Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Reveton it seems


  • This topic is locked This topic is locked
16 replies to this topic

#1 johnhock

johnhock

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 14 December 2012 - 05:23 PM

Hi everyone,

It appears that I've got the Reveton malware on my machine. It showeed up last night, and I tried the fix at this link:

http://www.bleepingcomputer.com/virus-removal/remove-police-central-e-crime-unit-reveton-ransomware

But it did not appear to work so I am posting here. Here is the DDS log ... I've also attached the attach.txt log as well. Thanks for your help.


DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by John_Hock at 16:10:35.93 on Fri 12/14/2012
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3572.2921 [GMT -6:00]

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\john_hock\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Users\john_hock\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://wxp-9lv50c1.aus.amer.dell.com/snp/default.html
uWindow Title = Windows Internet Explorer provided by Dell Client Engineering Team
uInternet Settings,ProxyServer = http=proxy:80;https=proxy:80;ftp=proxy:80;gopher=proxy:80;socks=proxy:80
uInternet Settings,ProxyOverride = 143.166.*;*.dell.co*;163.244.*;10.*;127.*;198.185.237.*;*.corptvl.com;ORL10PLUSWS01.CSERVER;dell.mtgworksphere.com;dellhome.mtgworksphere.com;64.207.0.*;*.tbgfinancial.com;myinvoice.csd.disa.mil;vdc.emc.com;192.0.2.*;*.servigistics.com
mWinlogon: Userinit=c:\windows\system32\userinit.exe,"c:\program files\microsoft application virtualization client\sftdcc.exe"
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [SoftGridTray] "c:\program files\microsoft application virtualization client\SFTTray.exe" /autostart
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [SafeBootTrayManager] "c:\program files\safeboot tray manager\SbTrayManager.exe"
mRun: [SafeBootTokenWatcher] "c:\program files\mcafee\endpoint encryption for pc\SbTokWatch.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\john_h~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\runctf.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\jabrad~1.lnk - c:\program files\jabra\jabra pc suite\JabraDeviceService.exe
uPolicies-explorer: NoWindowsUpdate = 1 (0x1)
uPolicies-explorer: HideSCAHealth = 1 (0x1)
uPolicies-explorer: DisallowCpl = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 1 (0x1)
dPolicies-explorer: DisallowCpl = 1 (0x1)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: activationnow.com\dell
Trusted Zone: activationnow.com\dell-ist
Trusted Zone: convergencenow.eu\dell
Trusted Zone: dell.com\browsestaging
Trusted Zone: dell.com\browsewip
Trusted Zone: dell.com\chat2.ap
Trusted Zone: dell.com\chat2.euro
Trusted Zone: dell.com\chat2.us
Trusted Zone: dell.com\chat4.us
Trusted Zone: dell.com\chat5.us
Trusted Zone: dell.com\china
Trusted Zone: dell.com\content
Trusted Zone: dell.com\dcv
Trusted Zone: dell.com\dellapjemailresponse.us
Trusted Zone: dell.com\dellemailresponse.us
Trusted Zone: dell.com\dellemeaemailresponse.us
Trusted Zone: dell.com\dellserv.aus.amer
Trusted Zone: dell.com\delta-apj.pen.apac
Trusted Zone: dell.com\delta-emea.lim.emea
Trusted Zone: dell.com\delta.pen.apac
Trusted Zone: dell.com\ecomm
Trusted Zone: dell.com\ecomm.apj
Trusted Zone: dell.com\ecomm.euro
Trusted Zone: dell.com\isp-apj.us
Trusted Zone: dell.com\isp.us
Trusted Zone: dell.com\kcs
Trusted Zone: dell.com\kulapjdcssap.kul.apac
Trusted Zone: dell.com\learnwip
Trusted Zone: dell.com\Onedellway.us
Trusted Zone: dell.com\onespot
Trusted Zone: dell.com\pbar.us
Trusted Zone: dell.com\reviews
Trusted Zone: dell.com\www
Trusted Zone: elementk.com\contenthub
Trusted Zone: force.com\*
Trusted Zone: on24.com\event
Trusted Zone: perotsystems.com
Trusted Zone: perotsystems.net
Trusted Zone: ps.net
Trusted Zone: salesforce.com\*
DPF: Shopping.Probe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ingrammicro.webex.com/client/T27L10NSP11EP14/webex/ieatgpc1.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
LSA: Notification Packages = SbNp scecli

================= FIREFOX ===================

FF - ProfilePath - c:\users\john_h~1\appdata\roaming\mozilla\firefox\profiles\keood3g2.default\
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\users\john_hock\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\john_hock\appdata\roaming\mozilla\plugins\npMeetingJoinPluginAOCUser.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll

============= SERVICES / DRIVERS ===============

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2010-6-10 103760]
R0 SBAlg;SBAlg;c:\windows\system32\drivers\SbAlg.sys [2008-8-13 44976]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2010-6-10 6496]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2011-3-24 6114816]
S0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-31 343920]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\john_hock\desktop\emsisoftemergencykit\run\a2ddax86.sys [2012-12-14 17904]
S1 enstart_;enstart_;c:\windows\system32\enstart_.sys [2011-3-25 56704]
S1 RsvLock;RsvLock;c:\windows\system32\drivers\RsvLock.sys [2010-6-10 33328]
S1 SbFlop;SbFlop;c:\windows\system32\drivers\SbFlop.sys [2010-6-10 34480]
S1 SbRegFlt;SbRegFlt;c:\windows\system32\drivers\SbRegFlt.sys [2010-6-10 14664]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_111ae7bb7f222578\AEstSrv.exe [2011-3-24 81920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 CmRcService;Configuration Manager Remote Control;c:\windows\ccm\remctrl\CmRcService.exe [2012-2-20 442224]
S2 dsiasrv;DSM CM Inventory Agent;c:\program files\dell\sysmgt\dsia\bin\DsiaSrv32.exe [2012-3-29 149528]
S2 enstart;enstart;c:\windows\system32\enstart.exe -s --> c:\windows\system32\enstart.exe -s [?]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2010-3-25 22816]
S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2010-10-15 120128]
S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2010-3-25 147472]
S2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2010-5-26 61440]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-31 70728]
S2 NightWatchman;1E NightWatchman;c:\program files\1e\agent\nightwatchman\NwmSvc.exe [2011-2-28 1110360]
S2 NomadBranch;1E Nomad Branch;c:\program files\1e\nomadbranch\NomadBranch.exe [2012-11-19 1452416]
S2 SafeBootClientManager;SafeBoot Client Manager;c:\program files\mcafee\endpoint encryption for pc\SbClientManager.exe [2010-6-10 380988]
S2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-12-27 508264]
S2 WakeUpAgt;1E WakeUp Agent;c:\program files\1e\agent\wakeup\WakeUpAgt.exe [2011-2-28 426824]
S3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2011-3-24 42672]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 250808]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2011-3-24 33832]
S3 dc21x4vm;dc21x4vm;c:\windows\system32\drivers\dc21x4vm.sys [2009-6-10 52224]
S3 DIGITECH;DIGITECH;c:\windows\system32\drivers\DIGITECH.sys [2011-3-24 14848]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-3-24 132352]
S3 JabraDFU;Jabra Bluecore DFU driver;c:\windows\system32\drivers\JabraBcDfuWhqlXPx86.sys [2009-12-1 32624]
S3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\microsoft policy platform\policyHost.exe [2011-12-6 48936]
S3 lppsvc;Microsoft Policy Platform Processor;c:\program files\microsoft policy platform\policyHost.exe [2011-12-6 48936]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-31 91832]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-31 43288]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-31 66600]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-26 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 QCFilterdl;Dell Wireless 5600 (EV-DO-HSPA) Mobile Broadband Mini-Card Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterdl.sys [2011-3-24 5248]
S3 qcfilterdl2k;Gobi 2000 USB Composite Device Filter Driver(413C-8186);c:\windows\system32\drivers\qcfilterdl2k.sys [2011-3-24 5248]
S3 qcusbserdl;Dell USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserdl.sys [2011-3-24 103680]
S3 qcusbserdl2k;Gobi 2000 USB Device for Legacy Serial Communication(413C-8186);c:\windows\system32\drivers\qcusbserdl2k.sys [2011-3-24 106368]
S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2011-3-24 48640]
S3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2011-3-24 47616]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2011-3-24 38912]
S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfswin7.sys [2010-12-27 578408]
S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaywin7.sys [2010-12-27 194408]
S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirwin7.sys [2010-12-27 21864]
S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolwin7.sys [2010-12-27 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-12-27 219496]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SynthVid;SynthVid;c:\windows\system32\drivers\VMBusVideoM.sys [2009-7-14 19456]
S3 tcm;tcm;c:\windows\system32\drivers\tcm.sys [2011-3-24 12952]

=============== Created Last 30 ================

2012-12-14 15:12:38 -------- d-----w- c:\users\john_h~1\appdata\local\ElevatedDiagnostics
2012-12-14 08:08:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-14 08:08:43 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 08:08:23 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-12-14 08:06:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-14 08:03:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-12-14 08:03:03 44544 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-14 02:51:53 197632 ----a-w- c:\users\john_hock\wgsdgsdgdsgsd.exe
2012-12-01 08:15:13 6812136 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{e15e64a4-9f14-4721-8d4e-fa1823816eaf}\mpengine.dll
2012-11-16 14:15:31 78336 ----a-w- c:\windows\system32\synceng.dll

==================== Find3M ====================

2012-12-13 04:48:43 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-13 04:48:43 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-22 07:43:13 2344960 ----a-w- c:\windows\system32\win32k.sys
2012-10-29 19:02:31 188416 ----a-w- c:\windows\ADDMRemQuery_x86.exe
2012-10-27 05:00:40 981504 ----a-w- c:\windows\system32\wininet.dll
2012-10-27 03:52:14 386048 ----a-w- c:\windows\system32\html.iec
2012-10-04 16:53:53 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-10-04 16:49:12 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-10-04 15:00:00 271360 ----a-w- c:\windows\system32\conhost.exe
2012-10-04 14:44:29 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:44:29 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:44:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:44:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

============= FINISH: 16:13:16.82 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 14 December 2012 - 10:38 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 johnhock

johnhock
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 14 December 2012 - 11:27 PM

Thanks, Gringo! I really appreciate it!

I should add that this is the version of Reveton that only appears if you are connected to the internet ... as long as I have the wi-fi connection turned off, the machine acts normally. Within five seconds of connecting, however, the ransomware screen appears and prevents any other activity.

Here are your logs:

Security Check
Results of screen317's Security Check version 0.99.56
Windows 7 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
McAfee VirusScan Enterprise
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
McAfee AntiSpyware Enterprise Module
Java™ 6 Update 23
Java version out of Date!
Adobe Flash Player 11.5.502.135
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox 14.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
windows defender MpCmdRun.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


ADW Cleaner
# AdwCleaner v2.100 - Logfile created 12/14/2012 at 22:08:46
# Updated 09/12/2012 by Xplode
# Operating system : Windows 7 Enterprise (32 bits)
# User : John_Hock - WN7-D3YYVL1
# Boot Mode : Safe mode with networking
# Running from : C:\Users\john_hock\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\Software\Conduit

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.17153

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\john_hock\AppData\Roaming\Mozilla\Firefox\Profiles\keood3g2.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1097 octets] - [14/12/2012 22:08:46]

########## EOF - C:\AdwCleaner[S1].txt - [1157 octets] ##########


Rogue Killer
RogueKiller V8.4.0 [Dec 14 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Safe mode with network support
User : John_Hock [Admin rights]
Mode : Remove -- Date : 12/14/2012 22:23:24

Bad processes : 0

Registry Entries : 5
[RUN][BLACKLISTDLL] HKLM\[...]\Run : NVHotkey (rundll32.exe C:\Windows\system32\nvHotkey.dll,Start) -> DELETED
[STARTUP][BLACKLISTDLL] runctf.lnk @john_hock : C:\Windows\System32\rundll32.exe|C:\Users\JOHN_H~1\wgsdgsdgdsgsd.exe,H1N1 -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=proxy:80;hxxps=proxy:80;ftp=proxy:80;gopher=proxy:80;socks=proxy:80) -> NOT REMOVED, USE PROXYFIX
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

Particular Files / Folders:

Driver : [NOT LOADED]

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: ST9160314AS +++++
--- User ---
[MBR] ae4ff73662ac6bacab77f11d7c1206d9
[BSP] a1a5256d3a9740309ee3fb831477660b : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_12142012_02d2223.txt >>
RKreport[1]_S_12142012_02d2222.txt ; RKreport[2]_D_12142012_02d2223.txt

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 14 December 2012 - 11:32 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 johnhock

johnhock
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 15 December 2012 - 10:35 AM

Thanks, again, Gringo. I am currently running in normal mode with the networking active and I am not seeing the Reveton screen, so that's apositive sign. Heretofore, it would have popped up within 5 seconds or so. Here is the ComboFix log:

ComboFix 12-12-14.01 - John_Hock 12/15/2012 8:53.1.2 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3572.2409 [GMT -6:00]
Running from: c:\users\john_hock\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\john_hock\AppData\Local\Microsoft\Windows\Temporary Internet Files\{35A04EE3-CECE-41C5-9014-5A8446A36E25}.xps
c:\users\john_hock\AppData\Local\Microsoft\Windows\Temporary Internet Files\{716E632B-3B44-4017-857B-911901019BCF}.xps
c:\users\john_hock\AppData\Local\Microsoft\Windows\Temporary Internet Files\{946D04CD-907E-44E3-979D-6A7ED67CA1F6}.xps
c:\users\john_hock\g2mdlhlpx.exe
c:\users\john_hock\wgsdgsdgdsgsd.exe
c:\windows\system32\e
c:\windows\system32\e\Application Data\1E\WakeUpAgt\States\20111224T.mgt
c:\windows\system32\e\Application Data\1E\WakeUpAgt\States\20111225T.mgt
c:\windows\system32\e\Application Data\1E\WakeUpAgt\States\20111227T.mgt
c:\windows\system32\e\Application Data\1E\WakeUpAgt\States\20111228T.mgt
c:\windows\system32\e\Application Data\1E\WakeUpAgt\States\20111229T.mgt
.
.
((((((((((((((((((((((((( Files Created from 2012-11-15 to 2012-12-15 )))))))))))))))))))))))))))))))
.
.
2012-12-15 15:05 . 2012-12-15 15:06 -------- d-----w- c:\users\john_hock\AppData\Local\temp
2012-12-15 15:05 . 2012-12-15 15:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-15 15:05 . 2012-12-15 15:05 -------- d-----w- c:\users\admroland_cortez\AppData\Local\temp
2012-12-15 14:49 . 2012-12-15 14:49 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E15E64A4-9F14-4721-8D4E-FA1823816EAF}\offreg.dll
2012-12-14 15:12 . 2012-12-14 15:12 -------- d-----w- c:\users\john_hock\AppData\Local\ElevatedDiagnostics
2012-12-14 08:08 . 2012-11-05 14:03 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-14 08:08 . 2012-11-05 14:03 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 08:08 . 2012-11-02 04:48 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-12-14 08:06 . 2012-11-09 04:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-14 08:03 . 2012-11-12 11:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-12-14 08:03 . 2012-10-27 04:59 44544 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-01 08:15 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E15E64A4-9F14-4721-8D4E-FA1823816EAF}\mpengine.dll
2012-11-16 14:15 . 2012-09-25 21:55 78336 ----a-w- c:\windows\system32\synceng.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 04:48 . 2012-04-01 02:53 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-13 04:48 . 2011-06-16 13:11 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-29 19:02 . 2012-10-29 19:02 188416 ----a-w- c:\windows\ADDMRemQuery_x86.exe
2012-08-22 05:47 . 2012-03-29 01:25 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Steam"="c:\program files\Steam\Steam.exe" [2012-12-03 1354736]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2012-07-30 5164632]
"SoftGridTray"="c:\program files\Microsoft Application Virtualization Client\SFTTray.exe" [2010-12-27 853352]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2010-10-15 140608]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-03-26 124224]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-24 278528]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-03-24 495711]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-19 13838952]
"SafeBootTrayManager"="c:\program files\SafeBoot Tray Manager\SbTrayManager.exe" [2009-08-19 69632]
"SafeBootTokenWatcher"="c:\program files\McAfee\Endpoint Encryption for PC\SbTokWatch.exe" [2010-06-10 172092]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Jabra Device Service.lnk - c:\program files\Jabra\Jabra PC Suite\JabraDeviceService.exe [2011-3-18 550912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbNp scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"AutoUpdatesDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 dsiasrv;DSM CM Inventory Agent;c:\program files\Dell\SysMgt\dsia\bin\DsiaSrv32.exe [x]
R3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
R3 dc21x4vm;dc21x4vm;c:\windows\system32\DRIVERS\dc21x4vm.sys [x]
R3 DIGITECH;DIGITECH;c:\windows\system32\DRIVERS\DIGITECH.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 JabraDFU;Jabra Bluecore DFU driver;c:\windows\system32\Drivers\JabraBcDfuWhqlXPx86.sys [x]
R3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\Microsoft Policy Platform\policyHost.exe [x]
R3 lppsvc;Microsoft Policy Platform Processor;c:\program files\Microsoft Policy Platform\policyHost.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 QCFilterdl;Dell Wireless 5600 (EV-DO-HSPA) Mobile Broadband Mini-Card Composite Device Filter Driver;c:\windows\system32\DRIVERS\qcfilterdl.sys [x]
R3 qcfilterdl2k;Gobi 2000 USB Composite Device Filter Driver(413C-8186);c:\windows\system32\DRIVERS\qcfilterdl2k.sys [x]
R3 qcusbserdl;Dell USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbserdl.sys [x]
R3 qcusbserdl2k;Gobi 2000 USB Device for Legacy Serial Communication(413C-8186);c:\windows\system32\DRIVERS\qcusbserdl2k.sys [x]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [x]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [x]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
R3 tcm;tcm;c:\windows\system32\DRIVERS\tcm.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SBAlg;SBAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\john_hock\Desktop\Emsisoftemergencykit\Run\a2ddax86.sys [x]
S1 enstart_;enstart_;c:\windows\system32\enstart_.sys [x]
S1 RsvLock;RsvLock; [x]
S1 SbFlop;SbFlop; [x]
S1 SbRegFlt;SbRegFlt; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\aestsrv.exe [x]
S2 CmRcService;Configuration Manager Remote Control;c:\windows\CCM\RemCtrl\CmRcService.exe [x]
S2 enstart;enstart;c:\windows\system32\enstart.exe [x]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NightWatchman;1E NightWatchman;c:\program files\1E\Agent\NightWatchman\NwmSvc.exe [x]
S2 NomadBranch;1E Nomad Branch;c:\program files\1E\NomadBranch\NomadBranch.exe [x]
S2 SafeBootClientManager;SafeBoot Client Manager;c:\program files\McAfee\Endpoint Encryption for PC\SbClientManager.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 WakeUpAgt;1E WakeUp Agent;c:\program files\1E\Agent\WakeUp\WakeUpAgt.exe [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [x]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeapfk01
*Deregistered* - mfeapfk02
*Deregistered* - mfebopk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 04:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://wxp-9lv50c1.aus.amer.dell.com/snp/default.html
uInternet Settings,ProxyServer = http=proxy:80;https=proxy:80;ftp=proxy:80;gopher=proxy:80;socks=proxy:80
uInternet Settings,ProxyOverride = 143.166.*;*.dell.co*;163.244.*;10.*;127.*;198.185.237.*;*.corptvl.com;ORL10PLUSWS01.CSERVER;dell.mtgworksphere.com;dellhome.mtgworksphere.com;64.207.0.*;*.tbgfinancial.com;myinvoice.csd.disa.mil;vdc.emc.com;192.0.2.*;*.servigistics.com
Trusted Zone: activationnow.com\dell
Trusted Zone: activationnow.com\dell-ist
Trusted Zone: convergencenow.eu\dell
Trusted Zone: dell.com\browsestaging
Trusted Zone: dell.com\browsewip
Trusted Zone: dell.com\chat2.ap
Trusted Zone: dell.com\chat2.euro
Trusted Zone: dell.com\chat2.us
Trusted Zone: dell.com\chat4.us
Trusted Zone: dell.com\chat5.us
Trusted Zone: dell.com\china
Trusted Zone: dell.com\content
Trusted Zone: dell.com\dcv
Trusted Zone: dell.com\dellapjemailresponse.us
Trusted Zone: dell.com\dellemailresponse.us
Trusted Zone: dell.com\dellemeaemailresponse.us
Trusted Zone: dell.com\dellserv.aus.amer
Trusted Zone: dell.com\delta-apj.pen.apac
Trusted Zone: dell.com\delta-emea.lim.emea
Trusted Zone: dell.com\delta.pen.apac
Trusted Zone: dell.com\ecomm
Trusted Zone: dell.com\ecomm.apj
Trusted Zone: dell.com\ecomm.euro
Trusted Zone: dell.com\isp-apj.us
Trusted Zone: dell.com\isp.us
Trusted Zone: dell.com\kcs
Trusted Zone: dell.com\kulapjdcssap.kul.apac
Trusted Zone: dell.com\learnwip
Trusted Zone: dell.com\Onedellway.us
Trusted Zone: dell.com\onespot
Trusted Zone: dell.com\pbar.us
Trusted Zone: dell.com\reviews
Trusted Zone: dell.com\www
Trusted Zone: elementk.com\contenthub
Trusted Zone: force.com\*
Trusted Zone: on24.com\event
Trusted Zone: perotsystems.com
Trusted Zone: perotsystems.net
Trusted Zone: ps.net
Trusted Zone: salesforce.com\*
TCP: DhcpNameServer = 192.168.1.254
DPF: Shopping.Probe
FF - ProfilePath - c:\users\john_hock\AppData\Roaming\Mozilla\Firefox\Profiles\keood3g2.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-GameSpy Arcade - c:\progra~1\GAMESP~1\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(588)
c:\windows\system32\SbNp.DLL
.
Completion time: 2012-12-15 09:08:56
ComboFix-quarantined-files.txt 2012-12-15 15:08
.
Pre-Run: 77,760,184,320 bytes free
Post-Run: 78,310,912,000 bytes free
.
- - End Of File - - D2DAC74F69ABEB5BF5588C9B7694F6C7


Anything else to be done?

John

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 15 December 2012 - 02:23 PM

Greetings johnhock

As bad as this thing can be i am going to do same extra checking to make sure nothing is left behind

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 johnhock

johnhock
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 15 December 2012 - 10:50 PM

OK Gringo ... appreciate the thoroughness. Looks like I have to post twice since it said my post was too long. Here are logs:

TDSSKiller (Part I)

