Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef, Sirefef.AG and Sirefef.AL infection


  • This topic is locked This topic is locked
24 replies to this topic

#1 PhilCo3631

PhilCo3631

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 31 December 2012 - 05:18 AM

MSE informs me of the presence of 3 Trojans:

Win32/Sirefef
Win32/Sirefef.AG
Win32/Sirefef.AL

MSE is quarantining these items and reports that they have been removed; however they have not. They provoke a response from MSE about once every 4 minutes (all 3 reappear simultaneously). MSE quarantines and then "removes" but the removal is not successful. I first noticed the MSE activity shortly after restarting the computer yesterday. Other items were detected at this time and appear to have been successfully removed - I think there were 2 other items - and I think their names were "FavPak" or similar and something with "adware" in its name.
The 3 Sirefef items continue to appear in MSE log every 4 minutes or so (simultaneously).
My machine is running Vista Home Premium (and that is about the extent of my knowledge).

I followed the trail from MSE to Microsoft help pages to Bleeping Computer (a well-trodden path I guess).
I am not particularly computer literate but I am able to follow complex instructions precisely.

Grateful for any assistance that you can give,

Thanks,

Phil

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:15 PM

Posted 31 December 2012 - 08:10 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:15 PM

Posted 03 January 2013 - 12:30 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 PhilCo3631

PhilCo3631
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 03 January 2013 - 06:11 AM

Gringo,
Apologies - I didn't have the immediate notification selected so didn't realise you had replied. Immediate notification is now turned on and I will start to work through the other instructions,

Phil

#5 PhilCo3631

PhilCo3631
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 03 January 2013 - 07:32 AM

Gringo,

Other than the MSE activity (quarantining all 3 items every 3 or 4 minutes) the computer is running normally with no indications of any problem.

CD Emulation Drivers have been disabled by Defogger.
Reports as requested follow:

Report from Security Check:

Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 11.5.502.135
Adobe Reader 10.1.4 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2
Run by Bec at 11:52:29 on 2013-01-03
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WUDFHost.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Cobian Backup 8\Cobian.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZSman000&ptb=UpyeD85BKKeE.Q28Mu7KjA
uWindow Title = Internet Explorer provided by Dell
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: <No Name>: {69B98C68-D2B8-4A4E-9CB7-E85B6F3A7014} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: IE Custom Tools: {F2BADA0D-FD61-45EF-A994-64A073FD6613} -
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: IE Custom Tools: {F2BADA0D-FD61-45EF-A994-64A073FD6613} -
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsnMsgr] ~"c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRunOnce: [Application Restart #0] c:\windows\ehome\ehtray.exe
uRunOnce: [Application Restart #1] c:\program files\microsoft security client\msseces.exe -Recover
uRunOnce: [Application Restart #2] c:\program files\windows sidebar\sidebar.exe
uRunOnce: [Application Restart #3] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [TalkTalk] "c:\program files\talktalk\bin\sprtcmd.exe" /P TalkTalk
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [*WerKernelReporting] c:\windows\system32\WerFault.exe -k -rq
mExplorerRun: [some] c:\program files\video add-on\icthis.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php
LSP: c:\windows\system32\wpclsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4B3BB946-6D84-44B2-8126-673067DD9551} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{52759484-B546-40D7-A698-124352DF21CF} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\progra~1\google\google~1\goec62~1.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R? androidusb;SAMSUNG Android Composite ADB Interface Driver
R? avast! Antivirus;avast! Antivirus
R? avast! Mail Scanner;avast! Mail Scanner
R? avast! Web Scanner;avast! Web Scanner
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335
R? SkypeUpdate;Skype Updater
R? ssadbus;SAMSUNG Android USB Composite Device driver (WDM)
R? ssadmdfl;SAMSUNG Android USB Modem (Filter)
R? ssadmdm;SAMSUNG Android USB Modem Drivers
R? ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM)
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AERTFilters;Andrea RT Filters Service
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswSP;avast! Self Protection
S? FontCache;Windows Font Cache Service
S? MpFilter;Microsoft Malware Protection Driver
S? NisDrv;Microsoft Network Inspection System
S? NisSrv;Microsoft Network Inspection
S? RapportBuka;RapportBuka
S? RapportCerberus_43926;RapportCerberus_43926
S? RapportEI;RapportEI
S? RapportIaso;RapportIaso
S? RapportKELL;RapportKELL
S? RapportMgmtService;Rapport Management Service
S? RapportPG;RapportPG
S? sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk)
S? tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk)
.
=============== Created Last 30 ================
.
2013-01-03 11:15:42 -------- d-----w- c:\program files\iPod
2013-01-03 11:15:38 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-03 03:35:36 60872 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e4a74d3b-2233-44f7-bb17-c68d13cae63f}\offreg.dll
2013-01-03 03:33:39 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e4a74d3b-2233-44f7-bb17-c68d13cae63f}\mpengine.dll
2013-01-02 18:54:55 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-12-30 12:41:22 -------- d-----w- c:\program files\Cobian Backup 8
2012-12-24 04:56:48 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-24 04:56:48 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-13 07:27:48 -------- d-----r- c:\program files\Skype
2012-12-12 22:58:06 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-12 22:58:01 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-12 22:58:01 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-12 22:58:00 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-12 22:57:59 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-12 22:57:59 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-12 22:57:58 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-12 22:57:58 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-12 22:57:55 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-12 22:57:55 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-12 22:57:55 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-12 21:48:58 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 21:48:56 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 21:48:56 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-12 21:48:55 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-12 21:48:48 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2012-12-11 22:43:32 73656 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-11 22:43:32 697272 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-10-07 16:09:15 93672 ------w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-07 16:09:04 821736 ------w- c:\windows\system32\npDeployJava1.dll
2012-10-07 16:09:03 746984 ------w- c:\windows\system32\deployJava1.dll
2008-03-30 08:33:42 774144 ------w- c:\program files\RngInterstitial.dll
.
============= FINISH: 11:56:50.98 ===============

Attach.txt

.
==== Installed Programs ======================
.
7-Zip 9.20
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Amazon MP3 Downloader 1.0.9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
BBC iPlayer Desktop
BOB Books Version 1.5.0.4
Bonjour
Broadcom 802.11 Wireless LAN Adapter
CCleaner
Cobian Backup 8
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell System Customization Wizard
DellSupport
Epson Easy Photo Print 2
Epson Event Manager
EPSON Scan
Epson Stylus SX210_SX410_TX210_TX410 Manual
EPSON SX210 Series Printer Uninstall
Google Chrome
Google Desktop
Google Earth
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Driver Diagnostics
HP Product Detection
IKEA Home Planner
iTunes
Java 7 Update 7
Java Auto Updater
Junk Mail filter update
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Project MUI (English) 2010
Microsoft Office Project Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Project 2010 Service Pack 1 (SP1)
Microsoft Project Professional 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Premium 2010
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
NVIDIANetworkDiagnostic
OGA Notifier 2.0.0048.0
QuickTime
Rapport
RealArcade
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype™ 6.0
Sonic Activation Module
Switch Sound File Converter
swMSM
TalkTalk Assist & Go
TigerCad version 3.001 Free
TurboRisk 2.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
URL Assistant
User's Guides
VLC media player 0.9.2
VoiceOver Kit
WavePad Sound Editor
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== End Of File ===========================

Thats it, Cheers for now,

Phil

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:15 PM

Posted 03 January 2013 - 12:55 PM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 PhilCo3631

PhilCo3631
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 04 January 2013 - 05:21 AM

OK,

AdwCleaner Report and RogueKiller have been run.
RogueKiller did some things that I wasn't expecting. Don't know if they were significant or not so I'll report them anyway. I ran RK twice. On the first occasion RK asked for a reboot which I carried out. On rebooting I couldn't find the reports (my mistake) so ran RK again. On each occasion RK produced 2 files so I have posted all 4 in the order they were produced (after AdwCleaner report). On both occasions of running Windows Explorer opened - for no apparent reason - the open folder was the Download folder. On both occasions of running RK launched a couple of Tigzy webpages.

The computer is still running OK - no apparent symptoms; However, MSE no longer appears to be running (ie no icon at right hand side of TaskBar). I feel a little exposed - should I be concerned?

Reports follow:

# AdwCleaner v2.104 - Logfile created 01/03/2013 at 21:22:40
# Updated 29/12/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Bec - PHIL-PC
# Boot Mode : Normal
# Running from : C:\Users\Phil\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Deleted : HKLM\Software\Bandoo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKU\S-1-5-21-2909968122-817412202-15368582-1000\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKU\S-1-5-21-2909968122-817412202-15368582-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZSman000&ptb=UpyeD85BKKeE.Q28Mu7KjA --> hxxp://www.google.com

-\\ Google Chrome v23.0.1271.97

*************************

AdwCleaner[S1].txt - [4487 octets] - [03/01/2013 21:22:40]

########## EOF - \AdwCleaner[S1].txt - [4547 octets] ##########

RogueKiller Report (4 reports in order of creation)

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Bec [Admin rights]
Mode : Scan -- Date : 01/03/2013 21:53:28

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKUS\S-1-5-21-2909968122-817412202-15368582-1000[...]\Run : EPSON SX210 Series (C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE /FU "C:\Windows\TEMP\E_SB367.tmp" /EF "HKCU") -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-2909968122-817412202-15368582-1000\$7837cf9d5a97b6d540cebf4f58daf3a1\n --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2909968122-817412202-15368582-1000\$7837cf9d5a97b6d540cebf4f58daf3a1\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-2909968122-817412202-15368582-1000\$7837cf9d5a97b6d540cebf4f58daf3a1\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-2909968122-817412202-15368582-1000\$7837cf9d5a97b6d540cebf4f58daf3a1\L --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT725025VLA SCSI Disk Device +++++
--- User ---
[MBR] 37a029f9548b4a427f410958429177e4
[BSP] 67d6a64b04885546efc8a525e5a0cb5d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 228129 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_01032013_02d2153.txt >>
RKreport[1]_S_01032013_02d2153.txt

