Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Ransomware 64-bit Win7


  • This topic is locked This topic is locked
17 replies to this topic

#1 Chuck F

Chuck F

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 20 December 2012 - 11:50 PM

I'm wanting to remove this virus/malware. All of the removal methods I've found in my research involve going into safe mode, including the Emsisoft that bleeping computer suggests. It's not letting me go into safe model It'll load up, then immediately shut down and reboot. Any suggestions? Is it possible to put an operating system on a 15 gig flash drive and run the removal tool from that?

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:04 PM

Posted 21 December 2012 - 11:01 AM

Hello Chuck F,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.





For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Chuck F

Chuck F
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 28 December 2012 - 12:28 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2012
Ran by SYSTEM at 28-12-2012 09:11:57
Running from K:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10060832 2010-02-08] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2076272 2012-11-02] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [105120 2012-08-24] (PC Tools)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] ()
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [295072 2012-12-19] (RealNetworks, Inc.)
HKU\Chuck Foster\...\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun [1327440 2011-11-22] (Comfort Software Group)
HKU\Chuck Foster\...\Run: [Akamai NetSession Interface] "C:\Users\Chuck Foster\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)
HKU\Chuck Foster\...\Winlogon: [Shell] explorer.exe,C:\Users\Chuck Foster\AppData\Roaming\skype.dat [94720 2011-11-16] ()
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [560128 2010-10-31] (Dell)
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-01-13] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$6cec3e14907c5b35c62437bb5daf88dc\n. ATTENTION! ====> ZeroAccess
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
Startup: C:\Users\All Users\Start Menu\Programs\Startup\SetPointII.lnk
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
Startup: C:\Users\Chuck Foster\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ===================

3 DMDefragService; C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [1147040 2012-08-24] (PC Tools)
3 DMRepairService; C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [1134240 2012-08-24] (PC Tools)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
4 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-24] (PC Tools)
2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [976728 2012-07-29] (Trusteer Ltd.)
2 RealNetworks Downloader Resolver Service; "C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe" [38608 2012-11-29] ()
4 RichVideo; "C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe" [167936 2005-08-07] ()

==================== Drivers (Whitelisted) =====================

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
3 PCTDMDefrag; C:\Windows\System32\Drivers\PCTDMDefrag.sys [163440 2011-12-12] (PC Tools)
3 PCTDMDefrag; C:\Windows\SysWow64\Drivers\PCTDMDefrag.sys [108864 2011-12-12] (PC Tools)
3 PCTDSMon; C:\Windows\System32\Drivers\PCTDSMon.sys [191104 2011-12-12] (PC Tools)
3 pmxdrv; C:\Windows\System32\Drivers\pmxdrv.sys [38536 2012-10-06] ()
1 RapportCerberus_43926; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [505720 2012-10-30] ()
1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55096 2012-07-29] (Trusteer Ltd.)
0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [101688 2012-07-29] (Trusteer Ltd.)
1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [297240 2012-07-29] (Trusteer Ltd.)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-20 19:13 - 2012-12-20 21:58 - 00000004 ____A C:\Users\Chuck Foster\Application Data\skype.ini
2012-12-20 19:13 - 2012-12-20 21:58 - 00000004 ____A C:\Users\Chuck Foster\AppData\Roaming\skype.ini
2012-12-20 19:13 - 2012-12-20 19:13 - 00094720 ____A C:\Users\Chuck Foster\2716927.exe
2012-12-20 07:37 - 2012-12-20 07:37 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{17A4B1D6-E043-4001-B398-AB8BA44DE346}
2012-12-20 07:37 - 2012-12-20 07:37 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{17A4B1D6-E043-4001-B398-AB8BA44DE346}
2012-12-20 07:37 - 2012-12-20 07:37 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{17A4B1D6-E043-4001-B398-AB8BA44DE346}
2012-12-19 07:56 - 2012-12-19 07:56 - 00000000 ____D C:\Users\Chuck Foster\Application Data\RealNetworks
2012-12-19 07:56 - 2012-12-19 07:56 - 00000000 ____D C:\Users\Chuck Foster\AppData\Roaming\RealNetworks
2012-12-19 07:55 - 2012-12-19 07:55 - 00001046 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-12-19 07:55 - 2012-12-19 07:55 - 00001046 ____A C:\Users\All Users\Desktop\RealPlayer.lnk
2012-12-19 07:55 - 2012-12-19 07:55 - 00000000 ____D C:\Users\All Users\RealNetworks
2012-12-19 07:55 - 2012-12-19 07:55 - 00000000 ____D C:\Users\All Users\Application Data\RealNetworks
2012-12-19 07:55 - 2012-12-19 07:55 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2012-12-19 07:54 - 2012-12-19 07:54 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-12-19 07:54 - 2012-12-19 07:54 - 00201424 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-12-19 07:54 - 2012-12-19 07:54 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-12-19 07:54 - 2012-12-19 07:54 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-12-19 07:53 - 2012-12-19 07:53 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-12-19 07:53 - 2012-12-19 07:53 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-12-18 21:07 - 2012-12-18 21:07 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-12-18 21:07 - 2012-12-18 21:07 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-12-18 21:07 - 2012-12-18 21:07 - 00000000 ____D C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-18 21:07 - 2012-12-18 21:07 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-18 21:07 - 2012-12-18 21:07 - 00000000 ____D C:\Program Files\iTunes
2012-12-18 21:07 - 2012-12-18 21:07 - 00000000 ____D C:\Program Files\iPod
2012-12-18 21:07 - 2012-12-18 21:07 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-12-18 19:47 - 2012-12-18 19:47 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{F0EC9437-E8EC-4BA6-A046-EAE41E9D7E3A}
2012-12-18 19:47 - 2012-12-18 19:47 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{F0EC9437-E8EC-4BA6-A046-EAE41E9D7E3A}
2012-12-18 19:47 - 2012-12-18 19:47 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{F0EC9437-E8EC-4BA6-A046-EAE41E9D7E3A}
2012-12-16 23:49 - 2012-12-16 23:49 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{58E073B2-9903-4A6D-AD10-02E5112B5709}
2012-12-16 23:49 - 2012-12-16 23:49 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{58E073B2-9903-4A6D-AD10-02E5112B5709}
2012-12-16 23:49 - 2012-12-16 23:49 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{58E073B2-9903-4A6D-AD10-02E5112B5709}
2012-12-16 11:48 - 2012-12-16 11:48 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{AF38BE86-9C56-477B-BCB2-005FDC5909AA}
2012-12-16 11:48 - 2012-12-16 11:48 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{AF38BE86-9C56-477B-BCB2-005FDC5909AA}
2012-12-16 11:48 - 2012-12-16 11:48 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{AF38BE86-9C56-477B-BCB2-005FDC5909AA}
2012-12-15 17:00 - 2012-12-15 17:00 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{1E2BBA5B-82AA-4791-99FD-841A22F3582D}
2012-12-15 17:00 - 2012-12-15 17:00 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{1E2BBA5B-82AA-4791-99FD-841A22F3582D}
2012-12-15 17:00 - 2012-12-15 17:00 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{1E2BBA5B-82AA-4791-99FD-841A22F3582D}
2012-12-14 18:23 - 2012-12-14 18:23 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{1DE65F84-AB71-419A-ADF3-F7826B74DD2A}
2012-12-14 18:23 - 2012-12-14 18:23 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{1DE65F84-AB71-419A-ADF3-F7826B74DD2A}
2012-12-14 18:23 - 2012-12-14 18:23 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{1DE65F84-AB71-419A-ADF3-F7826B74DD2A}
2012-12-13 18:20 - 2012-12-13 18:20 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{19597908-354D-45E1-8CA8-487D02447F18}
2012-12-13 18:20 - 2012-12-13 18:20 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{19597908-354D-45E1-8CA8-487D02447F18}
2012-12-13 18:20 - 2012-12-13 18:20 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{19597908-354D-45E1-8CA8-487D02447F18}
2012-12-12 21:20 - 2012-12-12 21:21 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{F93ECF30-2975-4120-AEBA-2F4B007FDC30}
2012-12-12 21:20 - 2012-12-12 21:21 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{F93ECF30-2975-4120-AEBA-2F4B007FDC30}
2012-12-12 21:20 - 2012-12-12 21:21 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{F93ECF30-2975-4120-AEBA-2F4B007FDC30}
2012-12-12 21:01 - 2012-12-12 21:01 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01011.Wdf
2012-12-12 21:01 - 2012-12-12 21:01 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2012-12-12 21:00 - 2012-12-12 21:00 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2012-12-12 21:00 - 2012-11-14 01:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-12 21:00 - 2012-11-14 00:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-12 21:00 - 2012-11-14 00:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-12 21:00 - 2012-11-14 00:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-12 21:00 - 2012-11-14 00:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-12 21:00 - 2012-11-14 00:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-12 21:00 - 2012-11-14 00:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-12 21:00 - 2012-11-13 23:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-12 21:00 - 2012-11-13 23:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-12 21:00 - 2012-11-13 23:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-12 21:00 - 2012-11-13 23:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-12 21:00 - 2012-11-13 23:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-12 21:00 - 2012-11-13 23:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-12 21:00 - 2012-11-13 23:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-12 21:00 - 2012-11-13 23:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-12 21:00 - 2012-11-13 23:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-12 21:00 - 2012-11-13 20:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-12 21:00 - 2012-11-13 20:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-12 21:00 - 2012-11-13 20:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-12 21:00 - 2012-11-13 19:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-12 21:00 - 2012-11-13 19:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-12 21:00 - 2012-11-13 19:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-12 21:00 - 2012-11-13 19:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-12 21:00 - 2012-11-13 19:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-12 21:00 - 2012-11-13 19:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-12 21:00 - 2012-11-13 19:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-12 21:00 - 2012-11-13 19:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-12 21:00 - 2012-11-13 19:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-12 21:00 - 2012-11-13 19:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-12 21:00 - 2012-11-13 19:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-12 21:00 - 2012-11-13 19:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-12 21:00 - 2012-11-13 19:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-12 19:07 - 2012-11-21 21:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-12 19:07 - 2012-11-08 23:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-12 19:07 - 2012-11-08 22:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-12 19:07 - 2012-11-05 15:35 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-12 19:07 - 2012-11-05 14:41 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-12 19:07 - 2012-11-05 14:32 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-12 19:07 - 2012-11-05 14:32 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-12 19:07 - 2012-10-04 11:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-12-12 19:07 - 2012-10-04 11:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-12-12 19:07 - 2012-10-04 11:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-12-12 19:07 - 2012-10-04 11:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-12 19:07 - 2012-10-04 11:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-12-12 19:07 - 2012-10-04 11:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-12 19:07 - 2012-10-04 11:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-12-12 19:07 - 2012-10-04 10:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-12 19:07 - 2012-10-04 10:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 09:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-12 19:07 - 2012-10-04 08:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-12-12 19:07 - 2012-10-04 08:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-12-12 19:07 - 2012-10-04 08:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-12-12 19:07 - 2012-10-04 08:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-12 19:07 - 2012-10-04 08:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 08:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 08:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 08:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-12 19:06 - 2012-11-01 23:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-12 19:06 - 2012-11-01 23:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-11 19:51 - 2012-12-11 19:51 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{C0C2F4B7-7547-4A5F-8479-CE4CBED15446}
2012-12-11 19:51 - 2012-12-11 19:51 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{C0C2F4B7-7547-4A5F-8479-CE4CBED15446}
2012-12-11 19:51 - 2012-12-11 19:51 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{C0C2F4B7-7547-4A5F-8479-CE4CBED15446}
2012-12-11 00:08 - 2012-12-11 00:09 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{C2C2278D-B4ED-4943-B952-9F1EEA862B4C}
2012-12-11 00:08 - 2012-12-11 00:09 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{C2C2278D-B4ED-4943-B952-9F1EEA862B4C}
2012-12-11 00:08 - 2012-12-11 00:09 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{C2C2278D-B4ED-4943-B952-9F1EEA862B4C}
2012-12-09 10:39 - 2012-12-09 10:39 - 00000902 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2012-12-09 10:39 - 2012-12-09 10:39 - 00000902 ____A C:\Users\All Users\Desktop\Nexus Mod Manager.lnk
2012-12-09 09:46 - 2012-12-09 09:46 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{C845E425-FC92-4A0D-B08C-1CE3FC520B4F}
2012-12-09 09:46 - 2012-12-09 09:46 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{C845E425-FC92-4A0D-B08C-1CE3FC520B4F}
2012-12-09 09:46 - 2012-12-09 09:46 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{C845E425-FC92-4A0D-B08C-1CE3FC520B4F}
2012-12-08 13:10 - 2012-12-08 13:10 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{A7FD6583-75E9-4465-A857-D713168FF127}
2012-12-08 13:10 - 2012-12-08 13:10 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{A7FD6583-75E9-4465-A857-D713168FF127}
2012-12-08 13:10 - 2012-12-08 13:10 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{A7FD6583-75E9-4465-A857-D713168FF127}
2012-12-08 02:34 - 2012-12-08 02:34 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\GameStop
2012-12-08 02:34 - 2012-12-08 02:34 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\GameStop
2012-12-08 02:34 - 2012-12-08 02:34 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\GameStop
2012-12-08 02:34 - 2012-12-08 02:34 - 00000000 ____D C:\Users\All Users\GameStop
2012-12-08 02:34 - 2012-12-08 02:34 - 00000000 ____D C:\Users\All Users\Application Data\GameStop
2012-12-08 01:09 - 2012-12-08 01:09 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{F84395C2-382C-49B6-AFFE-3C740970CE4A}
2012-12-08 01:09 - 2012-12-08 01:09 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{F84395C2-382C-49B6-AFFE-3C740970CE4A}
2012-12-08 01:09 - 2012-12-08 01:09 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{F84395C2-382C-49B6-AFFE-3C740970CE4A}
2012-12-03 20:12 - 2012-12-03 20:12 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{F0381C8B-1635-469F-B018-03E4ECF6EA22}
2012-12-03 20:12 - 2012-12-03 20:12 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{F0381C8B-1635-469F-B018-03E4ECF6EA22}
2012-12-03 20:12 - 2012-12-03 20:12 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{F0381C8B-1635-469F-B018-03E4ECF6EA22}
2012-12-02 15:42 - 2012-12-02 15:42 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{EF848E6A-5A49-4017-B8E4-886E8FFE5275}
2012-12-02 15:42 - 2012-12-02 15:42 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{EF848E6A-5A49-4017-B8E4-886E8FFE5275}
2012-12-02 15:42 - 2012-12-02 15:42 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{EF848E6A-5A49-4017-B8E4-886E8FFE5275}
2012-12-01 17:40 - 2012-12-01 17:40 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{7E63B0C2-FA7F-49D0-826A-90048DD4E6A6}
2012-12-01 17:40 - 2012-12-01 17:40 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{7E63B0C2-FA7F-49D0-826A-90048DD4E6A6}
2012-12-01 17:40 - 2012-12-01 17:40 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{7E63B0C2-FA7F-49D0-826A-90048DD4E6A6}
2012-11-30 07:41 - 2012-11-30 07:41 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{6E54FB23-166F-491F-8594-F4964BD2B7A9}
2012-11-30 07:41 - 2012-11-30 07:41 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{6E54FB23-166F-491F-8594-F4964BD2B7A9}
2012-11-30 07:41 - 2012-11-30 07:41 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{6E54FB23-166F-491F-8594-F4964BD2B7A9}


==================== One Month Modified Files and Folders =======

2012-12-28 09:11 - 2012-12-28 09:11 - 00000000 ____D C:\FRST
2012-12-20 22:45 - 2011-05-15 19:22 - 00050692 ____A C:\Windows\setupact.log
2012-12-20 22:45 - 2009-07-13 23:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-20 22:43 - 2009-07-13 23:10 - 01754425 ____A C:\Windows\WindowsUpdate.log
2012-12-20 22:41 - 2012-08-22 07:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-20 22:16 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-20 22:16 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-20 22:13 - 2010-11-08 00:14 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-20 21:58 - 2012-12-20 19:13 - 00000004 ____A C:\Users\Chuck Foster\Application Data\skype.ini
2012-12-20 21:58 - 2012-12-20 19:13 - 00000004 ____A C:\Users\Chuck Foster\AppData\Roaming\skype.ini
2012-12-20 21:58 - 2012-04-04 23:44 - 00000292 ____A C:\Windows\Tasks\PTSchedule.job
2012-12-20 21:57 - 2012-11-13 20:32 - 00000300 ____A C:\Windows\Tasks\PTAutoUpdate.job
2012-12-20 21:57 - 2011-11-25 10:53 - 00000280 ____A C:\Windows\SysWOW64\AppLog.log
2012-12-20 21:57 - 2010-11-08 00:14 - 00000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-20 21:57 - 2010-10-30 19:44 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\SoftThinks
2012-12-20 21:57 - 2010-10-30 19:44 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\SoftThinks
2012-12-20 21:57 - 2010-10-30 19:44 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\SoftThinks
2012-12-20 19:22 - 2010-10-28 07:31 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-12-20 19:13 - 2012-12-20 19:13 - 00094720 ____A C:\Users\Chuck Foster\2716927.exe
2012-12-20 19:13 - 2010-10-30 19:44 - 00000000 ____D C:\users\Chuck Foster
2012-12-20 07:37 - 2012-12-20 07:37 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{17A4B1D6-E043-4001-B398-AB8BA44DE346}
2012-12-20 07:37 - 2012-12-20 07:37 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{17A4B1D6-E043-4001-B398-AB8BA44DE346}
2012-12-20 07:37 - 2012-12-20 07:37 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{17A4B1D6-E043-4001-B398-AB8BA44DE346}
2012-12-19 07:57 - 2010-10-30 21:13 - 00000000 ____D C:\Users\All Users\Real
2012-12-19 07:57 - 2010-10-30 21:13 - 00000000 ____D C:\Users\All Users\Application Data\Real
2012-12-19 07:56 - 2012-12-19 07:56 - 00000000 ____D C:\Users\Chuck Foster\Application Data\RealNetworks
2012-12-19 07:56 - 2012-12-19 07:56 - 00000000 ____D C:\Users\Chuck Foster\AppData\Roaming\RealNetworks
2012-12-19 07:55 - 2012-12-19 07:55 - 00001046 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-12-19 07:55 - 2012-12-19 07:55 - 00001046 ____A C:\Users\All Users\Desktop\RealPlayer.lnk
2012-12-19 07:55 - 2012-12-19 07:55 - 00000000 ____D C:\Users\All Users\RealNetworks
2012-12-19 07:55 - 2012-12-19 07:55 - 00000000 ____D C:\Users\All Users\Application Data\RealNetworks
2012-12-19 07:55 - 2012-12-19 07:55 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2012-12-19 07:55 - 2010-10-30 21:13 - 00000000 ____D C:\Users\Chuck Foster\Application Data\Real
2012-12-19 07:55 - 2010-10-30 21:13 - 00000000 ____D C:\Users\Chuck Foster\AppData\Roaming\Real
2012-12-19 07:54 - 2012-12-19 07:54 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-12-19 07:54 - 2012-12-19 07:54 - 00201424 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-12-19 07:54 - 2012-12-19 07:54 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-12-19 07:54 - 2012-12-19 07:54 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-12-19 07:54 - 2010-10-30 21:13 - 00000000 ____D C:\Program Files (x86)\Real
2012-12-19 07:53 - 2012-12-19 07:53 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-12-19 07:53 - 2012-12-19 07:53 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-12-18 23:45 - 2010-10-30 21:25 - 00000000 ____D C:\Program Files (x86)\Steam
2012-12-18 21:07 - 2012-12-18 21:07 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-12-18 21:07 - 2012-12-18 21:07 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-12-18 21:07 - 2012-12-18 21:07 - 00000000 ____D C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-18 21:07 - 2012-12-18 21:07 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-18 21:07 - 2012-12-18 21:07 - 00000000 ____D C:\Program Files\iTunes
2012-12-18 21:07 - 2012-12-18 21:07 - 00000000 ____D C:\Program Files\iPod
2012-12-18 21:07 - 2012-12-18 21:07 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-12-18 19:47 - 2012-12-18 19:47 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{F0EC9437-E8EC-4BA6-A046-EAE41E9D7E3A}
2012-12-18 19:47 - 2012-12-18 19:47 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{F0EC9437-E8EC-4BA6-A046-EAE41E9D7E3A}
2012-12-18 19:47 - 2012-12-18 19:47 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{F0EC9437-E8EC-4BA6-A046-EAE41E9D7E3A}
2012-12-17 02:48 - 2010-11-01 01:23 - 00000000 ____D C:\Users\Chuck Foster\Application Data\SoftGrid Client
2012-12-17 02:48 - 2010-11-01 01:23 - 00000000 ____D C:\Users\Chuck Foster\AppData\Roaming\SoftGrid Client
2012-12-16 23:49 - 2012-12-16 23:49 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{58E073B2-9903-4A6D-AD10-02E5112B5709}
2012-12-16 23:49 - 2012-12-16 23:49 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{58E073B2-9903-4A6D-AD10-02E5112B5709}
2012-12-16 23:49 - 2012-12-16 23:49 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{58E073B2-9903-4A6D-AD10-02E5112B5709}
2012-12-16 11:48 - 2012-12-16 11:48 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{AF38BE86-9C56-477B-BCB2-005FDC5909AA}
2012-12-16 11:48 - 2012-12-16 11:48 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{AF38BE86-9C56-477B-BCB2-005FDC5909AA}
2012-12-16 11:48 - 2012-12-16 11:48 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{AF38BE86-9C56-477B-BCB2-005FDC5909AA}
2012-12-15 17:00 - 2012-12-15 17:00 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{1E2BBA5B-82AA-4791-99FD-841A22F3582D}
2012-12-15 17:00 - 2012-12-15 17:00 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{1E2BBA5B-82AA-4791-99FD-841A22F3582D}
2012-12-15 17:00 - 2012-12-15 17:00 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{1E2BBA5B-82AA-4791-99FD-841A22F3582D}
2012-12-15 06:54 - 2009-07-13 23:08 - 00032560 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-14 18:23 - 2012-12-14 18:23 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{1DE65F84-AB71-419A-ADF3-F7826B74DD2A}
2012-12-14 18:23 - 2012-12-14 18:23 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{1DE65F84-AB71-419A-ADF3-F7826B74DD2A}
2012-12-14 18:23 - 2012-12-14 18:23 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{1DE65F84-AB71-419A-ADF3-F7826B74DD2A}
2012-12-13 18:20 - 2012-12-13 18:20 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{19597908-354D-45E1-8CA8-487D02447F18}
2012-12-13 18:20 - 2012-12-13 18:20 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{19597908-354D-45E1-8CA8-487D02447F18}
2012-12-13 18:20 - 2012-12-13 18:20 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{19597908-354D-45E1-8CA8-487D02447F18}
2012-12-13 08:42 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2012-12-13 07:39 - 2009-07-13 22:45 - 00319712 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-12 21:21 - 2012-12-12 21:20 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{F93ECF30-2975-4120-AEBA-2F4B007FDC30}
2012-12-12 21:21 - 2012-12-12 21:20 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{F93ECF30-2975-4120-AEBA-2F4B007FDC30}
2012-12-12 21:21 - 2012-12-12 21:20 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{F93ECF30-2975-4120-AEBA-2F4B007FDC30}
2012-12-12 21:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-12-12 21:03 - 2010-10-30 20:01 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-12-12 21:01 - 2012-12-12 21:01 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01011.Wdf
2012-12-12 21:01 - 2012-12-12 21:01 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2012-12-12 21:00 - 2012-12-12 21:00 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2012-12-12 08:41 - 2012-04-04 07:21 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-12-12 08:41 - 2011-05-19 19:20 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-12-11 19:51 - 2012-12-11 19:51 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{C0C2F4B7-7547-4A5F-8479-CE4CBED15446}
2012-12-11 19:51 - 2012-12-11 19:51 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{C0C2F4B7-7547-4A5F-8479-CE4CBED15446}
2012-12-11 19:51 - 2012-12-11 19:51 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{C0C2F4B7-7547-4A5F-8479-CE4CBED15446}
2012-12-11 00:09 - 2012-12-11 00:08 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{C2C2278D-B4ED-4943-B952-9F1EEA862B4C}
2012-12-11 00:09 - 2012-12-11 00:08 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{C2C2278D-B4ED-4943-B952-9F1EEA862B4C}
2012-12-11 00:09 - 2012-12-11 00:08 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{C2C2278D-B4ED-4943-B952-9F1EEA862B4C}
2012-12-09 10:50 - 2011-11-11 20:54 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Skyrim
2012-12-09 10:50 - 2011-11-11 20:54 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\Skyrim
2012-12-09 10:50 - 2011-11-11 20:54 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\Skyrim
2012-12-09 10:39 - 2012-12-09 10:39 - 00000902 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2012-12-09 10:39 - 2012-12-09 10:39 - 00000902 ____A C:\Users\All Users\Desktop\Nexus Mod Manager.lnk
2012-12-09 10:39 - 2012-11-12 00:57 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2012-12-09 09:46 - 2012-12-09 09:46 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{C845E425-FC92-4A0D-B08C-1CE3FC520B4F}
2012-12-09 09:46 - 2012-12-09 09:46 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{C845E425-FC92-4A0D-B08C-1CE3FC520B4F}
2012-12-09 09:46 - 2012-12-09 09:46 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{C845E425-FC92-4A0D-B08C-1CE3FC520B4F}
2012-12-08 13:10 - 2012-12-08 13:10 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{A7FD6583-75E9-4465-A857-D713168FF127}
2012-12-08 13:10 - 2012-12-08 13:10 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{A7FD6583-75E9-4465-A857-D713168FF127}
2012-12-08 13:10 - 2012-12-08 13:10 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{A7FD6583-75E9-4465-A857-D713168FF127}
2012-12-08 02:34 - 2012-12-08 02:34 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\GameStop
2012-12-08 02:34 - 2012-12-08 02:34 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\GameStop
2012-12-08 02:34 - 2012-12-08 02:34 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\GameStop
2012-12-08 02:34 - 2012-12-08 02:34 - 00000000 ____D C:\Users\All Users\GameStop
2012-12-08 02:34 - 2012-12-08 02:34 - 00000000 ____D C:\Users\All Users\Application Data\GameStop
2012-12-08 01:09 - 2012-12-08 01:09 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{F84395C2-382C-49B6-AFFE-3C740970CE4A}
2012-12-08 01:09 - 2012-12-08 01:09 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{F84395C2-382C-49B6-AFFE-3C740970CE4A}
2012-12-08 01:09 - 2012-12-08 01:09 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{F84395C2-382C-49B6-AFFE-3C740970CE4A}
2012-12-05 21:46 - 2012-05-01 22:29 - 00010944 ____A C:\Users\Chuck Foster\My Documents\Empires2.xlsx
2012-12-05 21:46 - 2012-05-01 22:29 - 00010944 ____A C:\Users\Chuck Foster\Documents\Empires2.xlsx
2012-12-04 07:12 - 2011-05-19 19:18 - 00035306 ____A C:\Windows\PFRO.log
2012-12-03 21:26 - 2012-11-02 22:56 - 02646016 ____A C:\Users\Chuck Foster\My Documents\Chuck Foster's Quicken Data.QDF-backup
2012-12-03 21:26 - 2012-11-02 22:56 - 02646016 ____A C:\Users\Chuck Foster\Documents\Chuck Foster's Quicken Data.QDF-backup
2012-12-03 20:36 - 2012-10-15 20:57 - 00000000 ____D C:\Program Files (x86)\Quicken
2012-12-03 20:12 - 2012-12-03 20:12 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{F0381C8B-1635-469F-B018-03E4ECF6EA22}
2012-12-03 20:12 - 2012-12-03 20:12 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{F0381C8B-1635-469F-B018-03E4ECF6EA22}
2012-12-03 20:12 - 2012-12-03 20:12 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{F0381C8B-1635-469F-B018-03E4ECF6EA22}
2012-12-02 15:42 - 2012-12-02 15:42 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{EF848E6A-5A49-4017-B8E4-886E8FFE5275}
2012-12-02 15:42 - 2012-12-02 15:42 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{EF848E6A-5A49-4017-B8E4-886E8FFE5275}
2012-12-02 15:42 - 2012-12-02 15:42 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{EF848E6A-5A49-4017-B8E4-886E8FFE5275}
2012-12-01 17:40 - 2012-12-01 17:40 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{7E63B0C2-FA7F-49D0-826A-90048DD4E6A6}
2012-12-01 17:40 - 2012-12-01 17:40 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{7E63B0C2-FA7F-49D0-826A-90048DD4E6A6}
2012-12-01 17:40 - 2012-12-01 17:40 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{7E63B0C2-FA7F-49D0-826A-90048DD4E6A6}
2012-11-30 07:41 - 2012-11-30 07:41 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{6E54FB23-166F-491F-8594-F4964BD2B7A9}
2012-11-30 07:41 - 2012-11-30 07:41 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{6E54FB23-166F-491F-8594-F4964BD2B7A9}
2012-11-30 07:41 - 2012-11-30 07:41 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{6E54FB23-166F-491F-8594-F4964BD2B7A9}

ZeroAccess:
C:\Windows\Installer\{6cec3e14-907c-5b35-c624-37bb5daf88dc}
C:\Windows\Installer\{6cec3e14-907c-5b35-c624-37bb5daf88dc}\L
C:\Windows\Installer\{6cec3e14-907c-5b35-c624-37bb5daf88dc}\U
C:\Windows\Installer\{6cec3e14-907c-5b35-c624-37bb5daf88dc}\L\00000004.@
C:\Windows\Installer\{6cec3e14-907c-5b35-c624-37bb5daf88dc}\L\201d3dde

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$6cec3e14907c5b35c62437bb5daf88dc
C:\$Recycle.Bin\S-1-5-18\$6cec3e14907c5b35c62437bb5daf88dc\@
C:\$Recycle.Bin\S-1-5-18\$6cec3e14907c5b35c62437bb5daf88dc\L
C:\$Recycle.Bin\S-1-5-18\$6cec3e14907c5b35c62437bb5daf88dc\U
C:\$Recycle.Bin\S-1-5-18\$6cec3e14907c5b35c62437bb5daf88dc\L\00000004.@
C:\$Recycle.Bin\S-1-5-18\$6cec3e14907c5b35c62437bb5daf88dc\L\201d3dde

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1956735416-3115836590-1872934873-1001\$6cec3e14907c5b35c62437bb5daf88dc
C:\$Recycle.Bin\S-1-5-21-1956735416-3115836590-1872934873-1001\$6cec3e14907c5b35c62437bb5daf88dc\@
C:\$Recycle.Bin\S-1-5-21-1956735416-3115836590-1872934873-1001\$6cec3e14907c5b35c62437bb5daf88dc\L
C:\$Recycle.Bin\S-1-5-21-1956735416-3115836590-1872934873-1001\$6cec3e14907c5b35c62437bb5daf88dc\U

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$6cec3e14907c5b35c62437bb5daf88dc

ZeroAccess:
C:\Users\Chuck Foster\AppData\Local\{6cec3e14-907c-5b35-c624-37bb5daf88dc}
C:\Users\Chuck Foster\AppData\Local\{6cec3e14-907c-5b35-c624-37bb5daf88dc}\L
C:\Users\Chuck Foster\AppData\Local\{6cec3e14-907c-5b35-c624-37bb5daf88dc}\U

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-06 21:33:44
Restore point made on: 2012-12-12 20:59:24
Restore point made on: 2012-12-13 02:19:11
Restore point made on: 2012-12-20 03:36:28

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 6103.12 MB
Available physical RAM: 5406.58 MB
Total Pagefile: 6101.27 MB
Available Pagefile: 5400.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:921.59 GB) (Free:343.63 GB) NTFS
3 Drive e: () (Fixed) (Total:465.76 GB) (Free:465.45 GB) NTFS
8 Drive j: (RECOVERY) (Fixed) (Total:9.88 GB) (Free:3.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
9 Drive k: (USB20FD) (Removable) (Total:15.09 GB) (Free:15.09 GB) FAT32
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 465 GB 1024 KB
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 Online 15 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 9 GB 40 MB
Partition 3 Primary 921 GB 9 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 J RECOVERY NTFS Partition 9 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 921 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E NTFS Partition 465 GB Healthy

=========================================================

Partitions of Disk 6:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 24 KB

==================================================================================

Disk: 6
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K USB20FD FAT32 Removable 15 GB Healthy

=========================================================

Last Boot: 2012-12-15 12:13

==================== End Of Log =============================

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:04 PM

Posted 28 December 2012 - 02:07 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$6cec3e14907c5b35c62437bb5daf88dc\n. 
HKLM-x32\...\Run: [] [x]
C:\Windows\Installer\{6cec3e14-907c-5b35-c624-37bb5daf88dc}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\$Recycle.Bin\S-1-5-18\$6cec3e14907c5b35c62437bb5daf88dc
C:\$Recycle.Bin\S-1-5-21-1956735416-3115836590-1872934873-1001\$6cec3e14907c5b35c62437bb5daf88dc
C:\$Recycle.Bin\S-1-5-18\$6cec3e14907c5b35c62437bb5daf88dc
C:\Users\Chuck Foster\AppData\Local\{6cec3e14-907c-5b35-c624-37bb5daf88dc}


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Things to include in your next reply::
Fixlog.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Chuck F

Chuck F
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 30 December 2012 - 03:35 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2012
Ran by SYSTEM at 2012-12-29 22:21:54 Run:1
Running from K:\

==============================================

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default value was restored successfully .
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}] should be deleted in normal mode (if present).
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
C:\Windows\Installer\{6cec3e14-907c-5b35-c624-37bb5daf88dc} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\$Recycle.Bin\S-1-5-18\$6cec3e14907c5b35c62437bb5daf88dc moved successfully.
C:\$Recycle.Bin\S-1-5-21-1956735416-3115836590-1872934873-1001\$6cec3e14907c5b35c62437bb5daf88dc moved successfully.
C:\$Recycle.Bin\S-1-5-18\$6cec3e14907c5b35c62437bb5daf88dc not found.
C:\Users\Chuck Foster\AppData\Local\{6cec3e14-907c-5b35-c624-37bb5daf88dc} moved successfully.

==== End of Fixlog

Still getting the fake FBI message. It was slow booting up. I didn't try to go into safe mode so I don't know if it would have worked.

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:04 PM

Posted 30 December 2012 - 12:24 PM

Hello,

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

See if you can get into Safemode now.

