mpsdrv.sys - ok
20:56:21.0603 0536 [ AECAB449567D1846DAD63ECE49E893E3 ] C:\Windows\System32\MPSSVC.dll
20:56:21.0603 0536 C:\Windows\System32\MPSSVC.dll - ok
20:56:21.0603 0536 [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
20:56:21.0603 0536 C:\Windows\System32\wfapigp.dll - ok
20:56:21.0603 0536 [ 961036B3C6282C646B9ADBC8BB32C983 ] C:\Windows\System32\mscms.dll
20:56:21.0603 0536 C:\Windows\System32\mscms.dll - ok
20:56:21.0603 0536 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
20:56:21.0603 0536 C:\Windows\System32\pcasvc.dll - ok
20:56:21.0618 0536 [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
20:56:21.0618 0536 C:\Windows\System32\snmptrap.exe - ok
20:56:21.0618 0536 [ 282435E3042C9A12B509881F067F78C3 ] C:\Windows\System32\vpc.exe
20:56:21.0618 0536 C:\Windows\System32\vpc.exe - ok
20:56:21.0618 0536 [ 7C00C608FE4C8EDE9E30940837B9AC8B ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
20:56:21.0618 0536 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll - ok
20:56:21.0618 0536 [ 91A8E32B00BF7899EDAB6783287DDDA6 ] C:\Windows\System32\PeerDistSh.dll
20:56:21.0618 0536 C:\Windows\System32\PeerDistSh.dll - ok
20:56:21.0634 0536 [ 040D62A9D8AD28922632137ACDD984F2 ] C:\Windows\System32\drivers\mrxsmb.sys
20:56:21.0634 0536 C:\Windows\System32\drivers\mrxsmb.sys - ok
20:56:21.0634 0536 [ F0067552F8F9B33D7C59403AB808A3CB ] C:\Windows\System32\drivers\mrxsmb10.sys
20:56:21.0634 0536 C:\Windows\System32\drivers\mrxsmb10.sys - ok
20:56:21.0634 0536 [ 3C142D31DE9F2F193218A53FE2632051 ] C:\Windows\System32\drivers\mrxsmb20.sys
20:56:21.0634 0536 C:\Windows\System32\drivers\mrxsmb20.sys - ok
20:56:21.0634 0536 [ 06A7422224D9865A5613710A089987DF ] C:\Windows\System32\provsvc.dll
20:56:21.0634 0536 C:\Windows\System32\provsvc.dll - ok
20:56:21.0634 0536 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] C:\Windows\System32\wkssvc.dll
20:56:21.0650 0536 C:\Windows\System32\wkssvc.dll - ok
20:56:21.0650 0536 [ A6FB9DB8F1A86861D955FD6975977AE0 ] C:\Program Files\IDT\WDM\AESTSr64.exe
20:56:21.0650 0536 C:\Program Files\IDT\WDM\AESTSr64.exe - ok
20:56:21.0650 0536 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
20:56:21.0650 0536 C:\Windows\System32\sstpsvc.dll - ok
20:56:21.0650 0536 [ 4C4A576818EA028257C624AE36FF7A03 ] C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
20:56:21.0650 0536 C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe - ok
20:56:21.0650 0536 [ 41323AB614A2B66AD77B1121D24AC895 ] C:\Windows\SysWOW64\setupapi.dll
20:56:21.0650 0536 C:\Windows\SysWOW64\setupapi.dll - ok
20:56:21.0665 0536 [ E702ED19C332C1F12C1403D100E2F4F3 ] C:\Windows\SysWOW64\cfgmgr32.dll
20:56:21.0665 0536 C:\Windows\SysWOW64\cfgmgr32.dll - ok
20:56:21.0665 0536 [ 6C9C05D5344B9AB80E9180FC859BC45A ] C:\Windows\SysWOW64\devobj.dll
20:56:21.0665 0536 C:\Windows\SysWOW64\devobj.dll - ok
20:56:21.0665 0536 [ 2D15C41214F518FC3C72A4C01C30882F ] C:\Windows\SysWOW64\bthprops.cpl
20:56:21.0665 0536 C:\Windows\SysWOW64\bthprops.cpl - ok
20:56:21.0665 0536 [ B010CF886420EE29C2C276646721D255 ] C:\Windows\SysWOW64\wlanapi.dll
20:56:21.0665 0536 C:\Windows\SysWOW64\wlanapi.dll - ok
20:56:21.0665 0536 [ 1D6A771D1D702AE07919DB52C889A249 ] C:\Windows\SysWOW64\wlanutil.dll
20:56:21.0665 0536 C:\Windows\SysWOW64\wlanutil.dll - ok
20:56:21.0681 0536 [ 686B224B4987C22B153FBB545FEE9657 ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfc80u.dll
20:56:21.0681 0536 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfc80u.dll - ok
20:56:21.0681 0536 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
20:56:21.0681 0536 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
20:56:21.0681 0536 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
20:56:21.0681 0536 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
20:56:21.0681 0536 [ 4B8DD8541C0E26602005DD0137333615 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
20:56:21.0681 0536 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll - ok
20:56:21.0696 0536 [ D8584C7FB9A1BA8480F9000C1CA1B415 ] C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80ENU.dll
20:56:21.0696 0536 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80ENU.dll - ok
20:56:21.0696 0536 [ 684B36CA4067DA7000CF95771A3CF0E7 ] C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
20:56:21.0696 0536 C:\Program Files (x86)\Bluetooth Suite\AdminService.exe - ok
20:56:21.0696 0536 [ 7DA089C75B1E92032D0CBE4ADE7C32BC ] C:\Windows\SysWOW64\crypt32.dll
20:56:21.0696 0536 C:\Windows\SysWOW64\crypt32.dll - ok
20:56:21.0696 0536 [ 334A663962618F7A136FA1F80F773C5F ] C:\Windows\SysWOW64\wintrust.dll
20:56:21.0696 0536 C:\Windows\SysWOW64\wintrust.dll - ok
20:56:21.0712 0536 [ 92AAF75C3EB344A098DC026BC9DDF42A ] C:\Windows\System32\bthprops.cpl
20:56:21.0712 0536 C:\Windows\System32\bthprops.cpl - ok
20:56:21.0712 0536 [ 4C04900AA8C323F5D4C316A89E976849 ] C:\Windows\SysWOW64\msasn1.dll
20:56:21.0712 0536 C:\Windows\SysWOW64\msasn1.dll - ok
20:56:21.0712 0536 [ BAF19B633933A9FB4883D27D66C39E9A ] C:\Windows\System32\cryptsvc.dll
20:56:21.0712 0536 C:\Windows\System32\cryptsvc.dll - ok
20:56:21.0712 0536 [ 4FAC55936209B4F3EB78532181C9ED5E ] C:\Windows\System32\cryptnet.dll
20:56:21.0712 0536 C:\Windows\System32\cryptnet.dll - ok
20:56:21.0712 0536 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] C:\Windows\System32\dps.dll
20:56:21.0712 0536 C:\Windows\System32\dps.dll - ok
20:56:21.0728 0536 [ A261AD1FDC6D6A658A82B81AF81B215F ] C:\Windows\System32\vssapi.dll
20:56:21.0728 0536 C:\Windows\System32\vssapi.dll - ok
20:56:21.0728 0536 [ 802496CB59A30349F9A6DD22D6947644 ] C:\Windows\System32\FDResPub.dll
20:56:21.0728 0536 C:\Windows\System32\FDResPub.dll - ok
20:56:21.0728 0536 [ 05FE4A30177E858B51F5E1E970FE9925 ] C:\Windows\System32\WSDApi.dll
20:56:21.0728 0536 C:\Windows\System32\WSDApi.dll - ok
20:56:21.0728 0536 [ A9FC4D7EA174BBF5A675B299FFAD80A2 ] C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
20:56:21.0728 0536 C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe - ok
20:56:21.0728 0536 [ A3EA403D2B74C5F71B7E8B3DAE92DE1E ] C:\Windows\System32\webservices.dll
20:56:21.0728 0536 C:\Windows\System32\webservices.dll - ok
20:56:21.0743 0536 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
20:56:21.0743 0536 C:\Windows\System32\vsstrace.dll - ok
20:56:21.0743 0536 [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
20:56:21.0743 0536 C:\Windows\System32\fundisc.dll - ok
20:56:21.0743 0536 [ 423069307FB726E51E2A66F1C3F738FE ] C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90u.dll
20:56:21.0743 0536 C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90u.dll - ok
20:56:21.0743 0536 [ 93F0FFD46BA1EE3AEECD07678DD8E510 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll
20:56:21.0743 0536 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll - ok
20:56:21.0759 0536 [ D3EAD1CF16BA729A7F7C9A5D94AA7C05 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll
20:56:21.0759 0536 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll - ok
20:56:21.0759 0536 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
20:56:21.0759 0536 C:\Windows\SysWOW64\msimg32.dll - ok
20:56:21.0759 0536 [ 4509387963DF66A6401752A0C631F6E8 ] C:\Windows\System32\httpapi.dll
20:56:21.0759 0536 C:\Windows\System32\httpapi.dll - ok
20:56:21.0759 0536 [ 105319E3D66D6E1BAD22AADEC1E9E0DA ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcp90.dll
20:56:21.0759 0536 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcp90.dll - ok
20:56:21.0774 0536 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
20:56:21.0774 0536 C:\Windows\SysWOW64\dwmapi.dll - ok
20:56:21.0774 0536 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
20:56:21.0774 0536 C:\Windows\SysWOW64\uxtheme.dll - ok
20:56:21.0774 0536 [ 2A632A95433E9719F37AE06BA00543AC ] C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90ENU.DLL
20:56:21.0774 0536 C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90ENU.DLL - ok
20:56:21.0774 0536 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
20:56:21.0774 0536 C:\Windows\SysWOW64\profapi.dll - ok
20:56:21.0774 0536 [ 1F5F027B5D857A2F489B1616B96942C2 ] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPPTEventLog.dll
20:56:21.0774 0536 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPPTEventLog.dll - ok
20:56:21.0790 0536 [ B7382BEC806B7B00FC84B3E2061FF48E ] C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
20:56:21.0790 0536 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe - ok
20:56:21.0790 0536 [ 4968C0728E257B3B6210244A9CDE2A08 ] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
20:56:21.0790 0536 C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe - ok
20:56:21.0790 0536 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
20:56:21.0790 0536 C:\Windows\SysWOW64\version.dll - ok
20:56:21.0790 0536 [ 72AB6633E9B39EC7FEBEDF083A9061E5 ] C:\Windows\System32\mscoree.dll
20:56:21.0790 0536 C:\Windows\System32\mscoree.dll - ok
20:56:21.0790 0536 [ 2D92DA33F99F850C2C441DA1DBB5E482 ] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\hkutils.dll
20:56:21.0790 0536 C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\hkutils.dll - ok
20:56:21.0806 0536 [ 354DFE87B428BD99B01CCC163E70743A ] C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
20:56:21.0806 0536 C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll - ok
20:56:21.0806 0536 [ 667224FF4FD48B182F574AA96E93267C ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
20:56:21.0806 0536 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
20:56:21.0806 0536 [ E30E5BB0DBA49EFE5BBBAFEA440CFBD9 ] C:\Windows\SysWOW64\wtsapi32.dll
20:56:21.0806 0536 C:\Windows\SysWOW64\wtsapi32.dll - ok
20:56:21.0806 0536 [ 3B794CA0DE73790420DEBA3C759F1502 ] C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
20:56:21.0806 0536 C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe - ok
20:56:21.0821 0536 [ B701CD6DC1659244DE8C1A4C70758F61 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
20:56:21.0821 0536 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll - ok
20:56:21.0821 0536 [ C5B4683680DF085B57BC53E5EF34861F ] C:\Windows\System32\IKEEXT.DLL
20:56:21.0821 0536 C:\Windows\System32\IKEEXT.DLL - ok
20:56:21.0821 0536 [ 9B6B1F995F70AD951496088B16BC6782 ] C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
20:56:21.0821 0536 C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe - ok
20:56:21.0821 0536 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
20:56:21.0821 0536 C:\Windows\SysWOW64\clbcatq.dll - ok
20:56:21.0821 0536 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
20:56:21.0821 0536 C:\Windows\SysWOW64\cryptsp.dll - ok
20:56:21.0837 0536 [ 6C0BD9D59C7E97DEE2FB3407D17BF697 ] C:\Windows\SysWOW64\RpcRtRemote.dll
20:56:21.0837 0536 C:\Windows\SysWOW64\RpcRtRemote.dll - ok
20:56:21.0837 0536 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
20:56:21.0837 0536 C:\Windows\SysWOW64\rsaenh.dll - ok
20:56:21.0837 0536 [ FD7467D5D1C921C62E01B8B8C56A4C71 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\05ae3bc162010cd25470c276297f1303\mscorlib.ni.dll
20:56:21.0837 0536 C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\05ae3bc162010cd25470c276297f1303\mscorlib.ni.dll - ok
20:56:21.0837 0536 [ E78A365CC3E0FBFC018A33DCE01909F8 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
20:56:21.0837 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe - ok
20:56:21.0837 0536 [ 19D1E09DB68CD9DCA4038F0F7F4F36DF ] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
20:56:21.0837 0536 C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll - ok
20:56:21.0852 0536 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
20:56:21.0852 0536 C:\Windows\System32\netman.dll - ok
20:56:21.0852 0536 [ 7A03683FDEC05543A5CF7AA968129A1F ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccl100u.dll
20:56:21.0852 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccl100u.dll - ok
20:56:21.0852 0536 [ 2C802E7C33CE9CADE17954DBE1CBBE50 ] C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
20:56:21.0852 0536 C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll - ok
20:56:21.0852 0536 [ A81AF063D965A321D577AE3C24ADA449 ] C:\Windows\SysWOW64\browcli.dll
20:56:21.0852 0536 C:\Windows\SysWOW64\browcli.dll - ok
20:56:21.0868 0536 [ 79C7CFAEA6879A8C1A1E8B5FFE8983AA ] C:\Windows\SysWOW64\dbghelp.dll
20:56:21.0868 0536 C:\Windows\SysWOW64\dbghelp.dll - ok
20:56:21.0868 0536 [ 5DE691884C240227B733CC18BBFCA3D8 ] C:\Windows\SysWOW64\netapi32.dll
20:56:21.0868 0536 C:\Windows\SysWOW64\netapi32.dll - ok
20:56:21.0868 0536 [ C6BB27D9A8AC13D4A44486F528B5C884 ] C:\Windows\SysWOW64\netutils.dll
20:56:21.0868 0536 C:\Windows\SysWOW64\netutils.dll - ok
20:56:21.0868 0536 [ 89D840773C9C4358A5031DCC860449EC ] C:\Windows\SysWOW64\srvcli.dll
20:56:21.0868 0536 C:\Windows\SysWOW64\srvcli.dll - ok
20:56:21.0868 0536 [ 7AD12703039056D2A0815F85960E1FA1 ] C:\Windows\SysWOW64\wkscli.dll
20:56:21.0868 0536 C:\Windows\SysWOW64\wkscli.dll - ok
20:56:21.0884 0536 [ 32B3BEFB038D2930F6F98010048D5A4C ] C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
20:56:21.0884 0536 C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll - ok
20:56:21.0884 0536 [ 829ECF5202D1FA3123AD46040DAE1C65 ] C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
20:56:21.0884 0536 C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll - ok
20:56:21.0884 0536 [ 392580B071B71634A913685CA1915DEA ] C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
20:56:21.0884 0536 C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll - ok
20:56:21.0884 0536 [ 7FB20734985785FAADF88FFE5EE1AFED ] C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
20:56:21.0884 0536 C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll - ok
20:56:21.0899 0536 [ CA057EFBA2D8DB40FB820F5FADAE5F20 ] C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
20:56:21.0899 0536 C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll - ok
20:56:21.0899 0536 [ D64D99EC088B54FFE8EE67A480386C20 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
20:56:21.0899 0536 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll - ok
20:56:21.0899 0536 [ E88A3E1FB7CE4A897CC25F8F2023F44A ] C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\PTHostServices.dll
20:56:21.0899 0536 C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\PTHostServices.dll - ok
20:56:21.0899 0536 [ 3A2F5C8666F08B31C61DBAE9C297551C ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
20:56:21.0899 0536 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll - ok
20:56:21.0915 0536 [ ABFF5F1E970DBC68E2CAE682378DC717 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccvrtrst.dll
20:56:21.0915 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccvrtrst.dll - ok
20:56:21.0915 0536 [ BE33E6A340B7C740226C28B177857948 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll
20:56:21.0915 0536 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll - ok
20:56:21.0915 0536 [ 177364F26F682529220AF4906131DC2A ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\efacli.dll
20:56:21.0915 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\efacli.dll - ok
20:56:21.0915 0536 [ 1286F9939CC963D379F87A0FB05F6184 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\symneti.dll
20:56:21.0915 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\symneti.dll - ok
20:56:21.0915 0536 [ 6095266CAAF5E75F394CFD4844CC4C25 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
20:56:21.0915 0536 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
20:56:21.0930 0536 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
20:56:21.0930 0536 C:\Windows\SysWOW64\winnsi.dll - ok
20:56:21.0930 0536 [ E54E4924E1FD3A0055E581FE0D831E27 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9de65bdc66e79ce80b00c85a1b4ace59\System.ni.dll
20:56:21.0930 0536 C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9de65bdc66e79ce80b00c85a1b4ace59\System.ni.dll - ok
20:56:21.0930 0536 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] C:\Windows\System32\nlasvc.dll
20:56:21.0930 0536 C:\Windows\System32\nlasvc.dll - ok
20:56:21.0930 0536 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
20:56:21.0930 0536 C:\Windows\SysWOW64\psapi.dll - ok
20:56:21.0930 0536 [ 2CA0B0C4460898ED5371E4988954F466 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvc.dll
20:56:21.0930 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvc.dll - ok
20:56:21.0946 0536 [ 996B86A64B9A7F0845DBC810282EE870 ] C:\Program Files (x86)\PDF Complete\pdfsvc.exe
20:56:21.0946 0536 C:\Program Files (x86)\PDF Complete\pdfsvc.exe - ok
20:56:21.0946 0536 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
20:56:21.0946 0536 C:\Windows\System32\aepic.dll - ok
20:56:21.0946 0536 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
20:56:21.0946 0536 C:\Windows\System32\sfc.dll - ok
20:56:21.0946 0536 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
20:56:21.0946 0536 C:\Windows\System32\sfc_os.dll - ok
20:56:21.0962 0536 [ 39D6403ADF3E02248C42F8AB6D940AF5 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\srtsp32.dll
20:56:21.0962 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\srtsp32.dll - ok
20:56:21.0962 0536 [ 107F279517E2A04DB4AC1B1FAF1D573B ] C:\Windows\System32\ncsi.dll
20:56:21.0962 0536 C:\Windows\System32\ncsi.dll - ok
20:56:21.0962 0536 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
20:56:21.0962 0536 C:\Windows\System32\ssdpapi.dll - ok
20:56:21.0962 0536 [ DB7951146CA1E218E1D3BCFF115848A3 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccipc.dll
20:56:21.0962 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccipc.dll - ok
20:56:21.0962 0536 [ 972E0F9D74FA23C0F5B0044A77C6C37E ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\dimaster.dll
20:56:21.0962 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\dimaster.dll - ok
20:56:21.0977 0536 [ 6CC10D9FD128069DBFE476222F097616 ] C:\Windows\SysWOW64\secur32.dll
20:56:21.0977 0536 C:\Windows\SysWOW64\secur32.dll - ok
20:56:21.0977 0536 [ DF83EE5382851C6C33FDA15C2250F39F ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\470f2295a6009a7d0646f07a68709fe5\System.Xml.ni.dll
20:56:21.0977 0536 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\470f2295a6009a7d0646f07a68709fe5\System.Xml.ni.dll - ok
20:56:21.0977 0536 [ 6FEE15B53D624E06D86759258E1F6A9C ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccset.dll
20:56:21.0977 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccset.dll - ok
20:56:21.0977 0536 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
20:56:21.0977 0536 C:\Windows\SysWOW64\mpr.dll - ok
20:56:21.0993 0536 [ 2E5A72F5CF986088081B84ADD6AD458C ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\cosvcplg.dll
20:56:21.0993 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\cosvcplg.dll - ok
20:56:21.0993 0536 [ 4A8CC4D25525F456069887D5E8C53225 ] C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
20:56:21.0993 0536 C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe - ok
20:56:21.0993 0536 [ CC9BBCFC715FBEDF7AE476106FE653E9 ] C:\Windows\SysWOW64\winhttp.dll
20:56:21.0993 0536 C:\Windows\SysWOW64\winhttp.dll - ok
20:56:21.0993 0536 [ A86A1C5DF1C662D1C75815BF4794F16D ] C:\Windows\SysWOW64\webio.dll
20:56:21.0993 0536 C:\Windows\SysWOW64\webio.dll - ok
20:56:22.0008 0536 [ 96F3F676B4D0DF4DA9C4081358C4662F ] C:\Windows\SysWOW64\wbemcomn.dll
20:56:22.0008 0536 C:\Windows\SysWOW64\wbemcomn.dll - ok
20:56:22.0008 0536 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\SysWOW64\wbem\wbemprox.dll
20:56:22.0008 0536 C:\Windows\SysWOW64\wbem\wbemprox.dll - ok
20:56:22.0008 0536 [ AE5FF948400A51B040F999BF04290373 ] C:\Windows\SysWOW64\winsta.dll
20:56:22.0008 0536 C:\Windows\SysWOW64\winsta.dll - ok