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Bec [Admin rights]
Mode : Remove -- Date : 01/03/2013 21:54:29

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKUS\S-1-5-21-2909968122-817412202-15368582-1000[...]\Run : EPSON SX210 Series (C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE /FU "C:\Windows\TEMP\E_SB367.tmp" /EF "HKCU") -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-2909968122-817412202-15368582-1000\$7837cf9d5a97b6d540cebf4f58daf3a1\n --> REMOVED AT REBOOT
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2909968122-817412202-15368582-1000\$7837cf9d5a97b6d540cebf4f58daf3a1\@ --> REMOVED AT REBOOT
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-2909968122-817412202-15368582-1000\$7837cf9d5a97b6d540cebf4f58daf3a1\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-2909968122-817412202-15368582-1000\$7837cf9d5a97b6d540cebf4f58daf3a1\L --> REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT725025VLA SCSI Disk Device +++++
--- User ---
[MBR] 37a029f9548b4a427f410958429177e4
[BSP] 67d6a64b04885546efc8a525e5a0cb5d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 228129 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_01032013_02d2154.txt >>
RKreport[1]_S_01032013_02d2153.txt ; RKreport[2]_D_01032013_02d2154.txt

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Bec [Admin rights]
Mode : Scan -- Date : 01/03/2013 22:59:38

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-2909968122-817412202-15368582-1000\$7837cf9d5a97b6d540cebf4f58daf3a1\n --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT725025VLA SCSI Disk Device +++++
--- User ---
[MBR] 37a029f9548b4a427f410958429177e4
[BSP] 67d6a64b04885546efc8a525e5a0cb5d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 228129 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3]_S_01032013_02d2259.txt >>
RKreport[1]_S_01032013_02d2153.txt ; RKreport[2]_D_01032013_02d2154.txt ; RKreport[3]_S_01032013_02d2259.txt

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Bec [Admin rights]
Mode : Remove -- Date : 01/03/2013 23:02:25

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-2909968122-817412202-15368582-1000\$7837cf9d5a97b6d540cebf4f58daf3a1\n --> REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT725025VLA SCSI Disk Device +++++
--- User ---
[MBR] 37a029f9548b4a427f410958429177e4
[BSP] 67d6a64b04885546efc8a525e5a0cb5d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 228129 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[4]_D_01032013_02d2302.txt >>
RKreport[1]_S_01032013_02d2153.txt ; RKreport[2]_D_01032013_02d2154.txt ; RKreport[3]_S_01032013_02d2259.txt ; RKreport[4]_D_01032013_02d2302.txt

That's all

Phil

#8 PhilCo3631

PhilCo3631
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 04 January 2013 - 05:58 AM

Gringo,
This is a second message since your instructions with a correction to my last message:

I had said that MSE appears not to be running - I was mistaken - after completing your instructions MSE is still running - situation is the same - all 3 Sirefef items are being quarantined approx every 3/4 mins.

Phil

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:15 PM

Posted 04 January 2013 - 12:50 PM

Hello PhilCo3631

I would like you to give me one of the locations that MSE complains about

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 PhilCo3631

PhilCo3631
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 04 January 2013 - 03:41 PM

Hi Gringo,

Disabled MSE and Firewall as instructed. Ran ComboFix (report below) - I did receive error "illegal operation etc" so restarted the computer. On restarting, Windows Security Centre alerted me that MSE and Firewall were off so I restarted them from the Security Centre.

Before I ran Combofix I noticed that MSE was reporting something slightly different (and continues to report the same way after Combofix was run):

In MSE History, with "All Detected Items" selected, the last reported instance of all 3 items was on 3 Jan 13 at 21:52, which was just before RK was run for the first time. In that log, all 3 items reappear in the log every 3/4 minutes, as before, until 21:52 when the log entries cease completely.
However, with "Quarantined Items" selected, the log shows 200+ entries of the 3 items but the time shown for all 200+ entries is the same; the time when that log was selected for view. Eg at 20:30 I was in the history tab with "All Detected Items" selected, I then selected "Quarantined Items", the log then displays 200+ entries for all 3 items and all showing the same time - 20:30. I then moved to the "Home" tab and back to the "History Tab at 20:33. The log then updates showing all 200+ entries having the same time - 20:33.

The locations reported in MSE for the items are:

Sirefef file:C:\$Recycle.Bin\S-1-5-21-2909968122-817412202-15368582-1000\$7837cf9d5a97b6d540cebf4f58daf3a1\U\00000001.@
Sirefef.AG file:C:\$Recycle.Bin\S-1-5-21-2909968122-817412202-15368582-1000\$7837cf9d5a97b6d540cebf4f58daf3a1\U\80000000.@
Sirefef.AL file:C:\$Recycle.Bin\S-1-5-21-2909968122-817412202-15368582-1000\$7837cf9d5a97b6d540cebf4f58daf3a1\U\800000cb.@

Other than the MSE reports, the computer appears to be symptom free, as before. Working at normal speed, no redirection to unwanted websites, no unusual messages, nothing.

Combofix report follows:

ComboFix 13-01-04.03 - Phil 04/01/2013 19:35:11.1.2 - x86
Running from: c:\users\Phil\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Phil\Favorites\Online Security Test.url
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-12-04 to 2013-01-04 )))))))))))))))))))))))))))))))
.
.
2013-01-04 19:48 . 2013-01-04 19:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-04 19:48 . 2013-01-04 19:48 -------- d-----w- c:\users\Bec\AppData\Local\temp
2013-01-04 19:48 . 2013-01-04 19:48 -------- d-----w- c:\users\Bec.Phil-PC\AppData\Local\temp
2013-01-04 19:48 . 2013-01-04 19:48 -------- d-----w- c:\users\Phil_2\AppData\Local\temp
2013-01-04 19:48 . 2013-01-04 19:48 -------- d-----w- c:\users\Freya\AppData\Local\temp
2013-01-04 16:36 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F12FC87C-5055-41DB-A49D-06EFE7BE4553}\mpengine.dll
2013-01-03 11:15 . 2013-01-03 11:15 -------- d-----w- c:\program files\iPod
2013-01-03 11:15 . 2013-01-03 11:17 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-03 03:33 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-30 12:41 . 2012-12-30 12:42 -------- d-----w- c:\program files\Cobian Backup 8
2012-12-24 04:56 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-24 04:56 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-13 07:27 . 2012-12-13 07:27 -------- d-----w- c:\program files\Common Files\Skype
2012-12-13 07:27 . 2012-12-13 07:27 -------- d-----r- c:\program files\Skype
2012-12-12 22:58 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-12 22:58 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-12 22:58 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-12 22:58 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-12 22:57 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-12 22:57 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-12 22:57 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-12 22:57 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-12 22:57 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-12 22:57 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-12 22:57 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-12 21:48 . 2012-11-13 01:36 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 21:48 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 21:48 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-12 21:48 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-12 21:48 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-11 22:43 . 2012-07-06 22:31 697272 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-12-11 22:43 . 2011-06-30 06:50 73656 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-29 17:26 . 2012-11-29 17:32 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D8C29DE-198F-447D-B380-F8F66C5B1817}\gapaengine.dll
2012-10-17 02:32 . 2012-11-03 17:41 6918632 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D1C625B-0966-49B6-AA91-2333CF18997D}\mpengine.dll
2012-10-07 16:09 . 2012-10-07 16:09 93672 ------w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-07 16:09 . 2012-10-07 16:09 821736 ------w- c:\windows\system32\npDeployJava1.dll
2012-10-07 16:09 . 2010-06-06 10:12 746984 ------w- c:\windows\system32\deployJava1.dll
2008-03-30 08:33 . 2008-03-30 08:34 774144 ------w- c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-15 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-04 30192]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-09 202256]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-04-11 217088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLAAE6AFE4
*NewlyCreated* - RAPPORTIASO
*Deregistered* - MpKslaae6afe4
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-06 22:43]
.
2013-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 13:13]
.
2013-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 13:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{69B98C68-D2B8-4A4E-9CB7-E85B6F3A7014} - c:\program files\Video Add-on\isfmdl.dll
HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
AddRemove-SmartDraw VP - c:\smartd~1\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-04 19:49
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Phil\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-01-04 19:52:40
ComboFix-quarantined-files.txt 2013-01-04 19:52
.
Pre-Run: 35,785,908,224 bytes free
Post-Run: 37,264,805,888 bytes free
.
- - End Of File - - 0AD1007EA9D254C4A37FBDC6408E77C3

I really appreciate the ongoing assistance,

Phil

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:15 PM

Posted 04 January 2013 - 05:06 PM

Greetings

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 PhilCo3631

PhilCo3631
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 04 January 2013 - 06:42 PM

Hi Gringo,

(This is post 1 of 2 post due to length of TDSS Killer report).
After my last post I cleared all the logs from MSE. No further items have been logged since then. It is 2 to 3 hours later and the logs are still clear. However, I have carried out the instructions above. (I closed down MSE and Windows Firewall first). TDSS Killer ran fine and found only suspicious objects (unsigned files) - no malicious objects found. The report is below. aswMBR downloaded extra definitions OK and began the scan OK, but I got the crash dump blue screen during the scan. The computer closed down and restarted automatically with no apparent detrimental effect. I restarted MSE and Firewall OK and MSE logs are still empty. Now that there are no repeated reports in the MSE log situation, the computer now has no apparent symptoms at all and is running entirely normally.

The TDSS Killer log is below but there is no aswMBR log due to crash. The TDSS report is too long to post so I have posted the second half in another post.