20:09:04.0703 4184 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:09:04.0750 4184 ============================================================
20:09:04.0750 4184 Current date / time: 2012/12/15 20:09:04.0750
20:09:04.0750 4184 SystemInfo:
20:09:04.0750 4184
20:09:04.0750 4184 OS Version: 6.1.7600 ServicePack: 0.0
20:09:04.0750 4184 Product type: Workstation
20:09:04.0750 4184 ComputerName: WN7-D3YYVL1
20:09:04.0750 4184 UserName: John_Hock
20:09:04.0750 4184 Windows directory: C:\Windows
20:09:04.0750 4184 System windows directory: C:\Windows
20:09:04.0750 4184 Processor architecture: Intel x86
20:09:04.0750 4184 Number of processors: 2
20:09:04.0750 4184 Page size: 0x1000
20:09:04.0750 4184 Boot type: Normal boot
20:09:04.0750 4184 ============================================================
20:09:05.0015 4184 BG loaded
20:09:05.0608 4184 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:09:05.0608 4184 ============================================================
20:09:05.0608 4184 \Device\Harddisk0\DR0:
20:09:05.0608 4184 MBR partitions:
20:09:05.0608 4184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
20:09:05.0608 4184 ============================================================
20:09:05.0624 4184 Initialize success
20:09:05.0624 4184 ============================================================
20:09:24.0515 5692 ============================================================
20:09:24.0515 5692 Scan started
20:09:24.0515 5692 Mode: Manual; SigCheck; TDLFS;
20:09:24.0515 5692 ============================================================
20:09:24.0531 5692 ================ Scan system memory ========================
20:09:24.0531 5692 System memory - ok
20:09:24.0531 5692 ================ Scan services =============================
20:09:24.0593 5692 1394ohci - ok
20:09:24.0609 5692 A2DDA - ok
20:09:24.0625 5692 Acceler - ok
20:09:24.0640 5692 ACPI - ok
20:09:24.0671 5692 AcpiPmi - ok
20:09:24.0718 5692 AdobeARMservice - ok
20:09:24.0734 5692 AdobeFlashPlayerUpdateSvc - ok
20:09:24.0765 5692 adp94xx - ok
20:09:24.0765 5692 adpahci - ok
20:09:24.0796 5692 adpu320 - ok
20:09:24.0796 5692 AeLookupSvc - ok
20:09:24.0812 5692 AESTFilters - ok
20:09:24.0843 5692 AFD - ok
20:09:24.0843 5692 agp440 - ok
20:09:24.0859 5692 aic78xx - ok
20:09:24.0890 5692 ALG - ok
20:09:24.0905 5692 aliide - ok
20:09:24.0905 5692 amdagp - ok
20:09:24.0921 5692 amdide - ok
20:09:24.0937 5692 AmdK8 - ok
20:09:24.0952 5692 AmdPPM - ok
20:09:24.0968 5692 amdsata - ok
20:09:24.0999 5692 amdsbs - ok
20:09:24.0999 5692 amdxata - ok
20:09:25.0030 5692 ApfiltrService - ok
20:09:25.0061 5692 AppID - ok
20:09:25.0061 5692 AppIDSvc - ok
20:09:25.0077 5692 Appinfo - ok
20:09:25.0093 5692 AppMgmt - ok
20:09:25.0108 5692 arc - ok
20:09:25.0124 5692 arcsas - ok
20:09:25.0139 5692 aspnet_state - ok
20:09:25.0171 5692 AsyncMac - ok
20:09:25.0202 5692 atapi - ok
20:09:25.0202 5692 AudioEndpointBuilder - ok
20:09:25.0217 5692 Audiosrv - ok
20:09:25.0233 5692 AxInstSV - ok
20:09:25.0249 5692 b06bdrv - ok
20:09:25.0264 5692 b57nd60x - ok
20:09:25.0280 5692 BDESVC - ok
20:09:25.0311 5692 Beep - ok
20:09:25.0327 5692 BFE - ok
20:09:25.0342 5692 BITS - ok
20:09:25.0342 5692 blbdrive - ok
20:09:25.0358 5692 bowser - ok
20:09:25.0373 5692 BrFiltLo - ok
20:09:25.0389 5692 BrFiltUp - ok
20:09:25.0451 5692 BridgeMP - ok
20:09:25.0451 5692 Browser - ok
20:09:25.0467 5692 Brserid - ok
20:09:25.0467 5692 BrSerWdm - ok
20:09:25.0483 5692 BrUsbMdm - ok
20:09:25.0498 5692 BrUsbSer - ok
20:09:25.0498 5692 BTHMODEM - ok
20:09:25.0529 5692 bthserv - ok
20:09:25.0561 5692 catchme - ok
20:09:25.0592 5692 CcmExec - ok
20:09:25.0623 5692 cdfs - ok
20:09:25.0654 5692 cdrom - ok
20:09:25.0670 5692 CertPropSvc - ok
20:09:25.0685 5692 circlass - ok
20:09:25.0685 5692 CLFS - ok
20:09:25.0701 5692 clr_optimization_v2.0.50727_32 - ok
20:09:25.0732 5692 clr_optimization_v4.0.30319_32 - ok
20:09:25.0732 5692 CmBatt - ok
20:09:25.0748 5692 cmdide - ok
20:09:25.0795 5692 CmRcService - ok
20:09:25.0795 5692 CNG - ok
20:09:25.0795 5692 Compbatt - ok
20:09:25.0810 5692 CompositeBus - ok
20:09:25.0826 5692 COMSysApp - ok
20:09:25.0826 5692 crcdisk - ok
20:09:25.0857 5692 CryptSvc - ok
20:09:25.0857 5692 CSC - ok
20:09:25.0888 5692 CscService - ok
20:09:25.0904 5692 cvusbdrv - ok
20:09:25.0904 5692 dc21x4vm - ok
20:09:25.0919 5692 DcomLaunch - ok
20:09:25.0951 5692 defragsvc - ok
20:09:25.0951 5692 DfsC - ok
20:09:25.0966 5692 Dhcp - ok
20:09:25.0982 5692 DIGITECH - ok
20:09:25.0997 5692 discache - ok
20:09:26.0013 5692 Disk - ok
20:09:26.0029 5692 Dnscache - ok
20:09:26.0044 5692 dot3svc - ok
20:09:26.0060 5692 DPS - ok
20:09:26.0060 5692 drmkaud - ok
20:09:26.0091 5692 dsiasrv - ok
20:09:26.0091 5692 DXGKrnl - ok
20:09:26.0122 5692 e1yexpress - ok
20:09:26.0138 5692 EapHost - ok
20:09:26.0138 5692 ebdrv - ok
20:09:26.0153 5692 EFS - ok
20:09:26.0153 5692 ehRecvr - ok
20:09:26.0185 5692 ehSched - ok
20:09:26.0200 5692 elxstor - ok
20:09:26.0216 5692 enstart - ok
20:09:26.0231 5692 enstart_ - ok
20:09:26.0231 5692 ErrDev - ok
20:09:26.0263 5692 EventSystem - ok
20:09:26.0278 5692 exfat - ok
20:09:26.0294 5692 fastfat - ok
20:09:26.0309 5692 Fax - ok
20:09:26.0341 5692 fdc - ok
20:09:26.0356 5692 fdPHost - ok
20:09:26.0356 5692 FDResPub - ok
20:09:26.0372 5692 FileInfo - ok
20:09:26.0372 5692 Filetrace - ok
20:09:26.0372 5692 flpydisk - ok
20:09:26.0387 5692 FltMgr - ok
20:09:26.0387 5692 FontCache - ok
20:09:26.0387 5692 FontCache3.0.0.0 - ok
20:09:26.0403 5692 FsDepends - ok
20:09:26.0403 5692 Fs_Rec - ok
20:09:26.0434 5692 fvevol - ok
20:09:26.0434 5692 gagp30kx - ok
20:09:26.0434 5692 gpsvc - ok
20:09:26.0450 5692 hcw85cir - ok
20:09:26.0450 5692 HDAudBus - ok
20:09:26.0450 5692 HECI - ok
20:09:26.0465 5692 HidBatt - ok
20:09:26.0465 5692 HidBth - ok
20:09:26.0481 5692 HidIr - ok
20:09:26.0481 5692 hidserv - ok
20:09:26.0481 5692 HidUsb - ok
20:09:26.0497 5692 hkmsvc - ok
20:09:26.0497 5692 HomeGroupListener - ok
20:09:26.0497 5692 HomeGroupProvider - ok
20:09:26.0512 5692 HpSAMD - ok
20:09:26.0512 5692 HTTP - ok
20:09:26.0512 5692 hwpolicy - ok
20:09:26.0543 5692 i8042prt - ok
20:09:26.0590 5692 Iap - ok
20:09:26.0590 5692 iaStor - ok
20:09:26.0606 5692 iaStorV - ok
20:09:26.0637 5692 iClarityQoSService - ok
20:09:26.0637 5692 idsvc - ok
20:09:26.0637 5692 iirsp - ok
20:09:26.0653 5692 IKEEXT - ok
20:09:26.0653 5692 Impcd - ok
20:09:26.0668 5692 intelide - ok
20:09:26.0668 5692 intelppm - ok
20:09:26.0668 5692 IPBusEnum - ok
20:09:26.0684 5692 IpFilterDriver - ok
20:09:26.0684 5692 iphlpsvc - ok
20:09:26.0699 5692 IPMIDRV - ok
20:09:26.0699 5692 IPNAT - ok
20:09:26.0699 5692 IRENUM - ok
20:09:26.0715 5692 isapnp - ok
20:09:26.0715 5692 iScsiPrt - ok
20:09:26.0731 5692 JabraDFU - ok
20:09:26.0731 5692 kbdclass - ok
20:09:26.0746 5692 kbdhid - ok
20:09:26.0746 5692 KeyIso - ok
20:09:26.0762 5692 KSecDD - ok
20:09:26.0762 5692 KSecPkg - ok
20:09:26.0777 5692 KtmRm - ok
20:09:26.0793 5692 LanmanServer - ok
20:09:26.0793 5692 LanmanWorkstation - ok
20:09:26.0809 5692 lltdio - ok
20:09:26.0824 5692 lltdsvc - ok
20:09:26.0824 5692 lmhosts - ok
20:09:26.0840 5692 lpasvc - ok
20:09:26.0855 5692 lppsvc - ok
20:09:26.0855 5692 LSI_FC - ok
20:09:26.0871 5692 LSI_SAS - ok
20:09:26.0871 5692 LSI_SAS2 - ok
20:09:26.0871 5692 LSI_SCSI - ok
20:09:26.0887 5692 luafv - ok
20:09:26.0887 5692 McAfeeEngineService - ok
20:09:26.0902 5692 McAfeeFramework - ok
20:09:26.0902 5692 McShield - ok
20:09:26.0918 5692 McTaskManager - ok
20:09:26.0918 5692 Mcx2Svc - ok
20:09:26.0918 5692 megasas - ok
20:09:26.0933 5692 MegaSR - ok
20:09:26.0933 5692 mfeapfk - ok
20:09:26.0933 5692 mfeavfk - ok
20:09:26.0949 5692 mfebopk - ok
20:09:26.0949 5692 mfehidk - ok
20:09:26.0965 5692 mferkdet - ok
20:09:26.0965 5692 mfetdik - ok
20:09:26.0980 5692 mfevtp - ok
20:09:26.0980 5692 Microsoft SharePoint Workspace Audit Service - ok
20:09:26.0980 5692 MMCSS - ok
20:09:26.0996 5692 Modem - ok
20:09:27.0011 5692 monitor - ok
20:09:27.0011 5692 mouclass - ok
20:09:27.0027 5692 mouhid - ok
20:09:27.0027 5692 mountmgr - ok
20:09:27.0058 5692 MozillaMaintenance - ok
20:09:27.0058 5692 mpio - ok
20:09:27.0058 5692 mpsdrv - ok
20:09:27.0074 5692 MpsSvc - ok
20:09:27.0074 5692 MRxDAV - ok
20:09:27.0089 5692 mrxsmb - ok
20:09:27.0089 5692 mrxsmb10 - ok
20:09:27.0089 5692 mrxsmb20 - ok
20:09:27.0105 5692 msahci - ok
20:09:27.0105 5692 msdsm - ok
20:09:27.0121 5692 MSDTC - ok
20:09:27.0136 5692 Msfs - ok
20:09:27.0136 5692 mshidkmdf - ok
20:09:27.0152 5692 msisadrv - ok
20:09:27.0152 5692 MSiSCSI - ok
20:09:27.0167 5692 msiserver - ok
20:09:27.0183 5692 MSKSSRV - ok
20:09:27.0183 5692 MSPCLOCK - ok
20:09:27.0199 5692 MSPQM - ok
20:09:27.0199 5692 MsRPC - ok
20:09:27.0214 5692 mssmbios - ok
20:09:27.0214 5692 MSTEE - ok
20:09:27.0214 5692 MTConfig - ok
20:09:27.0230 5692 Mup - ok
20:09:27.0230 5692 napagent - ok
20:09:27.0230 5692 NativeWifiP - ok
20:09:27.0245 5692 NDIS - ok
20:09:27.0245 5692 NdisCap - ok
20:09:27.0261 5692 NdisTapi - ok
20:09:27.0261 5692 Ndisuio - ok
20:09:27.0277 5692 NdisWan - ok
20:09:27.0277 5692 NDProxy - ok
20:09:27.0292 5692 NetBIOS - ok
20:09:27.0292 5692 NetBT - ok
20:09:27.0308 5692 Netlogon - ok
20:09:27.0323 5692 Netman - ok
20:09:27.0339 5692 NetMsmqActivator - ok
20:09:27.0339 5692 NetPipeActivator - ok
20:09:27.0355 5692 netprofm - ok
20:09:27.0355 5692 NetTcpActivator - ok
20:09:27.0370 5692 NetTcpPortSharing - ok
20:09:27.0370 5692 NETw5s32 - ok
20:09:27.0386 5692 nfrd960 - ok
20:09:27.0386 5692 NightWatchman - ok
20:09:27.0401 5692 NlaSvc - ok
20:09:27.0433 5692 NomadBranch - ok
20:09:27.0433 5692 Npfs - ok
20:09:27.0433 5692 nsi - ok
20:09:27.0448 5692 nsiproxy - ok
20:09:27.0448 5692 Ntfs - ok
20:09:27.0464 5692 Null - ok
20:09:27.0464 5692 nvlddmkm - ok
20:09:27.0495 5692 nvraid - ok
20:09:27.0511 5692 nvstor - ok
20:09:27.0511 5692 nvsvc - ok
20:09:27.0511 5692 nv_agp - ok
20:09:27.0526 5692 ohci1394 - ok
20:09:27.0542 5692 omci - ok
20:09:27.0557 5692 ose - ok
20:09:27.0573 5692 osppsvc - ok
20:09:27.0573 5692 p2pimsvc - ok
20:09:27.0589 5692 p2psvc - ok
20:09:27.0604 5692 Parport - ok
20:09:27.0604 5692 partmgr - ok
20:09:27.0620 5692 Parvdm - ok
20:09:27.0620 5692 PcaSvc - ok
20:09:27.0635 5692 pci - ok
20:09:27.0635 5692 pciide - ok
20:09:27.0635 5692 pcmcia - ok
20:09:27.0651 5692 pcw - ok
20:09:27.0651 5692 PEAUTH - ok
20:09:27.0667 5692 PeerDistSvc - ok
20:09:27.0682 5692 pla - ok
20:09:27.0698 5692 PlugPlay - ok
20:09:27.0698 5692 PNRPAutoReg - ok
20:09:27.0698 5692 PNRPsvc - ok
20:09:27.0713 5692 PolicyAgent - ok
20:09:27.0713 5692 Power - ok
20:09:27.0729 5692 PptpMiniport - ok
20:09:27.0776 5692 prepdrvr - ok
20:09:27.0776 5692 Processor - ok
20:09:27.0791 5692 ProfSvc - ok
20:09:27.0791 5692 ProtectedStorage - ok
20:09:27.0807 5692 Psched - ok
20:09:27.0807 5692 QCFilterdl - ok
20:09:27.0823 5692 qcfilterdl2k - ok
20:09:27.0823 5692 qcusbserdl - ok
20:09:27.0838 5692 qcusbserdl2k - ok
20:09:27.0838 5692 ql2300 - ok
20:09:27.0838 5692 ql40xx - ok
20:09:27.0838 5692 QWAVE - ok
20:09:27.0854 5692 QWAVEdrv - ok
20:09:27.0854 5692 RasAcd - ok
20:09:27.0854 5692 RasAgileVpn - ok
20:09:27.0869 5692 RasAuto - ok
20:09:27.0869 5692 Rasl2tp - ok
20:09:27.0901 5692 RasMan - ok
20:09:27.0901 5692 RasPppoe - ok
20:09:27.0916 5692 RasSstp - ok
20:09:27.0916 5692 rdbss - ok
20:09:27.0916 5692 rdpbus - ok
20:09:27.0932 5692 RDPCDD - ok
20:09:27.0947 5692 RDPDR - ok
20:09:27.0947 5692 RDPENCDD - ok
20:09:27.0963 5692 RDPREFMP - ok
20:09:27.0963 5692 RDPWD - ok
20:09:27.0963 5692 rdyboost - ok
20:09:27.0979 5692 RemoteAccess - ok
20:09:27.0979 5692 RemoteRegistry - ok
20:09:27.0994 5692 rimmptsk - ok
20:09:27.0994 5692 rimspci - ok
20:09:27.0994 5692 rimsptsk - ok
20:09:28.0010 5692 risdpcie - ok
20:09:28.0010 5692 rismxdp - ok
20:09:28.0010 5692 rixdpcie - ok
20:09:28.0041 5692 RpcEptMapper - ok
20:09:28.0041 5692 RpcLocator - ok
20:09:28.0057 5692 RpcSs - ok
20:09:28.0057 5692 rspndr - ok
20:09:28.0072 5692 RsvLock - ok
20:09:28.0072 5692 s3cap - ok
20:09:28.0088 5692 SafeBoot - ok
20:09:28.0088 5692 SafeBootClientManager - ok
20:09:28.0088 5692 SamSs - ok
20:09:28.0103 5692 SBAlg - ok
20:09:28.0103 5692 SbFlop - ok
20:09:28.0103 5692 SbFsLock - ok
20:09:28.0119 5692 sbp2port - ok
20:09:28.0135 5692 SbRegFlt - ok
20:09:28.0135 5692 SCardSvr - ok
20:09:28.0150 5692 scfilter - ok
20:09:28.0150 5692 Schedule - ok
20:09:28.0166 5692 SCPolicySvc - ok
20:09:28.0181 5692 sdbus - ok
20:09:28.0181 5692 SDRSVC - ok
20:09:28.0197 5692 secdrv - ok
20:09:28.0197 5692 seclogon - ok
20:09:28.0213 5692 SENS - ok
20:09:28.0213 5692 SensrSvc - ok
20:09:28.0228 5692 Serenum - ok
20:09:28.0244 5692 Serial - ok
20:09:28.0244 5692 sermouse - ok
20:09:28.0259 5692 SessionEnv - ok
20:09:28.0275 5692 sffdisk - ok
20:09:28.0275 5692 sffp_mmc - ok
20:09:28.0275 5692 sffp_sd - ok
20:09:28.0291 5692 sfloppy - ok
20:09:28.0306 5692 Sftfs - ok
20:09:28.0306 5692 sftlist - ok
20:09:28.0306 5692 Sftplay - ok
20:09:28.0322 5692 Sftredir - ok
20:09:28.0322 5692 Sftvol - ok
20:09:28.0322 5692 sftvsa - ok
20:09:28.0337 5692 SharedAccess - ok
20:09:28.0337 5692 ShellHWDetection - ok
20:09:28.0353 5692 sisagp - ok
20:09:28.0353 5692 SiSRaid2 - ok
20:09:28.0369 5692 SiSRaid4 - ok
20:09:28.0369 5692 Smb - ok
20:09:28.0400 5692 smstsmgr - ok
20:09:28.0431 5692 SNMPTRAP - ok
20:09:28.0447 5692 spldr - ok
20:09:28.0447 5692 Spooler - ok
20:09:28.0462 5692 sppsvc - ok
20:09:28.0462 5692 sppuinotify - ok
20:09:28.0478 5692 srv - ok
20:09:28.0478 5692 srv2 - ok
20:09:28.0478 5692 srvnet - ok
20:09:28.0493 5692 SSDPSRV - ok
20:09:28.0493 5692 SstpSvc - ok
20:09:28.0509 5692 STacSV - ok
20:09:28.0540 5692 Steam Client Service - ok
20:09:28.0556 5692 stexstor - ok
20:09:28.0556 5692 STHDA - ok
20:09:28.0571 5692 StiSvc - ok
20:09:28.0571 5692 StorSvc - ok
20:09:28.0587 5692 storvsc - ok
20:09:28.0603 5692 swenum - ok
20:09:28.0603 5692 swprv - ok
20:09:28.0618 5692 SynthVid - ok
20:09:28.0618 5692 SysMain - ok
20:09:28.0618 5692 TabletInputService - ok
20:09:28.0634 5692 TapiSrv - ok
20:09:28.0649 5692 TBS - ok
20:09:28.0649 5692 tcm - ok
20:09:28.0665 5692 Tcpip - ok
20:09:28.0665 5692 TCPIP6 - ok
20:09:28.0681 5692 tcpipreg - ok
20:09:28.0681 5692 TDPIPE - ok
20:09:28.0696 5692 TDTCP - ok
20:09:28.0696 5692 tdx - ok
20:09:28.0696 5692 TermDD - ok
20:09:28.0712 5692 TermService - ok
20:09:28.0712 5692 Themes - ok
20:09:28.0727 5692 THREADORDER - ok
20:09:28.0743 5692 TrkWks - ok
20:09:28.0743 5692 TrustedInstaller - ok
20:09:28.0759 5692 tssecsrv - ok
20:09:28.0774 5692 tunnel - ok
20:09:28.0774 5692 uagp35 - ok
20:09:28.0774 5692 udfs - ok
20:09:28.0805 5692 UI0Detect - ok
20:09:28.0805 5692 uliagpkx - ok
20:09:28.0821 5692 umbus - ok
20:09:28.0837 5692 UmPass - ok
20:09:28.0837 5692 UmRdpService - ok
20:09:28.0852 5692 upnphost - ok
20:09:28.0868 5692 usbaudio - ok
20:09:28.0883 5692 usbccgp - ok
20:09:28.0883 5692 usbcir - ok
20:09:28.0899 5692 usbehci - ok
20:09:28.0899 5692 usbhub - ok
20:09:28.0899 5692 usbohci - ok
20:09:28.0930 5692 usbprint - ok
20:09:28.0961 5692 usbscan - ok
20:09:28.0961 5692 USBSTOR - ok
20:09:28.0977 5692 usbuhci - ok
20:09:28.0977 5692 usbvideo - ok
20:09:28.0993 5692 UxSms - ok
20:09:28.0993 5692 VaultSvc - ok
20:09:28.0993 5692 vdrvroot - ok
20:09:29.0008 5692 vds - ok
20:09:29.0024 5692 vga - ok
20:09:29.0039 5692 VgaSave - ok
20:09:29.0039 5692 vhdmp - ok
20:09:29.0055 5692 viaagp - ok
20:09:29.0055 5692 ViaC7 - ok
20:09:29.0055 5692 viaide - ok
20:09:29.0071 5692 VMBusHID - ok
20:09:29.0071 5692 volmgr - ok
20:09:29.0086 5692 volmgrx - ok
20:09:29.0086 5692 volsnap - ok
20:09:29.0102 5692 vsmraid - ok
20:09:29.0102 5692 VSS - ok
20:09:29.0117 5692 vwifibus - ok
20:09:29.0133 5692 vwififlt - ok
20:09:29.0133 5692 W32Time - ok
20:09:29.0149 5692 WacomPen - ok
20:09:29.0149 5692 WakeUpAgt - ok
20:09:29.0164 5692 WANARP - ok
20:09:29.0164 5692 Wanarpv6 - ok
20:09:29.0164 5692 wbengine - ok
20:09:29.0180 5692 WbioSrvc - ok
20:09:29.0180 5692 wcncsvc - ok
20:09:29.0195 5692 WcsPlugInService - ok
20:09:29.0195 5692 Wd - ok
20:09:29.0211 5692 Wdf01000 - ok
20:09:29.0211 5692 WdiServiceHost - ok
20:09:29.0227 5692 WdiSystemHost - ok
20:09:29.0227 5692 WebClient - ok
20:09:29.0242 5692 Wecsvc - ok
20:09:29.0242 5692 wercplsupport - ok
20:09:29.0258 5692 WerSvc - ok
20:09:29.0273 5692 WfpLwf - ok
20:09:29.0273 5692 WIMMount - ok
20:09:29.0289 5692 WinDefend - ok
20:09:29.0305 5692 WinHttpAutoProxySvc - ok
20:09:29.0305 5692 Winmgmt - ok
20:09:29.0320 5692 WinRM - ok
20:09:29.0336 5692 WinUsb - ok
20:09:29.0336 5692 Wlansvc - ok
20:09:29.0351 5692 WmiAcpi - ok
20:09:29.0351 5692 wmiApSrv - ok
20:09:29.0367 5692 WMPNetworkSvc - ok
20:09:29.0367 5692 WPCSvc - ok
20:09:29.0383 5692 WPDBusEnum - ok
20:09:29.0383 5692 ws2ifsl - ok
20:09:29.0414 5692 wscsvc - ok
20:09:29.0414 5692 WSearch - ok
20:09:29.0445 5692 wuauserv - ok
20:09:29.0445 5692 WudfPf - ok
20:09:29.0461 5692 WUDFRd - ok
20:09:29.0461 5692 wudfsvc - ok
20:09:29.0476 5692 WwanSvc - ok
20:09:29.0492 5692 ================ Scan global ===============================
20:09:29.0492 5692 [Global] - ok
20:09:29.0492 5692 ================ Scan MBR ==================================
20:09:29.0523 5692 [ 433F0E8519BDE514268DBF9D182A0F6E ] \Device\Harddisk0\DR0
20:09:30.0350 5692 \Device\Harddisk0\DR0 - ok
20:09:30.0350 5692 ================ Scan VBR ==================================
20:09:30.0365 5692 [ B29492DF7BB8BAFAEFCB84AED4DC7EE4 ] \Device\Harddisk0\DR0\Partition1
20:09:30.0365 5692 \Device\Harddisk0\DR0\Partition1 - ok
20:09:30.0365 5692 ================ Scan active images ========================
20:09:30.0365 5692 [ B7EFEF22FF426EC4158A177CB3B558D3 ] C:\Windows\System32\drivers\crashdmp.sys
20:09:30.0365 5692 C:\Windows\System32\drivers\crashdmp.sys - ok
20:09:30.0365 5692 [ 39F7C9AEEE865FE8E98CF3EDD2B4BB4A ] C:\Windows\System32\drivers\iaStor.sys
20:09:30.0365 5692 C:\Windows\System32\drivers\iaStor.sys - ok
20:09:30.0381 5692 [ 62A63EF2F3053B461CB327E4D69AAA74 ] C:\Windows\System32\drivers\dumpfve.sys
20:09:30.0381 5692 C:\Windows\System32\drivers\dumpfve.sys - ok
20:09:30.0381 5692 [ 8109875AD03F3D1BA3BA2EAC39E623A0 ] C:\Windows\System32\drivers\SbHiber.sys
20:09:30.0381 5692 C:\Windows\System32\drivers\SbHiber.sys - ok
20:09:30.0381 5692 [ BA6E70AA0E6091BC39DE29477D866A77 ] C:\Windows\System32\drivers\cdrom.sys
20:09:30.0381 5692 C:\Windows\System32\drivers\cdrom.sys - ok
20:09:30.0397 5692 [ F9756A98D69098DCA8945D62858A812C ] C:\Windows\System32\drivers\null.sys
20:09:30.0397 5692 C:\Windows\System32\drivers\null.sys - ok
20:09:30.0397 5692 [ 505506526A9D467307B3C393DEDAF858 ] C:\Windows\System32\drivers\beep.sys
20:09:30.0397 5692 C:\Windows\System32\drivers\beep.sys - ok
20:09:30.0397 5692 [ 1E016846895B15A99F9A176A05029075 ] C:\Windows\System32\drivers\RDPCDD.sys
20:09:30.0397 5692 C:\Windows\System32\drivers\RDPCDD.sys - ok
20:09:30.0397 5692 [ 5A53CA1598DD4156D44196D200C94B8A ] C:\Windows\System32\drivers\RDPENCDD.sys
20:09:30.0397 5692 C:\Windows\System32\drivers\RDPENCDD.sys - ok
20:09:30.0412 5692 [ 8E38096AD5C8570A6F1570A61E251561 ] C:\Windows\System32\drivers\vga.sys
20:09:30.0412 5692 C:\Windows\System32\drivers\vga.sys - ok
20:09:30.0412 5692 [ 15C126D1B55814B9E5CAB10A9C1F4C67 ] C:\Windows\System32\drivers\videoprt.sys
20:09:30.0412 5692 C:\Windows\System32\drivers\videoprt.sys - ok
20:09:30.0412 5692 [ CB45A417C8EF7BA6BAC67EDCDDED8700 ] C:\Windows\System32\drivers\watchdog.sys
20:09:30.0412 5692 C:\Windows\System32\drivers\watchdog.sys - ok
20:09:30.0428 5692 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] C:\Windows\System32\drivers\msfs.sys
20:09:30.0428 5692 C:\Windows\System32\drivers\msfs.sys - ok
20:09:30.0428 5692 [ 1DB262A9F8C087E8153D89BEF3D2235F ] C:\Windows\System32\drivers\npfs.sys
20:09:30.0428 5692 C:\Windows\System32\drivers\npfs.sys - ok
20:09:30.0443 5692 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] C:\Windows\System32\drivers\RDPREFMP.sys
20:09:30.0443 5692 C:\Windows\System32\drivers\RDPREFMP.sys - ok
20:09:30.0443 5692 [ D5A4B1AE4958CCFC66C1D17C1F42BA08 ] C:\Windows\System32\drivers\mfetdik.sys
20:09:30.0443 5692 C:\Windows\System32\drivers\mfetdik.sys - ok
20:09:30.0443 5692 [ DD52A733BF4CA5AF84562A5E2F963B91 ] C:\Windows\System32\drivers\netbt.sys
20:09:30.0443 5692 C:\Windows\System32\drivers\netbt.sys - ok
20:09:30.0443 5692 [ 52639C994FE3CD975BFE7428B939B320 ] C:\Windows\System32\drivers\tdi.sys
20:09:30.0443 5692 C:\Windows\System32\drivers\tdi.sys - ok
20:09:30.0459 5692 [ CB39E896A2A83702D1737BFD402B3542 ] C:\Windows\System32\drivers\tdx.sys
20:09:30.0459 5692 C:\Windows\System32\drivers\tdx.sys - ok
20:09:30.0459 5692 [ 0DB7A48388D54D154EBEC120461A0FCD ] C:\Windows\System32\drivers\afd.sys
20:09:30.0459 5692 C:\Windows\System32\drivers\afd.sys - ok
20:09:30.0475 5692 [ 6DB3276587B853BF886B69528FDB048C ] C:\Windows\System32\drivers\ws2ifsl.sys
20:09:30.0475 5692 C:\Windows\System32\drivers\ws2ifsl.sys - ok
20:09:30.0475 5692 [ 6270CCAE2A86DE6D146529FE55B3246A ] C:\Windows\System32\drivers\pacer.sys
20:09:30.0475 5692 C:\Windows\System32\drivers\pacer.sys - ok
20:09:30.0475 5692 [ 7090D3436EEB4E7DA3373090A23448F7 ] C:\Windows\System32\drivers\vwififlt.sys
20:09:30.0475 5692 C:\Windows\System32\drivers\vwififlt.sys - ok
20:09:30.0490 5692 [ 8B9A943F3B53861F2BFAF6C186168F79 ] C:\Windows\System32\drivers\wfplwf.sys
20:09:30.0490 5692 C:\Windows\System32\drivers\wfplwf.sys - ok
20:09:30.0490 5692 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] C:\Windows\System32\drivers\netbios.sys
20:09:30.0490 5692 C:\Windows\System32\drivers\netbios.sys - ok
20:09:30.0490 5692 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] C:\Windows\System32\drivers\serial.sys
20:09:30.0490 5692 C:\Windows\System32\drivers\serial.sys - ok
20:09:30.0506 5692 [ C36F41EE20E6999DBF4B0425963268A5 ] C:\Windows\System32\drivers\termdd.sys
20:09:30.0506 5692 C:\Windows\System32\drivers\termdd.sys - ok
20:09:30.0506 5692 [ 692A712062146E96D28BA0B7D75DE31B ] C:\Windows\System32\drivers\wanarp.sys
20:09:30.0506 5692 C:\Windows\System32\drivers\wanarp.sys - ok
20:09:30.0506 5692 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] C:\Windows\System32\drivers\nsiproxy.sys
20:09:30.0506 5692 C:\Windows\System32\drivers\nsiproxy.sys - ok
20:09:30.0521 5692 [ AD9AE78334B9BE64159F9F1DFF6C56AC ] C:\Windows\System32\drivers\omci.sys
20:09:30.0521 5692 C:\Windows\System32\drivers\omci.sys - ok
20:09:30.0521 5692 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] C:\Windows\System32\drivers\rdbss.sys
20:09:30.0521 5692 C:\Windows\System32\drivers\rdbss.sys - ok
20:09:30.0521 5692 [ AE22305C0528A740216B185FFF8AB3AD ] C:\Windows\System32\drivers\RsvLock.sys
20:09:30.0521 5692 C:\Windows\System32\drivers\RsvLock.sys - ok
20:09:30.0537 5692 [ 57E860A820C127E362DE21BC2DDD11E8 ] C:\Windows\System32\drivers\SbFlop.sys
20:09:30.0537 5692 C:\Windows\System32\drivers\SbFlop.sys - ok
20:09:30.0553 5692 [ A716DC7A8FC84FA44D189EF8C52E6B48 ] C:\Windows\System32\drivers\SbRegFlt.sys
20:09:30.0553 5692 C:\Windows\System32\drivers\SbRegFlt.sys - ok
20:09:30.0553 5692 [ 27C9490BDD0AE48911AB8CF1932591ED ] C:\Windows\System32\drivers\csc.sys
20:09:30.0553 5692 C:\Windows\System32\drivers\csc.sys - ok
20:09:30.0553 5692 [ 1A050B0274BFB3890703D490F330C0DA ] C:\Windows\System32\drivers\discache.sys
20:09:30.0553 5692 C:\Windows\System32\drivers\discache.sys - ok
20:09:30.0553 5692 [ FC6B9FF600CC585EA38B12589BD4E246 ] C:\Windows\System32\drivers\mssmbios.sys
20:09:30.0553 5692 C:\Windows\System32\drivers\mssmbios.sys - ok
20:09:30.0568 5692 [ 4059A2AF984D25220618DE838C53FB97 ] C:\Windows\System32\enstart_.sys
20:09:30.0568 5692 C:\Windows\System32\enstart_.sys - ok
20:09:30.0568 5692 [ F7EABCA8375EA2DC6F35C4BCA4757515 ] C:\Users\john_hock\Desktop\Emsisoftemergencykit\Run\a2ddax86.sys
20:09:30.0568 5692 C:\Users\john_hock\Desktop\Emsisoftemergencykit\Run\a2ddax86.sys - ok
20:09:30.0584 5692 [ 2287078ED48FCFC477B05B20CF38F36F ] C:\Windows\System32\drivers\blbdrive.sys
20:09:30.0584 5692 C:\Windows\System32\drivers\blbdrive.sys - ok
20:09:30.0584 5692 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] C:\Windows\System32\drivers\dfsc.sys
20:09:30.0584 5692 C:\Windows\System32\drivers\dfsc.sys - ok
20:09:30.0584 5692 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] C:\Windows\System32\drivers\tunnel.sys
20:09:30.0584 5692 C:\Windows\System32\drivers\tunnel.sys - ok
20:09:30.0584 5692 [ 16742790895960690237A5143CEDEC8B ] C:\Windows\System32\smss.exe
20:09:30.0584 5692 C:\Windows\System32\smss.exe - ok
20:09:30.0599 5692 [ 41E4C8EBA464E7D6A5BA5E8827732AEB ] C:\Windows\System32\autochk.exe
20:09:30.0599 5692 C:\Windows\System32\autochk.exe - ok
20:09:30.0599 5692 [ 2E92B666A7CC8AF174D4445BE8FDB0ED ] C:\Windows\System32\ntdll.dll
20:09:30.0599 5692 C:\Windows\System32\ntdll.dll - ok
20:09:30.0599 5692 [ 744A5C3811C67F4D415E46BC1C7578F5 ] C:\Windows\System32\drivers\nvBridge.kmd
20:09:30.0615 5692 C:\Windows\System32\drivers\nvBridge.kmd - ok
20:09:30.0615 5692 [ 5DC2D46B5A04831F2A3724C06554E11B ] C:\Windows\System32\drivers\nvlddmkm.sys
20:09:30.0615 5692 C:\Windows\System32\drivers\nvlddmkm.sys - ok
20:09:30.0615 5692 [ 5EB52C62998CF36BAE774FC67775EAEB ] C:\Windows\System32\kernel32.dll
20:09:30.0615 5692 C:\Windows\System32\kernel32.dll - ok
20:09:30.0615 5692 [ F037DB14CF6165C62F4A64D12A25B07C ] C:\Windows\System32\shlwapi.dll
20:09:30.0615 5692 C:\Windows\System32\shlwapi.dll - ok
20:09:30.0631 5692 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\System32\sechost.dll
20:09:30.0631 5692 C:\Windows\System32\sechost.dll - ok
20:09:30.0631 5692 [ C94B6C3CC628179CB9B9061C19888B99 ] C:\Windows\System32\drivers\dxgkrnl.sys
20:09:30.0631 5692 C:\Windows\System32\drivers\dxgkrnl.sys - ok
20:09:30.0631 5692 [ FEE588007C5D2C94A0BF8762C3152D51 ] C:\Windows\System32\drivers\dxgmms1.sys
20:09:30.0631 5692 C:\Windows\System32\drivers\dxgmms1.sys - ok
20:09:30.0646 5692 [ 30D57EE84E1E169D41A6E873B549A096 ] C:\Windows\System32\drivers\HECI.sys
20:09:30.0646 5692 C:\Windows\System32\drivers\HECI.sys - ok
20:09:30.0646 5692 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] C:\Windows\System32\drivers\serenum.sys
20:09:30.0646 5692 C:\Windows\System32\drivers\serenum.sys - ok
20:09:30.0646 5692 [ 8EEF52AD831471E323EE7364A8656D35 ] C:\Windows\System32\drivers\e1y6032.sys
20:09:30.0646 5692 C:\Windows\System32\drivers\e1y6032.sys - ok
20:09:30.0662 5692 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] C:\Windows\System32\drivers\usbehci.sys
20:09:30.0662 5692 C:\Windows\System32\drivers\usbehci.sys - ok
20:09:30.0662 5692 [ F6D1C957C5BF4F274AAD1DA7059916E4 ] C:\Windows\System32\drivers\usbport.sys
20:09:30.0662 5692 C:\Windows\System32\drivers\usbport.sys - ok
20:09:30.0662 5692 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] C:\Windows\System32\drivers\usbuhci.sys
20:09:30.0662 5692 C:\Windows\System32\drivers\usbuhci.sys - ok
20:09:30.0662 5692 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] C:\Windows\System32\drivers\hdaudbus.sys
20:09:30.0662 5692 C:\Windows\System32\drivers\hdaudbus.sys - ok
20:09:30.0677 5692 [ EF51B405AD8ACAAE6F0231290D20F516 ] C:\Windows\System32\drivers\NETw5s32.sys
20:09:30.0677 5692 C:\Windows\System32\drivers\NETw5s32.sys - ok
20:09:30.0677 5692 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] C:\Windows\System32\drivers\1394ohci.sys
20:09:30.0677 5692 C:\Windows\System32\drivers\1394ohci.sys - ok
20:09:30.0677 5692 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] C:\Windows\System32\drivers\i8042prt.sys
20:09:30.0677 5692 C:\Windows\System32\drivers\i8042prt.sys - ok
20:09:30.0693 5692 [ DF672613FBBCD58C38BB0BC2694BCFB0 ] C:\Windows\System32\drivers\rimmptsk.sys
20:09:30.0693 5692 C:\Windows\System32\drivers\rimmptsk.sys - ok
20:09:30.0693 5692 [ 7B48CFF3A475FE849DEA65EC4D35C425 ] C:\Windows\System32\drivers\sdbus.sys
20:09:30.0693 5692 C:\Windows\System32\drivers\sdbus.sys - ok
20:09:30.0693 5692 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] C:\Windows\System32\drivers\vwifibus.sys
20:09:30.0693 5692 C:\Windows\System32\drivers\vwifibus.sys - ok
20:09:30.0709 5692 [ 11246B43E2FD8318EF5F45DE3A74FBAE ] C:\Windows\System32\drivers\Apfiltr.sys
20:09:30.0709 5692 C:\Windows\System32\drivers\Apfiltr.sys - ok
20:09:30.0709 5692 [ DEA805815E587DAD1DD2C502220B5616 ] C:\Windows\System32\drivers\CmBatt.sys
20:09:30.0709 5692 C:\Windows\System32\drivers\CmBatt.sys - ok
20:09:30.0709 5692 [ ADEF52CA1AEAE82B50DF86B56413107E ] C:\Windows\System32\drivers\kbdclass.sys
20:09:30.0709 5692 C:\Windows\System32\drivers\kbdclass.sys - ok
20:09:30.0724 5692 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] C:\Windows\System32\drivers\mouclass.sys
20:09:30.0724 5692 C:\Windows\System32\drivers\mouclass.sys - ok
20:09:30.0724 5692 [ 0217679B8FCA58714C3BF2726D2CA84E ] C:\Windows\System32\drivers\wmiacpi.sys
20:09:30.0724 5692 C:\Windows\System32\drivers\wmiacpi.sys - ok
20:09:30.0724 5692 [ F1724BA27E97D627F808FB0BA77A28A6 ] C:\Windows\System32\drivers\CompositeBus.sys
20:09:30.0724 5692 C:\Windows\System32\drivers\CompositeBus.sys - ok
20:09:30.0740 5692 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] C:\Windows\System32\drivers\intelppm.sys
20:09:30.0740 5692 C:\Windows\System32\drivers\intelppm.sys - ok
20:09:30.0740 5692 [ 57EC4AEF73660166074D8F7F31C0D4FD ] C:\Windows\System32\drivers\agilevpn.sys
20:09:30.0740 5692 C:\Windows\System32\drivers\agilevpn.sys - ok
20:09:30.0740 5692 [ D9F91EAFEC2815365CBE6D167E4E332A ] C:\Windows\System32\drivers\rasl2tp.sys
20:09:30.0740 5692 C:\Windows\System32\drivers\rasl2tp.sys - ok
20:09:30.0755 5692 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] C:\Windows\System32\drivers\ndistapi.sys
20:09:30.0755 5692 C:\Windows\System32\drivers\ndistapi.sys - ok
20:09:30.0755 5692 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] C:\Windows\System32\drivers\ndiswan.sys
20:09:30.0755 5692 C:\Windows\System32\drivers\ndiswan.sys - ok
20:09:30.0771 5692 [ 0FE8B15916307A6AC12BFB6A63E45507 ] C:\Windows\System32\drivers\raspppoe.sys
20:09:30.0771 5692 C:\Windows\System32\drivers\raspppoe.sys - ok
20:09:30.0771 5692 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] C:\Windows\System32\drivers\raspptp.sys
20:09:30.0771 5692 C:\Windows\System32\drivers\raspptp.sys - ok
20:09:30.0787 5692 [ 44101F495A83EA6401D886E7FD70096B ] C:\Windows\System32\drivers\rassstp.sys
20:09:30.0787 5692 C:\Windows\System32\drivers\rassstp.sys - ok
20:09:30.0787 5692 [ F762EDD3ACCA095F5AF4D719F3B8AE3D ] C:\Windows\System32\drivers\ks.sys
20:09:30.0787 5692 C:\Windows\System32\drivers\ks.sys - ok
20:09:30.0787 5692 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] C:\Windows\System32\drivers\rdpbus.sys
20:09:30.0787 5692 C:\Windows\System32\drivers\rdpbus.sys - ok
20:09:30.0802 5692 [ E58C78A848ADD9610A4DB6D214AF5224 ] C:\Windows\System32\drivers\swenum.sys
20:09:30.0802 5692 C:\Windows\System32\drivers\swenum.sys - ok
20:09:30.0802 5692 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] C:\Windows\System32\drivers\umbus.sys
20:09:30.0802 5692 C:\Windows\System32\drivers\umbus.sys - ok
20:09:30.0802 5692 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\System32\msctf.dll
20:09:30.0802 5692 C:\Windows\System32\msctf.dll - ok
20:09:30.0802 5692 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] C:\Windows\System32\drivers\usbhub.sys
20:09:30.0818 5692 C:\Windows\System32\drivers\usbhub.sys - ok
20:09:30.0818 5692 [ 225F6F663B94ACAF4307055FBB42E55F ] C:\Windows\System32\gdi32.dll
20:09:30.0818 5692 C:\Windows\System32\gdi32.dll - ok
20:09:30.0833 5692 [ 97CCB4D737B426B200E5EF90C877DF32 ] C:\Windows\System32\imagehlp.dll
20:09:30.0833 5692 C:\Windows\System32\imagehlp.dll - ok
20:09:30.0833 5692 [ FF5688D309347F2720911D8796912834 ] C:\Windows\System32\clbcatq.dll
20:09:30.0833 5692 C:\Windows\System32\clbcatq.dll - ok
20:09:30.0833 5692 [ 4F154D2C9C6DF951FD6E5AABBAE6B5EE ] C:\Windows\System32\lpk.dll
20:09:30.0833 5692 C:\Windows\System32\lpk.dll - ok
20:09:30.0849 5692 [ 34B7E222E81FAFA885F0C5F2CFA56861 ] C:\Windows\System32\user32.dll
20:09:30.0849 5692 C:\Windows\System32\user32.dll - ok
20:09:30.0849 5692 [ 416D1DC8224A64B8C59DF79096EE6D1D ] C:\Windows\System32\rpcrt4.dll
20:09:30.0849 5692 C:\Windows\System32\rpcrt4.dll - ok
20:09:30.0849 5692 [ 41323AB614A2B66AD77B1121D24AC895 ] C:\Windows\System32\setupapi.dll
20:09:30.0849 5692 C:\Windows\System32\setupapi.dll - ok
20:09:30.0865 5692 [ 2CBC35E872BA9B46474890135B56DD66 ] C:\Windows\System32\shell32.dll
20:09:30.0865 5692 C:\Windows\System32\shell32.dll - ok
20:09:30.0865 5692 [ 070C5B9D3006602A07757179D9B56F5D ] C:\Windows\System32\difxapi.dll
20:09:30.0865 5692 C:\Windows\System32\difxapi.dll - ok
20:09:30.0865 5692 [ 0BA19F3198C40AC4E8CC66EE02EDA6C6 ] C:\Windows\System32\usp10.dll
20:09:30.0865 5692 C:\Windows\System32\usp10.dll - ok
20:09:30.0880 5692 [ 0C65FA8214D6F8378D1D3BA1CA46AF0A ] C:\Windows\System32\advapi32.dll
20:09:30.0880 5692 C:\Windows\System32\advapi32.dll - ok
20:09:30.0880 5692 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\System32\nsi.dll
20:09:30.0880 5692 C:\Windows\System32\nsi.dll - ok
20:09:30.0880 5692 [ 705C210EFC5564BE49EB026BD7AFF27A ] C:\Windows\System32\oleaut32.dll
20:09:30.0880 5692 C:\Windows\System32\oleaut32.dll - ok
20:09:30.0880 5692 [ 4D15961921B85751AFB11D4995E2DEA6 ] C:\Windows\System32\iertutil.dll
20:09:30.0880 5692 C:\Windows\System32\iertutil.dll - ok
20:09:30.0896 5692 [ 5DF8132ADF721329234403189FC94E16 ] C:\Windows\System32\imm32.dll
20:09:30.0896 5692 C:\Windows\System32\imm32.dll - ok
20:09:30.0896 5692 [ E2C2D8C982316C8ABF800C6CE3F28FAB ] C:\Windows\System32\ole32.dll
20:09:30.0896 5692 C:\Windows\System32\ole32.dll - ok
20:09:30.0911 5692 [ F771D4EF86B229992998A98CBEA3252B ] C:\Windows\System32\urlmon.dll
20:09:30.0911 5692 C:\Windows\System32\urlmon.dll - ok
20:09:30.0911 5692 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\System32\normaliz.dll
20:09:30.0911 5692 C:\Windows\System32\normaliz.dll - ok
20:09:30.0911 5692 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\System32\psapi.dll
20:09:30.0911 5692 C:\Windows\System32\psapi.dll - ok
20:09:30.0927 5692 [ BFA70A99AD1434263F2DFBBA103BDEF8 ] C:\Windows\System32\Wldap32.dll
20:09:30.0927 5692 C:\Windows\System32\Wldap32.dll - ok
20:09:30.0927 5692 [ F8A61B2E713309B4616D107919BDAB6E ] C:\Windows\System32\msvcrt.dll
20:09:30.0927 5692 C:\Windows\System32\msvcrt.dll - ok
20:09:30.0927 5692 [ A223CF703E28CBD7E9E7982141FA403C ] C:\Windows\System32\comdlg32.dll
20:09:30.0927 5692 C:\Windows\System32\comdlg32.dll - ok
20:09:30.0943 5692 [ 703CD7A8E6F8A233118E8070B5FB7C1F ] C:\Windows\System32\wininet.dll
20:09:30.0943 5692 C:\Windows\System32\wininet.dll - ok
20:09:30.0943 5692 [ DAAE8A9B8C0ACC7F858454132553C30D ] C:\Windows\System32\ws2_32.dll
20:09:30.0943 5692 C:\Windows\System32\ws2_32.dll - ok
20:09:30.0943 5692 [ D3EAD1CF16BA729A7F7C9A5D94AA7C05 ] C:\Windows\System32\comctl32.dll
20:09:30.0943 5692 C:\Windows\System32\comctl32.dll - ok
20:09:30.0943 5692 [ CC4ED8BEA78B0DCA6F217E014C3291A7 ] C:\Windows\System32\devobj.dll
20:09:30.0943 5692 C:\Windows\System32\devobj.dll - ok
20:09:30.0958 5692 [ 6380BE4AB7AFA48BAEF321E8CA980ADD ] C:\Windows\System32\wintrust.dll
20:09:30.0958 5692 C:\Windows\System32\wintrust.dll - ok
20:09:30.0958 5692 [ E6B5DE86ABF68D7D67E451C29287B5C5 ] C:\Windows\System32\crypt32.dll
20:09:30.0958 5692 C:\Windows\System32\crypt32.dll - ok
20:09:30.0958 5692 [ 1E53C2EDFCE0112673D84408C93E5011 ] C:\Windows\System32\KernelBase.dll
20:09:30.0958 5692 C:\Windows\System32\KernelBase.dll - ok
20:09:30.0974 5692 [ 15B94E4AC75C9295275BDC9A1D7054C3 ] C:\Windows\System32\cfgmgr32.dll
20:09:30.0974 5692 C:\Windows\System32\cfgmgr32.dll - ok
20:09:30.0974 5692 [ 4C04900AA8C323F5D4C316A89E976849 ] C:\Windows\System32\msasn1.dll
20:09:30.0974 5692 C:\Windows\System32\msasn1.dll - ok
20:09:30.0974 5692 [ 27F9288AF019E6DACA281EDE51FF5928 ] C:\Windows\System32\drivers\drmk.sys
20:09:30.0974 5692 C:\Windows\System32\drivers\drmk.sys - ok
20:09:30.0989 5692 [ D72708C9F49500C13D7D067E169B7715 ] C:\Windows\System32\drivers\portcls.sys
20:09:30.0989 5692 C:\Windows\System32\drivers\portcls.sys - ok
20:09:30.0989 5692 [ 4E5C74BD3244139ECAA73CC2C0F8B86B ] C:\Windows\System32\drivers\stwrt.sys
20:09:30.0989 5692 C:\Windows\System32\drivers\stwrt.sys - ok
20:09:30.0989 5692 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] C:\Windows\System32\drivers\ndproxy.sys
20:09:30.0989 5692 C:\Windows\System32\drivers\ndproxy.sys - ok
20:09:31.0005 5692 [ 5FCD3320AAE71506B43F9E12E4E72172 ] C:\Windows\System32\drivers\dxapi.sys
20:09:31.0005 5692 C:\Windows\System32\drivers\dxapi.sys - ok
20:09:31.0005 5692 [ 07AD63235FE8F350F727F7373819454B ] C:\Windows\System32\win32k.sys
20:09:31.0005 5692 C:\Windows\System32\win32k.sys - ok
20:09:31.0021 5692 [ D3D01FD81E6B3D041815015FDD8341DF ] C:\Windows\System32\csrsrv.dll
20:09:31.0021 5692 C:\Windows\System32\csrsrv.dll - ok
20:09:31.0021 5692 [ 342271F6142E7C70805B8A81E1BA5F5C ] C:\Windows\System32\csrss.exe
20:09:31.0021 5692 C:\Windows\System32\csrss.exe - ok
20:09:31.0021 5692 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\System32\basesrv.dll
20:09:31.0021 5692 C:\Windows\System32\basesrv.dll - ok
20:09:31.0021 5692 [ A9E43C040F405DB689FC29534EF0389B ] C:\Windows\System32\winsrv.dll
20:09:31.0021 5692 C:\Windows\System32\winsrv.dll - ok
20:09:31.0036 5692 [ 18E71EA0E063037A5C3C8272A5262B7C ] C:\Windows\System32\drivers\usbd.sys
20:09:31.0036 5692 C:\Windows\System32\drivers\usbd.sys - ok
20:09:31.0036 5692 [ 8455C4ED038EFD09E99327F9D2D48FFA ] C:\Windows\System32\drivers\usbccgp.sys