Edited by fireman4it, 30 December 2012 - 12:24 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Chuck F

Chuck F
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 31 December 2012 - 03:01 AM

It didn't go into safe mode

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2012
Ran by SYSTEM at 30-12-2012 23:53:32
Running from K:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10060832 2010-02-08] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2076272 2012-11-02] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [105120 2012-08-24] (PC Tools)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] ()
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [295072 2012-12-19] (RealNetworks, Inc.)
HKU\Chuck Foster\...\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun [1327440 2011-11-22] (Comfort Software Group)
HKU\Chuck Foster\...\Run: [Akamai NetSession Interface] "C:\Users\Chuck Foster\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)
HKU\Chuck Foster\...\Winlogon: [Shell] explorer.exe,C:\Users\Chuck Foster\AppData\Roaming\skype.dat [94720 2011-11-16] ()
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [560128 2010-10-31] (Dell)
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-01-13] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
Startup: C:\Users\All Users\Start Menu\Programs\Startup\SetPointII.lnk
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
Startup: C:\Users\Chuck Foster\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ===================

3 DMDefragService; C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [1147040 2012-08-24] (PC Tools)
3 DMRepairService; C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [1134240 2012-08-24] (PC Tools)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
4 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-24] (PC Tools)
2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [976728 2012-07-29] (Trusteer Ltd.)
2 RealNetworks Downloader Resolver Service; "C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe" [38608 2012-11-29] ()
4 RichVideo; "C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe" [167936 2005-08-07] ()

==================== Drivers (Whitelisted) =====================

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
3 PCTDMDefrag; C:\Windows\System32\Drivers\PCTDMDefrag.sys [163440 2011-12-12] (PC Tools)
3 PCTDMDefrag; C:\Windows\SysWow64\Drivers\PCTDMDefrag.sys [108864 2011-12-12] (PC Tools)
3 PCTDSMon; C:\Windows\System32\Drivers\PCTDSMon.sys [191104 2011-12-12] (PC Tools)
3 pmxdrv; C:\Windows\System32\Drivers\pmxdrv.sys [38536 2012-10-06] ()
1 RapportCerberus_43926; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [505720 2012-10-30] ()
1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55096 2012-07-29] (Trusteer Ltd.)
0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [101688 2012-07-29] (Trusteer Ltd.)
1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [297240 2012-07-29] (Trusteer Ltd.)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-20 19:13 - 2012-12-30 02:26 - 00000004 ____A C:\Users\Chuck Foster\Application Data\skype.ini
2012-12-20 19:13 - 2012-12-30 02:26 - 00000004 ____A C:\Users\Chuck Foster\AppData\Roaming\skype.ini
2012-12-20 19:13 - 2012-12-20 19:13 - 00094720 ____A C:\Users\Chuck Foster\2716927.exe
2012-12-20 07:37 - 2012-12-20 07:37 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{17A4B1D6-E043-4001-B398-AB8BA44DE346}
2012-12-20 07:37 - 2012-12-20 07:37 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{17A4B1D6-E043-4001-B398-AB8BA44DE346}
2012-12-20 07:37 - 2012-12-20 07:37 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{17A4B1D6-E043-4001-B398-AB8BA44DE346}
2012-12-19 07:56 - 2012-12-19 07:56 - 00000000 ____D C:\Users\Chuck Foster\Application Data\RealNetworks
2012-12-19 07:56 - 2012-12-19 07:56 - 00000000 ____D C:\Users\Chuck Foster\AppData\Roaming\RealNetworks
2012-12-19 07:55 - 2012-12-19 07:55 - 00001046 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-12-19 07:55 - 2012-12-19 07:55 - 00001046 ____A C:\Users\All Users\Desktop\RealPlayer.lnk
2012-12-19 07:55 - 2012-12-19 07:55 - 00000000 ____D C:\Users\All Users\RealNetworks
2012-12-19 07:55 - 2012-12-19 07:55 - 00000000 ____D C:\Users\All Users\Application Data\RealNetworks
2012-12-19 07:55 - 2012-12-19 07:55 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2012-12-19 07:54 - 2012-12-19 07:54 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-12-19 07:54 - 2012-12-19 07:54 - 00201424 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-12-19 07:54 - 2012-12-19 07:54 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-12-19 07:54 - 2012-12-19 07:54 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-12-19 07:53 - 2012-12-19 07:53 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-12-19 07:53 - 2012-12-19 07:53 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-12-18 21:07 - 2012-12-18 21:07 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-12-18 21:07 - 2012-12-18 21:07 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-12-18 21:07 - 2012-12-18 21:07 - 00000000 ____D C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-18 21:07 - 2012-12-18 21:07 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-18 21:07 - 2012-12-18 21:07 - 00000000 ____D C:\Program Files\iTunes
2012-12-18 21:07 - 2012-12-18 21:07 - 00000000 ____D C:\Program Files\iPod
2012-12-18 21:07 - 2012-12-18 21:07 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-12-18 19:47 - 2012-12-18 19:47 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{F0EC9437-E8EC-4BA6-A046-EAE41E9D7E3A}
2012-12-18 19:47 - 2012-12-18 19:47 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{F0EC9437-E8EC-4BA6-A046-EAE41E9D7E3A}
2012-12-18 19:47 - 2012-12-18 19:47 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{F0EC9437-E8EC-4BA6-A046-EAE41E9D7E3A}
2012-12-16 23:49 - 2012-12-16 23:49 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{58E073B2-9903-4A6D-AD10-02E5112B5709}
2012-12-16 23:49 - 2012-12-16 23:49 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{58E073B2-9903-4A6D-AD10-02E5112B5709}
2012-12-16 23:49 - 2012-12-16 23:49 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{58E073B2-9903-4A6D-AD10-02E5112B5709}
2012-12-16 11:48 - 2012-12-16 11:48 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{AF38BE86-9C56-477B-BCB2-005FDC5909AA}
2012-12-16 11:48 - 2012-12-16 11:48 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{AF38BE86-9C56-477B-BCB2-005FDC5909AA}
2012-12-16 11:48 - 2012-12-16 11:48 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{AF38BE86-9C56-477B-BCB2-005FDC5909AA}
2012-12-15 17:00 - 2012-12-15 17:00 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{1E2BBA5B-82AA-4791-99FD-841A22F3582D}
2012-12-15 17:00 - 2012-12-15 17:00 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{1E2BBA5B-82AA-4791-99FD-841A22F3582D}
2012-12-15 17:00 - 2012-12-15 17:00 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{1E2BBA5B-82AA-4791-99FD-841A22F3582D}
2012-12-14 18:23 - 2012-12-14 18:23 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{1DE65F84-AB71-419A-ADF3-F7826B74DD2A}
2012-12-14 18:23 - 2012-12-14 18:23 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{1DE65F84-AB71-419A-ADF3-F7826B74DD2A}
2012-12-14 18:23 - 2012-12-14 18:23 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{1DE65F84-AB71-419A-ADF3-F7826B74DD2A}
2012-12-13 18:20 - 2012-12-13 18:20 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{19597908-354D-45E1-8CA8-487D02447F18}
2012-12-13 18:20 - 2012-12-13 18:20 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{19597908-354D-45E1-8CA8-487D02447F18}
2012-12-13 18:20 - 2012-12-13 18:20 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{19597908-354D-45E1-8CA8-487D02447F18}
2012-12-12 21:20 - 2012-12-12 21:21 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{F93ECF30-2975-4120-AEBA-2F4B007FDC30}
2012-12-12 21:20 - 2012-12-12 21:21 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{F93ECF30-2975-4120-AEBA-2F4B007FDC30}
2012-12-12 21:20 - 2012-12-12 21:21 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{F93ECF30-2975-4120-AEBA-2F4B007FDC30}
2012-12-12 21:01 - 2012-12-12 21:01 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01011.Wdf
2012-12-12 21:01 - 2012-12-12 21:01 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2012-12-12 21:00 - 2012-12-12 21:00 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2012-12-12 21:00 - 2012-11-14 01:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-12 21:00 - 2012-11-14 00:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-12 21:00 - 2012-11-14 00:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-12 21:00 - 2012-11-14 00:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-12 21:00 - 2012-11-14 00:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-12 21:00 - 2012-11-14 00:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-12 21:00 - 2012-11-14 00:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-12 21:00 - 2012-11-13 23:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-12 21:00 - 2012-11-13 23:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-12 21:00 - 2012-11-13 23:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-12 21:00 - 2012-11-13 23:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-12 21:00 - 2012-11-13 23:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-12 21:00 - 2012-11-13 23:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-12 21:00 - 2012-11-13 23:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-12 21:00 - 2012-11-13 23:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-12 21:00 - 2012-11-13 23:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-12 21:00 - 2012-11-13 20:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-12 21:00 - 2012-11-13 20:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-12 21:00 - 2012-11-13 20:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-12 21:00 - 2012-11-13 19:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-12 21:00 - 2012-11-13 19:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-12 21:00 - 2012-11-13 19:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-12 21:00 - 2012-11-13 19:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-12 21:00 - 2012-11-13 19:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-12 21:00 - 2012-11-13 19:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-12 21:00 - 2012-11-13 19:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-12 21:00 - 2012-11-13 19:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-12 21:00 - 2012-11-13 19:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-12 21:00 - 2012-11-13 19:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-12 21:00 - 2012-11-13 19:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-12 21:00 - 2012-11-13 19:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-12 21:00 - 2012-11-13 19:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-12 19:07 - 2012-11-21 21:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-12 19:07 - 2012-11-08 23:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-12 19:07 - 2012-11-08 22:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-12 19:07 - 2012-11-05 15:35 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-12 19:07 - 2012-11-05 14:41 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-12 19:07 - 2012-11-05 14:32 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-12 19:07 - 2012-11-05 14:32 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-12 19:07 - 2012-10-04 11:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-12-12 19:07 - 2012-10-04 11:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-12-12 19:07 - 2012-10-04 11:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-12-12 19:07 - 2012-10-04 11:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-12 19:07 - 2012-10-04 11:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-12-12 19:07 - 2012-10-04 11:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-12 19:07 - 2012-10-04 11:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-12-12 19:07 - 2012-10-04 10:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-12 19:07 - 2012-10-04 10:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 09:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-12 19:07 - 2012-10-04 08:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-12-12 19:07 - 2012-10-04 08:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-12-12 19:07 - 2012-10-04 08:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-12-12 19:07 - 2012-10-04 08:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-12 19:07 - 2012-10-04 08:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 08:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 08:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-12 19:07 - 2012-10-04 08:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-12 19:06 - 2012-11-01 23:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-12 19:06 - 2012-11-01 23:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-11 19:51 - 2012-12-11 19:51 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{C0C2F4B7-7547-4A5F-8479-CE4CBED15446}
2012-12-11 19:51 - 2012-12-11 19:51 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{C0C2F4B7-7547-4A5F-8479-CE4CBED15446}
2012-12-11 19:51 - 2012-12-11 19:51 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{C0C2F4B7-7547-4A5F-8479-CE4CBED15446}
2012-12-11 00:08 - 2012-12-11 00:09 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{C2C2278D-B4ED-4943-B952-9F1EEA862B4C}
2012-12-11 00:08 - 2012-12-11 00:09 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{C2C2278D-B4ED-4943-B952-9F1EEA862B4C}
2012-12-11 00:08 - 2012-12-11 00:09 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{C2C2278D-B4ED-4943-B952-9F1EEA862B4C}
2012-12-09 10:39 - 2012-12-09 10:39 - 00000902 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2012-12-09 10:39 - 2012-12-09 10:39 - 00000902 ____A C:\Users\All Users\Desktop\Nexus Mod Manager.lnk
2012-12-09 09:46 - 2012-12-09 09:46 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{C845E425-FC92-4A0D-B08C-1CE3FC520B4F}
2012-12-09 09:46 - 2012-12-09 09:46 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{C845E425-FC92-4A0D-B08C-1CE3FC520B4F}
2012-12-09 09:46 - 2012-12-09 09:46 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{C845E425-FC92-4A0D-B08C-1CE3FC520B4F}
2012-12-08 13:10 - 2012-12-08 13:10 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{A7FD6583-75E9-4465-A857-D713168FF127}
2012-12-08 13:10 - 2012-12-08 13:10 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{A7FD6583-75E9-4465-A857-D713168FF127}
2012-12-08 13:10 - 2012-12-08 13:10 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{A7FD6583-75E9-4465-A857-D713168FF127}
2012-12-08 02:34 - 2012-12-08 02:34 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\GameStop
2012-12-08 02:34 - 2012-12-08 02:34 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\GameStop
2012-12-08 02:34 - 2012-12-08 02:34 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\GameStop
2012-12-08 02:34 - 2012-12-08 02:34 - 00000000 ____D C:\Users\All Users\GameStop
2012-12-08 02:34 - 2012-12-08 02:34 - 00000000 ____D C:\Users\All Users\Application Data\GameStop
2012-12-08 01:09 - 2012-12-08 01:09 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{F84395C2-382C-49B6-AFFE-3C740970CE4A}
2012-12-08 01:09 - 2012-12-08 01:09 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{F84395C2-382C-49B6-AFFE-3C740970CE4A}
2012-12-08 01:09 - 2012-12-08 01:09 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{F84395C2-382C-49B6-AFFE-3C740970CE4A}
2012-12-03 20:12 - 2012-12-03 20:12 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{F0381C8B-1635-469F-B018-03E4ECF6EA22}
2012-12-03 20:12 - 2012-12-03 20:12 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{F0381C8B-1635-469F-B018-03E4ECF6EA22}
2012-12-03 20:12 - 2012-12-03 20:12 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{F0381C8B-1635-469F-B018-03E4ECF6EA22}
2012-12-02 15:42 - 2012-12-02 15:42 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{EF848E6A-5A49-4017-B8E4-886E8FFE5275}
2012-12-02 15:42 - 2012-12-02 15:42 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{EF848E6A-5A49-4017-B8E4-886E8FFE5275}
2012-12-02 15:42 - 2012-12-02 15:42 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{EF848E6A-5A49-4017-B8E4-886E8FFE5275}
2012-12-01 17:40 - 2012-12-01 17:40 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{7E63B0C2-FA7F-49D0-826A-90048DD4E6A6}
2012-12-01 17:40 - 2012-12-01 17:40 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{7E63B0C2-FA7F-49D0-826A-90048DD4E6A6}
2012-12-01 17:40 - 2012-12-01 17:40 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{7E63B0C2-FA7F-49D0-826A-90048DD4E6A6}
2012-11-30 07:41 - 2012-11-30 07:41 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{6E54FB23-166F-491F-8594-F4964BD2B7A9}
2012-11-30 07:41 - 2012-11-30 07:41 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{6E54FB23-166F-491F-8594-F4964BD2B7A9}
2012-11-30 07:41 - 2012-11-30 07:41 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{6E54FB23-166F-491F-8594-F4964BD2B7A9}


==================== One Month Modified Files and Folders =======

2012-12-30 02:27 - 2009-07-13 23:10 - 01759280 ____A C:\Windows\WindowsUpdate.log
2012-12-30 02:27 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-30 02:27 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-30 02:26 - 2012-12-20 19:13 - 00000004 ____A C:\Users\Chuck Foster\Application Data\skype.ini
2012-12-30 02:26 - 2012-12-20 19:13 - 00000004 ____A C:\Users\Chuck Foster\AppData\Roaming\skype.ini
2012-12-30 02:26 - 2012-04-04 23:44 - 00000292 ____A C:\Windows\Tasks\PTSchedule.job
2012-12-29 23:24 - 2012-11-13 20:32 - 00000300 ____A C:\Windows\Tasks\PTAutoUpdate.job
2012-12-29 23:24 - 2011-11-25 10:53 - 00000280 ____A C:\Windows\SysWOW64\AppLog.log
2012-12-29 23:24 - 2010-11-08 00:14 - 00000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-29 23:23 - 2010-10-30 19:44 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\SoftThinks
2012-12-29 23:23 - 2010-10-30 19:44 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\SoftThinks
2012-12-29 23:23 - 2010-10-30 19:44 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\SoftThinks
2012-12-29 23:22 - 2011-05-15 19:22 - 00050748 ____A C:\Windows\setupact.log
2012-12-29 23:22 - 2009-07-13 23:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-28 09:11 - 2012-12-28 09:11 - 00000000 ____D C:\FRST
2012-12-20 22:41 - 2012-08-22 07:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-20 22:13 - 2010-11-08 00:14 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-20 19:22 - 2010-10-28 07:31 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-12-20 19:13 - 2012-12-20 19:13 - 00094720 ____A C:\Users\Chuck Foster\2716927.exe
2012-12-20 19:13 - 2010-10-30 19:44 - 00000000 ____D C:\users\Chuck Foster
2012-12-20 07:37 - 2012-12-20 07:37 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{17A4B1D6-E043-4001-B398-AB8BA44DE346}
2012-12-20 07:37 - 2012-12-20 07:37 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{17A4B1D6-E043-4001-B398-AB8BA44DE346}
2012-12-20 07:37 - 2012-12-20 07:37 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{17A4B1D6-E043-4001-B398-AB8BA44DE346}
2012-12-19 07:57 - 2010-10-30 21:13 - 00000000 ____D C:\Users\All Users\Real
2012-12-19 07:57 - 2010-10-30 21:13 - 00000000 ____D C:\Users\All Users\Application Data\Real
2012-12-19 07:56 - 2012-12-19 07:56 - 00000000 ____D C:\Users\Chuck Foster\Application Data\RealNetworks
2012-12-19 07:56 - 2012-12-19 07:56 - 00000000 ____D C:\Users\Chuck Foster\AppData\Roaming\RealNetworks
2012-12-19 07:55 - 2012-12-19 07:55 - 00001046 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-12-19 07:55 - 2012-12-19 07:55 - 00001046 ____A C:\Users\All Users\Desktop\RealPlayer.lnk
2012-12-19 07:55 - 2012-12-19 07:55 - 00000000 ____D C:\Users\All Users\RealNetworks
2012-12-19 07:55 - 2012-12-19 07:55 - 00000000 ____D C:\Users\All Users\Application Data\RealNetworks
2012-12-19 07:55 - 2012-12-19 07:55 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2012-12-19 07:55 - 2010-10-30 21:13 - 00000000 ____D C:\Users\Chuck Foster\Application Data\Real
2012-12-19 07:55 - 2010-10-30 21:13 - 00000000 ____D C:\Users\Chuck Foster\AppData\Roaming\Real
2012-12-19 07:54 - 2012-12-19 07:54 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-12-19 07:54 - 2012-12-19 07:54 - 00201424 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-12-19 07:54 - 2012-12-19 07:54 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-12-19 07:54 - 2012-12-19 07:54 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-12-19 07:54 - 2010-10-30 21:13 - 00000000 ____D C:\Program Files (x86)\Real
2012-12-19 07:53 - 2012-12-19 07:53 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-12-19 07:53 - 2012-12-19 07:53 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-12-18 23:45 - 2010-10-30 21:25 - 00000000 ____D C:\Program Files (x86)\Steam
2012-12-18 21:07 - 2012-12-18 21:07 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-12-18 21:07 - 2012-12-18 21:07 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-12-18 21:07 - 2012-12-18 21:07 - 00000000 ____D C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-18 21:07 - 2012-12-18 21:07 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-18 21:07 - 2012-12-18 21:07 - 00000000 ____D C:\Program Files\iTunes
2012-12-18 21:07 - 2012-12-18 21:07 - 00000000 ____D C:\Program Files\iPod
2012-12-18 21:07 - 2012-12-18 21:07 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-12-18 19:47 - 2012-12-18 19:47 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{F0EC9437-E8EC-4BA6-A046-EAE41E9D7E3A}
2012-12-18 19:47 - 2012-12-18 19:47 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{F0EC9437-E8EC-4BA6-A046-EAE41E9D7E3A}
2012-12-18 19:47 - 2012-12-18 19:47 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{F0EC9437-E8EC-4BA6-A046-EAE41E9D7E3A}
2012-12-17 02:48 - 2010-11-01 01:23 - 00000000 ____D C:\Users\Chuck Foster\Application Data\SoftGrid Client
2012-12-17 02:48 - 2010-11-01 01:23 - 00000000 ____D C:\Users\Chuck Foster\AppData\Roaming\SoftGrid Client
2012-12-16 23:49 - 2012-12-16 23:49 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{58E073B2-9903-4A6D-AD10-02E5112B5709}
2012-12-16 23:49 - 2012-12-16 23:49 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{58E073B2-9903-4A6D-AD10-02E5112B5709}
2012-12-16 23:49 - 2012-12-16 23:49 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{58E073B2-9903-4A6D-AD10-02E5112B5709}
2012-12-16 11:48 - 2012-12-16 11:48 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{AF38BE86-9C56-477B-BCB2-005FDC5909AA}
2012-12-16 11:48 - 2012-12-16 11:48 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{AF38BE86-9C56-477B-BCB2-005FDC5909AA}
2012-12-16 11:48 - 2012-12-16 11:48 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{AF38BE86-9C56-477B-BCB2-005FDC5909AA}
2012-12-15 17:00 - 2012-12-15 17:00 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{1E2BBA5B-82AA-4791-99FD-841A22F3582D}
2012-12-15 17:00 - 2012-12-15 17:00 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{1E2BBA5B-82AA-4791-99FD-841A22F3582D}
2012-12-15 17:00 - 2012-12-15 17:00 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{1E2BBA5B-82AA-4791-99FD-841A22F3582D}
2012-12-15 06:54 - 2009-07-13 23:08 - 00032560 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-14 18:23 - 2012-12-14 18:23 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{1DE65F84-AB71-419A-ADF3-F7826B74DD2A}
2012-12-14 18:23 - 2012-12-14 18:23 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{1DE65F84-AB71-419A-ADF3-F7826B74DD2A}
2012-12-14 18:23 - 2012-12-14 18:23 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{1DE65F84-AB71-419A-ADF3-F7826B74DD2A}
2012-12-13 18:20 - 2012-12-13 18:20 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{19597908-354D-45E1-8CA8-487D02447F18}
2012-12-13 18:20 - 2012-12-13 18:20 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{19597908-354D-45E1-8CA8-487D02447F18}
2012-12-13 18:20 - 2012-12-13 18:20 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{19597908-354D-45E1-8CA8-487D02447F18}
2012-12-13 08:42 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2012-12-13 07:39 - 2009-07-13 22:45 - 00319712 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-12 21:21 - 2012-12-12 21:20 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{F93ECF30-2975-4120-AEBA-2F4B007FDC30}
2012-12-12 21:21 - 2012-12-12 21:20 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{F93ECF30-2975-4120-AEBA-2F4B007FDC30}
2012-12-12 21:21 - 2012-12-12 21:20 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{F93ECF30-2975-4120-AEBA-2F4B007FDC30}
2012-12-12 21:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-12-12 21:03 - 2010-10-30 20:01 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-12-12 21:01 - 2012-12-12 21:01 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01011.Wdf
2012-12-12 21:01 - 2012-12-12 21:01 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2012-12-12 21:00 - 2012-12-12 21:00 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2012-12-12 08:41 - 2012-04-04 07:21 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-12-12 08:41 - 2011-05-19 19:20 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-12-11 19:51 - 2012-12-11 19:51 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{C0C2F4B7-7547-4A5F-8479-CE4CBED15446}
2012-12-11 19:51 - 2012-12-11 19:51 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{C0C2F4B7-7547-4A5F-8479-CE4CBED15446}
2012-12-11 19:51 - 2012-12-11 19:51 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{C0C2F4B7-7547-4A5F-8479-CE4CBED15446}
2012-12-11 00:09 - 2012-12-11 00:08 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{C2C2278D-B4ED-4943-B952-9F1EEA862B4C}
2012-12-11 00:09 - 2012-12-11 00:08 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{C2C2278D-B4ED-4943-B952-9F1EEA862B4C}
2012-12-11 00:09 - 2012-12-11 00:08 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{C2C2278D-B4ED-4943-B952-9F1EEA862B4C}
2012-12-09 10:50 - 2011-11-11 20:54 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Skyrim
2012-12-09 10:50 - 2011-11-11 20:54 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\Skyrim
2012-12-09 10:50 - 2011-11-11 20:54 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\Skyrim
2012-12-09 10:39 - 2012-12-09 10:39 - 00000902 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2012-12-09 10:39 - 2012-12-09 10:39 - 00000902 ____A C:\Users\All Users\Desktop\Nexus Mod Manager.lnk
2012-12-09 10:39 - 2012-11-12 00:57 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2012-12-09 09:46 - 2012-12-09 09:46 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{C845E425-FC92-4A0D-B08C-1CE3FC520B4F}
2012-12-09 09:46 - 2012-12-09 09:46 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{C845E425-FC92-4A0D-B08C-1CE3FC520B4F}
2012-12-09 09:46 - 2012-12-09 09:46 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{C845E425-FC92-4A0D-B08C-1CE3FC520B4F}
2012-12-08 13:10 - 2012-12-08 13:10 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{A7FD6583-75E9-4465-A857-D713168FF127}
2012-12-08 13:10 - 2012-12-08 13:10 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{A7FD6583-75E9-4465-A857-D713168FF127}
2012-12-08 13:10 - 2012-12-08 13:10 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{A7FD6583-75E9-4465-A857-D713168FF127}
2012-12-08 02:34 - 2012-12-08 02:34 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\GameStop
2012-12-08 02:34 - 2012-12-08 02:34 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\GameStop
2012-12-08 02:34 - 2012-12-08 02:34 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\GameStop
2012-12-08 02:34 - 2012-12-08 02:34 - 00000000 ____D C:\Users\All Users\GameStop
2012-12-08 02:34 - 2012-12-08 02:34 - 00000000 ____D C:\Users\All Users\Application Data\GameStop
2012-12-08 01:09 - 2012-12-08 01:09 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{F84395C2-382C-49B6-AFFE-3C740970CE4A}
2012-12-08 01:09 - 2012-12-08 01:09 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{F84395C2-382C-49B6-AFFE-3C740970CE4A}
2012-12-08 01:09 - 2012-12-08 01:09 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{F84395C2-382C-49B6-AFFE-3C740970CE4A}
2012-12-05 21:46 - 2012-05-01 22:29 - 00010944 ____A C:\Users\Chuck Foster\My Documents\Empires2.xlsx
2012-12-05 21:46 - 2012-05-01 22:29 - 00010944 ____A C:\Users\Chuck Foster\Documents\Empires2.xlsx
2012-12-04 07:12 - 2011-05-19 19:18 - 00035306 ____A C:\Windows\PFRO.log
2012-12-03 21:26 - 2012-11-02 22:56 - 02646016 ____A C:\Users\Chuck Foster\My Documents\Chuck Foster's Quicken Data.QDF-backup
2012-12-03 21:26 - 2012-11-02 22:56 - 02646016 ____A C:\Users\Chuck Foster\Documents\Chuck Foster's Quicken Data.QDF-backup
2012-12-03 20:36 - 2012-10-15 20:57 - 00000000 ____D C:\Program Files (x86)\Quicken
2012-12-03 20:12 - 2012-12-03 20:12 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{F0381C8B-1635-469F-B018-03E4ECF6EA22}
2012-12-03 20:12 - 2012-12-03 20:12 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{F0381C8B-1635-469F-B018-03E4ECF6EA22}
2012-12-03 20:12 - 2012-12-03 20:12 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{F0381C8B-1635-469F-B018-03E4ECF6EA22}
2012-12-02 15:42 - 2012-12-02 15:42 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{EF848E6A-5A49-4017-B8E4-886E8FFE5275}
2012-12-02 15:42 - 2012-12-02 15:42 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{EF848E6A-5A49-4017-B8E4-886E8FFE5275}
2012-12-02 15:42 - 2012-12-02 15:42 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{EF848E6A-5A49-4017-B8E4-886E8FFE5275}
2012-12-01 17:40 - 2012-12-01 17:40 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{7E63B0C2-FA7F-49D0-826A-90048DD4E6A6}
2012-12-01 17:40 - 2012-12-01 17:40 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{7E63B0C2-FA7F-49D0-826A-90048DD4E6A6}
2012-12-01 17:40 - 2012-12-01 17:40 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{7E63B0C2-FA7F-49D0-826A-90048DD4E6A6}
2012-11-30 07:41 - 2012-11-30 07:41 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\Application Data\{6E54FB23-166F-491F-8594-F4964BD2B7A9}
2012-11-30 07:41 - 2012-11-30 07:41 - 00000000 ____D C:\Users\Chuck Foster\Local Settings\{6E54FB23-166F-491F-8594-F4964BD2B7A9}
2012-11-30 07:41 - 2012-11-30 07:41 - 00000000 ____D C:\Users\Chuck Foster\AppData\Local\{6E54FB23-166F-491F-8594-F4964BD2B7A9}

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-06 21:33:44
Restore point made on: 2012-12-12 20:59:24
Restore point made on: 2012-12-13 02:19:11
Restore point made on: 2012-12-20 03:36:28

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 6103.12 MB
Available physical RAM: 5405.46 MB
Total Pagefile: 6101.27 MB
Available Pagefile: 5395.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:921.59 GB) (Free:343.33 GB) NTFS
3 Drive e: () (Fixed) (Total:465.76 GB) (Free:465.45 GB) NTFS
8 Drive j: (RECOVERY) (Fixed) (Total:9.88 GB) (Free:3.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
9 Drive k: (USB20FD) (Removable) (Total:15.09 GB) (Free:15.09 GB) FAT32
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 465 GB 1024 KB
Disk 2 Online 15 GB 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 9 GB 40 MB
Partition 3 Primary 921 GB 9 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 J RECOVERY NTFS Partition 9 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 921 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E NTFS Partition 465 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 24 KB

==================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 K USB20FD FAT32 Removable 15 GB Healthy

=========================================================

Last Boot: 2012-12-15 12:13

==================== End Of Log =============================

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:04 PM

Posted 31 December 2012 - 03:43 AM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKU\Chuck Foster\...\Winlogon: [Shell] explorer.exe,C:\Users\Chuck Foster\AppData\Roaming\skype.dat [94720 2011-11-16] ()
HKLM-x32\...\Run: [] [x]
C:\Users\Chuck Foster\2716927.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


Se if it will boot into normal mode now or safemode

Edited by fireman4it, 31 December 2012 - 03:43 AM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Chuck F

Chuck F
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 31 December 2012 - 04:50 PM

It boots into both normal mode and safe mode. My antivirus wanted to update (malwarebytes). I didn't let it. I interrupted the registry scanner (pctools). No changes have taken place other than the fixlist.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2012
Ran by SYSTEM at 2012-12-31 12:37:39 Run:2
Running from K:\

==============================================

HKEY_USERS\Chuck Foster\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.
C:\Users\Chuck Foster\2716927.exe moved successfully.

==== End of Fixlog ====

Is it completely gone?

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:04 PM

Posted 31 December 2012 - 05:10 PM

Hello,
Now that we can boot into Normal mode lets run some advanced tools.


1.
The following is referring to PCTools Registry Cleaner.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.


2.
Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

3.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply:;
Tdsskiller log
COobofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 Chuck F

Chuck F
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 31 December 2012 - 10:47 PM

Posting in 2 part because too long. Hopefully not 3 parts.

It's not running well at all. Everytime I click on an app I get a message saying it's an illegal operation on a regitry key that's marked for deletion. I'm afraid to shutdown so I'm unplugging it from the modem and letting it run.

I did get a message/warning from combofix that ms security essentials scanner was running. I uninstalled that months ago when I opted for malwarebyres. I checked task manager to mke sure that there were no services or processes that appeared to be security essentials related running before telling combofix to proceed.

COMBOFIX LOG

ComboFix 12-12-31.01 - Chuck Foster 12/31/2012 17:38:31.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6103.4573 [GMT -7:00]
Running from: c:\users\Chuck Foster\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Chuck Foster\AppData\Roaming\meriod.dll
c:\users\Chuck Foster\AppData\Roaming\skype.dat
c:\users\Chuck Foster\AppData\Roaming\skype.ini
c:\users\Chuck Foster\GoToAssistDownloadHelper.exe
Y:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-12-01 to 2013-01-01 )))))))))))))))))))))))))))))))
.
.
2074-05-08 01:38 . 2006-11-22 03:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-12-28 15:11 . 2012-12-28 15:11 -------- d-----w- C:\FRST
2012-12-19 13:56 . 2012-12-19 13:56 -------- d-----w- c:\users\Chuck Foster\AppData\Roaming\RealNetworks
2012-12-19 13:55 . 2012-12-19 13:55 -------- d-----w- c:\program files (x86)\RealNetworks
2012-12-19 13:55 . 2012-12-19 13:55 -------- d-----w- c:\programdata\RealNetworks
2012-12-19 13:54 . 2012-12-19 13:54 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-12-19 13:53 . 2012-12-19 13:53 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-12-19 13:53 . 2012-12-19 13:53 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-12-19 03:07 . 2012-12-19 03:07 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-19 03:07 . 2012-12-19 03:07 -------- d-----w- c:\program files\iTunes
2012-12-19 03:07 . 2012-12-19 03:07 -------- d-----w- c:\program files (x86)\iTunes
2012-12-19 03:07 . 2012-12-19 03:07 -------- d-----w- c:\program files\iPod
2012-12-13 03:01 . 2012-12-13 03:01 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2012-12-13 01:07 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 01:06 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 01:06 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-08 08:34 . 2012-12-08 08:34 -------- d-----w- c:\users\Chuck Foster\AppData\Local\GameStop
2012-12-08 08:34 . 2012-12-08 08:34 -------- d-----w- c:\programdata\GameStop
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 03:03 . 2010-10-31 02:01 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 14:41 . 2012-04-04 13:21 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 14:41 . 2011-05-20 01:20 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-02 22:38 . 2012-11-02 22:38 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-11-02 22:38 . 2012-11-02 22:38 828872 ----a-w- c:\windows\system32\msvcr110.dll
2012-11-02 22:38 . 2012-11-02 22:38 661448 ----a-w- c:\windows\system32\msvcp110.dll
2012-11-02 22:38 . 2012-11-02 22:38 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-11-02 22:38 . 2012-11-02 22:38 50856 ----a-w- c:\windows\system32\drivers\point64.sys
2012-11-02 22:38 . 2012-11-02 22:38 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2012-11-02 22:38 . 2012-11-02 22:38 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2012-11-02 04:52 . 2012-11-02 04:52 75928 ----a-w- c:\windows\system32\drivers\dc3d.sys
2012-11-02 04:52 . 2012-11-02 04:52 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2012-10-25 10:12 . 2012-10-25 10:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 10:12 . 2012-10-25 10:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-16 08:38 . 2012-11-28 13:43 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 13:43 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 13:43 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-15 03:28 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 03:28 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 03:28 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 03:28 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-07 03:03 . 2012-10-07 03:03 38536 ----a-w- c:\windows\system32\drivers\pmxdrv.sys
2012-10-07 01:52 . 2011-03-19 00:19 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-10-07 01:52 . 2011-02-19 00:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-10-07 01:52 . 2012-10-07 01:52 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-10-04 16:40 . 2012-12-13 01:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-15 03:27 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-15 03:27 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-15 03:27 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-15 03:27 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-15 03:27 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-15 03:27 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-15 03:27 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-15 03:27 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-15 03:27 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 03:27 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-15 03:27 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files (x86)\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\WiseConvert\prxtbWise.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files (x86)\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeAC"="c:\program files (x86)\FreeAlarmClock\FreeAlarmClock.exe" [2011-11-22 1327440]
"Akamai NetSession Interface"="c:\users\Chuck Foster\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-24 105120]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-12-19 295072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-10-31 560128]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
c:\users\Chuck Foster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 DMDefragService;PC Tools Performance Toolkit Defrag Service;c:\program files (x86)\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2012-08-24 1147040]
R3 DMRepairService;PC Tools Performance Toolkit Repair Service;c:\program files (x86)\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2012-08-24 1134240]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2011-12-12 163440]
R3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [2011-12-12 191104]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2012-10-07 38536]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-31 1255736]
R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-08-24 794272]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-07-30 101688]
S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-30 505720]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-07-30 55096]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-07-30 297240]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-07-30 976728]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-02 75928]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-04 271872]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 14:41]
.
2013-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 06:14]
.
2013-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 06:14]
.
2013-01-01 c:\windows\Tasks\PTAutoUpdate.job
- c:\program files (x86)\PC Tools\PC Tools Utilities\SULauncher.exe [2012-11-14 18:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060832]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.facebook.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{7b13ec3e-999a-4b70-b9cb-2617b8323822} - (no file)
Toolbar-Locked - (no file)
SafeBoot-38403624.sys
SafeBoot-89689850.sys
Toolbar-Locked - (no file)
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1956735416-3115836590-1872934873-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1956735416-3115836590-1872934873-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
.
**************************************************************************
.
Completion time: 2012-12-31 17:55:27 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-01 00:55
.
Pre-Run: 368,483,733,504 bytes free
Post-Run: 372,851,810,304 bytes free
.
- - End Of File - - 8A79ABAFF5C0901B8697BE77DC633CB3

#12 Chuck F

Chuck F
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 31 December 2012 - 10:53 PM