#11 Retcon

Retcon
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 13 December 2012 - 12:18 AM

TDSSKiller Log PART 3



20:56:22.0008 0536 [ EF4E4231057F9887CDA435A0697A8334 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccgevt.dll
20:56:22.0008 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccgevt.dll - ok
20:56:22.0008 0536 [ 9C0DC1DAAD14D443DD5A0D1EE78D775E ] C:\Windows\SysWOW64\userenv.dll
20:56:22.0008 0536 C:\Windows\SysWOW64\userenv.dll - ok
20:56:22.0024 0536 [ F9AC3D7E84F7A996E921D9B2DA084F7D ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccglog.dll
20:56:22.0024 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccglog.dll - ok
20:56:22.0024 0536 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
20:56:22.0024 0536 C:\Windows\System32\drivers\PEAuth.sys - ok
20:56:22.0024 0536 [ 63DF770DF74ACB370EF5A16727069AAF ] C:\Windows\SysWOW64\hid.dll
20:56:22.0024 0536 C:\Windows\SysWOW64\hid.dll - ok
20:56:22.0024 0536 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
20:56:22.0024 0536 C:\Windows\SysWOW64\ntmarta.dll - ok
20:56:22.0040 0536 [ BFA70A99AD1434263F2DFBBA103BDEF8 ] C:\Windows\SysWOW64\Wldap32.dll
20:56:22.0040 0536 C:\Windows\SysWOW64\Wldap32.dll - ok
20:56:22.0040 0536 [ 331E7BDE228914574FC9AE6CD520DAFA ] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
20:56:22.0040 0536 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - ok
20:56:22.0040 0536 [ 2F33AF526667313ECC13D85DA103CC2E ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccjobmgr.dll
20:56:22.0040 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccjobmgr.dll - ok
20:56:22.0040 0536 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
20:56:22.0040 0536 C:\Windows\SysWOW64\SensApi.dll - ok
20:56:22.0040 0536 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
20:56:22.0040 0536 C:\Windows\SysWOW64\wsock32.dll - ok
20:56:22.0055 0536 [ 4DBC81CEFE9DB36856880BFB3491C100 ] C:\Windows\SysWOW64\msxml6.dll
20:56:22.0055 0536 C:\Windows\SysWOW64\msxml6.dll - ok
20:56:22.0055 0536 [ C59F4FC0C28C236BDDE2FD35167DE054 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsubeng.dll
20:56:22.0055 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsubeng.dll - ok
20:56:22.0055 0536 [ 939F327171B94A14D43A54D4BBF2129B ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccemlpxy.dll
20:56:22.0055 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccemlpxy.dll - ok
20:56:22.0055 0536 [ 8D7F8B8E85FCB8B9E3457C0A45C8C391 ] C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomain.dll
20:56:22.0055 0536 C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomain.dll - ok
20:56:22.0055 0536 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
20:56:22.0055 0536 C:\Windows\System32\drivers\secdrv.sys - ok
20:56:22.0071 0536 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] C:\Windows\System32\drivers\srvnet.sys
20:56:22.0071 0536 C:\Windows\System32\drivers\srvnet.sys - ok
20:56:22.0071 0536 [ 76D078AF6F587B162D50210F761EB9ED ] C:\Windows\System32\drivers\tcpipreg.sys
20:56:22.0071 0536 C:\Windows\System32\drivers\tcpipreg.sys - ok
20:56:22.0071 0536 [ 3C1284516A62078FB68F768DE4F1A7BE ] C:\Windows\System32\sysmain.dll
20:56:22.0071 0536 C:\Windows\System32\sysmain.dll - ok
20:56:22.0071 0536 [ 463B386EBC70F98DA5DFF85F7E654346 ] C:\Windows\System32\seclogon.dll
20:56:22.0071 0536 C:\Windows\System32\seclogon.dll - ok
20:56:22.0086 0536 [ 291FF480EE525B23575FE9D4DED60FAE ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\iron.dll
20:56:22.0086 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\iron.dll - ok
20:56:22.0086 0536 [ 8AA98F07E442A9D9293CFF3CB3DC8F88 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coFFPlgn.dll
20:56:22.0086 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coFFPlgn.dll - ok
20:56:22.0086 0536 [ A4A6CC47F54E193D3610D422669FF995 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\sndsvc.dll
20:56:22.0086 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\sndsvc.dll - ok
20:56:22.0086 0536 [ 884264AC597B690C5707C89723BB8E7B ] C:\Windows\System32\tapisrv.dll
20:56:22.0086 0536 C:\Windows\System32\tapisrv.dll - ok
20:56:22.0086 0536 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\SysWOW64\powrprof.dll
20:56:22.0086 0536 C:\Windows\SysWOW64\powrprof.dll - ok
20:56:22.0102 0536 [ 721487B5FE3D97D54D36122DB2FE8E1B ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\symrdrsv.dll
20:56:22.0102 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\symrdrsv.dll - ok
20:56:22.0102 0536 [ 266AA534FDB2224395B4C9BE6F5BD7F0 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\symredir.dll
20:56:22.0102 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\symredir.dll - ok
20:56:22.0102 0536 [ AAA6D0DF7356BBA706BD67385A103AAB ] C:\Windows\System32\certcli.dll
20:56:22.0102 0536 C:\Windows\System32\certcli.dll - ok
20:56:22.0102 0536 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
20:56:22.0102 0536 C:\Windows\System32\SensApi.dll - ok
20:56:22.0118 0536 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll
20:56:22.0118 0536 C:\Windows\SysWOW64\rasapi32.dll - ok
20:56:22.0118 0536 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll
20:56:22.0118 0536 C:\Windows\SysWOW64\rasman.dll - ok
20:56:22.0118 0536 [ 26EAEE08CAF82AA7F03C5020F51DA541 ] C:\Windows\SysWOW64\propsys.dll
20:56:22.0118 0536 C:\Windows\SysWOW64\propsys.dll - ok
20:56:22.0118 0536 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
20:56:22.0118 0536 C:\Windows\System32\aeevts.dll - ok
20:56:22.0133 0536 [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
20:56:22.0133 0536 C:\Windows\System32\trkwks.dll - ok
20:56:22.0133 0536 [ D5994AB5C2B2D72D6320A7004D52617C ] C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
20:56:22.0133 0536 C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe - ok
20:56:22.0133 0536 [ 436B0D62726D579B409F5C5AF4BC747A ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\hncore.dll
20:56:22.0133 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\hncore.dll - ok
20:56:22.0133 0536 [ 158117F3CF278F01C6F24E89E2141E81 ] C:\Windows\SysWOW64\FWPUCLNT.DLL
20:56:22.0133 0536 C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
20:56:22.0133 0536 [ 11510EF2F23AA78B66A4384CEB245F4C ] C:\Windows\SysWOW64\ArcVCapRender\VDGraph.dll
20:56:22.0149 0536 C:\Windows\SysWOW64\ArcVCapRender\VDGraph.dll - ok
20:56:22.0149 0536 [ A223CF703E28CBD7E9E7982141FA403C ] C:\Windows\SysWOW64\comdlg32.dll
20:56:22.0149 0536 C:\Windows\SysWOW64\comdlg32.dll - ok
20:56:22.0149 0536 [ 25AC04E76751CBCA8BA04A03C9A020A3 ] C:\Windows\SysWOW64\ArcVCapRender\ArcVCapture.dll
20:56:22.0149 0536 C:\Windows\SysWOW64\ArcVCapRender\ArcVCapture.dll - ok
20:56:22.0149 0536 [ 5BB8C06EB5EA4BA22EE8A678F2D79B25 ] C:\Windows\SysWOW64\devenum.dll
20:56:22.0149 0536 C:\Windows\SysWOW64\devenum.dll - ok
20:56:22.0149 0536 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:56:22.0149 0536 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok
20:56:22.0164 0536 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
20:56:22.0164 0536 C:\Windows\System32\wbem\WMIsvc.dll - ok
20:56:22.0164 0536 [ E24FE90E9DE8D8AE70E59F7B01675DEF ] C:\Windows\SysWOW64\avicap32.dll
20:56:22.0164 0536 C:\Windows\SysWOW64\avicap32.dll - ok
20:56:22.0164 0536 [ 70F03B29A62194E69911952B3640D9D2 ] C:\Windows\SysWOW64\msdmo.dll
20:56:22.0164 0536 C:\Windows\SysWOW64\msdmo.dll - ok
20:56:22.0164 0536 [ 2DEEB96A0957BD058753FF250E85EF49 ] C:\Windows\SysWOW64\msvfw32.dll
20:56:22.0164 0536 C:\Windows\SysWOW64\msvfw32.dll - ok
20:56:22.0164 0536 [ E32B288B38C3182D9F890F45B067A5DB ] C:\Windows\SysWOW64\vfwwdm32.dll
20:56:22.0164 0536 C:\Windows\SysWOW64\vfwwdm32.dll - ok
20:56:22.0180 0536 [ 8BF179E9513F70EA95DE2D539650EAF0 ] C:\Windows\SysWOW64\ksproxy.ax
20:56:22.0180 0536 C:\Windows\SysWOW64\ksproxy.ax - ok
20:56:22.0180 0536 [ FAF9BA81FB0543CB4B7EFFD24CFA815F ] C:\Windows\System32\wbemcomn.dll
20:56:22.0180 0536 C:\Windows\System32\wbemcomn.dll - ok
20:56:22.0180 0536 [ 7459301D21C2E21468823F73042D9F87 ] C:\Windows\SysWOW64\d3d9.dll
20:56:22.0180 0536 C:\Windows\SysWOW64\d3d9.dll - ok
20:56:22.0180 0536 [ 9C67F6BBDA3881CFD02095160CF91576 ] C:\Windows\SysWOW64\ksuser.dll
20:56:22.0180 0536 C:\Windows\SysWOW64\ksuser.dll - ok
20:56:22.0180 0536 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
20:56:22.0180 0536 C:\Windows\System32\wbem\WinMgmtR.dll - ok
20:56:22.0196 0536 [ A7582A70802D5B9F28ED3940F6A3E9ED ] C:\Windows\System32\wbem\WmiDcPrv.dll
20:56:22.0196 0536 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
20:56:22.0196 0536 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
20:56:22.0196 0536 C:\Windows\System32\wbem\fastprox.dll - ok
20:56:22.0196 0536 [ 3B9665D4B8C587A6014B9B8DFF5974A0 ] C:\Windows\System32\wbem\wbemcore.dll
20:56:22.0196 0536 C:\Windows\System32\wbem\wbemcore.dll - ok
20:56:22.0196 0536 [ CF318F60A84F15AF352439465A8D05F4 ] C:\Program Files\Windows Defender\MpSvc.dll
20:56:22.0196 0536 C:\Program Files\Windows Defender\MpSvc.dll - ok
20:56:22.0196 0536 [ 893C44082C97F7AED3E7C180FA1F93D8 ] C:\Windows\System32\mpnotify.exe
20:56:22.0196 0536 C:\Windows\System32\mpnotify.exe - ok
20:56:22.0211 0536 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
20:56:22.0211 0536 C:\Windows\System32\wbem\wbemprox.dll - ok
20:56:22.0211 0536 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
20:56:22.0211 0536 C:\Windows\System32\wbem\esscli.dll - ok
20:56:22.0211 0536 [ ADF3E771F429940E762AC097F5A54EAF ] C:\Program Files\Windows Defender\MpClient.dll
20:56:22.0211 0536 C:\Program Files\Windows Defender\MpClient.dll - ok
20:56:22.0211 0536 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
20:56:22.0211 0536 C:\Windows\System32\wbem\wbemsvc.dll - ok
20:56:22.0227 0536 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
20:56:22.0227 0536 C:\Windows\System32\wbem\wmiutils.dll - ok
20:56:22.0227 0536 [ 77B1471A490B53B24EFE136F09F76550 ] C:\Windows\SysWOW64\d3d8thk.dll
20:56:22.0227 0536 C:\Windows\SysWOW64\d3d8thk.dll - ok
20:56:22.0227 0536 [ 3F41165F3F56547D0BACA826C2651A77 ] C:\Windows\SysWOW64\Kswdmcap.ax
20:56:22.0227 0536 C:\Windows\SysWOW64\Kswdmcap.ax - ok
20:56:22.0227 0536 [ 4DDACA8A66B95ABA02812FF3C13DE198 ] C:\Windows\SysWOW64\vidcap.ax
20:56:22.0227 0536 C:\Windows\SysWOW64\vidcap.ax - ok
20:56:22.0227 0536 [ 74C76BB54B26CE50C4BC755F92687C63 ] C:\Windows\SysWOW64\mfc42.dll
20:56:22.0227 0536 C:\Windows\SysWOW64\mfc42.dll - ok
20:56:22.0242 0536 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
20:56:22.0242 0536 C:\Windows\System32\wbem\repdrvfs.dll - ok
20:56:22.0242 0536 [ 782CB63CA75FFEF178B0BBD7F8BAC17B ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\appmgr32.dll
20:56:22.0242 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\appmgr32.dll - ok
20:56:22.0242 0536 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\SysWOW64\wbem\wbemsvc.dll
20:56:22.0242 0536 C:\Windows\SysWOW64\wbem\wbemsvc.dll - ok
20:56:22.0242 0536 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
20:56:22.0242 0536 C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok
20:56:22.0242 0536 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
20:56:22.0242 0536 C:\Windows\SysWOW64\dhcpcsvc.dll - ok
20:56:22.0258 0536 [ 1CEDFE91F527858CACA1B08B04666BC0 ] C:\Windows\SysWOW64\wbem\fastprox.dll
20:56:22.0258 0536 C:\Windows\SysWOW64\wbem\fastprox.dll - ok
20:56:22.0258 0536 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
20:56:22.0258 0536 C:\Windows\System32\wer.dll - ok
20:56:22.0258 0536 [ 29CA5974FAB0E8AE4AA7814FE05CF832 ] C:\Windows\SysWOW64\dhcpcsvc6.dll
20:56:22.0258 0536 C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
20:56:22.0258 0536 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\SysWOW64\ntdsapi.dll
20:56:22.0258 0536 C:\Windows\SysWOW64\ntdsapi.dll - ok
20:56:22.0274 0536 [ 5764C381949147EBCFB9A7134E2ABF06 ] C:\Windows\SysWOW64\odbc32.dll
20:56:22.0274 0536 C:\Windows\SysWOW64\odbc32.dll - ok
20:56:22.0274 0536 [ 935F3CB0C17C661D103570BA361B5DD9 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\isdatapr.dll
20:56:22.0274 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\isdatapr.dll - ok
20:56:22.0274 0536 [ 8F9F3969933C02DA96EB0F84576DB43E ] C:\Windows\System32\wscsvc.dll
20:56:22.0274 0536 C:\Windows\System32\wscsvc.dll - ok
20:56:22.0274 0536 [ A35820791F940822C31908F58F91D973 ] C:\Program Files (x86)\Xobni\XobniService.exe
20:56:22.0274 0536 C:\Program Files (x86)\Xobni\XobniService.exe - ok
20:56:22.0274 0536 [ A74316B5C28D94AF0825267D8715549F ] C:\Windows\System32\dbghelp.dll
20:56:22.0274 0536 C:\Windows\System32\dbghelp.dll - ok
20:56:22.0289 0536 [ 128DD9AF8640DBCC711940903C8B554F ] C:\Windows\SysWOW64\mscoree.dll
20:56:22.0289 0536 C:\Windows\SysWOW64\mscoree.dll - ok
20:56:22.0289 0536 [ 451A47AC3AF27DAC986B3C18267E2C2F ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\avmodule.dll
20:56:22.0289 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\avmodule.dll - ok
20:56:22.0289 0536 [ ABA457BFC7EC0B5E130B2F1E0F549DFF ] C:\Windows\SysWOW64\odbcint.dll
20:56:22.0289 0536 C:\Windows\SysWOW64\odbcint.dll - ok
20:56:22.0289 0536 [ 2F5D445AB96764D0A9EB26DFA0D0F5A3 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\defutdcd.dll
20:56:22.0289 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\defutdcd.dll - ok