20:09:31.0036 5692 C:\Windows\System32\drivers\usbccgp.sys - ok
20:09:31.0036 5692 [ D1697063E2CDB6575AA46D668FFEE825 ] C:\Windows\System32\drivers\cvusbdrv.sys
20:09:31.0036 5692 C:\Windows\System32\drivers\cvusbdrv.sys - ok
20:09:31.0052 5692 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] C:\Windows\System32\drivers\winusb.sys
20:09:31.0052 5692 C:\Windows\System32\drivers\winusb.sys - ok
20:09:31.0052 5692 [ F91FF1E51FCA30B3C3981DB7D5924252 ] C:\Windows\System32\drivers\WUDFRd.sys
20:09:31.0052 5692 C:\Windows\System32\drivers\WUDFRd.sys - ok
20:09:31.0052 5692 [ F642A7E4BF78CFA359CCA0A3557C28D7 ] C:\Windows\System32\drivers\usbvideo.sys
20:09:31.0052 5692 C:\Windows\System32\drivers\usbvideo.sys - ok
20:09:31.0067 5692 [ 79D10964DE86B292320E9DFE02282A23 ] C:\Windows\System32\drivers\monitor.sys
20:09:31.0067 5692 C:\Windows\System32\drivers\monitor.sys - ok
20:09:31.0067 5692 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\System32\sxssrv.dll
20:09:31.0067 5692 C:\Windows\System32\sxssrv.dll - ok
20:09:31.0067 5692 [ 7C76B61A5E1EF5D1FA554CF134100F18 ] C:\Windows\System32\tsddd.dll
20:09:31.0067 5692 C:\Windows\System32\tsddd.dll - ok
20:09:31.0083 5692 [ B4A73F01055635AE9E65F85712663D3B ] C:\Windows\System32\KBDUS.DLL
20:09:31.0083 5692 C:\Windows\System32\KBDUS.DLL - ok
20:09:31.0083 5692 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\System32\profapi.dll
20:09:31.0083 5692 C:\Windows\System32\profapi.dll - ok
20:09:31.0083 5692 [ 6C0BD9D59C7E97DEE2FB3407D17BF697 ] C:\Windows\System32\RpcRtRemote.dll
20:09:31.0083 5692 C:\Windows\System32\RpcRtRemote.dll - ok
20:09:31.0099 5692 [ B5C5DCAD3899512020D135600129D665 ] C:\Windows\System32\wininit.exe
20:09:31.0099 5692 C:\Windows\System32\wininit.exe - ok
20:09:31.0099 5692 [ AE8B8CDE23B2E7E952E5C22DA15FDD1D ] C:\Windows\System32\cdd.dll
20:09:31.0099 5692 C:\Windows\System32\cdd.dll - ok
20:09:31.0099 5692 [ D49A95ECCEE04851FB8F91CFD6D4DCBE ] C:\Windows\System32\kbd101.dll
20:09:31.0099 5692 C:\Windows\System32\kbd101.dll - ok
20:09:31.0114 5692 [ 81000441A334EA65E387B0D81720830D ] C:\Windows\System32\kbd106.dll
20:09:31.0114 5692 C:\Windows\System32\kbd106.dll - ok
20:09:31.0114 5692 [ 12937641E5EDE8C7438C510892B4C87A ] C:\Windows\System32\KBDCZ.DLL
20:09:31.0114 5692 C:\Windows\System32\KBDCZ.DLL - ok
20:09:31.0130 5692 [ F391041879AF659A1EEE36FC7FE17BC6 ] C:\Windows\System32\KBDDA.DLL
20:09:31.0130 5692 C:\Windows\System32\KBDDA.DLL - ok
20:09:31.0130 5692 [ 1B25D7AC35B063C83958F3EE3229A237 ] C:\Windows\System32\KBDFI.DLL
20:09:31.0130 5692 C:\Windows\System32\KBDFI.DLL - ok
20:09:31.0130 5692 [ 44496D13ECA356728E1CD71A5473DA4D ] C:\Windows\System32\KBDFR.DLL
20:09:31.0130 5692 C:\Windows\System32\KBDFR.DLL - ok
20:09:31.0145 5692 [ 5313BDD62EB1AE967A85ED1A78F8C077 ] C:\Windows\System32\KBDGR.DLL
20:09:31.0145 5692 C:\Windows\System32\KBDGR.DLL - ok
20:09:31.0145 5692 [ F227F1902B393B36B1577693C9E65D30 ] C:\Windows\System32\KBDHE.DLL
20:09:31.0145 5692 C:\Windows\System32\KBDHE.DLL - ok
20:09:31.0145 5692 [ F961BF9DCFC714D70F7400A90F3523CD ] C:\Windows\System32\KBDIT.DLL
20:09:31.0145 5692 C:\Windows\System32\KBDIT.DLL - ok
20:09:31.0161 5692 [ 758EB50805FBCF354E87DD003C489AF1 ] C:\Windows\System32\KBDJPN.DLL
20:09:31.0161 5692 C:\Windows\System32\KBDJPN.DLL - ok
20:09:31.0161 5692 [ 14D2BF82B593C23B2A3A14BADFB1FB97 ] C:\Windows\System32\kbdnec.dll
20:09:31.0161 5692 C:\Windows\System32\kbdnec.dll - ok
20:09:31.0161 5692 [ C25F054900BD3CC5C333E7B0FA75DA91 ] C:\Windows\System32\KBDUSX.DLL
20:09:31.0161 5692 C:\Windows\System32\KBDUSX.DLL - ok
20:09:31.0177 5692 [ DD3FF89581AB8085A16492FF978B57D3 ] C:\Windows\System32\kbd101a.dll
20:09:31.0177 5692 C:\Windows\System32\kbd101a.dll - ok
20:09:31.0177 5692 [ 7F6FE4C1924BF874385D38176C2EA724 ] C:\Windows\System32\kbd103.dll
20:09:31.0177 5692 C:\Windows\System32\kbd103.dll - ok
20:09:31.0177 5692 [ F8C56E205553674F1DA934138C1F9F7A ] C:\Windows\System32\KBDAL.DLL
20:09:31.0177 5692 C:\Windows\System32\KBDAL.DLL - ok
20:09:31.0192 5692 [ 01243B248736C331ECA6873A59033131 ] C:\Windows\System32\KBDBR.DLL
20:09:31.0192 5692 C:\Windows\System32\KBDBR.DLL - ok
20:09:31.0192 5692 [ 05E150201D9F2C95E727DD92C2486781 ] C:\Windows\System32\KBDKOR.DLL
20:09:31.0192 5692 C:\Windows\System32\KBDKOR.DLL - ok
20:09:31.0192 5692 [ 9F794D728D63513D8649EE6DC8BAEDCB ] C:\Windows\System32\KBDNE.DLL
20:09:31.0192 5692 C:\Windows\System32\KBDNE.DLL - ok
20:09:31.0192 5692 [ 4E725FE742206824BEB08DD0E9D452FA ] C:\Windows\System32\KBDNO.DLL
20:09:31.0192 5692 C:\Windows\System32\KBDNO.DLL - ok
20:09:31.0208 5692 [ C857C08D2C94B5E3E801895A37B91981 ] C:\Windows\System32\KBDPL1.DLL
20:09:31.0208 5692 C:\Windows\System32\KBDPL1.DLL - ok
20:09:31.0208 5692 [ E915A4D3E8FD76A3105363745306E271 ] C:\Windows\System32\KBDRU.DLL
20:09:31.0208 5692 C:\Windows\System32\KBDRU.DLL - ok
20:09:31.0208 5692 [ AA397127C003D5BCD6DC5AFF4C7C4E91 ] C:\Windows\System32\KBDSL.DLL
20:09:31.0208 5692 C:\Windows\System32\KBDSL.DLL - ok
20:09:31.0223 5692 [ 8DF9C4FFC13A201CA534E9FD7797695B ] C:\Windows\System32\KBDSW.DLL
20:09:31.0223 5692 C:\Windows\System32\KBDSW.DLL - ok
20:09:31.0223 5692 [ AB0DDD50695906570E81F21D3481D4A9 ] C:\Windows\System32\KBDUK.DLL
20:09:31.0223 5692 C:\Windows\System32\KBDUK.DLL - ok
20:09:31.0223 5692 [ 91E64F190053B47F34F77F5ECFA1F456 ] C:\Windows\System32\KBDBE.DLL
20:09:31.0223 5692 C:\Windows\System32\KBDBE.DLL - ok
20:09:31.0239 5692 [ 6FC4B8E6E058A717EA680D07CC186BCE ] C:\Windows\System32\KBDIR.DLL
20:09:31.0239 5692 C:\Windows\System32\KBDIR.DLL - ok
20:09:31.0239 5692 [ 434360D1A892782BE03300D2531B9615 ] C:\Windows\System32\KBDLA.DLL
20:09:31.0239 5692 C:\Windows\System32\KBDLA.DLL - ok
20:09:31.0239 5692 [ 26BEA4D6A8F7703F878D4ADB7B55162E ] C:\Windows\System32\KBDSP.DLL
20:09:31.0239 5692 C:\Windows\System32\KBDSP.DLL - ok
20:09:31.0239 5692 [ 633C2C060CF857099F6C4F8D75C952B1 ] C:\Windows\System32\WlS0WndH.dll
20:09:31.0239 5692 C:\Windows\System32\WlS0WndH.dll - ok
20:09:31.0255 5692 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\System32\cryptbase.dll
20:09:31.0255 5692 C:\Windows\System32\cryptbase.dll - ok
20:09:31.0255 5692 [ ACCBA604D34842844133A731F8045B32 ] C:\Windows\System32\sxs.dll
20:09:31.0255 5692 C:\Windows\System32\sxs.dll - ok
20:09:31.0270 5692 [ 03E4D9D04E2310B535A3476E97409EDD ] C:\Windows\System32\apphelp.dll
20:09:31.0270 5692 C:\Windows\System32\apphelp.dll - ok
20:09:31.0270 5692 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] C:\Windows\System32\lsass.exe
20:09:31.0270 5692 C:\Windows\System32\lsass.exe - ok
20:09:31.0270 5692 [ 398DC10274C0CB861338CFC56E727C9F ] C:\Windows\System32\lsm.exe
20:09:31.0270 5692 C:\Windows\System32\lsm.exe - ok
20:09:31.0286 5692 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\System32\services.exe
20:09:31.0286 5692 C:\Windows\System32\services.exe - ok
20:09:31.0286 5692 [ 16A5A583BA6F4160EED2B630F0CFC122 ] C:\Windows\System32\sspisrv.dll
20:09:31.0286 5692 C:\Windows\System32\sspisrv.dll - ok
20:09:31.0301 5692 [ 00EAA109E049942BED01A65215EFE86F ] C:\Windows\System32\lsasrv.dll
20:09:31.0301 5692 C:\Windows\System32\lsasrv.dll - ok
20:09:31.0301 5692 [ 1C9CDBDF895A556E66AEBFD93A36B536 ] C:\Windows\System32\scesrv.dll
20:09:31.0301 5692 C:\Windows\System32\scesrv.dll - ok
20:09:31.0301 5692 [ 3369D021265E369D57317D61FA86DD79 ] C:\Windows\System32\scext.dll
20:09:31.0301 5692 C:\Windows\System32\scext.dll - ok
20:09:31.0317 5692 [ B4C246937BDB3E50B24698EE811074BF ] C:\Windows\System32\secur32.dll
20:09:31.0317 5692 C:\Windows\System32\secur32.dll - ok
20:09:31.0317 5692 [ 361BF6F1988F4EFFDB9BF6747D530015 ] C:\Windows\System32\sspicli.dll
20:09:31.0317 5692 C:\Windows\System32\sspicli.dll - ok
20:09:31.0317 5692 [ BA51FFE170C5B3AE8EC4F5BD2581A29E ] C:\Windows\System32\sysntfy.dll
20:09:31.0317 5692 C:\Windows\System32\sysntfy.dll - ok
20:09:31.0317 5692 [ D412B1B72C5AB020218E9A047D90CA05 ] C:\Windows\System32\wmsgapi.dll
20:09:31.0317 5692 C:\Windows\System32\wmsgapi.dll - ok
20:09:31.0333 5692 [ 89D840773C9C4358A5031DCC860449EC ] C:\Windows\System32\srvcli.dll
20:09:31.0333 5692 C:\Windows\System32\srvcli.dll - ok
20:09:31.0333 5692 [ 4BEF53964DC519550EE030253FC1E25E ] C:\Windows\System32\samsrv.dll
20:09:31.0333 5692 C:\Windows\System32\samsrv.dll - ok
20:09:31.0333 5692 [ FB4EB9352B7D698E6B3C2AA2ED724DAD ] C:\Windows\System32\authz.dll
20:09:31.0333 5692 C:\Windows\System32\authz.dll - ok
20:09:31.0348 5692 [ 50BA656134F78AF64E4DD3C8B6FEFD7E ] C:\Windows\System32\cngaudit.dll
20:09:31.0348 5692 C:\Windows\System32\cngaudit.dll - ok
20:09:31.0348 5692 [ 1128637CAD49A8E3C8B5FA5D0A061525 ] C:\Windows\System32\cryptdll.dll
20:09:31.0348 5692 C:\Windows\System32\cryptdll.dll - ok
20:09:31.0348 5692 [ 82C089EA2A3EEFADF3588EA71E8BDADA ] C:\Windows\System32\wevtapi.dll
20:09:31.0348 5692 C:\Windows\System32\wevtapi.dll - ok
20:09:31.0364 5692 [ 3989BB6998C32753FDD5493879C1835A ] C:\Windows\System32\ncrypt.dll
20:09:31.0364 5692 C:\Windows\System32\ncrypt.dll - ok
20:09:31.0364 5692 [ FC7650224790CAE75A5E9231961FDEC5 ] C:\Windows\System32\bcrypt.dll
20:09:31.0364 5692 C:\Windows\System32\bcrypt.dll - ok
20:09:31.0364 5692 [ C90878913DF3DC504790282043DB5F4C ] C:\Windows\System32\msprivs.dll
20:09:31.0364 5692 C:\Windows\System32\msprivs.dll - ok
20:09:31.0379 5692 [ C1AE600C554A0EBC6CD211541FA6815F ] C:\Windows\System32\netjoin.dll
20:09:31.0379 5692 C:\Windows\System32\netjoin.dll - ok
20:09:31.0379 5692 [ 056B0E466AD1C99D9892F9C7DD4A8449 ] C:\Windows\System32\kerberos.dll
20:09:31.0379 5692 C:\Windows\System32\kerberos.dll - ok
20:09:31.0379 5692 [ 6DCFAEC6D1334AA6CDF8961DB4633CBF ] C:\Windows\System32\negoexts.dll
20:09:31.0379 5692 C:\Windows\System32\negoexts.dll - ok
20:09:31.0395 5692 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\System32\cryptsp.dll
20:09:31.0395 5692 C:\Windows\System32\cryptsp.dll - ok
20:09:31.0395 5692 [ 11A41F17527ED75D6B758FDD7F4FD00D ] C:\Windows\System32\mswsock.dll
20:09:31.0395 5692 C:\Windows\System32\mswsock.dll - ok
20:09:31.0395 5692 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\System32\wship6.dll
20:09:31.0395 5692 C:\Windows\System32\wship6.dll - ok
20:09:31.0411 5692 [ 62390F4ACE9E2B63E3CA26B7F7497897 ] C:\Windows\System32\dnsapi.dll
20:09:31.0411 5692 C:\Windows\System32\dnsapi.dll - ok
20:09:31.0411 5692 [ D8ECA7A87AAA3AE308B5277411666622 ] C:\Windows\System32\logoncli.dll
20:09:31.0411 5692 C:\Windows\System32\logoncli.dll - ok
20:09:31.0426 5692 [ 90691014D96030B69D7B8D6A0967FC67 ] C:\Windows\System32\msv1_0.dll
20:09:31.0426 5692 C:\Windows\System32\msv1_0.dll - ok
20:09:31.0426 5692 [ EAA75D9000B71F10EEC04D2AE6C60E81 ] C:\Windows\System32\netlogon.dll
20:09:31.0426 5692 C:\Windows\System32\netlogon.dll - ok
20:09:31.0426 5692 [ 76C48F0CD8A526858AB9A4886586942A ] C:\Windows\System32\schannel.dll
20:09:31.0426 5692 C:\Windows\System32\schannel.dll - ok
20:09:31.0442 5692 [ 0450CF487ECD8A67B56F59F9A96D024D ] C:\Windows\System32\wdigest.dll
20:09:31.0442 5692 C:\Windows\System32\wdigest.dll - ok
20:09:31.0442 5692 [ 37CC990D4E2CDFAE12AC47F6B620FC13 ] C:\Windows\System32\pku2u.dll
20:09:31.0442 5692 C:\Windows\System32\pku2u.dll - ok
20:09:31.0442 5692 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\System32\rsaenh.dll
20:09:31.0442 5692 C:\Windows\System32\rsaenh.dll - ok
20:09:31.0457 5692 [ A739793F1A4F04B66E2444E90AE9E694 ] C:\Windows\System32\TSpkg.dll
20:09:31.0457 5692 C:\Windows\System32\TSpkg.dll - ok
20:09:31.0457 5692 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\System32\bcryptprimitives.dll
20:09:31.0457 5692 C:\Windows\System32\bcryptprimitives.dll - ok
20:09:31.0457 5692 [ BF591B5C2CC38314518467E883AE37C5 ] C:\Windows\System32\credssp.dll
20:09:31.0457 5692 C:\Windows\System32\credssp.dll - ok
20:09:31.0473 5692 [ 91F434FF6606ED9BDC6A05D651B69553 ] C:\Windows\System32\efslsaext.dll
20:09:31.0473 5692 C:\Windows\System32\efslsaext.dll - ok
20:09:31.0473 5692 [ C6BB27D9A8AC13D4A44486F528B5C884 ] C:\Windows\System32\netutils.dll
20:09:31.0473 5692 C:\Windows\System32\netutils.dll - ok
20:09:31.0473 5692 [ 7222995615BF93B628DCEA4BD6CCACF7 ] C:\Windows\System32\ubpm.dll
20:09:31.0473 5692 C:\Windows\System32\ubpm.dll - ok
20:09:31.0473 5692 [ A72FB4EEEF13D133C466D1EFF5DE2F0D ] C:\Windows\System32\SbNp.dll
20:09:31.0473 5692 C:\Windows\System32\SbNp.dll - ok
20:09:31.0489 5692 [ AE5FF948400A51B040F999BF04290373 ] C:\Windows\System32\winsta.dll
20:09:31.0489 5692 C:\Windows\System32\winsta.dll - ok
20:09:31.0489 5692 [ 26073302DAEA83CC5B944C546D6B47D2 ] C:\Windows\System32\scecli.dll
20:09:31.0489 5692 C:\Windows\System32\scecli.dll - ok
20:09:31.0489 5692 [ 54A47F6B5E09A77E61649109C6A08866 ] C:\Windows\System32\svchost.exe
20:09:31.0489 5692 C:\Windows\System32\svchost.exe - ok
20:09:31.0504 5692 [ 2CC2008F1296968FBA162ED9F9AFE328 ] C:\Windows\System32\umpnpmgr.dll
20:09:31.0504 5692 C:\Windows\System32\umpnpmgr.dll - ok
20:09:31.0504 5692 [ FD07F21E0A19C27ED4E1EEC2B07452B3 ] C:\Windows\System32\devrtl.dll
20:09:31.0504 5692 C:\Windows\System32\devrtl.dll - ok
20:09:31.0504 5692 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\System32\gpapi.dll
20:09:31.0504 5692 C:\Windows\System32\gpapi.dll - ok
20:09:31.0520 5692 [ 4BDBBE5E4208022DD794F7EEEB0F7366 ] C:\Windows\System32\SPInf.dll
20:09:31.0520 5692 C:\Windows\System32\SPInf.dll - ok
20:09:31.0520 5692 [ 9C0DC1DAAD14D443DD5A0D1EE78D775E ] C:\Windows\System32\userenv.dll
20:09:31.0520 5692 C:\Windows\System32\userenv.dll - ok
20:09:31.0520 5692 [ 5893EBDCE371174AC89ECD7731DD6D77 ] C:\Windows\System32\pcwum.dll
20:09:31.0520 5692 C:\Windows\System32\pcwum.dll - ok
20:09:31.0520 5692 [ DBFF83F709A91049621C1D35DD45C92C ] C:\Windows\System32\umpo.dll
20:09:31.0520 5692 C:\Windows\System32\umpo.dll - ok
20:09:31.0535 5692 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\System32\powrprof.dll
20:09:31.0535 5692 C:\Windows\System32\powrprof.dll - ok
20:09:31.0535 5692 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] C:\Windows\System32\drivers\luafv.sys
20:09:31.0535 5692 C:\Windows\System32\drivers\luafv.sys - ok
20:09:31.0551 5692 [ 6A3A5DF6136831E54AE1DB31CB39A799 ] C:\Windows\System32\drivers\Sftvolwin7.sys
20:09:31.0551 5692 C:\Windows\System32\drivers\Sftvolwin7.sys - ok
20:09:31.0551 5692 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] C:\Windows\System32\drivers\WUDFPf.sys
20:09:31.0551 5692 C:\Windows\System32\drivers\WUDFPf.sys - ok
20:09:31.0551 5692 [ 2F0C274D57E3867B31D5034740AD9B19 ] C:\Windows\System32\nvvsvc.exe
20:09:31.0551 5692 C:\Windows\System32\nvvsvc.exe - ok
20:09:31.0567 5692 [ B82CD39E336973359D7C9BF911E8E84F ] C:\Windows\System32\rpcss.dll
20:09:31.0567 5692 C:\Windows\System32\rpcss.dll - ok
20:09:31.0567 5692 [ 78D072F35BC45D9E4E1B61895C152234 ] C:\Windows\System32\RpcEpMap.dll
20:09:31.0567 5692 C:\Windows\System32\RpcEpMap.dll - ok
20:09:31.0567 5692 [ 81F08948A0F1475894C99D4D19A158A8 ] C:\Windows\System32\wshqos.dll
20:09:31.0567 5692 C:\Windows\System32\wshqos.dll - ok
20:09:31.0582 5692 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\System32\WSHTCPIP.DLL
20:09:31.0582 5692 C:\Windows\System32\WSHTCPIP.DLL - ok
20:09:31.0582 5692 [ 3F50200237961034FACE602373838980 ] C:\Windows\System32\FirewallAPI.dll
20:09:31.0582 5692 C:\Windows\System32\FirewallAPI.dll - ok
20:09:31.0582 5692 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\System32\version.dll
20:09:31.0582 5692 C:\Windows\System32\version.dll - ok
20:09:31.0582 5692 [ 2873DFE622F4A3929D93F7BC85ADE13E ] C:\Windows\System32\wevtsvc.dll
20:09:31.0582 5692 C:\Windows\System32\wevtsvc.dll - ok
20:09:31.0598 5692 [ 510C873BFA135AA829F4180352772734 ] C:\Windows\System32\audiosrv.dll
20:09:31.0598 5692 C:\Windows\System32\audiosrv.dll - ok
20:09:31.0598 5692 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\System32\ntmarta.dll
20:09:31.0598 5692 C:\Windows\System32\ntmarta.dll - ok
20:09:31.0598 5692 [ AC8C80DC4F1A6E60C9A762C1799F0B39 ] C:\Windows\System32\adtschema.dll
20:09:31.0598 5692 C:\Windows\System32\adtschema.dll - ok
20:09:31.0613 5692 [ 139D3AB6AA920C34C50CBFFB9EB7D222 ] C:\Windows\System32\avrt.dll
20:09:31.0613 5692 C:\Windows\System32\avrt.dll - ok
20:09:31.0613 5692 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] C:\Windows\System32\dot3svc.dll
20:09:31.0613 5692 C:\Windows\System32\dot3svc.dll - ok
20:09:31.0613 5692 [ 90F4AB6DEDE1D075FC9656675D95C03B ] C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\stacsv.exe
20:09:31.0613 5692 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\stacsv.exe - ok
20:09:31.0629 5692 [ 146B6F43A673379A3C670E86D89BE5EA ] C:\Windows\System32\mmcss.dll
20:09:31.0629 5692 C:\Windows\System32\mmcss.dll - ok
20:09:31.0629 5692 [ 8C680C0E6B3D6711B2B88AC82FE1804E ] C:\Windows\System32\MMDevAPI.dll
20:09:31.0629 5692 C:\Windows\System32\MMDevAPI.dll - ok
20:09:31.0629 5692 [ 26EAEE08CAF82AA7F03C5020F51DA541 ] C:\Windows\System32\propsys.dll
20:09:31.0629 5692 C:\Windows\System32\propsys.dll - ok
20:09:31.0645 5692 [ 0E85C11F8850D524B02181C6E02BA9AE ] C:\Windows\System32\dsound.dll
20:09:31.0645 5692 C:\Windows\System32\dsound.dll - ok
20:09:31.0645 5692 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] C:\Windows\System32\QAGENTRT.DLL
20:09:31.0645 5692 C:\Windows\System32\QAGENTRT.DLL - ok
20:09:31.0660 5692 [ 16935C98FF639D185086A3529B1F2067 ] C:\Windows\System32\wlansvc.dll
20:09:31.0660 5692 C:\Windows\System32\wlansvc.dll - ok
20:09:31.0660 5692 [ 26A634B2E0FD87F23541AD13A503CA72 ] C:\Windows\System32\winmm.dll
20:09:31.0660 5692 C:\Windows\System32\winmm.dll - ok
20:09:31.0660 5692 [ 5826854E4E420E29F59C2865F0FA562F ] C:\Program Files\Windows Defender\MpEvMsg.dll
20:09:31.0660 5692 C:\Program Files\Windows Defender\MpEvMsg.dll - ok
20:09:31.0676 5692 [ 630CF26F0227498B7D5A92B12548960F ] C:\Windows\System32\profsvc.dll
20:09:31.0676 5692 C:\Windows\System32\profsvc.dll - ok
20:09:31.0676 5692 [ 8EC6A4AB12B8F3759E21F8E3A388F2CF ] C:\Windows\System32\winlogon.exe
20:09:31.0676 5692 C:\Windows\System32\winlogon.exe - ok
20:09:31.0676 5692 [ FA16EDF34854804A2BE5F6A93CC352EE ] C:\Windows\System32\stapi32.dll
20:09:31.0676 5692 C:\Windows\System32\stapi32.dll - ok
20:09:31.0691 5692 [ AFBB5060A2DAD431A2EAEB2C86CFFE81 ] C:\Windows\System32\AudioSes.dll
20:09:31.0691 5692 C:\Windows\System32\AudioSes.dll - ok
20:09:31.0691 5692 [ 1B97EBF7F60798814C4E5C8FDC79EAD2 ] C:\Windows\System32\LogonUI.exe
20:09:31.0691 5692 C:\Windows\System32\LogonUI.exe - ok
20:09:31.0691 5692 [ FABFC817547EABB19B74849CEF410622 ] C:\Windows\System32\authui.dll
20:09:31.0691 5692 C:\Windows\System32\authui.dll - ok
20:09:31.0707 5692 [ B45DA4D9075AF4297DF675CCD11D4997 ] C:\Windows\System32\audiodg.exe
20:09:31.0707 5692 C:\Windows\System32\audiodg.exe - ok
20:09:31.0707 5692 [ E8132FB3BAC7C0CDBD581485B8BA947F ] C:\Windows\System32\cryptui.dll
20:09:31.0707 5692 C:\Windows\System32\cryptui.dll - ok
20:09:31.0707 5692 [ 4B8DD8541C0E26602005DD0137333615 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
20:09:31.0707 5692 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll - ok
20:09:31.0723 5692 [ 56FB5F222EA30D3D3FC459879772CB73 ] C:\Windows\System32\cscsvc.dll
20:09:31.0723 5692 C:\Windows\System32\cscsvc.dll - ok
20:09:31.0723 5692 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] C:\Windows\System32\gpsvc.dll
20:09:31.0723 5692 C:\Windows\System32\gpsvc.dll - ok
20:09:31.0723 5692 [ 772F44012DBE49DE894976AE2259A659 ] C:\Windows\System32\PeerDist.dll
20:09:31.0723 5692 C:\Windows\System32\PeerDist.dll - ok
20:09:31.0738 5692 [ 21012407E8C74AA72BBB485B0FC197FE ] C:\Windows\System32\taskschd.dll
20:09:31.0738 5692 C:\Windows\System32\taskschd.dll - ok
20:09:31.0738 5692 [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\System32\atl.dll
20:09:31.0738 5692 C:\Windows\System32\atl.dll - ok
20:09:31.0738 5692 [ 2F040CF0613A6D64DCBBA9EE81F5A5AE ] C:\Windows\System32\dsrole.dll
20:09:31.0738 5692 C:\Windows\System32\dsrole.dll - ok
20:09:31.0754 5692 [ 045DB4EAB4FBD23210E85ECC3F464A2E ] C:\Windows\System32\nlaapi.dll
20:09:31.0754 5692 C:\Windows\System32\nlaapi.dll - ok
20:09:31.0754 5692 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\System32\slc.dll
20:09:31.0754 5692 C:\Windows\System32\slc.dll - ok
20:09:31.0754 5692 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] C:\Windows\System32\themeservice.dll
20:09:31.0754 5692 C:\Windows\System32\themeservice.dll - ok
20:09:31.0754 5692 [ F6916EFC29D9953D5D0DF06882AE8E16 ] C:\Windows\System32\es.dll
20:09:31.0754 5692 C:\Windows\System32\es.dll - ok
20:09:31.0769 5692 [ 808D8A8B2A3074002852BC856D419576 ] C:\Windows\System32\comres.dll
20:09:31.0769 5692 C:\Windows\System32\comres.dll - ok
20:09:31.0769 5692 [ 0089563F324FA784DA849D6A636141E0 ] C:\Windows\System32\mstask.dll
20:09:31.0769 5692 C:\Windows\System32\mstask.dll - ok
20:09:31.0769 5692 [ DCB7FCDCC97F87360F75D77425B81737 ] C:\Windows\System32\Sens.dll
20:09:31.0769 5692 C:\Windows\System32\Sens.dll - ok
20:09:31.0785 5692 [ 63BFDF555DA2075A77D677829C3CCCD0 ] C:\Windows\System32\uxtheme.dll
20:09:31.0785 5692 C:\Windows\System32\uxtheme.dll - ok
20:09:31.0785 5692 [ 081E6E1C91AEC36758902A9F727CD23C ] C:\Windows\System32\uxsms.dll
20:09:31.0785 5692 C:\Windows\System32\uxsms.dll - ok
20:09:31.0785 5692 [ E30E5BB0DBA49EFE5BBBAFEA440CFBD9 ] C:\Windows\System32\wtsapi32.dll
20:09:31.0785 5692 C:\Windows\System32\wtsapi32.dll - ok
20:09:31.0785 5692 [ 688975CEA9ADD749E339168A2841205A ] C:\Windows\System32\WUDFPlatform.dll
20:09:31.0785 5692 C:\Windows\System32\WUDFPlatform.dll - ok
20:09:31.0801 5692 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] C:\Windows\System32\WUDFSvc.dll
20:09:31.0801 5692 C:\Windows\System32\WUDFSvc.dll - ok
20:09:31.0801 5692 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] C:\Windows\System32\drivers\scfilter.sys
20:09:31.0801 5692 C:\Windows\System32\drivers\scfilter.sys - ok
20:09:31.0801 5692 [ C6E7AB7E798167095987EBCCB76DF61B ] C:\Windows\System32\WUDFHost.exe
20:09:31.0801 5692 C:\Windows\System32\WUDFHost.exe - ok
20:09:31.0816 5692 [ 843D21A20736016E5613E4B51EA60D46 ] C:\Windows\System32\winusb.dll
20:09:31.0816 5692 C:\Windows\System32\winusb.dll - ok
20:09:31.0816 5692 [ 390261F19400BA8F7C318CD3DC0EE242 ] C:\Windows\System32\WUDFx.dll
20:09:31.0816 5692 C:\Windows\System32\WUDFx.dll - ok
20:09:31.0816 5692 [ 0470997A5ADC2FCDDCB3461D92073FAA ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\GdiPlus.dll
20:09:31.0816 5692 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\GdiPlus.dll - ok
20:09:31.0832 5692 [ 7B61BAAD41FCFD8A80D49AA5003AE9D0 ] C:\Windows\System32\drivers\UMDF\WUDFUsbccidDriver.dll
20:09:31.0832 5692 C:\Windows\System32\drivers\UMDF\WUDFUsbccidDriver.dll - ok
20:09:31.0832 5692 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\System32\dui70.dll
20:09:31.0832 5692 C:\Windows\System32\dui70.dll - ok
20:09:31.0832 5692 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] C:\Windows\System32\drivers\lltdio.sys
20:09:31.0832 5692 C:\Windows\System32\drivers\lltdio.sys - ok
20:09:31.0832 5692 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] C:\Windows\System32\drivers\ndisuio.sys
20:09:31.0832 5692 C:\Windows\System32\drivers\ndisuio.sys - ok
20:09:31.0847 5692 [ 26384429FCD85D83746F63E798AB1480 ] C:\Windows\System32\drivers\nwifi.sys
20:09:31.0847 5692 C:\Windows\System32\drivers\nwifi.sys - ok
20:09:31.0847 5692 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\System32\duser.dll
20:09:31.0847 5692 C:\Windows\System32\duser.dll - ok
20:09:31.0847 5692 [ 6B18F23108E6FA70B9F62B4D89668ED8 ] C:\Windows\System32\SndVolSSO.dll
20:09:31.0847 5692 C:\Windows\System32\SndVolSSO.dll - ok
20:09:31.0863 5692 [ 032B0D36AD92B582D869879F5AF5B928 ] C:\Windows\System32\drivers\rspndr.sys
20:09:31.0863 5692 C:\Windows\System32\drivers\rspndr.sys - ok
20:09:31.0863 5692 [ 8600142FA91C1B96367D3300AD0F3F3A ] C:\Windows\System32\eapsvc.dll
20:09:31.0863 5692 C:\Windows\System32\eapsvc.dll - ok
20:09:31.0863 5692 [ 63DF770DF74ACB370EF5A16727069AAF ] C:\Windows\System32\hid.dll
20:09:31.0863 5692 C:\Windows\System32\hid.dll - ok
20:09:31.0879 5692 [ 6095266CAAF5E75F394CFD4844CC4C25 ] C:\Windows\System32\IPHLPAPI.DLL
20:09:31.0879 5692 C:\Windows\System32\IPHLPAPI.DLL - ok
20:09:31.0879 5692 [ AF75DBA674E55221B7A055B0A4345F16 ] C:\Windows\System32\keyiso.dll
20:09:31.0879 5692 C:\Windows\System32\keyiso.dll - ok
20:09:31.0879 5692 [ 55CA01BA19D0006C8F2639B6C045E08B ] C:\Windows\System32\lmhsvc.dll
20:09:31.0879 5692 C:\Windows\System32\lmhsvc.dll - ok
20:09:31.0894 5692 [ 16707EC5FD029A4415B138796F0981CE ] C:\Windows\System32\nrpsrv.dll
20:09:31.0894 5692 C:\Windows\System32\nrpsrv.dll - ok
20:09:31.0894 5692 [ BA387E955E890C8A88306D9B8D06BF17 ] C:\Windows\System32\nsisvc.dll
20:09:31.0894 5692 C:\Windows\System32\nsisvc.dll - ok
20:09:31.0894 5692 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\System32\winnsi.dll
20:09:31.0894 5692 C:\Windows\System32\winnsi.dll - ok
20:09:31.0894 5692 [ C56495FBD770712367CAD35E5DE72DA6 ] C:\Windows\System32\dhcpcore.dll
20:09:31.0894 5692 C:\Windows\System32\dhcpcore.dll - ok
20:09:31.0910 5692 [ 496C56361F57C2CA54931EBBC7D6C2CF ] C:\Windows\System32\eapphost.dll
20:09:31.0910 5692 C:\Windows\System32\eapphost.dll - ok
20:09:31.0910 5692 [ 990A58A0B01720E419B55EFC5FF387F8 ] C:\Windows\System32\dhcpcore6.dll
20:09:31.0910 5692 C:\Windows\System32\dhcpcore6.dll - ok
20:09:31.0910 5692 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\System32\dwmapi.dll
20:09:31.0910 5692 C:\Windows\System32\dwmapi.dll - ok
20:09:31.0910 5692 [ 91DA0906B27ADC98B7CC9D17F6F8227C ] C:\Windows\System32\umb.dll
20:09:31.0910 5692 C:\Windows\System32\umb.dll - ok
20:09:31.0925 5692 [ 7BF5EA753D4CC056B9462A02AC51B160 ] C:\Windows\System32\xmllite.dll
20:09:31.0925 5692 C:\Windows\System32\xmllite.dll - ok
20:09:31.0925 5692 [ B15BE77A2BACF9C3177D27518AFE26A9 ] C:\Windows\System32\dnsrslvr.dll
20:09:31.0925 5692 C:\Windows\System32\dnsrslvr.dll - ok
20:09:31.0925 5692 [ 4A139DDC4FF1CFD8582B5F4686E3FD14 ] C:\Windows\System32\dot3gpclnt.dll
20:09:31.0925 5692 C:\Windows\System32\dot3gpclnt.dll - ok
20:09:31.0941 5692 [ 1D3E3FC4869C854E91BA2C0ED42010A9 ] C:\Windows\System32\dot3msm.dll
20:09:31.0941 5692 C:\Windows\System32\dot3msm.dll - ok
20:09:31.0941 5692 [ 158117F3CF278F01C6F24E89E2141E81 ] C:\Windows\System32\FWPUCLNT.DLL
20:09:31.0941 5692 C:\Windows\System32\FWPUCLNT.DLL - ok
20:09:31.0941 5692 [ C1585EAA67C37A05BF6F93726FAFC069 ] C:\Windows\System32\l2gpstore.dll
20:09:31.0941 5692 C:\Windows\System32\l2gpstore.dll - ok
20:09:31.0957 5692 [ 4DBC81CEFE9DB36856880BFB3491C100 ] C:\Windows\System32\msxml6.dll
20:09:31.0957 5692 C:\Windows\System32\msxml6.dll - ok
20:09:31.0957 5692 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\System32\dhcpcsvc.dll
20:09:31.0957 5692 C:\Windows\System32\dhcpcsvc.dll - ok
20:09:31.0957 5692 [ 29CA5974FAB0E8AE4AA7814FE05CF832 ] C:\Windows\System32\dhcpcsvc6.dll
20:09:31.0957 5692 C:\Windows\System32\dhcpcsvc6.dll - ok
20:09:31.0957 5692 [ 100103C6535C66265267F5EEA5F5846E ] C:\Windows\System32\dnsext.dll
20:09:31.0957 5692 C:\Windows\System32\dnsext.dll - ok
20:09:31.0972 5692 [ 81E1423A5D3F0F350307B537D33599FC ] C:\Windows\System32\wlanmsm.dll
20:09:31.0972 5692 C:\Windows\System32\wlanmsm.dll - ok
20:09:31.0972 5692 [ ADEE99F825F8C247C37541EA102CA975 ] C:\Windows\System32\onex.dll
20:09:31.0972 5692 C:\Windows\System32\onex.dll - ok
20:09:31.0972 5692 [ 20C06A50DFC097E134BC6FA8444CA9BC ] C:\Windows\System32\wlansec.dll
20:09:31.0972 5692 C:\Windows\System32\wlansec.dll - ok
20:09:31.0988 5692 [ 5A5FEDDF02588B8F9FE4A95E5E7EAE97 ] C:\Windows\System32\eappcfg.dll
20:09:31.0988 5692 C:\Windows\System32\eappcfg.dll - ok
20:09:31.0988 5692 [ 666E57B6B51824D1D235F80A3DD70A13 ] C:\Windows\System32\eappprxy.dll
20:09:31.0988 5692 C:\Windows\System32\eappprxy.dll - ok
20:09:31.0988 5692 [ 3C33562F4FAE3D58E47F662DCE07675E ] C:\Windows\System32\WinSCard.dll
20:09:31.0988 5692 C:\Windows\System32\WinSCard.dll - ok
20:09:32.0003 5692 [ 1D6A771D1D702AE07919DB52C889A249 ] C:\Windows\System32\wlanutil.dll
20:09:32.0003 5692 C:\Windows\System32\wlanutil.dll - ok
20:09:32.0003 5692 [ 749F9795F01C35EEBE100A87D82B9681 ] C:\Windows\System32\wlgpclnt.dll
20:09:32.0003 5692 C:\Windows\System32\wlgpclnt.dll - ok
20:09:32.0003 5692 [ 3E5BC12EED0C829561A23DC4200C62FB ] C:\Windows\System32\rastls.dll
20:09:32.0003 5692 C:\Windows\System32\rastls.dll - ok
20:09:32.0019 5692 [ D3EAD1CF16BA729A7F7C9A5D94AA7C05 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll
20:09:32.0019 5692 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll - ok
20:09:32.0019 5692 [ 75DD1448B57D1F9382A8B59ED8E3790B ] C:\Windows\System32\raschap.dll
20:09:32.0019 5692 C:\Windows\System32\raschap.dll - ok
20:09:32.0035 5692 [ 406F7B9C71B99872670EE9A8D52E2FE5 ] C:\Windows\System32\rtutils.dll
20:09:32.0035 5692 C:\Windows\System32\rtutils.dll - ok
20:09:32.0035 5692 [ 702A13ED6F2B4740FA77A7A19B382348 ] C:\Windows\System32\credui.dll
20:09:32.0035 5692 C:\Windows\System32\credui.dll - ok
20:09:32.0035 5692 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\System32\rasapi32.dll
20:09:32.0035 5692 C:\Windows\System32\rasapi32.dll - ok
20:09:32.0050 5692 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\System32\rasman.dll
20:09:32.0050 5692 C:\Windows\System32\rasman.dll - ok
20:09:32.0050 5692 [ C30A3E5DEEEBA22E782AC54C5AF5F352 ] C:\Windows\System32\samlib.dll
20:09:32.0050 5692 C:\Windows\System32\samlib.dll - ok
20:09:32.0050 5692 [ C5B5CCDBF8ED1475240313ED88234E3F ] C:\Windows\System32\netcfgx.dll
20:09:32.0050 5692 C:\Windows\System32\netcfgx.dll - ok
20:09:32.0066 5692 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] C:\Windows\System32\shsvcs.dll
20:09:32.0066 5692 C:\Windows\System32\shsvcs.dll - ok
20:09:32.0066 5692 [ DF1E5C82E4D09CF8105CC644980C4803 ] C:\Windows\System32\schedsvc.dll
20:09:32.0066 5692 C:\Windows\System32\schedsvc.dll - ok
20:09:32.0066 5692 [ 38B13C0DF479DBA23ECFA815159BA86E ] C:\Windows\System32\ktmw32.dll
20:09:32.0066 5692 C:\Windows\System32\ktmw32.dll - ok
20:09:32.0081 5692 [ 5DE691884C240227B733CC18BBFCA3D8 ] C:\Windows\System32\netapi32.dll
20:09:32.0081 5692 C:\Windows\System32\netapi32.dll - ok
20:09:32.0081 5692 [ 7AD12703039056D2A0815F85960E1FA1 ] C:\Windows\System32\wkscli.dll
20:09:32.0081 5692 C:\Windows\System32\wkscli.dll - ok
20:09:32.0081 5692 [ EF8808FEA65723214D79734BDB79EBF6 ] C:\Windows\System32\taskcomp.dll
20:09:32.0081 5692 C:\Windows\System32\taskcomp.dll - ok
20:09:32.0097 5692 [ DB7F4DE9079F8D073622F18A96A671D5 ] C:\Windows\System32\fveapi.dll
20:09:32.0097 5692 C:\Windows\System32\fveapi.dll - ok
20:09:32.0097 5692 [ C87F28A34B3840F4B40011D170B1A159 ] C:\Windows\System32\fvecerts.dll
20:09:32.0097 5692 C:\Windows\System32\fvecerts.dll - ok
20:09:32.0097 5692 [ EAFC149CD3BD78C443E31BB157841197 ] C:\Windows\System32\tbs.dll
20:09:32.0097 5692 C:\Windows\System32\tbs.dll - ok
20:09:32.0113 5692 [ E0FE1259D88A89493098D9269144FD5F ] C:\Windows\System32\wiarpc.dll
20:09:32.0113 5692 C:\Windows\System32\wiarpc.dll - ok
20:09:32.0113 5692 [ 8B0B4C5927A333A05513791758350DC4 ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
20:09:32.0113 5692 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
20:09:32.0113 5692 [ 04C20DBC09884A27F65EBD721B42F073 ] C:\Windows\System32\mssha.dll
20:09:32.0113 5692 C:\Windows\System32\mssha.dll - ok
20:09:32.0128 5692 [ C531C7FD9E8B62021112787C4E2C5A5A ] C:\Windows\System32\drivers\http.sys
20:09:32.0128 5692 C:\Windows\System32\drivers\http.sys - ok
20:09:32.0128 5692 [ D1BB750EB51694DE183E08B9C33BE5B2 ] C:\Windows\System32\spoolsv.exe
20:09:32.0128 5692 C:\Windows\System32\spoolsv.exe - ok
20:09:32.0128 5692 [ 7520EC808E0C35E0EE6F841294316653 ] C:\Windows\System32\drivers\fltMgr.sys
20:09:32.0128 5692 C:\Windows\System32\drivers\fltMgr.sys - ok
20:09:32.0144 5692 [ 284783C6158F9A6AD7F2796B2ABE7E8E ] C:\Windows\System32\ci.dll
20:09:32.0144 5692 C:\Windows\System32\ci.dll - ok
20:09:32.0144 5692 [ 691C8DFB208227F0CBB5C0897C742ACE ] C:\Windows\System32\WindowsCodecs.dll
20:09:32.0144 5692 C:\Windows\System32\WindowsCodecs.dll - ok
20:09:32.0159 5692 [ D93A937A2A9D2CBC06B3A615A197011F ] C:\Windows\System32\PSHED.DLL
20:09:32.0159 5692 C:\Windows\System32\PSHED.DLL - ok
20:09:32.0159 5692 [ B24ABFAB2D541996A38905369D511953 ] C:\Windows\System32\wdmaud.drv
20:09:32.0159 5692 C:\Windows\System32\wdmaud.drv - ok
20:09:32.0159 5692 [ 9C67F6BBDA3881CFD02095160CF91576 ] C:\Windows\System32\ksuser.dll
20:09:32.0159 5692 C:\Windows\System32\ksuser.dll - ok
20:09:32.0159 5692 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\System32\winbrand.dll
20:09:32.0159 5692 C:\Windows\System32\winbrand.dll - ok
20:09:32.0175 5692 [ F79828CEF4F501F60F94B1CD00C47041 ] C:\Windows\System32\dot3api.dll
20:09:32.0175 5692 C:\Windows\System32\dot3api.dll - ok
20:09:32.0175 5692 [ F607FEC4722DDCBD94A133278D787095 ] C:\Windows\System32\l2nacp.dll
20:09:32.0175 5692 C:\Windows\System32\l2nacp.dll - ok
20:09:32.0175 5692 [ 9F1BB2E5177D8C7AF7CC45BFC18010C8 ] C:\Windows\System32\SmartcardCredentialProvider.dll
20:09:32.0175 5692 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
20:09:32.0191 5692 [ 65BF13016A3C22775F3E17591AE5268A ] C:\Windows\System32\VaultCredProvider.dll
20:09:32.0191 5692 C:\Windows\System32\VaultCredProvider.dll - ok
20:09:32.0191 5692 [ 1F5497D7D3D79C7BF0AB0C8B4C5BFE6E ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
20:09:32.0191 5692 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
20:09:32.0206 5692 [ 8FC518FFE9519C2631D37515A68009C4 ] C:\Windows\System32\SCardSvr.dll
20:09:32.0206 5692 C:\Windows\System32\SCardSvr.dll - ok
20:09:32.0206 5692 [ 2F98FF02126CAF10F4A3CED24F79A897 ] C:\Program Files\McAfee\Endpoint Encryption for PC\SbCredProv.dll
20:09:32.0206 5692 C:\Program Files\McAfee\Endpoint Encryption for PC\SbCredProv.dll - ok
20:09:32.0206 5692 [ 85AC71C045CEB054ED48A7841AAE0C11 ] C:\Windows\System32\BFE.DLL
20:09:32.0206 5692 C:\Windows\System32\BFE.DLL - ok
20:09:32.0222 5692 [ E59F08ED9D2A128CE436BBFC232247F6 ] C:\Windows\System32\BioCredProv.dll
20:09:32.0222 5692 C:\Windows\System32\BioCredProv.dll - ok
20:09:32.0222 5692 [ 742AA02BD9FA3492C9E525BBD427D87D ] C:\Windows\System32\samcli.dll
20:09:32.0222 5692 C:\Windows\System32\samcli.dll - ok
20:09:32.0222 5692 [ 36B8D5903CEEF0AA42A1EE002BD27FF1 ] C:\Windows\System32\vaultcli.dll
20:09:32.0222 5692 C:\Windows\System32\vaultcli.dll - ok
20:09:32.0237 5692 [ 3FAD263CE1E2A6FFF40D00043B2275E3 ] C:\Windows\System32\winbio.dll
20:09:32.0237 5692 C:\Windows\System32\winbio.dll - ok
20:09:32.0237 5692 [ 6D8CACF3B1B54943EFCF420C2D667B37 ] C:\Windows\System32\certCredProvider.dll
20:09:32.0237 5692 C:\Windows\System32\certCredProvider.dll - ok
20:09:32.0237 5692 [ FFE4BEC5C187C426A17AE76A773063A6 ] C:\Windows\System32\rasplap.dll
20:09:32.0237 5692 C:\Windows\System32\rasplap.dll - ok
20:09:32.0253 5692 [ 0E6DCD164732580CC1E57276252F49CF ] C:\Windows\System32\polstore.dll
20:09:32.0253 5692 C:\Windows\System32\polstore.dll - ok
20:09:32.0253 5692 [ A12829E9974F57E9B5DBFEA7C93190F6 ] C:\Windows\System32\UXInit.dll
20:09:32.0253 5692 C:\Windows\System32\UXInit.dll - ok
20:09:32.0253 5692 [ 4D59A5B6EF0AF6F9FDF3D157534380AF ] C:\Windows\System32\oleacc.dll
20:09:32.0253 5692 C:\Windows\System32\oleacc.dll - ok
20:09:32.0269 5692 [ FD049C25A168D3DE310D9207B7B6367B ] C:\Windows\System32\UIAutomationCore.dll
20:09:32.0269 5692 C:\Windows\System32\UIAutomationCore.dll - ok
20:09:32.0269 5692 [ AAA79014AD74242A5EEB1B30DA29A011 ] C:\Windows\System32\nvsvc.dll
20:09:32.0269 5692 C:\Windows\System32\nvsvc.dll - ok
20:09:32.0284 5692 [ 5A12C364AD1D4FCC0AD0E56DBBC34462 ] C:\Windows\System32\midimap.dll
20:09:32.0284 5692 C:\Windows\System32\midimap.dll - ok
20:09:32.0284 5692 [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\System32\msacm32.dll
20:09:32.0284 5692 C:\Windows\System32\msacm32.dll - ok
20:09:32.0284 5692 [ 07393A09C46083588E751B63B03C8301 ] C:\Windows\System32\msacm32.drv
20:09:32.0284 5692 C:\Windows\System32\msacm32.drv - ok
20:09:32.0284 5692 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\System32\msimg32.dll
20:09:32.0284 5692 C:\Windows\System32\msimg32.dll - ok
20:09:32.0300 5692 [ 4AB02CA5F9816F40CC569BC0B8EFA4AB ] C:\Windows\System32\nvapi.dll
20:09:32.0300 5692 C:\Windows\System32\nvapi.dll - ok
20:09:32.0300 5692 [ BBA9D5A730D5E304117AD26923EBD8AA ] C:\Windows\System32\AudioEng.dll
20:09:32.0300 5692 C:\Windows\System32\AudioEng.dll - ok
20:09:32.0300 5692 [ B93C392A00613BEE96FC1BFEC4B6D372 ] C:\Windows\System32\nvsvcr.dll
20:09:32.0300 5692 C:\Windows\System32\nvsvcr.dll - ok
20:09:32.0315 5692 [ 96F0F8F4DEE598C8D12AD9633E0CFE2A ] C:\Windows\System32\AUDIOKSE.dll
20:09:32.0315 5692 C:\Windows\System32\AUDIOKSE.dll - ok
20:09:32.0315 5692 [ 32C5FB0CF35B2E89456A0BCD545C9125 ] C:\Windows\System32\stapo.dll
20:09:32.0315 5692 C:\Windows\System32\stapo.dll - ok
20:09:32.0315 5692 [ 4E30ED3E551E867ADD1C8D58F5EDD9DF ] C:\Windows\System32\WMALFXGFXDSP.dll
20:09:32.0315 5692 C:\Windows\System32\WMALFXGFXDSP.dll - ok
20:09:32.0331 5692 [ 5612D9B2DFA9FBAA0540CF2D2CDC8935 ] C:\Windows\System32\nvcpl.dll
20:09:32.0331 5692 C:\Windows\System32\nvcpl.dll - ok
20:09:32.0331 5692 [ 40B82688907A7DBA4DB3B5ADDE3EAB3B ] C:\Windows\System32\mfplat.dll
20:09:32.0331 5692 C:\Windows\System32\mfplat.dll - ok
20:09:32.0331 5692 [ 5E30266A29B643AA33CC95DC922C0FE4 ] C:\Windows\System32\aestaren.dll
20:09:32.0331 5692 C:\Windows\System32\aestaren.dll - ok