It's going to take 3 posts

TDSKILLER LOG - Pt 1

17:19:40.0873 2784 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:19:42.0885 2784 ============================================================
17:19:42.0885 2784 Current date / time: 2012/12/31 17:19:42.0885
17:19:42.0885 2784 SystemInfo:
17:19:42.0885 2784
17:19:42.0885 2784 OS Version: 6.1.7601 ServicePack: 1.0
17:19:42.0885 2784 Product type: Workstation
17:19:42.0885 2784 ComputerName: CHUCKFOSTER-PC
17:19:42.0885 2784 UserName: Chuck Foster
17:19:42.0885 2784 Windows directory: C:\Windows
17:19:42.0885 2784 System windows directory: C:\Windows
17:19:42.0885 2784 Running under WOW64
17:19:42.0885 2784 Processor architecture: Intel x64
17:19:42.0885 2784 Number of processors: 4
17:19:42.0885 2784 Page size: 0x1000
17:19:42.0885 2784 Boot type: Normal boot
17:19:42.0885 2784 ============================================================
17:19:56.0878 2784 BG loaded
17:19:57.0643 2784 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:19:57.0643 2784 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:19:57.0658 2784 Drive \Device\Harddisk6\DR6 - Size: 0x3C6C00000 (15.11 Gb), SectorSize: 0x200, Cylinders: 0x7B3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:19:57.0658 2784 ============================================================
17:19:57.0658 2784 \Device\Harddisk0\DR0:
17:19:57.0658 2784 MBR partitions:
17:19:57.0658 2784 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x13C3000
17:19:57.0658 2784 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13D7000, BlocksNum 0x7332F000
17:19:57.0658 2784 \Device\Harddisk1\DR1:
17:19:57.0658 2784 MBR partitions:
17:19:57.0658 2784 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
17:19:57.0658 2784 \Device\Harddisk6\DR6:
17:19:57.0658 2784 MBR partitions:
17:19:57.0658 2784 \Device\Harddisk6\DR6\Partition1: MBR, Type 0xC, StartLBA 0x30, BlocksNum 0x1E35FD0
17:19:57.0658 2784 ============================================================
17:19:57.0689 2784 C: <-> \Device\Harddisk0\DR0\Partition2
17:19:57.0705 2784 E: <-> \Device\Harddisk1\DR1\Partition1
17:19:57.0705 2784 ============================================================
17:19:57.0705 2784 Initialize success
17:19:57.0705 2784 ============================================================
17:21:18.0056 3700 ============================================================
17:21:18.0056 3700 Scan started
17:21:18.0056 3700 Mode: Manual; SigCheck; TDLFS;
17:21:18.0056 3700 ============================================================
17:21:22.0035 3700 ================ Scan system memory ========================
17:21:22.0035 3700 System memory - ok
17:21:22.0035 3700 ================ Scan services =============================
17:21:22.0681 3700 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:21:29.0965 3700 1394ohci - ok
17:21:30.0277 3700 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:21:30.0440 3700 ACPI - ok
17:21:30.0538 3700 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:21:30.0730 3700 AcpiPmi - ok
17:21:31.0779 3700 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:21:31.0837 3700 AdobeFlashPlayerUpdateSvc - ok
17:21:32.0033 3700 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:21:32.0072 3700 adp94xx - ok
17:21:32.0139 3700 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:21:32.0160 3700 adpahci - ok
17:21:32.0177 3700 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:21:32.0195 3700 adpu320 - ok
17:21:32.0252 3700 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:21:32.0440 3700 AeLookupSvc - ok
17:21:32.0708 3700 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:21:32.0868 3700 AFD - ok
17:21:32.0912 3700 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:21:33.0045 3700 agp440 - ok
17:21:33.0090 3700 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:21:33.0169 3700 ALG - ok
17:21:33.0189 3700 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:21:33.0352 3700 aliide - ok
17:21:33.0423 3700 [ 4C1E3649C89C7D542CD18ECC5210099D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:21:33.0519 3700 AMD External Events Utility - ok
17:21:33.0688 3700 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:21:33.0837 3700 amdide - ok
17:21:33.0894 3700 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:21:34.0148 3700 AmdK8 - ok
17:21:36.0012 3700 [ A3C0A15B39F979E8F3EABA901D72ECD7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:21:36.0416 3700 amdkmdag - ok
17:21:36.0493 3700 [ 20F3CD38B107C1BD747C0EA37D450165 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:21:36.0564 3700 amdkmdap - ok
17:21:36.0631 3700 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:21:36.0780 3700 AmdPPM - ok
17:21:36.0876 3700 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:21:36.0948 3700 amdsata - ok
17:21:37.0057 3700 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:21:37.0163 3700 amdsbs - ok
17:21:37.0234 3700 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:21:37.0251 3700 amdxata - ok
17:21:37.0351 3700 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:21:38.0446 3700 AppID - ok
17:21:38.0482 3700 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:21:38.0538 3700 AppIDSvc - ok
17:21:38.0595 3700 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:21:38.0715 3700 Appinfo - ok
17:21:39.0130 3700 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:21:39.0164 3700 Apple Mobile Device - ok
17:21:39.0210 3700 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:21:39.0228 3700 arc - ok
17:21:39.0250 3700 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:21:39.0264 3700 arcsas - ok
17:21:39.0593 3700 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:21:39.0770 3700 aspnet_state - ok
17:21:39.0907 3700 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:21:40.0058 3700 AsyncMac - ok
17:21:40.0114 3700 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:21:40.0130 3700 atapi - ok
17:21:40.0257 3700 [ 637E0753BD6DEB8EA5314A5C357EC1A0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
17:21:47.0568 3700 AtiHdmiService - ok
17:21:47.0826 3700 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:21:47.0919 3700 AudioEndpointBuilder - ok
17:21:48.0075 3700 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:21:48.0108 3700 AudioSrv - ok
17:21:48.0278 3700 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:21:48.0983 3700 AxInstSV - ok
17:21:49.0131 3700 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:21:49.0237 3700 b06bdrv - ok
17:21:49.0386 3700 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:21:49.0509 3700 b57nd60a - ok
17:21:49.0709 3700 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:21:49.0793 3700 BDESVC - ok
17:21:50.0037 3700 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:21:50.0093 3700 Beep - ok
17:21:50.0427 3700 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
17:21:50.0612 3700 BITS - ok
17:21:50.0697 3700 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:21:50.0765 3700 blbdrive - ok
17:21:51.0293 3700 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:21:51.0310 3700 Bonjour Service - ok
17:21:51.0416 3700 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:21:51.0493 3700 bowser - ok
17:21:51.0570 3700 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:21:51.0818 3700 BrFiltLo - ok
17:21:51.0845 3700 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:21:51.0880 3700 BrFiltUp - ok
17:21:51.0992 3700 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:21:52.0052 3700 Browser - ok
17:21:52.0130 3700 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:21:52.0255 3700 Brserid - ok
17:21:52.0291 3700 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:21:52.0351 3700 BrSerWdm - ok
17:21:52.0400 3700 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:21:52.0459 3700 BrUsbMdm - ok
17:21:52.0494 3700 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:21:52.0539 3700 BrUsbSer - ok
17:21:52.0600 3700 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:21:52.0660 3700 BTHMODEM - ok
17:21:52.0684 3700 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:21:52.0778 3700 bthserv - ok
17:21:52.0845 3700 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:21:52.0923 3700 cdfs - ok
17:21:53.0116 3700 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:21:53.0209 3700 cdrom - ok
17:21:53.0298 3700 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:21:53.0385 3700 CertPropSvc - ok
17:21:53.0432 3700 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:21:53.0479 3700 circlass - ok
17:21:53.0557 3700 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:21:53.0580 3700 CLFS - ok
17:21:54.0061 3700 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:21:54.0156 3700 clr_optimization_v2.0.50727_32 - ok
17:21:54.0219 3700 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:21:54.0277 3700 clr_optimization_v2.0.50727_64 - ok
17:21:54.0780 3700 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:21:55.0471 3700 clr_optimization_v4.0.30319_32 - ok
17:21:55.0621 3700 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:21:55.0770 3700 clr_optimization_v4.0.30319_64 - ok
17:21:55.0911 3700 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:21:56.0003 3700 CmBatt - ok
17:21:56.0032 3700 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:21:56.0048 3700 cmdide - ok
17:21:56.0175 3700 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:21:56.0209 3700 CNG - ok
17:21:56.0234 3700 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:21:56.0307 3700 Compbatt - ok
17:21:56.0422 3700 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:21:56.0460 3700 CompositeBus - ok
17:21:56.0507 3700 COMSysApp - ok
17:21:56.0622 3700 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:21:56.0653 3700 crcdisk - ok
17:21:56.0762 3700 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:21:56.0855 3700 CryptSvc - ok
17:21:57.0009 3700 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:21:57.0036 3700 cvhsvc - ok
17:21:57.0147 3700 [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
17:21:57.0166 3700 dc3d - ok
17:21:57.0258 3700 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:21:57.0315 3700 DcomLaunch - ok
17:21:57.0436 3700 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:21:57.0518 3700 defragsvc - ok
17:21:57.0622 3700 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:21:57.0739 3700 DfsC - ok
17:21:57.0819 3700 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:21:57.0902 3700 Dhcp - ok
17:21:57.0994 3700 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:21:58.0058 3700 discache - ok
17:21:58.0172 3700 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:21:58.0212 3700 Disk - ok
17:21:58.0658 3700 [ 7BA3CCBABD503D3328F13F722D42306F ] DMDefragService C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe
17:21:58.0688 3700 DMDefragService - ok
17:21:58.0841 3700 [ C6649220122BDA89A3707064DCA7FCEE ] DMRepairService C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe
17:21:58.0872 3700 DMRepairService - ok
17:21:59.0025 3700 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:21:59.0244 3700 Dnscache - ok
17:21:59.0560 3700 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
17:21:59.0626 3700 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
17:21:59.0626 3700 DockLoginService - detected UnsignedFile.Multi.Generic (1)
17:21:59.0725 3700 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:21:59.0808 3700 dot3svc - ok
17:21:59.0907 3700 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:21:59.0961 3700 DPS - ok
17:22:00.0039 3700 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:22:00.0193 3700 drmkaud - ok
17:22:00.0377 3700 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:22:00.0398 3700 DXGKrnl - ok
17:22:00.0464 3700 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:22:00.0647 3700 EapHost - ok
17:22:01.0241 3700 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:22:01.0311 3700 ebdrv - ok
17:22:01.0354 3700 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:22:01.0467 3700 EFS - ok
17:22:01.0592 3700 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:22:01.0938 3700 ehRecvr - ok
17:22:01.0965 3700 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:22:02.0097 3700 ehSched - ok
17:22:02.0206 3700 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:22:02.0227 3700 elxstor - ok
17:22:02.0259 3700 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:22:02.0323 3700 ErrDev - ok
17:22:02.0429 3700 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:22:02.0527 3700 EventSystem - ok
17:22:02.0600 3700 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:22:02.0635 3700 exfat - ok
17:22:02.0709 3700 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:22:02.0766 3700 fastfat - ok
17:22:02.0869 3700 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:22:02.0931 3700 Fax - ok
17:22:03.0139 3700 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:22:03.0204 3700 fdc - ok
17:22:03.0263 3700 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:22:03.0296 3700 fdPHost - ok
17:22:03.0367 3700 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:22:03.0420 3700 FDResPub - ok
17:22:03.0482 3700 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:22:03.0515 3700 FileInfo - ok
17:22:03.0535 3700 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:22:03.0579 3700 Filetrace - ok
17:22:03.0633 3700 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:22:03.0648 3700 flpydisk - ok
17:22:03.0718 3700 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:22:03.0735 3700 FltMgr - ok
17:22:03.0882 3700 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:22:03.0957 3700 FontCache - ok
17:22:04.0021 3700 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:22:04.0050 3700 FontCache3.0.0.0 - ok
17:22:04.0085 3700 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:22:04.0101 3700 FsDepends - ok
17:22:04.0134 3700 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:22:04.0174 3700 Fs_Rec - ok
17:22:04.0353 3700 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:22:04.0390 3700 fvevol - ok
17:22:04.0461 3700 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:22:04.0484 3700 gagp30kx - ok
17:22:04.0575 3700 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:22:04.0585 3700 GEARAspiWDM - ok
17:22:04.0723 3700 [ 8F6AE606EB0CC884EE12C41948424422 ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
17:22:04.0734 3700 GoToAssist - ok
17:22:04.0818 3700 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:22:04.0873 3700 gpsvc - ok
17:22:05.0114 3700 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:22:05.0126 3700 gupdate - ok
17:22:05.0327 3700 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:22:05.0342 3700 gupdatem - ok
17:22:05.0411 3700 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:22:05.0424 3700 gusvc - ok
17:22:05.0443 3700 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:22:05.0499 3700 hcw85cir - ok
17:22:05.0553 3700 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:22:05.0684 3700 HDAudBus - ok
17:22:05.0773 3700 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
17:22:05.0788 3700 HECIx64 - ok
17:22:05.0806 3700 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:22:05.0855 3700 HidBatt - ok
17:22:05.0887 3700 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:22:05.0941 3700 HidBth - ok
17:22:06.0040 3700 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:22:06.0086 3700 HidIr - ok
17:22:06.0112 3700 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
17:22:06.0168 3700 hidserv - ok
17:22:06.0235 3700 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:22:06.0251 3700 HidUsb - ok
17:22:06.0295 3700 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:22:06.0358 3700 hkmsvc - ok
17:22:06.0439 3700 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:22:06.0518 3700 HomeGroupListener - ok
17:22:06.0573 3700 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:22:06.0619 3700 HomeGroupProvider - ok
17:22:06.0707 3700 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:22:06.0743 3700 HpSAMD - ok
17:22:06.0877 3700 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:22:06.0927 3700 HTTP - ok
17:22:06.0961 3700 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:22:06.0976 3700 hwpolicy - ok
17:22:07.0011 3700 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:22:07.0041 3700 i8042prt - ok
17:22:07.0088 3700 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:22:07.0110 3700 iaStorV - ok
17:22:07.0282 3700 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:22:07.0328 3700 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:22:07.0328 3700 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:22:07.0394 3700 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:22:07.0435 3700 idsvc - ok
17:22:07.0466 3700 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:22:07.0480 3700 iirsp - ok
17:22:07.0614 3700 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:22:07.0682 3700 IKEEXT - ok
17:22:07.0716 3700 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
17:22:07.0786 3700 Impcd - ok
17:22:08.0231 3700 [ E9BEFD8C6A1DB3B544B61647DDA35F62 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:22:08.0264 3700 IntcAzAudAddService - ok
17:22:08.0306 3700 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
17:22:08.0372 3700 IntcDAud - ok
17:22:08.0389 3700 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:22:08.0412 3700 intelide - ok
17:22:08.0485 3700 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:22:08.0528 3700 intelppm - ok
17:22:08.0604 3700 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:22:08.0702 3700 IPBusEnum - ok
17:22:08.0754 3700 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:22:08.0880 3700 IpFilterDriver - ok
17:22:08.0967 3700 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:22:09.0068 3700 IPMIDRV - ok
17:22:09.0095 3700 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:22:09.0155 3700 IPNAT - ok
17:22:09.0273 3700 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:22:09.0291 3700 iPod Service - ok
17:22:09.0344 3700 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:22:09.0442 3700 IRENUM - ok
17:22:09.0474 3700 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:22:09.0488 3700 isapnp - ok
17:22:09.0564 3700 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:22:09.0587 3700 iScsiPrt - ok
17:22:09.0627 3700 [ 9D7EA8C7215D8D4AE7BE110EEE61085D ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
17:22:09.0642 3700 k57nd60a - ok
17:22:09.0718 3700 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:22:09.0733 3700 kbdclass - ok
17:22:09.0785 3700 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:22:09.0824 3700 kbdhid - ok
17:22:09.0871 3700 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:22:09.0890 3700 KeyIso - ok
17:22:09.0919 3700 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:22:09.0934 3700 KSecDD - ok
17:22:10.0004 3700 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:22:10.0023 3700 KSecPkg - ok
17:22:10.0041 3700 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:22:10.0091 3700 ksthunk - ok
17:22:10.0128 3700 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:22:10.0186 3700 KtmRm - ok
17:22:10.0261 3700 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:22:10.0312 3700 LanmanServer - ok
17:22:10.0361 3700 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:22:10.0415 3700 LanmanWorkstation - ok
17:22:10.0475 3700 [ B6552D382FF070B4ED34CBD6737277C0 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:22:10.0507 3700 LHidFilt - ok
17:22:10.0542 3700 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:22:10.0574 3700 lltdio - ok
17:22:10.0611 3700 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:22:10.0663 3700 lltdsvc - ok
17:22:10.0725 3700 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:22:10.0780 3700 lmhosts - ok
17:22:10.0840 3700 [ 73C1F563AB73D459DFFE682D66476558 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:22:10.0866 3700 LMouFilt - ok
17:22:10.0929 3700 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:22:11.0015 3700 LSI_FC - ok
17:22:11.0071 3700 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:22:11.0095 3700 LSI_SAS - ok
17:22:11.0118 3700 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:22:11.0177 3700 LSI_SAS2 - ok
17:22:11.0257 3700 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:22:11.0303 3700 LSI_SCSI - ok
17:22:11.0371 3700 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:22:11.0436 3700 luafv - ok
17:22:11.0672 3700 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:22:11.0685 3700 MBAMProtector - ok
17:22:11.0798 3700 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:22:11.0816 3700 MBAMScheduler - ok
17:22:12.0166 3700 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:22:12.0186 3700 MBAMService - ok
17:22:12.0235 3700 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:22:12.0287 3700 Mcx2Svc - ok
17:22:12.0313 3700 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:22:12.0345 3700 megasas - ok
17:22:12.0453 3700 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:22:12.0501 3700 MegaSR - ok
17:22:12.0586 3700 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:22:12.0620 3700 MMCSS - ok
17:22:12.0653 3700 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:22:12.0790 3700 Modem - ok
17:22:12.0905 3700 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:22:12.0948 3700 monitor - ok
17:22:13.0015 3700 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:22:13.0030 3700 mouclass - ok
17:22:13.0160 3700 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:22:13.0221 3700 mouhid - ok
17:22:13.0289 3700 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:22:13.0329 3700 mountmgr - ok
17:22:13.0401 3700 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:22:13.0438 3700 mpio - ok
17:22:13.0500 3700 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:22:13.0538 3700 mpsdrv - ok
17:22:13.0603 3700 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:22:13.0679 3700 MRxDAV - ok
17:22:13.0763 3700 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:22:13.0844 3700 mrxsmb - ok
17:22:13.0942 3700 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:22:13.0979 3700 mrxsmb10 - ok
17:22:14.0057 3700 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:22:14.0076 3700 mrxsmb20 - ok
17:22:14.0174 3700 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:22:14.0413 3700 msahci - ok
17:22:14.0576 3700 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:22:14.0631 3700 msdsm - ok
17:22:14.0670 3700 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:22:14.0757 3700 MSDTC - ok
17:22:14.0886 3700 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:22:14.0922 3700 Msfs - ok
17:22:15.0054 3700 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:22:15.0141 3700 mshidkmdf - ok
17:22:15.0184 3700 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:22:15.0232 3700 msisadrv - ok
17:22:15.0374 3700 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:22:15.0511 3700 MSiSCSI - ok
17:22:15.0513 3700 msiserver - ok
17:22:15.0584 3700 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:22:15.0752 3700 MSKSSRV - ok
17:22:15.0819 3700 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:22:15.0907 3700 MSPCLOCK - ok
17:22:15.0954 3700 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:22:16.0010 3700 MSPQM - ok
17:22:16.0119 3700 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:22:16.0142 3700 MsRPC - ok
17:22:16.0167 3700 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:22:16.0184 3700 mssmbios - ok
17:22:16.0208 3700 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:22:16.0265 3700 MSTEE - ok
17:22:16.0310 3700 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:22:16.0350 3700 MTConfig - ok
17:22:16.0442 3700 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:22:16.0467 3700 Mup - ok
17:22:16.0609 3700 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:22:16.0662 3700 napagent - ok
17:22:16.0714 3700 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:22:16.0752 3700 NativeWifiP - ok
17:22:16.0847 3700 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:22:16.0870 3700 NDIS - ok
17:22:16.0921 3700 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:22:16.0955 3700 NdisCap - ok
17:22:17.0011 3700 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:22:17.0044 3700 NdisTapi - ok
17:22:17.0112 3700 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:22:17.0143 3700 Ndisuio - ok
17:22:17.0198 3700 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:22:17.0242 3700 NdisWan - ok
17:22:17.0293 3700 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:22:17.0324 3700 NDProxy - ok
17:22:17.0366 3700 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:22:17.0413 3700 NetBIOS - ok
17:22:17.0434 3700 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:22:17.0481 3700 NetBT - ok
17:22:17.0495 3700 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:22:17.0510 3700 Netlogon - ok
17:22:17.0577 3700 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:22:17.0630 3700 Netman - ok
17:22:17.0766 3700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:22:17.0802 3700 NetMsmqActivator - ok
17:22:17.0829 3700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:22:17.0840 3700 NetPipeActivator - ok
17:22:17.0880 3700 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:22:17.0933 3700 netprofm - ok
17:22:17.0956 3700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:22:17.0967 3700 NetTcpActivator - ok
17:22:17.0970 3700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:22:17.0982 3700 NetTcpPortSharing - ok
17:22:18.0017 3700 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:22:18.0030 3700 nfrd960 - ok
17:22:18.0089 3700 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:22:18.0154 3700 NlaSvc - ok
17:22:18.0166 3700 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:22:18.0196 3700 Npfs - ok
17:22:18.0227 3700 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:22:18.0275 3700 nsi - ok
17:22:18.0307 3700 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:22:18.0356 3700 nsiproxy - ok
17:22:18.0814 3700 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:22:18.0866 3700 Ntfs - ok
17:22:18.0903 3700 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:22:18.0931 3700 Null - ok
17:22:18.0979 3700 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:22:18.0996 3700 nvraid - ok
17:22:19.0093 3700 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:22:19.0109 3700 nvstor - ok
17:22:19.0165 3700 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:22:19.0182 3700 nv_agp - ok
17:22:19.0213 3700 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:22:19.0253 3700 ohci1394 - ok
17:22:19.0358 3700 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:22:19.0378 3700 ose - ok
17:22:19.0603 3700 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:22:19.0736 3700 osppsvc - ok
17:22:19.0804 3700 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:22:19.0851 3700 p2pimsvc - ok
17:22:19.0875 3700 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:22:19.0897 3700 p2psvc - ok
17:22:19.0934 3700 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:22:19.0963 3700 Parport - ok
17:22:20.0010 3700 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:22:20.0027 3700 partmgr - ok
17:22:20.0100 3700 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:22:20.0140 3700 PcaSvc - ok
17:22:20.0163 3700 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:22:20.0181 3700 pci - ok
17:22:20.0190 3700 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:22:20.0203 3700 pciide - ok
17:22:20.0228 3700 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:22:20.0245 3700 pcmcia - ok
17:22:20.0318 3700 [ F807B82D4A743270C881F635055B1F7F ] PCTDMDefrag C:\Windows\system32\drivers\PCTDMDefrag.sys
17:22:20.0347 3700 PCTDMDefrag - ok
17:22:20.0386 3700 [ AC61DD47194DF8241527B4291E5BB536 ] PCTDSMon C:\Windows\system32\drivers\PCTDSMon.sys
17:22:20.0402 3700 PCTDSMon - ok
17:22:20.0705 3700 [ A97BBC26E6B73FFA0FC6732476F4E8DA ] PCToolsSSDMonitorSvc C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
17:22:20.0771 3700 PCToolsSSDMonitorSvc - ok
17:22:20.0802 3700 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:22:20.0845 3700 pcw - ok
17:22:21.0036 3700 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:22:21.0089 3700 PEAUTH - ok
17:22:21.0455 3700 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:22:21.0498 3700 PerfHost - ok
17:22:21.0705 3700 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:22:21.0807 3700 pla - ok
17:22:21.0882 3700 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:22:21.0944 3700 PlugPlay - ok
17:22:22.0007 3700 [ 34BFC6ED31B4E8BE940C884B8AC7D9DF ] pmxdrv C:\Windows\system32\drivers\pmxdrv.sys
17:22:22.0040 3700 pmxdrv - ok
17:22:22.0055 3700 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:22:22.0086 3700 PNRPAutoReg - ok
17:22:22.0119 3700 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:22:22.0138 3700 PNRPsvc - ok
17:22:22.0177 3700 [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64 C:\Windows\system32\DRIVERS\point64.sys
17:22:22.0193 3700 Point64 - ok
17:22:22.0295 3700 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:22:22.0363 3700 PolicyAgent - ok
17:22:22.0385 3700 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:22:22.0440 3700 Power - ok
17:22:22.0487 3700 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:22:22.0537 3700 PptpMiniport - ok
17:22:22.0559 3700 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:22:22.0613 3700 Processor - ok
17:22:22.0684 3700 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:22:22.0744 3700 ProfSvc - ok
17:22:22.0754 3700 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:22:22.0769 3700 ProtectedStorage - ok
17:22:22.0825 3700 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:22:22.0878 3700 Psched - ok
17:22:22.0926 3700 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
17:22:22.0948 3700 PxHlpa64 - ok
17:22:23.0385 3700 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:22:23.0430 3700 ql2300 - ok
17:22:23.0451 3700 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:22:23.0468 3700 ql40xx - ok
17:22:23.0476 3700 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:22:23.0496 3700 QWAVE - ok
17:22:23.0511 3700 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:22:23.0548 3700 QWAVEdrv - ok
17:22:23.0682 3700 [ F98487B25828441B1C6488C642C2AC10 ] RapportCerberus_43926 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys
17:22:23.0705 3700 RapportCerberus_43926 - ok
17:22:23.0790 3700 [ E00B1DAC20B52781A6F697235A1CE9D4 ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
17:22:23.0805 3700 RapportEI64 - ok
17:22:23.0881 3700 [ A0D6937897654813C27CB149FC4337E4 ] RapportKE64 C:\Windows\system32\Drivers\RapportKE64.sys
17:22:23.0933 3700 RapportKE64 - ok
17:22:24.0029 3700 [ 61B37C0B3FD7DA7414C20D917469BFFF ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
17:22:24.0050 3700 RapportMgmtService - ok
17:22:24.0096 3700 [ 9B5D119785654BF8219DCBD0C1925FF7 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
17:22:24.0113 3700 RapportPG64 - ok
17:22:24.0143 3700 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:22:24.0212 3700 RasAcd - ok
17:22:24.0261 3700 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:22:24.0294 3700 RasAgileVpn - ok
17:22:24.0301 3700 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:22:24.0353 3700 RasAuto - ok
17:22:24.0390 3700 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:22:24.0432 3700 Rasl2tp - ok
17:22:24.0479 3700 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:22:24.0513 3700 RasMan - ok
17:22:24.0524 3700 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:22:24.0553 3700 RasPppoe - ok
17:22:24.0606 3700 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:22:24.0664 3700 RasSstp - ok
17:22:24.0754 3700 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:22:24.0876 3700 rdbss - ok
17:22:24.0899 3700 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:22:24.0966 3700 rdpbus - ok
17:22:24.0998 3700 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:22:25.0047 3700 RDPCDD - ok
17:22:25.0070 3700 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:22:25.0120 3700 RDPENCDD - ok
17:22:25.0154 3700 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:22:25.0182 3700 RDPREFMP - ok
17:22:25.0216 3700 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:22:25.0272 3700 RDPWD - ok
17:22:25.0316 3700 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:22:25.0334 3700 rdyboost - ok
17:22:25.0448 3700 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
17:22:25.0463 3700 RealNetworks Downloader Resolver Service - ok
17:22:25.0549 3700 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:22:25.0624 3700 RemoteAccess - ok
17:22:25.0641 3700 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:22:25.0682 3700 RemoteRegistry - ok
17:22:25.0796 3700 [ BD517C7FB119997EFFBE39D5E4B37B05 ] RichVideo C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
17:22:25.0870 3700 RichVideo ( UnsignedFile.Multi.Generic ) - warning
17:22:25.0870 3700 RichVideo - detected UnsignedFile.Multi.Generic (1)
17:22:25.0896 3700 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:22:25.0930 3700 RpcEptMapper - ok
17:22:25.0978 3700 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:22:26.0020 3700 RpcLocator - ok
17:22:26.0056 3700 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:22:26.0089 3700 RpcSs - ok
17:22:26.0128 3700 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:22:26.0181 3700 rspndr - ok
17:22:26.0204 3700 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:22:26.0217 3700 SamSs - ok
17:22:26.0250 3700 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:22:26.0301 3700 sbp2port - ok
17:22:26.0313 3700 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:22:26.0359 3700 SCardSvr - ok
17:22:26.0400 3700 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:22:26.0449 3700 scfilter - ok
17:22:26.0549 3700 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:22:26.0588 3700 Schedule - ok
17:22:26.0622 3700 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:22:26.0651 3700 SCPolicySvc - ok
17:22:26.0726 3700 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:22:26.0789 3700 SDRSVC - ok
17:22:26.0910 3700 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
17:22:26.0927 3700 SeaPort - ok
17:22:26.0969 3700 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:22:27.0014 3700 secdrv - ok
17:22:27.0040 3700 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:22:27.0080 3700 seclogon - ok
17:22:27.0098 3700 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
17:22:27.0138 3700 SENS - ok
17:22:27.0160 3700 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:22:27.0214 3700 SensrSvc - ok
17:22:27.0234 3700 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:22:27.0249 3700 Serenum - ok
17:22:27.0267 3700 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:22:27.0281 3700 Serial - ok
17:22:27.0325 3700 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:22:27.0363 3700 sermouse - ok
17:22:27.0399 3700 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:22:27.0463 3700 SessionEnv - ok
17:22:27.0483 3700 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:22:27.0536 3700 sffdisk - ok
17:22:27.0550 3700 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:22:27.0583 3700 sffp_mmc - ok
17:22:27.0608 3700 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:22:27.0646 3700 sffp_sd - ok
17:22:27.0662 3700 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:22:27.0675 3700 sfloppy - ok
17:22:27.0761 3700 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
17:22:27.0782 3700 Sftfs - ok
17:22:27.0976 3700 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:22:27.0993 3700 sftlist - ok
17:22:28.0048 3700 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:22:28.0062 3700 Sftplay - ok
17:22:28.0092 3700 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:22:28.0104 3700 Sftredir - ok
17:22:28.0431 3700 [ 38F88F0DF46C4D42125EF721ABD7F6B9 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
17:22:28.0469 3700 SftService - ok
17:22:28.0478 3700 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
17:22:28.0489 3700 Sftvol - ok
17:22:28.0505 3700 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:22:28.0517 3700 sftvsa - ok
17:22:28.0670 3700 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:22:28.0737 3700 ShellHWDetection - ok
17:22:28.0757 3700 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:22:28.0772 3700 SiSRaid2 - ok
17:22:28.0781 3700 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:22:28.0794 3700 SiSRaid4 - ok
17:22:28.0844 3700 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:22:28.0857 3700 SkypeUpdate - ok
17:22:28.0870 3700 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:22:28.0899 3700 Smb - ok
17:22:28.0955 3700 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:22:29.0001 3700 SNMPTRAP - ok
17:22:29.0023 3700 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:22:29.0037 3700 spldr - ok
17:22:29.0090 3700 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:22:29.0132 3700 Spooler - ok
17:22:29.0680 3700 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:22:29.0746 3700 sppsvc - ok
17:22:29.0762 3700 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:22:29.0814 3700 sppuinotify - ok
17:22:29.0961 3700 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:22:30.0019 3700 srv - ok
17:22:30.0062 3700 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:22:30.0079 3700 srv2 - ok
17:22:30.0130 3700 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:22:30.0178 3700 srvnet - ok
17:22:30.0212 3700 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:22:30.0265 3700 SSDPSRV - ok
17:22:30.0284 3700 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:22:30.0326 3700 SstpSvc - ok
17:22:30.0365 3700 Steam Client Service - ok
17:22:30.0386 3700 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:22:30.0417 3700 stexstor - ok
17:22:30.0523 3700 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:22:30.0574 3700 stisvc - ok
17:22:30.0610 3700 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:22:30.0623 3700 swenum - ok
17:22:30.0771 3700 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:22:30.0833 3700 swprv - ok
17:22:31.0263 3700 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:22:31.0325 3700 SysMain - ok
17:22:31.0369 3700 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:22:31.0392 3700 TabletInputService - ok
17:22:31.0415 3700 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:22:31.0464 3700 TapiSrv - ok
17:22:31.0487 3700 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:22:31.0517 3700 TBS - ok
17:22:31.0658 3700 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:22:31.0698 3700 Tcpip - ok
17:22:31.0764 3700 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:22:31.0794 3700 TCPIP6 - ok
17:22:31.0857 3700 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:22:31.0874 3700 tcpipreg - ok
17:22:31.0941 3700 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:22:32.0002 3700 TDPIPE - ok
17:22:32.0043 3700 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:22:32.0083 3700 TDTCP - ok
17:22:32.0116 3700 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:22:32.0147 3700 tdx - ok
17:22:32.0179 3700 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:22:32.0195 3700 TermDD - ok
17:22:32.0338 3700 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:22:32.0401 3700 TermService - ok
17:22:32.0425 3700 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:22:32.0466 3700 Themes - ok
17:22:32.0493 3700 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:22:32.0525 3700 THREADORDER - ok
17:22:32.0537 3700 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:22:32.0583 3700 TrkWks - ok
17:22:32.0764 3700 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:22:32.0836 3700 TrustedInstaller - ok
17:22:32.0870 3700 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:22:32.0919 3700 tssecsrv - ok
17:22:32.0973 3700 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:22:33.0003 3700 TsUsbFlt - ok
17:22:33.0051 3700 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:22:33.0082 3700 tunnel - ok
17:22:33.0113 3700 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:22:33.0154 3700 uagp35 - ok
17:22:33.0200 3700 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:22:33.0271 3700 udfs - ok
17:22:33.0305 3700 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:22:33.0324 3700 UI0Detect - ok
17:22:33.0373 3700 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:22:33.0388 3700 uliagpkx - ok
17:22:33.0436 3700 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
17:22:33.0478 3700 umbus - ok
17:22:33.0511 3700 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:22:33.0546 3700 UmPass - ok
17:22:33.0667 3700 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:22:33.0718 3700 upnphost - ok
17:22:33.0770 3700 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:22:33.0819 3700 usbccgp - ok
17:22:33.0860 3700 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:22:33.0880 3700 usbcir - ok
17:22:33.0945 3700 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:22:33.0985 3700 usbehci - ok
17:22:34.0006 3700 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:22:34.0046 3700 usbhub - ok
17:22:34.0081 3700 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:22:34.0095 3700 usbohci - ok
17:22:34.0115 3700 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:22:34.0147 3700 usbprint - ok
17:22:34.0189 3700 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:22:34.0223 3700 usbscan - ok
17:22:34.0281 3700 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:22:34.0339 3700 USBSTOR - ok
17:22:34.0399 3700 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:22:34.0455 3700 usbuhci - ok
17:22:34.0475 3700 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:22:34.0530 3700 UxSms - ok
17:22:34.0553 3700 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:22:34.0575 3700 VaultSvc - ok
17:22:34.0631 3700 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:22:34.0647 3700 vdrvroot - ok
17:22:34.0709 3700 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:22:34.0743 3700 vds - ok
17:22:34.0768 3700 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:22:34.0786 3700 vga - ok
17:22:34.0813 3700 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:22:34.0868 3700 VgaSave - ok
17:22:34.0893 3700 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:22:34.0909 3700 vhdmp - ok
17:22:34.0944 3700 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:22:34.0959 3700 viaide - ok
17:22:34.0968 3700 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:22:34.0981 3700 volmgr - ok
17:22:35.0033 3700 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:22:35.0050 3700 volmgrx - ok
17:22:35.0059 3700 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:22:35.0075 3700 volsnap - ok
17:22:35.0120 3700 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:22:35.0138 3700 vsmraid - ok
17:22:35.0240 3700 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:22:35.0303 3700 VSS - ok
17:22:35.0324 3700 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:22:35.0358 3700 vwifibus - ok
17:22:35.0421 3700 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:22:35.0459 3700 W32Time - ok
17:22:35.0479 3700 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:22:35.0497 3700 WacomPen - ok
17:22:35.0537 3700 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:22:35.0584 3700 WANARP - ok
17:22:35.0609 3700 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:22:35.0638 3700 Wanarpv6 - ok
17:22:35.0703 3700 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:22:35.0739 3700 WatAdminSvc - ok
17:22:35.0798 3700 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:22:35.0890 3700 wbengine - ok
17:22:35.0904 3700 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:22:35.0925 3700 WbioSrvc - ok
17:22:35.0976 3700 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:22:36.0013 3700 wcncsvc - ok
17:22:36.0039 3700 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:22:36.0098 3700 WcsPlugInService - ok
17:22:36.0100 3700 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:22:36.0113 3700 Wd - ok
17:22:36.0170 3700 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:22:36.0196 3700 Wdf01000 - ok
17:22:36.0224 3700 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:22:36.0282 3700 WdiServiceHost - ok
17:22:36.0285 3700 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:22:36.0303 3700 WdiSystemHost - ok
17:22:36.0346 3700 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:22:36.0391 3700 WebClient - ok
17:22:36.0427 3700 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:22:36.0482 3700 Wecsvc - ok
17:22:36.0517 3700 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:22:36.0570 3700 wercplsupport - ok
17:22:36.0612 3700 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:22:36.0646 3700 WerSvc - ok
17:22:36.0919 3700 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:22:36.0952 3700 WfpLwf - ok
17:22:37.0008 3700 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
17:22:37.0025 3700 WimFltr - ok
17:22:37.0028 3700 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:22:37.0041 3700 WIMMount - ok
17:22:37.0046 3700 WinHttpAutoProxySvc - ok
17:22:37.0171 3700 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:22:37.0203 3700 Winmgmt - ok
17:22:37.0370 3700 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:22:37.0427 3700 WinRM - ok
17:22:37.0502 3700 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:22:37.0558 3700 Wlansvc - ok
17:22:38.0078 3700 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:22:38.0110 3700 wlidsvc - ok
17:22:38.0163 3700 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:22:38.0199 3700 WmiAcpi - ok
17:22:38.0253 3700 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:22:38.0289 3700 wmiApSrv - ok
17:22:38.0322 3700 WMPNetworkSvc - ok
17:22:38.0337 3700 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:22:38.0385 3700 WPCSvc - ok
17:22:38.0424 3700 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:22:38.0440 3700 WPDBusEnum - ok
17:22:38.0444 3700 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:22:38.0502 3700 ws2ifsl - ok
17:22:38.0505 3700 WSearch - ok