23:02:46.0605 3508 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:02:47.0447 3508 ============================================================
23:02:47.0447 3508 Current date / time: 2013/01/04 23:02:47.0447
23:02:47.0447 3508 SystemInfo:
23:02:47.0447 3508
23:02:47.0447 3508 OS Version: 6.0.6002 ServicePack: 2.0
23:02:47.0447 3508 Product type: Workstation
23:02:47.0447 3508 ComputerName: PHIL-PC
23:02:47.0447 3508 UserName: Phil
23:02:47.0447 3508 Windows directory: C:\Windows
23:02:47.0447 3508 System windows directory: C:\Windows
23:02:47.0447 3508 Processor architecture: Intel x86
23:02:47.0447 3508 Number of processors: 2
23:02:47.0447 3508 Page size: 0x1000
23:02:47.0447 3508 Boot type: Normal boot
23:02:47.0447 3508 ============================================================
23:02:47.0962 3508 BG loaded
23:02:48.0586 3508 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:02:48.0832 3508 ============================================================
23:02:48.0832 3508 \Device\Harddisk0\DR0:
23:02:48.0851 3508 MBR partitions:
23:02:48.0851 3508 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x1400000
23:02:48.0851 3508 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1418000, BlocksNum 0x1BD90800
23:02:48.0851 3508 ============================================================
23:02:48.0895 3508 C: <-> \Device\Harddisk0\DR0\Partition2
23:02:48.0943 3508 D: <-> \Device\Harddisk0\DR0\Partition1
23:02:48.0943 3508 ============================================================
23:02:48.0943 3508 Initialize success
23:02:48.0943 3508 ============================================================
23:03:10.0174 4608 ============================================================
23:03:10.0174 4608 Scan started
23:03:10.0174 4608 Mode: Manual; SigCheck; TDLFS;
23:03:10.0174 4608 ============================================================
23:03:10.0533 4608 ================ Scan system memory ========================
23:03:10.0533 4608 System memory - ok
23:03:10.0533 4608 ================ Scan services =============================
23:03:10.0720 4608 ACDaemon - ok
23:03:10.0876 4608 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
23:03:11.0048 4608 ACPI - ok
23:03:11.0204 4608 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:03:11.0220 4608 AdobeARMservice - ok
23:03:11.0329 4608 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:03:11.0344 4608 AdobeFlashPlayerUpdateSvc - ok
23:03:11.0422 4608 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:03:11.0454 4608 adp94xx - ok
23:03:11.0516 4608 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:03:11.0532 4608 adpahci - ok
23:03:11.0563 4608 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
23:03:11.0578 4608 adpu160m - ok
23:03:11.0610 4608 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:03:11.0625 4608 adpu320 - ok
23:03:11.0688 4608 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:03:11.0734 4608 AeLookupSvc - ok
23:03:11.0797 4608 [ 330A1E4DF07C2E29949ED8631CD8828E ] AERTFilters C:\Windows\system32\AERTSrv.exe
23:03:11.0828 4608 AERTFilters - ok
23:03:11.0906 4608 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
23:03:11.0937 4608 AFD - ok
23:03:12.0015 4608 [ 8B10CE1C1F9F1D47E4DEB1A547A00CD4 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:03:12.0031 4608 agp440 - ok
23:03:12.0078 4608 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
23:03:12.0093 4608 aic78xx - ok
23:03:12.0140 4608 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
23:03:12.0187 4608 ALG - ok
23:03:12.0202 4608 [ 5C42A992E68724D2CD3DDB4FC3B0409F ] aliide C:\Windows\system32\drivers\aliide.sys
23:03:12.0218 4608 aliide - ok
23:03:12.0249 4608 [ 848F27E5B27C1C253F6CEFDC1A5D8F21 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:03:12.0265 4608 amdagp - ok
23:03:12.0280 4608 [ 849DFACDDE533DA5D1810F0CAF84EB19 ] amdide C:\Windows\system32\drivers\amdide.sys
23:03:12.0296 4608 amdide - ok
23:03:12.0343 4608 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
23:03:12.0421 4608 AmdK7 - ok
23:03:12.0468 4608 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:03:12.0514 4608 AmdK8 - ok
23:03:12.0577 4608 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
23:03:12.0624 4608 androidusb - ok
23:03:12.0686 4608 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
23:03:12.0702 4608 Appinfo - ok
23:03:12.0795 4608 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:03:12.0811 4608 Apple Mobile Device - ok
23:03:12.0889 4608 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
23:03:12.0904 4608 arc - ok
23:03:12.0951 4608 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:03:12.0967 4608 arcsas - ok
23:03:13.0029 4608 [ B4079A98F294A3E262872CB76F4849F0 ] aswFsBlk C:\Windows\system32\DRIVERS\aswFsBlk.sys
23:03:13.0045 4608 aswFsBlk - ok
23:03:13.0107 4608 [ E2851CB7DBB831888EAEA46C55C05E44 ] aswMonFlt C:\Windows\system32\DRIVERS\aswMonFlt.sys
23:03:13.0123 4608 aswMonFlt - ok
23:03:13.0138 4608 [ 8080D683489C99CBACE813F6FA4069CC ] aswRdr C:\Windows\system32\drivers\aswRdr.sys
23:03:13.0138 4608 aswRdr - ok
23:03:13.0154 4608 [ 2E5A2AD5004B55DF39B7606130A88142 ] aswSP C:\Windows\system32\drivers\aswSP.sys
23:03:13.0170 4608 aswSP - ok
23:03:13.0232 4608 [ D4C83A37EFADFA2C398362E0776E3773 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
23:03:13.0248 4608 aswTdi - ok
23:03:13.0310 4608 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:03:13.0357 4608 AsyncMac - ok
23:03:13.0404 4608 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
23:03:13.0419 4608 atapi - ok
23:03:13.0497 4608 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:03:13.0544 4608 AudioEndpointBuilder - ok
23:03:13.0544 4608 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:03:13.0575 4608 Audiosrv - ok
23:03:13.0653 4608 [ 0AAF6B848185899CF76AE04E62EAB3D2 ] avast! Antivirus C:\Program Files\Alwil Software\Avast4\ashServ.exe
23:03:13.0669 4608 avast! Antivirus - ok
23:03:13.0684 4608 avast! Mail Scanner - ok
23:03:13.0731 4608 [ D86010C96ABADDA75356834D6113D37D ] avast! Web Scanner C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
23:03:13.0747 4608 avast! Web Scanner - ok
23:03:13.0825 4608 [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
23:03:13.0903 4608 BCM43XV - ok
23:03:13.0934 4608 [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
23:03:13.0996 4608 BCM43XX - ok
23:03:14.0059 4608 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
23:03:14.0090 4608 Beep - ok
23:03:14.0168 4608 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
23:03:14.0199 4608 BFE - ok
23:03:14.0293 4608 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
23:03:14.0402 4608 BITS - ok
23:03:14.0418 4608 blbdrive - ok
23:03:14.0558 4608 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:03:14.0589 4608 Bonjour Service - ok
23:03:14.0636 4608 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:03:14.0667 4608 bowser - ok
23:03:14.0730 4608 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
23:03:14.0761 4608 BrFiltLo - ok
23:03:14.0776 4608 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
23:03:14.0823 4608 BrFiltUp - ok
23:03:14.0870 4608 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
23:03:14.0917 4608 Browser - ok
23:03:14.0995 4608 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
23:03:15.0057 4608 Brserid - ok
23:03:15.0073 4608 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
23:03:15.0120 4608 BrSerWdm - ok
23:03:15.0151 4608 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
23:03:15.0229 4608 BrUsbMdm - ok
23:03:15.0244 4608 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
23:03:15.0322 4608 BrUsbSer - ok
23:03:15.0369 4608 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:03:15.0432 4608 BTHMODEM - ok
23:03:15.0619 4608 catchme - ok
23:03:15.0697 4608 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:03:15.0744 4608 cdfs - ok
23:03:15.0806 4608 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:03:15.0837 4608 cdrom - ok
23:03:15.0915 4608 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
23:03:15.0962 4608 CertPropSvc - ok
23:03:16.0009 4608 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
23:03:16.0071 4608 circlass - ok
23:03:16.0149 4608 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
23:03:16.0196 4608 CLFS - ok
23:03:16.0290 4608 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:03:16.0305 4608 clr_optimization_v2.0.50727_32 - ok
23:03:16.0430 4608 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:03:16.0446 4608 clr_optimization_v4.0.30319_32 - ok
23:03:16.0461 4608 [ DE11A06E187756ECB86CFA82DAC40FF7 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:03:16.0477 4608 cmdide - ok
23:03:16.0524 4608 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
23:03:16.0539 4608 Compbatt - ok
23:03:16.0539 4608 COMSysApp - ok
23:03:16.0570 4608 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:03:16.0586 4608 crcdisk - ok
23:03:16.0602 4608 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
23:03:16.0664 4608 Crusoe - ok
23:03:16.0742 4608 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:03:16.0789 4608 CryptSvc - ok
23:03:16.0851 4608 [ 100FF3D9E16AFB3163BD6F9AAAAB7C55 ] DCamUSBSQTECH C:\Windows\system32\Drivers\SQcaptur.sys
23:03:16.0867 4608 DCamUSBSQTECH ( UnsignedFile.Multi.Generic ) - warning
23:03:16.0867 4608 DCamUSBSQTECH - detected UnsignedFile.Multi.Generic (1)
23:03:16.0960 4608 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:03:16.0992 4608 DcomLaunch - ok
23:03:17.0054 4608 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:03:17.0101 4608 DfsC - ok
23:03:17.0241 4608 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
23:03:17.0304 4608 DFSR - ok
23:03:17.0397 4608 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
23:03:17.0460 4608 Dhcp - ok
23:03:17.0538 4608 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
23:03:17.0553 4608 disk - ok
23:03:17.0647 4608 [ A53723176D0002FEB486EFF8E17812F2 ] DLABMFSM C:\Windows\system32\DLA\DLABMFSM.SYS