Stay tuned for part 2

John

#8 johnhock

johnhock
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 15 December 2012 - 10:51 PM

Hey Gringo,

Here's the rest:

TDSSKiller Part 2

20:09:32.0347 5692 [ A081EDD1F4E43A4DB84F1B4DC345731A ] C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo32.dll
20:09:32.0347 5692 C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo32.dll - ok
20:09:32.0347 5692 [ A5B18C5B956C13CF0A25000F40B1B522 ] C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcshp32.dll
20:09:32.0347 5692 C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcshp32.dll - ok
20:09:32.0347 5692 [ 55A8708184A757E96D73C373F780E562 ] C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slh36032.dll
20:09:32.0347 5692 C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slh36032.dll - ok
20:09:32.0347 5692 [ 94D4BA5B48116BE757EE1E84DC5881E9 ] C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sltshd32.dll
20:09:32.0347 5692 C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sltshd32.dll - ok
20:09:32.0362 5692 [ 61E02CC3184B63FAFE0B83EAC8B3B8EF ] C:\Windows\System32\winspool.drv
20:09:32.0362 5692 C:\Windows\System32\winspool.drv - ok
20:09:32.0362 5692 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] C:\Windows\System32\drivers\bowser.sys
20:09:32.0362 5692 C:\Windows\System32\drivers\bowser.sys - ok
20:09:32.0378 5692 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] C:\Windows\System32\drivers\mpsdrv.sys
20:09:32.0378 5692 C:\Windows\System32\drivers\mpsdrv.sys - ok
20:09:32.0378 5692 [ CA7570E42522E24324A12161DB14EC02 ] C:\Windows\System32\drivers\mrxsmb.sys
20:09:32.0378 5692 C:\Windows\System32\drivers\mrxsmb.sys - ok
20:09:32.0393 5692 [ 5CD996CECF45CBC3E8D109C86B82D69E ] C:\Windows\System32\MPSSVC.dll
20:09:32.0393 5692 C:\Windows\System32\MPSSVC.dll - ok
20:09:32.0393 5692 [ 019C372B1A9DA73A22D0D35A4D40F5C9 ] C:\Windows\System32\wfapigp.dll
20:09:32.0393 5692 C:\Windows\System32\wfapigp.dll - ok
20:09:32.0393 5692 [ 205B7034B64DE5A68DEB96B47B7E889B ] C:\Windows\System32\mscms.dll
20:09:32.0393 5692 C:\Windows\System32\mscms.dll - ok
20:09:32.0409 5692 [ 358AB7956D3160000726574083DFC8A6 ] C:\Windows\System32\pcasvc.dll
20:09:32.0409 5692 C:\Windows\System32\pcasvc.dll - ok
20:09:32.0409 5692 [ 6A984831644ECA1A33FFEAE4126F4F37 ] C:\Windows\System32\snmptrap.exe
20:09:32.0409 5692 C:\Windows\System32\snmptrap.exe - ok
20:09:32.0409 5692 [ E223D2851906B84F52E1B75EA16198F9 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll
20:09:32.0409 5692 C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll - ok
20:09:32.0425 5692 [ F965C3AB2B2AE5C378F4562486E35051 ] C:\Windows\System32\drivers\mrxsmb10.sys
20:09:32.0425 5692 C:\Windows\System32\drivers\mrxsmb10.sys - ok
20:09:32.0425 5692 [ 25C38264A3C72594DD21D355D70D7A5D ] C:\Windows\System32\drivers\mrxsmb20.sys
20:09:32.0425 5692 C:\Windows\System32\drivers\mrxsmb20.sys - ok
20:09:32.0425 5692 [ B9891F885DCF1F0513A51CB58493CB1F ] C:\Windows\System32\wkssvc.dll
20:09:32.0425 5692 C:\Windows\System32\wkssvc.dll - ok
20:09:32.0440 5692 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] C:\Windows\System32\drivers\parport.sys
20:09:32.0440 5692 C:\Windows\System32\drivers\parport.sys - ok
20:09:32.0440 5692 [ 3C0F2F2E469CE2404EDA8A16EF95005C ] C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientManager.exe
20:09:32.0440 5692 C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientManager.exe - ok
20:09:32.0440 5692 [ CA86A5C5A7C5F216FE2D272F50AC24B6 ] C:\Program Files\McAfee\Endpoint Encryption for PC\SbDbMgr.dll
20:09:32.0440 5692 C:\Program Files\McAfee\Endpoint Encryption for PC\SbDbMgr.dll - ok
20:09:32.0456 5692 [ EC7955114E3654BA043D13DD8893C066 ] C:\Program Files\McAfee\Endpoint Encryption for PC\SbComms.dll
20:09:32.0456 5692 C:\Program Files\McAfee\Endpoint Encryption for PC\SbComms.dll - ok
20:09:32.0456 5692 [ 75D5F85ED958FAADEE59D589326F3441 ] C:\Program Files\McAfee\Endpoint Encryption for PC\SbGroupObj.dll
20:09:32.0456 5692 C:\Program Files\McAfee\Endpoint Encryption for PC\SbGroupObj.dll - ok
20:09:32.0456 5692 [ 6A7F605902B3FCCB7B447B5681F85C2C ] C:\Program Files\McAfee\Endpoint Encryption for PC\SbMachineObj.dll
20:09:32.0456 5692 C:\Program Files\McAfee\Endpoint Encryption for PC\SbMachineObj.dll - ok
20:09:32.0471 5692 [ 9E897B1838A9FBE2D008AE69609738E7 ] C:\Program Files\McAfee\Endpoint Encryption for PC\SbFileObj.dll
20:09:32.0471 5692 C:\Program Files\McAfee\Endpoint Encryption for PC\SbFileObj.dll - ok
20:09:32.0471 5692 [ 94977B941FE5EEC41B7DE2C115B0852B ] C:\Program Files\McAfee\Endpoint Encryption for PC\SbUserObj.dll
20:09:32.0471 5692 C:\Program Files\McAfee\Endpoint Encryption for PC\SbUserObj.dll - ok
20:09:32.0471 5692 [ D65961267B4577CA27A7899429D75676 ] C:\Program Files\McAfee\Endpoint Encryption for PC\SbHashesObj.dll
20:09:32.0471 5692 C:\Program Files\McAfee\Endpoint Encryption for PC\SbHashesObj.dll - ok
20:09:32.0487 5692 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:09:32.0487 5692 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
20:09:32.0487 5692 [ 9065029A655EC5C9147C596494974FBE ] C:\Program Files\McAfee\Endpoint Encryption for PC\SbChkDsk.dll
20:09:32.0487 5692 C:\Program Files\McAfee\Endpoint Encryption for PC\SbChkDsk.dll - ok
20:09:32.0487 5692 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
20:09:32.0487 5692 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
20:09:32.0503 5692 [ 827DBC22C96EECF6D36A13162FABAFD3 ] C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\AEstSrv.exe
20:09:32.0503 5692 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\AEstSrv.exe - ok
20:09:32.0503 5692 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] C:\Windows\System32\certprop.dll
20:09:32.0503 5692 C:\Windows\System32\certprop.dll - ok
20:09:32.0503 5692 [ 9C231178CE4FB385F4B54B0A9080B8A4 ] C:\Windows\System32\cryptsvc.dll
20:09:32.0503 5692 C:\Windows\System32\cryptsvc.dll - ok
20:09:32.0503 5692 [ 8F1B3EC763C297A901AA74013461B9E2 ] C:\Program Files\Dell\SysMgt\dsia\bin\DsiaSrv32.exe
20:09:32.0503 5692 C:\Program Files\Dell\SysMgt\dsia\bin\DsiaSrv32.exe - ok
20:09:32.0518 5692 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] C:\Windows\System32\dps.dll
20:09:32.0518 5692 C:\Windows\System32\dps.dll - ok
20:09:32.0518 5692 [ 00A99DA54C14969A899ED316D16E9A9E ] C:\Windows\System32\efssvc.dll
20:09:32.0518 5692 C:\Windows\System32\efssvc.dll - ok
20:09:32.0534 5692 [ EFBC1DD333C99CA52A1371C74D4BA7A7 ] C:\Windows\System32\vssapi.dll
20:09:32.0534 5692 C:\Windows\System32\vssapi.dll - ok
20:09:32.0534 5692 [ 61933976CFB6F3F2A0E14A1DA704ADF6 ] C:\Windows\System32\efscore.dll
20:09:32.0534 5692 C:\Windows\System32\efscore.dll - ok
20:09:32.0534 5692 [ A2F17346CC5C502D4E29EF986BD17D34 ] C:\Windows\System32\PeerDistSh.dll
20:09:32.0534 5692 C:\Windows\System32\PeerDistSh.dll - ok
20:09:32.0549 5692 [ B940289C83121046BD6A60ACC6028593 ] C:\Windows\System32\vsstrace.dll
20:09:32.0549 5692 C:\Windows\System32\vsstrace.dll - ok
20:09:32.0549 5692 [ 359C3AC547AA1D24EED35BE3AB3759DC ] C:\Windows\System32\efsutil.dll
20:09:32.0549 5692 C:\Windows\System32\efsutil.dll - ok
20:09:32.0549 5692 [ FD46C2817564476BA758A8FBC856E470 ] C:\Windows\System32\enstart.exe
20:09:32.0549 5692 C:\Windows\System32\enstart.exe - ok
20:09:32.0565 5692 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\System32\wsock32.dll
20:09:32.0565 5692 C:\Windows\System32\wsock32.dll - ok
20:09:32.0581 5692 [ 79C7CFAEA6879A8C1A1E8B5FFE8983AA ] C:\Windows\System32\dbghelp.dll
20:09:32.0581 5692 C:\Windows\System32\dbghelp.dll - ok
20:09:32.0596 5692 [ CE56682AD05B2FD467203668CECE8599 ] C:\Program Files\Dell\SysMgt\dsia\bin\invcol\invCol.exe
20:09:32.0596 5692 C:\Program Files\Dell\SysMgt\dsia\bin\invcol\invCol.exe - ok
20:09:32.0596 5692 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] C:\Windows\System32\provsvc.dll
20:09:32.0596 5692 C:\Windows\System32\provsvc.dll - ok
20:09:32.0612 5692 [ D318F23BE45D5E3A107469EB64815B50 ] C:\Windows\System32\sstpsvc.dll
20:09:32.0612 5692 C:\Windows\System32\sstpsvc.dll - ok
20:09:32.0612 5692 [ E05670226FA4E67884541B8F5283F7F9 ] C:\Program Files\Dell\OpenManage\Client\Iap.exe
20:09:32.0612 5692 C:\Program Files\Dell\OpenManage\Client\Iap.exe - ok
20:09:32.0612 5692 [ A6154A954F08E99D27CEA4D3B9563172 ] C:\Windows\System32\newdev.dll
20:09:32.0612 5692 C:\Windows\System32\newdev.dll - ok
20:09:32.0627 5692 [ 0F988F60B4E0DA1BA90027F4BE9F734D ] C:\Windows\System32\QosServM.exe
20:09:32.0627 5692 C:\Windows\System32\QosServM.exe - ok
20:09:32.0627 5692 [ 5E56E7CF5E0BFED9001539EFDD7D7999 ] C:\Windows\System32\traffic.dll
20:09:32.0627 5692 C:\Windows\System32\traffic.dll - ok
20:09:32.0627 5692 [ FAC0EE6562B121B1399D6E855583F7A5 ] C:\Windows\System32\IKEEXT.DLL
20:09:32.0627 5692 C:\Windows\System32\IKEEXT.DLL - ok
20:09:32.0643 5692 [ AE6AF014B616F53BA762F0BCFD8F7F21 ] C:\Windows\System32\msi.dll
20:09:32.0643 5692 C:\Windows\System32\msi.dll - ok
20:09:32.0643 5692 [ F1278B3514EA6FA9BC39B20D26139AAC ] C:\Windows\System32\msiltcfg.dll
20:09:32.0643 5692 C:\Windows\System32\msiltcfg.dll - ok
20:09:32.0659 5692 [ EE0A38DED998B259635E9FD84DBF3BBF ] C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
20:09:32.0659 5692 C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe - ok
20:09:32.0659 5692 [ 2B5239FA845511C2EAD1D5AC88DFBFB1 ] C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_worker.dll
20:09:32.0659 5692 C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_worker.dll - ok
20:09:32.0659 5692 [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\System32\shfolder.dll
20:09:32.0659 5692 C:\Windows\System32\shfolder.dll - ok
20:09:32.0674 5692 [ E0381F9D0075B72310F2A02DFDA809C0 ] C:\Program Files\McAfee\VirusScan Enterprise\lockdown.dll
20:09:32.0674 5692 C:\Program Files\McAfee\VirusScan Enterprise\lockdown.dll - ok
20:09:32.0674 5692 [ A4851DC63BBC24B09B15BC1C9C6C155A ] C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_server.dll
20:09:32.0674 5692 C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_server.dll - ok
20:09:32.0674 5692 [ F78278EC7A4D5B1AA4C39C5411A6076E ] C:\Program Files\McAfee\VirusScan Enterprise\Res0900\mcshield.dll
20:09:32.0674 5692 C:\Program Files\McAfee\VirusScan Enterprise\Res0900\mcshield.dll - ok
20:09:32.0690 5692 [ B0590AE25C847A74A644F3D6E22A4BE1 ] C:\Windows\System32\gpscript.exe
20:09:32.0690 5692 C:\Windows\System32\gpscript.exe - ok
20:09:32.0690 5692 [ 5599C452ED3B4315B7A3C7142824A2EB ] C:\Program Files\McAfee\Common Framework\FrameworkService.exe
20:09:32.0690 5692 C:\Program Files\McAfee\Common Framework\FrameworkService.exe - ok
20:09:32.0690 5692 [ 32B4AABAB4433756CEE47F4330384D05 ] C:\Program Files\McAfee\Common Framework\nailog3.dll
20:09:32.0690 5692 C:\Program Files\McAfee\Common Framework\nailog3.dll - ok
20:09:32.0705 5692 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
20:09:32.0705 5692 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
20:09:32.0705 5692 [ 7F23A65AE5E1D62416FDFF5DE91E58C3 ] C:\Program Files\McAfee\Common Framework\naxml3_71.dll
20:09:32.0705 5692 C:\Program Files\McAfee\Common Framework\naxml3_71.dll - ok
20:09:32.0721 5692 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
20:09:32.0721 5692 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
20:09:32.0721 5692 [ FE32F74C45D295D863B737B1973151E0 ] C:\Program Files\McAfee\Common Framework\naCmnLib3_71.dll
20:09:32.0721 5692 C:\Program Files\McAfee\Common Framework\naCmnLib3_71.dll - ok
20:09:32.0721 5692 [ 29F0576B1247B8EAB22CA8911C976221 ] C:\Program Files\McAfee\Common Framework\AppLib.dll
20:09:32.0721 5692 C:\Program Files\McAfee\Common Framework\AppLib.dll - ok
20:09:32.0737 5692 [ CF8A29CEB25247F1A57BBE33C1E8B408 ] C:\Program Files\McAfee\Common Framework\rsamanager.dll
20:09:32.0737 5692 C:\Program Files\McAfee\Common Framework\rsamanager.dll - ok
20:09:32.0737 5692 [ E75E05B939A8F350E063F2E11992850C ] C:\Program Files\McAfee\Common Framework\cryptocme2.dll
20:09:32.0737 5692 C:\Program Files\McAfee\Common Framework\cryptocme2.dll - ok
20:09:32.0737 5692 [ B59226741551434E8B8A89A97FF339C4 ] C:\Program Files\McAfee\Common Framework\ccme_base.dll
20:09:32.0737 5692 C:\Program Files\McAfee\Common Framework\ccme_base.dll - ok
20:09:32.0752 5692 [ E40B2522568635AC5E6755289A59C82A ] C:\Program Files\McAfee\Common Framework\0409\AgentRes.Dll
20:09:32.0752 5692 C:\Program Files\McAfee\Common Framework\0409\AgentRes.Dll - ok
20:09:32.0752 5692 [ D049C7368481870121F9355DFCB237A8 ] C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
20:09:32.0752 5692 C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe - ok
20:09:32.0752 5692 [ 7E0AB74553476622FB6AE36F73D97D35 ] C:\Windows\System32\drivers\fastfat.sys
20:09:32.0752 5692 C:\Windows\System32\drivers\fastfat.sys - ok
20:09:32.0752 5692 [ 1BA793D844409FF507DEB98D83B38A15 ] C:\Program Files\McAfee\Endpoint Encryption for PC\SbAlgs\SbAlg.dll
20:09:32.0752 5692 C:\Program Files\McAfee\Endpoint Encryption for PC\SbAlgs\SbAlg.dll - ok
20:09:32.0768 5692 [ C2AA608892D084E97C19CEC07C4C26DC ] C:\Program Files\McAfee\VirusScan Enterprise\shutil.dll
20:09:32.0768 5692 C:\Program Files\McAfee\VirusScan Enterprise\shutil.dll - ok
20:09:32.0768 5692 [ 0109A1E05169124BF6CCF4A47D6783F6 ] C:\Program Files\McAfee\VirusScan Enterprise\condl.dll
20:09:32.0768 5692 C:\Program Files\McAfee\VirusScan Enterprise\condl.dll - ok
20:09:32.0768 5692 [ 042C3A5F4956B5F79E9F581DC613A4FA ] C:\Program Files\McAfee\VirusScan Enterprise\wmain.dll
20:09:32.0768 5692 C:\Program Files\McAfee\VirusScan Enterprise\wmain.dll - ok
20:09:32.0783 5692 [ 5C99F92B3C4CFCDF928258C2E838D000 ] C:\Windows\System32\lz32.dll
20:09:32.0783 5692 C:\Windows\System32\lz32.dll - ok
20:09:32.0783 5692 [ FE2546E790E2E38E404B136C8BD25B8B ] C:\Windows\System32\mfevtps.exe
20:09:32.0783 5692 C:\Windows\System32\mfevtps.exe - ok
20:09:32.0783 5692 [ 21B954261AE51CA9BA02D651DE929498 ] C:\Program Files\McAfee\Common Framework\Logging.dll
20:09:32.0783 5692 C:\Program Files\McAfee\Common Framework\Logging.dll - ok
20:09:32.0799 5692 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] C:\Windows\System32\netman.dll
20:09:32.0799 5692 C:\Windows\System32\netman.dll - ok
20:09:32.0799 5692 [ BE88419B52A9607D170E110838A09CBE ] C:\Program Files\McAfee\Common Framework\UserSpace.Dll
20:09:32.0799 5692 C:\Program Files\McAfee\Common Framework\UserSpace.Dll - ok
20:09:32.0799 5692 [ 9414767E849E51BD8CBB2C94512C0217 ] C:\Program Files\McAfee\Common Framework\SecureFrameworkFactory3.dll
20:09:32.0799 5692 C:\Program Files\McAfee\Common Framework\SecureFrameworkFactory3.dll - ok
20:09:32.0815 5692 [ 343FDDA635BD0E8F6B43021CE1BBEA3E ] C:\Program Files\McAfee\Common Framework\Management.dll
20:09:32.0815 5692 C:\Program Files\McAfee\Common Framework\Management.dll - ok
20:09:32.0815 5692 [ DC2A833082802B59500D4639ED7708F9 ] C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll
20:09:32.0815 5692 C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll - ok
20:09:32.0815 5692 [ 8BA5474E964237AAC3804BA7E42D8F69 ] C:\Program Files\McAfee\Common Framework\mfelpc.dll
20:09:32.0815 5692 C:\Program Files\McAfee\Common Framework\mfelpc.dll - ok
20:09:32.0830 5692 [ 192124B654515CB56AAB75B29F609120 ] C:\Program Files\McAfee\Common Framework\mfeCmnLib71.dll
20:09:32.0830 5692 C:\Program Files\McAfee\Common Framework\mfeCmnLib71.dll - ok
20:09:32.0830 5692 [ 45F0F12A11861CE0FB682B87A310FE41 ] C:\Windows\System32\QUTIL.DLL
20:09:32.0830 5692 C:\Windows\System32\QUTIL.DLL - ok
20:09:32.0830 5692 [ 2AC54AECA415E5327D602346326179E4 ] C:\Program Files\McAfee\Common Framework\naPolicyManager.dll
20:09:32.0830 5692 C:\Program Files\McAfee\Common Framework\naPolicyManager.dll - ok
20:09:32.0830 5692 [ 8485821A70FDFB662349590C4BCAEDFC ] C:\Program Files\1E\Agent\NightWatchman\NwmSvc.exe
20:09:32.0830 5692 C:\Program Files\1E\Agent\NightWatchman\NwmSvc.exe - ok
20:09:32.0846 5692 [ D757F59EED634C595727534B60E640B8 ] C:\Windows\System32\winhttp.dll
20:09:32.0846 5692 C:\Windows\System32\winhttp.dll - ok
20:09:32.0846 5692 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
20:09:32.0846 5692 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
20:09:32.0846 5692 [ A86A1C5DF1C662D1C75815BF4794F16D ] C:\Windows\System32\webio.dll
20:09:32.0846 5692 C:\Windows\System32\webio.dll - ok
20:09:32.0861 5692 [ 92B214B7E5436A3310A9138CE4A03D23 ] C:\Windows\System32\esent.dll
20:09:32.0861 5692 C:\Windows\System32\esent.dll - ok
20:09:32.0861 5692 [ B1E8B4E8DE73D7EC189FABECF00902E1 ] C:\Program Files\1E\NomadBranch\NomadBranch.exe
20:09:32.0861 5692 C:\Program Files\1E\NomadBranch\NomadBranch.exe - ok
20:09:32.0861 5692 [ 533631FE7DB9FF2A1D456A3D15A2DD46 ] C:\Windows\System32\icmp.dll
20:09:32.0861 5692 C:\Windows\System32\icmp.dll - ok
20:09:32.0861 5692 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\System32\mpr.dll
20:09:32.0861 5692 C:\Windows\System32\mpr.dll - ok
20:09:32.0877 5692 [ F986239C206FA572982A548AEBD79A71 ] C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
20:09:32.0877 5692 C:\Program Files\McAfee\Common Framework\naPrdMgr.exe - ok
20:09:32.0877 5692 [ 1544BB6A1D83B46EC88930C84E7FE9CA ] C:\Program Files\McAfee\Common Framework\UpdateSubSys.Dll
20:09:32.0877 5692 C:\Program Files\McAfee\Common Framework\UpdateSubSys.Dll - ok
20:09:32.0893 5692 [ DE59BE46D04F35988FD4507D16332CDC ] C:\Program Files\McAfee\Common Framework\updater.Dll
20:09:32.0893 5692 C:\Program Files\McAfee\Common Framework\updater.Dll - ok
20:09:32.0893 5692 [ DD9C1F967995A081DBB157A91493654F ] C:\Program Files\McAfee\Common Framework\ipcchannel.dll
20:09:32.0893 5692 C:\Program Files\McAfee\Common Framework\ipcchannel.dll - ok
20:09:32.0893 5692 [ 947209B060A1158E7E17C4CF0A61F56B ] C:\Program Files\McAfee\Common Framework\Nainet.dll
20:09:32.0893 5692 C:\Program Files\McAfee\Common Framework\Nainet.dll - ok
20:09:32.0893 5692 [ 0ED25E9DBD823375F97156F9AFE4007D ] C:\Program Files\McAfee\Common Framework\mfecurl.dll
20:09:32.0893 5692 C:\Program Files\McAfee\Common Framework\mfecurl.dll - ok
20:09:32.0908 5692 [ CFE65717C005F47D08C119628EF7AE85 ] C:\Program Files\McAfee\Common Framework\mfezlib.dll
20:09:32.0908 5692 C:\Program Files\McAfee\Common Framework\mfezlib.dll - ok
20:09:32.0908 5692 [ AB6B560F82DC8802E7ADC94C7EE499DF ] C:\Program Files\McAfee\Common Framework\Scheduler.dll
20:09:32.0908 5692 C:\Program Files\McAfee\Common Framework\Scheduler.dll - ok
20:09:32.0908 5692 [ 48759BCC3C964E5602DDC4D799DCB739 ] C:\Program Files\McAfee\Common Framework\AgentPlugin.dll
20:09:32.0908 5692 C:\Program Files\McAfee\Common Framework\AgentPlugin.dll - ok
20:09:32.0924 5692 [ 2B69B464470EDE0C43D3E62CB91EC6E8 ] C:\Program Files\McAfee\VirusScan Enterprise\vsplugin.dll
20:09:32.0924 5692 C:\Program Files\McAfee\VirusScan Enterprise\vsplugin.dll - ok
20:09:32.0924 5692 [ 3F2DEAFC463D75611CB9C5E36A8CCF15 ] C:\Windows\System32\ncsi.dll
20:09:32.0924 5692 C:\Windows\System32\ncsi.dll - ok
20:09:32.0924 5692 [ 2226496E34BD40734946A054B1CD657F ] C:\Windows\System32\nlasvc.dll
20:09:32.0924 5692 C:\Windows\System32\nlasvc.dll - ok
20:09:32.0924 5692 [ 99BD4B9B15A823A6C46B561329178122 ] C:\Windows\System32\QAGENT.DLL
20:09:32.0924 5692 C:\Windows\System32\QAGENT.DLL - ok
20:09:32.0939 5692 [ 28E2231BD34A39C854BDF3923AB2FF86 ] C:\Windows\System32\ssdpapi.dll
20:09:32.0939 5692 C:\Windows\System32\ssdpapi.dll - ok
20:09:32.0939 5692 [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\System32\netprofm.dll
20:09:32.0939 5692 C:\Windows\System32\netprofm.dll - ok
20:09:32.0939 5692 [ 5242F0AB85D48F18C33783C86879DC19 ] C:\Windows\System32\wscapi.dll
20:09:32.0939 5692 C:\Windows\System32\wscapi.dll - ok
20:09:32.0955 5692 [ 2765B91A9EE086C20B451E80D2709CC9 ] C:\Windows\System32\DHCPQEC.DLL
20:09:32.0955 5692 C:\Windows\System32\DHCPQEC.DLL - ok
20:09:32.0955 5692 [ 9FA14FFC9150B48C5D582DCF6A79D6F2 ] C:\Windows\System32\EAPQEC.DLL
20:09:32.0955 5692 C:\Windows\System32\EAPQEC.DLL - ok
20:09:32.0955 5692 [ 929759E0775E6D00B4B2F4A08042439F ] C:\Windows\System32\napipsec.dll
20:09:32.0955 5692 C:\Windows\System32\napipsec.dll - ok
20:09:32.0971 5692 [ EEEED2431A88E4C36B0A771137BE1086 ] C:\Windows\System32\tsgqec.dll
20:09:32.0971 5692 C:\Windows\System32\tsgqec.dll - ok
20:09:32.0971 5692 [ 9E0104BA49F4E6973749A02BF41344ED ] C:\Windows\System32\drivers\PEAuth.sys
20:09:32.0971 5692 C:\Windows\System32\drivers\PEAuth.sys - ok
20:09:32.0986 5692 [ 90A3935D05B494A5A39D37E71F09A677 ] C:\Windows\System32\drivers\secdrv.sys
20:09:32.0986 5692 C:\Windows\System32\drivers\secdrv.sys - ok
20:09:32.0986 5692 [ ED793426EE1511AD21DB2DBF9DEDBF7B ] C:\Windows\System32\drivers\Sftfswin7.sys
20:09:32.0986 5692 C:\Windows\System32\drivers\Sftfswin7.sys - ok
20:09:32.0986 5692 [ CB9A8683F4EF2BF99E123D79950D7935 ] C:\Windows\System32\regsvc.dll
20:09:32.0986 5692 C:\Windows\System32\regsvc.dll - ok
20:09:33.0002 5692 [ 96F3F676B4D0DF4DA9C4081358C4662F ] C:\Windows\System32\wbemcomn.dll
20:09:33.0002 5692 C:\Windows\System32\wbemcomn.dll - ok
20:09:33.0017 5692 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\System32\wbem\wbemprox.dll
20:09:33.0017 5692 C:\Windows\System32\wbem\wbemprox.dll - ok
20:09:33.0033 5692 [ A59B3A4442C52060CC7A85293AA3546F ] C:\Windows\System32\seclogon.dll
20:09:33.0033 5692 C:\Windows\System32\seclogon.dll - ok
20:09:33.0033 5692 [ C374CD4E26307305E225C27A952015A0 ] C:\Program Files\McAfee\Common Framework\Agent.dll
20:09:33.0033 5692 C:\Program Files\McAfee\Common Framework\Agent.dll - ok
20:09:33.0049 5692 [ 116F7BCED3F38EC2ECC12964BBE6F36B ] C:\Program Files\McAfee\Common Framework\CMALib.dll
20:09:33.0049 5692 C:\Program Files\McAfee\Common Framework\CMALib.dll - ok
20:09:33.0049 5692 [ 54FC7041CC378DB4B39DE2B7B1C58A9A ] C:\Program Files\McAfee\Common Framework\inetmgr.dll
20:09:33.0049 5692 C:\Program Files\McAfee\Common Framework\inetmgr.dll - ok
20:09:33.0049 5692 [ ECE60AAD81138548903FB4A4EB14A1AB ] C:\Windows\System32\drivers\Sftplaywin7.sys
20:09:33.0049 5692 C:\Windows\System32\drivers\Sftplaywin7.sys - ok
20:09:33.0049 5692 [ D6CB9D224778EBA53016BA83E9F063BE ] C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
20:09:33.0064 5692 C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe - ok
20:09:33.0064 5692 [ FF207D67700AA18242AAF985D3E7D8F4 ] C:\Windows\System32\drivers\srvnet.sys
20:09:33.0064 5692 C:\Windows\System32\drivers\srvnet.sys - ok
20:09:33.0064 5692 [ E64444523ADD154F86567C469BC0B17F ] C:\Windows\System32\drivers\tcpipreg.sys
20:09:33.0064 5692 C:\Windows\System32\drivers\tcpipreg.sys - ok
20:09:33.0080 5692 [ 04105C8DA62353589C29BDAEB8D88BD8 ] C:\Windows\System32\sysmain.dll
20:09:33.0080 5692 C:\Windows\System32\sysmain.dll - ok
20:09:33.0080 5692 [ A22825E7BB7018E8AF3E229A5AF17221 ] C:\Windows\System32\wiaservc.dll
20:09:33.0080 5692 C:\Windows\System32\wiaservc.dll - ok
20:09:33.0095 5692 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] C:\Windows\System32\tapisrv.dll
20:09:33.0095 5692 C:\Windows\System32\tapisrv.dll - ok
20:09:33.0095 5692 [ B087F2B901570F6EF62F6C2E01A480F3 ] C:\Windows\System32\wiatrace.dll
20:09:33.0095 5692 C:\Windows\System32\wiatrace.dll - ok
20:09:33.0095 5692 [ 6C8AAD222607E0A2D8EFBEB3EF419B32 ] C:\Program Files\1E\Agent\WakeUp\WakeUpAgt.exe
20:09:33.0095 5692 C:\Program Files\1E\Agent\WakeUp\WakeUpAgt.exe - ok
20:09:33.0111 5692 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] C:\Windows\System32\trkwks.dll
20:09:33.0111 5692 C:\Windows\System32\trkwks.dll - ok
20:09:33.0111 5692 [ E36380699DE374A52F7CF0BB2A09DC05 ] C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
20:09:33.0111 5692 C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe - ok
20:09:33.0127 5692 [ F62E510B6AD4C21EB9FE8668ED251826 ] C:\Windows\System32\wbem\WMIsvc.dll
20:09:33.0127 5692 C:\Windows\System32\wbem\WMIsvc.dll - ok
20:09:33.0127 5692 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] C:\Program Files\Windows Defender\MpSvc.dll
20:09:33.0127 5692 C:\Program Files\Windows Defender\MpSvc.dll - ok
20:09:33.0127 5692 [ 881D9F2D6E04E1C323050CF1574870F7 ] C:\Windows\System32\wbem\WinMgmtR.dll
20:09:33.0127 5692 C:\Windows\System32\wbem\WinMgmtR.dll - ok
20:09:33.0142 5692 [ 0E7441BE4D8C31C7F94D4E09AF8339C8 ] C:\Windows\System32\wbem\WmiDcPrv.dll
20:09:33.0142 5692 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
20:09:33.0142 5692 [ 93E35A407636208DCCC71EA9D4DC30D0 ] C:\Program Files\McAfee\VirusScan Enterprise\mytilus3.dll
20:09:33.0142 5692 C:\Program Files\McAfee\VirusScan Enterprise\mytilus3.dll - ok
20:09:33.0142 5692 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\System32\ntdsapi.dll
20:09:33.0142 5692 C:\Windows\System32\ntdsapi.dll - ok
20:09:33.0142 5692 [ 1CEDFE91F527858CACA1B08B04666BC0 ] C:\Windows\System32\wbem\fastprox.dll
20:09:33.0142 5692 C:\Windows\System32\wbem\fastprox.dll - ok
20:09:33.0158 5692 [ 801211DCFD6414FFA48BCA661A76C6FA ] C:\Windows\System32\wbem\wbemcore.dll
20:09:33.0158 5692 C:\Windows\System32\wbem\wbemcore.dll - ok
20:09:33.0158 5692 [ E3953351B236EFE2027A3CF4BFC17DDE ] C:\Program Files\McAfee\VirusScan Enterprise\ftl.dll
20:09:33.0158 5692 C:\Program Files\McAfee\VirusScan Enterprise\ftl.dll - ok
20:09:33.0173 5692 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\System32\sfc.dll
20:09:33.0173 5692 C:\Windows\System32\sfc.dll - ok
20:09:33.0173 5692 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\System32\sfc_os.dll
20:09:33.0173 5692 C:\Windows\System32\sfc_os.dll - ok
20:09:33.0173 5692 [ 20308CF0675AD7CE5AAA6712DB823216 ] C:\Program Files\Windows Defender\MpClient.dll
20:09:33.0173 5692 C:\Program Files\Windows Defender\MpClient.dll - ok
20:09:33.0173 5692 [ 9078B389560DF47E71D4B3FEB68465D1 ] C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
20:09:33.0173 5692 C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe - ok
20:09:33.0189 5692 [ C288000FB16D84016FE374DE742E6A77 ] C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
20:09:33.0189 5692 C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe - ok
20:09:33.0189 5692 [ E0896EC4B12EA977A7C81D1A8DAB6667 ] C:\Windows\System32\conhost.exe
20:09:33.0189 5692 C:\Windows\System32\conhost.exe - ok
20:09:33.0189 5692 [ 5AE88135C6A86FCD67BA16AFBB1C8389 ] C:\Windows\System32\wbem\esscli.dll
20:09:33.0189 5692 C:\Windows\System32\wbem\esscli.dll - ok
20:09:33.0205 5692 [ 371E3B05894549113D07CD3081ED55EF ] C:\Windows\System32\wbem\repdrvfs.dll
20:09:33.0205 5692 C:\Windows\System32\wbem\repdrvfs.dll - ok
20:09:33.0205 5692 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\System32\wbem\wbemsvc.dll
20:09:33.0205 5692 C:\Windows\System32\wbem\wbemsvc.dll - ok
20:09:33.0205 5692 [ 5610B0425518D185331CB8E968D060E6 ] C:\Windows\System32\wbem\wmiutils.dll
20:09:33.0205 5692 C:\Windows\System32\wbem\wmiutils.dll - ok
20:09:33.0220 5692 [ D269696F4C8C6BC40DE5C88733AA9656 ] C:\Program Files\Microsoft Application Virtualization Client\sftsync.dll
20:09:33.0220 5692 C:\Program Files\Microsoft Application Virtualization Client\sftsync.dll - ok
20:09:33.0220 5692 [ 56880946C4FD09124AE9A542BCC6C0D9 ] C:\Program Files\Microsoft Application Virtualization Client\sftuser.dll
20:09:33.0220 5692 C:\Program Files\Microsoft Application Virtualization Client\sftuser.dll - ok
20:09:33.0236 5692 [ 028972FD9339C3662527EFBFF81E9D62 ] C:\Program Files\Microsoft Application Virtualization Client\sftcore.dll
20:09:33.0236 5692 C:\Program Files\Microsoft Application Virtualization Client\sftcore.dll - ok
20:09:33.0236 5692 [ F36BE7392499A9B81B1D38AFDF04C440 ] C:\Program Files\McAfee\VirusScan Enterprise\naiann.dll
20:09:33.0236 5692 C:\Program Files\McAfee\VirusScan Enterprise\naiann.dll - ok
20:09:33.0236 5692 [ 827C240D0513204D806E978A3BA3BC36 ] C:\Program Files\McAfee\VirusScan Enterprise\vsevntui.dll
20:09:33.0236 5692 C:\Program Files\McAfee\VirusScan Enterprise\vsevntui.dll - ok
20:09:33.0251 5692 [ 181649891F37E38159490D0634A72E05 ] C:\Program Files\McAfee\VirusScan Enterprise\naevent.dll
20:09:33.0251 5692 C:\Program Files\McAfee\VirusScan Enterprise\naevent.dll - ok
20:09:33.0251 5692 [ 8E33E2B24306C5249154322BC99493F5 ] C:\Windows\System32\httpapi.dll
20:09:33.0251 5692 C:\Windows\System32\httpapi.dll - ok
20:09:33.0251 5692 [ A43390B63CFCC005A28B9F7D7D35C71C ] C:\Program Files\McAfee\Common Framework\Genevtinf3.dll
20:09:33.0251 5692 C:\Program Files\McAfee\Common Framework\Genevtinf3.dll - ok
20:09:33.0267 5692 [ ED9652E61BCB19101B499E1A7472D12A ] C:\Program Files\McAfee\Common Framework\naSPIPE.dll
20:09:33.0267 5692 C:\Program Files\McAfee\Common Framework\naSPIPE.dll - ok
20:09:33.0267 5692 [ AE1A21A901C18F6A66C6A1BA13EEAC20 ] C:\Program Files\McAfee\Common Framework\ListenServer.dll
20:09:33.0283 5692 C:\Program Files\McAfee\Common Framework\ListenServer.dll - ok
20:09:33.0283 5692 [ 1957C5C463BCDC21F374523FD32A3115 ] C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll
20:09:33.0283 5692 C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll - ok
20:09:33.0298 5692 [ B8F4A6990A6295159792B4AD189D460D ] C:\Windows\System32\wbem\WmiPrvSD.dll
20:09:33.0298 5692 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
20:09:33.0314 5692 [ A4CC7227A452C4909F9499D91B184364 ] C:\Windows\System32\ncobjapi.dll
20:09:33.0314 5692 C:\Windows\System32\ncobjapi.dll - ok
20:09:33.0314 5692 [ B350509B6C9296529BC464C60FEEAEF1 ] C:\Windows\System32\wbem\wbemess.dll
20:09:33.0314 5692 C:\Windows\System32\wbem\wbemess.dll - ok
20:09:33.0314 5692 [ 1546EA5D6D05A6321B59338F80FA679A ] C:\Windows\CCM\UIResource.dll
20:09:33.0314 5692 C:\Windows\CCM\UIResource.dll - ok
20:09:33.0329 5692 [ 203C3380A744CA5B9B1A9CAEB57F7D57 ] C:\Windows\System32\wbem\WmiPrvSE.exe
20:09:33.0329 5692 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
20:09:33.0329 5692 [ E530A15E1DC33EF3D84322586284DA2E ] C:\Windows\System32\wbem\cimwin32.dll
20:09:33.0329 5692 C:\Windows\System32\wbem\cimwin32.dll - ok
20:09:33.0329 5692 [ 173ACF6C35627AF10D8A449AB8D61C0E ] C:\Windows\System32\framedynos.dll
20:09:33.0329 5692 C:\Windows\System32\framedynos.dll - ok
20:09:33.0345 5692 [ A81AF063D965A321D577AE3C24ADA449 ] C:\Windows\System32\browcli.dll
20:09:33.0345 5692 C:\Windows\System32\browcli.dll - ok
20:09:33.0345 5692 [ 7F87FEBFBCEE844A080A76C83A1B013F ] C:\Windows\System32\schedcli.dll
20:09:33.0345 5692 C:\Windows\System32\schedcli.dll - ok
20:09:33.0345 5692 [ AFF03EAADAB9BE41A98B76332B980283 ] C:\Windows\System32\wmi.dll
20:09:33.0392 5692 C:\Windows\System32\wmi.dll - ok
20:09:33.0407 5692 [ AF7E03A851EE910985C27E7735B48A47 ] C:\Program Files\Microsoft Application Virtualization Client\sftpsr.dll
20:09:33.0407 5692 C:\Program Files\Microsoft Application Virtualization Client\sftpsr.dll - ok
20:09:33.0407 5692 [ 2A8816D2F277AE845E9FA4B099514D57 ] C:\Program Files\Microsoft Application Virtualization Client\sftfsi.dll
20:09:33.0407 5692 C:\Program Files\Microsoft Application Virtualization Client\sftfsi.dll - ok
20:09:33.0407 5692 [ 089B5F924E96BA9C40E4E4522BF43770 ] C:\Program Files\Windows Defender\MpRTP.dll
20:09:33.0407 5692 C:\Program Files\Windows Defender\MpRTP.dll - ok
20:09:33.0423 5692 [ 56B4DCF3024DADED7CB268C3B6FD7455 ] C:\Program Files\McAfee\VirusScan Enterprise\midutil.dll
20:09:33.0423 5692 C:\Program Files\McAfee\VirusScan Enterprise\midutil.dll - ok
20:09:33.0423 5692 [ 8D47D01378347889A662D54037A988CC ] C:\Windows\System32\tdh.dll
20:09:33.0423 5692 C:\Windows\System32\tdh.dll - ok
20:09:33.0439 5692 [ 3826B73F7B8B77737CD2498DE76C4B82 ] C:\Program Files\McAfee\VirusScan Enterprise\nailite.dll
20:09:33.0439 5692 C:\Program Files\McAfee\VirusScan Enterprise\nailite.dll - ok
20:09:33.0439 5692 [ DAF645D6FC9066DA8EFB4460F13002DB ] C:\Program Files\McAfee\VirusScan Enterprise\wscavexe.exe
20:09:33.0439 5692 C:\Program Files\McAfee\VirusScan Enterprise\wscavexe.exe - ok
20:09:33.0439 5692 [ 8258362DDB18B644A82D8B5061AD9426 ] C:\Windows\System32\wscisvif.dll
20:09:33.0439 5692 C:\Windows\System32\wscisvif.dll - ok
20:09:33.0439 5692 [ 7DF186D86CF8C571A12AAB788C777F84 ] C:\Windows\System32\wscproxystub.dll
20:09:33.0439 5692 C:\Windows\System32\wscproxystub.dll - ok
20:09:33.0454 5692 [ 11F06C27DAD83CD5E907D664CA591805 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E15E64A4-9F14-4721-8D4E-FA1823816EAF}\mpengine.dll
20:09:33.0454 5692 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E15E64A4-9F14-4721-8D4E-FA1823816EAF}\mpengine.dll - ok
20:09:33.0454 5692 [ B144A2223EF11ED42310124A7839258E ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E15E64A4-9F14-4721-8D4E-FA1823816EAF}\mpasbase.vdm
20:09:33.0454 5692 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E15E64A4-9F14-4721-8D4E-FA1823816EAF}\mpasbase.vdm - ok
20:09:33.0454 5692 [ 30054A6594BB463C82D6F64E95F6F706 ] C:\Program Files\1E\Agent\NightWatchman\NwmCli.exe
20:09:33.0454 5692 C:\Program Files\1E\Agent\NightWatchman\NwmCli.exe - ok
20:09:33.0470 5692 [ 1364A348CA79DA8472208F8D85704577 ] C:\Program Files\1E\Agent\NightWatchman\NightWatchman.exe
20:09:33.0470 5692 C:\Program Files\1E\Agent\NightWatchman\NightWatchman.exe - ok
20:09:33.0470 5692 [ 045640910EF65B3386AAD9D1EEF004F0 ] C:\Program Files\1E\Agent\NightWatchman\NwmItfPS.dll
20:09:33.0470 5692 C:\Program Files\1E\Agent\NightWatchman\NwmItfPS.dll - ok
20:09:33.0485 5692 [ 7C2B111CDEB0AE6AD4C54DE174E7B512 ] C:\Program Files\1E\Agent\NightWatchman\NWMScriptHelper.ocx
20:09:33.0485 5692 C:\Program Files\1E\Agent\NightWatchman\NWMScriptHelper.ocx - ok
20:09:33.0485 5692 [ D60347E3664F0813DCFDAFBE5ECBC18C ] C:\Program Files\1E\Agent\NightWatchman\NWMSysDialog.exe
20:09:33.0485 5692 C:\Program Files\1E\Agent\NightWatchman\NWMSysDialog.exe - ok
20:09:33.0485 5692 [ 026F7DD76016EAA30169D06766522ED9 ] C:\Program Files\McAfee\VirusScan Enterprise\emcfgcpl.dll
20:09:33.0485 5692 C:\Program Files\McAfee\VirusScan Enterprise\emcfgcpl.dll - ok
20:09:33.0501 5692 [ 5012C37BAD5A2DA224B735E6F289AEA4 ] C:\Program Files\McAfee\VirusScan Enterprise\mcupdate.exe
20:09:33.0501 5692 C:\Program Files\McAfee\VirusScan Enterprise\mcupdate.exe - ok
20:09:33.0501 5692 [ 4AA2656EF6E4D008BA135F76234329DF ] C:\Program Files\McAfee\VirusScan Enterprise\ncdaemon.exe
20:09:33.0501 5692 C:\Program Files\McAfee\VirusScan Enterprise\ncdaemon.exe - ok
20:09:33.0501 5692 [ 810D563742090C467FA0D13D06A1E62D ] C:\Program Files\1E\Agent\NightWatchman\NwmCMgr.dll
20:09:33.0501 5692 C:\Program Files\1E\Agent\NightWatchman\NwmCMgr.dll - ok
20:09:33.0517 5692 [ 8118EF13E1A07D9296626F43F74945CB ] C:\Program Files\McAfee\VirusScan Enterprise\ncextmgr.dll
20:09:33.0517 5692 C:\Program Files\McAfee\VirusScan Enterprise\ncextmgr.dll - ok
20:09:33.0517 5692 [ 3B9296E1D0266340B1212C554DCEA1C1 ] C:\Program Files\McAfee\VirusScan Enterprise\ncinstall.exe
20:09:33.0517 5692 C:\Program Files\McAfee\VirusScan Enterprise\ncinstall.exe - ok
20:09:33.0517 5692 [ 58A14C45A5CD2528F10A889E7B0C3FC2 ] C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll
20:09:33.0517 5692 C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll - ok
20:09:33.0532 5692 [ A2F314312CEBA79593F70C65DE9CD533 ] C:\Program Files\McAfee\VirusScan Enterprise\ncmenu.dll
20:09:33.0532 5692 C:\Program Files\McAfee\VirusScan Enterprise\ncmenu.dll - ok
20:09:33.0532 5692 [ B0A4DAE09AEECF0402CB586E796937A1 ] C:\Program Files\1E\Agent\NightWatchman\NwmMWColl.dll
20:09:33.0532 5692 C:\Program Files\1E\Agent\NightWatchman\NwmMWColl.dll - ok
20:09:33.0532 5692 [ A52347F591541C9C2C4C224F6B8A6177 ] C:\Program Files\McAfee\VirusScan Enterprise\ncscan.dll
20:09:33.0532 5692 C:\Program Files\McAfee\VirusScan Enterprise\ncscan.dll - ok
20:09:33.0548 5692 [ FDD7A06659870DA507E45096BFF4FC33 ] C:\Program Files\1E\Agent\NightWatchman\NwmSleepless.dll
20:09:33.0548 5692 C:\Program Files\1E\Agent\NightWatchman\NwmSleepless.dll - ok
20:09:33.0548 5692 [ 93F1D409D2454D67CE99A0DB859A7193 ] C:\Windows\System32\activeds.dll
20:09:33.0548 5692 C:\Windows\System32\activeds.dll - ok
20:09:33.0563 5692 [ FA11D4CD45DAA8BCA1FAC209BD0B88B0 ] C:\Program Files\McAfee\VirusScan Enterprise\nctrace.dll
20:09:33.0563 5692 C:\Program Files\McAfee\VirusScan Enterprise\nctrace.dll - ok
20:09:33.0563 5692 [ 51F5CC1E7DA3D9C664C2D0D61F315E06 ] C:\Windows\System32\adsldpc.dll
20:09:33.0563 5692 C:\Windows\System32\adsldpc.dll - ok
20:09:33.0579 5692 [ 9D0E1BE88AA7F9D2B1E75CE06341DB66 ] C:\Program Files\McAfee\VirusScan Enterprise\shcfg32.exe
20:09:33.0579 5692 C:\Program Files\McAfee\VirusScan Enterprise\shcfg32.exe - ok
20:09:33.0579 5692 [ D11E627EC5BD25B510FF36F31DAB34F3 ] C:\Program Files\McAfee\VirusScan Enterprise\vsupdate.dll
20:09:33.0579 5692 C:\Program Files\McAfee\VirusScan Enterprise\vsupdate.dll - ok
20:09:33.0579 5692 [ 7AA7EB5A4767FE9519838DDFA0E428A6 ] C:\Program Files\McAfee\VirusScan Enterprise\mcavdetect.dll
20:09:33.0579 5692 C:\Program Files\McAfee\VirusScan Enterprise\mcavdetect.dll - ok
20:09:33.0595 5692 [ E0E20A6D1200FB676F7566338F230016 ] C:\Program Files\McAfee\VirusScan Enterprise\restartvse.exe
20:09:33.0595 5692 C:\Program Files\McAfee\VirusScan Enterprise\restartvse.exe - ok
20:09:33.0595 5692 [ 8162EEF786525878523819FA457A772F ] C:\Program Files\McAfee\VirusScan Enterprise\scncfg32.exe
20:09:33.0595 5692 C:\Program Files\McAfee\VirusScan Enterprise\scncfg32.exe - ok