17:22:38.0604 3700 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:22:38.0640 3700 wuauserv - ok
17:22:38.0692 3700 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:22:38.0741 3700 WudfPf - ok
17:22:38.0793 3700 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:22:38.0807 3700 WUDFRd - ok
17:22:38.0841 3700 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:22:38.0880 3700 wudfsvc - ok
17:22:38.0885 3700 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:22:38.0908 3700 WwanSvc - ok
17:22:38.0911 3700 ================ Scan global ===============================
17:22:38.0942 3700 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:22:39.0025 3700 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
17:22:39.0044 3700 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
17:22:39.0075 3700 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:22:39.0125 3700 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:22:39.0127 3700 [Global] - ok
17:22:39.0128 3700 ================ Scan MBR ==================================
17:22:39.0146 3700 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
17:22:39.0607 3700 \Device\Harddisk0\DR0 - ok
17:22:39.0610 3700 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
17:22:39.0699 3700 \Device\Harddisk1\DR1 - ok
17:22:39.0703 3700 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk6\DR6
17:22:41.0628 3700 \Device\Harddisk6\DR6 - ok
17:22:41.0629 3700 ================ Scan VBR ==================================
17:22:41.0644 3700 [ 227140502ABBA23BEF51CAB721636E02 ] \Device\Harddisk0\DR0\Partition1
17:22:41.0645 3700 \Device\Harddisk0\DR0\Partition1 - ok
17:22:41.0655 3700 [ B6384A52CBDE7AAA6D27A22E5599F820 ] \Device\Harddisk0\DR0\Partition2
17:22:41.0657 3700 \Device\Harddisk0\DR0\Partition2 - ok
17:22:41.0658 3700 [ 608C43864B94E8C8165751F47F09824C ] \Device\Harddisk1\DR1\Partition1
17:22:41.0660 3700 \Device\Harddisk1\DR1\Partition1 - ok
17:22:41.0662 3700 [ 57B9F93432F31D1EFFBF4101F6AE1A23 ] \Device\Harddisk6\DR6\Partition1
17:22:41.0664 3700 \Device\Harddisk6\DR6\Partition1 - ok
17:22:41.0664 3700 ================ Scan active images ========================
17:22:41.0665 3700 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
17:22:41.0665 3700 C:\Windows\System32\drivers\crashdmp.sys - ok
17:22:41.0667 3700 [ 839B5FE3D48E9F35B22C21A3D5103F6C ] C:\Windows\System32\drivers\Dumpata.sys
17:22:41.0667 3700 C:\Windows\System32\drivers\Dumpata.sys - ok
17:22:41.0670 3700 [ 02062C0B390B7729EDC9E69C680A6F3C ] C:\Windows\System32\drivers\atapi.sys
17:22:41.0670 3700 C:\Windows\System32\drivers\atapi.sys - ok
17:22:41.0672 3700 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
17:22:41.0672 3700 C:\Windows\System32\drivers\dumpfve.sys - ok
17:22:41.0675 3700 [ F98487B25828441B1C6488C642C2AC10 ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys
17:22:41.0675 3700 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys - ok
17:22:41.0677 3700 [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
17:22:41.0677 3700 C:\Windows\System32\drivers\cdrom.sys - ok
17:22:41.0680 3700 [ 9B5D119785654BF8219DCBD0C1925FF7 ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
17:22:41.0680 3700 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys - ok
17:22:41.0682 3700 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
17:22:41.0682 3700 C:\Windows\System32\drivers\beep.sys - ok
17:22:41.0685 3700 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
17:22:41.0685 3700 C:\Windows\System32\drivers\null.sys - ok
17:22:41.0687 3700 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
17:22:41.0687 3700 C:\Windows\System32\drivers\RDPCDD.sys - ok
17:22:41.0690 3700 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
17:22:41.0690 3700 C:\Windows\System32\drivers\vga.sys - ok
17:22:41.0692 3700 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
17:22:41.0692 3700 C:\Windows\System32\drivers\videoprt.sys - ok
17:22:41.0695 3700 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
17:22:41.0695 3700 C:\Windows\System32\drivers\watchdog.sys - ok
17:22:41.0697 3700 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
17:22:41.0697 3700 C:\Windows\System32\drivers\msfs.sys - ok
17:22:41.0699 3700 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
17:22:41.0699 3700 C:\Windows\System32\drivers\npfs.sys - ok
17:22:41.0702 3700 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
17:22:41.0702 3700 C:\Windows\System32\drivers\RDPENCDD.sys - ok
17:22:41.0704 3700 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
17:22:41.0704 3700 C:\Windows\System32\drivers\RDPREFMP.sys - ok
17:22:41.0707 3700 [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
17:22:41.0707 3700 C:\Windows\System32\drivers\tdi.sys - ok
17:22:41.0709 3700 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
17:22:41.0709 3700 C:\Windows\System32\drivers\tdx.sys - ok
17:22:41.0711 3700 [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
17:22:41.0711 3700 C:\Windows\System32\drivers\netbt.sys - ok
17:22:41.0713 3700 [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
17:22:41.0714 3700 C:\Windows\System32\drivers\afd.sys - ok
17:22:41.0716 3700 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
17:22:41.0716 3700 C:\Windows\System32\drivers\netbios.sys - ok
17:22:41.0718 3700 [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
17:22:41.0718 3700 C:\Windows\System32\drivers\pacer.sys - ok
17:22:41.0721 3700 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
17:22:41.0721 3700 C:\Windows\System32\drivers\termdd.sys - ok
17:22:41.0723 3700 [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys
17:22:41.0723 3700 C:\Windows\System32\drivers\wanarp.sys - ok
17:22:41.0726 3700 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
17:22:41.0726 3700 C:\Windows\System32\drivers\wfplwf.sys - ok
17:22:41.0728 3700 [ E00B1DAC20B52781A6F697235A1CE9D4 ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
17:22:41.0728 3700 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys - ok
17:22:41.0731 3700 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
17:22:41.0731 3700 C:\Windows\System32\drivers\dfsc.sys - ok
17:22:41.0733 3700 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
17:22:41.0733 3700 C:\Windows\System32\drivers\discache.sys - ok
17:22:41.0736 3700 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
17:22:41.0736 3700 C:\Windows\System32\drivers\mssmbios.sys - ok
17:22:41.0739 3700 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
17:22:41.0739 3700 C:\Windows\System32\drivers\nsiproxy.sys - ok
17:22:41.0741 3700 [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
17:22:41.0741 3700 C:\Windows\System32\drivers\rdbss.sys - ok
17:22:41.0743 3700 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
17:22:41.0743 3700 C:\Windows\System32\drivers\blbdrive.sys - ok
17:22:41.0746 3700 [ ADA036632C664CAA754079041CF1F8C1 ] C:\Windows\System32\drivers\intelppm.sys
17:22:41.0746 3700 C:\Windows\System32\drivers\intelppm.sys - ok
17:22:41.0748 3700 [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
17:22:41.0748 3700 C:\Windows\System32\drivers\tunnel.sys - ok
17:22:41.0751 3700 [ 20F3CD38B107C1BD747C0EA37D450165 ] C:\Windows\System32\drivers\atikmpag.sys
17:22:41.0751 3700 C:\Windows\System32\drivers\atikmpag.sys - ok
17:22:41.0753 3700 [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
17:22:41.0753 3700 C:\Windows\System32\ntdll.dll - ok
17:22:41.0755 3700 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
17:22:41.0755 3700 C:\Windows\System32\smss.exe - ok
17:22:41.0757 3700 [ A3C0A15B39F979E8F3EABA901D72ECD7 ] C:\Windows\System32\drivers\atikmdag.sys
17:22:41.0757 3700 C:\Windows\System32\drivers\atikmdag.sys - ok
17:22:41.0760 3700 [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
17:22:41.0760 3700 C:\Windows\System32\autochk.exe - ok
17:22:41.0762 3700 [ F5BEE30450E18E6B83A5012C100616FD ] C:\Windows\System32\drivers\dxgkrnl.sys
17:22:41.0762 3700 C:\Windows\System32\drivers\dxgkrnl.sys - ok
17:22:41.0765 3700 [ 9CD68BDDF322535C02ADC8331013D13D ] C:\Windows\System32\drivers\dxgmms1.sys
17:22:41.0765 3700 C:\Windows\System32\drivers\dxgmms1.sys - ok
17:22:41.0767 3700 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
17:22:41.0767 3700 C:\Windows\System32\drivers\hdaudbus.sys - ok
17:22:41.0770 3700 [ B6AC71AAA2B10848F57FC49D55A651AF ] C:\Windows\System32\drivers\HECIx64.sys
17:22:41.0770 3700 C:\Windows\System32\drivers\HECIx64.sys - ok
17:22:41.0772 3700 [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys
17:22:41.0772 3700 C:\Windows\System32\drivers\usbport.sys - ok
17:22:41.0775 3700 [ 9D7EA8C7215D8D4AE7BE110EEE61085D ] C:\Windows\System32\drivers\k57nd60a.sys
17:22:41.0775 3700 C:\Windows\System32\drivers\k57nd60a.sys - ok
17:22:41.0777 3700 [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys
17:22:41.0777 3700 C:\Windows\System32\drivers\usbehci.sys - ok
17:22:41.0780 3700 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
17:22:41.0780 3700 C:\Windows\System32\drivers\agilevpn.sys - ok
17:22:41.0782 3700 [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
17:22:41.0782 3700 C:\Windows\System32\drivers\CompositeBus.sys - ok
17:22:41.0785 3700 [ 8E98D21EE06192492A5671A6144D092F ] C:\Windows\System32\drivers\GEARAspiWDM.sys
17:22:41.0785 3700 C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
17:22:41.0787 3700 [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
17:22:41.0787 3700 C:\Windows\System32\drivers\rasl2tp.sys - ok
17:22:41.0790 3700 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
17:22:41.0790 3700 C:\Windows\System32\drivers\ndistapi.sys - ok
17:22:41.0792 3700 [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
17:22:41.0792 3700 C:\Windows\System32\drivers\ndiswan.sys - ok
17:22:41.0795 3700 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
17:22:41.0795 3700 C:\Windows\System32\drivers\kbdclass.sys - ok
17:22:41.0797 3700 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
17:22:41.0797 3700 C:\Windows\System32\drivers\raspppoe.sys - ok
17:22:41.0800 3700 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
17:22:41.0800 3700 C:\Windows\System32\drivers\raspptp.sys - ok
17:22:41.0802 3700 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
17:22:41.0802 3700 C:\Windows\System32\drivers\rassstp.sys - ok
17:22:41.0805 3700 [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
17:22:41.0805 3700 C:\Windows\System32\drivers\ks.sys - ok
17:22:41.0807 3700 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
17:22:41.0807 3700 C:\Windows\System32\drivers\mouclass.sys - ok
17:22:41.0810 3700 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
17:22:41.0810 3700 C:\Windows\System32\drivers\swenum.sys - ok
17:22:41.0812 3700 [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
17:22:41.0812 3700 C:\Windows\System32\drivers\umbus.sys - ok
17:22:41.0815 3700 [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\Windows\System32\drivers\usbhub.sys
17:22:41.0815 3700 C:\Windows\System32\drivers\usbhub.sys - ok
17:22:41.0817 3700 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
17:22:41.0817 3700 C:\Windows\System32\drivers\ndproxy.sys - ok
17:22:41.0820 3700 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
17:22:41.0820 3700 C:\Windows\System32\drivers\drmk.sys - ok
17:22:41.0822 3700 [ 637E0753BD6DEB8EA5314A5C357EC1A0 ] C:\Windows\System32\drivers\AtiHdmi.sys
17:22:41.0822 3700 C:\Windows\System32\drivers\AtiHdmi.sys - ok
17:22:41.0824 3700 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
17:22:41.0824 3700 C:\Windows\System32\drivers\ksthunk.sys - ok
17:22:41.0827 3700 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
17:22:41.0827 3700 C:\Windows\System32\drivers\portcls.sys - ok
17:22:41.0829 3700 [ E9BEFD8C6A1DB3B544B61647DDA35F62 ] C:\Windows\System32\drivers\RTKVHD64.sys
17:22:41.0829 3700 C:\Windows\System32\drivers\RTKVHD64.sys - ok
17:22:41.0832 3700 [ 58CF58DEE26C909BD6F977B61D246295 ] C:\Windows\System32\drivers\IntcDAud.sys
17:22:41.0832 3700 C:\Windows\System32\drivers\IntcDAud.sys - ok
17:22:41.0834 3700 [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
17:22:41.0834 3700 C:\Windows\System32\user32.dll - ok
17:22:41.0837 3700 [ 1DBA462CF92D890D8F8E6472E7E8B4B4 ] C:\Windows\System32\urlmon.dll
17:22:41.0837 3700 C:\Windows\System32\urlmon.dll - ok
17:22:41.0839 3700 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
17:22:41.0839 3700 C:\Windows\System32\imm32.dll - ok
17:22:41.0841 3700 [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
17:22:41.0841 3700 C:\Windows\System32\ws2_32.dll - ok
17:22:41.0843 3700 [ A0F52880DDD164F968BE903C1FECD27E ] C:\Windows\System32\iertutil.dll
17:22:41.0843 3700 C:\Windows\System32\iertutil.dll - ok
17:22:41.0846 3700 [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
17:22:41.0846 3700 C:\Windows\System32\ole32.dll - ok
17:22:41.0848 3700 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
17:22:41.0848 3700 C:\Windows\System32\psapi.dll - ok
17:22:41.0850 3700 [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
17:22:41.0850 3700 C:\Windows\System32\oleaut32.dll - ok
17:22:41.0852 3700 [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
17:22:41.0852 3700 C:\Windows\System32\imagehlp.dll - ok
17:22:41.0855 3700 [ C6689007B3A749C49A5438DCF36E0CE4 ] C:\Windows\System32\shell32.dll
17:22:41.0855 3700 C:\Windows\System32\shell32.dll - ok
17:22:41.0857 3700 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
17:22:41.0857 3700 C:\Windows\System32\clbcatq.dll - ok
17:22:41.0860 3700 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
17:22:41.0860 3700 C:\Windows\System32\sechost.dll - ok
17:22:41.0862 3700 [ 2F8B1E3EE3545D3B5A8D56FA1AE07B65 ] C:\Windows\System32\usp10.dll
17:22:41.0862 3700 C:\Windows\System32\usp10.dll - ok
17:22:41.0864 3700 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
17:22:41.0864 3700 C:\Windows\System32\lpk.dll - ok
17:22:41.0866 3700 [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
17:22:41.0866 3700 C:\Windows\System32\setupapi.dll - ok
17:22:41.0868 3700 [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
17:22:41.0868 3700 C:\Windows\System32\Wldap32.dll - ok
17:22:41.0870 3700 [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
17:22:41.0870 3700 C:\Windows\System32\comdlg32.dll - ok
17:22:41.0872 3700 [ 5121DB613E10A46A3C5085B479026AA7 ] C:\Windows\System32\wininet.dll
17:22:41.0873 3700 C:\Windows\System32\wininet.dll - ok
17:22:41.0875 3700 [ 1DC3504CA4C57900F1557E9A3F01D272 ] C:\Windows\System32\kernel32.dll
17:22:41.0875 3700 C:\Windows\System32\kernel32.dll - ok
17:22:41.0877 3700 [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
17:22:41.0877 3700 C:\Windows\System32\gdi32.dll - ok
17:22:41.0879 3700 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
17:22:41.0879 3700 C:\Windows\System32\difxapi.dll - ok
17:22:41.0881 3700 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
17:22:41.0882 3700 C:\Windows\System32\advapi32.dll - ok
17:22:41.0884 3700 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
17:22:41.0884 3700 C:\Windows\System32\normaliz.dll - ok
17:22:41.0886 3700 [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
17:22:41.0886 3700 C:\Windows\System32\rpcrt4.dll - ok
17:22:41.0889 3700 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
17:22:41.0889 3700 C:\Windows\System32\nsi.dll - ok
17:22:41.0891 3700 [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
17:22:41.0891 3700 C:\Windows\System32\shlwapi.dll - ok
17:22:41.0894 3700 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
17:22:41.0894 3700 C:\Windows\System32\msctf.dll - ok
17:22:41.0896 3700 [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
17:22:41.0896 3700 C:\Windows\System32\msvcrt.dll - ok
17:22:41.0898 3700 [ 6F2E324703E6D22B9934C33DA48F1F01 ] C:\Windows\System32\KernelBase.dll
17:22:41.0898 3700 C:\Windows\System32\KernelBase.dll - ok
17:22:41.0901 3700 [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll
17:22:41.0901 3700 C:\Windows\System32\wintrust.dll - ok
17:22:41.0903 3700 [ 12EE6FE9268CEE6D90FDCCBF89236C65 ] C:\Windows\System32\crypt32.dll
17:22:41.0903 3700 C:\Windows\System32\crypt32.dll - ok
17:22:41.0905 3700 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
17:22:41.0905 3700 C:\Windows\System32\comctl32.dll - ok
17:22:41.0907 3700 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
17:22:41.0907 3700 C:\Windows\System32\devobj.dll - ok
17:22:41.0910 3700 [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
17:22:41.0910 3700 C:\Windows\System32\cfgmgr32.dll - ok
17:22:41.0912 3700 [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
17:22:41.0912 3700 C:\Windows\System32\msasn1.dll - ok
17:22:41.0914 3700 [ 6F1A3157A1C89435352CEB543CDB359C ] C:\Windows\System32\drivers\usbccgp.sys
17:22:41.0914 3700 C:\Windows\System32\drivers\usbccgp.sys - ok
17:22:41.0917 3700 [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys
17:22:41.0917 3700 C:\Windows\System32\drivers\usbd.sys - ok
17:22:41.0919 3700 [ E6CE7188CC47AE5DAFDAF552D370C52F ] C:\Windows\System32\drivers\dc3d.sys
17:22:41.0919 3700 C:\Windows\System32\drivers\dc3d.sys - ok
17:22:41.0922 3700 [ 49EE2E52E6CD03947DAD72F65367BE06 ] C:\Windows\System32\drivers\hidparse.sys
17:22:41.0922 3700 C:\Windows\System32\drivers\hidparse.sys - ok
17:22:41.0924 3700 [ FED648B01349A3C8395A5169DB5FB7D6 ] C:\Windows\System32\drivers\USBSTOR.SYS
17:22:41.0924 3700 C:\Windows\System32\drivers\USBSTOR.SYS - ok
17:22:41.0927 3700 [ 8B0E40E7E8BBF5ACF390465609D89FF1 ] C:\Windows\System32\drivers\hidclass.sys
17:22:41.0927 3700 C:\Windows\System32\drivers\hidclass.sys - ok
17:22:41.0929 3700 [ 9592090A7E2B61CD582B612B6DF70536 ] C:\Windows\System32\drivers\hidusb.sys
17:22:41.0929 3700 C:\Windows\System32\drivers\hidusb.sys - ok
17:22:41.0931 3700 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
17:22:41.0931 3700 C:\Windows\SysWOW64\normaliz.dll - ok
17:22:41.0934 3700 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] C:\Windows\System32\drivers\kbdhid.sys
17:22:41.0934 3700 C:\Windows\System32\drivers\kbdhid.sys - ok
17:22:41.0936 3700 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] C:\Windows\System32\drivers\mouhid.sys
17:22:41.0936 3700 C:\Windows\System32\drivers\mouhid.sys - ok
17:22:41.0939 3700 [ 5BC4D480DD527EB0CF33A67A090A130E ] C:\Windows\System32\drivers\point64.sys
17:22:41.0939 3700 C:\Windows\System32\drivers\point64.sys - ok
17:22:41.0941 3700 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
17:22:41.0941 3700 C:\Windows\System32\drivers\dxapi.sys - ok
17:22:41.0943 3700 [ C58923115CDE6071C3BF2FF063546E9F ] C:\Windows\System32\win32k.sys
17:22:41.0943 3700 C:\Windows\System32\win32k.sys - ok
17:22:41.0946 3700 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
17:22:41.0946 3700 C:\Windows\System32\basesrv.dll - ok
17:22:41.0948 3700 [ 96F587CA26A6AA894BD8CACE4540CFFC ] C:\Windows\System32\csrsrv.dll
17:22:41.0948 3700 C:\Windows\System32\csrsrv.dll - ok
17:22:41.0951 3700 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
17:22:41.0951 3700 C:\Windows\System32\csrss.exe - ok
17:22:41.0953 3700 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\System32\winsrv.dll
17:22:41.0953 3700 C:\Windows\System32\winsrv.dll - ok
17:22:41.0956 3700 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
17:22:41.0956 3700 C:\Windows\System32\drivers\monitor.sys - ok
17:22:41.0958 3700 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
17:22:41.0958 3700 C:\Windows\System32\sxssrv.dll - ok
17:22:41.0960 3700 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
17:22:41.0960 3700 C:\Windows\System32\tsddd.dll - ok
17:22:41.0963 3700 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
17:22:41.0963 3700 C:\Windows\System32\wininit.exe - ok
17:22:41.0965 3700 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
17:22:41.0965 3700 C:\Windows\System32\profapi.dll - ok
17:22:41.0967 3700 [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
17:22:41.0967 3700 C:\Windows\System32\RpcRtRemote.dll - ok
17:22:41.0969 3700 [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL
17:22:41.0969 3700 C:\Windows\System32\KBDUS.DLL - ok
17:22:41.0971 3700 [ 05569A79BF4693670B709144382D02D4 ] C:\Windows\System32\cdd.dll
17:22:41.0972 3700 C:\Windows\System32\cdd.dll - ok
17:22:41.0974 3700 [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
17:22:41.0974 3700 C:\Windows\System32\winlogon.exe - ok
17:22:41.0976 3700 [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
17:22:41.0976 3700 C:\Windows\System32\winsta.dll - ok
17:22:41.0978 3700 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
17:22:41.0978 3700 C:\Windows\System32\WlS0WndH.dll - ok
17:22:41.0981 3700 [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
17:22:41.0981 3700 C:\Windows\System32\sxs.dll - ok
17:22:41.0983 3700 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
17:22:41.0983 3700 C:\Windows\System32\cryptbase.dll - ok
17:22:41.0985 3700 [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
17:22:41.0985 3700 C:\Windows\System32\apphelp.dll - ok
17:22:41.0987 3700 [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
17:22:41.0987 3700 C:\Windows\System32\lsass.exe - ok
17:22:41.0990 3700 [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
17:22:41.0990 3700 C:\Windows\System32\lsm.exe - ok
17:22:41.0992 3700 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
17:22:41.0992 3700 C:\Windows\System32\services.exe - ok
17:22:41.0994 3700 [ 66A6063D0BAAD3F7B2B9868859E0743B ] C:\Windows\System32\lsasrv.dll
17:22:41.0994 3700 C:\Windows\System32\lsasrv.dll - ok
17:22:41.0997 3700 [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
17:22:41.0997 3700 C:\Windows\System32\samsrv.dll - ok
17:22:41.0999 3700 [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
17:22:41.0999 3700 C:\Windows\System32\scesrv.dll - ok
17:22:42.0001 3700 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
17:22:42.0001 3700 C:\Windows\System32\scext.dll - ok
17:22:42.0004 3700 [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
17:22:42.0004 3700 C:\Windows\System32\secur32.dll - ok
17:22:42.0006 3700 [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
17:22:42.0006 3700 C:\Windows\System32\sspicli.dll - ok
17:22:42.0008 3700 [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
17:22:42.0008 3700 C:\Windows\System32\sspisrv.dll - ok
17:22:42.0011 3700 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
17:22:42.0011 3700 C:\Windows\System32\sysntfy.dll - ok
17:22:42.0013 3700 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
17:22:42.0013 3700 C:\Windows\System32\wmsgapi.dll - ok
17:22:42.0015 3700 [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
17:22:42.0015 3700 C:\Windows\System32\srvcli.dll - ok
17:22:42.0017 3700 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
17:22:42.0017 3700 C:\Windows\System32\authz.dll - ok
17:22:42.0020 3700 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
17:22:42.0020 3700 C:\Windows\System32\cngaudit.dll - ok
17:22:42.0022 3700 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
17:22:42.0022 3700 C:\Windows\System32\cryptdll.dll - ok
17:22:42.0024 3700 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
17:22:42.0024 3700 C:\Windows\System32\wevtapi.dll - ok
17:22:42.0027 3700 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
17:22:42.0027 3700 C:\Windows\System32\bcrypt.dll - ok
17:22:42.0029 3700 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
17:22:42.0029 3700 C:\Windows\System32\msprivs.dll - ok
17:22:42.0031 3700 [ 400645085A91BF3EB0271329B95AE0BE ] C:\Windows\System32\ncrypt.dll
17:22:42.0031 3700 C:\Windows\System32\ncrypt.dll - ok
17:22:42.0033 3700 [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
17:22:42.0034 3700 C:\Windows\System32\netjoin.dll - ok
17:22:42.0036 3700 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
17:22:42.0036 3700 C:\Windows\System32\negoexts.dll - ok
17:22:42.0038 3700 [ E543D373382C3B76D3BC27585DEF3907 ] C:\Windows\System32\atmfd.dll
17:22:42.0038 3700 C:\Windows\System32\atmfd.dll - ok
17:22:42.0040 3700 [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll
17:22:42.0040 3700 C:\Windows\System32\kerberos.dll - ok
17:22:42.0043 3700 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
17:22:42.0043 3700 C:\Windows\System32\cryptsp.dll - ok
17:22:42.0045 3700 [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
17:22:42.0045 3700 C:\Windows\System32\mswsock.dll - ok
17:22:42.0047 3700 [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
17:22:42.0047 3700 C:\Windows\System32\dnsapi.dll - ok
17:22:42.0049 3700 [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
17:22:42.0049 3700 C:\Windows\System32\msv1_0.dll - ok
17:22:42.0052 3700 [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
17:22:42.0052 3700 C:\Windows\System32\netlogon.dll - ok
17:22:42.0055 3700 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
17:22:42.0055 3700 C:\Windows\System32\wship6.dll - ok
17:22:42.0057 3700 [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
17:22:42.0057 3700 C:\Windows\System32\logoncli.dll - ok
17:22:42.0059 3700 [ 1573C45E65DE32B1BC3572634F8F1E8E ] C:\Windows\System32\schannel.dll
17:22:42.0059 3700 C:\Windows\System32\schannel.dll - ok
17:22:42.0062 3700 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
17:22:42.0062 3700 C:\Windows\System32\wdigest.dll - ok
17:22:42.0064 3700 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
17:22:42.0064 3700 C:\Windows\System32\rsaenh.dll - ok
17:22:42.0066 3700 [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
17:22:42.0066 3700 C:\Windows\System32\TSpkg.dll - ok
17:22:42.0068 3700 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
17:22:42.0069 3700 C:\Windows\System32\pku2u.dll - ok
17:22:42.0071 3700 [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
17:22:42.0071 3700 C:\Windows\System32\bcryptprimitives.dll - ok
17:22:42.0073 3700 [ 7DBA64AD70C2E2481C68D9E0F7CD7840 ] C:\Windows\System32\LIVESSP.DLL
17:22:42.0073 3700 C:\Windows\System32\LIVESSP.DLL - ok
17:22:42.0075 3700 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
17:22:42.0075 3700 C:\Windows\System32\efslsaext.dll - ok
17:22:42.0077 3700 [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
17:22:42.0078 3700 C:\Windows\System32\credssp.dll - ok
17:22:42.0080 3700 [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
17:22:42.0080 3700 C:\Windows\System32\scecli.dll - ok
17:22:42.0082 3700 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
17:22:42.0082 3700 C:\Windows\System32\ubpm.dll - ok
17:22:42.0084 3700 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
17:22:42.0084 3700 C:\Windows\System32\svchost.exe - ok
17:22:42.0087 3700 [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
17:22:42.0087 3700 C:\Windows\System32\umpnpmgr.dll - ok
17:22:42.0089 3700 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
17:22:42.0089 3700 C:\Windows\System32\SPInf.dll - ok
17:22:42.0091 3700 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
17:22:42.0091 3700 C:\Windows\System32\devrtl.dll - ok
17:22:42.0093 3700 [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
17:22:42.0093 3700 C:\Windows\System32\userenv.dll - ok
17:22:42.0096 3700 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
17:22:42.0096 3700 C:\Windows\System32\gpapi.dll - ok
17:22:42.0098 3700 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
17:22:42.0098 3700 C:\Windows\System32\umpo.dll - ok
17:22:42.0100 3700 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
17:22:42.0100 3700 C:\Windows\System32\pcwum.dll - ok
17:22:42.0102 3700 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
17:22:42.0103 3700 C:\Windows\System32\powrprof.dll - ok
17:22:42.0105 3700 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
17:22:42.0105 3700 C:\Windows\System32\drivers\luafv.sys - ok
17:22:42.0107 3700 [ A8FE8F2783B2929B56F5370A89356CE9 ] C:\Windows\System32\drivers\mbam.sys
17:22:42.0107 3700 C:\Windows\System32\drivers\mbam.sys - ok
17:22:42.0110 3700 [ 8F571F016FA1976F445147E9E6C8AE9B ] C:\Windows\System32\drivers\Sftvollh.sys
17:22:42.0110 3700 C:\Windows\System32\drivers\Sftvollh.sys - ok
17:22:42.0112 3700 [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
17:22:42.0112 3700 C:\Windows\System32\rpcss.dll - ok
17:22:42.0114 3700 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
17:22:42.0114 3700 C:\Windows\System32\RpcEpMap.dll - ok
17:22:42.0116 3700 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
17:22:42.0116 3700 C:\Windows\System32\wshqos.dll - ok
17:22:42.0118 3700 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
17:22:42.0118 3700 C:\Windows\System32\WSHTCPIP.DLL - ok
17:22:42.0120 3700 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
17:22:42.0120 3700 C:\Windows\System32\FirewallAPI.dll - ok
17:22:42.0123 3700 [ 61B37C0B3FD7DA7414C20D917469BFFF ] C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
17:22:42.0123 3700 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe - ok
17:22:42.0125 3700 [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
17:22:42.0125 3700 C:\Windows\System32\LogonUI.exe - ok
17:22:42.0128 3700 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
17:22:42.0128 3700 C:\Windows\System32\version.dll - ok
17:22:42.0130 3700 [ 0BEE002C68E28CE6DA161DCF1376D7D7 ] C:\Windows\System32\authui.dll
17:22:42.0130 3700 C:\Windows\System32\authui.dll - ok
17:22:42.0132 3700 [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
17:22:42.0132 3700 C:\Windows\SysWOW64\ntdll.dll - ok
17:22:42.0134 3700 [ 15B30F15BD13640B337A0FC37BD48CDE ] C:\Windows\System32\wow64.dll
17:22:42.0134 3700 C:\Windows\System32\wow64.dll - ok
17:22:42.0137 3700 [ 2970785A72054740E1A5DCEB32485486 ] C:\Windows\System32\wow64win.dll
17:22:42.0137 3700 C:\Windows\System32\wow64win.dll - ok
17:22:42.0139 3700 [ 47224DF05ED704DE0BBD6835953D3DDD ] C:\Program Files (x86)\Trusteer\Rapport\bin\RapportUtil.dll
17:22:42.0139 3700 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportUtil.dll - ok
17:22:42.0142 3700 [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
17:22:42.0142 3700 C:\Windows\System32\cryptui.dll - ok
17:22:42.0144 3700 [ 98168B9B0656A01A321FF1BECB2C03E1 ] C:\Windows\System32\wow64cpu.dll
17:22:42.0144 3700 C:\Windows\System32\wow64cpu.dll - ok
17:22:42.0146 3700 [ D4F3176082566CEFA633B4945802D4C4 ] C:\Windows\SysWOW64\kernel32.dll
17:22:42.0146 3700 C:\Windows\SysWOW64\kernel32.dll - ok
17:22:42.0148 3700 [ 0978C2B33BDD0A7E6C563AA337DC8BA0 ] C:\Windows\SysWOW64\KernelBase.dll
17:22:42.0148 3700 C:\Windows\SysWOW64\KernelBase.dll - ok
17:22:42.0151 3700 [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
17:22:42.0151 3700 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok
17:22:42.0154 3700 [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
17:22:42.0154 3700 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
17:22:42.0156 3700 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
17:22:42.0156 3700 C:\Windows\SysWOW64\msvcrt.dll - ok
17:22:42.0158 3700 [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
17:22:42.0158 3700 C:\Windows\SysWOW64\user32.dll - ok
17:22:42.0161 3700 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
17:22:42.0161 3700 C:\Windows\System32\samlib.dll - ok
17:22:42.0163 3700 [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
17:22:42.0163 3700 C:\Windows\System32\shacct.dll - ok
17:22:42.0166 3700 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
17:22:42.0166 3700 C:\Windows\SysWOW64\advapi32.dll - ok
17:22:42.0168 3700 [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
17:22:42.0168 3700 C:\Windows\SysWOW64\gdi32.dll - ok
17:22:42.0171 3700 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
17:22:42.0171 3700 C:\Windows\SysWOW64\lpk.dll - ok
17:22:42.0173 3700 [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
17:22:42.0173 3700 C:\Windows\SysWOW64\rpcrt4.dll - ok
17:22:42.0175 3700 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
17:22:42.0175 3700 C:\Windows\SysWOW64\sechost.dll - ok
17:22:42.0177 3700 [ 804AAAFEBB3AD5F49334DD906BCB1DE5 ] C:\Windows\SysWOW64\usp10.dll
17:22:42.0177 3700 C:\Windows\SysWOW64\usp10.dll - ok
17:22:42.0179 3700 [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
17:22:42.0179 3700 C:\Windows\System32\propsys.dll - ok
17:22:42.0182 3700 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
17:22:42.0182 3700 C:\Windows\SysWOW64\cryptbase.dll - ok
17:22:42.0184 3700 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
17:22:42.0184 3700 C:\Windows\SysWOW64\ole32.dll - ok
17:22:42.0186 3700 [ EDA7AD21DF8945528F01F0A86D69E524 ] C:\Windows\SysWOW64\sspicli.dll
17:22:42.0186 3700 C:\Windows\SysWOW64\sspicli.dll - ok
17:22:42.0188 3700 [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\SysWOW64\crypt32.dll
17:22:42.0188 3700 C:\Windows\SysWOW64\crypt32.dll - ok
17:22:42.0191 3700 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
17:22:42.0191 3700 C:\Windows\SysWOW64\nsi.dll - ok
17:22:42.0193 3700 [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll
17:22:42.0193 3700 C:\Windows\SysWOW64\ws2_32.dll - ok
17:22:42.0195 3700 [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\SysWOW64\wtsapi32.dll
17:22:42.0195 3700 C:\Windows\SysWOW64\wtsapi32.dll - ok
17:22:42.0198 3700 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
17:22:42.0198 3700 C:\Windows\System32\uxtheme.dll - ok
17:22:42.0200 3700 [ 179E8401224D557ECFF3695F2016EA5B ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll
17:22:42.0200 3700 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll - ok
17:22:42.0203 3700 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
17:22:42.0203 3700 C:\Windows\SysWOW64\msasn1.dll - ok
17:22:42.0205 3700 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
17:22:42.0205 3700 C:\Windows\SysWOW64\psapi.dll - ok
17:22:42.0207 3700 [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\SysWOW64\shell32.dll
17:22:42.0207 3700 C:\Windows\SysWOW64\shell32.dll - ok
17:22:42.0210 3700 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
17:22:42.0210 3700 C:\Windows\System32\dui70.dll - ok
17:22:42.0212 3700 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
17:22:42.0212 3700 C:\Windows\System32\duser.dll - ok
17:22:42.0215 3700 [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
17:22:42.0215 3700 C:\Windows\System32\SndVolSSO.dll - ok
17:22:42.0217 3700 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
17:22:42.0217 3700 C:\Windows\System32\hid.dll - ok
17:22:42.0219 3700 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
17:22:42.0219 3700 C:\Windows\System32\MMDevAPI.dll - ok
17:22:42.0222 3700 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
17:22:42.0222 3700 C:\Windows\System32\dwmapi.dll - ok
17:22:42.0224 3700 [ 6F8B48F3D343E4B186AB6A9E302B7E16 ] C:\Windows\System32\xmllite.dll
17:22:42.0224 3700 C:\Windows\System32\xmllite.dll - ok
17:22:42.0226 3700 [ 26B73A85855681500BCC25C7CD9FF5B1 ] C:\Windows\System32\WindowsCodecs.dll
17:22:42.0226 3700 C:\Windows\System32\WindowsCodecs.dll - ok
17:22:42.0229 3700 [ E4FECE18310E23B1D8FEE993E35E7A6F ] C:\Program Files (x86)\Trusteer\Rapport\bin\msvcr80.dll
17:22:42.0229 3700 C:\Program Files (x86)\Trusteer\Rapport\bin\msvcr80.dll - ok
17:22:42.0231 3700 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
17:22:42.0231 3700 C:\Windows\SysWOW64\oleaut32.dll - ok
17:22:42.0233 3700 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
17:22:42.0233 3700 C:\Windows\SysWOW64\shlwapi.dll - ok
17:22:42.0236 3700 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
17:22:42.0236 3700 C:\Windows\System32\winbrand.dll - ok
17:22:42.0238 3700 [ 4C8A880EABC0B4D462CC4B2472116EA1 ] C:\Program Files (x86)\Trusteer\Rapport\bin\msvcp80.dll
17:22:42.0238 3700 C:\Program Files (x86)\Trusteer\Rapport\bin\msvcp80.dll - ok
17:22:42.0241 3700 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
17:22:42.0241 3700 C:\Windows\System32\VaultCredProvider.dll - ok
17:22:42.0243 3700 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
17:22:42.0243 3700 C:\Windows\System32\wtsapi32.dll - ok
17:22:42.0245 3700 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
17:22:42.0245 3700 C:\Windows\SysWOW64\version.dll - ok
17:22:42.0248 3700 [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
17:22:42.0248 3700 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
17:22:42.0250 3700 [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll
17:22:42.0250 3700 C:\Windows\SysWOW64\userenv.dll - ok
17:22:42.0253 3700 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
17:22:42.0253 3700 C:\Windows\SysWOW64\profapi.dll - ok
17:22:42.0255 3700 [ 7FA3A810F383588D46220967DE8B64FF ] C:\Windows\SysWOW64\wininet.dll
17:22:42.0255 3700 C:\Windows\SysWOW64\wininet.dll - ok
17:22:42.0257 3700 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
17:22:42.0257 3700 C:\Windows\System32\BioCredProv.dll - ok
17:22:42.0260 3700 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
17:22:42.0260 3700 C:\Windows\System32\winbio.dll - ok
17:22:42.0262 3700 [ 780E80E5502015EDAEC91DC0A0C96A79 ] C:\Windows\SysWOW64\iertutil.dll
17:22:42.0262 3700 C:\Windows\SysWOW64\iertutil.dll - ok
17:22:42.0265 3700 [ CC0AB40F02D2C2A12209715A3C1B07B8 ] C:\Windows\System32\credui.dll
17:22:42.0265 3700 C:\Windows\System32\credui.dll - ok
17:22:42.0267 3700 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
17:22:42.0267 3700 C:\Windows\System32\vaultcli.dll - ok
17:22:42.0269 3700 [ EEEA40F0EDB0A6E5359E539E15D0BC77 ] C:\Windows\System32\netapi32.dll
17:22:42.0269 3700 C:\Windows\System32\netapi32.dll - ok
17:22:42.0272 3700 [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
17:22:42.0272 3700 C:\Windows\System32\netutils.dll - ok
17:22:42.0274 3700 [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
17:22:42.0274 3700 C:\Windows\System32\wkscli.dll - ok
17:22:42.0277 3700 [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
17:22:42.0277 3700 C:\Windows\System32\samcli.dll - ok
17:22:42.0279 3700 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
17:22:42.0279 3700 C:\Windows\System32\certCredProvider.dll - ok
17:22:42.0283 3700 [ 032229246107C5C7211E6D1498B52D3D ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
17:22:42.0283 3700 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL - ok
17:22:42.0286 3700 [ 4266A3230981DD4434C55957F6DD497D ] C:\Windows\SysWOW64\urlmon.dll
17:22:42.0286 3700 C:\Windows\SysWOW64\urlmon.dll - ok
17:22:42.0288 3700 [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
17:22:42.0288 3700 C:\Windows\System32\rasplap.dll - ok
17:22:42.0290 3700 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
17:22:42.0290 3700 C:\Windows\System32\rasapi32.dll - ok
17:22:42.0293 3700 [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
17:22:42.0293 3700 C:\Windows\SysWOW64\imm32.dll - ok
17:22:42.0295 3700 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
17:22:42.0295 3700 C:\Windows\SysWOW64\msctf.dll - ok
17:22:42.0297 3700 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
17:22:42.0297 3700 C:\Windows\SysWOW64\wsock32.dll - ok
17:22:42.0299 3700 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
17:22:42.0299 3700 C:\Windows\System32\rasman.dll - ok
17:22:42.0301 3700 [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll
17:22:42.0301 3700 C:\Windows\System32\rtutils.dll - ok
17:22:42.0304 3700 [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\SysWOW64\msi.dll
17:22:42.0304 3700 C:\Windows\SysWOW64\msi.dll - ok
17:22:42.0306 3700 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
17:22:42.0306 3700 C:\Windows\SysWOW64\cryptsp.dll - ok
17:22:42.0308 3700 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
17:22:42.0308 3700 C:\Windows\SysWOW64\rsaenh.dll - ok
17:22:42.0311 3700 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
17:22:42.0311 3700 C:\Windows\SysWOW64\ntmarta.dll - ok
17:22:42.0313 3700 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll
17:22:42.0313 3700 C:\Windows\SysWOW64\Wldap32.dll - ok
17:22:42.0315 3700 [ 948F0B444CB6CC35FE5F9DE52420CB95 ] C:\Windows\SysWOW64\ntoskrnl.exe
17:22:42.0315 3700 C:\Windows\SysWOW64\ntoskrnl.exe - ok
17:22:42.0318 3700 [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\SysWOW64\winsta.dll
17:22:42.0318 3700 C:\Windows\SysWOW64\winsta.dll - ok
17:22:42.0320 3700 [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\SysWOW64\netapi32.dll
17:22:42.0320 3700 C:\Windows\SysWOW64\netapi32.dll - ok
17:22:42.0322 3700 [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\SysWOW64\netutils.dll
17:22:42.0322 3700 C:\Windows\SysWOW64\netutils.dll - ok
17:22:42.0325 3700 [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\SysWOW64\srvcli.dll
17:22:42.0325 3700 C:\Windows\SysWOW64\srvcli.dll - ok
17:22:42.0327 3700 [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\SysWOW64\wkscli.dll
17:22:42.0327 3700 C:\Windows\SysWOW64\wkscli.dll - ok
17:22:42.0329 3700 [ 25FB14A976A65455FE4C5579CD5628B2 ] C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.dll.data
17:22:42.0329 3700 C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.dll.data - ok
17:22:42.0332 3700 [ 4C089FA7CE5FF366E32BE3B3AEA71ED1 ] C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.dll
17:22:42.0332 3700 C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.dll - ok
17:22:42.0334 3700 [ C7F63744466A8856442DD08F6A5192BD ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksbas_x64.dll.data
17:22:42.0334 3700 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksbas_x64.dll.data - ok
17:22:42.0337 3700 [ AB892F8545DCEC70487446E7CBCFDFA6 ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksbas_x64.dll
17:22:42.0337 3700 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksbas_x64.dll - ok
17:22:42.0340 3700 [ 8BFD09CE89567C3545D0EAF3C13C3E6C ] C:\Program Files (x86)\Trusteer\Rapport\bin\rookscom.dll.data
17:22:42.0340 3700 C:\Program Files (x86)\Trusteer\Rapport\bin\rookscom.dll.data - ok
17:22:42.0342 3700 [ B4A20CB7ED000397E60E21C1CA393C09 ] C:\Program Files (x86)\Trusteer\Rapport\bin\rookscom.dll
17:22:42.0342 3700 C:\Program Files (x86)\Trusteer\Rapport\bin\rookscom.dll - ok
17:22:42.0345 3700 [ 68CC7FA1E1CCFDD779A2B548540AB3B5 ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rookscom_x64.dll
17:22:42.0345 3700 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rookscom_x64.dll - ok
17:22:42.0347 3700 [ F3EA22EE3C2B3673EAC2FC2198EF54E8 ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rookscom_x64.dll.data
17:22:42.0347 3700 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rookscom_x64.dll.data - ok
17:22:42.0350 3700 [ 9EACAEDE751B9C5E3F058E9B57F0D1D2 ] C:\Program Files (x86)\Trusteer\Rapport\bin\rooksdol.dll.data
17:22:42.0350 3700 C:\Program Files (x86)\Trusteer\Rapport\bin\rooksdol.dll.data - ok
17:22:42.0352 3700 [ 9EACAEDE751B9C5E3F058E9B57F0D1D2 ] C:\Program Files (x86)\Trusteer\Rapport\bin\rooksdol.dll
17:22:42.0352 3700 C:\Program Files (x86)\Trusteer\Rapport\bin\rooksdol.dll - ok
17:22:42.0355 3700 [ 9FB66413099DD0CA05AFF9632E093638 ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksdol_x64.dll.data
17:22:42.0355 3700 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksdol_x64.dll.data - ok
17:22:42.0358 3700 [ 9FB66413099DD0CA05AFF9632E093638 ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksdol_x64.dll
17:22:42.0358 3700 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksdol_x64.dll - ok
17:22:42.0361 3700 [ 5DB99BBD7A50F2A45A5118D9532064C4 ] C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\KoanLight.dll
17:22:42.0361 3700 C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\KoanLight.dll - ok
17:22:42.0363 3700 [ 4C8A880EABC0B4D462CC4B2472116EA1 ] C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\msvcp80.dll
17:22:42.0363 3700 C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\msvcp80.dll - ok
17:22:42.0365 3700 [ E4FECE18310E23B1D8FEE993E35E7A6F ] C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\msvcr80.dll
17:22:42.0365 3700 C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\msvcr80.dll - ok
17:22:42.0368 3700 [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\SysWOW64\oleacc.dll
17:22:42.0368 3700 C:\Windows\SysWOW64\oleacc.dll - ok
17:22:42.0370 3700 [ 3C7DEF3CBBCA6284867AA4621D5D8A54 ] C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\atl80.dll
17:22:42.0370 3700 C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\atl80.dll - ok
17:22:42.0373 3700 [ 3C7DEF3CBBCA6284867AA4621D5D8A54 ] C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\atl80.dll
17:22:42.0373 3700 C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\atl80.dll - ok
17:22:42.0375 3700 [ 4C8A880EABC0B4D462CC4B2472116EA1 ] C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\msvcp80.dll
17:22:42.0375 3700 C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\msvcp80.dll - ok
17:22:42.0378 3700 [ E4FECE18310E23B1D8FEE993E35E7A6F ] C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\msvcr80.dll
17:22:42.0378 3700 C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\msvcr80.dll - ok
17:22:42.0381 3700 [ 29820425D7B6407793C8C0ACB9622FF0 ] C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\NikkoLight.dll
17:22:42.0381 3700 C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\NikkoLight.dll - ok
17:22:42.0384 3700 [ 378C296F78EBC17E57C6CF96CD024D59 ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus.dll
17:22:42.0384 3700 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus.dll - ok
17:22:42.0386 3700 [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\SysWOW64\wintrust.dll
17:22:42.0386 3700 C:\Windows\SysWOW64\wintrust.dll - ok
17:22:42.0389 3700 [ 4C8A880EABC0B4D462CC4B2472116EA1 ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\msvcp80.dll
17:22:42.0389 3700 C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\msvcp80.dll - ok
17:22:42.0391 3700 [ 8FAC274A1CF31E180BE90586588761C7 ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP.dll
17:22:42.0391 3700 C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP.dll - ok
17:22:42.0394 3700 [ E4FECE18310E23B1D8FEE993E35E7A6F ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\msvcr80.dll
17:22:42.0394 3700 C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\msvcr80.dll - ok
17:22:42.0396 3700 [ 5BEB722294C6A21BBE79E816F4E933DA ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
17:22:42.0396 3700 C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll - ok
17:22:42.0399 3700 [ 4C8A880EABC0B4D462CC4B2472116EA1 ] C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\msvcp80.dll
17:22:42.0399 3700 C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\msvcp80.dll - ok