20:56:22.0289 0536 [ B6C4063297C7D07CD0532BDC3350436C ] C:\Windows\SysWOW64\actxprxy.dll
20:56:22.0289 0536 C:\Windows\SysWOW64\actxprxy.dll - ok
20:56:22.0305 0536 [ 20429EBE00CD72682860F7F00CD50354 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ducclib.dll
20:56:22.0305 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ducclib.dll - ok
20:56:22.0305 0536 [ 85C3AB8341F13E94B16FE9A69582A42F ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
20:56:22.0305 0536 C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll - ok
20:56:22.0305 0536 [ CE07AF86AA72F4AE964239DE0DABE738 ] C:\Windows\System32\msxml3.dll
20:56:22.0305 0536 C:\Windows\System32\msxml3.dll - ok
20:56:22.0305 0536 [ 83BA5E873164A3711B44052F58C8FE9F ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
20:56:22.0305 0536 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
20:56:22.0305 0536 [ 406F7B9C71B99872670EE9A8D52E2FE5 ] C:\Windows\SysWOW64\rtutils.dll
20:56:22.0305 0536 C:\Windows\SysWOW64\rtutils.dll - ok
20:56:22.0320 0536 [ 69D7A6CA044CD44AF388D05B540F73EC ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ncw.dll
20:56:22.0320 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ncw.dll - ok
20:56:22.0320 0536 [ 0786EA7E8DBDD3D8D6861E7D2C87E5E3 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
20:56:22.0320 0536 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
20:56:22.0320 0536 [ 70A176BF2ED362862944C371838262F8 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
20:56:22.0320 0536 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok
20:56:22.0320 0536 [ AB9FDFFE70CD2D164DFD5D403FC2D844 ] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcNp64.dll
20:56:22.0320 0536 C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcNp64.dll - ok
20:56:22.0336 0536 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
20:56:22.0336 0536 C:\Windows\System32\mpr.dll - ok
20:56:22.0336 0536 [ 87E1E8A5135908AF80C184413AEB8AA1 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5530227809880c9b8b1d834e5434e840\mscorlib.ni.dll
20:56:22.0336 0536 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5530227809880c9b8b1d834e5434e840\mscorlib.ni.dll - ok
20:56:22.0336 0536 [ 82BC97E5793DEF69691AAD5AB953A200 ] C:\Windows\System32\wbem\WmiPrvSD.dll
20:56:22.0336 0536 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
20:56:22.0336 0536 [ C02E3CE20E7776C922B5C8938350B5F1 ] C:\Windows\SysWOW64\apphelp.dll
20:56:22.0336 0536 C:\Windows\SysWOW64\apphelp.dll - ok
20:56:22.0336 0536 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
20:56:22.0336 0536 C:\Windows\System32\ncobjapi.dll - ok
20:56:22.0352 0536 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
20:56:22.0352 0536 C:\Windows\System32\dllhost.exe - ok
20:56:22.0352 0536 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
20:56:22.0352 0536 C:\Windows\System32\wbem\wbemess.dll - ok
20:56:22.0352 0536 [ 92E0508D924512F63FFEEFE498CBD11F ] C:\Windows\System32\p2pcollab.dll
20:56:22.0352 0536 C:\Windows\System32\p2pcollab.dll - ok
20:56:22.0352 0536 [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
20:56:22.0352 0536 C:\Windows\System32\wbem\NCProv.dll - ok
20:56:22.0352 0536 [ 4987E079A4530FA737A128BE54B63B12 ] C:\Windows\System32\QAGENTRT.DLL
20:56:22.0352 0536 C:\Windows\System32\QAGENTRT.DLL - ok
20:56:22.0367 0536 [ 73EC60501FE247C811B640F69E0FAE6B ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\cltlmc.dll
20:56:22.0367 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\cltlmc.dll - ok
20:56:22.0367 0536 [ 506A83A3BEEE9FCA09F0170DE9FC7D1B ] C:\Windows\System32\fveui.dll
20:56:22.0367 0536 C:\Windows\System32\fveui.dll - ok
20:56:22.0367 0536 [ 64D757051B5B273E55C93E4503EA4F3E ] C:\Windows\System32\wbem\WmiPrvSE.exe
20:56:22.0367 0536 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
20:56:22.0367 0536 [ 1D340BF30C4BA80D86C4FBAEC5D582E9 ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111109.035\NAVENG32.DLL
20:56:22.0367 0536 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111109.035\NAVENG32.DLL - ok
20:56:22.0383 0536 [ BC052EFAD10ACA1AD69545B629F50D99 ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll
20:56:22.0383 0536 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll - ok
20:56:22.0383 0536 [ C47F35CC6FA4F1BDBEF8F87AC1A46537 ] C:\Windows\System32\wuapi.dll
20:56:22.0383 0536 C:\Windows\System32\wuapi.dll - ok
20:56:22.0383 0536 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
20:56:22.0383 0536 C:\Windows\System32\IDStore.dll - ok
20:56:22.0383 0536 [ 3EEFB971D61EF9638FD21F14C703CA11 ] C:\Windows\System32\taskhost.exe
20:56:22.0383 0536 C:\Windows\System32\taskhost.exe - ok
20:56:22.0383 0536 [ 36333D345062E42E849C0AF00CBEFC97 ] C:\Windows\SysWOW64\ntshrui.dll
20:56:22.0383 0536 C:\Windows\SysWOW64\ntshrui.dll - ok
20:56:22.0398 0536 [ 64E6A44177ACF348D68255A37F4723DA ] C:\Windows\System32\cabinet.dll
20:56:22.0398 0536 C:\Windows\System32\cabinet.dll - ok
20:56:22.0398 0536 [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe
20:56:22.0398 0536 C:\Windows\System32\AtBroker.exe - ok
20:56:22.0398 0536 [ 6F8F1376A13114CC10C0E69274F5A4DE ] C:\Windows\System32\userinit.exe
20:56:22.0398 0536 C:\Windows\System32\userinit.exe - ok
20:56:22.0398 0536 [ E746ED90132C6B6313CE9179F56BD31D ] C:\Windows\System32\wups.dll
20:56:22.0398 0536 C:\Windows\System32\wups.dll - ok
20:56:22.0414 0536 [ 44C71034567D1D98C49281F28B8D2BA4 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\avpsvc32.dll
20:56:22.0414 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\avpsvc32.dll - ok
20:56:22.0414 0536 [ 28AD5E311996A34025CFB07E131058DD ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
20:56:22.0414 0536 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok
20:56:22.0414 0536 [ 8CFACC72081C21519676BF4AAA1A88A9 ] C:\Windows\System32\localspl.dll
20:56:22.0414 0536 C:\Windows\System32\localspl.dll - ok
20:56:22.0414 0536 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
20:56:22.0414 0536 C:\Windows\System32\rasadhlp.dll - ok
20:56:22.0414 0536 [ 37F1F5CCD06334EE9D9C1E8FC986DD72 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\iserror.dll
20:56:22.0414 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\iserror.dll - ok
20:56:22.0430 0536 [ ADD9D33D685DFADDFAD5AFB42CF31A70 ] C:\Windows\SysWOW64\cscapi.dll
20:56:22.0430 0536 C:\Windows\SysWOW64\cscapi.dll - ok
20:56:22.0430 0536 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
20:56:22.0430 0536 C:\Windows\SysWOW64\slc.dll - ok
20:56:22.0430 0536 [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
20:56:22.0430 0536 C:\Windows\System32\dssenh.dll - ok
20:56:22.0430 0536 [ 33C3A5CD1D4F95AED46D6C6081EDD3F3 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\bhclient.dll
20:56:22.0430 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\bhclient.dll - ok
20:56:22.0430 0536 [ FCB82479AE5DC880AD85B9DFCA4C2D45 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\cltlms.dll
20:56:22.0430 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\cltlms.dll - ok
20:56:22.0445 0536 [ BECAE02803277EFEC3FFB6C31FECA370 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\bhsvcplg.dll
20:56:22.0445 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\bhsvcplg.dll - ok
20:56:22.0445 0536 [ EDBDE5BE736E77A64D8D47069B536299 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ipsplug.dll
20:56:22.0445 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ipsplug.dll - ok
20:56:22.0445 0536 [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
20:56:22.0445 0536 C:\Windows\System32\spoolss.dll - ok
20:56:22.0445 0536 [ BE9DD00802B1E0D1750687613DEE1CD1 ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\CLT\cltLMSx.dll
20:56:22.0445 0536 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\CLT\cltLMSx.dll - ok
20:56:22.0461 0536 [ 02CDEB5D8B3DD5F6770DEFFBBC0CFAD0 ] C:\Windows\System32\winspool.drv
20:56:22.0461 0536 C:\Windows\System32\winspool.drv - ok
20:56:22.0461 0536 [ D724A1367B79F9BDD150BA0DC11DEDF1 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\isdatasv.dll
20:56:22.0461 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\isdatasv.dll - ok
20:56:22.0461 0536 [ 4F44EE5DCC36A26E02A9235D69CDE359 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\fwcore.dll
20:56:22.0461 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\fwcore.dll - ok
20:56:22.0461 0536 [ 20BEB8C403C6E28C9B13644787F5177D ] C:\Windows\System32\FXSMON.dll
20:56:22.0461 0536 C:\Windows\System32\FXSMON.dll - ok
20:56:22.0476 0536 [ CB2640049C1C62CE9AF2F1FCEF862ECE ] C:\Windows\System32\pdfc_port.dll
20:56:22.0476 0536 C:\Windows\System32\pdfc_port.dll - ok
20:56:22.0476 0536 [ 33CC7FFA41F6157592E1578BD253F30E ] C:\Windows\System32\PrintIsolationProxy.dll
20:56:22.0476 0536 C:\Windows\System32\PrintIsolationProxy.dll - ok
20:56:22.0476 0536 [ 0137C7150F01DB5C2C36C3D98841BE07 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\dscli.dll
20:56:22.0476 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\dscli.dll - ok
20:56:22.0476 0536 [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
20:56:22.0476 0536 C:\Windows\System32\tcpmon.dll - ok
20:56:22.0476 0536 [ A4ADF68950E010EDD6A643C2F4EC436B ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\fwgenplg.dll
20:56:22.0476 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\fwgenplg.dll - ok
20:56:22.0492 0536 [ AD7C70077D4C81558E909D34EF6B995E ] C:\Windows\System32\wsnmp32.dll
20:56:22.0492 0536 C:\Windows\System32\wsnmp32.dll - ok
20:56:22.0492 0536 [ 3989BB6998C32753FDD5493879C1835A ] C:\Windows\SysWOW64\ncrypt.dll
20:56:22.0492 0536 C:\Windows\SysWOW64\ncrypt.dll - ok
20:56:22.0492 0536 [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
20:56:22.0492 0536 C:\Windows\System32\usbmon.dll - ok
20:56:22.0492 0536 [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
20:56:22.0492 0536 C:\Windows\System32\WSDMon.dll - ok
20:56:22.0492 0536 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
20:56:22.0492 0536 C:\Windows\SysWOW64\bcrypt.dll - ok
20:56:22.0508 0536 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
20:56:22.0508 0536 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
20:56:22.0508 0536 [ 58815DEB605847D3E07C4F832E1D412B ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111109.030\IDSxpx86.dll
20:56:22.0508 0536 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111109.030\IDSxpx86.dll - ok
20:56:22.0508 0536 [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
20:56:22.0508 0536 C:\Windows\System32\fdPnp.dll - ok
20:56:22.0508 0536 [ 7EDB2BF840ECB14D6E6B11C035708719 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
20:56:22.0508 0536 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
20:56:22.0523 0536 [ 79A37AE3806851CB445C475D527CF685 ] C:\Windows\System32\win32spl.dll
20:56:22.0523 0536 C:\Windows\System32\win32spl.dll - ok
20:56:22.0523 0536 [ 6E9E439517D89EDC9A6CB1E94489620A ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
20:56:22.0523 0536 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll - ok
20:56:22.0523 0536 [ 6EC594AB7EFA45EACDE65FD4040F53D9 ] C:\Windows\SysWOW64\riched20.dll
20:56:22.0523 0536 C:\Windows\SysWOW64\riched20.dll - ok
20:56:22.0523 0536 [ EE24C42561D40F7AD7C2A7A460287090 ] C:\Windows\System32\wbem\cimwin32.dll
20:56:22.0523 0536 C:\Windows\System32\wbem\cimwin32.dll - ok
20:56:22.0539 0536 [ 97CCB4D737B426B200E5EF90C877DF32 ] C:\Windows\SysWOW64\imagehlp.dll
20:56:22.0539 0536 C:\Windows\SysWOW64\imagehlp.dll - ok
20:56:22.0539 0536 [ 17EAB1AEA937EFFCD107EFBA94FEDB34 ] C:\Windows\System32\inetpp.dll
20:56:22.0539 0536 C:\Windows\System32\inetpp.dll - ok
20:56:22.0539 0536 [ 92D3775777F8E0476C0045154918C17B ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111027.001\BHEngine.dll
20:56:22.0539 0536 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111027.001\BHEngine.dll - ok
20:56:22.0539 0536 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
20:56:22.0539 0536 C:\Windows\SysWOW64\gpapi.dll - ok
20:56:22.0539 0536 [ 3656CEB53172661E261C95EC71944FB4 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
20:56:22.0539 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll - ok
20:56:22.0554 0536 [ BFEBE1E4B301F44CEA7C1B4021BD0264 ] C:\Windows\System32\cscapi.dll
20:56:22.0554 0536 C:\Windows\System32\cscapi.dll - ok
20:56:22.0554 0536 [ BF591B5C2CC38314518467E883AE37C5 ] C:\Windows\SysWOW64\credssp.dll
20:56:22.0554 0536 C:\Windows\SysWOW64\credssp.dll - ok
20:56:22.0554 0536 [ 1F778C34C751E1B585E4FC66659BA904 ] C:\Windows\SysWOW64\cryptnet.dll
20:56:22.0554 0536 C:\Windows\SysWOW64\cryptnet.dll - ok
20:56:22.0554 0536 [ 11A41F17527ED75D6B758FDD7F4FD00D ] C:\Windows\SysWOW64\mswsock.dll
20:56:22.0554 0536 C:\Windows\SysWOW64\mswsock.dll - ok
20:56:22.0554 0536 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
20:56:22.0554 0536 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
20:56:22.0570 0536 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
20:56:22.0570 0536 C:\Windows\System32\PlaySndSrv.dll - ok
20:56:22.0570 0536 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
20:56:22.0570 0536 C:\Windows\SysWOW64\wship6.dll - ok
20:56:22.0570 0536 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
20:56:22.0570 0536 C:\Windows\System32\dwm.exe - ok
20:56:22.0570 0536 [ 031C6782F2D50336FC2C72F8D14A4C13 ] C:\Windows\System32\wbem\wmiprov.dll