20:09:33.0595 5692 [ 061610382636D71C2BD8DDB4C31E5DA0 ] C:\Program Files\McAfee\VirusScan Enterprise\vsupdcpl.dll
20:09:33.0595 5692 C:\Program Files\McAfee\VirusScan Enterprise\vsupdcpl.dll - ok
20:09:33.0610 5692 [ 0EFC9482CD667D62BAB9A4D536EADFEE ] C:\Program Files\McAfee\VirusScan Enterprise\vsodscpl.dll
20:09:33.0610 5692 C:\Program Files\McAfee\VirusScan Enterprise\vsodscpl.dll - ok
20:09:33.0610 5692 [ 8C39A379CD45D9303BF5EC742C85EB52 ] C:\Program Files\McAfee\VirusScan Enterprise\shstat.dll
20:09:33.0610 5692 C:\Program Files\McAfee\VirusScan Enterprise\shstat.dll - ok
20:09:33.0610 5692 [ E027F3281F486184B81438A2DF621C96 ] C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
20:09:33.0610 5692 C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe - ok
20:09:33.0626 5692 [ CCF0EE8EB93899FCA7F1D33AD8F11E16 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E15E64A4-9F14-4721-8D4E-FA1823816EAF}\mpasdlta.vdm
20:09:33.0626 5692 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E15E64A4-9F14-4721-8D4E-FA1823816EAF}\mpasdlta.vdm - ok
20:09:33.0626 5692 [ 979FC38C829E695695CD9FBE22ADFBB2 ] C:\Windows\System32\ccmcore.dll
20:09:33.0626 5692 C:\Windows\System32\ccmcore.dll - ok
20:09:33.0626 5692 [ F31A29314479E888E9302E8505F1883D ] C:\Windows\CCM\ccmutillib.dll
20:09:33.0626 5692 C:\Windows\CCM\ccmutillib.dll - ok
20:09:33.0641 5692 [ AA60A58FB4A6404495B474CB514F1F10 ] C:\Windows\System32\framedyn.dll
20:09:33.0641 5692 C:\Windows\System32\framedyn.dll - ok
20:09:33.0641 5692 [ 46A6BA9274D075A2C30025C4E96D875A ] C:\Windows\System32\msvcp60.dll
20:09:33.0641 5692 C:\Windows\System32\msvcp60.dll - ok
20:09:33.0641 5692 [ D9D9B2890B7333C33ACE6152968DA651 ] C:\Windows\CCM\uiresource_ps.dll
20:09:33.0641 5692 C:\Windows\CCM\uiresource_ps.dll - ok
20:09:33.0657 5692 [ 370E6FB6F6FF1B3DAC7F1182AC493BB6 ] C:\Windows\System32\oleres.dll
20:09:33.0657 5692 C:\Windows\System32\oleres.dll - ok
20:09:33.0657 5692 [ 009789A811309C32E8A36ACE17DC396B ] C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientHelper.exe
20:09:33.0657 5692 C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientHelper.exe - ok
20:09:33.0657 5692 [ AFB408275E9EB359413DA9CD776864E4 ] C:\Program Files\McAfee\Endpoint Encryption for PC\SbUiLib.dll
20:09:33.0657 5692 C:\Program Files\McAfee\Endpoint Encryption for PC\SbUiLib.dll - ok
20:09:33.0673 5692 [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\System32\oledlg.dll
20:09:33.0673 5692 C:\Windows\System32\oledlg.dll - ok
20:09:33.0673 5692 [ C10459DBDC2099C5A8428CB7D87DB85F ] C:\Windows\System32\olepro32.dll
20:09:33.0673 5692 C:\Windows\System32\olepro32.dll - ok
20:09:33.0673 5692 [ 3CA5D661E6C5DDE5574D02F324C32E53 ] C:\Program Files\Windows Defender\MsMpLics.dll
20:09:33.0673 5692 C:\Program Files\Windows Defender\MsMpLics.dll - ok
20:09:33.0688 5692 [ ADD9D33D685DFADDFAD5AFB42CF31A70 ] C:\Windows\System32\cscapi.dll
20:09:33.0688 5692 C:\Windows\System32\cscapi.dll - ok
20:09:33.0688 5692 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\System32\SensApi.dll
20:09:33.0688 5692 C:\Windows\System32\SensApi.dll - ok
20:09:33.0688 5692 [ 14FEA03CAF39FA6BE1DF2461EC8F8AB3 ] C:\Program Files\Microsoft Application Virtualization Client\sftcomp.dll
20:09:33.0688 5692 C:\Program Files\Microsoft Application Virtualization Client\sftcomp.dll - ok
20:09:33.0688 5692 [ 414BB592CAD8A79649D01F9D94318FB3 ] C:\Windows\System32\drivers\srv2.sys
20:09:33.0688 5692 C:\Windows\System32\drivers\srv2.sys - ok
20:09:33.0704 5692 [ 6AB8AEA58345D9DB70EEF51ECC861BD1 ] C:\Windows\CCM\CcmExec.exe
20:09:33.0704 5692 C:\Windows\CCM\CcmExec.exe - ok
20:09:33.0704 5692 [ CB42D891229F181D79D7197734AEEB71 ] C:\Windows\CCM\ccmgencert.dll
20:09:33.0704 5692 C:\Windows\CCM\ccmgencert.dll - ok
20:09:33.0704 5692 [ E21CF481F884F2495F12AD6689DFE789 ] C:\Windows\CCM\smscore.dll
20:09:33.0704 5692 C:\Windows\CCM\smscore.dll - ok
20:09:33.0719 5692 [ 22EF60A036C1043F2AD7D8AA6D4CE63D ] C:\Windows\CCM\ccmid.dll
20:09:33.0719 5692 C:\Windows\CCM\ccmid.dll - ok
20:09:33.0719 5692 [ ABB7FF5DF6E64115FF6BB54FC43A9A1F ] C:\Windows\CCM\LSUtilities.dll
20:09:33.0719 5692 C:\Windows\CCM\LSUtilities.dll - ok
20:09:33.0719 5692 [ DC60DC596FE088ED94684A040B675952 ] C:\Windows\CCM\fsputillib.dll
20:09:33.0719 5692 C:\Windows\CCM\fsputillib.dll - ok
20:09:33.0735 5692 [ 4EAFCEA21AF014AD1032FDD1BE213F20 ] C:\Windows\CCM\ccmperf.dll
20:09:33.0735 5692 C:\Windows\CCM\ccmperf.dll - ok
20:09:33.0735 5692 [ 22FB38B64760B8DDDB71035051462BA2 ] C:\Windows\CCM\CcmTask.dll
20:09:33.0735 5692 C:\Windows\CCM\CcmTask.dll - ok
20:09:33.0735 5692 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] C:\Windows\System32\drivers\srv.sys
20:09:33.0735 5692 C:\Windows\System32\drivers\srv.sys - ok
20:09:33.0735 5692 [ 477397B432A256A50EE7E4339EB9EA14 ] C:\Windows\System32\iphlpsvc.dll
20:09:33.0735 5692 C:\Windows\System32\iphlpsvc.dll - ok
20:09:33.0751 5692 [ 6AC23D88F560593F5138F54C751A9979 ] C:\Windows\System32\sqmapi.dll
20:09:33.0751 5692 C:\Windows\System32\sqmapi.dll - ok
20:09:33.0751 5692 [ 36F0BAA49BD0EBB5E8DBDED3EC75806C ] C:\Windows\System32\wdscore.dll
20:09:33.0751 5692 C:\Windows\System32\wdscore.dll - ok
20:09:33.0751 5692 [ FCF52E693FB97DE8CC0600C2899DB5EF ] C:\Windows\CCM\PolicyAgent.dll
20:09:33.0751 5692 C:\Windows\CCM\PolicyAgent.dll - ok
20:09:33.0751 5692 [ A0E691DC6589D4D2CBE373171D1A49E5 ] C:\Windows\System32\browser.dll
20:09:33.0751 5692 C:\Windows\System32\browser.dll - ok
20:09:33.0766 5692 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] C:\Windows\System32\rasmans.dll
20:09:33.0766 5692 C:\Windows\System32\rasmans.dll - ok
20:09:33.0766 5692 [ BCA92CB047A4326925ECEF759DBAA233 ] C:\Windows\System32\srvsvc.dll
20:09:33.0766 5692 C:\Windows\System32\srvsvc.dll - ok
20:09:33.0766 5692 [ B5C452BAF3A3914EF87628252EA12FEB ] C:\Windows\System32\rastapi.dll
20:09:33.0766 5692 C:\Windows\System32\rastapi.dll - ok
20:09:33.0782 5692 [ BA32509D9B340162327B341013DE6522 ] C:\Windows\System32\tapi32.dll
20:09:33.0782 5692 C:\Windows\System32\tapi32.dll - ok
20:09:33.0782 5692 [ E4B72E71EC37A59FE574A998A0C0EB9B ] C:\Windows\System32\netmsg.dll
20:09:33.0782 5692 C:\Windows\System32\netmsg.dll - ok
20:09:33.0797 5692 [ 5F610783FBF01F9885D80A1DB1A2F220 ] C:\Windows\System32\nci.dll
20:09:33.0797 5692 C:\Windows\System32\nci.dll - ok
20:09:33.0797 5692 [ 2F94E3709F029512A1BD8F6C108D7B62 ] C:\Windows\System32\sscore.dll
20:09:33.0797 5692 C:\Windows\System32\sscore.dll - ok
20:09:33.0797 5692 [ 9092668DAF4061898FD3F2C19D8C7F85 ] C:\Windows\System32\clusapi.dll
20:09:33.0797 5692 C:\Windows\System32\clusapi.dll - ok
20:09:33.0813 5692 [ 9015EE5171BCB15653DA27024BD27128 ] C:\Windows\System32\resutils.dll
20:09:33.0813 5692 C:\Windows\System32\resutils.dll - ok
20:09:33.0813 5692 [ 6383C60EC0133B14F5705F96369421B2 ] C:\Windows\System32\hnetcfg.dll
20:09:33.0813 5692 C:\Windows\System32\hnetcfg.dll - ok
20:09:33.0813 5692 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\System32\rasadhlp.dll
20:09:33.0813 5692 C:\Windows\System32\rasadhlp.dll - ok
20:09:33.0813 5692 [ F45330F0364BC8223EF835EA5E3EBB8E ] C:\Windows\System32\unimdm.tsp
20:09:33.0829 5692 C:\Windows\System32\unimdm.tsp - ok
20:09:33.0829 5692 [ E675DE8CF57D8814218733B3DAE896D7 ] C:\Windows\System32\uniplat.dll
20:09:33.0829 5692 C:\Windows\System32\uniplat.dll - ok
20:09:33.0829 5692 [ F3FB146CDBDD26FCD0CF7941C547BEE4 ] C:\Windows\System32\kmddsp.tsp
20:09:33.0829 5692 C:\Windows\System32\kmddsp.tsp - ok
20:09:33.0829 5692 [ F7FE730CE31B54145DEE1F1482BCCDD7 ] C:\Windows\System32\ndiscapCfg.dll
20:09:33.0829 5692 C:\Windows\System32\ndiscapCfg.dll - ok
20:09:33.0844 5692 [ E8D0FA821AAA7DF5EE42E1AA4D7E4193 ] C:\Windows\System32\mprapi.dll
20:09:33.0844 5692 C:\Windows\System32\mprapi.dll - ok
20:09:33.0844 5692 [ 761A3A4038C1FD4F5795427907C28484 ] C:\Windows\System32\rascfg.dll
20:09:33.0844 5692 C:\Windows\System32\rascfg.dll - ok
20:09:33.0844 5692 [ AA11A26692E0DB2996CAEFE9EC61F61F ] C:\Windows\System32\ndptsp.tsp
20:09:33.0844 5692 C:\Windows\System32\ndptsp.tsp - ok
20:09:33.0844 5692 [ E2F6CC0D191361EE94FEA3957653F531 ] C:\Windows\System32\hidphone.tsp
20:09:33.0844 5692 C:\Windows\System32\hidphone.tsp - ok
20:09:33.0860 5692 [ 9A7B54D57594233EEB17892BAD309970 ] C:\Windows\System32\mprmsg.dll
20:09:33.0860 5692 C:\Windows\System32\mprmsg.dll - ok
20:09:33.0860 5692 [ 98963BD29723A373009B017E87BE9CE8 ] C:\Windows\System32\rasppp.dll
20:09:33.0860 5692 C:\Windows\System32\rasppp.dll - ok
20:09:33.0860 5692 [ 582C191F861D18B8C937FB9859B80E9C ] C:\Windows\System32\vpnike.dll
20:09:33.0860 5692 C:\Windows\System32\vpnike.dll - ok
20:09:33.0875 5692 [ A6AB92DEBE2D8F08D3452D09FBAF73AE ] C:\Windows\System32\tcpipcfg.dll
20:09:33.0875 5692 C:\Windows\System32\tcpipcfg.dll - ok
20:09:33.0875 5692 [ D1A079A0DE2EA524513B6930C24527A2 ] C:\Windows\System32\ipnathlp.dll
20:09:33.0875 5692 C:\Windows\System32\ipnathlp.dll - ok
20:09:33.0875 5692 [ F7611E0F05B4EB272102CA9883CA98A7 ] C:\Windows\System32\netshell.dll
20:09:33.0875 5692 C:\Windows\System32\netshell.dll - ok
20:09:33.0891 5692 [ 78DE417B7921DACA072059E6BF410FC7 ] C:\Windows\System32\wshnetbs.dll
20:09:33.0891 5692 C:\Windows\System32\wshnetbs.dll - ok
20:09:33.0891 5692 [ 3FFF831696711C6535746E091E412607 ] C:\Windows\System32\drivers\Sftredirwin7.sys
20:09:33.0891 5692 C:\Windows\System32\drivers\Sftredirwin7.sys - ok
20:09:33.0891 5692 [ 1EBE9524683C7C4EED8B8BC93FB6FBCC ] C:\Windows\System32\fltLib.dll
20:09:33.0891 5692 C:\Windows\System32\fltLib.dll - ok
20:09:33.0907 5692 [ 99B9343280AF6A4C0F27CF2E28E94BBF ] C:\Windows\System32\dssenh.dll
20:09:33.0907 5692 C:\Windows\System32\dssenh.dll - ok
20:09:33.0907 5692 [ 1D491DCFA60DE628441AD1DB8F073D84 ] C:\Windows\CCM\PolicyAgentProvider.dll
20:09:33.0907 5692 C:\Windows\CCM\PolicyAgentProvider.dll - ok
20:09:33.0922 5692 [ 59121C732A64E643502EBE3BBC9A17A2 ] C:\Program Files\1E\Agent\WakeUp\HealthAgt.dll
20:09:33.0922 5692 C:\Program Files\1E\Agent\WakeUp\HealthAgt.dll - ok
20:09:33.0922 5692 [ EC0A715B3F6FAF184C4A92648B9EC8E8 ] C:\Program Files\1E\Agent\WakeUp\HwInfoAgt.dll
20:09:33.0922 5692 C:\Program Files\1E\Agent\WakeUp\HwInfoAgt.dll - ok
20:09:33.0922 5692 [ 04D16553664796613FE98D441A0C35D7 ] C:\Windows\System32\cryptnet.dll
20:09:33.0922 5692 C:\Windows\System32\cryptnet.dll - ok
20:09:33.0938 5692 [ 6E6D3E6215C95F113FE315781D87482A ] C:\Program Files\1E\Agent\WakeUp\HoursOnAgt.dll
20:09:33.0938 5692 C:\Program Files\1E\Agent\WakeUp\HoursOnAgt.dll - ok
20:09:33.0938 5692 [ 1F59B386F652A0484A3CC0B680B1132B ] C:\Windows\System32\msimsg.dll
20:09:33.0938 5692 C:\Windows\System32\msimsg.dll - ok
20:09:33.0938 5692 [ C5413BC4F10CEB4C3070BBF04D324117 ] C:\Windows\System32\msisip.dll
20:09:33.0938 5692 C:\Windows\System32\msisip.dll - ok
20:09:33.0953 5692 [ A89370F16AD5BA5CC67A204BC9FFE151 ] C:\Program Files\1E\Agent\WakeUp\PdhAgt.dll
20:09:33.0953 5692 C:\Program Files\1E\Agent\WakeUp\PdhAgt.dll - ok
20:09:33.0953 5692 [ 21894CB605E416D26892DC445507408E ] C:\Windows\System32\pdh.dll
20:09:33.0953 5692 C:\Windows\System32\pdh.dll - ok
20:09:33.0953 5692 [ 7F63F117FF2C65DFBC818244E8B69848 ] C:\Program Files\McAfee\VirusScan Enterprise\mfeapfa.dll
20:09:33.0953 5692 C:\Program Files\McAfee\VirusScan Enterprise\mfeapfa.dll - ok
20:09:33.0969 5692 [ F4D3225E156825AA90B8974B33CDA60F ] C:\Program Files\McAfee\VirusScan Enterprise\mfehida.dll
20:09:33.0969 5692 C:\Program Files\McAfee\VirusScan Enterprise\mfehida.dll - ok
20:09:33.0969 5692 [ 5CBF9D2FAB2ABC461B2F67C802F52543 ] C:\Windows\System32\drivers\mfeapfk.sys
20:09:33.0969 5692 C:\Windows\System32\drivers\mfeapfk.sys - ok
20:09:33.0969 5692 [ DEF30CBEA881149C2AFFDF9A059FB759 ] C:\Windows\System32\cabinet.dll
20:09:33.0969 5692 C:\Windows\System32\cabinet.dll - ok
20:09:33.0985 5692 [ B5C981E3A5DD20AE4FAE2D65BAD2C9CB ] C:\Program Files\McAfee\VirusScan Enterprise\mfebopa.dll
20:09:33.0985 5692 C:\Program Files\McAfee\VirusScan Enterprise\mfebopa.dll - ok
20:09:33.0985 5692 [ E665CFF48E376B48D2CC84BE1559F131 ] C:\Windows\System32\drivers\mfebopk.sys
20:09:33.0985 5692 C:\Windows\System32\drivers\mfebopk.sys - ok
20:09:33.0985 5692 [ 339733415C375FE7937B657487DF66EF ] C:\Program Files\McAfee\VirusScan Enterprise\mfeavfa.dll
20:09:33.0985 5692 C:\Program Files\McAfee\VirusScan Enterprise\mfeavfa.dll - ok
20:09:34.0000 5692 [ 10718B3EEB9E98C5B4AAD7C0A23A9EFA ] C:\Windows\System32\drivers\mfeavfk.sys
20:09:34.0000 5692 C:\Windows\System32\drivers\mfeavfk.sys - ok
20:09:34.0000 5692 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] C:\Windows\System32\wdi.dll
20:09:34.0000 5692 C:\Windows\System32\wdi.dll - ok
20:09:34.0000 5692 [ 2E9AA85891480722D9E3501776E5A8C2 ] C:\Windows\System32\icaapi.dll
20:09:34.0000 5692 C:\Windows\System32\icaapi.dll - ok
20:09:34.0016 5692 [ A01E50A04D7B1960B33E92B9080E6A94 ] C:\Windows\System32\termsrv.dll
20:09:34.0016 5692 C:\Windows\System32\termsrv.dll - ok
20:09:34.0016 5692 [ 55187FD710E27D5095D10A472C8BAF1C ] C:\Windows\System32\w32time.dll
20:09:34.0016 5692 C:\Windows\System32\w32time.dll - ok
20:09:34.0016 5692 [ B7F658A2EBC07129538AD9AB35212637 ] C:\Windows\System32\wpdbusenum.dll
20:09:34.0016 5692 C:\Windows\System32\wpdbusenum.dll - ok
20:09:34.0031 5692 [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\System32\npmproxy.dll
20:09:34.0031 5692 C:\Windows\System32\npmproxy.dll - ok
20:09:34.0031 5692 [ 4EEB1EA6495682B5446F06F1814611AC ] C:\Windows\System32\lsmproxy.dll
20:09:34.0031 5692 C:\Windows\System32\lsmproxy.dll - ok
20:09:34.0031 5692 [ 86CAA1B14F29093EC790779F47C9D99F ] C:\Windows\System32\diagperf.dll
20:09:34.0031 5692 C:\Windows\System32\diagperf.dll - ok
20:09:34.0031 5692 [ 36060A75D9EDB1AEF0825988C7DD8511 ] C:\Windows\System32\PortableDeviceApi.dll
20:09:34.0031 5692 C:\Windows\System32\PortableDeviceApi.dll - ok
20:09:34.0047 5692 [ 4739F795BEC2F1170B7B7D671E28E0A2 ] C:\Windows\System32\regapi.dll
20:09:34.0047 5692 C:\Windows\System32\regapi.dll - ok
20:09:34.0047 5692 [ C693E642ACFBDD76433AF6BE3C3EEE6F ] C:\Windows\System32\PortableDeviceConnectApi.dll
20:09:34.0047 5692 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
20:09:34.0047 5692 [ EC8F27F8264A42E11E85C670458B25DC ] C:\Windows\System32\tlscsp.dll
20:09:34.0047 5692 C:\Windows\System32\tlscsp.dll - ok
20:09:34.0063 5692 [ D99621C0735B21DCC8BC4FEF02F379EF ] C:\Windows\System32\Apphlpdm.dll
20:09:34.0063 5692 C:\Windows\System32\Apphlpdm.dll - ok
20:09:34.0063 5692 [ F8E882C10AF4C29E378D1E28D4817CB1 ] C:\Windows\System32\pnpts.dll
20:09:34.0063 5692 C:\Windows\System32\pnpts.dll - ok
20:09:34.0063 5692 [ 23D5AE191D918BB82FD8027E1BA869D4 ] C:\Windows\System32\wdiasqmmodule.dll
20:09:34.0063 5692 C:\Windows\System32\wdiasqmmodule.dll - ok
20:09:34.0078 5692 [ 7E82616BEE76BF5EAA5B30F681414E21 ] C:\Windows\System32\perftrack.dll
20:09:34.0078 5692 C:\Windows\System32\perftrack.dll - ok
20:09:34.0078 5692 [ 58E5D668C24DAFE4CAB71F811A16B608 ] C:\Windows\System32\rdpcorekmts.dll
20:09:34.0078 5692 C:\Windows\System32\rdpcorekmts.dll - ok
20:09:34.0078 5692 [ 8019A904EBB6F8CFBA9E41A76A99604A ] C:\Windows\System32\wer.dll
20:09:34.0078 5692 C:\Windows\System32\wer.dll - ok
20:09:34.0094 5692 [ F148865E4AC4F715E322EA06E6E21D84 ] C:\Windows\System32\wbem\NCProv.dll
20:09:34.0094 5692 C:\Windows\System32\wbem\NCProv.dll - ok
20:09:34.0094 5692 [ 0FDEC99750287D2F435CE12F3DA804BB ] C:\Windows\System32\rdpwsx.dll
20:09:34.0094 5692 C:\Windows\System32\rdpwsx.dll - ok
20:09:34.0094 5692 [ 8B794AE6D5C7D42092804BC39A2EB8F6 ] C:\Windows\System32\aepic.dll
20:09:34.0094 5692 C:\Windows\System32\aepic.dll - ok
20:09:34.0109 5692 [ 448D058A803E095131B41688D66632F1 ] C:\Windows\System32\vmictimeprovider.dll
20:09:34.0109 5692 C:\Windows\System32\vmictimeprovider.dll - ok
20:09:34.0109 5692 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] C:\Windows\System32\drivers\rdpdr.sys
20:09:34.0109 5692 C:\Windows\System32\drivers\rdpdr.sys - ok
20:09:34.0109 5692 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] C:\Windows\System32\IPSECSVC.DLL
20:09:34.0109 5692 C:\Windows\System32\IPSECSVC.DLL - ok
20:09:34.0125 5692 [ DB603D3FD090C66F9709EF6493C26BA3 ] C:\Windows\System32\FwRemoteSvr.dll
20:09:34.0125 5692 C:\Windows\System32\FwRemoteSvr.dll - ok
20:09:34.0125 5692 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] C:\Windows\System32\umrdp.dll
20:09:34.0125 5692 C:\Windows\System32\umrdp.dll - ok
20:09:34.0125 5692 [ 8F55CE568C543D5ADF45C409D16718FC ] C:\Windows\System32\SessEnv.dll
20:09:34.0125 5692 C:\Windows\System32\SessEnv.dll - ok
20:09:34.0141 5692 [ 7156308896D34EA75A582F9A09E50C17 ] C:\Windows\System32\drivers\tdtcp.sys
20:09:34.0141 5692 C:\Windows\System32\drivers\tdtcp.sys - ok
20:09:34.0141 5692 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] C:\Windows\System32\drivers\tssecsrv.sys
20:09:34.0141 5692 C:\Windows\System32\drivers\tssecsrv.sys - ok
20:09:34.0141 5692 [ C5B8D47A4688DE9D335204EA757C2240 ] C:\Windows\System32\drivers\rdpwd.sys
20:09:34.0141 5692 C:\Windows\System32\drivers\rdpwd.sys - ok
20:09:34.0156 5692 [ 086A00D462089813688461E0813DD529 ] C:\Windows\System32\localspl.dll
20:09:34.0156 5692 C:\Windows\System32\localspl.dll - ok
20:09:34.0156 5692 [ 629181C26A78EB66B0B4E774E5AC2882 ] C:\Windows\System32\spoolss.dll
20:09:34.0156 5692 C:\Windows\System32\spoolss.dll - ok
20:09:34.0156 5692 [ DDA6CFD632DCB8D9C72ADA58799BF776 ] C:\Windows\System32\PrintIsolationProxy.dll
20:09:34.0156 5692 C:\Windows\System32\PrintIsolationProxy.dll - ok
20:09:34.0156 5692 [ CC78A5C18F943C7C23D498794547D3A3 ] C:\Windows\System32\lmdimon8.dll
20:09:34.0156 5692 C:\Windows\System32\lmdimon8.dll - ok
20:09:34.0172 5692 [ D5CC5113671AC70993A5B46923212F16 ] C:\Windows\System32\FXSMON.dll
20:09:34.0172 5692 C:\Windows\System32\FXSMON.dll - ok
20:09:34.0172 5692 [ CE3DE5AB08FDA79254C96CD8E0B60B85 ] C:\Windows\System32\sdo1ml3.dll
20:09:34.0172 5692 C:\Windows\System32\sdo1ml3.dll - ok
20:09:34.0187 5692 [ B390C1D825C7687493BEDE237C6C2F25 ] C:\Windows\System32\tcpmon.dll
20:09:34.0187 5692 C:\Windows\System32\tcpmon.dll - ok
20:09:34.0203 5692 [ 1220595CABA75AB91A6B3FA3B89483CC ] C:\Windows\System32\snmpapi.dll
20:09:34.0203 5692 C:\Windows\System32\snmpapi.dll - ok
20:09:34.0203 5692 [ 596371A825C6ABB55E436B6F0966A24F ] C:\Windows\System32\wsnmp32.dll
20:09:34.0203 5692 C:\Windows\System32\wsnmp32.dll - ok
20:09:34.0219 5692 [ 923CDD30092DB73EC4A0EBCDDD16C686 ] C:\Windows\System32\usbmon.dll
20:09:34.0219 5692 C:\Windows\System32\usbmon.dll - ok
20:09:34.0219 5692 [ A8EB761DE499242BECF153B2B34F020E ] C:\Windows\System32\WSDMon.dll
20:09:34.0219 5692 C:\Windows\System32\WSDMon.dll - ok
20:09:34.0219 5692 [ 206ECCF79765E9F3FC6CCA04114EE058 ] C:\Windows\System32\WSDApi.dll
20:09:34.0219 5692 C:\Windows\System32\WSDApi.dll - ok
20:09:34.0234 5692 [ 4262220B609AD082CE66914172597A96 ] C:\Windows\System32\webservices.dll
20:09:34.0234 5692 C:\Windows\System32\webservices.dll - ok
20:09:34.0234 5692 [ F34CFADA6C48DAA41B996D24C7D8D3CA ] C:\Windows\System32\fdPnp.dll
20:09:34.0234 5692 C:\Windows\System32\fdPnp.dll - ok
20:09:34.0234 5692 [ 89D90579E5FB1469CB0464F6512E42B7 ] C:\Windows\System32\fundisc.dll
20:09:34.0234 5692 C:\Windows\System32\fundisc.dll - ok
20:09:34.0234 5692 [ DBD10464E7246C9E722025DEBC093D01 ] C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll
20:09:34.0234 5692 C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll - ok
20:09:34.0250 5692 [ CD2F8B95F53E9B59084BDBAC9E708494 ] C:\Windows\System32\spool\prtprocs\w32x86\lmdippr8.dll
20:09:34.0250 5692 C:\Windows\System32\spool\prtprocs\w32x86\lmdippr8.dll - ok
20:09:34.0250 5692 [ DD0DA53D125F6BBFCEABBAFEBD70DAD1 ] C:\Windows\System32\spool\prtprocs\w32x86\sdo1mpc.dll
20:09:34.0250 5692 C:\Windows\System32\spool\prtprocs\w32x86\sdo1mpc.dll - ok
20:09:34.0250 5692 [ 2F998E1FCA7749E836FDFAFE88DE9237 ] C:\Windows\System32\win32spl.dll
20:09:34.0250 5692 C:\Windows\System32\win32spl.dll - ok
20:09:34.0265 5692 [ 258A532CFFAAD910B5B14F27DCD7BFB3 ] C:\Windows\System32\inetpp.dll
20:09:34.0265 5692 C:\Windows\System32\inetpp.dll - ok
20:09:34.0265 5692 [ A8492E3929E7B981DA541286709C8479 ] C:\Windows\System32\msiexec.exe
20:09:34.0265 5692 C:\Windows\System32\msiexec.exe - ok
20:09:34.0265 5692 [ 1351931877DE0C46C4D42DAA26F7B5B1 ] C:\Windows\AppPatch\AcLayers.dll
20:09:34.0265 5692 C:\Windows\AppPatch\AcLayers.dll - ok
20:09:34.0281 5692 [ 079FC5AAA9963057548DF29F069EC406 ] C:\Windows\AppPatch\AcGenral.dll
20:09:34.0281 5692 C:\Windows\AppPatch\AcGenral.dll - ok
20:09:34.0281 5692 [ 128DD9AF8640DBCC711940903C8B554F ] C:\Windows\System32\mscoree.dll
20:09:34.0281 5692 C:\Windows\System32\mscoree.dll - ok
20:09:34.0281 5692 [ 83BA5E873164A3711B44052F58C8FE9F ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
20:09:34.0281 5692 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
20:09:34.0297 5692 [ 6C69EA6A0C308A0FB81992CAC9F39C59 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll
20:09:34.0297 5692 C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll - ok
20:09:34.0297 5692 [ 82A4823A1F8BA683583465C1738CDBF2 ] C:\Windows\CCM\CcmSqlCE.dll
20:09:34.0297 5692 C:\Windows\CCM\CcmSqlCE.dll - ok
20:09:34.0297 5692 [ 52FC6799B30366814D1CE6E5C2E28875 ] C:\Windows\System32\ntprint.dll
20:09:34.0297 5692 C:\Windows\System32\ntprint.dll - ok
20:09:34.0297 5692 [ 48D3292A287A2454801B923B1166F489 ] C:\Windows\CCM\sqlceca35.dll
20:09:34.0297 5692 C:\Windows\CCM\sqlceca35.dll - ok
20:09:34.0312 5692 [ 1036F9256063955FE072703BEAE38A5A ] C:\Windows\System32\jsproxy.dll
20:09:34.0312 5692 C:\Windows\System32\jsproxy.dll - ok
20:09:34.0312 5692 [ 88E69D845B1513634AF2FD0E725F9A29 ] C:\Windows\CCM\sqlceer35EN.dll
20:09:34.0312 5692 C:\Windows\CCM\sqlceer35EN.dll - ok
20:09:34.0312 5692 [ 01B005BBB9E4C92990B27A06ABD26858 ] C:\Windows\CCM\sqlcecompact35.dll
20:09:34.0312 5692 C:\Windows\CCM\sqlcecompact35.dll - ok
20:09:34.0328 5692 [ E6410546E86DC2C8068DCA88065BD7AB ] C:\Windows\System32\wbem\WmiPerfClass.dll
20:09:34.0328 5692 C:\Windows\System32\wbem\WmiPerfClass.dll - ok
20:09:34.0328 5692 [ 15515AE1540B4EE2B75DF63FC15129DF ] C:\Windows\System32\netfxperf.dll
20:09:34.0328 5692 C:\Windows\System32\netfxperf.dll - ok
20:09:34.0343 5692 [ 257147843B66B67CB72AE8197DD479CD ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\PerfCounter.dll
20:09:34.0343 5692 C:\Windows\Microsoft.NET\Framework\v4.0.30319\PerfCounter.dll - ok
20:09:34.0343 5692 [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\System32\msvcr100_clr0400.dll
20:09:34.0343 5692 C:\Windows\System32\msvcr100_clr0400.dll - ok
20:09:34.0343 5692 [ DC3078BA1B58562416C843582A42284C ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll
20:09:34.0343 5692 C:\Windows\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll - ok
20:09:34.0359 5692 [ ADD7A08E7016694FE1C73DD7498DEAD6 ] C:\Windows\System32\aspnet_counters.dll
20:09:34.0359 5692 C:\Windows\System32\aspnet_counters.dll - ok
20:09:34.0359 5692 [ F4E9693F449600A30088A0B16079F3CD ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\Aspnet_perf.dll
20:09:34.0359 5692 C:\Windows\Microsoft.NET\Framework\v4.0.30319\Aspnet_perf.dll - ok
20:09:34.0359 5692 [ 704A8B68374E6309B8D67F997FD3034B ] C:\Windows\System32\bitsperf.dll
20:09:34.0359 5692 C:\Windows\System32\bitsperf.dll - ok
20:09:34.0359 5692 [ D6AD23C1D38DA49DF559AAE2761E2BA3 ] C:\Windows\System32\FrameworkPerf.dll
20:09:34.0359 5692 C:\Windows\System32\FrameworkPerf.dll - ok
20:09:34.0375 5692 [ 4EAFCEA21AF014AD1032FDD1BE213F20 ] C:\Windows\System32\ccmperf.dll
20:09:34.0375 5692 C:\Windows\System32\ccmperf.dll - ok
20:09:34.0375 5692 [ 8C9179609935F84202028849112D355A ] C:\Windows\System32\esentprf.dll
20:09:34.0375 5692 C:\Windows\System32\esentprf.dll - ok
20:09:34.0375 5692 [ EA9E85F4E12B6072D449AF3DA03A4B02 ] C:\Program Files\Microsoft Application Virtualization Client\mavcperf.dll
20:09:34.0375 5692 C:\Program Files\Microsoft Application Virtualization Client\mavcperf.dll - ok
20:09:34.0390 5692 [ 529879612A7FAE235914E3AA6A9A669C ] C:\Windows\System32\loadperf.dll
20:09:34.0390 5692 C:\Windows\System32\loadperf.dll - ok
20:09:34.0390 5692 [ E991956ACE9E57BFB9F8BB077D11B34E ] C:\Windows\System32\msdtcuiu.dll
20:09:34.0390 5692 C:\Windows\System32\msdtcuiu.dll - ok
20:09:34.0390 5692 [ 19B8C44BC54C7859E57E0EC1312D5B92 ] C:\Windows\System32\msdtcprx.dll
20:09:34.0390 5692 C:\Windows\System32\msdtcprx.dll - ok
20:09:34.0390 5692 [ 6EB1BB4A5209A94D52559449B49EA5EB ] C:\Windows\System32\mtxclu.dll
20:09:34.0390 5692 C:\Windows\System32\mtxclu.dll - ok
20:09:34.0406 5692 [ 3FED26156D80F80D24EBC22B828E8FEC ] C:\Windows\System32\msscntrs.dll
20:09:34.0406 5692 C:\Windows\System32\msscntrs.dll - ok
20:09:34.0406 5692 [ 4E511348D249BED2F9A05DD9432EAC37 ] C:\Program Files\Microsoft Office\Office14\OLMAPI32.DLL
20:09:34.0406 5692 C:\Program Files\Microsoft Office\Office14\OLMAPI32.DLL - ok
20:09:34.0406 5692 [ D487A3FC4C5DD5157781F0E488E5B3A1 ] C:\Program Files\Common Files\microsoft shared\OFFICE14\MSO.DLL
20:09:34.0406 5692 C:\Program Files\Common Files\microsoft shared\OFFICE14\MSO.DLL - ok
20:09:34.0421 5692 [ B92E9318F7E4AEF633B8EC3A873565AF ] C:\Windows\System32\perfdisk.dll
20:09:34.0421 5692 C:\Windows\System32\perfdisk.dll - ok
20:09:34.0421 5692 [ 1ACC2484F3F111D577ABE4FFB1CAF2A5 ] C:\Windows\System32\perfnet.dll
20:09:34.0421 5692 C:\Windows\System32\perfnet.dll - ok
20:09:34.0421 5692 [ 6FA41E0C86EF049A12C05CA4BBA8F9AF ] C:\Windows\System32\perfos.dll
20:09:34.0421 5692 C:\Windows\System32\perfos.dll - ok
20:09:34.0437 5692 [ 752F8E96BAB993517838315508FB82CB ] C:\Windows\System32\perfproc.dll
20:09:34.0437 5692 C:\Windows\System32\perfproc.dll - ok
20:09:34.0437 5692 [ 6E608664EBEEAB5A03BA32324016695B ] C:\Windows\System32\rasctrs.dll
20:09:34.0437 5692 C:\Windows\System32\rasctrs.dll - ok
20:09:34.0437 5692 [ EDD2AD141DEBD425D74A52A4D7BE6AC4 ] C:\Windows\System32\perfctrs.dll
20:09:34.0437 5692 C:\Windows\System32\perfctrs.dll - ok
20:09:34.0453 5692 [ 5BBD1F824741AA1FDA9A9DFD3A9D5416 ] C:\Windows\System32\tapiperf.dll
20:09:34.0453 5692 C:\Windows\System32\tapiperf.dll - ok
20:09:34.0453 5692 [ 0A7B1D09AC03910BB70996A2856048A0 ] C:\Windows\System32\perfts.dll
20:09:34.0453 5692 C:\Windows\System32\perfts.dll - ok
20:09:34.0468 5692 [ 109007869CB95CBD9B92FDF35B96D7B5 ] C:\Windows\System32\usbperf.dll
20:09:34.0468 5692 C:\Windows\System32\usbperf.dll - ok
20:09:34.0468 5692 [ 4757E9742C8EFA0EA4146882864D751D ] C:\Windows\System32\utildll.dll
20:09:34.0468 5692 C:\Windows\System32\utildll.dll - ok
20:09:34.0468 5692 [ B01724EFF26CE7C5AB3D17AE67F4F1B5 ] C:\Windows\System32\wbem\WmiApRpl.dll
20:09:34.0468 5692 C:\Windows\System32\wbem\WmiApRpl.dll - ok
20:09:34.0484 5692 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] C:\Windows\System32\wbem\WmiApSrv.exe
20:09:34.0484 5692 C:\Windows\System32\wbem\WmiApSrv.exe - ok
20:09:34.0484 5692 [ 60386A010E5961A05855340946538844 ] C:\Windows\System32\wbem\wmiprov.dll
20:09:34.0484 5692 C:\Windows\System32\wbem\wmiprov.dll - ok
20:09:34.0499 5692 [ 7C6A2CCF98024A5EF8740162701CE3E7 ] C:\Windows\System32\tquery.dll
20:09:34.0499 5692 C:\Windows\System32\tquery.dll - ok
20:09:34.0499 5692 [ A16195753E7C603FB732C53FE08C64BF ] C:\Windows\System32\wbem\WmiPerfInst.dll
20:09:34.0499 5692 C:\Windows\System32\wbem\WmiPerfInst.dll - ok
20:09:34.0499 5692 [ 474CA2E8807C3097B0B655EA3D646C6F ] C:\Windows\CCM\SrcUpdateMgr.dll
20:09:34.0499 5692 C:\Windows\CCM\SrcUpdateMgr.dll - ok
20:09:34.0499 5692 [ A92C36D9E4BCD77BD930FF32C920B518 ] C:\Windows\CCM\CcmDTS.dll
20:09:34.0499 5692 C:\Windows\CCM\CcmDTS.dll - ok
20:09:34.0515 5692 [ 2F1A830DB5173E4CCD04C81DD86197D8 ] C:\Windows\CCM\CcmCTMNotification.dll
20:09:34.0515 5692 C:\Windows\CCM\CcmCTMNotification.dll - ok
20:09:34.0515 5692 [ EFAE60C5FAF0BB634631EF5B519830E8 ] C:\Windows\CCM\smssha.dll
20:09:34.0515 5692 C:\Windows\CCM\smssha.dll - ok
20:09:34.0515 5692 [ D781298C8B70ABED59DEA5C0FA6F790C ] C:\Windows\CCM\SoftwareCenterSystemTasks.dll
20:09:34.0515 5692 C:\Windows\CCM\SoftwareCenterSystemTasks.dll - ok
20:09:34.0531 5692 [ 2FBBEBDB7C04BE569CEC85481F095F3A ] C:\Windows\CCM\StateMessage.dll
20:09:34.0531 5692 C:\Windows\CCM\StateMessage.dll - ok
20:09:34.0531 5692 [ 84ABA8B5462E9FDCF6D1616B13B35950 ] C:\Windows\CCM\VAppLaunchMgr.dll
20:09:34.0531 5692 C:\Windows\CCM\VAppLaunchMgr.dll - ok
20:09:34.0546 5692 [ 2981DEA89BC95F30A1977A415286AD6D ] C:\Windows\CCM\UpdatesDeployment.dll
20:09:34.0546 5692 C:\Windows\CCM\UpdatesDeployment.dll - ok
20:09:34.0546 5692 [ 3980EA96AF57B6ECC02CC4CA42451952 ] C:\Windows\CCM\CcmProxy.dll
20:09:34.0546 5692 C:\Windows\CCM\CcmProxy.dll - ok
20:09:34.0546 5692 [ 66C5EC2077A5DA2F57AFE29FC1B23BFE ] C:\Windows\CCM\ScanAgent.dll
20:09:34.0546 5692 C:\Windows\CCM\ScanAgent.dll - ok
20:09:34.0546 5692 [ F77FB1857B3C39A217D62591D4557C83 ] C:\Windows\CCM\Sched.dll
20:09:34.0546 5692 C:\Windows\CCM\Sched.dll - ok
20:09:34.0562 5692 [ 5537976458A439C11AC8AE6FE2DEE7C3 ] C:\Windows\CCM\rebootcoord.dll
20:09:34.0562 5692 C:\Windows\CCM\rebootcoord.dll - ok
20:09:34.0562 5692 [ 4991070F15D243A4AEA414FA304FF2EB ] C:\Windows\CCM\TSCore.dll
20:09:34.0562 5692 C:\Windows\CCM\TSCore.dll - ok
20:09:34.0562 5692 [ 1D4EB1E7ECB454ED9354AA1E43823A66 ] C:\Windows\CCM\CcmPolicySdk.dll
20:09:34.0562 5692 C:\Windows\CCM\CcmPolicySdk.dll - ok
20:09:34.0577 5692 [ 38D378FDD356A6975A2B4933A64AEDCC ] C:\Windows\CCM\PolicyAgentEndpoint.dll
20:09:34.0577 5692 C:\Windows\CCM\PolicyAgentEndpoint.dll - ok
20:09:34.0577 5692 [ 51BA861D69771D0A884916CFDEF2283E ] C:\Windows\CCM\UpdatesStore.dll
20:09:34.0577 5692 C:\Windows\CCM\UpdatesStore.dll - ok
20:09:34.0577 5692 [ 1502B003113C7EE2E7EE48894D49B76C ] C:\Windows\CCM\ContentAccess.dll
20:09:34.0577 5692 C:\Windows\CCM\ContentAccess.dll - ok
20:09:34.0577 5692 [ FA90C7AF3663604AC0EEE6945BBF453E ] C:\Windows\CCM\CPApplet.dll
20:09:34.0577 5692 C:\Windows\CCM\CPApplet.dll - ok
20:09:34.0593 5692 [ 5583EAE4B0291014A8DF4EC95C0889E9 ] C:\Windows\CCM\CcmCTM.dll
20:09:34.0593 5692 C:\Windows\CCM\CcmCTM.dll - ok
20:09:34.0593 5692 [ 1E32F9B899160C4E157B1A9E5AFF0B76 ] C:\Windows\CCM\librdc.dll
20:09:34.0593 5692 C:\Windows\CCM\librdc.dll - ok
20:09:34.0593 5692 [ 2D1D66D35CC4C4333EBB8E9F112DC573 ] C:\Windows\CCM\execmgr.dll
20:09:34.0593 5692 C:\Windows\CCM\execmgr.dll - ok
20:09:34.0609 5692 [ 19EAFA91F3A56F4DF2FA577BBEA34B50 ] C:\Windows\CCM\SrvWinMgr.dll
20:09:34.0609 5692 C:\Windows\CCM\SrvWinMgr.dll - ok
20:09:34.0609 5692 [ BFD89274BB60A98DC3F3DAFCE50C7A40 ] C:\Windows\System32\tscfgwmi.dll
20:09:34.0609 5692 C:\Windows\System32\tscfgwmi.dll - ok
20:09:34.0609 5692 [ E62361D6D7EB8488ED0B0B0C19DF5718 ] C:\Windows\System32\cfgbkend.dll
20:09:34.0609 5692 C:\Windows\System32\cfgbkend.dll - ok
20:09:34.0609 5692 [ 66399DFD0A8ED52CD18FAFBA9D7C8BBE ] C:\Windows\System32\rdpcfgex.dll
20:09:34.0609 5692 C:\Windows\System32\rdpcfgex.dll - ok
20:09:34.0624 5692 [ 1F1F60D2D5D29A8C342182EBB88E3B43 ] C:\Windows\System32\wbem\stdprov.dll
20:09:34.0624 5692 C:\Windows\System32\wbem\stdprov.dll - ok
20:09:34.0624 5692 [ D3425244C004B50732C67BDEAF4DC0E1 ] C:\Windows\CCM\StatusAgent.dll
20:09:34.0624 5692 C:\Windows\CCM\StatusAgent.dll - ok
20:09:34.0640 5692 [ C9F7ABA08316B1A01B760FA807C10265 ] C:\Windows\CCM\MaintenanceCoordinator.dll
20:09:34.0640 5692 C:\Windows\CCM\MaintenanceCoordinator.dll - ok
20:09:34.0655 5692 [ DBABBBB1051C74E902569205763B3345 ] C:\Windows\CCM\CCMVDIProvider.dll
20:09:34.0655 5692 C:\Windows\CCM\CCMVDIProvider.dll - ok
20:09:34.0671 5692 [ E3A94960283998AB729A99AA1F58FB18 ] C:\Windows\CCM\CCMRegistryProvider.dll
20:09:34.0671 5692 C:\Windows\CCM\CCMRegistryProvider.dll - ok
20:09:34.0671 5692 [ 2E2A332A52C70FC616614644045D81D2 ] C:\Windows\CCM\AppExcnLib.dll
20:09:34.0671 5692 C:\Windows\CCM\AppExcnLib.dll - ok
20:09:34.0687 5692 [ 42BCC58F7D3C8ABCBD3BD9D382682D6F ] C:\Windows\CCM\ddrprov.dll
20:09:34.0687 5692 C:\Windows\CCM\ddrprov.dll - ok
20:09:34.0687 5692 [ 0133D49BC31C5A14550227DFD2D9EC4A ] C:\Windows\CCM\CcmEvalTask.dll
20:09:34.0687 5692 C:\Windows\CCM\CcmEvalTask.dll - ok
20:09:34.0687 5692 [ CEDF5872640A76B022C3D477B1DA2FE8 ] C:\Windows\CCM\EndpointProtectionEndpoint.dll
20:09:34.0687 5692 C:\Windows\CCM\EndpointProtectionEndpoint.dll - ok
20:09:34.0687 5692 [ 93F7C3E31BC83575303E9461E71959B7 ] C:\Windows\CCM\AffinityAgent.dll
20:09:34.0687 5692 C:\Windows\CCM\AffinityAgent.dll - ok
20:09:34.0702 5692 [ 9AAE8D7D7D11533102816F84E9272CC2 ] C:\Windows\CCM\ccmident.dll
20:09:34.0702 5692 C:\Windows\CCM\ccmident.dll - ok
20:09:34.0702 5692 [ 9D4B7B11B25A3FBACB44354B857412FF ] C:\Windows\CCM\ExternalEventEndpoint.dll
20:09:34.0702 5692 C:\Windows\CCM\ExternalEventEndpoint.dll - ok
20:09:34.0718 5692 [ 7C456EC626F11EDB69987AE10B0CC392 ] C:\Windows\CCM\AssetAdvisor.dll
20:09:34.0718 5692 C:\Windows\CCM\AssetAdvisor.dll - ok
20:09:34.0718 5692 [ 9AEB45D54695D3D5BBE43620E70C31FE ] C:\Windows\ccmsetup\SCEPInstall.exe
20:09:34.0718 5692 C:\Windows\ccmsetup\SCEPInstall.exe - ok
20:09:34.0718 5692 [ 0A0DFA6F0A28D1A2E8A333CA92C04B53 ] C:\Windows\CCM\cpapplet_ps.dll
20:09:34.0718 5692 C:\Windows\CCM\cpapplet_ps.dll - ok
20:09:34.0733 5692 [ 4C9DDEBE2683E7F3EE646471F1750339 ] C:\Windows\CCM\CCMAuthMessageHook.dll
20:09:34.0733 5692 C:\Windows\CCM\CCMAuthMessageHook.dll - ok
20:09:34.0733 5692 [ C52F593951E158A3B6ACEB48FC761C46 ] C:\Windows\CCM\LSInterface.dll
20:09:34.0733 5692 C:\Windows\CCM\LSInterface.dll - ok
20:09:34.0749 5692 [ 51E36A11AA6B15DC0A8430DED24B56FE ] C:\Windows\System32\adsldp.dll
20:09:34.0749 5692 C:\Windows\System32\adsldp.dll - ok
20:09:34.0749 5692 [ 5BC301B324FACDAD28404D58CF17A69A ] C:\Windows\CCM\ccmhttp.dll
20:09:34.0749 5692 C:\Windows\CCM\ccmhttp.dll - ok
20:09:34.0749 5692 [ 1C92265F2FCA76B1A5C901B60DB6F0DD ] C:\Windows\CCM\StatusAgentProxy.dll
20:09:34.0749 5692 C:\Windows\CCM\StatusAgentProxy.dll - ok
20:09:34.0765 5692 [ E5693D8782E4852C43C3BDAEA4CFF1B5 ] C:\Windows\CCM\smsclient.dll
20:09:34.0765 5692 C:\Windows\CCM\smsclient.dll - ok
20:09:34.0765 5692 [ 807B6562009E5858C93E1C0F435C0382 ] C:\Windows\System32\netbios.dll
20:09:34.0765 5692 C:\Windows\System32\netbios.dll - ok
20:09:34.0765 5692 [ F97A5678897A95118DBFFA82FF6836F7 ] C:\Windows\CCM\MtrMgr.dll
20:09:34.0765 5692 C:\Windows\CCM\MtrMgr.dll - ok
20:09:34.0780 5692 [ A173D0370EF41AE62BDF9FCCA57F0BC9 ] C:\Windows\CCM\Prep.dll
20:09:34.0780 5692 C:\Windows\CCM\Prep.dll - ok
20:09:34.0780 5692 [ 1CEF19A38EC0349B91823989087D2DF6 ] C:\Windows\CCM\PrepDrv.sys
20:09:34.0780 5692 C:\Windows\CCM\PrepDrv.sys - ok
20:09:34.0780 5692 [ EF29ED78322690639CB1678A74478053 ] C:\Windows\CCM\WUAHandler.dll
20:09:34.0780 5692 C:\Windows\CCM\WUAHandler.dll - ok
20:09:34.0796 5692 [ F5D468FC94343198407C144E7B05587C ] C:\Windows\CCM\pdpagent.dll
20:09:34.0796 5692 C:\Windows\CCM\pdpagent.dll - ok
20:09:34.0796 5692 [ 1A383875D8CD4FD418CDA6081127386C ] C:\Windows\CCM\CIStore.dll
20:09:34.0796 5692 C:\Windows\CCM\CIStore.dll - ok
20:09:34.0796 5692 [ C3BA67167ABFAC31C39BC959B250CED8 ] C:\Windows\CCM\sqlceoledb35.dll
20:09:34.0796 5692 C:\Windows\CCM\sqlceoledb35.dll - ok
20:09:34.0811 5692 [ 958582542E5827C3B1B191F1C6C123F4 ] C:\Windows\CCM\sqlcese35.dll
20:09:34.0811 5692 C:\Windows\CCM\sqlcese35.dll - ok
20:09:34.0811 5692 [ 570BFF5D9EF6D0535DE9F0CFA8DAB193 ] C:\Windows\temp\inv6BEB_tmp\invcol.exe
20:09:34.0811 5692 C:\Windows\temp\inv6BEB_tmp\invcol.exe - ok
20:09:34.0811 5692 [ F5530B4FA54FF01826ABF06DD7E428E7 ] C:\Windows\temp\inv6BEB_tmp\dsupt32.dll
20:09:34.0811 5692 C:\Windows\temp\inv6BEB_tmp\dsupt32.dll - ok
20:09:34.0827 5692 [ 1D7708F0F2EE595820F4BF230CF4E23B ] C:\Windows\temp\inv6BEB_tmp\icsvc32.dll
20:09:34.0827 5692 C:\Windows\temp\inv6BEB_tmp\icsvc32.dll - ok
20:09:34.0827 5692 [ 36CCD0CFE3FC326260BAA7425BDE5C9A ] C:\Windows\CCM\sqlceqp35.dll
20:09:34.0827 5692 C:\Windows\CCM\sqlceqp35.dll - ok
20:09:34.0827 5692 [ B9C33A665458AA7937C67B75BAA4A2D4 ] C:\Windows\CCM\CIStateStore.dll
20:09:34.0827 5692 C:\Windows\CCM\CIStateStore.dll - ok
20:09:34.0843 5692 [ 8AE6DD9A6D246004DA047F704F0CC487 ] C:\Windows\System32\cmd.exe
20:09:34.0843 5692 C:\Windows\System32\cmd.exe - ok
20:09:34.0843 5692 [ 009758CC06B7F55B4A4D16A66E243C24 ] C:\Windows\System32\wuapi.dll
20:09:34.0843 5692 C:\Windows\System32\wuapi.dll - ok
20:09:34.0843 5692 [ 1D326842006C4BE77ECD848CF89F01AB ] C:\Windows\System32\wups.dll
20:09:34.0843 5692 C:\Windows\System32\wups.dll - ok
20:09:34.0843 5692 [ D9442D8808A0C0E43B2F8062B85E3E54 ] C:\Windows\temp\inv6BEB_tmp\DrvAppIE_PCI\DRVUpdate.exe
20:09:34.0843 5692 C:\Windows\temp\inv6BEB_tmp\DrvAppIE_PCI\DRVUpdate.exe - ok
20:09:34.0858 5692 [ D9442D8808A0C0E43B2F8062B85E3E54 ] C:\Windows\temp\inv6BEB_tmp\DrvAppIE_MSI\DRVUpdate.exe
20:09:34.0858 5692 C:\Windows\temp\inv6BEB_tmp\DrvAppIE_MSI\DRVUpdate.exe - ok
20:09:34.0858 5692 [ E234F07201230A7716707ED15E958072 ] C:\Windows\temp\inv6BEB_tmp\libsmbios\smbiosinfo.exe
20:09:34.0858 5692 C:\Windows\temp\inv6BEB_tmp\libsmbios\smbiosinfo.exe - ok
20:09:34.0858 5692 [ 6298277B73C77FA99106B271A7525163 ] C:\Windows\System32\wuaueng.dll
20:09:34.0858 5692 C:\Windows\System32\wuaueng.dll - ok
20:09:34.0874 5692 [ 387A8A473ECC5BA02CF453277C1F3274 ] C:\Windows\System32\mspatcha.dll
20:09:34.0874 5692 C:\Windows\System32\mspatcha.dll - ok