#13 Chuck F

Chuck F
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 31 December 2012 - 10:56 PM

TDSKILLER - Pt 2

17:22:42.0402 3700 [ F7E7EFD5A34F15D2A334341D0D26B839 ] C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\TanzanLight.dll
17:22:42.0402 3700 C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\TanzanLight.dll - ok
17:22:42.0404 3700 [ 3C7DEF3CBBCA6284867AA4621D5D8A54 ] C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\atl80.dll
17:22:42.0404 3700 C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\atl80.dll - ok
17:22:42.0407 3700 [ E4FECE18310E23B1D8FEE993E35E7A6F ] C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\msvcr80.dll
17:22:42.0407 3700 C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\msvcr80.dll - ok
17:22:42.0409 3700 [ 4C1E3649C89C7D542CD18ECC5210099D ] C:\Windows\System32\atiesrxx.exe
17:22:42.0409 3700 C:\Windows\System32\atiesrxx.exe - ok
17:22:42.0412 3700 [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
17:22:42.0412 3700 C:\Windows\System32\wevtsvc.dll - ok
17:22:42.0414 3700 [ F23FEF6D569FCE88671949894A8BECF1 ] C:\Windows\System32\audiosrv.dll
17:22:42.0414 3700 C:\Windows\System32\audiosrv.dll - ok
17:22:42.0416 3700 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] C:\Windows\System32\profsvc.dll
17:22:42.0416 3700 C:\Windows\System32\profsvc.dll - ok
17:22:42.0419 3700 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
17:22:42.0419 3700 C:\Windows\System32\avrt.dll - ok
17:22:42.0421 3700 [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
17:22:42.0421 3700 C:\Windows\System32\mmcss.dll - ok
17:22:42.0423 3700 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
17:22:42.0423 3700 C:\Windows\System32\adtschema.dll - ok
17:22:42.0426 3700 [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
17:22:42.0426 3700 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
17:22:42.0428 3700 [ B1DF2D87DC8BF6072699AC8301B37796 ] C:\Windows\System32\WUDFPlatform.dll
17:22:42.0428 3700 C:\Windows\System32\WUDFPlatform.dll - ok
17:22:42.0431 3700 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
17:22:42.0431 3700 C:\Windows\System32\netprofm.dll - ok
17:22:42.0433 3700 [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
17:22:42.0433 3700 C:\Windows\System32\drivers\fltMgr.sys - ok
17:22:42.0435 3700 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
17:22:42.0435 3700 C:\Windows\System32\PSHED.DLL - ok
17:22:42.0438 3700 [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
17:22:42.0438 3700 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
17:22:42.0440 3700 [ D5CCA1453B98A5801E6D5FF0FF89DC6C ] C:\Windows\System32\audiodg.exe
17:22:42.0440 3700 C:\Windows\System32\audiodg.exe - ok
17:22:42.0442 3700 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
17:22:42.0442 3700 C:\Windows\System32\ntmarta.dll - ok
17:22:42.0445 3700 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] C:\Windows\System32\gpsvc.dll
17:22:42.0445 3700 C:\Windows\System32\gpsvc.dll - ok
17:22:42.0447 3700 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
17:22:42.0447 3700 C:\Windows\System32\winmm.dll - ok
17:22:42.0449 3700 [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv
17:22:42.0449 3700 C:\Windows\System32\wdmaud.drv - ok
17:22:42.0451 3700 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
17:22:42.0451 3700 C:\Windows\System32\ksuser.dll - ok
17:22:42.0454 3700 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
17:22:42.0454 3700 C:\Windows\System32\atl.dll - ok
17:22:42.0456 3700 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
17:22:42.0456 3700 C:\Windows\System32\dsrole.dll - ok
17:22:42.0458 3700 [ 46BB91A169B9B31FF44EB04C48EC1D41 ] C:\Windows\System32\nlaapi.dll
17:22:42.0458 3700 C:\Windows\System32\nlaapi.dll - ok
17:22:42.0460 3700 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
17:22:42.0460 3700 C:\Windows\System32\slc.dll - ok
17:22:42.0462 3700 [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
17:22:42.0462 3700 C:\Windows\System32\themeservice.dll - ok
17:22:42.0465 3700 [ DC220AE6F64819099F7EBD6F137E32E7 ] C:\Windows\System32\AudioSes.dll
17:22:42.0465 3700 C:\Windows\System32\AudioSes.dll - ok
17:22:42.0467 3700 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
17:22:42.0467 3700 C:\Windows\System32\es.dll - ok
17:22:42.0469 3700 [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
17:22:42.0469 3700 C:\Windows\System32\msacm32.dll - ok
17:22:42.0472 3700 [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
17:22:42.0472 3700 C:\Windows\System32\msacm32.drv - ok
17:22:42.0474 3700 [ 0840ABBBDF438691EE65A20040635CBE ] C:\Program Files\Dell\DellDock\DockLogin.exe
17:22:42.0474 3700 C:\Program Files\Dell\DellDock\DockLogin.exe - ok
17:22:42.0476 3700 [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
17:22:42.0476 3700 C:\Windows\System32\comres.dll - ok
17:22:42.0478 3700 [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
17:22:42.0478 3700 C:\Windows\System32\midimap.dll - ok
17:22:42.0481 3700 [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
17:22:42.0481 3700 C:\Windows\System32\Sens.dll - ok
17:22:42.0483 3700 [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
17:22:42.0483 3700 C:\Windows\System32\AudioEng.dll - ok
17:22:42.0485 3700 [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
17:22:42.0485 3700 C:\Windows\System32\drivers\lltdio.sys - ok
17:22:42.0488 3700 [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
17:22:42.0488 3700 C:\Windows\System32\drivers\rspndr.sys - ok
17:22:42.0490 3700 [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
17:22:42.0490 3700 C:\Windows\System32\IPHLPAPI.DLL - ok
17:22:42.0492 3700 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
17:22:42.0492 3700 C:\Windows\System32\lmhsvc.dll - ok
17:22:42.0494 3700 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
17:22:42.0494 3700 C:\Windows\System32\nsisvc.dll - ok
17:22:42.0497 3700 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
17:22:42.0497 3700 C:\Windows\System32\uxsms.dll - ok
17:22:42.0499 3700 [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
17:22:42.0499 3700 C:\Windows\System32\AUDIOKSE.dll - ok
17:22:42.0501 3700 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll
17:22:42.0501 3700 C:\Windows\System32\dhcpcore.dll - ok
17:22:42.0504 3700 [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll
17:22:42.0504 3700 C:\Windows\System32\nrpsrv.dll - ok
17:22:42.0506 3700 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
17:22:42.0506 3700 C:\Windows\System32\winnsi.dll - ok
17:22:42.0508 3700 [ 3CC16A849E6092E43909F48EF0E60306 ] C:\Windows\System32\dhcpcore6.dll
17:22:42.0508 3700 C:\Windows\System32\dhcpcore6.dll - ok
17:22:42.0510 3700 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll
17:22:42.0510 3700 C:\Windows\System32\dnsrslvr.dll - ok
17:22:42.0513 3700 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
17:22:42.0513 3700 C:\Windows\System32\FWPUCLNT.DLL - ok
17:22:42.0515 3700 [ 04CFE870C30640C9A369E0FE8C654B98 ] C:\Windows\System32\MBWrp64.dll
17:22:42.0515 3700 C:\Windows\System32\MBWrp64.dll - ok
17:22:42.0517 3700 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
17:22:42.0517 3700 C:\Windows\System32\dhcpcsvc.dll - ok
17:22:42.0520 3700 [ 3C06D5A929B798D0B13F6481242A0FD2 ] C:\Windows\System32\dhcpcsvc6.dll
17:22:42.0520 3700 C:\Windows\System32\dhcpcsvc6.dll - ok
17:22:42.0522 3700 [ 4398FC24DCF85FD2B6BA3D042B41C136 ] C:\Windows\System32\MBTHX64.dll
17:22:42.0522 3700 C:\Windows\System32\MBTHX64.dll - ok
17:22:42.0524 3700 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
17:22:42.0524 3700 C:\Windows\System32\dnsext.dll - ok
17:22:42.0526 3700 [ 262F6592C3299C005FD6BEC90FC4463A ] C:\Windows\System32\schedsvc.dll
17:22:42.0526 3700 C:\Windows\System32\schedsvc.dll - ok
17:22:42.0529 3700 [ 25D74864274539330DCC4234140D11AF ] C:\Windows\System32\MBAPO64.dll
17:22:42.0529 3700 C:\Windows\System32\MBAPO64.dll - ok
17:22:42.0531 3700 [ 64817817D46F2C57694C7BBAA242008B ] C:\Windows\System32\RtkAPO64.dll
17:22:42.0531 3700 C:\Windows\System32\RtkAPO64.dll - ok
17:22:42.0533 3700 [ 6F3C559B82F2912354BE5B098744CC8C ] C:\Windows\System32\WMALFXGFXDSP.dll
17:22:42.0533 3700 C:\Windows\System32\WMALFXGFXDSP.dll - ok
17:22:42.0536 3700 [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll
17:22:42.0536 3700 C:\Windows\System32\mfplat.dll - ok
17:22:42.0538 3700 [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
17:22:42.0538 3700 C:\Windows\System32\ktmw32.dll - ok
17:22:42.0541 3700 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
17:22:42.0541 3700 C:\Windows\System32\UXInit.dll - ok
17:22:42.0543 3700 [ 16E116784B900D8A58DA4FB2FF1F0931 ] C:\Windows\System32\atieclxx.exe
17:22:42.0543 3700 C:\Windows\System32\atieclxx.exe - ok
17:22:42.0545 3700 [ F76BE04CD180721363FBD7884C90C09E ] C:\Windows\System32\atiadlxx.dll
17:22:42.0545 3700 C:\Windows\System32\atiadlxx.dll - ok
17:22:42.0547 3700 [ E36112A8A6C7F840169A7E92C12F4203 ] C:\Windows\System32\wsock32.dll
17:22:42.0547 3700 C:\Windows\System32\wsock32.dll - ok
17:22:42.0550 3700 [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7 ] C:\Windows\System32\taskcomp.dll
17:22:42.0550 3700 C:\Windows\System32\taskcomp.dll - ok
17:22:42.0552 3700 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] C:\Windows\System32\drivers\http.sys
17:22:42.0552 3700 C:\Windows\System32\drivers\http.sys - ok
17:22:42.0554 3700 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
17:22:42.0554 3700 C:\Windows\System32\imageres.dll - ok
17:22:42.0557 3700 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] C:\Windows\System32\spoolsv.exe
17:22:42.0557 3700 C:\Windows\System32\spoolsv.exe - ok
17:22:42.0559 3700 [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys
17:22:42.0559 3700 C:\Windows\System32\drivers\bowser.sys - ok
17:22:42.0561 3700 [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys
17:22:42.0561 3700 C:\Windows\System32\drivers\mrxsmb.sys - ok
17:22:42.0564 3700 [ 27E461F0BE5BFF5FC737328F749538C3 ] C:\Windows\System32\drivers\srvnet.sys
17:22:42.0564 3700 C:\Windows\System32\drivers\srvnet.sys - ok
17:22:42.0566 3700 [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys
17:22:42.0566 3700 C:\Windows\System32\drivers\mrxsmb10.sys - ok
17:22:42.0569 3700 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys
17:22:42.0569 3700 C:\Windows\System32\drivers\mrxsmb20.sys - ok
17:22:42.0571 3700 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] C:\Windows\System32\drivers\srv2.sys
17:22:42.0571 3700 C:\Windows\System32\drivers\srv2.sys - ok
17:22:42.0573 3700 [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll
17:22:42.0573 3700 C:\Windows\System32\wkssvc.dll - ok
17:22:42.0576 3700 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] C:\Windows\System32\drivers\srv.sys
17:22:42.0576 3700 C:\Windows\System32\drivers\srv.sys - ok
17:22:42.0578 3700 [ D9F42719019740BAA6D1C6D536CBDAA6 ] C:\Windows\System32\srvsvc.dll
17:22:42.0578 3700 C:\Windows\System32\srvsvc.dll - ok
17:22:42.0580 3700 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] C:\Windows\System32\browser.dll
17:22:42.0580 3700 C:\Windows\System32\browser.dll - ok
17:22:42.0582 3700 [ 81749E073AC5857B044A686B406E5244 ] C:\Windows\System32\clusapi.dll
17:22:42.0582 3700 C:\Windows\System32\clusapi.dll - ok
17:22:42.0585 3700 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
17:22:42.0585 3700 C:\Windows\System32\netmsg.dll - ok
17:22:42.0587 3700 [ FF80CAD87555E8E4D2CFD7B9058343F8 ] C:\Windows\System32\sscore.dll
17:22:42.0587 3700 C:\Windows\System32\sscore.dll - ok
17:22:42.0589 3700 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
17:22:42.0589 3700 C:\Windows\System32\resutils.dll - ok
17:22:42.0591 3700 [ F93674263F6B07C77956E966953242D9 ] C:\Windows\SysWOW64\secur32.dll
17:22:42.0592 3700 C:\Windows\SysWOW64\secur32.dll - ok
17:22:42.0594 3700 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
17:22:42.0594 3700 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
17:22:42.0597 3700 [ A5299D04ED225D64CF07A568A3E1BF8C ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:22:42.0597 3700 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
17:22:42.0599 3700 [ F9D908DE6B166DAC9B89BF62FA291CE8 ] C:\Program Files\Bonjour\mdnsNSP.dll
17:22:42.0599 3700 C:\Program Files\Bonjour\mdnsNSP.dll - ok
17:22:42.0602 3700 [ AFB5B500AD69E24ED1BC15D1161641EF ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
17:22:42.0602 3700 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok
17:22:42.0604 3700 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
17:22:42.0604 3700 C:\Windows\System32\rasadhlp.dll - ok
17:22:42.0607 3700 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
17:22:42.0607 3700 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
17:22:42.0609 3700 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
17:22:42.0609 3700 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
17:22:42.0612 3700 [ 60C079CB2150760263D1FE5FF6218961 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll
17:22:42.0612 3700 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
17:22:42.0615 3700 [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll
17:22:42.0615 3700 C:\Windows\SysWOW64\dnsapi.dll - ok
17:22:42.0617 3700 [ 64894527838C86454E2F378FF39FA336 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll
17:22:42.0617 3700 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
17:22:42.0619 3700 [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
17:22:42.0619 3700 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
17:22:42.0621 3700 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll
17:22:42.0621 3700 C:\Windows\SysWOW64\rasapi32.dll - ok
17:22:42.0624 3700 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
17:22:42.0624 3700 C:\Windows\SysWOW64\winnsi.dll - ok
17:22:42.0626 3700 [ EF8CD3C64EE9C08980D6D06CCCE46C68 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
17:22:42.0626 3700 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
17:22:42.0629 3700 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll
17:22:42.0629 3700 C:\Windows\SysWOW64\rasman.dll - ok
17:22:42.0631 3700 [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\SysWOW64\rtutils.dll
17:22:42.0631 3700 C:\Windows\SysWOW64\rtutils.dll - ok
17:22:42.0634 3700 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
17:22:42.0634 3700 C:\Windows\SysWOW64\SensApi.dll - ok
17:22:42.0636 3700 [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll
17:22:42.0636 3700 C:\Windows\SysWOW64\mswsock.dll - ok
17:22:42.0638 3700 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
17:22:42.0638 3700 C:\Windows\SysWOW64\wship6.dll - ok
17:22:42.0641 3700 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
17:22:42.0641 3700 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
17:22:42.0643 3700 [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files (x86)\Bonjour\mdnsNSP.dll
17:22:42.0643 3700 C:\Program Files (x86)\Bonjour\mdnsNSP.dll - ok
17:22:42.0646 3700 [ 12B79422A23814429CDA9E734C58F78F ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
17:22:42.0646 3700 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
17:22:42.0648 3700 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
17:22:42.0648 3700 C:\Windows\SysWOW64\rasadhlp.dll - ok
17:22:42.0651 3700 [ DF1C1CD0C7EE95CC00D71E9E415E7BCD ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
17:22:42.0651 3700 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
17:22:42.0653 3700 [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\SysWOW64\FWPUCLNT.DLL
17:22:42.0653 3700 C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
17:22:42.0656 3700 [ 78865ABC5F5D13190F8B35BD9044714A ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
17:22:42.0656 3700 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll - ok
17:22:42.0659 3700 [ FF9831030678C7B6D70BAC00F68F8976 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
17:22:42.0659 3700 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
17:22:42.0662 3700 [ FD86C605FD7AD4A41C01EC7A4A1E1C5D ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
17:22:42.0662 3700 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll - ok
17:22:42.0664 3700 [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\SysWOW64\winmm.dll
17:22:42.0664 3700 C:\Windows\SysWOW64\winmm.dll - ok
17:22:42.0667 3700 [ A3609397EF273B03295DBB10274BE12C ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
17:22:42.0667 3700 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
17:22:42.0669 3700 [ 149D74E1128A86DC9CFB2851FBEA11EB ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
17:22:42.0669 3700 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll - ok
17:22:42.0672 3700 [ F6FD367C9EAAEDF90CD7A7952AE0B336 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
17:22:42.0672 3700 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll - ok
17:22:42.0675 3700 [ 4E4EDF9CA82E95BAB2977DD9F21B00F6 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
17:22:42.0675 3700 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
17:22:42.0678 3700 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
17:22:42.0678 3700 C:\Windows\SysWOW64\setupapi.dll - ok
17:22:42.0680 3700 [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
17:22:42.0680 3700 C:\Windows\SysWOW64\cfgmgr32.dll - ok
17:22:42.0682 3700 [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll
17:22:42.0682 3700 C:\Windows\SysWOW64\devobj.dll - ok
17:22:42.0685 3700 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] C:\Program Files\Bonjour\mDNSResponder.exe
17:22:42.0685 3700 C:\Program Files\Bonjour\mDNSResponder.exe - ok
17:22:42.0687 3700 [ 062373995EAE5F0EAC9EAA9192136BFB ] C:\Windows\SysWOW64\dnssd.dll
17:22:42.0687 3700 C:\Windows\SysWOW64\dnssd.dll - ok
17:22:42.0690 3700 [ 0E1B02C9CC352A1F61703B7D1A8A2C45 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll
17:22:42.0690 3700 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
17:22:42.0692 3700 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] C:\Windows\System32\cryptsvc.dll
17:22:42.0692 3700 C:\Windows\System32\cryptsvc.dll - ok
17:22:42.0695 3700 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] C:\Windows\System32\dps.dll
17:22:42.0695 3700 C:\Windows\System32\dps.dll - ok
17:22:42.0697 3700 [ 85B16A92B117A5A800032ECD904B86DB ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:22:42.0697 3700 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe - ok
17:22:42.0700 3700 [ 8792BAB371B4B1589E015B6FD1ED3B15 ] C:\Windows\System32\cryptnet.dll
17:22:42.0700 3700 C:\Windows\System32\cryptnet.dll - ok
17:22:42.0702 3700 [ 802496CB59A30349F9A6DD22D6947644 ] C:\Windows\System32\FDResPub.dll
17:22:42.0702 3700 C:\Windows\System32\FDResPub.dll - ok
17:22:42.0705 3700 [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
17:22:42.0705 3700 C:\Windows\System32\vssapi.dll - ok
17:22:42.0707 3700 [ F1B205F932F62F94506A5F332C895DAF ] C:\Windows\System32\WSDApi.dll
17:22:42.0707 3700 C:\Windows\System32\WSDApi.dll - ok
17:22:42.0709 3700 [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
17:22:42.0709 3700 C:\Windows\System32\taskschd.dll - ok
17:22:42.0712 3700 [ A56CCBBFCCEDCE2FD9C69FED24E035E3 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
17:22:42.0712 3700 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll - ok
17:22:42.0714 3700 [ C0F7C25EEFB1C5FD554AAA801201A83C ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
17:22:42.0714 3700 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll - ok
17:22:42.0717 3700 [ AF54247F97CCF3539DE7505C09972FF9 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll
17:22:42.0717 3700 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
17:22:42.0719 3700 [ A8AD2773202A3913D1E1564BD5703183 ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll
17:22:42.0719 3700 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll - ok
17:22:42.0722 3700 [ C55516D98DD5D8F0153C2A9B4227DA86 ] C:\Windows\System32\webservices.dll
17:22:42.0722 3700 C:\Windows\System32\webservices.dll - ok
17:22:42.0724 3700 [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
17:22:42.0724 3700 C:\Windows\System32\fundisc.dll - ok
17:22:42.0726 3700 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
17:22:42.0727 3700 C:\Windows\System32\vsstrace.dll - ok
17:22:42.0729 3700 [ 20E2469DB709FC675E655CEAA11BE312 ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:22:42.0729 3700 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe - ok
17:22:42.0732 3700 [ C28FD3B37B6F18751C99E6022A2A9782 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
17:22:42.0732 3700 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
17:22:42.0734 3700 [ 18301B40411B2108076AB685B4E4B6DC ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
17:22:42.0734 3700 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll - ok
17:22:42.0737 3700 [ 8EB9DF4D405524D5EF69AE9ECB0EDD16 ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.dll
17:22:42.0737 3700 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.dll - ok
17:22:42.0739 3700 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
17:22:42.0739 3700 C:\Windows\SysWOW64\mpr.dll - ok
17:22:42.0741 3700 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
17:22:42.0741 3700 C:\Windows\System32\aepic.dll - ok
17:22:42.0744 3700 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
17:22:42.0744 3700 C:\Windows\System32\drivers\PEAuth.sys - ok
17:22:42.0746 3700 [ 8AD77806D336673F270DB31645267293 ] C:\Windows\System32\nlasvc.dll
17:22:42.0746 3700 C:\Windows\System32\nlasvc.dll - ok
17:22:42.0748 3700 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
17:22:42.0748 3700 C:\Windows\System32\pcasvc.dll - ok
17:22:42.0750 3700 [ D4FAC263861BAE06971C7F7D0A8EBF15 ] C:\Windows\System32\ncsi.dll
17:22:42.0751 3700 C:\Windows\System32\ncsi.dll - ok
17:22:42.0753 3700 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
17:22:42.0753 3700 C:\Windows\System32\sfc.dll - ok
17:22:42.0755 3700 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
17:22:42.0755 3700 C:\Windows\System32\sfc_os.dll - ok
17:22:42.0757 3700 [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
17:22:42.0757 3700 C:\Windows\System32\winhttp.dll - ok
17:22:42.0759 3700 [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
17:22:42.0759 3700 C:\Windows\System32\webio.dll - ok
17:22:42.0762 3700 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
17:22:42.0762 3700 C:\Windows\System32\ssdpapi.dll - ok
17:22:42.0764 3700 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
17:22:42.0764 3700 C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe - ok
17:22:42.0767 3700 [ 0E37FBFA79D349D672456923EC5FBBE3 ] C:\Windows\SysWOW64\msvcr100.dll
17:22:42.0767 3700 C:\Windows\SysWOW64\msvcr100.dll - ok
17:22:42.0769 3700 [ 16A252022535B680046F6E34E136D378 ] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
17:22:42.0769 3700 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - ok
17:22:42.0772 3700 [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll
17:22:42.0772 3700 C:\Windows\SysWOW64\webio.dll - ok
17:22:42.0774 3700 [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll
17:22:42.0774 3700 C:\Windows\SysWOW64\winhttp.dll - ok
17:22:42.0776 3700 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
17:22:42.0776 3700 C:\Windows\SysWOW64\clbcatq.dll - ok
17:22:42.0779 3700 [ D9A9702E43A5859896F34898D5FD3FEC ] C:\Windows\SysWOW64\msxml6.dll
17:22:42.0779 3700 C:\Windows\SysWOW64\msxml6.dll - ok
17:22:42.0781 3700 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
17:22:42.0781 3700 C:\Windows\System32\drivers\secdrv.sys - ok
17:22:42.0783 3700 [ C6CC9297BD53E5229653303E556AA539 ] C:\Windows\System32\drivers\Sftfslh.sys
17:22:42.0783 3700 C:\Windows\System32\drivers\Sftfslh.sys - ok
17:22:42.0785 3700 [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\SysWOW64\RpcRtRemote.dll
17:22:42.0786 3700 C:\Windows\SysWOW64\RpcRtRemote.dll - ok
17:22:42.0788 3700 [ 390AA7BC52CEE43F6790CDEA1E776703 ] C:\Windows\System32\drivers\Sftplaylh.sys
17:22:42.0788 3700 C:\Windows\System32\drivers\Sftplaylh.sys - ok
17:22:42.0791 3700 [ C3CDDD18F43D44AB713CF8C4916F7696 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:22:42.0791 3700 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe - ok
17:22:42.0793 3700 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
17:22:42.0793 3700 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
17:22:42.0796 3700 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
17:22:42.0796 3700 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
17:22:42.0798 3700 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
17:22:42.0798 3700 C:\Windows\System32\aeevts.dll - ok
17:22:42.0801 3700 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
17:22:42.0801 3700 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
17:22:42.0803 3700 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
17:22:42.0803 3700 C:\Windows\SysWOW64\credssp.dll - ok
17:22:42.0806 3700 [ F07AF60B152221472FBDB2FECEC4896D ] C:\Program Files (x86)\Skype\Updater\Updater.exe
17:22:42.0806 3700 C:\Program Files (x86)\Skype\Updater\Updater.exe - ok
17:22:42.0808 3700 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] C:\Windows\System32\drivers\tcpipreg.sys
17:22:42.0808 3700 C:\Windows\System32\drivers\tcpipreg.sys - ok
17:22:42.0810 3700 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] C:\Windows\System32\sysmain.dll
17:22:42.0810 3700 C:\Windows\System32\sysmain.dll - ok
17:22:42.0813 3700 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
17:22:42.0813 3700 C:\Windows\System32\wbem\WMIsvc.dll - ok
17:22:42.0815 3700 [ 2BACD71123F42CEA603F4E205E1AE337 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:22:42.0815 3700 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok
17:22:42.0818 3700 [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
17:22:42.0818 3700 C:\Windows\System32\trkwks.dll - ok
17:22:42.0820 3700 [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
17:22:42.0820 3700 C:\Windows\System32\wbemcomn.dll - ok
17:22:42.0823 3700 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
17:22:42.0823 3700 C:\Windows\System32\wbem\WinMgmtR.dll - ok
17:22:42.0825 3700 [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
17:22:42.0825 3700 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
17:22:42.0827 3700 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
17:22:42.0827 3700 C:\Windows\System32\wbem\fastprox.dll - ok
17:22:42.0830 3700 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
17:22:42.0830 3700 C:\Windows\System32\ntdsapi.dll - ok
17:22:42.0832 3700 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
17:22:42.0832 3700 C:\Windows\System32\SensApi.dll - ok
17:22:42.0834 3700 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
17:22:42.0834 3700 C:\Windows\System32\wbem\wbemprox.dll - ok
17:22:42.0837 3700 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
17:22:42.0837 3700 C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok
17:22:42.0839 3700 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
17:22:42.0839 3700 C:\Windows\System32\wer.dll - ok
17:22:42.0841 3700 [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
17:22:42.0841 3700 C:\Windows\System32\wbem\wbemcore.dll - ok
17:22:42.0844 3700 [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
17:22:42.0844 3700 C:\Windows\System32\WinSCard.dll - ok
17:22:42.0846 3700 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
17:22:42.0846 3700 C:\Windows\System32\wbem\esscli.dll - ok
17:22:42.0849 3700 [ 13693B6354DD6E72DC5131DA7D764B90 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:22:42.0849 3700 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe - ok
17:22:42.0850 3700 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
17:22:42.0850 3700 C:\Windows\System32\wbem\wbemsvc.dll - ok
17:22:42.0853 3700 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
17:22:42.0853 3700 C:\Windows\System32\wbem\wmiutils.dll - ok
17:22:42.0856 3700 [ 6177E1A8F215576A56D437B48A00848B ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftsync.dll
17:22:42.0856 3700 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftsync.dll - ok
17:22:42.0858 3700 [ 295E1F2BC1AFDAFD98FF426BCE524BA9 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftuser.dll