20:56:22.0570 0536 C:\Windows\System32\wbem\wmiprov.dll - ok
20:56:22.0570 0536 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
20:56:22.0570 0536 C:\Windows\System32\MsCtfMonitor.dll - ok
20:56:22.0586 0536 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
20:56:22.0586 0536 C:\Windows\System32\msutb.dll - ok
20:56:22.0586 0536 [ 7F37322A489E285CFBCC02F6A53B3F1B ] C:\Windows\System32\HotStartUserAgent.dll
20:56:22.0586 0536 C:\Windows\System32\HotStartUserAgent.dll - ok
20:56:22.0586 0536 [ EF184066A851E7838D5BF8C8FAE66CC4 ] C:\Windows\System32\dwmredir.dll
20:56:22.0586 0536 C:\Windows\System32\dwmredir.dll - ok
20:56:22.0586 0536 [ 9D8AB964CE511AF81207DF0E1205184C ] C:\Windows\System32\dwmcore.dll
20:56:22.0586 0536 C:\Windows\System32\dwmcore.dll - ok
20:56:22.0601 0536 [ 9AAAEC8DAC27AA17B053E6352AD233AE ] C:\Windows\explorer.exe
20:56:22.0601 0536 C:\Windows\explorer.exe - ok
20:56:22.0601 0536 [ 58A0C212ED2ABE462B3A9626F5B96261 ] C:\Windows\System32\d3d10_1.dll
20:56:22.0601 0536 C:\Windows\System32\d3d10_1.dll - ok
20:56:22.0601 0536 [ AFBBC34687FA48A4928B99AF097C1EC0 ] C:\Windows\System32\d3d10_1core.dll
20:56:22.0601 0536 C:\Windows\System32\d3d10_1core.dll - ok
20:56:22.0601 0536 [ D95DB5C915C001F78709C17285109BDC ] C:\Windows\System32\dxgi.dll
20:56:22.0601 0536 C:\Windows\System32\dxgi.dll - ok
20:56:22.0601 0536 [ 9E195E53F66D4D3C94A02E712655B9D7 ] C:\Windows\System32\igd10umd64.dll
20:56:22.0601 0536 C:\Windows\System32\igd10umd64.dll - ok
20:56:22.0617 0536 [ 169EFEBE66BD1041A9D5B518E8D71687 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\avifc.dll
20:56:22.0617 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\avifc.dll - ok
20:56:22.0617 0536 [ 9046CB953A6F4FBEDD399C87E31D1A0E ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\fwsetup.dll
20:56:22.0617 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\fwsetup.dll - ok
20:56:22.0617 0536 [ 6A4A362F58D1403E42547EF2C5FAEA81 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\wscstub.exe
20:56:22.0617 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\wscstub.exe - ok
20:56:22.0617 0536 [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll
20:56:22.0617 0536 C:\Windows\System32\uDWM.dll - ok
20:56:22.0617 0536 [ 5D89D063A4CB036C258685C8E057E768 ] C:\Windows\System32\framedynos.dll
20:56:22.0617 0536 C:\Windows\System32\framedynos.dll - ok
20:56:22.0632 0536 [ 0A828405EDC5A4FB8558BB685356B1E8 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\npctray.dll
20:56:22.0632 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\npctray.dll - ok
20:56:22.0632 0536 [ 0881FAF791DB7CE3182B13F967D54104 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ashelper.dll
20:56:22.0632 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ashelper.dll - ok
20:56:22.0632 0536 [ 6ACE34A451E8C5BB5379790D9FB1B60A ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\asoehook.dll
20:56:22.0632 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\asoehook.dll - ok
20:56:22.0632 0536 [ 5815E0AFC8C671C26D1516C30E0887C6 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\cltelprv.dll
20:56:22.0632 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\cltelprv.dll - ok
20:56:22.0648 0536 [ BF2AD535B7BC7CCC0CF96CD422286E60 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\avpapp32.dll
20:56:22.0648 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\avpapp32.dll - ok
20:56:22.0648 0536 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
20:56:22.0648 0536 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe - ok
20:56:22.0648 0536 [ AFBB5060A2DAD431A2EAEB2C86CFFE81 ] C:\Windows\SysWOW64\AudioSes.dll
20:56:22.0648 0536 C:\Windows\SysWOW64\AudioSes.dll - ok
20:56:22.0648 0536 [ 8C680C0E6B3D6711B2B88AC82FE1804E ] C:\Windows\SysWOW64\MMDevAPI.dll
20:56:22.0648 0536 C:\Windows\SysWOW64\MMDevAPI.dll - ok
20:56:22.0664 0536 [ C003991FCE02E03FAC432378F28084DC ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\codatapr.dll
20:56:22.0664 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\codatapr.dll - ok
20:56:22.0664 0536 [ E9F81031963175D9270923C7350F2A8C ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ispwd.dll
20:56:22.0664 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ispwd.dll - ok
20:56:22.0664 0536 [ 521202AA6F2B74FCCC6BC7E162109D71 ] C:\Windows\System32\wbem\unsecapp.exe
20:56:22.0664 0536 C:\Windows\System32\wbem\unsecapp.exe - ok
20:56:22.0664 0536 [ F5879CC8C94CB87E0B9E3A7EAD4E5DC8 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\cltaldis.dll
20:56:22.0664 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\cltaldis.dll - ok
20:56:22.0664 0536 [ DA40159AB82A2E9AF64F4E30B1BF05F0 ] C:\Program Files (x86)\Norton Internet Security\MUI\18.7.2.3\09\01\cltres.loc
20:56:22.0664 0536 C:\Program Files (x86)\Norton Internet Security\MUI\18.7.2.3\09\01\cltres.loc - ok
20:56:22.0679 0536 [ 9A7EAFFBC2BFDB27608BE7E417764FE3 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\fwsesal.dll
20:56:22.0679 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\fwsesal.dll - ok
20:56:22.0679 0536 [ 742AA02BD9FA3492C9E525BBD427D87D ] C:\Windows\SysWOW64\samcli.dll
20:56:22.0679 0536 C:\Windows\SysWOW64\samcli.dll - ok
20:56:22.0679 0536 [ 374B26395852A9092BDE2E4C8D4D0C8D ] C:\Windows\SysWOW64\wscapi.dll
20:56:22.0679 0536 C:\Windows\SysWOW64\wscapi.dll - ok
20:56:22.0679 0536 [ 8258362DDB18B644A82D8B5061AD9426 ] C:\Windows\SysWOW64\wscisvif.dll
20:56:22.0679 0536 C:\Windows\SysWOW64\wscisvif.dll - ok
20:56:22.0695 0536 [ 7DF186D86CF8C571A12AAB788C777F84 ] C:\Windows\SysWOW64\wscproxystub.dll
20:56:22.0695 0536 C:\Windows\SysWOW64\wscproxystub.dll - ok
20:56:22.0695 0536 [ 169193C626E22A1C215E9C370CDF8E3C ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\acctmgr.dll
20:56:22.0695 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\acctmgr.dll - ok
20:56:22.0695 0536 [ D2BBC72E0CDF8639C8274EDB395C9103 ] C:\Windows\SysWOW64\dinput.dll
20:56:22.0695 0536 C:\Windows\SysWOW64\dinput.dll - ok
20:56:22.0695 0536 [ 0470997A5ADC2FCDDCB3461D92073FAA ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\GdiPlus.dll
20:56:22.0695 0536 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\GdiPlus.dll - ok
20:56:22.0710 0536 [ 70512B221F1A69DD768C8555B0967F70 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\sdkcmn.dll
20:56:22.0710 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\sdkcmn.dll - ok
20:56:22.0710 0536 [ 33DBBF33E684C3876145A26196A50620 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\fwhelper.dll
20:56:22.0710 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\fwhelper.dll - ok
20:56:22.0710 0536 [ 42A1455259C73A84903FE7D1574920F4 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\uialert.dll
20:56:22.0710 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\uialert.dll - ok
20:56:22.0710 0536 [ C30A3E5DEEEBA22E782AC54C5AF5F352 ] C:\Windows\SysWOW64\samlib.dll
20:56:22.0710 0536 C:\Windows\SysWOW64\samlib.dll - ok
20:56:22.0710 0536 [ 803768444B482D61B92D715A05B5712A ] C:\Windows\SysWOW64\prnfldr.dll
20:56:22.0710 0536 C:\Windows\SysWOW64\prnfldr.dll - ok
20:56:22.0726 0536 [ 1C27E145EC99F20BC1B13FD98165A83F ] C:\Windows\System32\ExplorerFrame.dll
20:56:22.0726 0536 C:\Windows\System32\ExplorerFrame.dll - ok
20:56:22.0726 0536 [ 81F08948A0F1475894C99D4D19A158A8 ] C:\Windows\SysWOW64\wshqos.dll
20:56:22.0726 0536 C:\Windows\SysWOW64\wshqos.dll - ok
20:56:22.0726 0536 [ 757DD68F6010AA31FA87C93C942FDC37 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\asengine.dll
20:56:22.0726 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\asengine.dll - ok
20:56:22.0726 0536 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
20:56:22.0726 0536 C:\Windows\System32\EhStorShell.dll - ok
20:56:22.0742 0536 [ 659B7036757FEEBDC4FA2D724B0C858A ] C:\Windows\System32\cscui.dll
20:56:22.0742 0536 C:\Windows\System32\cscui.dll - ok
20:56:22.0742 0536 [ 5B840D903BA3B8E066B47F1221786FD0 ] C:\Windows\System32\cscdll.dll
20:56:22.0742 0536 C:\Windows\System32\cscdll.dll - ok
20:56:22.0742 0536 [ 0DFBB6B13ACFBDEE0E7DF0FD145614AC ] C:\Windows\System32\ntshrui.dll
20:56:22.0742 0536 C:\Windows\System32\ntshrui.dll - ok
20:56:22.0742 0536 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
20:56:22.0742 0536 C:\Windows\System32\IconCodecService.dll - ok
20:56:22.0742 0536 [ 62390F4ACE9E2B63E3CA26B7F7497897 ] C:\Windows\SysWOW64\dnsapi.dll
20:56:22.0742 0536 C:\Windows\SysWOW64\dnsapi.dll - ok
20:56:22.0757 0536 [ 3AB96E38084CAFC4C113BC3FD085B3DC ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\avmail.dll
20:56:22.0757 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\avmail.dll - ok
20:56:22.0757 0536 [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\SysWOW64\linkinfo.dll
20:56:22.0757 0536 C:\Windows\SysWOW64\linkinfo.dll - ok
20:56:22.0757 0536 [ D146C378AEC2D1570A4E4F81E2B621B3 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
20:56:22.0757 0536 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
20:56:22.0757 0536 [ 2FF632103A9FFE7C8BA4E8B55F743EC1 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c8ebcd93a2b547dc72dee2fcfabcdd50\System.ni.dll
20:56:22.0757 0536 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c8ebcd93a2b547dc72dee2fcfabcdd50\System.ni.dll - ok
20:56:22.0773 0536 [ 0B3B4E8D1DE31F844E466D61CF7937B5 ] C:\Program Files (x86)\Xobni\ICSharpCode.SharpZipLib.dll
20:56:22.0773 0536 C:\Program Files (x86)\Xobni\ICSharpCode.SharpZipLib.dll - ok
20:56:22.0773 0536 [ 3857F88C54C6EAA6BA134DCA79A3AD42 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b21e4b2fb6b860debf846f1abcb5848\System.ServiceProcess.ni.dll
20:56:22.0773 0536 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b21e4b2fb6b860debf846f1abcb5848\System.ServiceProcess.ni.dll - ok
20:56:22.0773 0536 [ 794D4B48DFB6E999537C7C3947863463 ] C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
20:56:22.0773 0536 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe - ok
20:56:22.0773 0536 [ CC7EF60AD1F482B4F6B62FB4EAC6F781 ] C:\Windows\assembly\GAC_32\Utilities\1.9.5.13282__6298d2d1fcfb5d85\Utilities.dll
20:56:22.0773 0536 C:\Windows\assembly\GAC_32\Utilities\1.9.5.13282__6298d2d1fcfb5d85\Utilities.dll - ok
20:56:22.0773 0536 [ F8E058D17363EC580E4B7232778B6CB5 ] C:\Windows\System32\iphlpsvc.dll
20:56:22.0773 0536 C:\Windows\System32\iphlpsvc.dll - ok
20:56:22.0788 0536 [ A0617B5753E31126AD29C03154F4F329 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
20:56:22.0788 0536 C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok
20:56:22.0788 0536 [ ECDA90A844B955A2F8730DA9D13FA8DE ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
20:56:22.0788 0536 C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll - ok
20:56:22.0788 0536 [ 48A6CA43A5C921C465F70D9B42B3EF1A ] C:\Windows\System32\sqmapi.dll
20:56:22.0788 0536 C:\Windows\System32\sqmapi.dll - ok
20:56:22.0788 0536 [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
20:56:22.0788 0536 C:\Windows\System32\wdscore.dll - ok
20:56:22.0804 0536 [ 4DCC6849BF4C24FE34FD4EA69219D525 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2d47118e5da6db054d5676e665f2be2\System.Xml.ni.dll
20:56:22.0804 0536 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2d47118e5da6db054d5676e665f2be2\System.Xml.ni.dll - ok
20:56:22.0804 0536 [ 47394ED3D16D053F5906EFE5AB51CC83 ] C:\Windows\System32\rasmans.dll
20:56:22.0804 0536 C:\Windows\System32\rasmans.dll - ok
20:56:22.0804 0536 [ 44C96B48112EB24AE7764EBF1C527000 ] C:\Windows\System32\rastapi.dll
20:56:22.0804 0536 C:\Windows\System32\rastapi.dll - ok
20:56:22.0804 0536 [ FAFAE01E889DC9C05A6CA2138CFC220B ] C:\Windows\System32\tapi32.dll
20:56:22.0804 0536 C:\Windows\System32\tapi32.dll - ok
20:56:22.0804 0536 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
20:56:22.0804 0536 C:\Windows\System32\hnetcfg.dll - ok
20:56:22.0820 0536 [ EE25B470C39126B08055A7CB71A67A58 ] C:\Windows\System32\unimdm.tsp
20:56:22.0820 0536 C:\Windows\System32\unimdm.tsp - ok
20:56:22.0820 0536 [ 6E03C9E362389A768E6C240933352D11 ] C:\Windows\System32\nci.dll
20:56:22.0820 0536 C:\Windows\System32\nci.dll - ok
20:56:22.0820 0536 [ 94B7DF336815B47236724019FAB24B7C ] C:\Windows\System32\uniplat.dll
20:56:22.0820 0536 C:\Windows\System32\uniplat.dll - ok
20:56:22.0820 0536 [ 41326DD08ACC0CDC5F8177AF96C066E8 ] C:\Windows\System32\kmddsp.tsp
20:56:22.0820 0536 C:\Windows\System32\kmddsp.tsp - ok
20:56:22.0835 0536 [ 1D6BC2769DA66C1145F4DA5A65F52E61 ] C:\Windows\System32\ndptsp.tsp
20:56:22.0835 0536 C:\Windows\System32\ndptsp.tsp - ok
20:56:22.0835 0536 [ 7C1BAE7D23D4874FEE256A2B9C00E019 ] C:\Windows\System32\hidphone.tsp
20:56:22.0835 0536 C:\Windows\System32\hidphone.tsp - ok
20:56:22.0835 0536 [ 8019A904EBB6F8CFBA9E41A76A99604A ] C:\Windows\SysWOW64\wer.dll
20:56:22.0835 0536 C:\Windows\SysWOW64\wer.dll - ok
20:56:22.0835 0536 [ DF627325D25191236BABA895D5A51EF6 ] C:\Windows\System32\rasppp.dll
20:56:22.0835 0536 C:\Windows\System32\rasppp.dll - ok
20:56:22.0835 0536 [ 7B2AF75C0813FEB2888559DAA4215BA3 ] C:\Windows\SysWOW64\Faultrep.dll
20:56:22.0835 0536 C:\Windows\SysWOW64\Faultrep.dll - ok
20:56:22.0851 0536 [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\SysWOW64\shfolder.dll
20:56:22.0851 0536 C:\Windows\SysWOW64\shfolder.dll - ok
20:56:22.0851 0536 [ E3DA135D4DD0D34512D4FEBCB6ED760E ] C:\Windows\System32\vpnike.dll