20:09:34.0874 5692 [ D9442D8808A0C0E43B2F8062B85E3E54 ] C:\Windows\temp\inv6BEB_tmp\Wifi_Broadcom\DRVUpdate.exe
20:09:34.0874 5692 C:\Windows\temp\inv6BEB_tmp\Wifi_Broadcom\DRVUpdate.exe - ok
20:09:34.0874 5692 [ 5BD1234E11B39C63BBA87022AF6D43C2 ] C:\Windows\System32\wups2.dll
20:09:34.0874 5692 C:\Windows\System32\wups2.dll - ok
20:09:34.0889 5692 [ DC69EC422A068F5D47938D05A7B53478 ] C:\Windows\temp\inv6BEB_tmp\DCP_ConnMgr\AppUpdate.exe
20:09:34.0889 5692 C:\Windows\temp\inv6BEB_tmp\DCP_ConnMgr\AppUpdate.exe - ok
20:09:34.0889 5692 [ DC69EC422A068F5D47938D05A7B53478 ] C:\Windows\temp\inv6BEB_tmp\DCP_SysMgr_Vista\AppUpdate.exe
20:09:34.0889 5692 C:\Windows\temp\inv6BEB_tmp\DCP_SysMgr_Vista\AppUpdate.exe - ok
20:09:34.0889 5692 [ F36B7461FECDCF763FDEFA3A3352CD45 ] C:\Windows\System32\cscript.exe
20:09:34.0889 5692 C:\Windows\System32\cscript.exe - ok
20:09:34.0905 5692 [ DC69EC422A068F5D47938D05A7B53478 ] C:\Windows\temp\inv6BEB_tmp\DCP_SysMgr_XP\AppUpdate.exe
20:09:34.0905 5692 C:\Windows\temp\inv6BEB_tmp\DCP_SysMgr_XP\AppUpdate.exe - ok
20:09:34.0905 5692 [ EDE757D894731F21C696136245C73A02 ] C:\Windows\temp\inv6BEB_tmp\OSINV\osinv.exe
20:09:34.0905 5692 C:\Windows\temp\inv6BEB_tmp\OSINV\osinv.exe - ok
20:09:34.0905 5692 [ 46BDD2573E550BDADE5E7F1D16642347 ] C:\Windows\temp\inv6BEB_tmp\DCP_SysMgr_XP\VersionCheck.dll
20:09:34.0905 5692 C:\Windows\temp\inv6BEB_tmp\DCP_SysMgr_XP\VersionCheck.dll - ok
20:09:34.0921 5692 [ DC69EC422A068F5D47938D05A7B53478 ] C:\Windows\temp\inv6BEB_tmp\ConexantAudio\AppUpdate.exe
20:09:34.0921 5692 C:\Windows\temp\inv6BEB_tmp\ConexantAudio\AppUpdate.exe - ok
20:09:34.0921 5692 [ 509B666BF56D469C641DF55652C76168 ] C:\Windows\System32\vbscript.dll
20:09:34.0921 5692 C:\Windows\System32\vbscript.dll - ok
20:09:34.0921 5692 [ E8F6851E4600CD3674422487EE240941 ] C:\Windows\System32\wshext.dll
20:09:34.0921 5692 C:\Windows\System32\wshext.dll - ok
20:09:34.0921 5692 [ 2D542FEEEE1644365BCE3327E91A5798 ] C:\Windows\System32\scrobj.dll
20:09:34.0921 5692 C:\Windows\System32\scrobj.dll - ok
20:09:34.0936 5692 [ B5D4429FBBF86A05AC2E3A247E32E97F ] C:\Windows\System32\wshom.ocx
20:09:34.0936 5692 C:\Windows\System32\wshom.ocx - ok
20:09:34.0936 5692 [ 69A1D7C29CFF256BECBD4E39E2159636 ] C:\Windows\System32\scrrun.dll
20:09:34.0936 5692 C:\Windows\System32\scrrun.dll - ok
20:09:34.0936 5692 [ 00D1F89836927C0F2E37321E6B441FCE ] C:\Windows\System32\msxml3.dll
20:09:34.0936 5692 C:\Windows\System32\msxml3.dll - ok
20:09:34.0952 5692 [ 750F85274AD5B528508C9B8D7EC7D6FA ] C:\Windows\temp\inv6BEB_tmp\IDT_AUDIO\DRVUpdate.exe
20:09:34.0952 5692 C:\Windows\temp\inv6BEB_tmp\IDT_AUDIO\DRVUpdate.exe - ok
20:09:34.0952 5692 [ 244C6722289F4869068992FD7D8A8832 ] C:\Windows\System32\wbem\wbemdisp.dll
20:09:34.0952 5692 C:\Windows\System32\wbem\wbemdisp.dll - ok
20:09:34.0967 5692 [ 10F32A7D7F5C5215BA1887A8F452DBC4 ] C:\Windows\System32\wbem\Win32_EncryptableVolume.dll
20:09:34.0967 5692 C:\Windows\System32\wbem\Win32_EncryptableVolume.dll - ok
20:09:34.0967 5692 [ 97D1227BA2A7F57C33E956910B4E6B49 ] C:\Windows\temp\inv6BEB_tmp\Broadcom_BT\USBUpdate.exe
20:09:34.0967 5692 C:\Windows\temp\inv6BEB_tmp\Broadcom_BT\USBUpdate.exe - ok
20:09:34.0983 5692 [ DC69EC422A068F5D47938D05A7B53478 ] C:\Windows\temp\inv6BEB_tmp\DCP_SecMgr_App\AppUpdate.exe
20:09:34.0983 5692 C:\Windows\temp\inv6BEB_tmp\DCP_SecMgr_App\AppUpdate.exe - ok
20:09:34.0983 5692 [ 4F6E72B34ED3DC53DCC5E8708E60B61F ] C:\Windows\System32\security.dll
20:09:34.0983 5692 C:\Windows\System32\security.dll - ok
20:09:34.0983 5692 [ 8543E38A755FA12C15203B62897F5713 ] C:\Windows\CCM\CIDownloader.dll
20:09:34.0983 5692 C:\Windows\CCM\CIDownloader.dll - ok
20:09:34.0983 5692 [ BEB3638CF837C1FC0063C5FAA5FB1519 ] C:\Windows\temp\inv6BEB_tmp\DCP_SecMgr_Drv\DrvUpdate.exe
20:09:34.0999 5692 C:\Windows\temp\inv6BEB_tmp\DCP_SecMgr_Drv\DrvUpdate.exe - ok
20:09:34.0999 5692 [ 97D1227BA2A7F57C33E956910B4E6B49 ] C:\Windows\temp\inv6BEB_tmp\WLAN_Drvr\UsbUpdate.exe
20:09:34.0999 5692 C:\Windows\temp\inv6BEB_tmp\WLAN_Drvr\UsbUpdate.exe - ok
20:09:34.0999 5692 [ BEB3638CF837C1FC0063C5FAA5FB1519 ] C:\Windows\temp\inv6BEB_tmp\WLAN_Frmw\DrvUpdate.exe
20:09:34.0999 5692 C:\Windows\temp\inv6BEB_tmp\WLAN_Frmw\DrvUpdate.exe - ok
20:09:35.0014 5692 [ C6A8AD317261B405A338D72BDE5EE544 ] C:\Windows\temp\inv6BEB_tmp\SCSI_ODD\SCSIUpdate.exe
20:09:35.0014 5692 C:\Windows\temp\inv6BEB_tmp\SCSI_ODD\SCSIUpdate.exe - ok
20:09:35.0014 5692 [ 67AC823923098B9EB67C85DB9C5B26DC ] C:\Windows\CCM\CIAgent.dll
20:09:35.0014 5692 C:\Windows\CCM\CIAgent.dll - ok
20:09:35.0014 5692 [ DC69EC422A068F5D47938D05A7B53478 ] C:\Windows\temp\inv6BEB_tmp\OMCI\AppUpdate.exe
20:09:35.0014 5692 C:\Windows\temp\inv6BEB_tmp\OMCI\AppUpdate.exe - ok
20:09:35.0030 5692 [ 43BE3B9CA431F88E049928DC45C4365C ] C:\Windows\System32\wbem\wmipcima.dll
20:09:35.0030 5692 C:\Windows\System32\wbem\wmipcima.dll - ok
20:09:35.0030 5692 [ BEB3638CF837C1FC0063C5FAA5FB1519 ] C:\Windows\temp\inv6BEB_tmp\DSS\DRVUpdate.exe
20:09:35.0030 5692 C:\Windows\temp\inv6BEB_tmp\DSS\DRVUpdate.exe - ok
20:09:35.0030 5692 [ 750F85274AD5B528508C9B8D7EC7D6FA ] C:\Windows\temp\inv6BEB_tmp\RealtekAudio\DRVUpdate.exe
20:09:35.0030 5692 C:\Windows\temp\inv6BEB_tmp\RealtekAudio\DRVUpdate.exe - ok
20:09:35.0045 5692 [ DC69EC422A068F5D47938D05A7B53478 ] C:\Windows\temp\inv6BEB_tmp\BlacktopReader\AppUpdate.exe
20:09:35.0045 5692 C:\Windows\temp\inv6BEB_tmp\BlacktopReader\AppUpdate.exe - ok
20:09:35.0045 5692 [ FDB6D099CE762349962BCF38BA06A07A ] C:\Windows\temp\inv6BEB_tmp\IMAGE\UsbUpdate.exe
20:09:35.0045 5692 C:\Windows\temp\inv6BEB_tmp\IMAGE\UsbUpdate.exe - ok
20:09:35.0061 5692 [ CBB39D6FE6E38A2671A4467772A9D794 ] C:\Windows\temp\inv6BEB_tmp\WDT\DrvUpdate.exe
20:09:35.0061 5692 C:\Windows\temp\inv6BEB_tmp\WDT\DrvUpdate.exe - ok
20:09:35.0061 5692 [ 97D1227BA2A7F57C33E956910B4E6B49 ] C:\Windows\temp\inv6BEB_tmp\DELL_MOBILE\USBUpdate.exe
20:09:35.0061 5692 C:\Windows\temp\inv6BEB_tmp\DELL_MOBILE\USBUpdate.exe - ok
20:09:35.0077 5692 [ DC69EC422A068F5D47938D05A7B53478 ] C:\Windows\temp\inv6BEB_tmp\DCSU\AppUpdate.exe
20:09:35.0077 5692 C:\Windows\temp\inv6BEB_tmp\DCSU\AppUpdate.exe - ok
20:09:35.0077 5692 [ 84153733C8600648112AD5EFC19CBA42 ] C:\Windows\temp\inv6BEB_tmp\TouchPad\UsbUpdate.exe
20:09:35.0077 5692 C:\Windows\temp\inv6BEB_tmp\TouchPad\UsbUpdate.exe - ok
20:09:35.0077 5692 [ CBB39D6FE6E38A2671A4467772A9D794 ] C:\Windows\temp\inv6BEB_tmp\Chipset\DrvUpdate.exe
20:09:35.0077 5692 C:\Windows\temp\inv6BEB_tmp\Chipset\DrvUpdate.exe - ok
20:09:35.0092 5692 [ CBB39D6FE6E38A2671A4467772A9D794 ] C:\Windows\temp\inv6BEB_tmp\DellFreeFall\DrvUpdate.exe
20:09:35.0092 5692 C:\Windows\temp\inv6BEB_tmp\DellFreeFall\DrvUpdate.exe - ok
20:09:35.0092 5692 [ CBB39D6FE6E38A2671A4467772A9D794 ] C:\Windows\temp\inv6BEB_tmp\DellFreeFall_X4\DrvUpdate.exe
20:09:35.0092 5692 C:\Windows\temp\inv6BEB_tmp\DellFreeFall_X4\DrvUpdate.exe - ok
20:09:35.0092 5692 [ DC69EC422A068F5D47938D05A7B53478 ] C:\Windows\temp\inv6BEB_tmp\DDPA_App\AppUpdate.exe
20:09:35.0092 5692 C:\Windows\temp\inv6BEB_tmp\DDPA_App\AppUpdate.exe - ok
20:09:35.0108 5692 [ DC69EC422A068F5D47938D05A7B53478 ] C:\Windows\temp\inv6BEB_tmp\DDPA_Mware\AppUpdate.exe
20:09:35.0108 5692 C:\Windows\temp\inv6BEB_tmp\DDPA_Mware\AppUpdate.exe - ok
20:09:35.0108 5692 [ CBB39D6FE6E38A2671A4467772A9D794 ] C:\Windows\temp\inv6BEB_tmp\IRST\DrvUpdate.exe
20:09:35.0108 5692 C:\Windows\temp\inv6BEB_tmp\IRST\DrvUpdate.exe - ok
20:09:35.0108 5692 [ 750F85274AD5B528508C9B8D7EC7D6FA ] C:\Windows\temp\inv6BEB_tmp\WiMax\DrvUpdate.exe
20:09:35.0108 5692 C:\Windows\temp\inv6BEB_tmp\WiMax\DrvUpdate.exe - ok
20:09:35.0123 5692 [ DC69EC422A068F5D47938D05A7B53478 ] C:\Windows\temp\inv6BEB_tmp\WWAN_5630_APP_X4\AppUpdate.exe
20:09:35.0123 5692 C:\Windows\temp\inv6BEB_tmp\WWAN_5630_APP_X4\AppUpdate.exe - ok
20:09:35.0123 5692 [ DC69EC422A068F5D47938D05A7B53478 ] C:\Windows\temp\inv6BEB_tmp\WWAN_5630_APP\AppUpdate.exe
20:09:35.0123 5692 C:\Windows\temp\inv6BEB_tmp\WWAN_5630_APP\AppUpdate.exe - ok
20:09:35.0123 5692 [ 750F85274AD5B528508C9B8D7EC7D6FA ] C:\Windows\temp\inv6BEB_tmp\WWAN_5630_DRVR\DrvUpdate.exe
20:09:35.0123 5692 C:\Windows\temp\inv6BEB_tmp\WWAN_5630_DRVR\DrvUpdate.exe - ok
20:09:35.0139 5692 [ 750F85274AD5B528508C9B8D7EC7D6FA ] C:\Windows\temp\inv6BEB_tmp\Intel_LOM\DrvUpdate.exe
20:09:35.0139 5692 C:\Windows\temp\inv6BEB_tmp\Intel_LOM\DrvUpdate.exe - ok
20:09:35.0139 5692 [ DC69EC422A068F5D47938D05A7B53478 ] C:\Windows\temp\inv6BEB_tmp\WWAN_5500_APP\AppUpdate.exe
20:09:35.0139 5692 C:\Windows\temp\inv6BEB_tmp\WWAN_5500_APP\AppUpdate.exe - ok
20:09:35.0155 5692 [ 750F85274AD5B528508C9B8D7EC7D6FA ] C:\Windows\temp\inv6BEB_tmp\WWAN_5500_DRVR\DrvUpdate.exe
20:09:35.0155 5692 C:\Windows\temp\inv6BEB_tmp\WWAN_5500_DRVR\DrvUpdate.exe - ok
20:09:35.0155 5692 [ DC69EC422A068F5D47938D05A7B53478 ] C:\Windows\temp\inv6BEB_tmp\ConnexantModem\AppUpdate.exe
20:09:35.0155 5692 C:\Windows\temp\inv6BEB_tmp\ConnexantModem\AppUpdate.exe - ok
20:09:35.0155 5692 [ DC69EC422A068F5D47938D05A7B53478 ] C:\Windows\temp\inv6BEB_tmp\ConnexantModem_D400\AppUpdate.exe
20:09:35.0155 5692 C:\Windows\temp\inv6BEB_tmp\ConnexantModem_D400\AppUpdate.exe - ok
20:09:35.0155 5692 [ 750F85274AD5B528508C9B8D7EC7D6FA ] C:\Windows\temp\inv6BEB_tmp\Intel_MEI\DrvUpdate.exe
20:09:35.0155 5692 C:\Windows\temp\inv6BEB_tmp\Intel_MEI\DrvUpdate.exe - ok
20:09:35.0170 5692 [ DC69EC422A068F5D47938D05A7B53478 ] C:\Windows\temp\inv6BEB_tmp\IPT\AppUpdate.exe
20:09:35.0170 5692 C:\Windows\temp\inv6BEB_tmp\IPT\AppUpdate.exe - ok
20:09:35.0170 5692 [ 750F85274AD5B528508C9B8D7EC7D6FA ] C:\Windows\temp\inv6BEB_tmp\NTrig_MultiTouch\DrvUpdate.exe
20:09:35.0170 5692 C:\Windows\temp\inv6BEB_tmp\NTrig_MultiTouch\DrvUpdate.exe - ok
20:09:35.0170 5692 [ 750F85274AD5B528508C9B8D7EC7D6FA ] C:\Windows\temp\inv6BEB_tmp\O2Micro_CardReader\DrvUpdate.exe
20:09:35.0170 5692 C:\Windows\temp\inv6BEB_tmp\O2Micro_CardReader\DrvUpdate.exe - ok
20:09:35.0186 5692 [ DC69EC422A068F5D47938D05A7B53478 ] C:\Windows\temp\inv6BEB_tmp\WWAN_5802_App\AppUpdate.exe
20:09:35.0186 5692 C:\Windows\temp\inv6BEB_tmp\WWAN_5802_App\AppUpdate.exe - ok
20:09:35.0186 5692 [ 750F85274AD5B528508C9B8D7EC7D6FA ] C:\Windows\temp\inv6BEB_tmp\WWAN_5802_Drvr\DrvUpdate.exe
20:09:35.0186 5692 C:\Windows\temp\inv6BEB_tmp\WWAN_5802_Drvr\DrvUpdate.exe - ok
20:09:35.0186 5692 [ DC69EC422A068F5D47938D05A7B53478 ] C:\Windows\temp\inv6BEB_tmp\WWAN_5804_App\AppUpdate.exe
20:09:35.0186 5692 C:\Windows\temp\inv6BEB_tmp\WWAN_5804_App\AppUpdate.exe - ok
20:09:35.0201 5692 [ DC69EC422A068F5D47938D05A7B53478 ] C:\Windows\temp\inv6BEB_tmp\DFEP\AppUpdate.exe
20:09:35.0201 5692 C:\Windows\temp\inv6BEB_tmp\DFEP\AppUpdate.exe - ok
20:09:35.0201 5692 [ 750F85274AD5B528508C9B8D7EC7D6FA ] C:\Windows\temp\inv6BEB_tmp\WWAN_5804_Drvr\DrvUpdate.exe
20:09:35.0201 5692 C:\Windows\temp\inv6BEB_tmp\WWAN_5804_Drvr\DrvUpdate.exe - ok
20:09:35.0201 5692 [ DC69EC422A068F5D47938D05A7B53478 ] C:\Windows\temp\inv6BEB_tmp\CCTK\AppUpdate.exe
20:09:35.0201 5692 C:\Windows\temp\inv6BEB_tmp\CCTK\AppUpdate.exe - ok
20:09:35.0217 5692 [ DC69EC422A068F5D47938D05A7B53478 ] C:\Windows\temp\inv6BEB_tmp\RapidStart\AppUpdate.exe
20:09:35.0217 5692 C:\Windows\temp\inv6BEB_tmp\RapidStart\AppUpdate.exe - ok
20:09:35.0217 5692 [ DC69EC422A068F5D47938D05A7B53478 ] C:\Windows\temp\inv6BEB_tmp\SmartConnect\AppUpdate.exe
20:09:35.0217 5692 C:\Windows\temp\inv6BEB_tmp\SmartConnect\AppUpdate.exe - ok
20:09:35.0217 5692 [ DC69EC422A068F5D47938D05A7B53478 ] C:\Windows\temp\inv6BEB_tmp\SmallBusinessAdv\AppUpdate.exe
20:09:35.0217 5692 C:\Windows\temp\inv6BEB_tmp\SmallBusinessAdv\AppUpdate.exe - ok
20:09:35.0233 5692 [ DC69EC422A068F5D47938D05A7B53478 ] C:\Windows\temp\inv6BEB_tmp\Intel_ME8\AppUpdate.exe
20:09:35.0233 5692 C:\Windows\temp\inv6BEB_tmp\Intel_ME8\AppUpdate.exe - ok
20:09:35.0233 5692 [ E6D8AED09641762C7FB22E141A7AE6B1 ] C:\Windows\CCM\dcmagent.dll
20:09:35.0233 5692 C:\Windows\CCM\dcmagent.dll - ok
20:09:35.0233 5692 [ F7D38C708C1804862C585CC514C695C1 ] C:\Program Files\Microsoft Policy Platform\policyHost.exe
20:09:35.0233 5692 C:\Program Files\Microsoft Policy Platform\policyHost.exe - ok
20:09:35.0233 5692 [ 1197BE6E776D50E267215D050009A818 ] C:\Program Files\Microsoft Policy Platform\lpa.dll
20:09:35.0233 5692 C:\Program Files\Microsoft Policy Platform\lpa.dll - ok
20:09:35.0248 5692 [ C3BA67167ABFAC31C39BC959B250CED8 ] C:\Program Files\Microsoft Policy Platform\sqlceoledb35.dll
20:09:35.0248 5692 C:\Program Files\Microsoft Policy Platform\sqlceoledb35.dll - ok
20:09:35.0248 5692 [ 88E69D845B1513634AF2FD0E725F9A29 ] C:\Program Files\Microsoft Policy Platform\sqlceer35EN.dll
20:09:35.0248 5692 C:\Program Files\Microsoft Policy Platform\sqlceer35EN.dll - ok
20:09:35.0248 5692 [ 958582542E5827C3B1B191F1C6C123F4 ] C:\Program Files\Microsoft Policy Platform\sqlcese35.dll
20:09:35.0248 5692 C:\Program Files\Microsoft Policy Platform\sqlcese35.dll - ok
20:09:35.0264 5692 [ 36CCD0CFE3FC326260BAA7425BDE5C9A ] C:\Program Files\Microsoft Policy Platform\sqlceqp35.dll
20:09:35.0264 5692 C:\Program Files\Microsoft Policy Platform\sqlceqp35.dll - ok
20:09:35.0264 5692 [ 69DB285A34A63D6CFF8A94FB6E70FC54 ] C:\Windows\CCM\ccmsdkprovider.dll
20:09:35.0264 5692 C:\Windows\CCM\ccmsdkprovider.dll - ok
20:09:35.0264 5692 [ 145EF5C6723114BC8DFB0687F54C4CFF ] C:\Windows\CCM\PwrAgentEndpoint.dll
20:09:35.0264 5692 C:\Windows\CCM\PwrAgentEndpoint.dll - ok
20:09:35.0279 5692 [ DA155A868B9FC22A03FC738B4F207E98 ] C:\Windows\CCM\PwrEventTask.dll
20:09:35.0279 5692 C:\Windows\CCM\PwrEventTask.dll - ok
20:09:35.0279 5692 [ 81600E2E27ED61427AAD865B9BCDDB9D ] C:\Windows\System32\msidle.dll
20:09:35.0279 5692 C:\Windows\System32\msidle.dll - ok
20:09:35.0279 5692 [ 01FE4BDD0B47A7D8BF34D78D2BC23DDB ] C:\Windows\System32\slwga.dll
20:09:35.0279 5692 C:\Windows\System32\slwga.dll - ok
20:09:35.0295 5692 [ 72BEB251B4655C640B2A3674027E5A74 ] C:\Windows\System32\sppc.dll
20:09:35.0295 5692 C:\Windows\System32\sppc.dll - ok
20:09:35.0295 5692 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:09:35.0295 5692 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
20:09:35.0295 5692 [ CD611CBFCD2950143727ED3643A27375 ] C:\Windows\CCM\RemCtrl\CmRcService.exe
20:09:35.0295 5692 C:\Windows\CCM\RemCtrl\CmRcService.exe - ok
20:09:35.0311 5692 [ 8D212E7B7DCF6A7C620C9EBAFBB6FC92 ] C:\Windows\CCM\RemCtrl\RdpCoreSccm.dll
20:09:35.0311 5692 C:\Windows\CCM\RemCtrl\RdpCoreSccm.dll - ok
20:09:35.0311 5692 [ 151258FC2EC8C48BDF8A53350AE0A676 ] C:\Windows\System32\FntCache.dll
20:09:35.0311 5692 C:\Windows\System32\FntCache.dll - ok
20:09:35.0326 5692 [ 7FE96F480A4A9DB9958DD140A1023DC9 ] C:\Windows\CCM\RemCtrl\SccmRdpsystem.exe
20:09:35.0326 5692 C:\Windows\CCM\RemCtrl\SccmRdpsystem.exe - ok
20:09:35.0326 5692 [ 4C287F9069FEDBD791178876EE9DE536 ] C:\Windows\System32\sppsvc.exe
20:09:35.0326 5692 C:\Windows\System32\sppsvc.exe - ok
20:09:35.0326 5692 [ D16D818E9930A6E5B4F6476DD0998D1A ] C:\Windows\System32\drivers\spsys.sys
20:09:35.0326 5692 C:\Windows\System32\drivers\spsys.sys - ok
20:09:35.0342 5692 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] C:\Windows\System32\wscsvc.dll
20:09:35.0342 5692 C:\Windows\System32\wscsvc.dll - ok
20:09:35.0342 5692 [ 622D95520182F6D3D05310D5810CA8B3 ] C:\Windows\System32\SearchIndexer.exe
20:09:35.0342 5692 C:\Windows\System32\SearchIndexer.exe - ok
20:09:35.0342 5692 [ 1B0EC94520CAB89A9CE1B2DA405166AF ] C:\Windows\System32\p2pcollab.dll
20:09:35.0342 5692 C:\Windows\System32\p2pcollab.dll - ok
20:09:35.0357 5692 [ 9FD6496B6D91C8BE2A10BD55EAE2D5F2 ] C:\Windows\System32\fveui.dll
20:09:35.0357 5692 C:\Windows\System32\fveui.dll - ok
20:09:35.0357 5692 [ 0CE7A0FFBBA93810384B6794C6901F4C ] C:\Windows\System32\mssrch.dll
20:09:35.0357 5692 C:\Windows\System32\mssrch.dll - ok
20:09:35.0357 5692 [ 57D56901BA1B27EE1EEE94497F3DB41D ] C:\Windows\System32\sppwinob.dll
20:09:35.0357 5692 C:\Windows\System32\sppwinob.dll - ok
20:09:35.0357 5692 [ 58E1354D5CF82E33AF9A1CD1E31C9ED7 ] C:\Windows\System32\sppobjs.dll
20:09:35.0373 5692 C:\Windows\System32\sppobjs.dll - ok
20:09:35.0373 5692 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] C:\Windows\System32\drivers\asyncmac.sys
20:09:35.0373 5692 C:\Windows\System32\drivers\asyncmac.sys - ok
20:09:35.0373 5692 [ B63E24E9271E99FD4540E3CA22A937DA ] C:\Windows\System32\en-US\tquery.dll.mui
20:09:35.0373 5692 C:\Windows\System32\en-US\tquery.dll.mui - ok
20:09:35.0389 5692 [ 89ED7C028A487340B7D93D5A38FDCB54 ] C:\Windows\System32\SearchProtocolHost.exe
20:09:35.0389 5692 C:\Windows\System32\SearchProtocolHost.exe - ok
20:09:35.0389 5692 [ A5D237B8673025B052C0E6FDB6A883E8 ] C:\Windows\System32\msshooks.dll
20:09:35.0389 5692 C:\Windows\System32\msshooks.dll - ok
20:09:35.0389 5692 [ 8A674F9AB20B4937357BF6F5A0938EBF ] C:\Windows\System32\SearchFilterHost.exe
20:09:35.0389 5692 C:\Windows\System32\SearchFilterHost.exe - ok
20:09:35.0404 5692 [ 1CBF15FDB0310345A68972EB5C5B948F ] C:\Windows\System32\mssprxy.dll
20:09:35.0404 5692 C:\Windows\System32\mssprxy.dll - ok
20:09:35.0404 5692 [ 9CEBF9E27A495BEEDA7E1413EE342E96 ] C:\Windows\System32\ieframe.dll
20:09:35.0404 5692 C:\Windows\System32\ieframe.dll - ok
20:09:35.0404 5692 [ 8EE6BDE1D572677AA35707C52C585F75 ] C:\Windows\System32\mlang.dll
20:09:35.0404 5692 C:\Windows\System32\mlang.dll - ok
20:09:35.0420 5692 [ 52799EAD792B0E9AE7FD4BA5BD18FE5C ] C:\Windows\System32\wbem\WMIADAP.exe
20:09:35.0420 5692 C:\Windows\System32\wbem\WMIADAP.exe - ok
20:09:35.0420 5692 [ 7FFD52D73352806969D424EF327D10A7 ] C:\Windows\System32\radardt.dll
20:09:35.0420 5692 C:\Windows\System32\radardt.dll - ok
20:09:35.0420 5692 [ 8063046AA70B97CA9985672B8848FB2E ] C:\Windows\System32\wlanhlp.dll
20:09:35.0420 5692 C:\Windows\System32\wlanhlp.dll - ok
20:09:35.0435 5692 [ B010CF886420EE29C2C276646721D255 ] C:\Windows\System32\wlanapi.dll
20:09:35.0435 5692 C:\Windows\System32\wlanapi.dll - ok
20:09:35.0435 5692 [ D6415224AD96840153E283A0268DE384 ] C:\Windows\System32\shacct.dll
20:09:35.0435 5692 C:\Windows\System32\shacct.dll - ok
20:09:35.0435 5692 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\System32\imageres.dll
20:09:35.0435 5692 C:\Windows\System32\imageres.dll - ok
20:09:35.0451 5692 [ F35314802B20CE37AF5F700A252812DD ] C:\Windows\System32\mpnotify.exe
20:09:35.0451 5692 C:\Windows\System32\mpnotify.exe - ok
20:09:35.0451 5692 [ A63DC5C2EA944E6657203E0C8EDEAF61 ] C:\Windows\System32\dllhost.exe
20:09:35.0451 5692 C:\Windows\System32\dllhost.exe - ok
20:09:35.0467 5692 [ 0B31464B7B2D616BD5F7036673588EC1 ] C:\Windows\System32\IDStore.dll
20:09:35.0467 5692 C:\Windows\System32\IDStore.dll - ok
20:09:35.0467 5692 [ D6692338B985D4A0CA52B828314D897D ] C:\Windows\System32\drprov.dll
20:09:35.0467 5692 C:\Windows\System32\drprov.dll - ok
20:09:35.0467 5692 [ 44F7AC99B73AF64884A67F17D9E0A773 ] C:\Windows\System32\davclnt.dll
20:09:35.0467 5692 C:\Windows\System32\davclnt.dll - ok
20:09:35.0482 5692 [ 32AAEABFF6299834E5D38C3A442CCF36 ] C:\Windows\System32\mssph.dll
20:09:35.0482 5692 C:\Windows\System32\mssph.dll - ok
20:09:35.0482 5692 [ 06018B349666595970E15397E78A0D77 ] C:\Windows\System32\ntlanman.dll
20:09:35.0482 5692 C:\Windows\System32\ntlanman.dll - ok
20:09:35.0482 5692 [ 179BECE8D1A4C488DDB7191FF9BE3FB0 ] C:\Windows\System32\davhlpr.dll
20:09:35.0482 5692 C:\Windows\System32\davhlpr.dll - ok
20:09:35.0482 5692 [ 000B3A704234C202D4D788A171B02243 ] C:\Windows\System32\mapi32.dll
20:09:35.0482 5692 C:\Windows\System32\mapi32.dll - ok
20:09:35.0498 5692 [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\System32\NapiNSP.dll
20:09:35.0498 5692 C:\Windows\System32\NapiNSP.dll - ok
20:09:35.0498 5692 [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\System32\pnrpnsp.dll
20:09:35.0498 5692 C:\Windows\System32\pnrpnsp.dll - ok
20:09:35.0498 5692 [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\System32\winrnr.dll
20:09:35.0498 5692 C:\Windows\System32\winrnr.dll - ok
20:09:35.0513 5692 [ 8F4F5A5C1BAE72CE6EAEEA1CA3F98CA2 ] C:\Windows\System32\taskhost.exe
20:09:35.0513 5692 C:\Windows\System32\taskhost.exe - ok
20:09:35.0513 5692 [ F7CD6BC217C7277B987103002DD99032 ] C:\Windows\System32\HotStartUserAgent.dll
20:09:35.0513 5692 C:\Windows\System32\HotStartUserAgent.dll - ok
20:09:35.0529 5692 [ 36333D345062E42E849C0AF00CBEFC97 ] C:\Windows\System32\ntshrui.dll
20:09:35.0529 5692 C:\Windows\System32\ntshrui.dll - ok
20:09:35.0529 5692 [ 3CA2BB895E204478C7A4C9BAF70970CE ] C:\Windows\System32\AtBroker.exe
20:09:35.0529 5692 C:\Windows\System32\AtBroker.exe - ok
20:09:35.0529 5692 [ D39DA70FEA6BD713682F70635587DA9E ] C:\Windows\System32\rasdlg.dll
20:09:35.0529 5692 C:\Windows\System32\rasdlg.dll - ok
20:09:35.0529 5692 [ F58516E2DC0D963EF70D6BFC21FD82C4 ] C:\Windows\System32\PlaySndSrv.dll
20:09:35.0529 5692 C:\Windows\System32\PlaySndSrv.dll - ok
20:09:35.0545 5692 [ 6DE80F60D7DE9CE6B8C2DDFDF79EF175 ] C:\Windows\System32\userinit.exe
20:09:35.0545 5692 C:\Windows\System32\userinit.exe - ok
20:09:35.0545 5692 [ 17C237AC01D7C8AB91A0E6AF767A5831 ] C:\Windows\System32\NaturalLanguage6.dll
20:09:35.0545 5692 C:\Windows\System32\NaturalLanguage6.dll - ok
20:09:35.0545 5692 [ 505BF4D1CADEB8D4F8BCD08D944DE25D ] C:\Windows\System32\dwm.exe
20:09:35.0545 5692 C:\Windows\System32\dwm.exe - ok
20:09:35.0560 5692 [ B73793F6A0EE0F61D6FA578B2EBF197A ] C:\Windows\System32\dwmredir.dll
20:09:35.0560 5692 C:\Windows\System32\dwmredir.dll - ok
20:09:35.0560 5692 [ 2992932C1AB1D29A1A4A9E8CB8530CBF ] C:\Windows\System32\NlsData0009.dll
20:09:35.0560 5692 C:\Windows\System32\NlsData0009.dll - ok
20:09:35.0560 5692 [ 60CC965A89E2072EBD26D63D5E1E1D18 ] C:\Windows\System32\dwmcore.dll
20:09:35.0560 5692 C:\Windows\System32\dwmcore.dll - ok
20:09:35.0560 5692 [ C8CB301BF896C7C556BBE963FADF5BB6 ] C:\Windows\System32\NlsLexicons0009.dll
20:09:35.0560 5692 C:\Windows\System32\NlsLexicons0009.dll - ok
20:09:35.0576 5692 [ B43687C534A49700BF4B3C9898763752 ] C:\Windows\System32\MsCtfMonitor.dll
20:09:35.0576 5692 C:\Windows\System32\MsCtfMonitor.dll - ok
20:09:35.0576 5692 [ 415132079EAF93D6E90D9CA1B641F068 ] C:\Windows\System32\msutb.dll
20:09:35.0576 5692 C:\Windows\System32\msutb.dll - ok
20:09:35.0591 5692 [ 8444A7364D6877922049E99BF4B78C5C ] C:\Windows\System32\ELSCore.dll
20:09:35.0591 5692 C:\Windows\System32\ELSCore.dll - ok
20:09:35.0591 5692 [ AD8F6914F7A9AC28047389BE7AF56EBF ] C:\Windows\System32\d3d10_1.dll
20:09:35.0591 5692 C:\Windows\System32\d3d10_1.dll - ok
20:09:35.0591 5692 [ 0CE23D8ED70AE07025911451557B2766 ] C:\Windows\System32\elsTrans.dll
20:09:35.0591 5692 C:\Windows\System32\elsTrans.dll - ok
20:09:35.0607 5692 [ 9103E020906FC7A166F380EF2D2516B2 ] C:\Windows\System32\d3d10_1core.dll
20:09:35.0607 5692 C:\Windows\System32\d3d10_1core.dll - ok
20:09:35.0607 5692 [ DD76301614636306414EFA94A9AC5A03 ] C:\Windows\System32\dxgi.dll
20:09:35.0607 5692 C:\Windows\System32\dxgi.dll - ok
20:09:35.0607 5692 [ 02A2ED8497F437EA200DF3ACED255AFE ] C:\Windows\System32\elslad.dll
20:09:35.0607 5692 C:\Windows\System32\elslad.dll - ok
20:09:35.0623 5692 [ 15BC38A7492BEFE831966ADB477CF76F ] C:\Windows\explorer.exe
20:09:35.0623 5692 C:\Windows\explorer.exe - ok
20:09:35.0623 5692 [ BBCADD65C8E4622E03ABBC08341AEE36 ] C:\Windows\System32\nvwgf2um.dll
20:09:35.0623 5692 C:\Windows\System32\nvwgf2um.dll - ok
20:09:35.0623 5692 [ 8898C95862D03D16B2A06DB4DB6BB6B2 ] C:\Windows\System32\ExplorerFrame.dll
20:09:35.0623 5692 C:\Windows\System32\ExplorerFrame.dll - ok
20:09:35.0623 5692 [ 28CAAA8B3DAC4604B6871F311C6B9F49 ] C:\Windows\System32\NlsData0000.dll
20:09:35.0623 5692 C:\Windows\System32\NlsData0000.dll - ok
20:09:35.0638 5692 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\System32\EhStorShell.dll
20:09:35.0638 5692 C:\Windows\System32\EhStorShell.dll - ok
20:09:35.0638 5692 [ FB8C6A46EAF7585D2CA8583C4C9A8EDF ] C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
20:09:35.0638 5692 C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL - ok
20:09:35.0638 5692 [ 420DB712B24607220C11FC08A9F9371C ] C:\Windows\System32\NlsData0416.dll
20:09:35.0638 5692 C:\Windows\System32\NlsData0416.dll - ok
20:09:35.0654 5692 [ 2100560AF3F7F2948F2676E44DFB4ECF ] C:\Windows\System32\uDWM.dll
20:09:35.0654 5692 C:\Windows\System32\uDWM.dll - ok
20:09:35.0654 5692 [ 859F28C52BDF512B6F14DB7F41D4B2BE ] C:\Windows\System32\NlsLexicons0416.dll
20:09:35.0654 5692 C:\Windows\System32\NlsLexicons0416.dll - ok
20:09:35.0654 5692 [ 74624AEE2D3814E91F60619827DAD662 ] C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
20:09:35.0654 5692 C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF - ok
20:09:35.0654 5692 [ B95010FC1F13B1E2DE77BA7FB39C5DC6 ] C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
20:09:35.0654 5692 C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll - ok
20:09:35.0669 5692 [ 46663013E49875B6C5BA32BC206A6519 ] C:\Windows\System32\cscui.dll
20:09:35.0669 5692 C:\Windows\System32\cscui.dll - ok
20:09:35.0669 5692 [ 49358A80DED5A4F564A203C0E0CAB253 ] C:\Windows\System32\cscdll.dll
20:09:35.0669 5692 C:\Windows\System32\cscdll.dll - ok
20:09:35.0669 5692 [ 523CF74A52C9A1762DA8B83AEE734498 ] C:\Windows\System32\IconCodecService.dll
20:09:35.0669 5692 C:\Windows\System32\IconCodecService.dll - ok
20:09:35.0685 5692 [ AE571A4036D5770B64E10EA49CB930FE ] C:\Windows\System32\ie4uinit.exe
20:09:35.0685 5692 C:\Windows\System32\ie4uinit.exe - ok
20:09:35.0685 5692 [ A4155E8A6B30607FB2609B27493BC0AD ] C:\Windows\System32\timedate.cpl
20:09:35.0685 5692 C:\Windows\System32\timedate.cpl - ok
20:09:35.0685 5692 [ B6C4063297C7D07CD0532BDC3350436C ] C:\Windows\System32\actxprxy.dll
20:09:35.0685 5692 C:\Windows\System32\actxprxy.dll - ok
20:09:35.0701 5692 [ E07B77C3BDC82A024E294FB67ABFEDA0 ] C:\Windows\System32\shdocvw.dll
20:09:35.0701 5692 C:\Windows\System32\shdocvw.dll - ok
20:09:35.0701 5692 [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\System32\linkinfo.dll
20:09:35.0701 5692 C:\Windows\System32\linkinfo.dll - ok
20:09:35.0701 5692 [ FBE9BC55CF7ED9CC1452F7AF02C31864 ] C:\Windows\System32\msftedit.dll
20:09:35.0701 5692 C:\Windows\System32\msftedit.dll - ok
20:09:35.0716 5692 [ C01A5E602E827FD00240370C1B617608 ] C:\Windows\System32\gameux.dll
20:09:35.0716 5692 C:\Windows\System32\gameux.dll - ok
20:09:35.0716 5692 [ 26025A46FB3FDB40FF06BBF1834093B5 ] C:\Windows\System32\msls31.dll
20:09:35.0716 5692 C:\Windows\System32\msls31.dll - ok
20:09:35.0732 5692 [ 7896EFFDEE215C172BE724A64931EF1C ] C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
20:09:35.0732 5692 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll - ok
20:09:35.0732 5692 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] C:\Windows\System32\aelupsvc.dll
20:09:35.0732 5692 C:\Windows\System32\aelupsvc.dll - ok
20:09:35.0747 5692 [ 3E19163966261CCDBA4C8C030E601998 ] C:\Windows\System32\DeviceCenter.dll
20:09:35.0747 5692 C:\Windows\System32\DeviceCenter.dll - ok
20:09:35.0747 5692 [ 901AA7A38CE13F14B6BBEC38C0595698 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
20:09:35.0747 5692 C:\Program Files\Microsoft Office\Office14\BCSSync.exe - ok
20:09:35.0747 5692 [ DBE2AA52B5D67DA319D33A175B8BB41E ] C:\Windows\System32\thumbcache.dll
20:09:35.0747 5692 C:\Windows\System32\thumbcache.dll - ok
20:09:35.0763 5692 [ 4A056D7392F31EDA3AE1975E7010D7E3 ] C:\Windows\System32\networkexplorer.dll
20:09:35.0763 5692 C:\Windows\System32\networkexplorer.dll - ok
20:09:35.0763 5692 [ E5AF97988E4E99A3B91F0C693D16965C ] C:\Program Files\Microsoft Office Communicator\communicator.exe
20:09:35.0763 5692 C:\Program Files\Microsoft Office Communicator\communicator.exe - ok
20:09:35.0763 5692 [ 6AD3D41DD0DF5FACF8EDB2FC9E59D16A ] C:\Program Files\Microsoft Office Communicator\UccApi.dll
20:09:35.0763 5692 C:\Program Files\Microsoft Office Communicator\UccApi.dll - ok
20:09:35.0779 5692 [ 28396AADB14E197850A150317B7035EC ] C:\Program Files\Microsoft Application Virtualization Client\sfttray.exe
20:09:35.0779 5692 C:\Program Files\Microsoft Application Virtualization Client\sfttray.exe - ok
20:09:35.0779 5692 [ 9EA1C5DF13755B289E8DC842EDCCFD0B ] C:\Program Files\Microsoft Office Communicator\Uc.dll
20:09:35.0779 5692 C:\Program Files\Microsoft Office Communicator\Uc.dll - ok
20:09:35.0779 5692 [ 12BCE31A40E951C81868729BF0927B7E ] C:\Program Files\McAfee\Common Framework\UdaterUI.exe
20:09:35.0779 5692 C:\Program Files\McAfee\Common Framework\UdaterUI.exe - ok
20:09:35.0794 5692 [ 0229A509A43D6FD9768B33693C729C3A ] C:\Program Files\Microsoft Application Virtualization Client\sftintf.dll
20:09:35.0794 5692 C:\Program Files\Microsoft Application Virtualization Client\sftintf.dll - ok
20:09:35.0794 5692 [ BF3534BEE7F7CE4FC7FC063C63C6D817 ] C:\Program Files\McAfee\VirusScan Enterprise\ftcfg.dll
20:09:35.0794 5692 C:\Program Files\McAfee\VirusScan Enterprise\ftcfg.dll - ok
20:09:35.0794 5692 [ 0FBF6217F40570D66533ED037B34E01B ] C:\Program Files\DellTPad\Apoint.exe
20:09:35.0794 5692 C:\Program Files\DellTPad\Apoint.exe - ok
20:09:35.0810 5692 [ E7FDBC4A2C54AF3002D9AA13396F0856 ] C:\Program Files\McAfee\VirusScan Enterprise\graphics.dll
20:09:35.0810 5692 C:\Program Files\McAfee\VirusScan Enterprise\graphics.dll - ok
20:09:35.0810 5692 [ 08309C3913CA4FCF9C44CF91FBB30014 ] C:\Program Files\IDT\WDM\sttray.exe
20:09:35.0810 5692 C:\Program Files\IDT\WDM\sttray.exe - ok
20:09:35.0810 5692 [ 51138BEEA3E2C21EC44D0932C71762A8 ] C:\Windows\System32\rundll32.exe
20:09:35.0810 5692 C:\Windows\System32\rundll32.exe - ok
20:09:35.0825 5692 [ 61B33014F2D2A4F9553F6EF64FB82E31 ] C:\Windows\System32\NlsData000c.dll
20:09:35.0825 5692 C:\Windows\System32\NlsData000c.dll - ok
20:09:35.0825 5692 [ 729C79BFD1AC0128F06F3AE646A842CD ] C:\Program Files\IDT\WDM\stlang.dll
20:09:35.0825 5692 C:\Program Files\IDT\WDM\stlang.dll - ok
20:09:35.0825 5692 [ 481EF154B9D0139AEE9A2D6A7B2E09AC ] C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe
20:09:35.0825 5692 C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe - ok
20:09:35.0825 5692 [ 88FBE86112DB7E4FEB77A4A15C95EBEF ] C:\Windows\System32\mfc42u.dll
20:09:35.0825 5692 C:\Windows\System32\mfc42u.dll - ok
20:09:35.0841 5692 [ 5764C381949147EBCFB9A7134E2ABF06 ] C:\Windows\System32\odbc32.dll
20:09:35.0841 5692 C:\Windows\System32\odbc32.dll - ok
20:09:35.0841 5692 [ C6AD94D2511FAB52E31E9EF8B9F766AC ] C:\Program Files\McAfee\Endpoint Encryption for PC\SbTokWatch.exe
20:09:35.0841 5692 C:\Program Files\McAfee\Endpoint Encryption for PC\SbTokWatch.exe - ok
20:09:35.0841 5692 [ AC7D0114246661B1E29A0939039157C5 ] C:\Windows\System32\NlsLexicons000c.dll
20:09:35.0841 5692 C:\Windows\System32\NlsLexicons000c.dll - ok
20:09:35.0857 5692 [ FAB2A69F43F4B1C1650EA62C882BCE34 ] C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientSupportInfoPlugin.dll
20:09:35.0857 5692 C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientSupportInfoPlugin.dll - ok
20:09:35.0857 5692 [ ABA457BFC7EC0B5E130B2F1E0F549DFF ] C:\Windows\System32\odbcint.dll
20:09:35.0857 5692 C:\Windows\System32\odbcint.dll - ok
20:09:35.0872 5692 [ 95D6E969CD13B281C767C37621BF76A4 ] C:\Program Files\McAfee\Endpoint Encryption for PC\SBTokens\SbTokenPwd.dll
20:09:35.0872 5692 C:\Program Files\McAfee\Endpoint Encryption for PC\SBTokens\SbTokenPwd.dll - ok
20:09:35.0872 5692 [ EA6EADF6314E43783BA8EEE79F93F73C ] C:\Program Files\Windows Sidebar\sidebar.exe
20:09:35.0872 5692 C:\Program Files\Windows Sidebar\sidebar.exe - ok
20:09:35.0872 5692 [ B63E5C7807334A3A8F731062F15462CC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
20:09:35.0872 5692 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
20:09:35.0872 5692 [ D9C79F74043E0198622DE36F89267C43 ] C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientStatus.dll
20:09:35.0872 5692 C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientStatus.dll - ok
20:09:35.0888 5692 [ 9143792A4DD5FC1B9C77494F70D5BF5D ] C:\Program Files\McAfee\Endpoint Encryption for PC\SBTokens\SbTokenRsa5100.dll
20:09:35.0888 5692 C:\Program Files\McAfee\Endpoint Encryption for PC\SBTokens\SbTokenRsa5100.dll - ok
20:09:35.0903 5692 [ 5D918FCC723EE8821B2A8767CF4A66B8 ] C:\Program Files\McAfee\Endpoint Encryption for PC\SBTokens\SbTokenRSAPKI.dll
20:09:35.0903 5692 C:\Program Files\McAfee\Endpoint Encryption for PC\SBTokens\SbTokenRSAPKI.dll - ok
20:09:35.0919 5692 [ DBBD85C03371217755126C7394202370 ] C:\Program Files\DellTPad\Apoint.dll
20:09:35.0919 5692 C:\Program Files\DellTPad\Apoint.dll - ok
20:09:35.0919 5692 [ 793AAB9031635CF7FBB07BB7C9EC8014 ] C:\Program Files\Microsoft Office Communicator\MUI\0409\LCLang.dll
20:09:35.0919 5692 C:\Program Files\Microsoft Office Communicator\MUI\0409\LCLang.dll - ok
20:09:35.0935 5692 [ A62D8013E70A8D9D80205A9E425B674E ] C:\Windows\System32\Vxdif.dll
20:09:35.0935 5692 C:\Windows\System32\Vxdif.dll - ok
20:09:35.0935 5692 [ E3CD0A561F3AABE8607BF1474F4AE1DD ] C:\Program Files\Steam\Steam.exe
20:09:35.0935 5692 C:\Program Files\Steam\Steam.exe - ok
20:09:35.0950 5692 [ FBB79258256C1906B941EF2A78CB3661 ] C:\Program Files\Microsoft Office Communicator\MUI\0409\OCAPIRES.dll
20:09:35.0950 5692 C:\Program Files\Microsoft Office Communicator\MUI\0409\OCAPIRES.dll - ok
20:09:35.0950 5692 [ 2875B386B45B8A77E2343C5E129AE50C ] C:\Windows\System32\WindowsPowerShell\v1.0\pwrshsip.dll
20:09:35.0950 5692 C:\Windows\System32\WindowsPowerShell\v1.0\pwrshsip.dll - ok
20:09:35.0950 5692 [ 559D9CBFC29DEE2773B28D38851683BA ] C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll
20:09:35.0950 5692 C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll - ok
20:09:35.0950 5692 [ C1648084C395152FBFA1B333D92056BC ] C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
20:09:35.0950 5692 C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe - ok
20:09:35.0966 5692 [ 7AFF1C22E8BC6D8181053FC3590FD0F2 ] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
20:09:35.0966 5692 C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE - ok
20:09:35.0966 5692 [ FBF96ACC703209FE0DAFA39C151DC415 ] C:\Program Files\DellTPad\EzAuto.dll
20:09:35.0966 5692 C:\Program Files\DellTPad\EzAuto.dll - ok
20:09:35.0981 5692 [ 0F5BF7712C6A144C8A57F49502CE749D ] C:\Program Files\Jabra\Jabra PC Suite\JabraDeviceService.exe
20:09:35.0981 5692 C:\Program Files\Jabra\Jabra PC Suite\JabraDeviceService.exe - ok
20:09:35.0981 5692 [ 06A8334D76DCF0DFFA738A512BDCD5F7 ] C:\Program Files\Internet Explorer\iexplore.exe
20:09:35.0981 5692 C:\Program Files\Internet Explorer\iexplore.exe - ok
20:09:35.0997 5692 [ 0786EA7E8DBDD3D8D6861E7D2C87E5E3 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
20:09:35.0997 5692 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
20:09:35.0997 5692 [ 3C6FA2F4D58611579B21798E0568F548 ] C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
20:09:35.0997 5692 C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe - ok
20:09:35.0997 5692 [ 671FAB4C418CE550CA1D37C92A423034 ] C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
20:09:35.0997 5692 C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe - ok
20:09:36.0013 5692 [ 4664ABADE37F75551CAB943EA6077946 ] C:\Program Files\Microsoft Office\Office14\1033\ospintl.dll
20:09:36.0013 5692 C:\Program Files\Microsoft Office\Office14\1033\ospintl.dll - ok
20:09:36.0013 5692 [ 27CD04A0F47C403DAD539FBEB73B2BEF ] C:\Users\john_hock\Desktop\ComboFix.exe
20:09:36.0013 5692 C:\Users\john_hock\Desktop\ComboFix.exe - ok
20:09:36.0013 5692 [ 4E7C3166C3F414CA1E4CCA96168B68AB ] C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
20:09:36.0013 5692 C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe - ok
20:09:36.0028 5692 [ E8FF39826F9FD549A649864FC3ACDCD7 ] C:\Program Files\Common Files\microsoft shared\OFFICE14\RICHED20.DLL
20:09:36.0028 5692 C:\Program Files\Common Files\microsoft shared\OFFICE14\RICHED20.DLL - ok
20:09:36.0028 5692 [ C831BC44A993E07AC3701485F1215C16 ] C:\Program Files\DellTPad\ApMsgFwd.exe
20:09:36.0028 5692 C:\Program Files\DellTPad\ApMsgFwd.exe - ok
20:09:36.0028 5692 [ A1CFDEF143B1B4047E0FD3510F85DE97 ] C:\Program Files\Common Files\microsoft shared\OFFICE14\MSPTLS.DLL
20:09:36.0028 5692 C:\Program Files\Common Files\microsoft shared\OFFICE14\MSPTLS.DLL - ok
20:09:36.0044 5692 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] C:\Windows\System32\appinfo.dll
20:09:36.0044 5692 C:\Windows\System32\appinfo.dll - ok
20:09:36.0044 5692 [ 750D6A1244A4B70630DFC4A049D7CADF ] C:\Windows\System32\mshtml.dll
20:09:36.0044 5692 C:\Windows\System32\mshtml.dll - ok
20:09:36.0059 5692 [ 99798CBC6C81F5278F7653F7BCAD5B94 ] C:\Program Files\Microsoft Office Communicator\RTMPLTFM.dll
20:09:36.0059 5692 C:\Program Files\Microsoft Office Communicator\RTMPLTFM.dll - ok
20:09:36.0059 5692 [ 10EE09FE06FDA85B05B78873BAD66AD0 ] C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
20:09:36.0059 5692 C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe - ok
20:09:36.0059 5692 [ 60F7598FAB24B1A28B0FC927B211906C ] C:\Program Files\World of Warcraft\World of Warcraft Launcher.exe
20:09:36.0059 5692 C:\Program Files\World of Warcraft\World of Warcraft Launcher.exe - ok
20:09:36.0059 5692 [ 6850CAB88C6689D9A9936AFF033578AF ] C:\Windows\System32\stobject.dll
20:09:36.0059 5692 C:\Windows\System32\stobject.dll - ok
20:09:36.0075 5692 [ DAD1F753E1F8563629FBC93F8B15D9F8 ] C:\Windows\System32\batmeter.dll