17:22:42.0858 3700 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftuser.dll - ok
17:22:42.0861 3700 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
17:22:42.0861 3700 C:\Windows\System32\wbem\repdrvfs.dll - ok
17:22:42.0863 3700 [ A733CC986EB51F8FBF598B981DC19FBA ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftcore.dll
17:22:42.0863 3700 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftcore.dll - ok
17:22:42.0865 3700 [ 32BFCF1CA719F2A3A31C721BD5F90303 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftpsr.dll
17:22:42.0865 3700 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftpsr.dll - ok
17:22:42.0868 3700 [ 40EE4E67311F4019CCA2120D88C60576 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftfsi_wow64.dll
17:22:42.0868 3700 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftfsi_wow64.dll - ok
17:22:42.0871 3700 [ 08F0BE836428436724EE15964AE8A2E1 ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
17:22:42.0871 3700 C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll - ok
17:22:42.0873 3700 [ 945E54F23C72D37B8CD1987AF0DB63BF ] C:\Windows\System32\fveapi.dll
17:22:42.0873 3700 C:\Windows\System32\fveapi.dll - ok
17:22:42.0875 3700 [ 0B2D65FDDE31069299AA6330F359FF9C ] C:\Windows\System32\msxml3.dll
17:22:42.0875 3700 C:\Windows\System32\msxml3.dll - ok
17:22:42.0878 3700 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
17:22:42.0878 3700 C:\Windows\System32\tbs.dll - ok
17:22:42.0880 3700 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
17:22:42.0880 3700 C:\Windows\System32\fvecerts.dll - ok
17:22:42.0882 3700 [ 09AB81CEE443569D9A3CC151DDF70444 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftcomp.dll
17:22:42.0882 3700 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftcomp.dll - ok
17:22:42.0885 3700 [ 8EA53101FF2B15BDFF934B62A8FB326D ] C:\Windows\SysWOW64\logoncli.dll
17:22:42.0885 3700 C:\Windows\SysWOW64\logoncli.dll - ok
17:22:42.0887 3700 [ 0ADC83218B66A6DB380C330836F3E36D ] C:\Windows\System32\drivers\fastfat.sys
17:22:42.0887 3700 C:\Windows\System32\drivers\fastfat.sys - ok
17:22:42.0890 3700 [ 617E29A0B0A2807466560D4C4E338D3E ] C:\Windows\System32\drivers\Sftredirlh.sys
17:22:42.0890 3700 C:\Windows\System32\drivers\Sftredirlh.sys - ok
17:22:42.0892 3700 [ 1EBE9524683C7C4EED8B8BC93FB6FBCC ] C:\Windows\SysWOW64\fltLib.dll
17:22:42.0892 3700 C:\Windows\SysWOW64\fltLib.dll - ok
17:22:42.0894 3700 [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
17:22:42.0894 3700 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
17:22:42.0897 3700 [ 3D3CBD1847F980FB03343A63671E7886 ] C:\Windows\SysWOW64\schannel.dll
17:22:42.0897 3700 C:\Windows\SysWOW64\schannel.dll - ok
17:22:42.0899 3700 [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
17:22:42.0899 3700 C:\Windows\System32\dssenh.dll - ok
17:22:42.0901 3700 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
17:22:42.0901 3700 C:\Windows\System32\ncobjapi.dll - ok
17:22:42.0904 3700 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
17:22:42.0904 3700 C:\Windows\System32\wbem\wbemess.dll - ok
17:22:42.0906 3700 [ 2A46FFE841EC43001D5A293A54DB34DE ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
17:22:42.0906 3700 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok
17:22:42.0909 3700 [ 72794D112CBAFF3BC0C29BF7350D4741 ] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
17:22:42.0909 3700 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE - ok
17:22:42.0911 3700 [ C797D1677BA81306AFBB9FA8A9A8F483 ] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSHARED.DLL
17:22:42.0912 3700 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSHARED.DLL - ok
17:22:42.0914 3700 [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\SysWOW64\dbghelp.dll
17:22:42.0914 3700 C:\Windows\SysWOW64\dbghelp.dll - ok
17:22:42.0916 3700 [ 108C2CFA5527458C096A699929ECBD80 ] C:\Windows\SysWOW64\credui.dll
17:22:42.0916 3700 C:\Windows\SysWOW64\credui.dll - ok
17:22:42.0918 3700 [ 565A30B70BE8A9B171839003F2D69683 ] C:\Windows\SysWOW64\hlink.dll
17:22:42.0918 3700 C:\Windows\SysWOW64\hlink.dll - ok
17:22:42.0921 3700 [ 74AF1FFCAFD60DA88A386AE161F56438 ] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\en-us\CVHIntl.dll
17:22:42.0921 3700 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\en-us\CVHIntl.dll - ok
17:22:42.0924 3700 [ B08E3476F0874DBAD672D0AC4FB2580B ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftintf.dll
17:22:42.0924 3700 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftintf.dll - ok
17:22:42.0926 3700 [ 1128637CAD49A8E3C8B5FA5D0A061525 ] C:\Windows\SysWOW64\cryptdll.dll
17:22:42.0926 3700 C:\Windows\SysWOW64\cryptdll.dll - ok
17:22:42.0929 3700 [ 4C1E16B9A53102C8D6FBA587CBCB95DE ] C:\Windows\SysWOW64\msv1_0.dll
17:22:42.0929 3700 C:\Windows\SysWOW64\msv1_0.dll - ok
17:22:42.0931 3700 [ 1CDEA9188899E76D4FFD54C9D512CCDB ] C:\Windows\SysWOW64\msxml3.dll
17:22:42.0931 3700 C:\Windows\SysWOW64\msxml3.dll - ok
17:22:42.0933 3700 [ BD9EB3958F213F96B97B1D897DEE006D ] C:\Windows\System32\hidserv.dll
17:22:42.0933 3700 C:\Windows\System32\hidserv.dll - ok
17:22:42.0936 3700 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
17:22:42.0936 3700 C:\Windows\System32\wdi.dll - ok
17:22:42.0938 3700 [ 93221146D4EBBF314C29B23CD6CC391D ] C:\Windows\System32\wpdbusenum.dll
17:22:42.0938 3700 C:\Windows\System32\wpdbusenum.dll - ok
17:22:42.0940 3700 [ 4449D23E8F197862F1B16F1E6C89C36C ] C:\Windows\System32\diagperf.dll
17:22:42.0940 3700 C:\Windows\System32\diagperf.dll - ok
17:22:42.0943 3700 [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
17:22:42.0943 3700 C:\Windows\System32\PortableDeviceApi.dll - ok
17:22:42.0945 3700 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
17:22:42.0945 3700 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
17:22:42.0948 3700 [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll
17:22:42.0948 3700 C:\Windows\System32\umb.dll - ok
17:22:42.0950 3700 [ DDA4CAF29D8C0A297F886BFE561E6659 ] C:\Windows\System32\drivers\WUDFRd.sys
17:22:42.0950 3700 C:\Windows\System32\drivers\WUDFRd.sys - ok
17:22:42.0953 3700 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
17:22:42.0953 3700 C:\Windows\System32\Apphlpdm.dll - ok
17:22:42.0955 3700 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
17:22:42.0955 3700 C:\Windows\System32\perftrack.dll - ok
17:22:42.0957 3700 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
17:22:42.0957 3700 C:\Windows\System32\pnpts.dll - ok
17:22:42.0959 3700 [ E811F8510B133E70CF6E509FB809824F ] C:\Windows\System32\wdiasqmmodule.dll
17:22:42.0959 3700 C:\Windows\System32\wdiasqmmodule.dll - ok
17:22:42.0962 3700 [ AB886378EEB55C6C75B4F2D14B6C869F ] C:\Windows\System32\drivers\WUDFPf.sys
17:22:42.0962 3700 C:\Windows\System32\drivers\WUDFPf.sys - ok
17:22:42.0964 3700 [ B20F051B03A966392364C83F009F7D17 ] C:\Windows\System32\WUDFSvc.dll
17:22:42.0964 3700 C:\Windows\System32\WUDFSvc.dll - ok
17:22:42.0967 3700 [ 8ABFE00F213F2571498F1B8FD7939A98 ] C:\Windows\System32\WUDFHost.exe
17:22:42.0967 3700 C:\Windows\System32\WUDFHost.exe - ok
17:22:42.0969 3700 [ 25AE683DCB4AE7E6F1B193A0CB9DB35F ] C:\Windows\System32\WUDFx.dll
17:22:42.0969 3700 C:\Windows\System32\WUDFx.dll - ok
17:22:42.0971 3700 [ 91D6F0AB79AA36FFB932157865206F35 ] C:\Windows\System32\drivers\UMDF\WpdFs.dll
17:22:42.0971 3700 C:\Windows\System32\drivers\UMDF\WpdFs.dll - ok
17:22:42.0974 3700 [ 9864D52F15AD32094A636C6B5281D9E7 ] C:\Windows\System32\WMVCORE.DLL
17:22:42.0974 3700 C:\Windows\System32\WMVCORE.DLL - ok
17:22:42.0976 3700 [ AACC48FE239F0DF126DA2F28930A5B83 ] C:\Windows\System32\WMASF.DLL
17:22:42.0976 3700 C:\Windows\System32\WMASF.DLL - ok
17:22:42.0978 3700 [ 389CA818132C1D7DCF0C791E8D9035DE ] C:\Windows\System32\PortableDeviceClassExtension.dll
17:22:42.0978 3700 C:\Windows\System32\PortableDeviceClassExtension.dll - ok
17:22:42.0981 3700 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
17:22:42.0981 3700 C:\Windows\System32\PortableDeviceTypes.dll - ok
17:22:42.0983 3700 [ 517110BD83835338C037269E603DB55D ] C:\Windows\System32\taskhost.exe
17:22:42.0983 3700 C:\Windows\System32\taskhost.exe - ok
17:22:42.0985 3700 [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
17:22:42.0985 3700 C:\Windows\System32\dimsjob.dll - ok
17:22:42.0987 3700 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
17:22:42.0988 3700 C:\Windows\System32\npmproxy.dll - ok
17:22:42.0990 3700 [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
17:22:42.0990 3700 C:\Windows\System32\NapiNSP.dll - ok
17:22:42.0992 3700 [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
17:22:42.0992 3700 C:\Windows\System32\pnrpnsp.dll - ok
17:22:42.0994 3700 [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
17:22:42.0994 3700 C:\Windows\System32\winrnr.dll - ok
17:22:42.0996 3700 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
17:22:42.0996 3700 C:\Windows\SysWOW64\bcrypt.dll - ok
17:22:42.0999 3700 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
17:22:42.0999 3700 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
17:22:43.0001 3700 [ 591FE0A6CEB19BF886CEB1331F591940 ] C:\Windows\SysWOW64\ncrypt.dll
17:22:43.0001 3700 C:\Windows\SysWOW64\ncrypt.dll - ok
17:22:43.0003 3700 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
17:22:43.0003 3700 C:\Windows\SysWOW64\gpapi.dll - ok
17:22:43.0006 3700 [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\SysWOW64\cryptnet.dll
17:22:43.0006 3700 C:\Windows\SysWOW64\cryptnet.dll - ok
17:22:43.0008 3700 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
17:22:43.0008 3700 C:\Windows\System32\radardt.dll - ok
17:22:43.0010 3700 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
17:22:43.0010 3700 C:\Windows\System32\dllhost.exe - ok
17:22:43.0013 3700 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
17:22:43.0013 3700 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
17:22:43.0015 3700 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
17:22:43.0015 3700 C:\Windows\System32\IDStore.dll - ok
17:22:43.0017 3700 [ 12E33DD823D74680DE6F33BFA359EFB3 ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
17:22:43.0018 3700 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe - ok
17:22:43.0020 3700 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
17:22:43.0020 3700 C:\Windows\System32\PlaySndSrv.dll - ok
17:22:43.0022 3700 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\SysWOW64\apphelp.dll
17:22:43.0022 3700 C:\Windows\SysWOW64\apphelp.dll - ok
17:22:43.0024 3700 [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe
17:22:43.0024 3700 C:\Windows\System32\AtBroker.exe - ok
17:22:43.0027 3700 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
17:22:43.0027 3700 C:\Windows\System32\mpr.dll - ok
17:22:43.0029 3700 [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
17:22:43.0029 3700 C:\Windows\System32\userinit.exe - ok
17:22:43.0031 3700 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
17:22:43.0031 3700 C:\Windows\System32\dwm.exe - ok
17:22:43.0033 3700 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
17:22:43.0033 3700 C:\Windows\System32\MsCtfMonitor.dll - ok
17:22:43.0036 3700 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
17:22:43.0036 3700 C:\Windows\System32\msutb.dll - ok
17:22:43.0038 3700 [ FCFCD1101C5DA23B4B95F93D02B2C169 ] C:\Windows\System32\dwmredir.dll
17:22:43.0038 3700 C:\Windows\System32\dwmredir.dll - ok
17:22:43.0040 3700 [ 4BA77A5EF71C14C764B0ED4701683E3E ] C:\Windows\System32\dwmcore.dll
17:22:43.0040 3700 C:\Windows\System32\dwmcore.dll - ok
17:22:43.0042 3700 [ 9BB99503D6A4DD62569EDE9E5E2672A5 ] C:\Windows\System32\HotStartUserAgent.dll
17:22:43.0042 3700 C:\Windows\System32\HotStartUserAgent.dll - ok
17:22:43.0045 3700 [ 94DFBB481BF51158B216E23C5C1C9D6E ] C:\Windows\System32\certcli.dll
17:22:43.0045 3700 C:\Windows\System32\certcli.dll - ok
17:22:43.0047 3700 [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll
17:22:43.0047 3700 C:\Windows\System32\pautoenr.dll - ok
17:22:43.0049 3700 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
17:22:43.0049 3700 C:\Windows\SysWOW64\dwmapi.dll - ok
17:22:43.0052 3700 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
17:22:43.0052 3700 C:\Windows\SysWOW64\uxtheme.dll - ok
17:22:43.0054 3700 [ 263B26106606A010CF877472B535E4BB ] C:\Windows\System32\CertEnroll.dll
17:22:43.0054 3700 C:\Windows\System32\CertEnroll.dll - ok
17:22:43.0056 3700 [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe
17:22:43.0056 3700 C:\Windows\explorer.exe - ok
17:22:43.0059 3700 [ E1374D37477322D4956604711008C69D ] C:\Windows\System32\d3d10_1.dll
17:22:43.0059 3700 C:\Windows\System32\d3d10_1.dll - ok
17:22:43.0061 3700 [ 426BA4E737A7988FD1202AF2F2B2F4A6 ] C:\Windows\System32\d3d10_1core.dll
17:22:43.0061 3700 C:\Windows\System32\d3d10_1core.dll - ok
17:22:43.0063 3700 [ F404E59DB6A0F122AB26BF4F3E2FD0FA ] C:\Windows\System32\dxgi.dll
17:22:43.0063 3700 C:\Windows\System32\dxgi.dll - ok
17:22:43.0066 3700 [ 8696D6FA6F96F34EB9151704ABAF133A ] C:\Windows\System32\aticfx64.dll
17:22:43.0066 3700 C:\Windows\System32\aticfx64.dll - ok
17:22:43.0068 3700 [ 297A16EB62460FF10506539AAC515527 ] C:\Windows\System32\atiuxp64.dll
17:22:43.0068 3700 C:\Windows\System32\atiuxp64.dll - ok
17:22:43.0070 3700 [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
17:22:43.0070 3700 C:\Windows\System32\ExplorerFrame.dll - ok
17:22:43.0072 3700 [ FA705724D337C7555FE22C0D4E93F790 ] C:\Windows\System32\atidxx64.dll
17:22:43.0072 3700 C:\Windows\System32\atidxx64.dll - ok
17:22:43.0075 3700 [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\SysWOW64\cscapi.dll
17:22:43.0075 3700 C:\Windows\SysWOW64\cscapi.dll - ok
17:22:43.0077 3700 [ 284B59D7B56FC76C80E622AB856B1FAB ] C:\Windows\SysWOW64\davclnt.dll
17:22:43.0077 3700 C:\Windows\SysWOW64\davclnt.dll - ok
17:22:43.0079 3700 [ 179BECE8D1A4C488DDB7191FF9BE3FB0 ] C:\Windows\SysWOW64\davhlpr.dll
17:22:43.0079 3700 C:\Windows\SysWOW64\davhlpr.dll - ok
17:22:43.0082 3700 [ D6692338B985D4A0CA52B828314D897D ] C:\Windows\SysWOW64\drprov.dll
17:22:43.0082 3700 C:\Windows\SysWOW64\drprov.dll - ok
17:22:43.0084 3700 [ D7B7159BC8374E87D8C45A30377A3440 ] C:\Windows\SysWOW64\ntlanman.dll
17:22:43.0084 3700 C:\Windows\SysWOW64\ntlanman.dll - ok
17:22:43.0086 3700 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
17:22:43.0086 3700 C:\Windows\System32\EhStorShell.dll - ok
17:22:43.0088 3700 [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll
17:22:43.0088 3700 C:\Windows\System32\ntshrui.dll - ok
17:22:43.0091 3700 [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
17:22:43.0091 3700 C:\Windows\System32\cscapi.dll - ok
17:22:43.0093 3700 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
17:22:43.0093 3700 C:\Windows\System32\IconCodecService.dll - ok
17:22:43.0095 3700 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] C:\Windows\System32\appinfo.dll
17:22:43.0095 3700 C:\Windows\System32\appinfo.dll - ok
17:22:43.0097 3700 [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll
17:22:43.0097 3700 C:\Windows\System32\uDWM.dll - ok
17:22:43.0100 3700 [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
17:22:43.0100 3700 C:\Windows\System32\runonce.exe - ok
17:22:43.0102 3700 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
17:22:43.0102 3700 C:\Windows\SysWOW64\runonce.exe - ok
17:22:43.0104 3700 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\SysWOW64\propsys.dll
17:22:43.0104 3700 C:\Windows\SysWOW64\propsys.dll - ok
17:22:43.0107 3700 [ 2E1BFF06765597930EFC259D6BFE5F7B ] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
17:22:43.0107 3700 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe - ok
17:22:43.0109 3700 [ 96C70BD48D49B87475F4572DEDC62EB9 ] C:\Windows\AppPatch\AcLayers.dll
17:22:43.0109 3700 C:\Windows\AppPatch\AcLayers.dll - ok
17:22:43.0112 3700 [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\SysWOW64\winspool.drv
17:22:43.0112 3700 C:\Windows\SysWOW64\winspool.drv - ok
17:22:43.0114 3700 [ 0A0BED9DBCD1CA8363464AAEB6E0BD11 ] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
17:22:43.0114 3700 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe - ok
17:22:43.0116 3700 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
17:22:43.0116 3700 C:\Windows\SysWOW64\sfc.dll - ok
17:22:43.0118 3700 [ 162D247E995EAEBF3EF4289069E1111C ] C:\Windows\SysWOW64\devrtl.dll
17:22:43.0118 3700 C:\Windows\SysWOW64\devrtl.dll - ok
17:22:43.0120 3700 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
17:22:43.0120 3700 C:\Windows\SysWOW64\sfc_os.dll - ok
17:22:43.0123 3700 [ 98F4A233F663AC23D0840CF6B5C92DAB ] C:\Program Files (x86)\Dell DataSafe Local Backup\STString.dll
17:22:43.0123 3700 C:\Program Files (x86)\Dell DataSafe Local Backup\STString.dll - ok
17:22:43.0125 3700 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\SysWOW64\cmd.exe
17:22:43.0125 3700 C:\Windows\SysWOW64\cmd.exe - ok
17:22:43.0127 3700 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
17:22:43.0127 3700 C:\Windows\System32\aelupsvc.dll - ok
17:22:43.0130 3700 [ 9A2761509A091E2417F686C4905B8626 ] C:\Program Files (x86)\Dell DataSafe Local Backup\STXml.dll
17:22:43.0130 3700 C:\Program Files (x86)\Dell DataSafe Local Backup\STXml.dll - ok
17:22:43.0132 3700 [ 3326166011C9BC13D6A8EFD856E9921C ] C:\Windows\System32\conhost.exe
17:22:43.0132 3700 C:\Windows\System32\conhost.exe - ok
17:22:43.0135 3700 [ FC97CD33E6D4925DE3625184FAB66000 ] C:\Program Files (x86)\Dell DataSafe Local Backup\STStringArray.dll
17:22:43.0135 3700 C:\Program Files (x86)\Dell DataSafe Local Backup\STStringArray.dll - ok
17:22:43.0138 3700 [ 46C2810AB10A6D42EE3BCCCD8F65FF9F ] C:\Program Files (x86)\Dell DataSafe Local Backup\CSTError.dll
17:22:43.0138 3700 C:\Program Files (x86)\Dell DataSafe Local Backup\CSTError.dll - ok
17:22:43.0140 3700 [ EAE56E192458B5F6E1431BDAD9246F27 ] C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
17:22:43.0140 3700 C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll - ok
17:22:43.0143 3700 [ 536676DCDE7C6AB29AA13D4424B30A2A ] C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
17:22:43.0143 3700 C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll - ok
17:22:43.0145 3700 [ B3209968E997AC1EABA3300413E82F00 ] C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
17:22:43.0145 3700 C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll - ok
17:22:43.0148 3700 [ 0D9CD9993488E1988461661B6E9E0344 ] C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
17:22:43.0148 3700 C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll - ok
17:22:43.0150 3700 [ BA0D0CB485EFB0CC545F3BD84A013C1C ] C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
17:22:43.0150 3700 C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll - ok
17:22:43.0153 3700 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
17:22:43.0153 3700 C:\Windows\SysWOW64\winbrand.dll - ok
17:22:43.0155 3700 [ F85306440710DA9BC52DA17A98683160 ] C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
17:22:43.0155 3700 C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll - ok
17:22:43.0158 3700 [ A2FF99FB2806EF4FF9A49F24318F5AAD ] C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
17:22:43.0158 3700 C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll - ok
17:22:43.0161 3700 [ 101F15BCCCEFB719F04009083CA7D0EA ] C:\Program Files (x86)\Dell DataSafe Local Backup\STSystems.dll
17:22:43.0161 3700 C:\Program Files (x86)\Dell DataSafe Local Backup\STSystems.dll - ok
17:22:43.0163 3700 [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\SysWOW64\comdlg32.dll
17:22:43.0163 3700 C:\Windows\SysWOW64\comdlg32.dll - ok
17:22:43.0166 3700 [ 5466DCAEF5A648E04D1B6580F2C901B5 ] C:\Windows\SysWOW64\ieframe.dll
17:22:43.0166 3700 C:\Windows\SysWOW64\ieframe.dll - ok
17:22:43.0168 3700 [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\SysWOW64\oledlg.dll
17:22:43.0168 3700 C:\Windows\SysWOW64\oledlg.dll - ok
17:22:43.0170 3700 [ 6D8E511CA771DB75E25722239D4E5346 ] C:\Program Files (x86)\Dell DataSafe Local Backup\SetMUILanguage.exe
17:22:43.0170 3700 C:\Program Files (x86)\Dell DataSafe Local Backup\SetMUILanguage.exe - ok
17:22:43.0172 3700 [ BE247AE996A9FDE007A27B51413A6C79 ] C:\Windows\SysWOW64\shdocvw.dll
17:22:43.0172 3700 C:\Windows\SysWOW64\shdocvw.dll - ok
17:22:43.0175 3700 [ 718AE0C32E657AE10128406234252B62 ] C:\Program Files (x86)\Dell DataSafe Local Backup\STDisks.dll
17:22:43.0175 3700 C:\Program Files (x86)\Dell DataSafe Local Backup\STDisks.dll - ok
17:22:43.0178 3700 [ C7A4F482A15656827CC019CEBEA03DDE ] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STSCheduler.dll
17:22:43.0178 3700 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STSCheduler.dll - ok
17:22:43.0181 3700 [ 5AF04304B18FC7C33213324BEF291EB1 ] C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
17:22:43.0181 3700 C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll - ok
17:22:43.0183 3700 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Chuck Foster\AppData\Local\Temp\4B2D6A33-ABEE-49C3-AB4C-510925848E01.exe
17:22:43.0183 3700 C:\Users\Chuck Foster\AppData\Local\Temp\4B2D6A33-ABEE-49C3-AB4C-510925848E01.exe - ok
17:22:43.0186 3700 [ 4F2659160AFCCA990305816946F69407 ] C:\Windows\SysWOW64\taskeng.exe
17:22:43.0186 3700 C:\Windows\SysWOW64\taskeng.exe - ok
17:22:43.0188 3700 [ 65EA57712340C09B1B0C427B4848AE05 ] C:\Windows\System32\taskeng.exe
17:22:43.0188 3700 C:\Windows\System32\taskeng.exe - ok
17:22:43.0190 3700 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\SysWOW64\wbem\wbemprox.dll
17:22:43.0190 3700 C:\Windows\SysWOW64\wbem\wbemprox.dll - ok
17:22:43.0193 3700 [ 5225207BDE8C090CE92A18C61180650C ] C:\Windows\System32\vdsldr.exe
17:22:43.0193 3700 C:\Windows\System32\vdsldr.exe - ok
17:22:43.0195 3700 [ B6F9B45112E56992EF3EFA369FB7F047 ] C:\Windows\System32\vdsutil.dll
17:22:43.0195 3700 C:\Windows\System32\vdsutil.dll - ok
17:22:43.0197 3700 [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\SysWOW64\atl.dll
17:22:43.0197 3700 C:\Windows\SysWOW64\atl.dll - ok
17:22:43.0199 3700 [ 94082E1E52D8BC63F4D6F57E8CD4E4F9 ] C:\Windows\System32\vds_ps.dll
17:22:43.0199 3700 C:\Windows\System32\vds_ps.dll - ok
17:22:43.0202 3700 [ F509B44D94DB9C832CA26297BE0CC04D ] C:\Windows\SysWOW64\vds_ps.dll
17:22:43.0202 3700 C:\Windows\SysWOW64\vds_ps.dll - ok
17:22:43.0204 3700 [ 45CFBFA8EDC3DF4E2B7FB0D0260FE051 ] C:\Windows\System32\localspl.dll
17:22:43.0204 3700 C:\Windows\System32\localspl.dll - ok
17:22:43.0206 3700 [ 8D6B481601D01A456E75C3210F1830BE ] C:\Windows\System32\vds.exe
17:22:43.0206 3700 C:\Windows\System32\vds.exe - ok
17:22:43.0209 3700 [ 314F7171E006A445511026362E49C7C6 ] C:\Windows\SysWOW64\osuninst.dll
17:22:43.0209 3700 C:\Windows\SysWOW64\osuninst.dll - ok
17:22:43.0211 3700 [ 020DDBA420E020F84BDEDCC8C65B3A56 ] C:\Windows\System32\osuninst.dll
17:22:43.0211 3700 C:\Windows\System32\osuninst.dll - ok
17:22:43.0213 3700 [ 432EA9855BB4091172B72EA44B9627D7 ] C:\Windows\SysWOW64\uexfat.dll
17:22:43.0213 3700 C:\Windows\SysWOW64\uexfat.dll - ok
17:22:43.0215 3700 [ B519848DFA30AE2B306576B51321D102 ] C:\Windows\System32\ie4uinit.exe
17:22:43.0215 3700 C:\Windows\System32\ie4uinit.exe - ok
17:22:43.0218 3700 [ 3D1AE0543DD9FBA55409BF0A5103CA3D ] C:\Windows\System32\uexfat.dll
17:22:43.0218 3700 C:\Windows\System32\uexfat.dll - ok
17:22:43.0220 3700 [ C3E98C42EDF7EF237A4BAB91FEAC7426 ] C:\Windows\System32\iedkcs32.dll
17:22:43.0220 3700 C:\Windows\System32\iedkcs32.dll - ok
17:22:43.0222 3700 [ F93C84B307573327779AE0DA41115957 ] C:\Windows\SysWOW64\ulib.dll
17:22:43.0222 3700 C:\Windows\SysWOW64\ulib.dll - ok
17:22:43.0224 3700 [ EE11A3F03D8B801B721BC6D0089BDD9C ] C:\Windows\System32\ulib.dll
17:22:43.0224 3700 C:\Windows\System32\ulib.dll - ok
17:22:43.0226 3700 [ 82A9C6ADDCC4D392293AF15C09192DEC ] C:\Windows\SysWOW64\ifsutil.dll
17:22:43.0226 3700 C:\Windows\SysWOW64\ifsutil.dll - ok
17:22:43.0229 3700 [ E060CAF6D6C303A2C9BC13435F7F81A1 ] C:\Windows\System32\ifsutil.dll
17:22:43.0229 3700 C:\Windows\System32\ifsutil.dll - ok
17:22:43.0231 3700 [ D40AD61692EF9E4CE714D6390F8BBEA6 ] C:\Windows\SysWOW64\uudf.dll
17:22:43.0231 3700 C:\Windows\SysWOW64\uudf.dll - ok
17:22:43.0233 3700 [ C3804346CDF9A8744084EEBA6BA739AF ] C:\Windows\System32\uudf.dll
17:22:43.0233 3700 C:\Windows\System32\uudf.dll - ok
17:22:43.0235 3700 [ 2CFA4569350B7F84F815E9EC34E85766 ] C:\Windows\SysWOW64\SndVolSSO.dll
17:22:43.0236 3700 C:\Windows\SysWOW64\SndVolSSO.dll - ok
17:22:43.0238 3700 [ 82E7ECE9096EEACB2EAC5644FE19A6F2 ] C:\Windows\SysWOW64\untfs.dll
17:22:43.0238 3700 C:\Windows\SysWOW64\untfs.dll - ok
17:22:43.0240 3700 [ B4CE0CAB186EBF4DF54BD34B4F0C0A06 ] C:\Windows\System32\untfs.dll
17:22:43.0240 3700 C:\Windows\System32\untfs.dll - ok
17:22:43.0242 3700 [ 63DF770DF74ACB370EF5A16727069AAF ] C:\Windows\SysWOW64\hid.dll
17:22:43.0242 3700 C:\Windows\SysWOW64\hid.dll - ok
17:22:43.0245 3700 [ 243974EC02F7AE49E4179C54624143AB ] C:\Windows\SysWOW64\MMDevAPI.dll
17:22:43.0245 3700 C:\Windows\SysWOW64\MMDevAPI.dll - ok
17:22:43.0247 3700 [ 038AF566D975352F9A6C026735A4A5E8 ] C:\Windows\SysWOW64\ufat.dll
17:22:43.0247 3700 C:\Windows\SysWOW64\ufat.dll - ok
17:22:43.0249 3700 [ CC37D9A25FF8D8CF12FC2F512C100F45 ] C:\Windows\System32\ufat.dll
17:22:43.0249 3700 C:\Windows\System32\ufat.dll - ok
17:22:43.0251 3700 [ 7E9917D5309A90E7576653BFE39F80D8 ] C:\Windows\SysWOW64\timedate.cpl
17:22:43.0251 3700 C:\Windows\SysWOW64\timedate.cpl - ok
17:22:43.0254 3700 [ FB10715E4099AF9FA389C71873245226 ] C:\Windows\System32\timedate.cpl
17:22:43.0254 3700 C:\Windows\System32\timedate.cpl - ok
17:22:43.0256 3700 [ 491DA8248209835532DAABF18B0215DA ] C:\Windows\System32\fmifs.dll
17:22:43.0256 3700 C:\Windows\System32\fmifs.dll - ok
17:22:43.0258 3700 [ 9F45C57EEAC06B6B54B2A25FD756EDD5 ] C:\Windows\SysWOW64\fmifs.dll
17:22:43.0258 3700 C:\Windows\SysWOW64\fmifs.dll - ok
17:22:43.0261 3700 [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\SysWOW64\wbemcomn.dll
17:22:43.0261 3700 C:\Windows\SysWOW64\wbemcomn.dll - ok
17:22:43.0263 3700 [ 38B13C0DF479DBA23ECFA815159BA86E ] C:\Windows\SysWOW64\ktmw32.dll
17:22:43.0263 3700 C:\Windows\SysWOW64\ktmw32.dll - ok
17:22:43.0265 3700 [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
17:22:43.0265 3700 C:\Windows\System32\spoolss.dll - ok
17:22:43.0267 3700 [ C4F40F6CACD796A8E16671D0E9A2F319 ] C:\Windows\System32\shdocvw.dll
17:22:43.0267 3700 C:\Windows\System32\shdocvw.dll - ok
17:22:43.0270 3700 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\SysWOW64\wbem\wbemsvc.dll
17:22:43.0270 3700 C:\Windows\SysWOW64\wbem\wbemsvc.dll - ok
17:22:43.0272 3700 [ 82C089EA2A3EEFADF3588EA71E8BDADA ] C:\Windows\SysWOW64\wevtapi.dll
17:22:43.0272 3700 C:\Windows\SysWOW64\wevtapi.dll - ok
17:22:43.0274 3700 [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
17:22:43.0274 3700 C:\Windows\System32\winspool.drv - ok
17:22:43.0277 3700 [ 86C55E0945D95DE26807C41F9B5C8E21 ] C:\Windows\SysWOW64\vdsdyn.dll
17:22:43.0277 3700 C:\Windows\SysWOW64\vdsdyn.dll - ok
17:22:43.0279 3700 [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A ] C:\Windows\SysWOW64\wbem\fastprox.dll
17:22:43.0279 3700 C:\Windows\SysWOW64\wbem\fastprox.dll - ok
17:22:43.0281 3700 [ C5AC93CF3BA30D367FB49148A2B673B9 ] C:\Windows\System32\PrintIsolationProxy.dll
17:22:43.0281 3700 C:\Windows\System32\PrintIsolationProxy.dll - ok
17:22:43.0284 3700 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\SysWOW64\ntdsapi.dll
17:22:43.0284 3700 C:\Windows\SysWOW64\ntdsapi.dll - ok
17:22:43.0286 3700 [ 7655EB239E44FF3C0144BEE459C76DD3 ] C:\Windows\System32\CNBLM3_2.DLL
17:22:43.0286 3700 C:\Windows\System32\CNBLM3_2.DLL - ok
17:22:43.0288 3700 [ 86F8145F5FD182F8C36337A351889F92 ] C:\Windows\System32\vdsdyn.dll
17:22:43.0288 3700 C:\Windows\System32\vdsdyn.dll - ok
17:22:43.0290 3700 [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\SysWOW64\linkinfo.dll
17:22:43.0290 3700 C:\Windows\SysWOW64\linkinfo.dll - ok
17:22:43.0293 3700 [ F4BF5F909E33BD8B6C489B0EC58CB0EA ] C:\Program Files\iTunes\iTunesMiniPlayer.dll
17:22:43.0293 3700 C:\Program Files\iTunes\iTunesMiniPlayer.dll - ok
17:22:43.0295 3700 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
17:22:43.0295 3700 C:\Windows\System32\linkinfo.dll - ok
17:22:43.0297 3700 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
17:22:43.0297 3700 C:\Windows\SysWOW64\msimg32.dll - ok
17:22:43.0300 3700 [ 8D50E5EB371B8EE29847185863E1A309 ] C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