23:03:17.0662 4608 DLABMFSM - ok
23:03:17.0756 4608 [ D4587063ACEA776699251E177D719586 ] DLABOIOM C:\Windows\system32\DLA\DLABOIOM.SYS
23:03:17.0772 4608 DLABOIOM - ok
23:03:17.0834 4608 [ 5230CDB7E715F3A3B4A882E254CDD35D ] DLACDBHM C:\Windows\system32\Drivers\DLACDBHM.SYS
23:03:17.0850 4608 DLACDBHM - ok
23:03:17.0865 4608 [ C950C2E7B9ED1A4FC4A2AC7EC044F1D6 ] DLADResM C:\Windows\system32\DLA\DLADResM.SYS
23:03:17.0881 4608 DLADResM - ok
23:03:17.0928 4608 [ 24400137E387A24410C52A591F3CFB4D ] DLAIFS_M C:\Windows\system32\DLA\DLAIFS_M.SYS
23:03:17.0943 4608 DLAIFS_M - ok
23:03:17.0959 4608 [ 29A303FECEB28641ECEBDAE89EB71C63 ] DLAOPIOM C:\Windows\system32\DLA\DLAOPIOM.SYS
23:03:17.0959 4608 DLAOPIOM - ok
23:03:17.0990 4608 [ C93E33A22A1AE0C5508F3FB1F6D0A50C ] DLAPoolM C:\Windows\system32\DLA\DLAPoolM.SYS
23:03:18.0006 4608 DLAPoolM - ok
23:03:18.0037 4608 [ 77FE51F0F8D86804CB81F6EF6BFB86DD ] DLARTL_M C:\Windows\system32\Drivers\DLARTL_M.SYS
23:03:18.0052 4608 DLARTL_M - ok
23:03:18.0084 4608 [ B953498C35A31E5AC98F49ADBCF3E627 ] DLAUDFAM C:\Windows\system32\DLA\DLAUDFAM.SYS
23:03:18.0099 4608 DLAUDFAM - ok
23:03:18.0130 4608 [ 4897704C093C1F59CE58FC65E1E1EF1E ] DLAUDF_M C:\Windows\system32\DLA\DLAUDF_M.SYS
23:03:18.0130 4608 DLAUDF_M - ok
23:03:18.0208 4608 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:03:18.0224 4608 Dnscache - ok
23:03:18.0271 4608 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:03:18.0302 4608 dot3svc - ok
23:03:18.0380 4608 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
23:03:18.0411 4608 DPS - ok
23:03:18.0442 4608 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:03:18.0474 4608 drmkaud - ok
23:03:18.0489 4608 [ C00440385CF9F3D142917C63F989E244 ] DRVMCDB C:\Windows\system32\Drivers\DRVMCDB.SYS
23:03:18.0505 4608 DRVMCDB - ok
23:03:18.0520 4608 [ FFC371525AA55D1BAE18715EBCB8797C ] DRVNDDM C:\Windows\system32\Drivers\DRVNDDM.SYS
23:03:18.0536 4608 DRVNDDM - ok
23:03:18.0676 4608 [ 245F62A2AA67F4A61F10174BF1017327 ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
23:03:18.0723 4608 DSBrokerService ( UnsignedFile.Multi.Generic ) - warning
23:03:18.0723 4608 DSBrokerService - detected UnsignedFile.Multi.Generic (1)
23:03:18.0770 4608 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
23:03:18.0786 4608 DSproct ( UnsignedFile.Multi.Generic ) - warning
23:03:18.0786 4608 DSproct - detected UnsignedFile.Multi.Generic (1)
23:03:18.0801 4608 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\Windows\system32\DRIVERS\dsunidrv.sys
23:03:18.0817 4608 dsunidrv - ok
23:03:18.0879 4608 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:03:18.0910 4608 DXGKrnl - ok
23:03:18.0988 4608 [ 7505290504C8E2D172FA378CC0497BCC ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
23:03:19.0051 4608 e1express - ok
23:03:19.0113 4608 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
23:03:19.0160 4608 E1G60 - ok
23:03:19.0207 4608 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
23:03:19.0254 4608 EapHost - ok
23:03:19.0332 4608 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
23:03:19.0347 4608 Ecache - ok
23:03:19.0425 4608 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:03:19.0441 4608 ehRecvr - ok
23:03:19.0472 4608 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
23:03:19.0519 4608 ehSched - ok
23:03:19.0550 4608 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
23:03:19.0566 4608 ehstart - ok
23:03:19.0644 4608 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:03:19.0659 4608 elxstor - ok
23:03:19.0722 4608 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
23:03:19.0768 4608 EMDMgmt - ok
23:03:19.0878 4608 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
23:03:19.0909 4608 EventSystem - ok
23:03:19.0987 4608 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
23:03:20.0018 4608 exfat - ok
23:03:20.0034 4608 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:03:20.0065 4608 fastfat - ok
23:03:20.0080 4608 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:03:20.0174 4608 fdc - ok
23:03:20.0221 4608 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
23:03:20.0252 4608 fdPHost - ok
23:03:20.0283 4608 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
23:03:20.0377 4608 FDResPub - ok
23:03:20.0439 4608 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:03:20.0455 4608 FileInfo - ok
23:03:20.0502 4608 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:03:20.0533 4608 Filetrace - ok
23:03:20.0564 4608 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:03:20.0611 4608 flpydisk - ok
23:03:20.0658 4608 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:03:20.0673 4608 FltMgr - ok
23:03:20.0782 4608 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
23:03:20.0814 4608 FontCache - ok
23:03:20.0876 4608 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:03:20.0907 4608 FontCache3.0.0.0 - ok
23:03:20.0970 4608 [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
23:03:20.0985 4608 fssfltr - ok
23:03:21.0094 4608 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
23:03:21.0157 4608 fsssvc - ok
23:03:21.0204 4608 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:03:21.0266 4608 Fs_Rec - ok
23:03:21.0297 4608 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:03:21.0360 4608 gagp30kx - ok
23:03:21.0438 4608 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
23:03:21.0438 4608 GEARAspiWDM - ok
23:03:21.0609 4608 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
23:03:21.0625 4608 GoogleDesktopManager-051210-111108 - ok
23:03:21.0672 4608 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
23:03:21.0781 4608 gpsvc - ok
23:03:21.0890 4608 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:03:21.0906 4608 gupdate - ok
23:03:21.0937 4608 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:03:21.0952 4608 gupdatem - ok
23:03:22.0077 4608 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:03:22.0093 4608 gusvc - ok
23:03:22.0171 4608 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:03:22.0218 4608 HDAudBus - ok
23:03:22.0264 4608 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:03:22.0327 4608 HidBth - ok
23:03:22.0342 4608 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
23:03:22.0420 4608 HidIr - ok
23:03:22.0467 4608 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
23:03:22.0498 4608 hidserv - ok
23:03:22.0545 4608 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:03:22.0592 4608 HidUsb - ok
23:03:22.0639 4608 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:03:22.0686 4608 hkmsvc - ok
23:03:22.0732 4608 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
23:03:22.0748 4608 HpCISSs - ok
23:03:22.0810 4608 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\Windows\system32\DRIVERS\HPZid412.sys
23:03:22.0904 4608 HPZid412 - ok
23:03:22.0951 4608 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\Windows\system32\DRIVERS\HPZipr12.sys
23:03:22.0998 4608 HPZipr12 - ok
23:03:23.0076 4608 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\Windows\system32\DRIVERS\HPZius12.sys
23:03:23.0107 4608 HPZius12 - ok
23:03:23.0154 4608 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:03:23.0185 4608 HTTP - ok
23:03:23.0232 4608 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
23:03:23.0247 4608 i2omp - ok
23:03:23.0325 4608 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:03:23.0372 4608 i8042prt - ok
23:03:23.0388 4608 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
23:03:23.0419 4608 iaStorV - ok
23:03:23.0528 4608 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
23:03:23.0575 4608 IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:03:23.0575 4608 IDriverT - detected UnsignedFile.Multi.Generic (1)
23:03:23.0637 4608 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:03:23.0700 4608 idsvc - ok
23:03:23.0746 4608 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:03:23.0762 4608 iirsp - ok
23:03:23.0809 4608 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
23:03:23.0871 4608 IKEEXT - ok
23:03:23.0980 4608 [ F8F53C5449F15B23D4C61D51D2701DA8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:03:24.0058 4608 IntcAzAudAddService - ok
23:03:24.0136 4608 [ 1B16626BEAE3A52E611FC681CD796F86 ] intelide C:\Windows\system32\drivers\intelide.sys
23:03:24.0152 4608 intelide - ok
23:03:24.0199 4608 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:03:24.0246 4608 intelppm - ok
23:03:24.0308 4608 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:03:24.0355 4608 IPBusEnum - ok
23:03:24.0402 4608 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:03:24.0433 4608 IpFilterDriver - ok
23:03:24.0464 4608 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:03:24.0480 4608 iphlpsvc - ok
23:03:24.0495 4608 IpInIp - ok
23:03:24.0526 4608 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
23:03:24.0589 4608 IPMIDRV - ok
23:03:24.0636 4608 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
23:03:24.0667 4608 IPNAT - ok
23:03:24.0745 4608 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:03:24.0760 4608 iPod Service - ok
23:03:24.0807 4608 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:03:24.0870 4608 IRENUM - ok
23:03:24.0901 4608 [ 2F8ECE2699E7E2070545E9B0960A8ED2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:03:24.0916 4608 isapnp - ok
23:03:24.0979 4608 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:03:24.0994 4608 iScsiPrt - ok
23:03:25.0026 4608 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
23:03:25.0041 4608 iteatapi - ok
23:03:25.0104 4608 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
23:03:25.0119 4608 iteraid - ok
23:03:25.0166 4608 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:03:25.0197 4608 kbdclass - ok
23:03:25.0228 4608 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:03:25.0291 4608 kbdhid - ok
23:03:25.0338 4608 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
23:03:25.0353 4608 KeyIso - ok