20:56:22.0851 0536 C:\Windows\System32\vpnike.dll - ok
20:56:22.0851 0536 [ 1482CC99F7E2DA2FECF59C6A774FED0A ] C:\Windows\System32\raschap.dll
20:56:22.0851 0536 C:\Windows\System32\raschap.dll - ok
20:56:22.0851 0536 [ 6B44700917F45B19B96B46B345B6F0E7 ] C:\Program Files (x86)\Spybot - Search & Destroy\SDMain.exe
20:56:22.0851 0536 C:\Program Files (x86)\Spybot - Search & Destroy\SDMain.exe - ok
20:56:22.0866 0536 [ ACCBA604D34842844133A731F8045B32 ] C:\Windows\SysWOW64\sxs.dll
20:56:22.0866 0536 C:\Windows\SysWOW64\sxs.dll - ok
20:56:22.0866 0536 [ 244C6722289F4869068992FD7D8A8832 ] C:\Windows\SysWOW64\wbem\wbemdisp.dll
20:56:22.0866 0536 C:\Windows\SysWOW64\wbem\wbemdisp.dll - ok
20:56:22.0866 0536 [ 5610B0425518D185331CB8E968D060E6 ] C:\Windows\SysWOW64\wbem\wmiutils.dll
20:56:22.0866 0536 C:\Windows\SysWOW64\wbem\wmiutils.dll - ok
20:56:22.0866 0536 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] C:\Windows\System32\drivers\srv2.sys
20:56:22.0866 0536 C:\Windows\System32\drivers\srv2.sys - ok
20:56:22.0866 0536 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] C:\Windows\System32\drivers\srv.sys
20:56:22.0866 0536 C:\Windows\System32\drivers\srv.sys - ok
20:56:22.0882 0536 [ B95F6501A2F8B2E78C697FEC401970CE ] C:\Windows\System32\ipnathlp.dll
20:56:22.0882 0536 C:\Windows\System32\ipnathlp.dll - ok
20:56:22.0882 0536 [ 114429A77D935053E13A9BF98A8B8CA1 ] C:\Windows\System32\mprapi.dll
20:56:22.0882 0536 C:\Windows\System32\mprapi.dll - ok
20:56:22.0882 0536 [ 66920354B984D4A3848A84B4E66745EA ] C:\Windows\System32\netshell.dll
20:56:22.0882 0536 C:\Windows\System32\netshell.dll - ok
20:56:22.0882 0536 [ 6B054C67AAA87843504E8E3C09102009 ] C:\Windows\System32\browser.dll
20:56:22.0882 0536 C:\Windows\System32\browser.dll - ok
20:56:22.0882 0536 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
20:56:22.0882 0536 C:\Windows\System32\netmsg.dll - ok
20:56:22.0898 0536 [ 81F1D04D4D0E433099365127375FD501 ] C:\Windows\System32\srvsvc.dll
20:56:22.0898 0536 C:\Windows\System32\srvsvc.dll - ok
20:56:22.0898 0536 [ 836892094209E5D9CF403B4CF2829B5C ] C:\Windows\System32\sscore.dll
20:56:22.0898 0536 C:\Windows\System32\sscore.dll - ok
20:56:22.0898 0536 [ 4EAE37133B78A26A84EA1649D9B21A1E ] C:\Windows\System32\clusapi.dll
20:56:22.0898 0536 C:\Windows\System32\clusapi.dll - ok
20:56:22.0898 0536 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
20:56:22.0898 0536 C:\Windows\System32\resutils.dll - ok
20:56:22.0913 0536 [ F572E51921A69EBE17E1DE89CB03DD5B ] C:\Program Files (x86)\Hewlett-Packard\Shared\hputils.dll
20:56:22.0913 0536 C:\Program Files (x86)\Hewlett-Packard\Shared\hputils.dll - ok
20:56:22.0913 0536 [ AD31942BDF3D594C404874613BC2FE4D ] C:\Windows\System32\SearchIndexer.exe
20:56:22.0913 0536 C:\Windows\System32\SearchIndexer.exe - ok
20:56:22.0913 0536 [ 4D59A5B6EF0AF6F9FDF3D157534380AF ] C:\Windows\SysWOW64\oleacc.dll
20:56:22.0913 0536 C:\Windows\SysWOW64\oleacc.dll - ok
20:56:22.0913 0536 [ F87A7BB428E4AC68D348DF600F1EA1A2 ] C:\Windows\System32\tquery.dll
20:56:22.0913 0536 C:\Windows\System32\tquery.dll - ok
20:56:22.0913 0536 [ 78A6501E4E37118C568A606623A275BB ] C:\Windows\System32\mssrch.dll
20:56:22.0913 0536 C:\Windows\System32\mssrch.dll - ok
20:56:22.0929 0536 [ 2DA943E5F82A33748B691B3411F08CB8 ] C:\Windows\System32\esent.dll
20:56:22.0929 0536 C:\Windows\System32\esent.dll - ok
20:56:22.0929 0536 [ D065BE66822847B7F127D1F90158376E ] C:\Windows\System32\appinfo.dll
20:56:22.0929 0536 C:\Windows\System32\appinfo.dll - ok
20:56:22.0929 0536 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
20:56:22.0929 0536 C:\Windows\System32\msidle.dll - ok
20:56:22.0929 0536 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] C:\Windows\System32\qmgr.dll
20:56:22.0929 0536 C:\Windows\System32\qmgr.dll - ok
20:56:22.0929 0536 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
20:56:22.0929 0536 C:\Windows\System32\wdi.dll - ok
20:56:22.0944 0536 [ D891293880F2F00AB7BA959910300EF7 ] C:\Windows\System32\diagperf.dll
20:56:22.0944 0536 C:\Windows\System32\diagperf.dll - ok
20:56:22.0944 0536 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
20:56:22.0944 0536 C:\Windows\System32\mssprxy.dll - ok
20:56:22.0944 0536 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
20:56:22.0944 0536 C:\Windows\System32\npmproxy.dll - ok
20:56:22.0944 0536 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
20:56:22.0944 0536 C:\Windows\System32\perftrack.dll - ok
20:56:22.0960 0536 [ 2E57DDF2880A7E52E76F41C7E96D327B ] C:\Windows\System32\wpdbusenum.dll
20:56:22.0960 0536 C:\Windows\System32\wpdbusenum.dll - ok
20:56:22.0960 0536 [ 1CBF15FDB0310345A68972EB5C5B948F ] C:\Windows\SysWOW64\mssprxy.dll
20:56:22.0960 0536 C:\Windows\SysWOW64\mssprxy.dll - ok
20:56:22.0960 0536 [ 5DA7D8934F7AB0884A6A8FC02E8B2AA7 ] C:\Windows\System32\PortableDeviceApi.dll
20:56:22.0960 0536 C:\Windows\System32\PortableDeviceApi.dll - ok
20:56:22.0960 0536 [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
20:56:22.0960 0536 C:\Windows\System32\en-US\tquery.dll.mui - ok
20:56:22.0960 0536 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
20:56:22.0960 0536 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
20:56:22.0976 0536 [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
20:56:22.0976 0536 C:\Windows\System32\NapiNSP.dll - ok
20:56:22.0976 0536 [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
20:56:22.0976 0536 C:\Windows\System32\pnrpnsp.dll - ok
20:56:22.0976 0536 [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
20:56:22.0976 0536 C:\Windows\System32\winrnr.dll - ok
20:56:22.0976 0536 [ E3E2E9A96E6BA95D0CF0F026C7B18654 ] C:\Windows\System32\wshbth.dll
20:56:22.0976 0536 C:\Windows\System32\wshbth.dll - ok
20:56:22.0991 0536 [ D9431DCF90B0253773F51FDEFE7FD42F ] C:\Windows\System32\bitsigd.dll
20:56:22.0991 0536 C:\Windows\System32\bitsigd.dll - ok
20:56:22.0991 0536 [ 4E75477E8BFA55C6F1F2688FB553F0C5 ] C:\Windows\System32\bitsperf.dll
20:56:22.0991 0536 C:\Windows\System32\bitsperf.dll - ok
20:56:22.0991 0536 [ 9E29BC11A70165635CC10D42E64CFEE1 ] C:\Windows\System32\upnp.dll
20:56:22.0991 0536 C:\Windows\System32\upnp.dll - ok
20:56:22.0991 0536 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] C:\Windows\System32\ssdpsrv.dll
20:56:22.0991 0536 C:\Windows\System32\ssdpsrv.dll - ok
20:56:22.0991 0536 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
20:56:22.0991 0536 C:\Windows\System32\Apphlpdm.dll - ok
20:56:23.0007 0536 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
20:56:23.0007 0536 C:\Windows\System32\pnpts.dll - ok
20:56:23.0007 0536 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
20:56:23.0007 0536 C:\Windows\System32\radardt.dll - ok
20:56:23.0007 0536 [ 65AF044B5570D355124DCD1E099AA98F ] C:\Windows\System32\wdiasqmmodule.dll
20:56:23.0007 0536 C:\Windows\System32\wdiasqmmodule.dll - ok
20:56:23.0007 0536 [ 1CF21800E337F4039AAD4C94B4280EE4 ] C:\Windows\System32\mprmsg.dll
20:56:23.0007 0536 C:\Windows\System32\mprmsg.dll - ok
20:56:23.0007 0536 [ 79AFFC7FEEA9CD2FEFEA5EF3B631A02C ] C:\Windows\System32\ndiscapCfg.dll
20:56:23.0007 0536 C:\Windows\System32\ndiscapCfg.dll - ok
20:56:23.0022 0536 [ 3D6AF45673C4B31CDECD7F80AF09D443 ] C:\Windows\System32\rascfg.dll
20:56:23.0022 0536 C:\Windows\System32\rascfg.dll - ok
20:56:23.0022 0536 [ 1FCD619D8542A248D4E1FF72FFB0E56B ] C:\Windows\System32\tcpipcfg.dll
20:56:23.0022 0536 C:\Windows\System32\tcpipcfg.dll - ok
20:56:23.0022 0536 [ 42EC9065D9BF266ADE924B066C783A56 ] C:\Windows\System32\SearchProtocolHost.exe
20:56:23.0022 0536 C:\Windows\System32\SearchProtocolHost.exe - ok
20:56:23.0022 0536 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
20:56:23.0022 0536 C:\Windows\System32\aelupsvc.dll - ok
20:56:23.0038 0536 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] C:\Windows\System32\IPSECSVC.DLL
20:56:23.0038 0536 C:\Windows\System32\IPSECSVC.DLL - ok
20:56:23.0038 0536 [ D2A5B2B09F2AF5ED13BF494508B09788 ] C:\Windows\System32\msshooks.dll
20:56:23.0038 0536 C:\Windows\System32\msshooks.dll - ok
20:56:23.0038 0536 [ 6AB6D4DF10EC784CF4A66CBFAF417A11 ] C:\Windows\System32\runonce.exe
20:56:23.0038 0536 C:\Windows\System32\runonce.exe - ok
20:56:23.0038 0536 [ 52D56D1013D4F1B99102679314CC5325 ] C:\Windows\System32\SearchFilterHost.exe
20:56:23.0038 0536 C:\Windows\System32\SearchFilterHost.exe - ok
20:56:23.0038 0536 [ 169F916EFEAA44487E65305B7D2D754B ] C:\Windows\SysWOW64\runonce.exe
20:56:23.0038 0536 C:\Windows\SysWOW64\runonce.exe - ok
20:56:23.0054 0536 [ AC5DF873913B00E554D8F553459BC431 ] C:\Windows\System32\qmgrprxy.dll
20:56:23.0054 0536 C:\Windows\System32\qmgrprxy.dll - ok
20:56:23.0054 0536 [ 85B45B4B285B159ACDB355FC8C1E8925 ] C:\Windows\SysWOW64\qmgrprxy.dll
20:56:23.0054 0536 C:\Windows\SysWOW64\qmgrprxy.dll - ok
20:56:23.0054 0536 [ 27E147E11984209A50C7901C125561E3 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Security\ec36d09158a7a3accdecefe59e9fd45c\System.Security.ni.dll
20:56:23.0054 0536 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Security\ec36d09158a7a3accdecefe59e9fd45c\System.Security.ni.dll - ok
20:56:23.0054 0536 [ 9BC93C9ACFA34DB5A41B89357B31E4ED ] C:\Windows\System32\FwRemoteSvr.dll
20:56:23.0054 0536 C:\Windows\System32\FwRemoteSvr.dll - ok
20:56:23.0054 0536 [ ABDBABE3A7D2222B3A0DB1B8B9CAD16E ] C:\Windows\System32\mssph.dll
20:56:23.0054 0536 C:\Windows\System32\mssph.dll - ok
20:56:23.0069 0536 [ 2A556E2D703DED03186C596B90AC6869 ] C:\Windows\System32\mapi32.dll
20:56:23.0069 0536 C:\Windows\System32\mapi32.dll - ok
20:56:23.0069 0536 [ CB1F277CEC7E3C632D17B56E4F3143DC ] C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\b24b53e14b1a429b0f36a3044afb1a31\Microsoft.VisualBasic.ni.dll
20:56:23.0069 0536 C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\b24b53e14b1a429b0f36a3044afb1a31\Microsoft.VisualBasic.ni.dll - ok
20:56:23.0069 0536 [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
20:56:23.0069 0536 C:\Windows\System32\dimsjob.dll - ok
20:56:23.0069 0536 [ BA7EC41CA58730A485270820F310CD4E ] C:\Windows\System32\NaturalLanguage6.dll
20:56:23.0069 0536 C:\Windows\System32\NaturalLanguage6.dll - ok
20:56:23.0085 0536 [ 522BD073F617060AFCB9CC5707778DB1 ] C:\Windows\System32\CertEnroll.dll
20:56:23.0085 0536 C:\Windows\System32\CertEnroll.dll - ok
20:56:23.0085 0536 [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll
20:56:23.0085 0536 C:\Windows\System32\pautoenr.dll - ok
20:56:23.0085 0536 [ 701D9F5F3F21580936638D5C5F86B460 ] C:\Windows\System32\NlsData0009.dll
20:56:23.0085 0536 C:\Windows\System32\NlsData0009.dll - ok
20:56:23.0085 0536 [ 8AE6DD9A6D246004DA047F704F0CC487 ] C:\Windows\SysWOW64\cmd.exe
20:56:23.0085 0536 C:\Windows\SysWOW64\cmd.exe - ok
20:56:23.0100 0536 [ 148A733B93A2AC104280495DA09D3CC2 ] C:\Windows\System32\NlsLexicons0009.dll
20:56:23.0100 0536 C:\Windows\System32\NlsLexicons0009.dll - ok
20:56:23.0100 0536 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
20:56:23.0100 0536 C:\Windows\SysWOW64\winbrand.dll - ok
20:56:23.0100 0536 [ 5466DCAEF5A648E04D1B6580F2C901B5 ] C:\Windows\SysWOW64\ieframe.dll
20:56:23.0100 0536 C:\Windows\SysWOW64\ieframe.dll - ok
20:56:23.0100 0536 [ E07B77C3BDC82A024E294FB67ABFEDA0 ] C:\Windows\SysWOW64\shdocvw.dll
20:56:23.0100 0536 C:\Windows\SysWOW64\shdocvw.dll - ok
20:56:23.0100 0536 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Joshua Barham\AppData\Local\Temp\D601BF47-DF19-45C2-9977-1567B60ADE60.exe
20:56:23.0100 0536 C:\Users\Joshua Barham\AppData\Local\Temp\D601BF47-DF19-45C2-9977-1567B60ADE60.exe - ok
20:56:23.0116 0536 [ 691C8DFB208227F0CBB5C0897C742ACE ] C:\Windows\SysWOW64\WindowsCodecs.dll
20:56:23.0116 0536 C:\Windows\SysWOW64\WindowsCodecs.dll - ok
20:56:23.0116 0536 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
20:56:23.0116 0536 C:\Windows\SysWOW64\EhStorShell.dll - ok
20:56:23.0116 0536 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
20:56:23.0116 0536 C:\Windows\SysWOW64\imageres.dll - ok
20:56:23.0116 0536 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
20:56:23.0116 0536 C:\Windows\SysWOW64\sfc.dll - ok
20:56:23.0116 0536 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
20:56:23.0116 0536 C:\Windows\SysWOW64\sfc_os.dll - ok
20:56:23.0132 0536 [ 11CDF138552BFEC115B60ED6DC3ACEB6 ] C:\Windows\SysWOW64\devrtl.dll
20:56:23.0132 0536 C:\Windows\SysWOW64\devrtl.dll - ok
20:56:23.0132 0536 [ B519848DFA30AE2B306576B51321D102 ] C:\Windows\System32\ie4uinit.exe
20:56:23.0132 0536 C:\Windows\System32\ie4uinit.exe - ok
20:56:23.0132 0536 [ C3E98C42EDF7EF237A4BAB91FEAC7426 ] C:\Windows\System32\iedkcs32.dll
20:56:23.0132 0536 C:\Windows\System32\iedkcs32.dll - ok
20:56:23.0132 0536 [ C3C32FE6F59BF9863C924C7ED7328834 ] C:\Windows\System32\timedate.cpl
20:56:23.0132 0536 C:\Windows\System32\timedate.cpl - ok
20:56:23.0132 0536 [ 1E4BDDBD5A63059A97063339B4F8986F ] C:\Windows\System32\actxprxy.dll
20:56:23.0132 0536 C:\Windows\System32\actxprxy.dll - ok
20:56:23.0147 0536 [ 9D4A1690AF93F233E15380398BEC7431 ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
20:56:23.0147 0536 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
20:56:23.0147 0536 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
20:56:23.0147 0536 C:\Windows\SysWOW64\rasadhlp.dll - ok
20:56:23.0147 0536 [ FBE8EBF528DC49B3DEB186CA9545D97E ] C:\Windows\System32\shdocvw.dll