17:22:43.0300 3700 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll - ok
17:22:43.0303 3700 [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
17:22:43.0303 3700 C:\Windows\System32\msimg32.dll - ok
17:22:43.0305 3700 [ EAEF04815B7D64F5759EA17324A8E909 ] C:\Program Files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
17:22:43.0305 3700 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll - ok
17:22:43.0307 3700 [ CF3CD3F466D84C9E2F66490D9578A563 ] C:\Windows\SysWOW64\vdsbas.dll
17:22:43.0307 3700 C:\Windows\SysWOW64\vdsbas.dll - ok
17:22:43.0310 3700 [ AC3D7EE5F9EC2AB4BE0CDDE362D026A4 ] C:\Windows\System32\vdsbas.dll
17:22:43.0310 3700 C:\Windows\System32\vdsbas.dll - ok
17:22:43.0312 3700 [ F14A9B1778376D0B1788E402AC1F831A ] C:\Windows\SysWOW64\shacct.dll
17:22:43.0312 3700 C:\Windows\SysWOW64\shacct.dll - ok
17:22:43.0314 3700 [ C30A3E5DEEEBA22E782AC54C5AF5F352 ] C:\Windows\SysWOW64\samlib.dll
17:22:43.0314 3700 C:\Windows\SysWOW64\samlib.dll - ok
17:22:43.0316 3700 [ 68ECCA523ED760AAFC03C5D587569859 ] C:\Windows\SysWOW64\samcli.dll
17:22:43.0316 3700 C:\Windows\SysWOW64\samcli.dll - ok
17:22:43.0319 3700 [ E6DD15E668DAF0A02470CF551B0A0105 ] C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll
17:22:43.0319 3700 C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll - ok
17:22:43.0321 3700 [ EDF2A5E96BEC469DA3F64E9BDD386111 ] C:\Windows\SysWOW64\xmllite.dll
17:22:43.0321 3700 C:\Windows\SysWOW64\xmllite.dll - ok
17:22:43.0323 3700 [ 3A16EA01FCFAAB40882DB5BFEE632322 ] C:\Windows\SysWOW64\msftedit.dll
17:22:43.0323 3700 C:\Windows\SysWOW64\msftedit.dll - ok
17:22:43.0325 3700 [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
17:22:43.0326 3700 C:\Windows\System32\msftedit.dll - ok
17:22:43.0328 3700 [ D2D154D1842219A0620459C3C34EFD9D ] C:\Windows\System32\vdsvd.dll
17:22:43.0328 3700 C:\Windows\System32\vdsvd.dll - ok
17:22:43.0330 3700 [ 99C9BF23B144F96B975A1B4371B90744 ] C:\Windows\SysWOW64\vdsvd.dll
17:22:43.0330 3700 C:\Windows\SysWOW64\vdsvd.dll - ok
17:22:43.0332 3700 [ 88C170086371CC5716010AF223F6F780 ] C:\Windows\SysWOW64\virtdisk.dll
17:22:43.0332 3700 C:\Windows\SysWOW64\virtdisk.dll - ok
17:22:43.0335 3700 [ BBB44E9207E7F5A8D931AA6C74962C77 ] C:\Windows\System32\virtdisk.dll
17:22:43.0335 3700 C:\Windows\System32\virtdisk.dll - ok
17:22:43.0337 3700 [ F3D202F53A222D5F6944D459B73CF967 ] C:\Windows\System32\fltLib.dll
17:22:43.0337 3700 C:\Windows\System32\fltLib.dll - ok
17:22:43.0339 3700 [ 19BC13711AC403FEB830522E4831701B ] C:\Windows\SysWOW64\gameux.dll
17:22:43.0339 3700 C:\Windows\SysWOW64\gameux.dll - ok
17:22:43.0341 3700 [ 3504B34CD2DE00BA3CC1A195F1B739BD ] C:\Windows\System32\gameux.dll
17:22:43.0341 3700 C:\Windows\System32\gameux.dll - ok
17:22:43.0343 3700 [ CFE599FA85D52F82327FA8C549AD9296 ] C:\Windows\SysWOW64\hbaapi.dll
17:22:43.0343 3700 C:\Windows\SysWOW64\hbaapi.dll - ok
17:22:43.0346 3700 [ C418F8085C61D3B6911EE82157CA3775 ] C:\Windows\System32\hbaapi.dll
17:22:43.0346 3700 C:\Windows\System32\hbaapi.dll - ok
17:22:43.0348 3700 [ 4FB491AC8D46AAF22BA8BC5C73DABEF7 ] C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
17:22:43.0348 3700 C:\Windows\SysWOW64\wbem\WmiPrvSE.exe - ok
17:22:43.0350 3700 [ 619A67C9F617B7E69315BB28ECD5E1DF ] C:\Windows\System32\wbem\WmiPrvSE.exe
17:22:43.0350 3700 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
17:22:43.0353 3700 [ 72910F1DEB838E6E08A9017BFB7D4F0B ] C:\Windows\SysWOW64\browcli.dll
17:22:43.0353 3700 C:\Windows\SysWOW64\browcli.dll - ok
17:22:43.0355 3700 [ 9A4CABF385794B20D1C79342AE9CEF7F ] C:\Windows\System32\hpinksts8911LM.dll
17:22:43.0355 3700 C:\Windows\System32\hpinksts8911LM.dll - ok
17:22:43.0357 3700 [ 590D5C506044FE02FF7643E32FF9BDAC ] C:\Windows\SysWOW64\wer.dll
17:22:43.0357 3700 C:\Windows\SysWOW64\wer.dll - ok
17:22:43.0360 3700 [ 659E04E74135927CA6D7BC5E75C84417 ] C:\Windows\SysWOW64\TSChannel.dll
17:22:43.0360 3700 C:\Windows\SysWOW64\TSChannel.dll - ok
17:22:43.0362 3700 [ 99B9343280AF6A4C0F27CF2E28E94BBF ] C:\Windows\SysWOW64\dssenh.dll
17:22:43.0362 3700 C:\Windows\SysWOW64\dssenh.dll - ok
17:22:43.0364 3700 [ 805A52C5AE26C28E88FDD9BCCFE6F312 ] C:\Windows\System32\TSChannel.dll
17:22:43.0364 3700 C:\Windows\System32\TSChannel.dll - ok
17:22:43.0367 3700 [ 19E41CCCEE697CC9465396B370929792 ] C:\Windows\System32\FXSMON.dll
17:22:43.0367 3700 C:\Windows\System32\FXSMON.dll - ok
17:22:43.0368 3700 [ 81F6C1AE23B1C493D9E996C3103915D7 ] C:\Windows\SysWOW64\dhcpcsvc6.dll
17:22:43.0368 3700 C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
17:22:43.0371 3700 [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
17:22:43.0371 3700 C:\Windows\System32\tcpmon.dll - ok
17:22:43.0373 3700 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
17:22:43.0373 3700 C:\Windows\SysWOW64\dhcpcsvc.dll - ok
17:22:43.0375 3700 [ 35AAE2E841AA1A949775168E119482C9 ] C:\Windows\SysWOW64\msls31.dll
17:22:43.0375 3700 C:\Windows\SysWOW64\msls31.dll - ok
17:22:43.0377 3700 [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
17:22:43.0377 3700 C:\Windows\System32\msls31.dll - ok
17:22:43.0380 3700 [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
17:22:43.0380 3700 C:\Windows\System32\snmpapi.dll - ok
17:22:43.0382 3700 [ 1220595CABA75AB91A6B3FA3B89483CC ] C:\Windows\SysWOW64\snmpapi.dll
17:22:43.0382 3700 C:\Windows\SysWOW64\snmpapi.dll - ok
17:22:43.0385 3700 [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:22:43.0385 3700 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - ok
17:22:43.0387 3700 [ D9FE8DB72E7A405E13CF9488B2CA8E78 ] C:\Program Files (x86)\PC Tools\PC Tools Utilities\SULauncher.exe
17:22:43.0387 3700 C:\Program Files (x86)\PC Tools\PC Tools Utilities\SULauncher.exe - ok
17:22:43.0390 3700 [ 7DBA84667DC18877AEF693E3543DFAD7 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
17:22:43.0390 3700 C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
17:22:43.0392 3700 [ CDD35C1CE1EBFE80C055691CDC8DF443 ] C:\Windows\SysWOW64\authui.dll
17:22:43.0392 3700 C:\Windows\SysWOW64\authui.dll - ok
17:22:43.0395 3700 [ 2F03490092C032392FB6FF635222B9B2 ] C:\Windows\SysWOW64\apisetschema.dll
17:22:43.0395 3700 C:\Windows\SysWOW64\apisetschema.dll - ok
17:22:43.0397 3700 [ 28CA821606669BB9215CE010767720FA ] C:\Windows\SysWOW64\cryptui.dll
17:22:43.0397 3700 C:\Windows\SysWOW64\cryptui.dll - ok
17:22:43.0399 3700 [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
17:22:43.0399 3700 C:\Windows\System32\msiltcfg.dll - ok
17:22:43.0402 3700 [ F1278B3514EA6FA9BC39B20D26139AAC ] C:\Windows\SysWOW64\msiltcfg.dll
17:22:43.0402 3700 C:\Windows\SysWOW64\msiltcfg.dll - ok
17:22:43.0404 3700 [ 5EB6E9C8BE1ACC5830780E0F9A846255 ] C:\Windows\System32\msi.dll
17:22:43.0404 3700 C:\Windows\System32\msi.dll - ok
17:22:43.0406 3700 [ 6357E2B68753A1F5CF4A68A25C4FD14A ] C:\Windows\SysWOW64\wsnmp32.dll
17:22:43.0406 3700 C:\Windows\SysWOW64\wsnmp32.dll - ok
17:22:43.0408 3700 [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
17:22:43.0408 3700 C:\Windows\System32\DeviceCenter.dll - ok
17:22:43.0411 3700 [ FFF9D00CF16397C64317F213484F94BD ] C:\Windows\System32\wsnmp32.dll
17:22:43.0411 3700 C:\Windows\System32\wsnmp32.dll - ok
17:22:43.0413 3700 [ 4FFDE68C4B7C9993FA551E7E36DDB34D ] C:\Windows\System32\msxml6.dll
17:22:43.0413 3700 C:\Windows\System32\msxml6.dll - ok
17:22:43.0415 3700 [ C71E7ABB1A34E56CE73AE117C8DD566F ] C:\Windows\System32\ieframe.dll
17:22:43.0415 3700 C:\Windows\System32\ieframe.dll - ok
17:22:43.0418 3700 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\26377486.sys
17:22:43.0418 3700 C:\Windows\System32\drivers\26377486.sys - ok
17:22:43.0420 3700 [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
17:22:43.0420 3700 C:\Windows\System32\usbmon.dll - ok
17:22:43.0422 3700 [ CF636C92B762B26F0B39B38E92380A09 ] C:\Windows\System32\oleacc.dll
17:22:43.0422 3700 C:\Windows\System32\oleacc.dll - ok
17:22:43.0424 3700 [ 633C2C060CF857099F6C4F8D75C952B1 ] C:\Windows\SysWOW64\WlS0WndH.dll
17:22:43.0424 3700 C:\Windows\SysWOW64\WlS0WndH.dll - ok
17:22:43.0426 3700 [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
17:22:43.0426 3700 C:\Windows\System32\WSDMon.dll - ok
17:22:43.0429 3700 [ 5343A19C618BC515CEB1695586C6C137 ] C:\Windows\SysWOW64\msvbvm60.dll
17:22:43.0429 3700 C:\Windows\SysWOW64\msvbvm60.dll - ok
17:22:43.0432 3700 [ 3CBECBC83287258DC78B7D2F2821F7E5 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
17:22:43.0432 3700 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe - ok
17:22:43.0434 3700 [ 73F6C5223F7E9B5780DD4A6C30FCF569 ] C:\Windows\SysWOW64\WSDApi.dll
17:22:43.0434 3700 C:\Windows\SysWOW64\WSDApi.dll - ok
17:22:43.0436 3700 [ 672D7C5080ACB003343006405DA2E621 ] C:\Windows\SysWOW64\thumbcache.dll
17:22:43.0436 3700 C:\Windows\SysWOW64\thumbcache.dll - ok
17:22:43.0439 3700 [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
17:22:43.0439 3700 C:\Windows\System32\thumbcache.dll - ok
17:22:43.0441 3700 [ DB846EECA70EE9D2E2FF31147C57B0F4 ] C:\Windows\SysWOW64\webservices.dll
17:22:43.0441 3700 C:\Windows\SysWOW64\webservices.dll - ok
17:22:43.0443 3700 [ 3F50200237961034FACE602373838980 ] C:\Windows\SysWOW64\FirewallAPI.dll
17:22:43.0443 3700 C:\Windows\SysWOW64\FirewallAPI.dll - ok
17:22:43.0446 3700 [ 89D90579E5FB1469CB0464F6512E42B7 ] C:\Windows\SysWOW64\fundisc.dll
17:22:43.0446 3700 C:\Windows\SysWOW64\fundisc.dll - ok
17:22:43.0448 3700 [ F34CFADA6C48DAA41B996D24C7D8D3CA ] C:\Windows\SysWOW64\fdPnp.dll
17:22:43.0448 3700 C:\Windows\SysWOW64\fdPnp.dll - ok
17:22:43.0450 3700 [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
17:22:43.0450 3700 C:\Windows\System32\fdPnp.dll - ok
17:22:43.0453 3700 [ 3D57FFBAD3ED16B63DE3879BAB0FB56F ] C:\Windows\SysWOW64\networkexplorer.dll
17:22:43.0453 3700 C:\Windows\SysWOW64\networkexplorer.dll - ok
17:22:43.0455 3700 [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
17:22:43.0455 3700 C:\Windows\System32\networkexplorer.dll - ok
17:22:43.0458 3700 [ 1D626FE2E13C1CE49CA0136CFF214E93 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
17:22:43.0458 3700 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
17:22:43.0460 3700 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
17:22:43.0460 3700 C:\Windows\SysWOW64\riched20.dll - ok
17:22:43.0463 3700 [ 371D003DE5D81C7465A0E8CD911D2E9C ] C:\Windows\System32\spool\prtprocs\x64\CNBPP3.DLL
17:22:43.0463 3700 C:\Windows\System32\spool\prtprocs\x64\CNBPP3.DLL - ok
17:22:43.0465 3700 [ 74354790ECAE60C11631BD7856C0AFD0 ] C:\Windows\KHALMNPR.Exe
17:22:43.0465 3700 C:\Windows\KHALMNPR.Exe - ok
17:22:43.0467 3700 [ 2F040CF0613A6D64DCBBA9EE81F5A5AE ] C:\Windows\SysWOW64\dsrole.dll
17:22:43.0467 3700 C:\Windows\SysWOW64\dsrole.dll - ok
17:22:43.0469 3700 [ 0E85C11F8850D524B02181C6E02BA9AE ] C:\Windows\SysWOW64\dsound.dll
17:22:43.0469 3700 C:\Windows\SysWOW64\dsound.dll - ok
17:22:43.0472 3700 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
17:22:43.0472 3700 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
17:22:43.0474 3700 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll
17:22:43.0474 3700 C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll - ok
17:22:43.0476 3700 [ 9110FFAD124283F37D38771BB60556AF ] C:\Windows\System32\dsound.dll
17:22:43.0476 3700 C:\Windows\System32\dsound.dll - ok
17:22:43.0479 3700 [ 548CB980D7876E207CC9F8B60C1587A3 ] C:\Windows\System32\win32spl.dll
17:22:43.0479 3700 C:\Windows\System32\win32spl.dll - ok
17:22:43.0481 3700 [ BE3953C7DAE4ECC89134CF64A903F8ED ] C:\Windows\SysWOW64\win32spl.dll
17:22:43.0481 3700 C:\Windows\SysWOW64\win32spl.dll - ok
17:22:43.0483 3700 [ 74BB6162D79CEDFCA1421DE2685C3139 ] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
17:22:43.0483 3700 C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe - ok
17:22:43.0486 3700 [ D205C24A9D069049FE2DF2A1B38726A7 ] C:\Windows\SysWOW64\wdmaud.drv
17:22:43.0486 3700 C:\Windows\SysWOW64\wdmaud.drv - ok
17:22:43.0488 3700 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
17:22:43.0488 3700 C:\Windows\SysWOW64\duser.dll - ok
17:22:43.0490 3700 [ A4CC7227A452C4909F9499D91B184364 ] C:\Windows\SysWOW64\ncobjapi.dll
17:22:43.0490 3700 C:\Windows\SysWOW64\ncobjapi.dll - ok
17:22:43.0493 3700 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\SysWOW64\powrprof.dll
17:22:43.0493 3700 C:\Windows\SysWOW64\powrprof.dll - ok
17:22:43.0495 3700 [ 9C67F6BBDA3881CFD02095160CF91576 ] C:\Windows\SysWOW64\ksuser.dll
17:22:43.0495 3700 C:\Windows\SysWOW64\ksuser.dll - ok
17:22:43.0497 3700 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
17:22:43.0497 3700 C:\Windows\SysWOW64\dui70.dll - ok
17:22:43.0499 3700 [ 139D3AB6AA920C34C50CBFFB9EB7D222 ] C:\Windows\SysWOW64\avrt.dll
17:22:43.0499 3700 C:\Windows\SysWOW64\avrt.dll - ok
17:22:43.0502 3700 [ 4BDBBE5E4208022DD794F7EEEB0F7366 ] C:\Windows\SysWOW64\SPInf.dll
17:22:43.0502 3700 C:\Windows\SysWOW64\SPInf.dll - ok
17:22:43.0504 3700 [ 507D5567A0A4EE86C4B0CE2CE1777025 ] C:\Windows\System32\inetpp.dll
17:22:43.0504 3700 C:\Windows\System32\inetpp.dll - ok
17:22:43.0506 3700 [ 9C17DCD6DDFEB1A012544FAF4F2789F6 ] C:\Windows\AppPatch\AcGenral.dll
17:22:43.0506 3700 C:\Windows\AppPatch\AcGenral.dll - ok
17:22:43.0508 3700 [ C940F2F5C60B3727C5F18840735B229C ] C:\Windows\SysWOW64\AudioSes.dll
17:22:43.0508 3700 C:\Windows\SysWOW64\AudioSes.dll - ok
17:22:43.0511 3700 [ D1BBE227367ED791D5FCF08E132D2956 ] C:\Windows\SysWOW64\opengl32.dll
17:22:43.0511 3700 C:\Windows\SysWOW64\opengl32.dll - ok
17:22:43.0513 3700 [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\SysWOW64\imagehlp.dll
17:22:43.0513 3700 C:\Windows\SysWOW64\imagehlp.dll - ok
17:22:43.0515 3700 [ 585FED4CDB8034B8B58AEB8008255817 ] C:\Windows\System32\opengl32.dll
17:22:43.0515 3700 C:\Windows\System32\opengl32.dll - ok
17:22:43.0518 3700 [ AB09CE954C647F3C2B4328B57D519996 ] C:\Windows\SysWOW64\msvcp110.dll
17:22:43.0518 3700 C:\Windows\SysWOW64\msvcp110.dll - ok
17:22:43.0520 3700 [ 349B1D5D8D1B5A7B10BCD01470BD5F64 ] C:\Windows\System32\msvcp110.dll
17:22:43.0520 3700 C:\Windows\System32\msvcp110.dll - ok
17:22:43.0522 3700 [ 07393A09C46083588E751B63B03C8301 ] C:\Windows\SysWOW64\msacm32.drv
17:22:43.0522 3700 C:\Windows\SysWOW64\msacm32.drv - ok
17:22:43.0525 3700 [ F296A16807B11E1EDD3713CDDAB07485 ] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
17:22:43.0525 3700 C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe - ok
17:22:43.0527 3700 [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\SysWOW64\msacm32.dll
17:22:43.0527 3700 C:\Windows\SysWOW64\msacm32.dll - ok
17:22:43.0529 3700 [ 5610B0425518D185331CB8E968D060E6 ] C:\Windows\SysWOW64\wbem\wmiutils.dll
17:22:43.0529 3700 C:\Windows\SysWOW64\wbem\wmiutils.dll - ok
17:22:43.0532 3700 [ DE3897365B04C4DA1CF8FF725577C082 ] C:\Windows\SysWOW64\glu32.dll
17:22:43.0532 3700 C:\Windows\SysWOW64\glu32.dll - ok
17:22:43.0534 3700 [ 80E987DBE08677E2EC09615CD4358607 ] C:\Windows\SysWOW64\msvcr110.dll
17:22:43.0534 3700 C:\Windows\SysWOW64\msvcr110.dll - ok
17:22:43.0536 3700 [ 6607C2182C6A53ED983813AFE2F85768 ] C:\Windows\System32\wbem\cimwin32.dll
17:22:43.0536 3700 C:\Windows\System32\wbem\cimwin32.dll - ok
17:22:43.0539 3700 [ C72ABC6B7B90A61364B6DD889B5435F3 ] C:\Windows\System32\msvcr110.dll
17:22:43.0539 3700 C:\Windows\System32\msvcr110.dll - ok
17:22:43.0541 3700 [ F2967C0A97C0EA67D79D7F557213950D ] C:\Windows\System32\glu32.dll
17:22:43.0541 3700 C:\Windows\System32\glu32.dll - ok
17:22:43.0544 3700 [ 0DCA6A11D09D4C2CBE6B898B897EA915 ] C:\Windows\SysWOW64\UIAnimation.dll
17:22:43.0544 3700 C:\Windows\SysWOW64\UIAnimation.dll - ok
17:22:43.0546 3700 [ E6E271C5BCEADA7DE47B83B08B765A17 ] C:\Windows\Branding\Basebrd\basebrd.dll
17:22:43.0546 3700 C:\Windows\Branding\Basebrd\basebrd.dll - ok
17:22:43.0549 3700 [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll
17:22:43.0549 3700 C:\Windows\System32\UIAnimation.dll - ok
17:22:43.0551 3700 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Microsoft Mouse and Keyboard Center\SQMAPI.dll
17:22:43.0551 3700 C:\Program Files\Microsoft Mouse and Keyboard Center\SQMAPI.dll - ok
17:22:43.0554 3700 [ E4024CCF225A936207294DE50925D4F6 ] C:\Program Files (x86)\Google\Update\1.3.21.123\goopdateres_en.dll
17:22:43.0554 3700 C:\Program Files (x86)\Google\Update\1.3.21.123\goopdateres_en.dll - ok
17:22:43.0556 3700 [ 198552AEFECA69D646867EC8D792DE95 ] C:\Windows\SysWOW64\ddraw.dll
17:22:43.0556 3700 C:\Windows\SysWOW64\ddraw.dll - ok
17:22:43.0559 3700 [ B39B8CC163C41B12FE83E777199F3378 ] C:\Windows\SysWOW64\tzres.dll
17:22:43.0559 3700 C:\Windows\SysWOW64\tzres.dll - ok
17:22:43.0561 3700 [ A6C09924C6730DE8DEED9890A12AA691 ] C:\Windows\System32\ddraw.dll
17:22:43.0561 3700 C:\Windows\System32\ddraw.dll - ok
17:22:43.0563 3700 [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\SysWOW64\sxs.dll
17:22:43.0563 3700 C:\Windows\SysWOW64\sxs.dll - ok
17:22:43.0565 3700 [ 5A12C364AD1D4FCC0AD0E56DBBC34462 ] C:\Windows\SysWOW64\midimap.dll
17:22:43.0565 3700 C:\Windows\SysWOW64\midimap.dll - ok
17:22:43.0567 3700 [ 69A1D7C29CFF256BECBD4E39E2159636 ] C:\Windows\SysWOW64\scrrun.dll
17:22:43.0567 3700 C:\Windows\SysWOW64\scrrun.dll - ok
17:22:43.0570 3700 [ 3EAC4455472CC2C97107B5291E0DCAFE ] C:\Windows\System32\pnrpsvc.dll
17:22:43.0570 3700 C:\Windows\System32\pnrpsvc.dll - ok
17:22:43.0573 3700 [ 55E5B32AE8D1F51A63C82919656FD275 ] C:\Windows\SysWOW64\dciman32.dll
17:22:43.0573 3700 C:\Windows\SysWOW64\dciman32.dll - ok
17:22:43.0576 3700 [ A7A8CA53D9C9FD90C07AB0EB38E5316B ] C:\Windows\System32\dbghelp.dll
17:22:43.0576 3700 C:\Windows\System32\dbghelp.dll - ok
17:22:43.0578 3700 [ 912649A1B3F9E6ACB3899FBDABA2ED5F ] C:\Windows\SysWOW64\stobject.dll
17:22:43.0578 3700 C:\Windows\SysWOW64\stobject.dll - ok
17:22:43.0580 3700 [ 2F6C94BA73C976FAF939358D84E653E9 ] C:\Windows\SysWOW64\azroles.dll
17:22:43.0580 3700 C:\Windows\SysWOW64\azroles.dll - ok
17:22:43.0582 3700 [ 29C22748937F45C26590909E9F8E7137 ] C:\Windows\System32\dciman32.dll
17:22:43.0582 3700 C:\Windows\System32\dciman32.dll - ok
17:22:43.0585 3700 [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
17:22:43.0585 3700 C:\Windows\System32\stobject.dll - ok
17:22:43.0587 3700 [ C4096CA42199428B3D63DC206C197F0E ] C:\Windows\SysWOW64\FXSRESM.dll
17:22:43.0587 3700 C:\Windows\SysWOW64\FXSRESM.dll - ok
17:22:43.0589 3700 [ 67C1B58706B47EEBA4E117AC197289E6 ] C:\Windows\SysWOW64\batmeter.dll
17:22:43.0589 3700 C:\Windows\SysWOW64\batmeter.dll - ok
17:22:43.0592 3700 [ 263E9A047D17CD50BAA9D3C02910D18D ] C:\Windows\System32\oledlg.dll
17:22:43.0592 3700 C:\Windows\System32\oledlg.dll - ok
17:22:43.0594 3700 [ 08C2957BB30058E663720C5606885653 ] C:\Windows\System32\iphlpsvc.dll
17:22:43.0594 3700 C:\Windows\System32\iphlpsvc.dll - ok
17:22:43.0596 3700 [ 9A7F1691F76E019C11481B6355125072 ] C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe
17:22:43.0596 3700 C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe - ok
17:22:43.0599 3700 [ 1DB71A41DAEE6B3F8CD0DDA8209FA2D5 ] C:\Windows\SysWOW64\WindowsCodecs.dll
17:22:43.0599 3700 C:\Windows\SysWOW64\WindowsCodecs.dll - ok
17:22:43.0601 3700 [ BA2CF067FDB95903964A2349DCFEB251 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelPerformanceCounters.dll
17:22:43.0601 3700 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelPerformanceCounters.dll - ok
17:22:43.0604 3700 [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
17:22:43.0604 3700 C:\Windows\System32\batmeter.dll - ok
17:22:43.0606 3700 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
17:22:43.0606 3700 C:\Windows\SysWOW64\EhStorShell.dll - ok
17:22:43.0609 3700 [ B7D0F1FA8926F0D58B7A000E5DAB4B3E ] C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
17:22:43.0609 3700 C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe - ok
17:22:43.0612 3700 [ 3BD36CC5189DC583AEC2A0EAD96A1994 ] C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe
17:22:43.0612 3700 C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe - ok
17:22:43.0615 3700 [ E053C0DAEA5959FC23E1EA5145A5FE25 ] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
17:22:43.0615 3700 C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe - ok
17:22:43.0617 3700 [ F60B556C2E1892C57939C0897949EF7D ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\en-US\ServiceModelPerformanceCounters.dll.mui
17:22:43.0617 3700 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\en-US\ServiceModelPerformanceCounters.dll.mui - ok
17:22:43.0619 3700 [ 60A13EEE2B778E0C1037246D0597647A ] C:\Windows\SysWOW64\en-US\EhStorShell.dll.mui
17:22:43.0619 3700 C:\Windows\SysWOW64\en-US\EhStorShell.dll.mui - ok
17:22:43.0621 3700 [ F6916EFC29D9953D5D0DF06882AE8E16 ] C:\Windows\SysWOW64\es.dll
17:22:43.0621 3700 C:\Windows\SysWOW64\es.dll - ok
17:22:43.0624 3700 [ F023A14FE899F5401935CAC119A723CE ] C:\Users\Chuck Foster\AppData\Local\Akamai\netsession_win.exe
17:22:43.0624 3700 C:\Users\Chuck Foster\AppData\Local\Akamai\netsession_win.exe - ok
17:22:43.0626 3700 [ C8333F1F77A1B2E25F2202E892CAF634 ] C:\Windows\SysWOW64\prnfldr.dll
17:22:43.0626 3700 C:\Windows\SysWOW64\prnfldr.dll - ok
17:22:43.0629 3700 [ D76ADFFFC61C29AC83C1CEC84CFD3C55 ] C:\Windows\SysWOW64\en-US\umpo.dll.mui
17:22:43.0629 3700 C:\Windows\SysWOW64\en-US\umpo.dll.mui - ok
17:22:43.0631 3700 [ 5C4AFB5C6ED90291BE565082A1DBFC9E ] C:\Windows\System32\RtkCfg64.dll
17:22:43.0631 3700 C:\Windows\System32\RtkCfg64.dll - ok
17:22:43.0633 3700 [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
17:22:43.0633 3700 C:\Windows\System32\prnfldr.dll - ok
17:22:43.0635 3700 [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\SysWOW64\ntshrui.dll
17:22:43.0635 3700 C:\Windows\SysWOW64\ntshrui.dll - ok
17:22:43.0638 3700 [ 8CD1DEE212E52B9C22E66DBA44991D32 ] C:\Windows\SysWOW64\httpapi.dll
17:22:43.0638 3700 C:\Windows\SysWOW64\httpapi.dll - ok
17:22:43.0640 3700 [ BC83108B18756547013ED443B8CDB31B ] C:\Windows\SysWOW64\msvcp100.dll
17:22:43.0640 3700 C:\Windows\SysWOW64\msvcp100.dll - ok
17:22:43.0642 3700 [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
17:22:43.0642 3700 C:\Windows\System32\DXP.dll - ok
17:22:43.0645 3700 [ 1C6F2BF5E6CD537CD5C25A30D6C49AC1 ] C:\Program Files\7-Zip\7zFM.exe
17:22:43.0645 3700 C:\Program Files\7-Zip\7zFM.exe - ok
17:22:43.0647 3700 [ F40DA99A763D5584EC5D6F7B563FE5D6 ] C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll
17:22:43.0647 3700 C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll - ok
17:22:43.0649 3700 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
17:22:43.0649 3700 C:\Windows\SysWOW64\slc.dll - ok
17:22:43.0652 3700 [ 1957D49A9613FAAD1C73B508CCE02AA5 ] C:\Windows\SysWOW64\wmp.dll
17:22:43.0652 3700 C:\Windows\SysWOW64\wmp.dll - ok
17:22:43.0654 3700 [ 07DD9DCD1CC2840751A1F8772F3C0195 ] C:\Program Files\Microsoft Games\Chess\Chess.exe
17:22:43.0654 3700 C:\Program Files\Microsoft Games\Chess\Chess.exe - ok
17:22:43.0657 3700 [ B71F7FBDB46C95B13A736F3BF6859EF0 ] C:\Program Files\Logitech\SetPoint II\DeviceSettings.exe
17:22:43.0657 3700 C:\Program Files\Logitech\SetPoint II\DeviceSettings.exe - ok
17:22:43.0659 3700 [ E83D2495D5867E224FBF42EF40D8856C ] C:\Program Files\DVD Maker\DVDMaker.exe
17:22:43.0659 3700 C:\Program Files\DVD Maker\DVDMaker.exe - ok
17:22:43.0662 3700 [ BEF8BE93965EC65C51D70030B9B6B058 ] C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
17:22:43.0662 3700 C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe - ok
17:22:43.0664 3700 [ 06F8D094F516B21A698AB562198EEF7E ] C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
17:22:43.0664 3700 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe - ok
17:22:43.0667 3700 [ A6FBA108F52FA67CE4440A924B2565D8 ] C:\Program Files\Logitech\SetPoint II\LogiHelp.exe
17:22:43.0667 3700 C:\Program Files\Logitech\SetPoint II\LogiHelp.exe - ok
17:22:43.0669 3700 [ B3EE7BD189C5925D4C0D2BBFCA00FDD1 ] C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe
17:22:43.0669 3700 C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe - ok
17:22:43.0672 3700 [ 5788DCCF6443F6C558A33E8E799D55DE ] C:\Program Files (x86)\FreeAlarmClock\bass.dll
17:22:43.0672 3700 C:\Program Files (x86)\FreeAlarmClock\bass.dll - ok
17:22:43.0674 3700 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
17:22:43.0675 3700 C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok
17:22:43.0677 3700 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
17:22:43.0677 3700 C:\Windows\System32\FXSST.dll - ok
17:22:43.0679 3700 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
17:22:43.0679 3700 C:\Windows\System32\FXSRESM.dll - ok
17:22:43.0681 3700 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
17:22:43.0681 3700 C:\Windows\SysWOW64\imageres.dll - ok
17:22:43.0684 3700 [ EB596E72F63B7C31BE8DF75FA8829B3F ] C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe
17:22:43.0684 3700 C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe - ok
17:22:43.0687 3700 [ C2C429914F2040EE00387C81AEBD27E9 ] C:\Program Files\Logitech\SetPoint II\SetPointII.exe
17:22:43.0687 3700 C:\Program Files\Logitech\SetPoint II\SetPointII.exe - ok
17:22:43.0689 3700 [ 97F4EEEEDCDBE88B99368BA5013B836A ] C:\Program Files\Microsoft Mouse and Keyboard Center\Components\Commands\DPGHnt\DPGHnt.dll
17:22:43.0689 3700 C:\Program Files\Microsoft Mouse and Keyboard Center\Components\Commands\DPGHnt\DPGHnt.dll - ok
17:22:43.0692 3700 [ 5BACFD51D926774C8DD8028BEC9B4374 ] C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
17:22:43.0692 3700 C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe - ok
17:22:43.0695 3700 [ 942E57152F1CD0533644AB30EF1A4728 ] C:\Windows\SysWOW64\FXSAPI.dll
17:22:43.0695 3700 C:\Windows\SysWOW64\FXSAPI.dll - ok
17:22:43.0697 3700 [ C1809B9907ADEDAF16F50C894100883B ] C:\Windows\SysWOW64\netlogon.dll
17:22:43.0697 3700 C:\Windows\SysWOW64\netlogon.dll - ok
17:22:43.0700 3700 [ 9AEE3C126ACC7DED1FF2126BFA28BDB8 ] C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
17:22:43.0700 3700 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe - ok
17:22:43.0702 3700 [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
17:22:43.0702 3700 C:\Windows\System32\FXSAPI.dll - ok
17:22:43.0705 3700 [ 41938F2C1642459CBBA691B5DBD6395A ] C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
17:22:43.0705 3700 C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe - ok
17:22:43.0707 3700 [ EE29FCC244C8033E2F748D863DCBF378 ] C:\Windows\SysWOW64\drt.dll
17:22:43.0707 3700 C:\Windows\SysWOW64\drt.dll - ok
17:22:43.0710 3700 [ 760E38053BF56E501D562B70AD796B88 ] C:\Windows\System32\drivers\ndis.sys
17:22:43.0710 3700 C:\Windows\System32\drivers\ndis.sys - ok
17:22:43.0712 3700 [ 9F080B5ECF7DB5D343565CAD37FA372C ] C:\Program Files (x86)\PC Tools\PC Tools Utilities\pt.exe
17:22:43.0712 3700 C:\Program Files (x86)\PC Tools\PC Tools Utilities\pt.exe - ok
17:22:43.0714 3700 [ 88ED99E2B1ACA3E9E6A00203979CBDA9 ] C:\Program Files\WinRAR\WinRAR.exe
17:22:43.0714 3700 C:\Program Files\WinRAR\WinRAR.exe - ok
17:22:43.0717 3700 [ 715BFF236158F61C042928A53C0D5AA8 ] C:\Program Files\Windows NT\Accessories\wordpad.exe
17:22:43.0717 3700 C:\Program Files\Windows NT\Accessories\wordpad.exe - ok
17:22:43.0719 3700 [ C5A99A4C0DC9F0F5A95BA0C83D30A549 ] C:\Windows\SysWOW64\mstask.dll
17:22:43.0719 3700 C:\Windows\SysWOW64\mstask.dll - ok
17:22:43.0722 3700 [ 8F9D6B4AB86A39319078814ABBDD40BC ] C:\Program Files (x86)\Real\RealUpgrade\Common\hxmedpltfm.dll
17:22:43.0722 3700 C:\Program Files (x86)\Real\RealUpgrade\Common\hxmedpltfm.dll - ok
17:22:43.0724 3700 [ 856CFFCD835528136367BB1A8FE1DB87 ] C:\Windows\SysWOW64\Syncreg.dll
17:22:43.0724 3700 C:\Windows\SysWOW64\Syncreg.dll - ok
17:22:43.0726 3700 [ 0DF34F7EF3BD18DC00C3E03E6E1CA315 ] C:\Windows\SysWOW64\WsmRes.dll
17:22:43.0726 3700 C:\Windows\SysWOW64\WsmRes.dll - ok
17:22:43.0729 3700 [ 0CAED8C2A5A594AFC49EDB74D241EC9F ] C:\Windows\SysWOW64\en-US\KernelBase.dll.mui
17:22:43.0729 3700 C:\Windows\SysWOW64\en-US\KernelBase.dll.mui - ok
17:22:43.0731 3700 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
17:22:43.0731 3700 C:\Windows\System32\Syncreg.dll - ok
17:22:43.0733 3700 [ 1BE03AC720F4D302EA01D40F588162F6 ] C:\Windows\System32\tbssvc.dll
17:22:43.0733 3700 C:\Windows\System32\tbssvc.dll - ok
17:22:43.0736 3700 [ 32022C811A44B86FF45D20ACAB6D9BF6 ] C:\Windows\System32\drivers\en-US\acpi.sys.mui
17:22:43.0736 3700 C:\Windows\System32\drivers\en-US\acpi.sys.mui - ok
17:22:43.0738 3700 [ 487F44B08EFEAF5AD087878357B9403D ] C:\Windows\SysWOW64\pdh.dll