20:09:36.0075 5692 C:\Windows\System32\batmeter.dll - ok
20:09:36.0075 5692 [ 0F144ECA8CFEC8882A3809D176886255 ] C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE
20:09:36.0075 5692 C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE - ok
20:09:36.0075 5692 [ 445A7C17A2BC7B6158DE99C835AED6C8 ] C:\Program Files\Common Files\microsoft shared\OFFICE14\Csi.dll
20:09:36.0075 5692 C:\Program Files\Common Files\microsoft shared\OFFICE14\Csi.dll - ok
20:09:36.0091 5692 [ B47147705D00C4F6A54ED24499271233 ] C:\Program Files\McAfee\Common Framework\0409\UpdRes.Dll
20:09:36.0091 5692 C:\Program Files\McAfee\Common Framework\0409\UpdRes.Dll - ok
20:09:36.0091 5692 [ 87E1E8A5135908AF80C184413AEB8AA1 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5530227809880c9b8b1d834e5434e840\mscorlib.ni.dll
20:09:36.0091 5692 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5530227809880c9b8b1d834e5434e840\mscorlib.ni.dll - ok
20:09:36.0091 5692 [ DDE4D47082A8EFE8F01EF07F351C985E ] C:\Users\john_hock\Desktop\WinZip170.exe
20:09:36.0091 5692 C:\Users\john_hock\Desktop\WinZip170.exe - ok
20:09:36.0106 5692 [ A0F1DFC9E47B2524213AFF32E26BE92D ] C:\Program Files\Windows Media Player\wmplayer.exe
20:09:36.0106 5692 C:\Program Files\Windows Media Player\wmplayer.exe - ok
20:09:36.0106 5692 [ 0FEFA3D55A002DDFEE5CE3C685FB3329 ] C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
20:09:36.0106 5692 C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe - ok
20:09:36.0106 5692 [ 3F677172F23FC17283D9BCE4B42E3F65 ] C:\Program Files\Mozilla Firefox\firefox.exe
20:09:36.0106 5692 C:\Program Files\Mozilla Firefox\firefox.exe - ok
20:09:36.0122 5692 [ 825EFACD1DADD646DB48AA99FB7C865F ] C:\Windows\System32\url.dll
20:09:36.0122 5692 C:\Windows\System32\url.dll - ok
20:09:36.0122 5692 [ 1D1EAA16D193C6A2D45981ED3914D22A ] C:\Windows\System32\msimtf.dll
20:09:36.0122 5692 C:\Windows\System32\msimtf.dll - ok
20:09:36.0122 5692 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\john_hock\Desktop\tdsskiller.exe
20:09:36.0122 5692 C:\Users\john_hock\Desktop\tdsskiller.exe - ok
20:09:36.0137 5692 [ 6A0A4C5F16D9C494BC4C6FFFA197737A ] C:\Windows\System32\consent.exe
20:09:36.0137 5692 C:\Windows\System32\consent.exe - ok
20:09:36.0137 5692 [ ADB8B36E65C10755E3DDC87F13BB7097 ] C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
20:09:36.0137 5692 C:\Program Files\Microsoft Office\Office14\EXCEL.EXE - ok
20:09:36.0137 5692 [ D146C378AEC2D1570A4E4F81E2B621B3 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
20:09:36.0137 5692 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
20:09:36.0153 5692 [ 40E7C262E7DB1821FBA7D2F1450B8FB0 ] C:\Program Files\1E\Agent\NightWatchman\TaskDialog.dll
20:09:36.0153 5692 C:\Program Files\1E\Agent\NightWatchman\TaskDialog.dll - ok
20:09:36.0153 5692 [ 2FF632103A9FFE7C8BA4E8B55F743EC1 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c8ebcd93a2b547dc72dee2fcfabcdd50\System.ni.dll
20:09:36.0153 5692 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c8ebcd93a2b547dc72dee2fcfabcdd50\System.ni.dll - ok
20:09:36.0153 5692 [ F193905B8B07B100503FBEDE47E7E83D ] C:\Windows\CCM\SCUpdateMgr.dll
20:09:36.0153 5692 C:\Windows\CCM\SCUpdateMgr.dll - ok
20:09:36.0169 5692 [ 3FC662346F3A562A343CA5687D072C69 ] C:\Windows\CCM\UpdateTrustedSites.exe
20:09:36.0169 5692 C:\Windows\CCM\UpdateTrustedSites.exe - ok
20:09:36.0169 5692 [ 269DE6F7D4CD1ABBBF01DC546E40E289 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\76959abccca2ffb4cabae6bbb61271c8\System.Drawing.ni.dll
20:09:36.0169 5692 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\76959abccca2ffb4cabae6bbb61271c8\System.Drawing.ni.dll - ok
20:09:36.0169 5692 [ F94F8A02474B7116908E82169E335A70 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f855ec33159aba38eb66690e5dfe3a6c\System.Windows.Forms.ni.dll
20:09:36.0169 5692 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f855ec33159aba38eb66690e5dfe3a6c\System.Windows.Forms.ni.dll - ok
20:09:36.0169 5692 [ FA05241C7BC7EBCC36AF78299D0D37FE ] C:\Windows\System32\wmploc.DLL
20:09:36.0169 5692 C:\Windows\System32\wmploc.DLL - ok
20:09:36.0184 5692 [ D8F67CCCCF4DE5EBD0E1F79121AFA79E ] C:\Windows\System32\NlsData0010.dll
20:09:36.0184 5692 C:\Windows\System32\NlsData0010.dll - ok
20:09:36.0184 5692 [ 0BD0665D8BFD321D3B5A898ED09D1DF3 ] C:\Windows\System32\jscript.dll
20:09:36.0184 5692 C:\Windows\System32\jscript.dll - ok
20:09:36.0184 5692 [ 395B08A4F4FE4BC39ECA0801C0D5E0D0 ] C:\Windows\System32\riched32.dll
20:09:36.0184 5692 C:\Windows\System32\riched32.dll - ok
20:09:36.0200 5692 [ 6EC594AB7EFA45EACDE65FD4040F53D9 ] C:\Windows\System32\riched20.dll
20:09:36.0200 5692 C:\Windows\System32\riched20.dll - ok
20:09:36.0200 5692 [ 662398B18EE2A910265630893AD09B1B ] C:\Windows\System32\tzres.dll
20:09:36.0200 5692 C:\Windows\System32\tzres.dll - ok
20:09:36.0200 5692 [ 8EA11B7DF3200D72D10FB7D33F750EF4 ] C:\Windows\System32\NlsLexicons0010.dll
20:09:36.0200 5692 C:\Windows\System32\NlsLexicons0010.dll - ok
20:09:36.0215 5692 [ 495926E657DD02E6A2E3EC556C53983A ] C:\Users\john_hock\Desktop\RogueKiller.exe
20:09:36.0215 5692 C:\Users\john_hock\Desktop\RogueKiller.exe - ok
20:09:36.0215 5692 [ 07857FA5E92930627281D8B454C0DD5C ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1430191d067c0f28c3a676d3ecb85b26\System.Runtime.Remoting.ni.dll
20:09:36.0215 5692 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1430191d067c0f28c3a676d3ecb85b26\System.Runtime.Remoting.ni.dll - ok
20:09:36.0215 5692 [ 4884DA7754823B44CCC2B2106F21146E ] C:\Windows\System32\calc.exe
20:09:36.0215 5692 C:\Windows\System32\calc.exe - ok
20:09:36.0215 5692 [ 0AAEFC8C3D1DD2B22307EA1E6E2DE683 ] C:\Windows\assembly\GAC_32\JabraDeviceAPI\1.0.0.0__0ee34e64b30d2a8a\JabraDeviceAPI.dll
20:09:36.0215 5692 C:\Windows\assembly\GAC_32\JabraDeviceAPI\1.0.0.0__0ee34e64b30d2a8a\JabraDeviceAPI.dll - ok
20:09:36.0231 5692 [ DBEC7D9F979CE492B0BA3103F37AB2D1 ] C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
20:09:36.0231 5692 C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - ok
20:09:36.0231 5692 [ C0DDDAFB06D87D2227CDD3BB7B2B09C9 ] C:\Program Files\McAfee\Common Framework\McTray.exe
20:09:36.0231 5692 C:\Program Files\McAfee\Common Framework\McTray.exe - ok
20:09:36.0247 5692 [ 31F3CF74759BE9196408EEBFE9E93626 ] C:\Users\john_hock\Desktop\SecurityCheck.exe
20:09:36.0247 5692 C:\Users\john_hock\Desktop\SecurityCheck.exe - ok
20:09:36.0247 5692 [ 9675D349FD303FD93C8905230AE8BD0A ] C:\Program Files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
20:09:36.0247 5692 C:\Program Files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll - ok
20:09:36.0262 5692 [ 384B4582630FD75DE4B92DA6867A1E11 ] C:\Program Files\McAfee\Common Framework\McTrayInterfaceLib.dll
20:09:36.0262 5692 C:\Program Files\McAfee\Common Framework\McTrayInterfaceLib.dll - ok
20:09:36.0262 5692 [ 3DF139D6CBB713F3E9A1B0CE35E9E709 ] C:\Program Files\Jabra\Jabra PC Suite\GNDeviceManager.dll
20:09:36.0262 5692 C:\Program Files\Jabra\Jabra PC Suite\GNDeviceManager.dll - ok
20:09:36.0278 5692 [ B614A51CDA6D109158824326EE02ADD0 ] C:\Program Files\McAfee\Common Framework\McTrayErrorLoggingPlugin.dll
20:09:36.0278 5692 C:\Program Files\McAfee\Common Framework\McTrayErrorLoggingPlugin.dll - ok
20:09:36.0278 5692 [ 803768444B482D61B92D715A05B5712A ] C:\Windows\System32\prnfldr.dll
20:09:36.0278 5692 C:\Windows\System32\prnfldr.dll - ok
20:09:36.0278 5692 [ D42C85B499CA215186183CC23807B13A ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2f44dac350b6161a9e9ce7222ae94335\System.Configuration.ni.dll
20:09:36.0278 5692 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2f44dac350b6161a9e9ce7222ae94335\System.Configuration.ni.dll - ok
20:09:36.0278 5692 [ 4DCC6849BF4C24FE34FD4EA69219D525 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2d47118e5da6db054d5676e665f2be2\System.Xml.ni.dll
20:09:36.0278 5692 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2d47118e5da6db054d5676e665f2be2\System.Xml.ni.dll - ok
20:09:36.0293 5692 [ C27DC59D4A29A0A9A3BDA15EF1C32AFC ] C:\Program Files\McAfee\Common Framework\mfevtpa.dll
20:09:36.0293 5692 C:\Program Files\McAfee\Common Framework\mfevtpa.dll - ok
20:09:36.0293 5692 [ CF0F0B551F95B46055EE39F767665672 ] C:\Users\john_hock\Desktop\adwcleaner.exe
20:09:36.0293 5692 C:\Users\john_hock\Desktop\adwcleaner.exe - ok
20:09:36.0293 5692 [ 6EC0A1BC384DA75511FAEDE0B45A82D4 ] C:\Windows\System32\DXP.dll
20:09:36.0293 5692 C:\Windows\System32\DXP.dll - ok
20:09:36.0309 5692 [ 8628981787799AB9D0584105369CC864 ] C:\Program Files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
20:09:36.0309 5692 C:\Program Files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll - ok
20:09:36.0309 5692 [ A0617B5753E31126AD29C03154F4F329 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
20:09:36.0309 5692 C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok
20:09:36.0325 5692 [ 5BB8C06EB5EA4BA22EE8A678F2D79B25 ] C:\Windows\System32\devenum.dll
20:09:36.0325 5692 C:\Windows\System32\devenum.dll - ok
20:09:36.0325 5692 [ 0DCA6A11D09D4C2CBE6B898B897EA915 ] C:\Windows\System32\UIAnimation.dll
20:09:36.0325 5692 C:\Windows\System32\UIAnimation.dll - ok
20:09:36.0325 5692 [ 70F03B29A62194E69911952B3640D9D2 ] C:\Windows\System32\msdmo.dll
20:09:36.0325 5692 C:\Windows\System32\msdmo.dll - ok
20:09:36.0325 5692 [ E24FE90E9DE8D8AE70E59F7B01675DEF ] C:\Windows\System32\avicap32.dll
20:09:36.0325 5692 C:\Windows\System32\avicap32.dll - ok
20:09:36.0340 5692 [ 2DEEB96A0957BD058753FF250E85EF49 ] C:\Windows\System32\msvfw32.dll
20:09:36.0340 5692 C:\Windows\System32\msvfw32.dll - ok
20:09:36.0340 5692 [ E32B288B38C3182D9F890F45B067A5DB ] C:\Windows\System32\vfwwdm32.dll
20:09:36.0340 5692 C:\Windows\System32\vfwwdm32.dll - ok
20:09:36.0340 5692 [ B2B3DAE040F6B5AE1DF52B0CD7631A18 ] C:\Windows\System32\AltTab.dll
20:09:36.0340 5692 C:\Windows\System32\AltTab.dll - ok
20:09:36.0356 5692 [ F8F03D206F7D5811D630349A23E9B9B9 ] C:\Windows\ehome\ehSSO.dll
20:09:36.0356 5692 C:\Windows\ehome\ehSSO.dll - ok
20:09:36.0356 5692 [ 856CFFCD835528136367BB1A8FE1DB87 ] C:\Windows\System32\Syncreg.dll
20:09:36.0356 5692 C:\Windows\System32\Syncreg.dll - ok
20:09:36.0356 5692 [ 8BF179E9513F70EA95DE2D539650EAF0 ] C:\Windows\System32\ksproxy.ax
20:09:36.0356 5692 C:\Windows\System32\ksproxy.ax - ok
20:09:36.0371 5692 [ 7459301D21C2E21468823F73042D9F87 ] C:\Windows\System32\d3d9.dll
20:09:36.0371 5692 C:\Windows\System32\d3d9.dll - ok
20:09:36.0371 5692 [ 77B1471A490B53B24EFE136F09F76550 ] C:\Windows\System32\d3d8thk.dll
20:09:36.0371 5692 C:\Windows\System32\d3d8thk.dll - ok
20:09:36.0371 5692 [ ADB45A977BD9E45790CA496DB84BA148 ] C:\Windows\System32\PortableDeviceTypes.dll
20:09:36.0371 5692 C:\Windows\System32\PortableDeviceTypes.dll - ok
20:09:36.0387 5692 [ F5EB1E039498D6F1D106E96CE7C1F3C6 ] C:\Windows\System32\WPDShServiceObj.dll
20:09:36.0387 5692 C:\Windows\System32\WPDShServiceObj.dll - ok
20:09:36.0387 5692 [ 4DDACA8A66B95ABA02812FF3C13DE198 ] C:\Windows\System32\vidcap.ax
20:09:36.0387 5692 C:\Windows\System32\vidcap.ax - ok
20:09:36.0387 5692 [ 3F41165F3F56547D0BACA826C2651A77 ] C:\Windows\System32\Kswdmcap.ax
20:09:36.0387 5692 C:\Windows\System32\Kswdmcap.ax - ok
20:09:36.0387 5692 [ 2862A3819BBC9757DD27BAC41A4E0A3E ] C:\Windows\System32\pnidui.dll
20:09:36.0387 5692 C:\Windows\System32\pnidui.dll - ok
20:09:36.0403 5692 [ 74C76BB54B26CE50C4BC755F92687C63 ] C:\Windows\System32\mfc42.dll
20:09:36.0403 5692 C:\Windows\System32\mfc42.dll - ok
20:09:36.0403 5692 [ 09EAABEC4C378C788E3137F0D31D0CFC ] C:\Program Files\DellTPad\ApntEx.exe
20:09:36.0403 5692 C:\Program Files\DellTPad\ApntEx.exe - ok
20:09:36.0403 5692 [ B1E5099DC69DA99E7D90E442DE297D4F ] C:\Windows\System32\cscobj.dll
20:09:36.0403 5692 C:\Windows\System32\cscobj.dll - ok
20:09:36.0418 5692 [ B9980FCD160D1EC1422B111C74B56DB2 ] C:\Windows\System32\quartz.dll
20:09:36.0418 5692 C:\Windows\System32\quartz.dll - ok
20:09:36.0418 5692 [ 198552AEFECA69D646867EC8D792DE95 ] C:\Windows\System32\ddraw.dll
20:09:36.0418 5692 C:\Windows\System32\ddraw.dll - ok
20:09:36.0418 5692 [ 55E5B32AE8D1F51A63C82919656FD275 ] C:\Windows\System32\dciman32.dll
20:09:36.0418 5692 C:\Windows\System32\dciman32.dll - ok
20:09:36.0434 5692 [ D4C438883154C3D082FB2E629191C45F ] C:\Windows\System32\srchadmin.dll
20:09:36.0434 5692 C:\Windows\System32\srchadmin.dll - ok
20:09:36.0434 5692 [ C02AA67276FEE0C15CC4D6D616BDE95E ] C:\Windows\System32\WWanAPI.dll
20:09:36.0434 5692 C:\Windows\System32\WWanAPI.dll - ok
20:09:36.0434 5692 [ F2ED6D00921CA138289E5E0CCB9ABF87 ] C:\Windows\System32\wwapi.dll
20:09:36.0434 5692 C:\Windows\System32\wwapi.dll - ok
20:09:36.0449 5692 [ 7A473420C3CCE9C483458089403E66FD ] C:\Windows\System32\nvd3dum.dll
20:09:36.0449 5692 C:\Windows\System32\nvd3dum.dll - ok
20:09:36.0449 5692 [ 177DF28315BF4300ECB5CBEEEE961292 ] C:\Windows\System32\webcheck.dll
20:09:36.0449 5692 C:\Windows\System32\webcheck.dll - ok
20:09:36.0449 5692 [ EA7F750C761E49B544335D9AE39802CD ] C:\Program Files\DellTPad\hidfind.exe
20:09:36.0449 5692 C:\Program Files\DellTPad\hidfind.exe - ok
20:09:36.0465 5692 [ 8C7FE6B9559204765849BFF308764FA5 ] C:\Windows\System32\SyncCenter.dll
20:09:36.0465 5692 C:\Windows\System32\SyncCenter.dll - ok
20:09:36.0465 5692 [ 2D15C41214F518FC3C72A4C01C30882F ] C:\Windows\System32\bthprops.cpl
20:09:36.0465 5692 C:\Windows\System32\bthprops.cpl - ok
20:09:36.0465 5692 [ F4055BF49A90375FD7672A604F3B0B8E ] C:\Windows\System32\ActionCenter.dll
20:09:36.0465 5692 C:\Windows\System32\ActionCenter.dll - ok
20:09:36.0481 5692 [ FA67B25D95EAD616F287EB0281CD689B ] C:\Windows\CCM\SCNotification.exe
20:09:36.0481 5692 C:\Windows\CCM\SCNotification.exe - ok
20:09:36.0481 5692 [ 5F16C07CFA97228DB5AC98D61D770827 ] C:\Windows\System32\imapi2.dll
20:09:36.0481 5692 C:\Windows\System32\imapi2.dll - ok
20:09:36.0481 5692 [ 8CC4ECA2177510674DB92BB8F1CEBBEE ] C:\Windows\System32\hgcpl.dll
20:09:36.0481 5692 C:\Windows\System32\hgcpl.dll - ok
20:09:36.0496 5692 [ 82A98D0EB83505529AD81E4C1FADC37D ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
20:09:36.0496 5692 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll - ok
20:09:36.0496 5692 [ C2D6A4475B87651D5909E364439FDA52 ] C:\Windows\System32\FXSST.dll
20:09:36.0496 5692 C:\Windows\System32\FXSST.dll - ok
20:09:36.0496 5692 [ 942E57152F1CD0533644AB30EF1A4728 ] C:\Windows\System32\FXSAPI.dll
20:09:36.0496 5692 C:\Windows\System32\FXSAPI.dll - ok
20:09:36.0512 5692 [ C4096CA42199428B3D63DC206C197F0E ] C:\Windows\System32\FXSRESM.dll
20:09:36.0512 5692 C:\Windows\System32\FXSRESM.dll - ok
20:09:36.0512 5692 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] C:\Windows\System32\FXSSVC.exe
20:09:36.0512 5692 C:\Windows\System32\FXSSVC.exe - ok
20:09:36.0512 5692 [ 4FB3EC44D763C1977B46F7290DF492D9 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
20:09:36.0512 5692 C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll - ok
20:09:36.0527 5692 [ 523214677C1D31D7991632C6D11E6B42 ] C:\Windows\System32\d3dim700.dll
20:09:36.0527 5692 C:\Windows\System32\d3dim700.dll - ok
20:09:36.0527 5692 [ 1F27643C4C626457FCE8F047AE1CD7E1 ] C:\Windows\System32\dxva2.dll
20:09:36.0527 5692 C:\Windows\System32\dxva2.dll - ok
20:09:36.0527 5692 [ DF9D2AAFC0BA8BB30266A1EAEB7AA929 ] C:\Program Files\Steam\Steam.dll
20:09:36.0527 5692 C:\Program Files\Steam\Steam.dll - ok
20:09:36.0527 5692 [ A7532E66EA2F168A0970E829D8986423 ] C:\Program Files\Steam\dbghelp.dll
20:09:36.0527 5692 C:\Program Files\Steam\dbghelp.dll - ok
20:09:36.0543 5692 [ 173C217E677C4B0C4F8A6D54BA13BF9B ] C:\Program Files\Steam\CSERHelper.dll
20:09:36.0543 5692 C:\Program Files\Steam\CSERHelper.dll - ok
20:09:36.0543 5692 [ E5BC8D93CDCB957146D971647849A154 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
20:09:36.0543 5692 C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll - ok
20:09:36.0559 5692 [ 9F2271A32B03F13E22C0C1940EDB6FBD ] C:\Program Files\Steam\SteamUI.dll
20:09:36.0559 5692 C:\Program Files\Steam\SteamUI.dll - ok
20:09:36.0559 5692 [ 5A25125960E5D3842E5BC95AEACC44E6 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System\982a5b70d861cb34f85e041075d5112c\System.ni.dll
20:09:36.0559 5692 C:\Windows\assembly\NativeImages_v4.0.30319_32\System\982a5b70d861cb34f85e041075d5112c\System.ni.dll - ok
20:09:36.0559 5692 [ AA791614482F7AFBD79B0647784F8986 ] C:\Program Files\Steam\sdl.dll
20:09:36.0559 5692 C:\Program Files\Steam\sdl.dll - ok
20:09:36.0559 5692 [ 90CE686A96B2F808F2FBEE6AB877A737 ] C:\Program Files\Steam\tier0_s.dll
20:09:36.0559 5692 C:\Program Files\Steam\tier0_s.dll - ok
20:09:36.0574 5692 [ 668B41FC2DF98B7B817877FFA506194D ] C:\Program Files\Steam\vstdlib_s.dll
20:09:36.0574 5692 C:\Program Files\Steam\vstdlib_s.dll - ok
20:09:36.0574 5692 [ C1D1A067613EB3B066BCC3C6965506C5 ] C:\Program Files\Steam\crashhandler.dll
20:09:36.0574 5692 C:\Program Files\Steam\crashhandler.dll - ok
20:09:36.0590 5692 [ C98F72AD86881081ED73217EEBD78DBF ] C:\Program Files\Steam\bin\FileSystem_Steam.dll
20:09:36.0590 5692 C:\Program Files\Steam\bin\FileSystem_Steam.dll - ok
20:09:36.0590 5692 [ 680CB6D91914E7722AF9F47C05B46085 ] C:\Program Files\Steam\bin\vgui2_s.dll
20:09:36.0590 5692 C:\Program Files\Steam\bin\vgui2_s.dll - ok
20:09:36.0590 5692 [ D1BBE227367ED791D5FCF08E132D2956 ] C:\Windows\System32\opengl32.dll
20:09:36.0590 5692 C:\Windows\System32\opengl32.dll - ok
20:09:36.0590 5692 [ 18E2D9BAE7504A1FA28B5F9338F318F4 ] C:\Program Files\Steam\bin\chromehtml.dll
20:09:36.0590 5692 C:\Program Files\Steam\bin\chromehtml.dll - ok
20:09:36.0605 5692 [ DE3897365B04C4DA1CF8FF725577C082 ] C:\Windows\System32\glu32.dll
20:09:36.0605 5692 C:\Windows\System32\glu32.dll - ok
20:09:36.0605 5692 [ 60BE2CEC0D95BB135D4452F39AAC6805 ] C:\Program Files\Steam\bin\libcef.dll
20:09:36.0605 5692 C:\Program Files\Steam\bin\libcef.dll - ok
20:09:36.0621 5692 [ 6B141393F8BA55487F67355E095AB4ED ] C:\Windows\CCM\SCClient.common.dll
20:09:36.0621 5692 C:\Windows\CCM\SCClient.common.dll - ok
20:09:36.0621 5692 [ 63C1665A3A47266029DC0D0D0D8F4935 ] C:\Windows\System32\mssvp.dll
20:09:36.0621 5692 C:\Windows\System32\mssvp.dll - ok
20:09:36.0637 5692 [ 045D0F4F41CA53D4CB22BDC814A22B64 ] C:\Program Files\Steam\bin\icudt.dll
20:09:36.0637 5692 C:\Program Files\Steam\bin\icudt.dll - ok
20:09:36.0637 5692 [ BBA1FE328CEA501FCCE1E5DF16276439 ] C:\Program Files\Steam\bin\avcodec-53.dll
20:09:36.0637 5692 C:\Program Files\Steam\bin\avcodec-53.dll - ok
20:09:36.0637 5692 [ 8D0B07F8263C18E6496F2954B041DC29 ] C:\Windows\CCM\SCClient.data.dll
20:09:36.0637 5692 C:\Windows\CCM\SCClient.data.dll - ok
20:09:36.0652 5692 [ C5CCB86CD745746B9908031A54315F90 ] C:\Program Files\Steam\bin\avformat-53.dll
20:09:36.0652 5692 C:\Program Files\Steam\bin\avformat-53.dll - ok
20:09:36.0652 5692 [ 2A8B8A15A58EDF3B443083EC29894E54 ] C:\Program Files\Steam\bin\avutil-51.dll
20:09:36.0652 5692 C:\Program Files\Steam\bin\avutil-51.dll - ok
20:09:36.0652 5692 [ A10DCBCE8EC28869DC77D5F655596E4F ] C:\Windows\CCM\SCClient.Pages.dll
20:09:36.0652 5692 C:\Windows\CCM\SCClient.Pages.dll - ok
20:09:36.0652 5692 [ 9F9B0AD8804ECFF8CBD279992DCF7210 ] C:\Windows\System32\DWrite.dll
20:09:36.0652 5692 C:\Windows\System32\DWrite.dll - ok
20:09:36.0668 5692 [ 93088D8CF2E5AC53B0DD51F33B24BB8D ] C:\Windows\assembly\NativeImages_v4.0.30319_32\SCNotification\54a343bcf5b54280d05b0d19478ae274\SCNotification.ni.exe
20:09:36.0668 5692 C:\Windows\assembly\NativeImages_v4.0.30319_32\SCNotification\54a343bcf5b54280d05b0d19478ae274\SCNotification.ni.exe - ok
20:09:36.0668 5692 [ 6DBE7C2218E57F68A926A30F6F1FFDED ] C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ee222eb394b3a3c049ab10ab7f09c2f8\WindowsBase.ni.dll
20:09:36.0668 5692 C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ee222eb394b3a3c049ab10ab7f09c2f8\WindowsBase.ni.dll - ok
20:09:36.0668 5692 [ CA6DB5CB169E09209D0BA380E398D87B ] C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
20:09:36.0668 5692 C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE - ok
20:09:36.0683 5692 [ ECE7BB11ABAFC16EE3133B28CC2A58E3 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\965a1c95ab2d4c6d0f47a24c3f3fbef0\PresentationCore.ni.dll
20:09:36.0683 5692 C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\965a1c95ab2d4c6d0f47a24c3f3fbef0\PresentationCore.ni.dll - ok
20:09:36.0683 5692 [ D7D1DC01D6ADCACEA51017391363F84A ] C:\Program Files\Steam\steamclient.dll
20:09:36.0683 5692 C:\Program Files\Steam\steamclient.dll - ok
20:09:36.0683 5692 [ 1861146A294D61E64B4D9FD057194811 ] C:\Program Files\Common Files\Steam\SteamService.exe
20:09:36.0683 5692 C:\Program Files\Common Files\Steam\SteamService.exe - ok
20:09:36.0699 5692 [ 3D5FFDF5F8F5B9096053E2DD90787E16 ] C:\Program Files\Steam\bin\SteamService.dll
20:09:36.0699 5692 C:\Program Files\Steam\bin\SteamService.dll - ok
20:09:36.0699 5692 [ F519D0A0836E34FDE9D33F0CAE366A57 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b70d4bce894637edef0366866e1f7943\PresentationFramework.ni.dll
20:09:36.0699 5692 C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b70d4bce894637edef0366866e1f7943\PresentationFramework.ni.dll - ok
20:09:36.0699 5692 [ F15F57D9E5E4D4B08D86A966897AC546 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f340d6d2f714f641ec63cc69f85eaa0d\System.Xaml.ni.dll
20:09:36.0699 5692 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f340d6d2f714f641ec63cc69f85eaa0d\System.Xaml.ni.dll - ok
20:09:36.0715 5692 [ C5CAFA0A3B9C62939DF46CB97FAAAF21 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\SCClient.Data\1c3be3a9ecab48223b0d2583a6f502c5\SCClient.Data.ni.dll
20:09:36.0715 5692 C:\Windows\assembly\NativeImages_v4.0.30319_32\SCClient.Data\1c3be3a9ecab48223b0d2583a6f502c5\SCClient.Data.ni.dll - ok
20:09:36.0715 5692 [ BE61598835CDD48FD022B8D269B533DA ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\985109f2568f3251333dad29bc889421\System.Core.ni.dll
20:09:36.0715 5692 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\985109f2568f3251333dad29bc889421\System.Core.ni.dll - ok
20:09:36.0715 5692 [ DBD8AD04BBAB48131B1FE7147AEE5785 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\7a5396a866e3a0276107fe7e7ae73a8b\Microsoft.VisualBasic.ni.dll
20:09:36.0715 5692 C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\7a5396a866e3a0276107fe7e7ae73a8b\Microsoft.VisualBasic.ni.dll - ok
20:09:36.0730 5692 [ FD435DF8C9CA7A49CCBF7CD2F7627739 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
20:09:36.0730 5692 C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll - ok
20:09:36.0730 5692 [ A6726EE86369C32DC660EE6372E1E283 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c409feb9182d01c80872f2031d68053e\System.Configuration.ni.dll
20:09:36.0730 5692 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c409feb9182d01c80872f2031d68053e\System.Configuration.ni.dll - ok
20:09:36.0730 5692 [ 05C28105F8DEAC99213D612E8356111C ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\586e41e15e1d44fe197b9d1cc5575f8c\System.Xml.ni.dll
20:09:36.0730 5692 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\586e41e15e1d44fe197b9d1cc5575f8c\System.Xml.ni.dll - ok
20:09:36.0746 5692 [ A9065C668E6978CBA6899A2F1F1463A4 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c1a8c9f933bc8e321ed5d93c079dca26\System.Drawing.ni.dll
20:09:36.0746 5692 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c1a8c9f933bc8e321ed5d93c079dca26\System.Drawing.ni.dll - ok
20:09:36.0746 5692 [ CC9034771005BCE0B697C27F27441D21 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3bf977a1551ef1f00e3565767d283b14\System.Windows.Forms.ni.dll
20:09:36.0746 5692 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3bf977a1551ef1f00e3565767d283b14\System.Windows.Forms.ni.dll - ok
20:09:36.0746 5692 [ 816FA57475CE5032E063BF69BFCD4C85 ] C:\Windows\System32\NlsData0021.dll
20:09:36.0746 5692 C:\Windows\System32\NlsData0021.dll - ok
20:09:36.0761 5692 [ 631E4997C99F91247FE3DE8DB90F60A1 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1fa3f0a76f2fa2d3a6cfaf9031bc1dfb\System.Runtime.Remoting.ni.dll
20:09:36.0761 5692 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1fa3f0a76f2fa2d3a6cfaf9031bc1dfb\System.Runtime.Remoting.ni.dll - ok
20:09:36.0761 5692 [ 5003ADEC6FF342D5C0BBAB94B76FE5E0 ] C:\Windows\System32\NlsLexicons0021.dll
20:09:36.0761 5692 C:\Windows\System32\NlsLexicons0021.dll - ok
20:09:36.0777 5692 [ 5C0A02A7121D006F3333B15163785FE5 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
20:09:36.0777 5692 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll - ok
20:09:36.0777 5692 [ 9383D302F0D95DB0802308CF250727F3 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll
20:09:36.0777 5692 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll - ok
20:09:36.0777 5692 [ 7FE3CAF4E232318E970D252C822E498D ] C:\Windows\assembly\NativeImages_v4.0.30319_32\SCClient.Common\414637136185932ca13922db3eba9740\SCClient.Common.ni.dll
20:09:36.0777 5692 C:\Windows\assembly\NativeImages_v4.0.30319_32\SCClient.Common\414637136185932ca13922db3eba9740\SCClient.Common.ni.dll - ok
20:09:36.0793 5692 [ CA6CC5AD7D2A7A5EDC7F101D252FB837 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\88ae87c0af91d679bbeaaeeb1c4ab9c8\System.Management.ni.dll
20:09:36.0793 5692 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\88ae87c0af91d679bbeaaeeb1c4ab9c8\System.Management.ni.dll - ok
20:09:36.0793 5692 [ BCED95C3424E3316D455E19B671ACEEC ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\WMINet_Utils.dll
20:09:36.0793 5692 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WMINet_Utils.dll - ok
20:09:36.0793 5692 [ 781BF72F57CC9E5F85CB109C24D00FDC ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
20:09:36.0793 5692 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll - ok
20:09:36.0808 5692 [ DC3C36F3C149DB936E997503467D797E ] C:\Windows\CCM\ExecMgr_ps.dll
20:09:36.0808 5692 C:\Windows\CCM\ExecMgr_ps.dll - ok
20:09:36.0808 5692 [ D7DD786273BEE4538EFE587A5CE00108 ] C:\Windows\CCM\Sched_ps.dll
20:09:36.0808 5692 C:\Windows\CCM\Sched_ps.dll - ok
20:09:36.0808 5692 [ 08E420D873E4FD85241EE2421B02C4A4 ] C:\Windows\System32\wersvc.dll
20:09:36.0808 5692 C:\Windows\System32\wersvc.dll - ok
20:09:36.0824 5692 [ D6715DC4F8D9771007E94B85839D8C32 ] C:\Program Files\Steam\bin\friendsUI.dll
20:09:36.0824 5692 C:\Program Files\Steam\bin\friendsUI.dll - ok
20:09:36.0824 5692 [ 37A81BF4727C5A1F819ECD384FD62D1E ] C:\Program Files\Steam\bin\ServerBrowser.dll
20:09:36.0824 5692 C:\Program Files\Steam\bin\ServerBrowser.dll - ok
20:09:36.0824 5692 [ 5E08AC958BE05247FF1539E0D1CE7905 ] C:\Windows\System32\dinput8.dll
20:09:36.0824 5692 C:\Windows\System32\dinput8.dll - ok
20:09:36.0839 5692 [ 77F595DEE5FFACEA72B135B1FCE1312E ] C:\Windows\System32\xinput1_3.dll
20:09:36.0839 5692 C:\Windows\System32\xinput1_3.dll - ok
20:09:36.0839 5692 [ 6F780FEFA471EB6B6D53ACEEF2AC7491 ] C:\Windows\CCM\UpdatesDeployment_ps.dll
20:09:36.0839 5692 C:\Windows\CCM\UpdatesDeployment_ps.dll - ok
20:09:36.0839 5692 [ CC09427810D183707B7BE71BE48DD12C ] C:\Windows\CCM\ccmcisdk.dll
20:09:36.0839 5692 C:\Windows\CCM\ccmcisdk.dll - ok
20:09:36.0855 5692 [ 9475DA0ACA6B1DA08ECD5000ADDE1250 ] C:\Windows\CCM\cisstore_ps.dll
20:09:36.0855 5692 C:\Windows\CCM\cisstore_ps.dll - ok
20:09:36.0855 5692 [ 4E5B17CAF1076B570D3492ED46B89B6F ] C:\Windows\CCM\cistore_ps.dll
20:09:36.0855 5692 C:\Windows\CCM\cistore_ps.dll - ok
20:09:36.0855 5692 [ 9665B84F0D83CD7382E6B1F66A430CBE ] C:\Windows\CCM\dcmagent_ps.dll
20:09:36.0855 5692 C:\Windows\CCM\dcmagent_ps.dll - ok
20:09:36.0871 5692 [ 999756D6AAF37BB2C5B4152BBDE65FD6 ] C:\Windows\CCM\RebootCoord_ps.dll
20:09:36.0871 5692 C:\Windows\CCM\RebootCoord_ps.dll - ok
20:09:36.0871 5692 [ F175E53C7C3B25A9029A131FB578B155 ] C:\Windows\System32\wscinterop.dll
20:09:36.0871 5692 C:\Windows\System32\wscinterop.dll - ok
20:09:36.0871 5692 [ 7FD5532C142DB6C9CC47AA4DCF71FDEC ] C:\Windows\System32\wscui.cpl
20:09:36.0871 5692 C:\Windows\System32\wscui.cpl - ok
20:09:36.0886 5692 [ 9A6DEDBE309AA0CE2C31EE6799B38E4F ] C:\Windows\System32\werconcpl.dll
20:09:36.0886 5692 C:\Windows\System32\werconcpl.dll - ok
20:09:36.0886 5692 [ AC804569BB2364FB6017370258A4091B ] C:\Windows\System32\wercplsupport.dll
20:09:36.0886 5692 C:\Windows\System32\wercplsupport.dll - ok
20:09:36.0886 5692 [ 81E7E920312D372CF57A817049AC7C76 ] C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
20:09:36.0886 5692 C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL - ok
20:09:36.0902 5692 [ 57CE9D8350B1DD76EEC596C423C3C0BC ] C:\Windows\System32\hcproviders.dll
20:09:36.0902 5692 C:\Windows\System32\hcproviders.dll - ok
20:09:36.0902 5692 [ C1A857A7BC0BBF57B6115CA7AC4E2F6B ] C:\Windows\System32\taskmgr.exe
20:09:36.0902 5692 C:\Windows\System32\taskmgr.exe - ok
20:09:36.0917 5692 [ 8E79090CB0987CA102E845341E052537 ] C:\Windows\System32\vdmdbg.dll
20:09:36.0917 5692 C:\Windows\System32\vdmdbg.dll - ok
20:09:36.0917 5692 [ EAD321E123FB2DB25148A9DE0A8F257D ] C:\Program Files\Internet Explorer\ieproxy.dll
20:09:36.0917 5692 C:\Program Files\Internet Explorer\ieproxy.dll - ok
20:09:36.0917 5692 [ 40FE5B0FEBA7C8ADD847870B77A3546D ] C:\Program Files\McAfee\VirusScan Enterprise\mcconsol.exe
20:09:36.0917 5692 C:\Program Files\McAfee\VirusScan Enterprise\mcconsol.exe - ok
20:09:36.0917 5692 [ 8900361171A041B788014FC91864A43B ] C:\Windows\System32\nvcpl.cpl
20:09:36.0917 5692 C:\Windows\System32\nvcpl.cpl - ok
20:09:36.0933 5692 [ 2BCCDDE325E700E1C74FFED7A25B0684 ] C:\Windows\System32\nvcpluir.dll
20:09:36.0933 5692 C:\Windows\System32\nvcpluir.dll - ok
20:09:36.0933 5692 [ 8545318957E6F13BE4B67244FBE28BF9 ] C:\Windows\System32\nvcplui.exe
20:09:36.0933 5692 C:\Windows\System32\nvcplui.exe - ok
20:09:36.0933 5692 [ C17C5BBBDF1B35DB457EBAFA3185F222 ] C:\Windows\System32\ActionCenterCPL.dll
20:09:36.0933 5692 C:\Windows\System32\ActionCenterCPL.dll - ok
20:09:36.0949 5692 [ 0D07A576772CFA4930F2E369018C2E3C ] C:\Windows\System32\autoplay.dll
20:09:36.0949 5692 C:\Windows\System32\autoplay.dll - ok
20:09:36.0949 5692 [ E09D6251A1B2EC44D935AC7087A4B2CB ] C:\Windows\System32\sdcpl.dll
20:09:36.0949 5692 C:\Windows\System32\sdcpl.dll - ok
20:09:36.0949 5692 [ 18D0A0D6FD33CEE2CB5D636D4DCD5719 ] C:\Windows\System32\fvecpl.dll
20:09:36.0949 5692 C:\Windows\System32\fvecpl.dll - ok
20:09:36.0964 5692 [ 031183B7923637CBB3E99CBBE5E821CA ] C:\Windows\System32\colorcpl.exe
20:09:36.0964 5692 C:\Windows\System32\colorcpl.exe - ok
20:09:36.0964 5692 [ 30526B2A27FADE99EAA49BB3DC74194F ] C:\Windows\CCM\SMSCFGRC.cpl
20:09:36.0964 5692 C:\Windows\CCM\SMSCFGRC.cpl - ok
20:09:36.0964 5692 [ 701E1E51BD75DF0F3B4709F81E61F6CC ] C:\Windows\System32\Vault.dll
20:09:36.0964 5692 C:\Windows\System32\Vault.dll - ok
20:09:36.0964 5692 [ F5F9CB23EDBF2C77AAE5A2A2FC4FC333 ] C:\Windows\System32\devmgr.dll
20:09:36.0980 5692 C:\Windows\System32\devmgr.dll - ok
20:09:36.0980 5692 [ A3FFDF7E8B0986D810C39581B365BF84 ] C:\Windows\System32\Display.dll
20:09:36.0980 5692 C:\Windows\System32\Display.dll - ok
20:09:36.0980 5692 [ EA5B2E99FC932AF500F8863683BAB5B3 ] C:\Windows\System32\accessibilitycpl.dll
20:09:36.0980 5692 C:\Windows\System32\accessibilitycpl.dll - ok
20:09:36.0995 5692 [ 6E6FF1275216A0C31BBB792B53F47083 ] C:\Windows\System32\FlashPlayerCPLApp.cpl
20:09:36.0995 5692 C:\Windows\System32\FlashPlayerCPLApp.cpl - ok
20:09:36.0995 5692 [ 2F51AAF9872133173F7F8CDD0FF66B3D ] C:\Windows\System32\fontext.dll
20:09:36.0995 5692 C:\Windows\System32\fontext.dll - ok
20:09:36.0995 5692 [ 94512F9A4539B4DE24780B5293FE0A47 ] C:\Windows\Branding\ShellBrd\shellbrd.dll
20:09:36.0995 5692 C:\Windows\Branding\ShellBrd\shellbrd.dll - ok
20:09:36.0995 5692 [ 52357ED74CB2008140B6454E01563F87 ] C:\Windows\System32\idtcpl.cpl
20:09:36.0995 5692 C:\Windows\System32\idtcpl.cpl - ok
20:09:37.0011 5692 [ 9CF9AEC8EB672CE97C89ACCBCE1A9F74 ] C:\Windows\System32\inetcpl.cpl
20:09:37.0011 5692 C:\Windows\System32\inetcpl.cpl - ok
20:09:37.0011 5692 [ 40B3C4529629141165D3F2D3205B2099 ] C:\Program Files\Java\jre6\bin\javacpl.exe
20:09:37.0011 5692 C:\Program Files\Java\jre6\bin\javacpl.exe - ok
20:09:37.0011 5692 [ D72282F706C46C7CC74093FC92C09665 ] C:\Windows\System32\main.cpl
20:09:37.0011 5692 C:\Windows\System32\main.cpl - ok
20:09:37.0027 5692 [ D9E9390C34E5A941F9336BD1F5D35A11 ] C:\Windows\System32\SensorsCpl.dll
20:09:37.0027 5692 C:\Windows\System32\SensorsCpl.dll - ok
20:09:37.0027 5692 [ 92CC35D9F17103435406FAC0DA030D3C ] C:\PROGRA~1\MICROS~1\Office14\MLCFG32.CPL
20:09:37.0027 5692 C:\PROGRA~1\MICROS~1\Office14\MLCFG32.CPL - ok
20:09:37.0027 5692 [ B2ACE731DBE4060617E43356161C078B ] C:\Windows\System32\netcenter.dll
20:09:37.0027 5692 C:\Windows\System32\netcenter.dll - ok
20:09:37.0027 5692 [ E1F8E1B5B36FE7EC8B6F86AC7F0C7EED ] C:\Windows\System32\taskbarcpl.dll
20:09:37.0027 5692 C:\Windows\System32\taskbarcpl.dll - ok
20:09:37.0042 5692 [ E7E166EB13E104AAE5127A201FE922A0 ] C:\Windows\System32\PerfCenterCPL.dll
20:09:37.0042 5692 C:\Windows\System32\PerfCenterCPL.dll - ok
20:09:37.0042 5692 [ E7258AA40E6CE3FD66D66D9C8027DC6C ] C:\Windows\System32\themecpl.dll
20:09:37.0042 5692 C:\Windows\System32\themecpl.dll - ok
20:09:37.0042 5692 [ 0386FF59D0F5C1CDE453A3780353069F ] C:\Windows\System32\telephon.cpl
20:09:37.0042 5692 C:\Windows\System32\telephon.cpl - ok
20:09:37.0058 5692 [ 79490BAB57F5ACC44F99599EB68DC53D ] C:\Windows\CCM\SCClient.exe
20:09:37.0058 5692 C:\Windows\CCM\SCClient.exe - ok
20:09:37.0058 5692 [ 26AED3A28B0E902C7EC0917DB8F74A9D ] C:\Windows\assembly\NativeImages_v4.0.30319_32\SCClient\2e2628c46901e42680c16755680c09c9\SCClient.ni.exe
20:09:37.0058 5692 C:\Windows\assembly\NativeImages_v4.0.30319_32\SCClient\2e2628c46901e42680c16755680c09c9\SCClient.ni.exe - ok
20:09:37.0058 5692 [ 95E8DBB86F619F87439972C152F7FBD9 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b86266f20ea3c037c7eb1585cf3119c1\PresentationFramework.Aero.ni.dll
20:09:37.0058 5692 C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b86266f20ea3c037c7eb1585cf3119c1\PresentationFramework.Aero.ni.dll - ok
20:09:37.0073 5692 [ 175383778EB24D98C84E624021E3AA0B ] C:\Windows\System32\aeevts.dll
20:09:37.0073 5692 C:\Windows\System32\aeevts.dll - ok
20:09:37.0073 5692 [ 45FB05F743E626D9E239E52602CEA041 ] C:\Windows\System32\msctfui.dll
20:09:37.0073 5692 C:\Windows\System32\msctfui.dll - ok
20:09:37.0073 5692 [ 0B6AA0190CFE21E68017478FE6E1AF06 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\SCClient.Pages\55b45714fd7e0bb6cd6bdff96a0b8b76\SCClient.Pages.ni.dll
20:09:37.0073 5692 C:\Windows\assembly\NativeImages_v4.0.30319_32\SCClient.Pages\55b45714fd7e0bb6cd6bdff96a0b8b76\SCClient.Pages.ni.dll - ok
20:09:37.0089 5692 [ 4376A6CEF78882FD1A451503510BD6BF ] C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9fedec1f005f9e39f8dde611c4c27cab\UIAutomationProvider.ni.dll
20:09:37.0089 5692 C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9fedec1f005f9e39f8dde611c4c27cab\UIAutomationProvider.ni.dll - ok
20:09:37.0089 5692 [ C16E6614E1483CFFD3562B47FDE6A78C ] C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\5528d332c662a879514630cbee174ada\Accessibility.ni.dll
20:09:37.0089 5692 C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\5528d332c662a879514630cbee174ada\Accessibility.ni.dll - ok
20:09:37.0089 5692 [ B09984EFBC46DAD84261DDBC63CB7EA2 ] C:\Program Files\McAfee\VirusScan Enterprise\entvutil.exe
20:09:37.0089 5692 C:\Program Files\McAfee\VirusScan Enterprise\entvutil.exe - ok
20:09:37.0089 5692 [ 921776BC5F51BD7E14CF969648859AD9 ] C:\Windows\CCM\ExecEngn.dll
20:09:37.0089 5692 C:\Windows\CCM\ExecEngn.dll - ok
20:09:37.0105 5692 [ 2FCDAB0DFA21F8B39329C345E6802649 ] C:\Windows\ccmcache\b\Dell.IS.LocalAdmin.InvokeAccessRAP.exe
20:09:37.0105 5692 C:\Windows\ccmcache\b\Dell.IS.LocalAdmin.InvokeAccessRAP.exe - ok
20:09:37.0105 5692 [ 600EBE2AF92ACEFE2915A1C9B2633CFE ] C:\Windows\CCM\StandardEventForwarder.dll
20:09:37.0105 5692 C:\Windows\CCM\StandardEventForwarder.dll - ok
20:09:37.0105 5692 [ D9CECD8CEF0062E458C43F1799D722F0 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d8e7934f5f7b585a06506b3fa400523e\System.Management.ni.dll
20:09:37.0105 5692 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d8e7934f5f7b585a06506b3fa400523e\System.Management.ni.dll - ok
20:09:37.0120 5692 [ 3F44FEAF98FCC8D8745A8611EF17E36B ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
20:09:37.0120 5692 C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll - ok
20:09:37.0120 5692 [ 4B93B47C27251D272EA6D30E7141970C ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f9b355964f769742066ae51967d801e5\System.DirectoryServices.ni.dll
20:09:37.0120 5692 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f9b355964f769742066ae51967d801e5\System.DirectoryServices.ni.dll - ok
20:09:37.0120 5692 [ B7D2873EC0487646CCDF740AF748852C ] C:\Windows\System32\adsnt.dll
20:09:37.0120 5692 C:\Windows\System32\adsnt.dll - ok
20:09:37.0136 5692 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\48040057.sys
20:09:37.0136 5692 C:\Windows\System32\drivers\48040057.sys - ok
20:09:37.0136 5692 ============================================================
20:09:37.0136 5692 Scan finished
20:09:37.0136 5692 ============================================================
20:09:37.0136 5672 Detected object count: 0
20:09:37.0151 5672 Actual detected object count: 0