23:03:25.0416 4608 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:03:25.0447 4608 KSecDD - ok
23:03:25.0525 4608 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
23:03:25.0572 4608 KtmRm - ok
23:03:25.0618 4608 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
23:03:25.0650 4608 LanmanServer - ok
23:03:25.0696 4608 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:03:25.0743 4608 LanmanWorkstation - ok
23:03:25.0790 4608 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:03:25.0821 4608 lltdio - ok
23:03:25.0868 4608 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:03:25.0930 4608 lltdsvc - ok
23:03:25.0962 4608 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:03:26.0024 4608 lmhosts - ok
23:03:26.0086 4608 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:03:26.0102 4608 LSI_FC - ok
23:03:26.0118 4608 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:03:26.0133 4608 LSI_SAS - ok
23:03:26.0149 4608 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:03:26.0164 4608 LSI_SCSI - ok
23:03:26.0211 4608 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
23:03:26.0274 4608 luafv - ok
23:03:26.0289 4608 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:03:26.0336 4608 Mcx2Svc - ok
23:03:26.0398 4608 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
23:03:26.0414 4608 megasas - ok
23:03:26.0539 4608 Microsoft SharePoint Workspace Audit Service - ok
23:03:26.0586 4608 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
23:03:26.0632 4608 MMCSS - ok
23:03:26.0664 4608 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
23:03:26.0695 4608 Modem - ok
23:03:26.0773 4608 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:03:26.0835 4608 monitor - ok
23:03:26.0882 4608 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:03:26.0898 4608 mouclass - ok
23:03:26.0898 4608 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:03:26.0944 4608 mouhid - ok
23:03:26.0976 4608 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
23:03:26.0991 4608 MountMgr - ok
23:03:27.0054 4608 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
23:03:27.0069 4608 MpFilter - ok
23:03:27.0147 4608 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
23:03:27.0163 4608 mpio - ok
23:03:27.0210 4608 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:03:27.0256 4608 mpsdrv - ok
23:03:27.0303 4608 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
23:03:27.0366 4608 MpsSvc - ok
23:03:27.0381 4608 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
23:03:27.0397 4608 Mraid35x - ok
23:03:27.0444 4608 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:03:27.0459 4608 MRxDAV - ok
23:03:27.0506 4608 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:03:27.0553 4608 mrxsmb - ok
23:03:27.0615 4608 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:03:27.0631 4608 mrxsmb10 - ok
23:03:27.0678 4608 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:03:27.0740 4608 mrxsmb20 - ok
23:03:27.0756 4608 [ 0D1C042188FFE61A702A9DF5944DE5BA ] msahci C:\Windows\system32\drivers\msahci.sys
23:03:27.0771 4608 msahci - ok
23:03:27.0802 4608 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:03:27.0818 4608 msdsm - ok
23:03:27.0849 4608 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
23:03:27.0927 4608 MSDTC - ok
23:03:27.0974 4608 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:03:28.0021 4608 Msfs - ok
23:03:28.0068 4608 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:03:28.0083 4608 msisadrv - ok
23:03:28.0114 4608 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:03:28.0161 4608 MSiSCSI - ok
23:03:28.0177 4608 msiserver - ok
23:03:28.0239 4608 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:03:28.0286 4608 MSKSSRV - ok
23:03:28.0364 4608 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
23:03:28.0380 4608 MsMpSvc - ok
23:03:28.0426 4608 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:03:28.0458 4608 MSPCLOCK - ok
23:03:28.0473 4608 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:03:28.0520 4608 MSPQM - ok
23:03:28.0567 4608 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:03:28.0598 4608 MsRPC - ok
23:03:28.0629 4608 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:03:28.0645 4608 mssmbios - ok
23:03:28.0692 4608 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:03:28.0738 4608 MSTEE - ok
23:03:28.0754 4608 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
23:03:28.0785 4608 Mup - ok
23:03:28.0816 4608 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
23:03:28.0863 4608 napagent - ok
23:03:28.0926 4608 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:03:28.0941 4608 NativeWifiP - ok
23:03:29.0035 4608 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:03:29.0066 4608 NDIS - ok
23:03:29.0097 4608 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:03:29.0128 4608 NdisTapi - ok
23:03:29.0160 4608 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:03:29.0206 4608 Ndisuio - ok
23:03:29.0253 4608 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:03:29.0284 4608 NdisWan - ok
23:03:29.0316 4608 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:03:29.0347 4608 NDProxy - ok
23:03:29.0362 4608 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:03:29.0394 4608 NetBIOS - ok
23:03:29.0440 4608 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
23:03:29.0472 4608 netbt - ok
23:03:29.0487 4608 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
23:03:29.0518 4608 Netlogon - ok
23:03:29.0565 4608 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
23:03:29.0628 4608 Netman - ok
23:03:29.0674 4608 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
23:03:29.0721 4608 netprofm - ok
23:03:29.0752 4608 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:03:29.0768 4608 NetTcpPortSharing - ok
23:03:29.0799 4608 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:03:29.0815 4608 nfrd960 - ok
23:03:29.0877 4608 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:03:29.0908 4608 NisDrv - ok
23:03:29.0971 4608 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
23:03:30.0002 4608 NisSrv - ok
23:03:30.0033 4608 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:03:30.0080 4608 NlaSvc - ok
23:03:30.0127 4608 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:03:30.0189 4608 Npfs - ok
23:03:30.0236 4608 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
23:03:30.0267 4608 nsi - ok
23:03:30.0298 4608 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:03:30.0361 4608 nsiproxy - ok
23:03:30.0439 4608 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:03:30.0486 4608 Ntfs - ok
23:03:30.0517 4608 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
23:03:30.0564 4608 ntrigdigi - ok
23:03:30.0595 4608 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
23:03:30.0657 4608 Null - ok
23:03:30.0751 4608 [ A1108084B0D2FC43DCC401735770E2A3 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
23:03:30.0782 4608 NVENETFD - ok
23:03:31.0078 4608 [ E572EBF0A86A76E7CFCAAB00648F0F83 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:03:31.0375 4608 nvlddmkm - ok
23:03:31.0422 4608 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:03:31.0437 4608 nvraid - ok
23:03:31.0484 4608 [ 4A5FCAB82D9BF6AF8A023A66802FE9E9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:03:31.0515 4608 nvstor - ok
23:03:31.0578 4608 [ DC5F166422BEEBF195E3E4BB8AB4EE22 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
23:03:31.0578 4608 nvstor32 - ok
23:03:31.0656 4608 [ F397A6FA4B83D243AD25A1DC401237A0 ] nvsvc C:\Windows\system32\nvvsvc.exe
23:03:31.0687 4608 nvsvc - ok
23:03:31.0718 4608 [ 055081FD5076401C1EE1BCAB08D81911 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:03:31.0749 4608 nv_agp - ok
23:03:31.0749 4608 NwlnkFlt - ok
23:03:31.0765 4608 NwlnkFwd - ok
23:03:31.0812 4608 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:03:31.0890 4608 ohci1394 - ok
23:03:31.0952 4608 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:03:31.0968 4608 ose - ok
23:03:32.0139 4608 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:03:32.0389 4608 osppsvc - ok
23:03:32.0467 4608 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
23:03:32.0545 4608 p2pimsvc - ok
23:03:32.0560 4608 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
23:03:32.0607 4608 p2psvc - ok
23:03:32.0685 4608 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
23:03:32.0779 4608 Parport - ok
23:03:32.0826 4608 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:03:32.0841 4608 partmgr - ok
23:03:32.0857 4608 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
23:03:32.0919 4608 Parvdm - ok
23:03:32.0950 4608 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
23:03:32.0966 4608 PcaSvc - ok
23:03:33.0013 4608 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
23:03:33.0028 4608 pci - ok
23:03:33.0106 4608 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
23:03:33.0122 4608 pciide - ok
23:03:33.0153 4608 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:03:33.0169 4608 pcmcia - ok
23:03:33.0216 4608 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:03:33.0309 4608 PEAUTH - ok
23:03:33.0403 4608 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
23:03:33.0450 4608 pla - ok
23:03:33.0512 4608 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:03:33.0543 4608 PlugPlay - ok
23:03:33.0574 4608 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
23:03:33.0637 4608 PNRPAutoReg - ok
23:03:33.0652 4608 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
23:03:33.0684 4608 PNRPsvc - ok
23:03:33.0730 4608 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:03:33.0793 4608 PolicyAgent - ok
23:03:33.0840 4608 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:03:33.0886 4608 PptpMiniport - ok
23:03:33.0918 4608 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
23:03:33.0996 4608 Processor - ok
23:03:34.0027 4608 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
23:03:34.0074 4608 ProfSvc - ok