17:22:43.0738 3700 C:\Windows\SysWOW64\pdh.dll - ok
17:22:43.0740 3700 [ BF7DDBE14FA4B68AAB6A3C78EF5C96B8 ] C:\Windows\SysWOW64\inetmib1.dll
17:22:43.0740 3700 C:\Windows\SysWOW64\inetmib1.dll - ok
17:22:43.0742 3700 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
17:22:43.0742 3700 C:\Windows\ehome\ehSSO.dll - ok
17:22:43.0745 3700 [ 1F74B33DC1296273C07F329466B8BE0F ] C:\Windows\SysWOW64\en-US\runonce.exe.mui
17:22:43.0745 3700 C:\Windows\SysWOW64\en-US\runonce.exe.mui - ok
17:22:43.0747 3700 [ E36431CA70B26EE1D3CFEA8C8F7CE307 ] C:\Windows\System32\srwmi.dll
17:22:43.0747 3700 C:\Windows\System32\srwmi.dll - ok
17:22:43.0750 3700 [ 9B0A38D246FB608646CC3EAFE023330F ] C:\Program Files (x86)\PC Tools\PC Tools Utilities\PCTLicHelper.dll
17:22:43.0750 3700 C:\Program Files (x86)\PC Tools\PC Tools Utilities\PCTLicHelper.dll - ok
17:22:43.0752 3700 [ 703FFD301AB900B047337C5D40FD6F96 ] C:\Windows\SysWOW64\olepro32.dll
17:22:43.0752 3700 C:\Windows\SysWOW64\olepro32.dll - ok
17:22:43.0754 3700 [ B2B3DAE040F6B5AE1DF52B0CD7631A18 ] C:\Windows\SysWOW64\AltTab.dll
17:22:43.0754 3700 C:\Windows\SysWOW64\AltTab.dll - ok
17:22:43.0757 3700 [ E3D5E244807AD655787FCD25477CC1BC ] C:\Windows\SysWOW64\bthprops.cpl
17:22:43.0757 3700 C:\Windows\SysWOW64\bthprops.cpl - ok
17:22:43.0759 3700 [ DD19B1D004CE397090522585113B054A ] C:\Program Files (x86)\RealNetworks\RealDownloader\Common\hxmedpltfm.dll
17:22:43.0759 3700 C:\Program Files (x86)\RealNetworks\RealDownloader\Common\hxmedpltfm.dll - ok
17:22:43.0762 3700 [ 9736743DA605E58141C5B5C6D1FFD3E9 ] C:\Program Files (x86)\PC Tools\PC Tools Utilities\Update.exe
17:22:43.0762 3700 C:\Program Files (x86)\PC Tools\PC Tools Utilities\Update.exe - ok
17:22:43.0764 3700 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
17:22:43.0764 3700 C:\Windows\System32\AltTab.dll - ok
17:22:43.0766 3700 [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl
17:22:43.0766 3700 C:\Windows\System32\bthprops.cpl - ok
17:22:43.0769 3700 [ 47188B0092466FD476E23DEA70CC1D4F ] C:\Program Files (x86)\Real\RealUpgrade\Plugins\upgrade.dll
17:22:43.0769 3700 C:\Program Files (x86)\Real\RealUpgrade\Plugins\upgrade.dll - ok
17:22:43.0771 3700 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
17:22:43.0771 3700 C:\Windows\System32\FXSSVC.exe - ok
17:22:43.0774 3700 [ 2B349F596198E555947B4CEAA057D9F0 ] C:\Program Files (x86)\RealNetworks\RealDownloader\RCAPlugins\upgrade.dll
17:22:43.0774 3700 C:\Program Files (x86)\RealNetworks\RealDownloader\RCAPlugins\upgrade.dll - ok
17:22:43.0776 3700 [ 4F6E72B34ED3DC53DCC5E8708E60B61F ] C:\Windows\SysWOW64\security.dll
17:22:43.0776 3700 C:\Windows\SysWOW64\security.dll - ok
17:22:43.0778 3700 [ 95CCD10BE06A2E0949B7C33B83038FA7 ] C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
17:22:43.0778 3700 C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll - ok
17:22:43.0781 3700 [ 3D6F22551D422F97AACB0BB927E4C846 ] C:\Windows\SysWOW64\pnidui.dll
17:22:43.0781 3700 C:\Windows\SysWOW64\pnidui.dll - ok
17:22:43.0783 3700 [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
17:22:43.0783 3700 C:\Windows\System32\pnidui.dll - ok
17:22:43.0785 3700 [ 46B7FE9BB34AE60AAC244E6CD8D9B450 ] C:\Program Files (x86)\RealNetworks\RealDownloader\RCAPlugins\rpsharedcomponents.dll
17:22:43.0786 3700 C:\Program Files (x86)\RealNetworks\RealDownloader\RCAPlugins\rpsharedcomponents.dll - ok
17:22:43.0788 3700 [ 07AD88DF9EF73215458867EFC1BFFE9E ] C:\Windows\System32\wbem\wmiprov.dll
17:22:43.0788 3700 C:\Windows\System32\wbem\wmiprov.dll - ok
17:22:43.0790 3700 [ 07F649CD36F266BBE33B814FA678AA43 ] C:\Windows\SysWOW64\mshtml.dll
17:22:43.0790 3700 C:\Windows\SysWOW64\mshtml.dll - ok
17:22:43.0792 3700 [ 98E7E971AB21A6EDD2323C0FB37B9A0F ] C:\Windows\SysWOW64\powercfg.exe
17:22:43.0792 3700 C:\Windows\SysWOW64\powercfg.exe - ok
17:22:43.0795 3700 [ 4EB0C6C3EF4D8885CF2B5D0062F31E44 ] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
17:22:43.0795 3700 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe - ok
17:22:43.0797 3700 [ BD626EF05967D14C772B8096292731A3 ] C:\Windows\SysWOW64\QUTIL.DLL
17:22:43.0797 3700 C:\Windows\SysWOW64\QUTIL.DLL - ok
17:22:43.0799 3700 [ F779EE89CD1F679C91AB8848C978F086 ] C:\Windows\System32\powercfg.exe
17:22:43.0799 3700 C:\Windows\System32\powercfg.exe - ok
17:22:43.0802 3700 [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
17:22:43.0802 3700 C:\Windows\System32\QUTIL.DLL - ok
17:22:43.0804 3700 [ BB5B4BA716D145B2ADF241052EDAB983 ] C:\Windows\SysWOW64\iscsidsc.dll
17:22:43.0804 3700 C:\Windows\SysWOW64\iscsidsc.dll - ok
17:22:43.0806 3700 [ E11E3F3BBEFDC5C0C160BE13B65E25E4 ] C:\Windows\System32\iscsidsc.dll
17:22:43.0806 3700 C:\Windows\System32\iscsidsc.dll - ok
17:22:43.0809 3700 [ EAB975DB4C2805927FE5BD047D05C9AA ] C:\Windows\SysWOW64\netshell.dll
17:22:43.0809 3700 C:\Windows\SysWOW64\netshell.dll - ok
17:22:43.0811 3700 [ 98F657555DD1C1A30362927DF8FBB266 ] C:\Windows\SysWOW64\iscsium.dll
17:22:43.0811 3700 C:\Windows\SysWOW64\iscsium.dll - ok
17:22:43.0813 3700 [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
17:22:43.0813 3700 C:\Windows\System32\netshell.dll - ok
17:22:43.0816 3700 [ C04E8D0509505AB8D8C5623E94458831 ] C:\Windows\SysWOW64\msclmd.dll
17:22:43.0816 3700 C:\Windows\SysWOW64\msclmd.dll - ok
17:22:43.0818 3700 [ 22D98BF27F3DAE2B3E9559B9C40D49A1 ] C:\Windows\System32\iscsium.dll
17:22:43.0818 3700 C:\Windows\System32\iscsium.dll - ok
17:22:43.0820 3700 [ 544EFF88AC6C85DF5A4D6F18DFE08CFC ] C:\Windows\SysWOW64\taskschd.dll
17:22:43.0820 3700 C:\Windows\SysWOW64\taskschd.dll - ok
17:22:43.0823 3700 [ 9C0DFA4BF8AA6C92C11CB331D35C7886 ] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordlegacyext.dll
17:22:43.0823 3700 C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordlegacyext.dll - ok
17:22:43.0826 3700 [ C26B09276755E0698B31CF0BAE0BF182 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
17:22:43.0826 3700 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
17:22:43.0828 3700 [ EAFC149CD3BD78C443E31BB157841197 ] C:\Windows\SysWOW64\tbs.dll
17:22:43.0828 3700 C:\Windows\SysWOW64\tbs.dll - ok
17:22:43.0831 3700 [ 49407D606E7C32203A21F6BB4DF4EA3C ] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
17:22:43.0831 3700 C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe - ok
17:22:43.0834 3700 [ 78693EFB803C77F731726E7FA65A6517 ] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll
17:22:43.0834 3700 C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll - ok
17:22:43.0836 3700 [ 0600CB2613BEA0C6C0987B58D56D77B9 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
17:22:43.0836 3700 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe - ok
17:22:43.0839 3700 [ B63E5C7807334A3A8F731062F15462CC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
17:22:43.0839 3700 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
17:22:43.0841 3700 [ 06A754FE28A06F780A099703CFCAAA22 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll
17:22:43.0841 3700 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll - ok
17:22:43.0844 3700 [ 7AE92C896AF9ABFBDB18C1D055B6EBA7 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcp80.dll
17:22:43.0844 3700 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcp80.dll - ok
17:22:43.0847 3700 [ 0BA65122FFA7E37564EE86422DBF7AE8 ] C:\Windows\SysWOW64\nlaapi.dll
17:22:43.0847 3700 C:\Windows\SysWOW64\nlaapi.dll - ok
17:22:43.0849 3700 [ 7E88404F838D7E99727C2741D3990A46 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
17:22:43.0849 3700 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe - ok
17:22:43.0852 3700 [ 637E9EEA864CE9C5778E3C4358B1E0D1 ] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
17:22:43.0852 3700 C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe - ok
17:22:43.0854 3700 [ B84C68915F644244E9F4CEF53BE795E7 ] C:\Program Files\Logitech\SetPoint II\ProfileManager.dll
17:22:43.0854 3700 C:\Program Files\Logitech\SetPoint II\ProfileManager.dll - ok
17:22:43.0857 3700 [ CE5C9977DA751DDC30952AC4DCBCA788 ] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
17:22:43.0857 3700 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe - ok
17:22:43.0859 3700 [ 0B81540A7A179F2C3A4ABF904E0B5B21 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
17:22:43.0859 3700 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe - ok
17:22:43.0862 3700 [ 735263DA17BF5BAF9CCD483843BF9D5A ] C:\Windows\SysWOW64\WPDShServiceObj.dll
17:22:43.0862 3700 C:\Windows\SysWOW64\WPDShServiceObj.dll - ok
17:22:43.0864 3700 [ E5CC42D5D8AB979BEFE132A9741E8F59 ] C:\Windows\SysWOW64\atiadlxy.dll
17:22:43.0864 3700 C:\Windows\SysWOW64\atiadlxy.dll - ok
17:22:43.0866 3700 [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
17:22:43.0866 3700 C:\Windows\System32\WPDShServiceObj.dll - ok
17:22:43.0868 3700 [ 7A6986DD659B96398A11AF5173892715 ] C:\Windows\SysWOW64\cabinet.dll
17:22:43.0868 3700 C:\Windows\SysWOW64\cabinet.dll - ok
17:22:43.0870 3700 [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\SysWOW64\mscoree.dll
17:22:43.0870 3700 C:\Windows\SysWOW64\mscoree.dll - ok
17:22:43.0873 3700 [ 8DDA2B606279753601F9415DA503CA63 ] C:\Program Files (x86)\QuickTime\QTTask.exe
17:22:43.0873 3700 C:\Program Files (x86)\QuickTime\QTTask.exe - ok
17:22:43.0875 3700 [ F2CEE06FD2BDEAAD1792B24FDB3B442B ] C:\Program Files\Common Files\Logishrd\KHAL2\KHALAPI.dll
17:22:43.0875 3700 C:\Program Files\Common Files\Logishrd\KHAL2\KHALAPI.dll - ok
17:22:43.0878 3700 [ E4401CF27225C1D6E664E86195978562 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
17:22:43.0878 3700 C:\Program Files (x86)\iTunes\iTunesHelper.exe - ok
17:22:43.0880 3700 [ ADB45A977BD9E45790CA496DB84BA148 ] C:\Windows\SysWOW64\PortableDeviceTypes.dll
17:22:43.0880 3700 C:\Windows\SysWOW64\PortableDeviceTypes.dll - ok
17:22:43.0882 3700 [ 609B1EC328B30D5DE438DCCE0732649C ] C:\Program Files\Dell\DellDock\DellDock.exe
17:22:43.0882 3700 C:\Program Files\Dell\DellDock\DellDock.exe - ok
17:22:43.0885 3700 [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
17:22:43.0885 3700 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
17:22:43.0887 3700 [ 140D9F911182357626165EA0BEB98C4F ] C:\Windows\SysWOW64\ncsi.dll
17:22:43.0887 3700 C:\Windows\SysWOW64\ncsi.dll - ok
17:22:43.0890 3700 [ 48E6868781B4E8BF4B77DBEC7694BCE8 ] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
17:22:43.0890 3700 C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe - ok
17:22:43.0892 3700 [ 1E09DFA4048196C9D3CC40C485A39422 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
17:22:43.0892 3700 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe - ok
17:22:43.0894 3700 [ 5BB8C06EB5EA4BA22EE8A678F2D79B25 ] C:\Windows\SysWOW64\devenum.dll
17:22:43.0895 3700 C:\Windows\SysWOW64\devenum.dll - ok
17:22:43.0897 3700 [ C85ECCBAA179719E658FFDBF99221E1E ] C:\Program Files (x86)\iTunes\iTunesHelper.dll
17:22:43.0897 3700 C:\Program Files (x86)\iTunes\iTunesHelper.dll - ok
17:22:43.0899 3700 [ E98278865E8DABA21CFE5FE4BE34210A ] C:\Windows\SysWOW64\PortableDeviceApi.dll
17:22:43.0899 3700 C:\Windows\SysWOW64\PortableDeviceApi.dll - ok
17:22:43.0902 3700 [ 8B92BED5B8D4A8480E7AA631F35A6F35 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
17:22:43.0902 3700 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
17:22:43.0904 3700 [ EB4CDF2ECA64FBACAFBAD2B04B1B2862 ] C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
17:22:43.0904 3700 C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll - ok
17:22:43.0907 3700 [ AA794B099F776B37ACCDEAD00E0FBFC9 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
17:22:43.0907 3700 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
17:22:43.0909 3700 [ A08C010D859F8EB42BDD7E1D55B8CA27 ] C:\Windows\System32\mscoree.dll
17:22:43.0909 3700 C:\Windows\System32\mscoree.dll - ok
17:22:43.0912 3700 [ 674B0C0F6A448EB185CAAB9C51D44032 ] C:\Windows\SysWOW64\srchadmin.dll
17:22:43.0912 3700 C:\Windows\SysWOW64\srchadmin.dll - ok
17:22:43.0914 3700 [ 814A169C40B55178BD8E1F79D1ADA649 ] C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.dll
17:22:43.0914 3700 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok
17:22:43.0917 3700 [ 9DF319F1C2D4B80D8CE8214EA4899ADF ] C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
17:22:43.0917 3700 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok
17:22:43.0920 3700 [ 3DBEAEE8645FAF1232CE464C2CAC12EF ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
17:22:43.0920 3700 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll - ok
17:22:43.0922 3700 [ 92B3C209A05CF5B61D38B6EF019006F4 ] C:\Program Files\Common Files\Logishrd\KHAL2\KHALITCH.dll
17:22:43.0922 3700 C:\Program Files\Common Files\Logishrd\KHAL2\KHALITCH.dll - ok
17:22:43.0924 3700 [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
17:22:43.0924 3700 C:\Windows\System32\srchadmin.dll - ok
17:22:43.0927 3700 [ 780836BB63852990382DF27DE7FEFD20 ] C:\Windows\System32\bcdedit.exe
17:22:43.0927 3700 C:\Windows\System32\bcdedit.exe - ok
17:22:43.0930 3700 [ 5112FBD9885D79A9FC73BDE9B1EF9334 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
17:22:43.0930 3700 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
17:22:43.0932 3700 [ 31D59387099070963EAD4CE14C5B5F04 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
17:22:43.0932 3700 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll - ok
17:22:43.0935 3700 [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
17:22:43.0935 3700 C:\Windows\System32\wbem\NCProv.dll - ok
17:22:43.0937 3700 [ 236F286E103FD44BD85FDD93097FD5DD ] C:\Windows\SysWOW64\SearchIndexer.exe
17:22:43.0937 3700 C:\Windows\SysWOW64\SearchIndexer.exe - ok
17:22:43.0940 3700 [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\SysWOW64\msvcr100_clr0400.dll
17:22:43.0940 3700 C:\Windows\SysWOW64\msvcr100_clr0400.dll - ok
17:22:43.0942 3700 [ 5C3F9DBA818CD93379D1A0F215270374 ] C:\Windows\SysWOW64\esent.dll
17:22:43.0942 3700 C:\Windows\SysWOW64\esent.dll - ok
17:22:43.0944 3700 [ 7C9BF77ADAA12FBCD291F6407D4447FC ] C:\Program Files\Common Files\Logishrd\KHAL2\KHALMW.dll
17:22:43.0944 3700 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMW.dll - ok
17:22:43.0947 3700 [ 522B0466ED967A0762E9AF5B37D8F40A ] C:\Windows\System32\esent.dll
17:22:43.0947 3700 C:\Windows\System32\esent.dll - ok
17:22:43.0949 3700 [ E0B340996A41C9A75DFA3B99BBA9C500 ] C:\Windows\System32\SearchIndexer.exe
17:22:43.0949 3700 C:\Windows\System32\SearchIndexer.exe - ok
17:22:43.0952 3700 [ 6E9E439517D89EDC9A6CB1E94489620A ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
17:22:43.0952 3700 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll - ok
17:22:43.0954 3700 [ E22CF2157EA7D798CA5CFA6A30A5D9FA ] C:\Windows\SysWOW64\sdiagprv.dll
17:22:43.0954 3700 C:\Windows\SysWOW64\sdiagprv.dll - ok
17:22:43.0956 3700 [ 02CD5B2C3B017122CAC00BDB520CD7AC ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
17:22:43.0956 3700 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll - ok
17:22:43.0959 3700 [ F7408349454FA56667DFD48226E5574C ] C:\Program Files\Common Files\Logishrd\KHAL2\KHALHPP.dll
17:22:43.0959 3700 C:\Program Files\Common Files\Logishrd\KHAL2\KHALHPP.dll - ok
17:22:43.0961 3700 [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\SysWOW64\NapiNSP.dll
17:22:43.0961 3700 C:\Windows\SysWOW64\NapiNSP.dll - ok
17:22:43.0964 3700 [ AB781C0E4C09E08F464081D17C0F6184 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
17:22:43.0964 3700 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok
17:22:43.0966 3700 [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\SysWOW64\pnrpnsp.dll
17:22:43.0966 3700 C:\Windows\SysWOW64\pnrpnsp.dll - ok
17:22:43.0969 3700 [ 79DDDDE43595F9D2B65E37C8B3316955 ] C:\Windows\SysWOW64\wlancfg.dll
17:22:43.0969 3700 C:\Windows\SysWOW64\wlancfg.dll - ok
17:22:43.0971 3700 [ 465DBF63A5049E4DB4BC5C12FFE781CB ] C:\Windows\SysWOW64\tquery.dll
17:22:43.0971 3700 C:\Windows\SysWOW64\tquery.dll - ok
17:22:43.0973 3700 [ 21C7717DED4542AE820C1B96F1FD2FEA ] C:\Program Files\Common Files\Logishrd\KHAL2\KHALMOU.dll
17:22:43.0973 3700 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMOU.dll - ok
17:22:43.0976 3700 [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\SysWOW64\winrnr.dll
17:22:43.0976 3700 C:\Windows\SysWOW64\winrnr.dll - ok
17:22:43.0978 3700 [ 0241CB16136B9A4939CA0395768AE286 ] C:\Windows\SysWOW64\mssrch.dll
17:22:43.0978 3700 C:\Windows\SysWOW64\mssrch.dll - ok
17:22:43.0980 3700 [ CB21CD39637AC13F3455454B2F648257 ] C:\Windows\System32\msvcr100_clr0400.dll
17:22:43.0980 3700 C:\Windows\System32\msvcr100_clr0400.dll - ok
17:22:43.0983 3700 [ 2B67DDE53E008846B26B8473300D1B78 ] C:\Program Files\Common Files\Logishrd\KHAL2\KHALHID.dll
17:22:43.0983 3700 C:\Program Files\Common Files\Logishrd\KHAL2\KHALHID.dll - ok
17:22:43.0985 3700 [ 1CBF15FDB0310345A68972EB5C5B948F ] C:\Windows\SysWOW64\mssprxy.dll
17:22:43.0985 3700 C:\Windows\SysWOW64\mssprxy.dll - ok
17:22:43.0987 3700 [ 01AEA2F16FE0C522DDFD7FAFFC959C6A ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\74a5f0c2bc0d0e6e3c4ec4886b9be891\mscorlib.ni.dll
17:22:43.0987 3700 C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\74a5f0c2bc0d0e6e3c4ec4886b9be891\mscorlib.ni.dll - ok
17:22:43.0990 3700 [ 17E2D902AAD5DA15A8178334C2B1D995 ] C:\Program Files\Common Files\Logishrd\KHAL2\KHALUSB.dll
17:22:43.0990 3700 C:\Program Files\Common Files\Logishrd\KHAL2\KHALUSB.dll - ok
17:22:43.0993 3700 [ 75BCC4043512E41D83C8F224B168039C ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
17:22:43.0993 3700 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
17:22:43.0995 3700 [ 635958B47D579344DC023AE324E05B43 ] C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\5eeca24ada8f0fed132d1450c01f880a\mscorlib.ni.dll
17:22:43.0995 3700 C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\5eeca24ada8f0fed132d1450c01f880a\mscorlib.ni.dll - ok
17:22:43.0998 3700 [ 81600E2E27ED61427AAD865B9BCDDB9D ] C:\Windows\SysWOW64\msidle.dll
17:22:43.0998 3700 C:\Windows\SysWOW64\msidle.dll - ok
17:22:44.0000 3700 [ 0A94DE4AA9864D312E60D747FD249ABE ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll
17:22:44.0000 3700 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll - ok
17:22:44.0003 3700 [ 71C4F42DC8DB668E826DA79462EA741E ] C:\Windows\SysWOW64\KBDUS.DLL
17:22:44.0003 3700 C:\Windows\SysWOW64\KBDUS.DLL - ok
17:22:44.0005 3700 [ 850BD2D2D9CB5894935C3B6333CAD6FD ] C:\Windows\System32\riched20.dll
17:22:44.0005 3700 C:\Windows\System32\riched20.dll - ok
17:22:44.0007 3700 [ 414DA952A35BF5D50192E28263B40577 ] C:\Windows\SysWOW64\shsvcs.dll
17:22:44.0007 3700 C:\Windows\SysWOW64\shsvcs.dll - ok
17:22:44.0009 3700 [ 589DF683A6C81424A6CECE52ABF98A50 ] C:\Windows\System32\tquery.dll
17:22:44.0010 3700 C:\Windows\System32\tquery.dll - ok
17:22:44.0012 3700 [ 4374B2528BCBB8F95FB12CC6C8FF0773 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
17:22:44.0012 3700 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll - ok
17:22:44.0014 3700 [ 6D6596E046CA6A61DE250AD3A281A1AF ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
17:22:44.0014 3700 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll - ok
17:22:44.0017 3700 [ 2694D89BA9AC6E35C77FEF4F2FBB7A43 ] C:\Program Files (x86)\Windows Mail\oeimport.dll
17:22:44.0017 3700 C:\Program Files (x86)\Windows Mail\oeimport.dll - ok
17:22:44.0019 3700 [ 7568CC720ACE4D03B84AF97817E745EF ] C:\Windows\System32\mssrch.dll
17:22:44.0019 3700 C:\Windows\System32\mssrch.dll - ok
17:22:44.0022 3700 [ 710959562DBB7090330E09CA9B261B7E ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
17:22:44.0022 3700 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe - ok
17:22:44.0025 3700 [ 2EF42B77565DA9D46F74BA08306811B4 ] C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
17:22:44.0025 3700 C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll - ok
17:22:44.0027 3700 [ EE5B38DD8B8EBBE8868B9EF00B815585 ] C:\Program Files (x86)\Real\RealPlayer\Update\setu3270.dll
17:22:44.0027 3700 C:\Program Files (x86)\Real\RealPlayer\Update\setu3270.dll - ok
17:22:44.0030 3700 [ 836B8F87DC42AD95D4FE95BD1E374DF2 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
17:22:44.0030 3700 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll - ok
17:22:44.0033 3700 [ 7301A8574C11A22CB63C45260F69988D ] C:\Program Files (x86)\Real\RealPlayer\realjbox.exe
17:22:44.0033 3700 C:\Program Files (x86)\Real\RealPlayer\realjbox.exe - ok
17:22:44.0035 3700 [ 01243FA89FBEC041E873DE8386138440 ] C:\Program Files (x86)\Real\RealPlayer\realplay.exe
17:22:44.0035 3700 C:\Program Files (x86)\Real\RealPlayer\realplay.exe - ok
17:22:44.0038 3700 [ 2A72853494912BB034AF7AC1C86EC04E ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
17:22:44.0038 3700 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll - ok
17:22:44.0041 3700 [ 8BE887F1743FBB39ED2C9CA2937742D6 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System\f3888a2c7b096d416ca0cfc5405219b4\System.ni.dll
17:22:44.0041 3700 C:\Windows\assembly\NativeImages_v2.0.50727_64\System\f3888a2c7b096d416ca0cfc5405219b4\System.ni.dll - ok
17:22:44.0043 3700 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
17:22:44.0043 3700 C:\Windows\System32\msidle.dll - ok
17:22:44.0045 3700 [ 0F261EC4F514926177C70C1832374231 ] C:\Program Files\iPod\bin\iPodService.exe
17:22:44.0045 3700 C:\Program Files\iPod\bin\iPodService.exe - ok
17:22:44.0048 3700 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
17:22:44.0048 3700 C:\Windows\System32\netman.dll - ok
17:22:44.0050 3700 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
17:22:44.0050 3700 C:\Windows\System32\mssprxy.dll - ok
17:22:44.0053 3700 [ 81A1688125491939E67E2F961126184C ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportUtil_x64.dll
17:22:44.0053 3700 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportUtil_x64.dll - ok
17:22:44.0055 3700 [ 4007C160649D060923E04368792B5E08 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\MyDock.Util\27040b8a9825d33eea978bdc449baf2b\MyDock.Util.ni.dll
17:22:44.0055 3700 C:\Windows\assembly\NativeImages_v2.0.50727_64\MyDock.Util\27040b8a9825d33eea978bdc449baf2b\MyDock.Util.ni.dll - ok
17:22:44.0058 3700 [ 1416C4E2EF61E70F4A0BDA14708B188F ] C:\Windows\assembly\NativeImages_v4.0.30319_64\System\6e3ec94d3a2f035ade14602aef4c89dc\System.ni.dll
17:22:44.0058 3700 C:\Windows\assembly\NativeImages_v4.0.30319_64\System\6e3ec94d3a2f035ade14602aef4c89dc\System.ni.dll - ok
17:22:44.0061 3700 [ AC6A3801F3CDE7EB41B3F52E9B0A1C2B ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
17:22:44.0061 3700 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll - ok
17:22:44.0063 3700 [ 469F2841AB3C27A88C37CA7681D9CA28 ] C:\Program Files\Logitech\SetPoint II\LU\LuLnchr.exe
17:22:44.0063 3700 C:\Program Files\Logitech\SetPoint II\LU\LuLnchr.exe - ok
17:22:44.0066 3700 [ 68CE18072E9CDFE63DD2E083868C7433 ] C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
17:22:44.0066 3700 C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - ok
17:22:44.0068 3700 [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\SysWOW64\npmproxy.dll
17:22:44.0068 3700 C:\Windows\SysWOW64\npmproxy.dll - ok
17:22:44.0071 3700 [ F12E9C134B6495CFB682F76417879F46 ] C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\3ad0ff2b593518d66a9d94d60fa1c91d\System.Drawing.ni.dll
17:22:44.0071 3700 C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\3ad0ff2b593518d66a9d94d60fa1c91d\System.Drawing.ni.dll - ok
17:22:44.0074 3700 [ B63E24E9271E99FD4540E3CA22A937DA ] C:\Windows\SysWOW64\en-US\tquery.dll.mui
17:22:44.0074 3700 C:\Windows\SysWOW64\en-US\tquery.dll.mui - ok
17:22:44.0076 3700 [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
17:22:44.0076 3700 C:\Windows\System32\en-US\tquery.dll.mui - ok
17:22:44.0079 3700 [ 4D89F6191DB56CFA659388378F3DD688 ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\msvcr80.dll
17:22:44.0079 3700 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\msvcr80.dll - ok
17:22:44.0081 3700 [ D39DA70FEA6BD713682F70635587DA9E ] C:\Windows\SysWOW64\rasdlg.dll
17:22:44.0081 3700 C:\Windows\SysWOW64\rasdlg.dll - ok
17:22:44.0083 3700 [ 5EF8A000C7927E87332D8CB6B7970067 ] C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll
17:22:44.0083 3700 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll - ok
17:22:44.0086 3700 [ F3A847975F3EBC5DEF82CB0565A3C7F1 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\DellDock\3aff25e2cc258060264695f524eb8312\DellDock.ni.exe
17:22:44.0086 3700 C:\Windows\assembly\NativeImages_v2.0.50727_64\DellDock\3aff25e2cc258060264695f524eb8312\DellDock.ni.exe - ok
17:22:44.0089 3700 [ 16C94859F2A4F2403F6EFD516DF4B2B4 ] C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
17:22:44.0089 3700 C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll - ok
17:22:44.0091 3700 [ 763E2BBEFCD523AB3B7163A5671BF5EF ] C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll
17:22:44.0091 3700 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll - ok
17:22:44.0094 3700 [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
17:22:44.0094 3700 C:\Windows\System32\rasdlg.dll - ok
17:22:44.0096 3700 [ 020D5F7ABD814935C1BBD55D97F11DB8 ] C:\Program Files (x86)\Real\RealPlayer\rpwa3260.dll
17:22:44.0096 3700 C:\Program Files (x86)\Real\RealPlayer\rpwa3260.dll - ok
17:22:44.0099 3700 [ C332DB81197E6E5D4A67D3789DBEB02A ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\msvcp80.dll
17:22:44.0099 3700 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\msvcp80.dll - ok
17:22:44.0102 3700 [ EF547CE61046D08E13C134EEDF157C34 ] C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\7a4d780975b207494913b323f72eebeb\System.Windows.Forms.ni.dll
17:22:44.0102 3700 C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\7a4d780975b207494913b323f72eebeb\System.Windows.Forms.ni.dll - ok
17:22:44.0104 3700 [ 89F4D0DD6606A2FE15931E6888DBBC8D ] C:\Windows\SysWOW64\stdole2.tlb
17:22:44.0104 3700 C:\Windows\SysWOW64\stdole2.tlb - ok
17:22:44.0107 3700 [ 471D7266AD659F79AE0281693F9CCD12 ] C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
17:22:44.0107 3700 C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll - ok
17:22:44.0109 3700 [ 872DE4FB9C39A9B9837E80B4F1F47D84 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\3ee7b9f31e021b320a26cf5cca616245\VistaBridgeLibrary.ni.dll
17:22:44.0109 3700 C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\3ee7b9f31e021b320a26cf5cca616245\VistaBridgeLibrary.ni.dll - ok
17:22:44.0112 3700 [ 6FA41E0C86EF049A12C05CA4BBA8F9AF ] C:\Windows\SysWOW64\perfos.dll
17:22:44.0112 3700 C:\Windows\SysWOW64\perfos.dll - ok
17:22:44.0114 3700 [ D4191EFAB91E00FC09257AA5EBAF503B ] C:\Windows\SysWOW64\mprapi.dll
17:22:44.0114 3700 C:\Windows\SysWOW64\mprapi.dll - ok
17:22:44.0116 3700 [ F00932B0CB0D4D63396708C25A0F1E09 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Implementation.dll
17:22:44.0116 3700 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Implementation.dll - ok
17:22:44.0119 3700 [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
17:22:44.0119 3700 C:\Windows\System32\mprapi.dll - ok
17:22:44.0122 3700 [ ADC378DB808E2DD81BE8AB09908E8CAD ] C:\Windows\SysWOW64\catsrvps.dll
17:22:44.0122 3700 C:\Windows\SysWOW64\catsrvps.dll - ok
17:22:44.0124 3700 [ 1EA7969E3271CBC59E1730697DC74682 ] C:\Windows\System32\qmgr.dll
17:22:44.0124 3700 C:\Windows\System32\qmgr.dll - ok
17:22:44.0125 3700 ============================================================
17:22:44.0125 3700 Scan finished
17:22:44.0125 3700 ============================================================
17:22:44.0131 2780 Detected object count: 3
17:22:44.0131 2780 Actual detected object count: 3
17:24:22.0292 2780 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
17:24:22.0292 2780 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:24:22.0293 2780 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:24:22.0293 2780 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:24:22.0295 2780 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
17:24:22.0295 2780 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:04 PM

Posted 31 December 2012 - 11:23 PM

Hello,

Restart your computer everything should be ok then.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 Chuck F

Chuck F
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 01 January 2013 - 10:40 AM

Yes it was. Thank for all of your help. This is a great service.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users