20:56:23.0147 0536 C:\Windows\System32\shdocvw.dll - ok
20:56:23.0147 0536 [ E37DCCB01E8CDD285006AA18A1AC2717 ] C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll
20:56:23.0147 0536 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll - ok
20:56:23.0163 0536 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
20:56:23.0163 0536 C:\Windows\System32\linkinfo.dll - ok
20:56:23.0163 0536 [ 46EDD0A6B42BA5D2044FA0909BE4BE95 ] C:\Windows\System32\msftedit.dll
20:56:23.0163 0536 C:\Windows\System32\msftedit.dll - ok
20:56:23.0163 0536 [ 14F5C0DB4B2C47874D6C937A5A1B367C ] C:\Windows\System32\gameux.dll
20:56:23.0163 0536 C:\Windows\System32\gameux.dll - ok
20:56:23.0163 0536 [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
20:56:23.0163 0536 C:\Windows\System32\msls31.dll - ok
20:56:23.0163 0536 [ 17A7998CB5DA92020A291B85FF7B3681 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
20:56:23.0163 0536 C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
20:56:23.0178 0536 [ A38A290E27AFE18D7D5F3CFD33FEF47D ] C:\Windows\System32\msi.dll
20:56:23.0178 0536 C:\Windows\System32\msi.dll - ok
20:56:23.0178 0536 [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
20:56:23.0178 0536 C:\Windows\System32\msiltcfg.dll - ok
20:56:23.0178 0536 [ 58E4954BF382E2CF03B9A2AEA2DF0914 ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\symhtml.dll
20:56:23.0178 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\symhtml.dll - ok
20:56:23.0178 0536 [ C71E7ABB1A34E56CE73AE117C8DD566F ] C:\Windows\System32\ieframe.dll
20:56:23.0178 0536 C:\Windows\System32\ieframe.dll - ok
20:56:23.0194 0536 [ AF28348ED585539C4A33A4341FF23696 ] C:\Windows\System32\oleacc.dll
20:56:23.0194 0536 C:\Windows\System32\oleacc.dll - ok
20:56:23.0194 0536 [ F468C806267D46B68DB7EB32FBF0A103 ] C:\Windows\System32\thumbcache.dll
20:56:23.0194 0536 C:\Windows\System32\thumbcache.dll - ok
20:56:23.0194 0536 [ 8BC7AE7E16458355508ECF5EC3A04E72 ] C:\Windows\System32\networkexplorer.dll
20:56:23.0194 0536 C:\Windows\System32\networkexplorer.dll - ok
20:56:23.0194 0536 [ DD76912E8D165C68659D9875256710A3 ] C:\Windows\System32\DeviceCenter.dll
20:56:23.0194 0536 C:\Windows\System32\DeviceCenter.dll - ok
20:56:23.0194 0536 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\30452479.sys
20:56:23.0194 0536 C:\Windows\System32\drivers\30452479.sys - ok
20:56:23.0210 0536 [ DA6C4B5FEEEA4DC7162B5D0C055EB967 ] C:\Windows\System32\imaadp32.acm
20:56:23.0210 0536 C:\Windows\System32\imaadp32.acm - ok
20:56:23.0210 0536 [ 1C81E1BEA4847F406BBDB74D19721CE6 ] C:\Windows\System32\msg711.acm
20:56:23.0210 0536 C:\Windows\System32\msg711.acm - ok
20:56:23.0210 0536 [ 5046E55184021406C27E8D48A1B2C9D2 ] C:\Windows\System32\l3codeca.acm
20:56:23.0210 0536 C:\Windows\System32\l3codeca.acm - ok
20:56:23.0210 0536 [ 329FEB3452982A377726DEDAFE9BBDF0 ] C:\Windows\System32\msadp32.acm
20:56:23.0210 0536 C:\Windows\System32\msadp32.acm - ok
20:56:23.0210 0536 [ E5B9A2FA94D21C44DA2B898DC326B0C2 ] C:\Windows\System32\msgsm32.acm
20:56:23.0210 0536 C:\Windows\System32\msgsm32.acm - ok
20:56:23.0225 0536 [ 43F7D0E767BF198605BD6433A2760A09 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
20:56:23.0225 0536 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - ok
20:56:23.0225 0536 [ E600CE78AF8F386AA4E2A18B36EEE728 ] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
20:56:23.0225 0536 C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe - ok
20:56:23.0225 0536 [ 43E822906AC752CF864A7B73D2B9B1C5 ] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
20:56:23.0225 0536 C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe - ok
20:56:23.0225 0536 [ 597D9254E172A3529B24BABBE891CB35 ] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
20:56:23.0225 0536 C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe - ok
20:56:23.0241 0536 [ D00BA6930E129F6B779D6EDEBEDB5F1D ] C:\Windows\System32\igfxtray.exe
20:56:23.0241 0536 C:\Windows\System32\igfxtray.exe - ok
20:56:23.0241 0536 [ 8204453DB1B89F07BBFA2BB61C931889 ] C:\Windows\System32\hkcmd.exe
20:56:23.0241 0536 C:\Windows\System32\hkcmd.exe - ok
20:56:23.0241 0536 [ 2A42204C6DADFCCA3A2F60AECAA52983 ] C:\Windows\System32\igfxpers.exe
20:56:23.0241 0536 C:\Windows\System32\igfxpers.exe - ok
20:56:23.0241 0536 [ A36D727EA4C3969C793C04894CF82FB2 ] C:\Program Files\IDT\WDM\sttray64.exe
20:56:23.0241 0536 C:\Program Files\IDT\WDM\sttray64.exe - ok
20:56:23.0241 0536 [ AE6AF014B616F53BA762F0BCFD8F7F21 ] C:\Windows\SysWOW64\msi.dll
20:56:23.0241 0536 C:\Windows\SysWOW64\msi.dll - ok
20:56:23.0256 0536 [ 04A0465C22ABA222DFCEE2148E0E8E1E ] C:\Program Files (x86)\Bluetooth Suite\OutLookLib.dll
20:56:23.0256 0536 C:\Program Files (x86)\Bluetooth Suite\OutLookLib.dll - ok
20:56:23.0256 0536 [ 3555F1F8864C537F414274A505A09996 ] C:\Program Files (x86)\Bluetooth Suite\Sync.dll
20:56:23.0256 0536 C:\Program Files (x86)\Bluetooth Suite\Sync.dll - ok
20:56:23.0256 0536 [ 605C408D9393AA6E98F01AC105639D64 ] C:\Program Files (x86)\Bluetooth Suite\goep_single.dll
20:56:23.0256 0536 C:\Program Files (x86)\Bluetooth Suite\goep_single.dll - ok
20:56:23.0256 0536 [ 187BF1BF73138B89A4D6612922255D8A ] C:\Program Files (x86)\Bluetooth Suite\L2capLib.dll
20:56:23.0256 0536 C:\Program Files (x86)\Bluetooth Suite\L2capLib.dll - ok
20:56:23.0272 0536 [ 8A40F9C0AE40F8D6CEA12958EF0B0A9C ] C:\Program Files (x86)\Bluetooth Suite\BtCommonRes.dll
20:56:23.0272 0536 C:\Program Files (x86)\Bluetooth Suite\BtCommonRes.dll - ok
20:56:23.0272 0536 [ CCE220548C315107301D6F61D7A85516 ] C:\Program Files (x86)\Bluetooth Suite\BTBIP.dll
20:56:23.0272 0536 C:\Program Files (x86)\Bluetooth Suite\BTBIP.dll - ok
20:56:23.0272 0536 [ AB34FE8E68226DDA6B36C0E257EF5A6F ] C:\Program Files\IDT\WDM\stlang64.dll
20:56:23.0272 0536 C:\Program Files\IDT\WDM\stlang64.dll - ok
20:56:23.0272 0536 [ 5B4E4059C735028CB8568952DF6D45F3 ] C:\Windows\System32\hccutils.dll
20:56:23.0272 0536 C:\Windows\System32\hccutils.dll - ok
20:56:23.0272 0536 [ AA9DB555FCD0FD915BA55357511D37CA ] C:\Program Files (x86)\Bluetooth Suite\RfcommLib.dll
20:56:23.0272 0536 C:\Program Files (x86)\Bluetooth Suite\RfcommLib.dll - ok
20:56:23.0288 0536 [ 3BB3E27531DDC01EA7D9D32FF863D6EE ] C:\Program Files (x86)\Bluetooth Suite\BPP.dll
20:56:23.0288 0536 C:\Program Files (x86)\Bluetooth Suite\BPP.dll - ok
20:56:23.0288 0536 [ DE954319C6BC46E699731F52C6765C93 ] C:\Program Files (x86)\Bluetooth Suite\goep_bpp.dll
20:56:23.0288 0536 C:\Program Files (x86)\Bluetooth Suite\goep_bpp.dll - ok
20:56:23.0288 0536 [ 68A69ABB56ABAC45199C325E84FF1177 ] C:\Program Files (x86)\Bluetooth Suite\Handsfree.dll
20:56:23.0288 0536 C:\Program Files (x86)\Bluetooth Suite\Handsfree.dll - ok
20:56:23.0288 0536 [ C7681F377AC550795208558EB0CDEAA9 ] C:\Windows\System32\igfxsrvc.exe
20:56:23.0288 0536 C:\Windows\System32\igfxsrvc.exe - ok
20:56:23.0288 0536 [ C425B0539B6A298337F9D0D332DB0FEC ] C:\Windows\System32\SynCOM.dll
20:56:23.0288 0536 C:\Windows\System32\SynCOM.dll - ok
20:56:23.0303 0536 [ 8898C95862D03D16B2A06DB4DB6BB6B2 ] C:\Windows\SysWOW64\ExplorerFrame.dll
20:56:23.0303 0536 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
20:56:23.0303 0536 [ 54834803F20469728BBF606C143A0872 ] C:\Program Files (x86)\Bluetooth Suite\BtObexFt.dll
20:56:23.0303 0536 C:\Program Files (x86)\Bluetooth Suite\BtObexFt.dll - ok
20:56:23.0303 0536 [ 57735421396CF9DD508060BC36970582 ] C:\Program Files (x86)\Bluetooth Suite\BtFileStore.dll
20:56:23.0303 0536 C:\Program Files (x86)\Bluetooth Suite\BtFileStore.dll - ok
20:56:23.0303 0536 [ F3E06C85847220200CF230730E2EB4CE ] C:\Program Files (x86)\Bluetooth Suite\BTOBEXOP.dll
20:56:23.0303 0536 C:\Program Files (x86)\Bluetooth Suite\BTOBEXOP.dll - ok
20:56:23.0319 0536 [ 0E3DE38358CB56BD33B4A84AF42C4A51 ] C:\Program Files (x86)\Bluetooth Suite\BtFileStoreOpp.dll
20:56:23.0319 0536 C:\Program Files (x86)\Bluetooth Suite\BtFileStoreOpp.dll - ok
20:56:23.0319 0536 [ CB31D043C03C9A44F051450D2448E5E7 ] C:\Windows\System32\SynTPAPI.dll
20:56:23.0319 0536 C:\Windows\System32\SynTPAPI.dll - ok
20:56:23.0319 0536 [ 66371A4159EA329ABDBA34945A5A967E ] C:\Program Files (x86)\Bluetooth Suite\goep.dll
20:56:23.0319 0536 C:\Program Files (x86)\Bluetooth Suite\goep.dll - ok
20:56:23.0319 0536 [ CA12240CAC95D1893CB34308AD98CA29 ] C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll
20:56:23.0319 0536 C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll - ok
20:56:23.0319 0536 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
20:56:23.0319 0536 C:\Windows\SysWOW64\duser.dll - ok
20:56:23.0334 0536 [ 46C16A2A3D3FD517F582F3BDDFA5CBEF ] C:\Windows\System32\igfxsrvc.dll
20:56:23.0334 0536 C:\Windows\System32\igfxsrvc.dll - ok
20:56:23.0334 0536 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
20:56:23.0334 0536 C:\Windows\SysWOW64\dui70.dll - ok
20:56:23.0334 0536 [ D13AB914796ACA19D55F5A966190834F ] C:\Windows\System32\igfxdev.dll
20:56:23.0334 0536 C:\Windows\System32\igfxdev.dll - ok
20:56:23.0334 0536 [ 70E05E8BC86AAC95B512DCB39523AB87 ] C:\Windows\System32\igfxrenu.lrc
20:56:23.0334 0536 C:\Windows\System32\igfxrenu.lrc - ok
20:56:23.0334 0536 [ 105CFE016CCB20175BEACEC146F175AB ] C:\Windows\System32\IccLibDll_x64.dll
20:56:23.0334 0536 C:\Windows\System32\IccLibDll_x64.dll - ok
20:56:23.0350 0536 [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll
20:56:23.0350 0536 C:\Windows\System32\UIAnimation.dll - ok
20:56:23.0350 0536 [ 8E29B0181C9988F55E6F9A46880E762A ] C:\Windows\System32\igfxress.dll
20:56:23.0350 0536 C:\Windows\System32\igfxress.dll - ok
20:56:23.0350 0536 [ 8A7F55E5B5543C95D8AF191BCBF6D125 ] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
20:56:23.0350 0536 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe - ok
20:56:23.0350 0536 [ CAF8CD8BE201817A6A94B906E3BAA381 ] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
20:56:23.0350 0536 C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe - ok
20:56:23.0366 0536 [ 20E2FB1FF86FDEA6894F98AC31568396 ] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
20:56:23.0366 0536 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe - ok
20:56:23.0366 0536 [ 54304FBA24EB4D7AD85DF29485AAAC96 ] C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe
20:56:23.0366 0536 C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe - ok
20:56:23.0366 0536 [ 53AB059637ABB53D51EDCF52789D0847 ] C:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
20:56:23.0366 0536 C:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe - ok
20:56:23.0366 0536 [ F4A3321D821A8E45BDFF9CC4050076F3 ] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
20:56:23.0366 0536 C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe - ok
20:56:23.0366 0536 [ 5B29B39042CDEECD087DC750323126D1 ] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
20:56:23.0366 0536 C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe - ok
20:56:23.0381 0536 [ D6CBDEA24FE913664FA65EAF92EE1222 ] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
20:56:23.0381 0536 C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe - ok
20:56:23.0381 0536 [ AA0A7E7F04BBCE97671CB1B83F853ECF ] C:\Program Files (x86)\PDF Complete\pdfsty.exe
20:56:23.0381 0536 C:\Program Files (x86)\PDF Complete\pdfsty.exe - ok
20:56:23.0381 0536 [ 12916E0642E92561C98B18A2A2D01B14 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
20:56:23.0381 0536 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe - ok
20:56:23.0381 0536 [ B78B6459C2DCCA129489A86F7D63B359 ] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUtil.dll
20:56:23.0381 0536 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUtil.dll - ok
20:56:23.0397 0536 [ 190E647AEA2B3D41BAF380267CCBB471 ] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorCommon.dll
20:56:23.0397 0536 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorCommon.dll - ok
20:56:23.0397 0536 [ 329586791BCAE490157F2CA8C0EED92A ] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
20:56:23.0397 0536 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe - ok
20:56:23.0397 0536 [ C9B1F547364C90B23AE2D1BF82341F0B ] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab8569e7d3fe600c3df7441803eb804d\IAStorUtil.ni.dll
20:56:23.0397 0536 C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab8569e7d3fe600c3df7441803eb804d\IAStorUtil.ni.dll - ok
20:56:23.0397 0536 [ D32EE82DA63D39D337D5AEEA2928B1DE ] C:\Windows\System32\consent.exe
20:56:23.0397 0536 C:\Windows\System32\consent.exe - ok
20:56:23.0397 0536 [ C7B0FE9CFFF69CD4E501BD1B39542455 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f4be07261983040b29685575b69085e8\System.Drawing.ni.dll
20:56:23.0397 0536 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f4be07261983040b29685575b69085e8\System.Drawing.ni.dll - ok
20:56:23.0412 0536 [ D49D4AC365AE9CFB6B018F1C89055D87 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\515c6ffea562bb0f03a1ed8f75279648\System.Windows.Forms.ni.dll
20:56:23.0412 0536 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\515c6ffea562bb0f03a1ed8f75279648\System.Windows.Forms.ni.dll - ok
20:56:23.0412 0536 [ 7849250D8EC5FEEA33A3C37331F56793 ] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\dmres.dll
20:56:23.0412 0536 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\dmres.dll - ok