23:03:34.0089 4608 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:03:34.0105 4608 ProtectedStorage - ok
23:03:34.0136 4608 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
23:03:34.0198 4608 PSched - ok
23:03:34.0230 4608 [ FEFFCFDC528764A04C8ED63D5FA6E711 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
23:03:34.0261 4608 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
23:03:34.0261 4608 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
23:03:34.0323 4608 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:03:34.0370 4608 ql2300 - ok
23:03:34.0401 4608 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:03:34.0417 4608 ql40xx - ok
23:03:34.0464 4608 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
23:03:34.0479 4608 QWAVE - ok
23:03:34.0526 4608 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:03:34.0588 4608 QWAVEdrv - ok
23:03:34.0682 4608 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
23:03:34.0822 4608 R300 - ok
23:03:34.0869 4608 [ E2AA111B00F5205FFD52A57F48B4F642 ] RapportBuka C:\Windows\system32\drivers\RapportBuka.sys
23:03:34.0885 4608 RapportBuka ( UnsignedFile.Multi.Generic ) - warning
23:03:34.0885 4608 RapportBuka - detected UnsignedFile.Multi.Generic (1)
23:03:35.0041 4608 [ 3AF684252780CF87DC2809F85B8F7591 ] RapportCerberus_43926 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys
23:03:35.0056 4608 RapportCerberus_43926 - ok
23:03:35.0166 4608 [ 093B6A040BCF3FD4A0FFF397BAF28330 ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
23:03:35.0181 4608 RapportEI - ok
23:03:35.0306 4608 [ 35199EC35EDC7DCBA71FDA711DFB05C0 ] RapportIaso c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys
23:03:35.0322 4608 RapportIaso - ok
23:03:35.0384 4608 [ 660436FBE447EBC73873EF2B0B2094B4 ] RapportKELL C:\Windows\system32\Drivers\RapportKELL.sys
23:03:35.0400 4608 RapportKELL - ok
23:03:35.0493 4608 [ 61B37C0B3FD7DA7414C20D917469BFFF ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
23:03:35.0524 4608 RapportMgmtService - ok
23:03:35.0571 4608 [ 3DE33A522BB73E161F20D444687E978B ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
23:03:35.0587 4608 RapportPG - ok
23:03:35.0634 4608 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:03:35.0665 4608 RasAcd - ok
23:03:35.0712 4608 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
23:03:35.0774 4608 RasAuto - ok
23:03:35.0821 4608 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:03:35.0868 4608 Rasl2tp - ok
23:03:35.0914 4608 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
23:03:35.0977 4608 RasMan - ok
23:03:36.0008 4608 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:03:36.0070 4608 RasPppoe - ok
23:03:36.0117 4608 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:03:36.0133 4608 RasSstp - ok
23:03:36.0180 4608 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:03:36.0242 4608 rdbss - ok
23:03:36.0273 4608 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:03:36.0320 4608 RDPCDD - ok
23:03:36.0367 4608 [ 0245418224CFA77BF4B41C2FE0622258 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
23:03:36.0414 4608 rdpdr - ok
23:03:36.0414 4608 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:03:36.0460 4608 RDPENCDD - ok
23:03:36.0507 4608 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:03:36.0523 4608 RDPWD - ok
23:03:36.0601 4608 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:03:36.0648 4608 RemoteAccess - ok
23:03:36.0679 4608 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:03:36.0726 4608 RemoteRegistry - ok
23:03:36.0804 4608 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
23:03:36.0819 4608 RimUsb - ok
23:03:36.0897 4608 [ EBCDE8B48FADC6479D96A56D0A432160 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
23:03:36.0960 4608 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - warning
23:03:36.0960 4608 RoxMediaDB9 - detected UnsignedFile.Multi.Generic (1)
23:03:37.0006 4608 [ AB2B1DE1C8F31EFCE2384B14B3DC4260 ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
23:03:37.0022 4608 RoxWatch9 ( UnsignedFile.Multi.Generic ) - warning
23:03:37.0022 4608 RoxWatch9 - detected UnsignedFile.Multi.Generic (1)
23:03:37.0053 4608 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
23:03:37.0069 4608 RpcLocator - ok
23:03:37.0131 4608 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
23:03:37.0162 4608 RpcSs - ok
23:03:37.0209 4608 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:03:37.0240 4608 rspndr - ok
23:03:37.0256 4608 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
23:03:37.0272 4608 SamSs - ok
23:03:37.0303 4608 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:03:37.0318 4608 sbp2port - ok
23:03:37.0365 4608 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:03:37.0396 4608 SCardSvr - ok
23:03:37.0443 4608 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
23:03:37.0521 4608 Schedule - ok
23:03:37.0537 4608 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:03:37.0568 4608 SCPolicySvc - ok
23:03:37.0615 4608 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:03:37.0646 4608 SDRSVC - ok
23:03:37.0662 4608 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:03:37.0724 4608 secdrv - ok
23:03:37.0755 4608 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
23:03:37.0818 4608 seclogon - ok
23:03:37.0833 4608 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
23:03:37.0880 4608 SENS - ok
23:03:37.0896 4608 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
23:03:37.0958 4608 Serenum - ok
23:03:38.0005 4608 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
23:03:38.0067 4608 Serial - ok
23:03:38.0098 4608 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:03:38.0130 4608 sermouse - ok
23:03:38.0176 4608 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
23:03:38.0223 4608 SessionEnv - ok
23:03:38.0239 4608 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:03:38.0301 4608 sffdisk - ok
23:03:38.0317 4608 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:03:38.0395 4608 sffp_mmc - ok
23:03:38.0426 4608 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:03:38.0488 4608 sffp_sd - ok
23:03:38.0504 4608 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:03:38.0582 4608 sfloppy - ok
23:03:38.0629 4608 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:03:38.0676 4608 SharedAccess - ok
23:03:38.0722 4608 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:03:38.0754 4608 ShellHWDetection - ok
23:03:38.0769 4608 [ 08072B2FB92477FC813271A84B3A8698 ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:03:38.0785 4608 sisagp - ok
23:03:38.0816 4608 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
23:03:38.0832 4608 SiSRaid2 - ok
23:03:38.0847 4608 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:03:38.0863 4608 SiSRaid4 - ok
23:03:38.0941 4608 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
23:03:38.0956 4608 SkypeUpdate - ok
23:03:39.0081 4608 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
23:03:39.0222 4608 slsvc - ok
23:03:39.0300 4608 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
23:03:39.0331 4608 SLUINotify - ok
23:03:39.0378 4608 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:03:39.0440 4608 Smb - ok
23:03:39.0471 4608 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:03:39.0502 4608 SNMPTRAP - ok
23:03:39.0549 4608 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
23:03:39.0565 4608 spldr - ok
23:03:39.0596 4608 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
23:03:39.0612 4608 Spooler - ok
23:03:39.0690 4608 [ 0D77554B62A9090EB05ECBB96058646E ] sprtsvc_TalkTalk C:\Program Files\TalkTalk\bin\sprtsvc.exe
23:03:39.0705 4608 sprtsvc_TalkTalk - ok
23:03:39.0752 4608 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:03:39.0799 4608 srv - ok
23:03:39.0846 4608 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:03:39.0861 4608 srv2 - ok
23:03:39.0924 4608 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:03:39.0970 4608 srvnet - ok
23:03:40.0017 4608 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
23:03:40.0048 4608 ssadbus - ok
23:03:40.0126 4608 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
23:03:40.0173 4608 ssadmdfl - ok
23:03:40.0189 4608 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
23:03:40.0220 4608 ssadmdm - ok
23:03:40.0251 4608 [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
23:03:40.0298 4608 ssadserd - ok
23:03:40.0345 4608 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:03:40.0407 4608 SSDPSRV - ok
23:03:40.0454 4608 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:03:40.0485 4608 SstpSvc - ok
23:03:40.0563 4608 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
23:03:40.0594 4608 stisvc - ok
23:03:40.0657 4608 [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
23:03:40.0704 4608 stllssvr ( UnsignedFile.Multi.Generic ) - warning
23:03:40.0704 4608 stllssvr - detected UnsignedFile.Multi.Generic (1)
23:03:40.0766 4608 [ 882FC174AC21C536E41351AFF58A7D7D ] SupportSoft RemoteAssist C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
23:03:40.0844 4608 SupportSoft RemoteAssist - ok
23:03:40.0875 4608 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:03:40.0891 4608 swenum - ok
23:03:40.0953 4608 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
23:03:40.0984 4608 swprv - ok
23:03:41.0047 4608 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
23:03:41.0062 4608 Symc8xx - ok
23:03:41.0094 4608 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
23:03:41.0109 4608 Sym_hi - ok
23:03:41.0125 4608 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
23:03:41.0140 4608 Sym_u3 - ok
23:03:41.0203 4608 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
23:03:41.0265 4608 SysMain - ok
23:03:41.0281 4608 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:03:41.0312 4608 TabletInputService - ok
23:03:41.0359 4608 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:03:41.0421 4608 TapiSrv - ok
23:03:41.0468 4608 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
23:03:41.0515 4608 TBS - ok