ASWmbr

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-15 20:13:43
-----------------------------
20:13:43.556 OS Version: Windows 6.1.7600
20:13:43.556 Number of processors: 2 586 0x170A
20:13:43.572 ComputerName: WN7-D3YYVL1 UserName: John_Hock
20:14:13.992 Initialize success
20:17:23.169 AVAST engine defs: 12121502
20:17:36.101 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:17:36.101 Disk 0 Vendor: ST916031 D005 Size: 152627MB BusType: 8
20:17:36.132 Disk 0 MBR read successfully
20:17:36.132 Disk 0 MBR scan
20:17:36.163 Disk 0 unknown MBR code
20:17:36.179 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS 152625 MB offset 2048
20:17:36.226 Disk 0 scanning sectors +312578048
20:17:36.257 Disk 0 scanning C:\Windows\system32\drivers
20:17:36.304 Service scanning
20:19:21.339 Service SafeBoot C:\Windows\System32\Drivers\SafeBoot.sys **LOCKED** 32
20:20:08.264 Modules scanning
20:20:10.744 Disk 0 trace - called modules:
20:20:10.760 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
20:20:10.775 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x885495e0]
20:20:10.775 3 CLASSPNP.SYS[8d4b659e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86ac2028]
20:20:11.883 AVAST engine scan C:\Windows
20:20:11.914 AVAST engine scan C:\Windows\system32
20:20:11.930 AVAST engine scan C:\Windows\system32\drivers
20:20:11.945 AVAST engine scan C:\Users\john_hock
20:20:11.977 AVAST engine scan C:\ProgramData
20:20:11.977 Scan finished successfully
20:20:36.422 Disk 0 MBR has been saved successfully to "C:\Users\john_hock\Desktop\MBR.dat"
20:20:36.469 The log file has been saved successfully to "C:\Users\john_hock\Desktop\aswMBR.txt"


Thanks for everything!

John

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 15 December 2012 - 11:35 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 johnhock

johnhock
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 16 December 2012 - 10:58 AM

Hi Gringo,

Everything appears to be functioning normally. Here's the lo from ComboFix:

ComboFix 12-12-14.01 - John_Hock 12/16/2012 9:33.2.2 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3572.2502 [GMT -6:00]
Running from: c:\users\john_hock\Desktop\ComboFix.exe
Command switches used :: c:\users\john_hock\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-11-16 to 2012-12-16 )))))))))))))))))))))))))))))))
.
.
2012-12-16 15:45 . 2012-12-16 15:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-16 15:45 . 2012-12-16 15:45 -------- d-----w- c:\users\admroland_cortez\AppData\Local\temp
2012-12-15 15:05 . 2012-12-16 15:45 -------- d-----w- c:\users\john_hock\AppData\Local\temp
2012-12-14 15:12 . 2012-12-14 15:12 -------- d-----w- c:\users\john_hock\AppData\Local\ElevatedDiagnostics
2012-12-14 08:08 . 2012-11-05 14:03 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-14 08:08 . 2012-11-05 14:03 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 08:08 . 2012-11-02 04:48 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-12-14 08:06 . 2012-11-09 04:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-14 08:03 . 2012-11-12 11:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-12-14 08:03 . 2012-10-27 04:59 44544 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-01 08:15 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E15E64A4-9F14-4721-8D4E-FA1823816EAF}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 04:48 . 2012-04-01 02:53 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-13 04:48 . 2011-06-16 13:11 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-29 19:02 . 2012-10-29 19:02 188416 ----a-w- c:\windows\ADDMRemQuery_x86.exe
2012-09-25 21:55 . 2012-11-16 14:15 78336 ----a-w- c:\windows\system32\synceng.dll
2012-08-22 05:47 . 2012-03-29 01:25 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Steam"="c:\program files\Steam\Steam.exe" [2012-12-03 1354736]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2012-07-30 5164632]
"SoftGridTray"="c:\program files\Microsoft Application Virtualization Client\SFTTray.exe" [2010-12-27 853352]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2010-10-15 140608]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-03-26 124224]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-24 278528]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-03-24 495711]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-19 13838952]
"SafeBootTrayManager"="c:\program files\SafeBoot Tray Manager\SbTrayManager.exe" [2009-08-19 69632]
"SafeBootTokenWatcher"="c:\program files\McAfee\Endpoint Encryption for PC\SbTokWatch.exe" [2010-06-10 172092]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Jabra Device Service.lnk - c:\program files\Jabra\Jabra PC Suite\JabraDeviceService.exe [2011-3-18 550912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbNp scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"AutoUpdatesDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 dsiasrv;DSM CM Inventory Agent;c:\program files\Dell\SysMgt\dsia\bin\DsiaSrv32.exe [x]
R3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
R3 dc21x4vm;dc21x4vm;c:\windows\system32\DRIVERS\dc21x4vm.sys [x]
R3 DIGITECH;DIGITECH;c:\windows\system32\DRIVERS\DIGITECH.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 JabraDFU;Jabra Bluecore DFU driver;c:\windows\system32\Drivers\JabraBcDfuWhqlXPx86.sys [x]
R3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\Microsoft Policy Platform\policyHost.exe [x]
R3 lppsvc;Microsoft Policy Platform Processor;c:\program files\Microsoft Policy Platform\policyHost.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 QCFilterdl;Dell Wireless 5600 (EV-DO-HSPA) Mobile Broadband Mini-Card Composite Device Filter Driver;c:\windows\system32\DRIVERS\qcfilterdl.sys [x]
R3 qcfilterdl2k;Gobi 2000 USB Composite Device Filter Driver(413C-8186);c:\windows\system32\DRIVERS\qcfilterdl2k.sys [x]
R3 qcusbserdl;Dell USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbserdl.sys [x]
R3 qcusbserdl2k;Gobi 2000 USB Device for Legacy Serial Communication(413C-8186);c:\windows\system32\DRIVERS\qcusbserdl2k.sys [x]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [x]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [x]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
R3 tcm;tcm;c:\windows\system32\DRIVERS\tcm.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SBAlg;SBAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\john_hock\Desktop\Emsisoftemergencykit\Run\a2ddax86.sys [x]
S1 enstart_;enstart_;c:\windows\system32\enstart_.sys [x]
S1 RsvLock;RsvLock; [x]
S1 SbFlop;SbFlop; [x]
S1 SbRegFlt;SbRegFlt; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\aestsrv.exe [x]
S2 CmRcService;Configuration Manager Remote Control;c:\windows\CCM\RemCtrl\CmRcService.exe [x]
S2 enstart;enstart;c:\windows\system32\enstart.exe [x]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NightWatchman;1E NightWatchman;c:\program files\1E\Agent\NightWatchman\NwmSvc.exe [x]
S2 NomadBranch;1E Nomad Branch;c:\program files\1E\NomadBranch\NomadBranch.exe [x]
S2 SafeBootClientManager;SafeBoot Client Manager;c:\program files\McAfee\Endpoint Encryption for PC\SbClientManager.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 WakeUpAgt;1E WakeUp Agent;c:\program files\1E\Agent\WakeUp\WakeUpAgt.exe [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [x]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 64753582
*Deregistered* - 64753582
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 04:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://wxp-9lv50c1.aus.amer.dell.com/snp/default.html
uInternet Settings,ProxyServer = http=proxy:80;https=proxy:80;ftp=proxy:80;gopher=proxy:80;socks=proxy:80
uInternet Settings,ProxyOverride = 143.166.*;*.dell.co*;163.244.*;10.*;127.*;198.185.237.*;*.corptvl.com;ORL10PLUSWS01.CSERVER;dell.mtgworksphere.com;dellhome.mtgworksphere.com;64.207.0.*;*.tbgfinancial.com;myinvoice.csd.disa.mil;vdc.emc.com;192.0.2.*;*.servigistics.com
Trusted Zone: activationnow.com\dell
Trusted Zone: activationnow.com\dell-ist
Trusted Zone: convergencenow.eu\dell
Trusted Zone: dell.com\browsestaging
Trusted Zone: dell.com\browsewip
Trusted Zone: dell.com\chat2.ap
Trusted Zone: dell.com\chat2.euro
Trusted Zone: dell.com\chat2.us
Trusted Zone: dell.com\chat4.us
Trusted Zone: dell.com\chat5.us
Trusted Zone: dell.com\china
Trusted Zone: dell.com\content
Trusted Zone: dell.com\dcv
Trusted Zone: dell.com\dellapjemailresponse.us
Trusted Zone: dell.com\dellemailresponse.us
Trusted Zone: dell.com\dellemeaemailresponse.us
Trusted Zone: dell.com\dellserv.aus.amer
Trusted Zone: dell.com\delta-apj.pen.apac
Trusted Zone: dell.com\delta-emea.lim.emea
Trusted Zone: dell.com\delta.pen.apac
Trusted Zone: dell.com\ecomm
Trusted Zone: dell.com\ecomm.apj
Trusted Zone: dell.com\ecomm.euro
Trusted Zone: dell.com\isp-apj.us
Trusted Zone: dell.com\isp.us
Trusted Zone: dell.com\kcs
Trusted Zone: dell.com\kulapjdcssap.kul.apac
Trusted Zone: dell.com\learnwip
Trusted Zone: dell.com\Onedellway.us
Trusted Zone: dell.com\onespot
Trusted Zone: dell.com\pbar.us
Trusted Zone: dell.com\reviews
Trusted Zone: dell.com\www
Trusted Zone: elementk.com\contenthub
Trusted Zone: force.com\*
Trusted Zone: on24.com\event
Trusted Zone: perotsystems.com
Trusted Zone: perotsystems.net
Trusted Zone: ps.net
Trusted Zone: salesforce.com\*
TCP: DhcpNameServer = 192.168.1.254
DPF: Shopping.Probe
FF - ProfilePath - c:\users\john_hock\AppData\Roaming\Mozilla\Firefox\Profiles\keood3g2.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-81852853.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(560)
c:\windows\system32\SbNp.DLL
.
- - - - - - - > 'Explorer.exe'(5836)
c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll
c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
.
Completion time: 2012-12-16 09:48:43
ComboFix-quarantined-files.txt 2012-12-16 15:48
ComboFix2.txt 2012-12-15 15:08
.
Pre-Run: 78,185,754,624 bytes free
Post-Run: 78,158,745,600 bytes free
.
- - End Of File - - 3D2ED0A106B25A15845CBA7532B5EC91

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 16 December 2012 - 12:58 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Coupon Printer for Windows
Java™ 6 Update 23
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 21 December 2012 - 12:12 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 johnhock

johnhock
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 25 December 2012 - 01:02 AM

Merry Christmas, Gringo!

Here are the logs:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.25.02

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
John_Hock :: WN7-D3YYVL1 [administrator]

12/24/2012 11:39:35 PM
mbam-log-2012-12-24 (23-39-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227869
Time elapsed: 13 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl|1 (Malware.Trace) -> Data: Windows CardSpace -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:56:32 PM, on 12/24/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17153)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\1E\Agent\NightWatchman\NWMCLI.EXE
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe
C:\Program Files\McAfee\Endpoint Encryption for PC\SbTokWatch.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Windows\CCM\SCNotification.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\taskhost.exe
C:\Users\john_hock\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wxp-9lv50c1.aus.amer.dell.com/snp/default.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://dellwebfarm.us.dell.com/DRAGNet/PAC/PAC-Global.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [SoftGridTray] "C:\Program Files\Microsoft Application Virtualization Client\SFTTray.exe" /autostart
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SafeBootTrayManager] "C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe"
O4 - HKLM\..\Run: [SafeBootTokenWatcher] "C:\Program Files\McAfee\Endpoint Encryption for PC\SbTokWatch.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - Global Startup: Jabra Device Service.lnk = C:\Program Files\Jabra\Jabra PC Suite\JabraDeviceService.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O15 - Trusted Zone: browsestaging.dell.com
O15 - Trusted Zone: browsewip.dell.com
O15 - Trusted Zone: http://chat2.ap.dell.com
O15 - Trusted Zone: http://chat2.euro.dell.com
O15 - Trusted Zone: china.dell.com
O15 - Trusted Zone: content.dell.com
O15 - Trusted Zone: http://dcv.dell.com
O15 - Trusted Zone: http://dellapjemailresponse.us.dell.com
O15 - Trusted Zone: http://dellemailresponse.us.dell.com
O15 - Trusted Zone: http://dellemeaemailresponse.us.dell.com
O15 - Trusted Zone: http://dellserv.aus.amer.dell.com
O15 - Trusted Zone: http://delta-apj.pen.apac.dell.com
O15 - Trusted Zone: http://delta-emea.lim.emea.dell.com
O15 - Trusted Zone: http://delta.pen.apac.dell.com
O15 - Trusted Zone: ecomm.dell.com
O15 - Trusted Zone: ecomm.apj.dell.com
O15 - Trusted Zone: ecomm.euro.dell.com
O15 - Trusted Zone: http://isp-apj.us.dell.com
O15 - Trusted Zone: http://isp.us.dell.com
O15 - Trusted Zone: http://kcs.dell.com
O15 - Trusted Zone: http://kulapjdcssap.kul.apac.dell.com
O15 - Trusted Zone: learnwip.dell.com
O15 - Trusted Zone: Onedellway.us.dell.com
O15 - Trusted Zone: onespot.dell.com
O15 - Trusted Zone: pbar.us.dell.com
O15 - Trusted Zone: reviews.dell.com
O15 - Trusted Zone: www.dell.com
O15 - Trusted Zone: contenthub.elementk.com
O15 - Trusted Zone: http://event.on24.com
O15 - Trusted Zone: *.perotsystems.com
O15 - Trusted Zone: *.perotsystems.net
O15 - Trusted Zone: *.ps.net
O16 - DPF: Shopping.Probe -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ingrammicro.webex.com/client/T27L10NSP11EP14/webex/ieatgpc1.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amer.dell.com
O17 - HKLM\Software\..\Telephony: DomainName = aus.amer.dell.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{26C5E8F5-CD10-4EB2-B387-8254A68D2E92}: Domain = us.dell.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{26C5E8F5-CD10-4EB2-B387-8254A68D2E92}: NameServer = 143.166.216.237 143.166.220.125
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = amer.dell.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = amer.dell.com
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\aestsrv.exe
O23 - Service: DSM CM Inventory Agent (dsiasrv) - Dell Inc. - C:\Program Files\Dell\SysMgt\dsia\bin\DsiaSrv32.exe
O23 - Service: enstart - Unknown owner - C:\Windows\system32\enstart.exe
O23 - Service: Iap - Dell Inc. - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iClarityQoSService - Avaya Inc. - C:\Windows\system32\\QosServM.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: 1E NightWatchman (NightWatchman) - 1E - C:\Program Files\1E\Agent\NightWatchman\NwmSvc.exe
O23 - Service: 1E Nomad Branch (NomadBranch) - 1E - C:\Program Files\1E\NomadBranch\NomadBranch.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SafeBoot Client Manager (SafeBootClientManager) - McAfee, Inc. - C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientManager.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: 1E WakeUp Agent (WakeUpAgt) - 1E - C:\Program Files\1E\Agent\WakeUp\WakeUpAgt.exe

--
End of file - 9640 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 25 December 2012 - 06:50 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
      O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 28 December 2012 - 12:23 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users