20:56:23.0412 0536 [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\SysWOW64\oledlg.dll
20:56:23.0412 0536 C:\Windows\SysWOW64\oledlg.dll - ok
20:56:23.0412 0536 [ 0CF573BBA68C2B0131AC70CC6C2E58D9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcm90.dll
20:56:23.0412 0536 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcm90.dll - ok
20:56:23.0428 0536 [ D1A6AAC4A61B75BC1F3A8860772C32BB ] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\HPSWManagedDLL.dll
20:56:23.0428 0536 C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\HPSWManagedDLL.dll - ok
20:56:23.0428 0536 [ 1838D3ECDDD78BCAFB092FA31C7AFD2D ] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hp.mobile.shared.dll
20:56:23.0428 0536 C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hp.mobile.shared.dll - ok
20:56:23.0428 0536 [ D42C85B499CA215186183CC23807B13A ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2f44dac350b6161a9e9ce7222ae94335\System.Configuration.ni.dll
20:56:23.0428 0536 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2f44dac350b6161a9e9ce7222ae94335\System.Configuration.ni.dll - ok
20:56:23.0428 0536 [ 0A94DE4AA9864D312E60D747FD249ABE ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll
20:56:23.0428 0536 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll - ok
20:56:23.0444 0536 [ 4FB1F2F9B02FA1138CACD2DEA3F5AEC8 ] C:\Windows\System32\riched20.dll
20:56:23.0444 0536 C:\Windows\System32\riched20.dll - ok
20:56:23.0444 0536 [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
20:56:23.0444 0536 C:\Windows\System32\msimg32.dll - ok
20:56:23.0444 0536 [ 3D7D2E825C63FF501E896CF008C70D75 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
20:56:23.0444 0536 C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe - ok
20:56:23.0444 0536 [ 5F0CFD202ACC8000629EE066008CC435 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\54fb82c01706e38a60d1e49121ac72f2\System.ServiceProcess.ni.dll
20:56:23.0444 0536 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\54fb82c01706e38a60d1e49121ac72f2\System.ServiceProcess.ni.dll - ok
20:56:23.0444 0536 [ 5CA53A68F413B011BA976B655A7903CA ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\4caf9dcd9ab56ffd9b47fa0e6ac9a704\System.Drawing.ni.dll
20:56:23.0444 0536 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\4caf9dcd9ab56ffd9b47fa0e6ac9a704\System.Drawing.ni.dll - ok
20:56:23.0459 0536 [ 3BE143948300BA876B7EDC5A93843A0B ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\2335170ef8a6a3bee4153f36e2cd2df4\System.Windows.Forms.ni.dll
20:56:23.0459 0536 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\2335170ef8a6a3bee4153f36e2cd2df4\System.Windows.Forms.ni.dll - ok
20:56:23.0459 0536 [ 567B2B4082911211BCC37BF0944F4C60 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
20:56:23.0459 0536 C:\Windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll - ok
20:56:23.0459 0536 [ C8671C904A016F5A4802B6C3F1FB7931 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
20:56:23.0459 0536 C:\Windows\Microsoft.NET\Framework\v2.0.50727\alink.dll - ok
20:56:23.0459 0536 [ 6B42915AC7F560D78C5EE9EE88295A06 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
20:56:23.0459 0536 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll - ok
20:56:23.0475 0536 [ BDC16E98EA13B1EBEBCF49385394F05B ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
20:56:23.0475 0536 C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe - ok
20:56:23.0475 0536 [ 58299D95B1CD0F7CCCE54460543B1512 ] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IntelVisualDesign.dll
20:56:23.0475 0536 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IntelVisualDesign.dll - ok
20:56:23.0475 0536 [ 07857FA5E92930627281D8B454C0DD5C ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1430191d067c0f28c3a676d3ecb85b26\System.Runtime.Remoting.ni.dll
20:56:23.0475 0536 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1430191d067c0f28c3a676d3ecb85b26\System.Runtime.Remoting.ni.dll - ok
20:56:23.0475 0536 [ E9087CD0BBC48A35CDB98464715993AC ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\788257bab792c2704841588120cf6ad1\System.Configuration.ni.dll
20:56:23.0475 0536 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\788257bab792c2704841588120cf6ad1\System.Configuration.ni.dll - ok
20:56:23.0475 0536 [ CDAD3376DFF3D9AC7FDCBE2B94B0D3C8 ] C:\Windows\System32\shfolder.dll
20:56:23.0475 0536 C:\Windows\System32\shfolder.dll - ok
20:56:23.0490 0536 [ 60CC15392FF14DCB9C29C69B3233741B ] C:\Windows\System32\stobject.dll
20:56:23.0490 0536 C:\Windows\System32\stobject.dll - ok
20:56:23.0490 0536 [ 86B6AC0FD2881B3D20B80F51C7152AE0 ] C:\Windows\System32\batmeter.dll
20:56:23.0490 0536 C:\Windows\System32\batmeter.dll - ok
20:56:23.0490 0536 [ 651F169718CC46C8A9264880C538D5FF ] C:\Windows\System32\prnfldr.dll
20:56:23.0490 0536 C:\Windows\System32\prnfldr.dll - ok
20:56:23.0490 0536 [ 5F8DB784F4B58A4B5BB89FB9A654F5A9 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\370a46899f68fa613bdfd77734fd2117\System.Management.ni.dll
20:56:23.0490 0536 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\370a46899f68fa613bdfd77734fd2117\System.Management.ni.dll - ok
20:56:23.0506 0536 [ 8639237940994AAB9B8E8503F2A551A0 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll
20:56:23.0506 0536 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll - ok
20:56:23.0506 0536 [ 4BB4E351545FAEC2C9DC7C588911373D ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\614ebfc5176ab6f95e6392d0423c9678\System.Core.ni.dll
20:56:23.0506 0536 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\614ebfc5176ab6f95e6392d0423c9678\System.Core.ni.dll - ok
20:56:23.0506 0536 [ 913C2E4A03201644FC986EDEB5F8A390 ] C:\Windows\System32\DXP.dll
20:56:23.0506 0536 C:\Windows\System32\DXP.dll - ok
20:56:23.0506 0536 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
20:56:23.0506 0536 C:\Windows\System32\Syncreg.dll - ok
20:56:23.0506 0536 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
20:56:23.0506 0536 C:\Windows\ehome\ehSSO.dll - ok
20:56:23.0522 0536 [ C6F5E9E21B70113FFD90DF51A0458191 ] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\GenericVideoRotation.dll
20:56:23.0522 0536 C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\GenericVideoRotation.dll - ok
20:56:23.0522 0536 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
20:56:23.0522 0536 C:\Windows\System32\AltTab.dll - ok
20:56:23.0522 0536 [ 00D1F89836927C0F2E37321E6B441FCE ] C:\Windows\SysWOW64\msxml3.dll
20:56:23.0522 0536 C:\Windows\SysWOW64\msxml3.dll - ok
20:56:23.0522 0536 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
20:56:23.0522 0536 C:\Windows\System32\PortableDeviceTypes.dll - ok
20:56:23.0537 0536 [ AB01C36BCC34CCFE5B0BB5FFB2605135 ] C:\Windows\System32\WPDShServiceObj.dll
20:56:23.0537 0536 C:\Windows\System32\WPDShServiceObj.dll - ok
20:56:23.0537 0536 [ FD4F95ABDE5603478C929B6CB0BDCFFF ] C:\Windows\System32\pnidui.dll
20:56:23.0537 0536 C:\Windows\System32\pnidui.dll - ok
20:56:23.0537 0536 [ BD03C64C4B1F34D1F330BF6C4AC8113D ] C:\Windows\System32\QUTIL.DLL
20:56:23.0537 0536 C:\Windows\System32\QUTIL.DLL - ok
20:56:23.0537 0536 [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
20:56:23.0537 0536 C:\Windows\System32\rasdlg.dll - ok
20:56:23.0537 0536 [ BB68579E181956E37EB11F9083C01CF3 ] C:\Windows\System32\dot3api.dll
20:56:23.0537 0536 C:\Windows\System32\dot3api.dll - ok
20:56:23.0553 0536 [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
20:56:23.0553 0536 C:\Windows\System32\wlanhlp.dll - ok
20:56:23.0553 0536 [ C3C5B67FF98E1B175A744641E5F77CF9 ] C:\Windows\System32\cscobj.dll
20:56:23.0553 0536 C:\Windows\System32\cscobj.dll - ok
20:56:23.0553 0536 [ 0B9F7D42D745038437FAE70D97F9AD5A ] C:\Windows\System32\QAGENT.DLL
20:56:23.0553 0536 C:\Windows\System32\QAGENT.DLL - ok
20:56:23.0553 0536 [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
20:56:23.0553 0536 C:\Windows\System32\WWanAPI.dll - ok
20:56:23.0553 0536 [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
20:56:23.0553 0536 C:\Windows\System32\wwapi.dll - ok
20:56:23.0568 0536 [ 2C5B8A680A90E96B1EC0D6DA0505E685 ] C:\Windows\System32\srchadmin.dll
20:56:23.0568 0536 C:\Windows\System32\srchadmin.dll - ok
20:56:23.0568 0536 [ A63FA85849FF0BF4E1903DEFFF37630C ] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\BeatsAudio.dll
20:56:23.0568 0536 C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\BeatsAudio.dll - ok
20:56:23.0568 0536 [ D7CEAEDD5F75D2C8A2E80887D7C114CE ] C:\Windows\System32\webcheck.dll
20:56:23.0568 0536 C:\Windows\System32\webcheck.dll - ok
20:56:23.0568 0536 [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
20:56:23.0568 0536 C:\Windows\System32\mlang.dll - ok
20:56:23.0584 0536 [ E6F66F31422C44EDC00D9C9329E7DF60 ] C:\Windows\System32\SyncCenter.dll
20:56:23.0584 0536 C:\Windows\System32\SyncCenter.dll - ok
20:56:23.0584 0536 [ 8BC00C736E67A75D936E5B440917359B ] C:\Windows\System32\ActionCenter.dll
20:56:23.0584 0536 C:\Windows\System32\ActionCenter.dll - ok
20:56:23.0584 0536 [ 8B886A0AC14EAA8599142887991A5A2E ] C:\Windows\System32\imapi2.dll
20:56:23.0584 0536 C:\Windows\System32\imapi2.dll - ok
20:56:23.0584 0536 [ F0AAB2A76A7AF04C70A818E96BAF3E64 ] C:\Windows\System32\hgcpl.dll
20:56:23.0584 0536 C:\Windows\System32\hgcpl.dll - ok
20:56:23.0584 0536 [ 2CEFF13ACE25A40BD8D97654944297CD ] C:\Windows\svchost.exe
20:56:23.0584 0536 C:\Windows\svchost.exe - ok
20:56:23.0600 0536 [ 0E85C11F8850D524B02181C6E02BA9AE ] C:\Windows\SysWOW64\dsound.dll
20:56:23.0600 0536 C:\Windows\SysWOW64\dsound.dll - ok
20:56:23.0600 0536 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
20:56:23.0600 0536 C:\Windows\System32\FXSST.dll - ok
20:56:23.0600 0536 [ 34E6D8C67E7FD7C917BECFECA326B168 ] C:\Windows\System32\FXSAPI.dll
20:56:23.0600 0536 C:\Windows\System32\FXSAPI.dll - ok
20:56:23.0600 0536 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
20:56:23.0600 0536 C:\Windows\System32\FXSRESM.dll - ok
20:56:23.0600 0536 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] C:\Windows\System32\FXSSVC.exe
20:56:23.0600 0536 C:\Windows\System32\FXSSVC.exe - ok
20:56:23.0615 0536 [ 93065308C1B237A9C4A021A0C5AA65CA ] C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\qbackup.dll
20:56:23.0615 0536 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\qbackup.dll - ok
20:56:23.0615 0536 [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\SysWOW64\netprofm.dll
20:56:23.0615 0536 C:\Windows\SysWOW64\netprofm.dll - ok
20:56:23.0615 0536 [ 045DB4EAB4FBD23210E85ECC3F464A2E ] C:\Windows\SysWOW64\nlaapi.dll
20:56:23.0615 0536 C:\Windows\SysWOW64\nlaapi.dll - ok
20:56:23.0615 0536 [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\SysWOW64\npmproxy.dll
20:56:23.0615 0536 C:\Windows\SysWOW64\npmproxy.dll - ok
20:56:23.0631 0536 [ 21894CB605E416D26892DC445507408E ] C:\Windows\SysWOW64\pdh.dll
20:56:23.0631 0536 C:\Windows\SysWOW64\pdh.dll - ok
20:56:23.0631 0536 [ 6FA41E0C86EF049A12C05CA4BBA8F9AF ] C:\Windows\SysWOW64\perfos.dll
20:56:23.0631 0536 C:\Windows\SysWOW64\perfos.dll - ok
20:56:23.0631 0536 [ B92E9318F7E4AEF633B8EC3A873565AF ] C:\Windows\SysWOW64\perfdisk.dll
20:56:23.0631 0536 C:\Windows\SysWOW64\perfdisk.dll - ok
20:56:23.0631 0536 ============================================================
20:56:23.0631 0536 Scan finished
20:56:23.0631 0536 ============================================================
20:56:23.0646 0116 Detected object count: 5
20:56:23.0646 0116 Actual detected object count: 5
20:57:40.0913 0116 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:57:40.0913 0116 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:57:40.0913 0116 HPFSService ( UnsignedFile.Multi.Generic ) - skipped by user
20:57:40.0913 0116 HPFSService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:57:40.0913 0116 McAfee Endpoint Encryption Agent ( UnsignedFile.Multi.Generic ) - skipped by user
20:57:40.0913 0116 McAfee Endpoint Encryption Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:57:41.0896 0116 \Device\Harddisk0\DR0\# - copied to quarantine
20:57:41.0912 0116 \Device\Harddisk0\DR0 - copied to quarantine
20:57:41.0974 0116 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
20:57:41.0974 0116 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
20:57:41.0990 0116 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
20:57:42.0005 0116 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
20:57:42.0005 0116 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
20:57:42.0005 0116 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
20:57:42.0021 0116 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
20:57:42.0021 0116 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:57:42.0021 0116 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:57:42.0021 0116 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
20:57:42.0037 0116 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
20:57:42.0037 0116 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
20:57:42.0068 0116 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
20:57:42.0161 0116 \Device\Harddisk0\DR0 - ok
20:57:43.0051 0116 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
20:57:43.0051 0116 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:57:43.0051 0116 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
20:57:51.0007 4344 Deinitialize success