23:03:41.0577 4608 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:03:41.0624 4608 Tcpip - ok
23:03:41.0640 4608 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
23:03:41.0686 4608 Tcpip6 - ok
23:03:41.0702 4608 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:03:41.0733 4608 tcpipreg - ok
23:03:41.0780 4608 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:03:41.0842 4608 TDPIPE - ok
23:03:41.0874 4608 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:03:41.0920 4608 TDTCP - ok
23:03:41.0952 4608 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:03:41.0983 4608 tdx - ok
23:03:42.0014 4608 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:03:42.0030 4608 TermDD - ok
23:03:42.0076 4608 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
23:03:42.0139 4608 TermService - ok
23:03:42.0186 4608 [ 0E8BE65DAA22027624A7289090E3841E ] tgsrvc_TalkTalk C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
23:03:42.0201 4608 tgsrvc_TalkTalk - ok
23:03:42.0248 4608 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
23:03:42.0264 4608 Themes - ok
23:03:42.0295 4608 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
23:03:42.0326 4608 THREADORDER - ok
23:03:42.0373 4608 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
23:03:42.0404 4608 TrkWks - ok
23:03:42.0451 4608 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:03:42.0498 4608 TrustedInstaller - ok
23:03:42.0544 4608 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:03:42.0607 4608 tssecsrv - ok
23:03:42.0669 4608 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
23:03:42.0700 4608 tunmp - ok
23:03:42.0747 4608 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:03:42.0794 4608 tunnel - ok
23:03:42.0825 4608 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:03:42.0841 4608 uagp35 - ok
23:03:42.0872 4608 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:03:42.0903 4608 udfs - ok
23:03:42.0950 4608 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:03:42.0997 4608 UI0Detect - ok
23:03:43.0028 4608 [ 6D72EF05921ABDF59FC45C7EBFE7E8DD ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:03:43.0044 4608 uliagpkx - ok
23:03:43.0059 4608 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
23:03:43.0090 4608 uliahci - ok
23:03:43.0106 4608 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
23:03:43.0122 4608 UlSata - ok
23:03:43.0153 4608 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
23:03:43.0168 4608 ulsata2 - ok
23:03:43.0200 4608 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:03:43.0246 4608 umbus - ok
23:03:43.0293 4608 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
23:03:43.0356 4608 upnphost - ok
23:03:43.0402 4608 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
23:03:43.0418 4608 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
23:03:43.0418 4608 USBAAPL - detected UnsignedFile.Multi.Generic (1)
23:03:43.0496 4608 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:03:43.0558 4608 usbaudio - ok
23:03:43.0621 4608 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:03:43.0652 4608 usbccgp - ok
23:03:43.0683 4608 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:03:43.0746 4608 usbcir - ok
23:03:43.0792 4608 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:03:43.0824 4608 usbehci - ok
23:03:43.0870 4608 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:03:43.0933 4608 usbhub - ok
23:03:43.0948 4608 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:03:43.0980 4608 usbohci - ok
23:03:44.0026 4608 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:03:44.0089 4608 usbprint - ok
23:03:44.0167 4608 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:03:44.0214 4608 usbscan - ok
23:03:44.0260 4608 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:03:44.0292 4608 USBSTOR - ok
23:03:44.0338 4608 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:03:44.0416 4608 usbuhci - ok
23:03:44.0510 4608 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
23:03:44.0572 4608 usbvideo - ok
23:03:44.0619 4608 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
23:03:44.0650 4608 UxSms - ok
23:03:44.0713 4608 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
23:03:44.0775 4608 vds - ok
23:03:44.0822 4608 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:03:44.0916 4608 vga - ok
23:03:44.0962 4608 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
23:03:44.0994 4608 VgaSave - ok
23:03:45.0009 4608 [ D5929A28BDFF4367A12CAF06AF901971 ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:03:45.0025 4608 viaagp - ok
23:03:45.0056 4608 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
23:03:45.0118 4608 ViaC7 - ok
23:03:45.0165 4608 [ C0ACE9D0F5A5EE0B00F58345947A57FC ] viaide C:\Windows\system32\drivers\viaide.sys
23:03:45.0181 4608 viaide - ok
23:03:45.0196 4608 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:03:45.0212 4608 volmgr - ok
23:03:45.0274 4608 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:03:45.0306 4608 volmgrx - ok
23:03:45.0337 4608 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:03:45.0352 4608 volsnap - ok
23:03:45.0399 4608 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:03:45.0415 4608 vsmraid - ok
23:03:45.0462 4608 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
23:03:45.0555 4608 VSS - ok
23:03:45.0586 4608 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
23:03:45.0649 4608 W32Time - ok
23:03:45.0680 4608 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:03:45.0742 4608 WacomPen - ok
23:03:45.0789 4608 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
23:03:45.0820 4608 Wanarp - ok
23:03:45.0836 4608 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:03:45.0852 4608 Wanarpv6 - ok
23:03:45.0898 4608 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:03:45.0961 4608 wcncsvc - ok
23:03:45.0992 4608 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:03:46.0023 4608 WcsPlugInService - ok
23:03:46.0070 4608 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
23:03:46.0086 4608 Wd - ok
23:03:46.0148 4608 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:03:46.0179 4608 Wdf01000 - ok
23:03:46.0210 4608 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:03:46.0273 4608 WdiServiceHost - ok
23:03:46.0288 4608 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:03:46.0320 4608 WdiSystemHost - ok
23:03:46.0366 4608 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
23:03:46.0398 4608 WebClient - ok
23:03:46.0444 4608 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:03:46.0460 4608 Wecsvc - ok
23:03:46.0507 4608 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:03:46.0538 4608 wercplsupport - ok
23:03:46.0600 4608 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
23:03:46.0647 4608 WerSvc - ok
23:03:46.0710 4608 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:03:46.0725 4608 WinDefend - ok
23:03:46.0741 4608 WinHttpAutoProxySvc - ok
23:03:46.0819 4608 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:03:46.0850 4608 Winmgmt - ok
23:03:46.0912 4608 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
23:03:46.0959 4608 WinRM - ok
23:03:47.0022 4608 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:03:47.0053 4608 Wlansvc - ok
23:03:47.0162 4608 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:03:47.0240 4608 wlidsvc - ok
23:03:47.0287 4608 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:03:47.0396 4608 WmiAcpi - ok
23:03:47.0458 4608 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:03:47.0490 4608 wmiApSrv - ok
23:03:47.0583 4608 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:03:47.0646 4608 WMPNetworkSvc - ok
23:03:47.0708 4608 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:03:47.0755 4608 WPCSvc - ok
23:03:47.0802 4608 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:03:47.0817 4608 WPDBusEnum - ok
23:03:47.0958 4608 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:03:47.0989 4608 WPFFontCache_v0400 - ok
23:03:48.0036 4608 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:03:48.0067 4608 ws2ifsl - ok
23:03:48.0114 4608 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
23:03:48.0129 4608 wscsvc - ok
23:03:48.0145 4608 WSearch - ok
23:03:48.0238 4608 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
23:03:48.0301 4608 wuauserv - ok
23:03:48.0348 4608 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:03:48.0363 4608 WudfPf - ok
23:03:48.0426 4608 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:03:48.0441 4608 WUDFRd - ok
23:03:48.0488 4608 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:03:48.0504 4608 wudfsvc - ok
23:03:48.0519 4608 ================ Scan global ===============================
23:03:48.0566 4608 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
23:03:48.0613 4608 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:03:48.0628 4608 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:03:48.0675 4608 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
23:03:48.0675 4608 [Global] - ok
23:03:48.0675 4608 ================ Scan MBR ==================================
23:03:48.0722 4608 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
23:03:49.0206 4608 \Device\Harddisk0\DR0 - ok
23:03:49.0206 4608 ================ Scan VBR ==================================
23:03:49.0237 4608 [ 7E007C5ED7973FC3DAC0BAF4E5090851 ] \Device\Harddisk0\DR0\Partition1
23:03:49.0237 4608 \Device\Harddisk0\DR0\Partition1 - ok
23:03:49.0252 4608 [ B176A0A4003E3F14D36EFEA5F50F8A0E ] \Device\Harddisk0\DR0\Partition2
23:03:49.0252 4608 \Device\Harddisk0\DR0\Partition2 - ok
23:03:49.0252 4608 ================ Scan active images ========================
23:03:49.0252 4608 [ 36975327EF03949CC378AB01E316B574 ] C:\Windows\System32\drivers\crashdmp.sys
23:03:49.0252 4608 C:\Windows\System32\drivers\crashdmp.sys - ok
23:03:49.0268 4608 [ 494075282E23D838F43A4C9FB7143959 ] C:\Windows\System32\drivers\Diskdump.sys
23:03:49.0268 4608 C:\Windows\System32\drivers\Diskdump.sys - ok