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:09 PM

Posted 13 December 2012 - 12:21 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Retcon

Retcon
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 13 December 2012 - 12:40 AM

Wasn't sure if you still wanted the aswMBR Log or not, so here it is below. I will be starting the CFScript after this.


aswMBR Log


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-12 21:20:15
-----------------------------
21:20:15.390 OS Version: Windows x64 6.1.7600
21:20:15.390 Number of processors: 4 586 0x2A07
21:20:15.390 ComputerName: JOSHUABARHAM-HP UserName: Joshua Barham
21:20:16.388 Initialize success
21:21:42.983 AVAST engine defs: 12121300
21:21:51.360 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:21:51.360 Disk 0 Vendor: Hitachi_ JF3O Size: 476940MB BusType: 3
21:21:51.375 Disk 0 MBR read successfully
21:21:51.375 Disk 0 MBR scan
21:21:51.375 Disk 0 Windows 7 default MBR code
21:21:51.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
21:21:51.391 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 454145 MB offset 616448
21:21:51.422 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17371 MB offset 930705408
21:21:51.438 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 5115 MB offset 966281216
21:21:51.500 Disk 0 scanning C:\windows\system32\drivers
21:22:01.172 Service scanning
21:22:26.865 Modules scanning
21:22:26.881 Disk 0 trace - called modules:
21:22:27.411 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
21:22:27.427 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004da8060]
21:22:27.443 3 CLASSPNP.SYS[fffff880013a643f] -> nt!IofCallDriver -> [0xfffffa8004c88b10]
21:22:27.443 5 hpdskflt.sys[fffff880017e7189] -> nt!IofCallDriver -> [0xfffffa8004b87e40]
21:22:27.458 7 ACPI.sys[fffff88000f60781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b86050]
21:22:28.472 AVAST engine scan C:\windows
21:22:31.405 AVAST engine scan C:\windows\system32
21:25:04.129 AVAST engine scan C:\windows\system32\drivers
21:25:23.255 AVAST engine scan C:\Users\Joshua Barham
21:34:41.830 AVAST engine scan C:\ProgramData
21:36:28.456 Scan finished successfully
21:36:47.332 Disk 0 MBR has been saved successfully to "C:\Users\Joshua Barham\Desktop\MBR.dat"
21:36:47.332 The log file has been saved successfully to "C:\Users\Joshua Barham\Desktop\aswMBR.txt"

#14 Retcon

Retcon
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 13 December 2012 - 12:57 AM

No problems running ComboFix, didn't even require a restart.
The computer seems to be running fine as well. No issues that I am aware of, other than the Security Alert pop-up of "You are about to leave a secure internet connection..." when in Internet Explorer.


CFScript/ComboFix Log


ComboFix 12-12-12.01 - Joshua Barham 12/12/2012 21:44:15.2.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4030.2090 [GMT -8:00]
Running from: c:\users\Joshua Barham\Desktop\ComboFix.exe
Command switches used :: c:\users\Joshua Barham\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-13 to 2012-12-13 )))))))))))))))))))))))))))))))
.
.
2012-12-13 05:49 . 2012-12-13 05:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-13 04:57 . 2012-12-13 04:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-12 07:38 . 2012-12-12 07:38 -------- d-----w- c:\users\Joshua Barham\AppData\Roaming\Malwarebytes
2012-12-12 07:38 . 2012-12-12 07:38 -------- d-----w- c:\programdata\Malwarebytes
2012-12-12 07:38 . 2012-12-12 07:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-12 07:38 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-12 06:34 . 2012-12-12 06:34 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-12 06:34 . 2012-12-12 06:34 -------- d-----w- c:\program files (x86)\Java
2012-12-12 01:48 . 2012-11-09 05:34 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-30 01:43 . 2012-11-30 01:43 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2012-11-28 09:46 . 2012-08-27 11:55 443008 ----a-w- c:\windows\system32\athihvs.dll
2012-11-28 09:45 . 2012-11-28 09:46 -------- d-----w- c:\programdata\Qualcomm Atheros
2012-11-15 01:28 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 01:28 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 06:34 . 2012-08-23 21:11 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-12 06:34 . 2012-08-23 21:11 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-04 16:45 . 2012-12-12 01:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2011-02-07 12274688]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"HP HD Webcam [Fixed]_Monitor"="c:\program files (x86)\HP HD Webcam [Fixed]\monitor.exe" [2010-11-26 11:31 267128]
"DTRun"="c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2010-11-24 517456]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-02-11 76344]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2012-06-20 333728]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-02-03 22:09 75360 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-03-07 62184]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-01-07 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-01-07 298144]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-01-07 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-01-07 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-01-07 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-01-07 279200]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2011-02-07 63336]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2011-09-05 476728]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-11 1255736]
S0 MfeEpeOpal;MfeEpeOpal; [x]
S0 MfeEpePc;MfeEpePc; [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111027.001\BHDrvx64.sys [2011-10-15 1155704]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111109.030\IDSvia64.sys [2011-11-04 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-08-16 89600]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-01-07 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-07 53920]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-07-15 137272]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-01-28 133688]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-02-07 320000]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2012-06-20 523680]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2012-02-28 31000]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-04-06 1323008]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-08-12 1128952]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-03-16 113264]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2012-02-15 2602576]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2010-11-11 32192]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-01-07 28832]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-05-23 1098296]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-08-16 317440]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2012-08-16 173656]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 406632]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys [2011-01-12 2611704]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 03464330
*NewlyCreated* - 46342155
*NewlyCreated* - ASWMBR
*Deregistered* - 03464330
*Deregistered* - 46342155
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-12 c:\windows\Tasks\HPCeeScheduleForJoshua Barham.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-07 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-07 379040]
"MfeEpePcMonitor"="c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" [2012-04-06 200704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-16 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-16 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-16 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-08-16 1424896]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-22492332.sys
SafeBoot-46342155.sys
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-12 21:50:29
ComboFix-quarantined-files.txt 2012-12-13 05:50
ComboFix2.txt 2012-12-13 03:59
.
Pre-Run: 403,506,716,672 bytes free
Post-Run: 403,596,283,904 bytes free
.
- - End Of File - - 6935DF2B233CD8C437AACA1A23DCFCF3

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:09 PM

Posted 13 December 2012 - 08:45 AM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users