23:03:49.0284 4608 [ DC5F166422BEEBF195E3E4BB8AB4EE22 ] C:\Windows\System32\drivers\nvstor32.sys
23:03:49.0284 4608 C:\Windows\System32\drivers\nvstor32.sys - ok
23:03:49.0284 4608 [ 300DB877AC094FEAB0BE7688C3454A9C ] C:\Windows\System32\drivers\tunnel.sys
23:03:49.0284 4608 C:\Windows\System32\drivers\tunnel.sys - ok
23:03:49.0299 4608 [ CAECC0120AC49E3D2F758B9169872D38 ] C:\Windows\System32\drivers\TUNMP.SYS
23:03:49.0299 4608 C:\Windows\System32\drivers\TUNMP.SYS - ok
23:03:49.0315 4608 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] C:\Windows\System32\drivers\amdk8.sys
23:03:49.0315 4608 C:\Windows\System32\drivers\amdk8.sys - ok
23:03:49.0315 4608 [ CE697FEE0D479290D89BEC80DFE793B7 ] C:\Windows\System32\drivers\usbohci.sys
23:03:49.0315 4608 C:\Windows\System32\drivers\usbohci.sys - ok
23:03:49.0330 4608 [ A1C100A87D981AD0774FBC0B4B82E913 ] C:\Windows\System32\drivers\usbport.sys
23:03:49.0330 4608 C:\Windows\System32\drivers\usbport.sys - ok
23:03:49.0330 4608 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] C:\Windows\System32\drivers\usbehci.sys
23:03:49.0330 4608 C:\Windows\System32\drivers\usbehci.sys - ok
23:03:49.0346 4608 [ 062452B7FFD68C8C042A6261FE8DFF4A ] C:\Windows\System32\drivers\hdaudbus.sys
23:03:49.0346 4608 C:\Windows\System32\drivers\hdaudbus.sys - ok
23:03:49.0362 4608 [ A1108084B0D2FC43DCC401735770E2A3 ] C:\Windows\System32\drivers\nvmfdx32.sys
23:03:49.0362 4608 C:\Windows\System32\drivers\nvmfdx32.sys - ok
23:03:49.0362 4608 [ 6B4BFFB9BECD728097024276430DB314 ] C:\Windows\System32\drivers\cdrom.sys
23:03:49.0362 4608 C:\Windows\System32\drivers\cdrom.sys - ok
23:03:49.0377 4608 [ 5230CDB7E715F3A3B4A882E254CDD35D ] C:\Windows\System32\drivers\DLACDBHM.SYS
23:03:49.0377 4608 C:\Windows\System32\drivers\DLACDBHM.SYS - ok
23:03:49.0393 4608 [ 185ADA973B5020655CEE342059A86CBB ] C:\Windows\System32\drivers\GEARAspiWDM.sys
23:03:49.0393 4608 C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
23:03:49.0393 4608 [ 395B38E0D16B5B04002935FCB398AA00 ] C:\Windows\System32\drivers\nvBridge.kmd
23:03:49.0408 4608 C:\Windows\System32\drivers\nvBridge.kmd - ok
23:03:49.0408 4608 [ E572EBF0A86A76E7CFCAAB00648F0F83 ] C:\Windows\System32\drivers\nvlddmkm.sys
23:03:49.0408 4608 C:\Windows\System32\drivers\nvlddmkm.sys - ok
23:03:49.0424 4608 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] C:\Windows\System32\drivers\dxgkrnl.sys
23:03:49.0424 4608 C:\Windows\System32\drivers\dxgkrnl.sys - ok
23:03:49.0424 4608 [ 4A5C31E2C1646034E6A60EBA4C747FF6 ] C:\Windows\System32\drivers\watchdog.sys
23:03:49.0424 4608 C:\Windows\System32\drivers\watchdog.sys - ok
23:03:49.0440 4608 [ 232FA340531D940AAC623B121A595034 ] C:\Windows\System32\drivers\msiscsi.sys
23:03:49.0440 4608 C:\Windows\System32\drivers\msiscsi.sys - ok
23:03:49.0455 4608 [ 77937EFF009AC696B90E09F671F9D0A4 ] C:\Windows\System32\drivers\tdi.sys
23:03:49.0455 4608 C:\Windows\System32\drivers\tdi.sys - ok
23:03:49.0455 4608 [ A214ADBAF4CB47DD2728859EF31F26B0 ] C:\Windows\System32\drivers\rasl2tp.sys
23:03:49.0455 4608 C:\Windows\System32\drivers\rasl2tp.sys - ok
23:03:49.0471 4608 [ 0E186E90404980569FB449BA7519AE61 ] C:\Windows\System32\drivers\ndistapi.sys
23:03:49.0471 4608 C:\Windows\System32\drivers\ndistapi.sys - ok
23:03:49.0486 4608 [ 818F648618AE34F729FDB47EC68345C3 ] C:\Windows\System32\drivers\ndiswan.sys
23:03:49.0486 4608 C:\Windows\System32\drivers\ndiswan.sys - ok
23:03:49.0486 4608 [ 509A98DD18AF4375E1FC40BC175F1DEF ] C:\Windows\System32\drivers\raspppoe.sys
23:03:49.0486 4608 C:\Windows\System32\drivers\raspppoe.sys - ok
23:03:49.0502 4608 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] C:\Windows\System32\drivers\raspptp.sys
23:03:49.0502 4608 C:\Windows\System32\drivers\raspptp.sys - ok
23:03:49.0518 4608 [ 2005F4A1E05FA09389AC85840F0A9E4D ] C:\Windows\System32\drivers\rassstp.sys
23:03:49.0518 4608 C:\Windows\System32\drivers\rassstp.sys - ok
23:03:49.0518 4608 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] C:\Windows\System32\drivers\termdd.sys
23:03:49.0518 4608 C:\Windows\System32\drivers\termdd.sys - ok
23:03:49.0533 4608 [ 37605E0A8CF00CBBA538E753E4344C6E ] C:\Windows\System32\drivers\kbdclass.sys
23:03:49.0533 4608 C:\Windows\System32\drivers\kbdclass.sys - ok
23:03:49.0549 4608 [ 5BF6A1326A335C5298477754A506D263 ] C:\Windows\System32\drivers\mouclass.sys
23:03:49.0549 4608 C:\Windows\System32\drivers\mouclass.sys - ok
23:03:49.0549 4608 [ EF73C1E29FBE7B0FD0274BF4394E346A ] C:\Windows\System32\drivers\ks.sys
23:03:49.0549 4608 C:\Windows\System32\drivers\ks.sys - ok
23:03:49.0564 4608 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] C:\Windows\System32\drivers\swenum.sys
23:03:49.0564 4608 C:\Windows\System32\drivers\swenum.sys - ok
23:03:49.0580 4608 [ E384487CB84BE41D09711C30CA79646C ] C:\Windows\System32\drivers\mssmbios.sys
23:03:49.0580 4608 C:\Windows\System32\drivers\mssmbios.sys - ok
23:03:49.0580 4608 [ 32CFF9F809AE9AED85464492BF3E32D2 ] C:\Windows\System32\drivers\umbus.sys
23:03:49.0580 4608 C:\Windows\System32\drivers\umbus.sys - ok
23:03:49.0596 4608 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] C:\Windows\System32\drivers\usbhub.sys
23:03:49.0596 4608 C:\Windows\System32\drivers\usbhub.sys - ok
23:03:49.0611 4608 [ 71DAB552B41936358F3B541AE5997FB3 ] C:\Windows\System32\drivers\ndproxy.sys
23:03:49.0611 4608 C:\Windows\System32\drivers\ndproxy.sys - ok
23:03:49.0611 4608 [ 7BE5A3C671A2CB56E94403BFC2020A0D ] C:\Windows\System32\drivers\drmk.sys
23:03:49.0611 4608 C:\Windows\System32\drivers\drmk.sys - ok
23:03:49.0627 4608 [ 218286724EC530FF252648369E05B090 ] C:\Windows\System32\drivers\portcls.sys
23:03:49.0627 4608 C:\Windows\System32\drivers\portcls.sys - ok
23:03:49.0642 4608 [ F8F53C5449F15B23D4C61D51D2701DA8 ] C:\Windows\System32\drivers\RTKVHDA.sys
23:03:49.0642 4608 C:\Windows\System32\drivers\RTKVHDA.sys - ok
23:03:49.0642 4608 [ 3AF684252780CF87DC2809F85B8F7591 ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys
23:03:49.0642 4608 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys - ok
23:03:49.0658 4608 [ B972A66758577E0BFD1DE0F91AAA27B5 ] C:\Windows\System32\drivers\fs_rec.sys
23:03:49.0658 4608 C:\Windows\System32\drivers\fs_rec.sys - ok
23:03:49.0674 4608 [ C5DBBCDA07D780BDA9B685DF333BB41E ] C:\Windows\System32\drivers\null.sys
23:03:49.0674 4608 C:\Windows\System32\drivers\null.sys - ok
23:03:49.0674 4608 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] C:\Windows\System32\drivers\beep.sys
23:03:49.0674 4608 C:\Windows\System32\drivers\beep.sys - ok
23:03:49.0689 4608 [ 77FE51F0F8D86804CB81F6EF6BFB86DD ] C:\Windows\System32\drivers\DLARTL_M.SYS
23:03:49.0689 4608 C:\Windows\System32\drivers\DLARTL_M.SYS - ok
23:03:49.0705 4608 [ 175444D3A01CA45D0E1C5DC5F48DF7CD ] C:\Windows\System32\drivers\hidparse.sys
23:03:49.0705 4608 C:\Windows\System32\drivers\hidparse.sys - ok
23:03:49.0720 4608 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] C:\Windows\System32\drivers\kbdhid.sys
23:03:49.0720 4608 C:\Windows\System32\drivers\kbdhid.sys - ok
23:03:49.0720 4608 [ 2E93AC0A1D8C79D019DB6C51F036636C ] C:\Windows\System32\drivers\vga.sys
23:03:49.0720 4608 C:\Windows\System32\drivers\vga.sys - ok
23:03:49.0736 4608 [ C048D2C33D27441A0CDCAAE2651EB03D ] C:\Windows\System32\drivers\videoprt.sys
23:03:49.0736 4608 C:\Windows\System32\drivers\videoprt.sys - ok
23:03:49.0752 4608 [ CAF811AE4C147FFCD5B51750C7F09142 ] C:\Windows\System32\drivers\usbccgp.sys
23:03:49.0752 4608 C:\Windows\System32\drivers\usbccgp.sys - ok
23:03:49.0752 4608 [ 790FDAC6D0C762DF9047C3C625A6FF6C ] C:\Windows\System32\drivers\usbd.sys
23:03:49.0752 4608 C:\Windows\System32\drivers\usbd.sys - ok
23:03:49.0767 4608 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] C:\Windows\System32\drivers\RDPCDD.sys
23:03:49.0767 4608 C:\Windows\System32\drivers\RDPCDD.sys - ok
23:03:49.0783 4608 [ 9D91FE5286F748862ECFFA05F8A0710C ] C:\Windows\System32\drivers\RDPENCDD.sys
23:03:49.0783 4608 C:\Windows\System32\drivers\RDPENCDD.sys - ok
23:03:49.0783 4608 [ A9927F4A46B816C92F461ACB90CF8515 ] C:\Windows\System32\drivers\msfs.sys
23:03:49.0783 4608 C:\Windows\System32\drivers\msfs.sys - ok
23:03:49.0798 4608 [ E67998E8F14CB0627A769F6530BCB352 ] C:\Windows\System32\drivers\usbvideo.sys
23:03:49.0798 4608 C:\Windows\System32\drivers\usbvideo.sys - ok
23:03:49.0814 4608 [ D36F239D7CCE1931598E8FB90A0DBC26 ] C:\Windows\System32\drivers\npfs.sys
23:03:49.0814 4608 C:\Windows\System32\drivers\npfs.sys - ok
23:03:49.0814 4608 [ 32DB9517628FF0D070682AAB61E688F0 ] C:\Windows\System32\drivers\USBAUDIO.sys
23:03:49.0814 4608 C:\Windows\System32\drivers\USBAUDIO.sys - ok
23:03:49.0830 4608 [ 147D7F9C556D259924351FEB0DE606C3 ] C:\Windows\System32\drivers\rasacd.sys
23:03:49.0830 4608 C:\Windows\System32\drivers\rasacd.sys - ok
23:03:49.0845 4608 [ 76B06EB8A01FC8624D699E7045303E54 ] C:\Windows\System32\drivers\tdx.sys
23:03:49.0845 4608 C:\Windows\System32\drivers\tdx.sys - ok
23:03:49.0845 4608 [ 7B75299A4D201D6A6533603D6914AB04 ] C:\Windows\System32\drivers\smb.sys
23:03:49.0861 4608 C:\Windows\System32\drivers\smb.sys - ok
23:03:49.0861 4608 [ D4C83A37EFADFA2C398362E0776E3773 ] C:\Windows\System32\drivers\aswTdi.sys
23:03:49.0861 4608 C:\Windows\System32\drivers\aswTdi.sys - ok
23:03:49.0876 4608 [ 3911B972B55FEA0478476B2E777B29FA ] C:\Windows\System32\drivers\afd.sys
23:03:49.0876 4608 C:\Windows\System32\drivers\afd.sys - ok
23:03:49.0892 4608 [ 8080D683489C99CBACE813F6FA4069CC ] C:\Windows\System32\drivers\aswRdr.sys
23:03:49.0892 4608 C:\Windows\System32\drivers\aswRdr.sys - ok
23:03:49.0892 4608 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] C:\Windows\System32\drivers\netbt.sys
23:03:49.0892 4608 C:\Windows\System32\drivers\netbt.sys - ok
23:03:49.0908 4608 [ A508C9BD8724980512136B039BBA65E9 ] C:\Windows\System32\drivers\usbscan.sys
23:03:49.0908 4608 C:\Windows\System32\drivers\usbscan.sys - ok
23:03:49.0923 4608 [ E3A3CB253C0EC2494D4A61F5E43A389C ] C:\Windows\System32\drivers\ws2ifsl.sys
23:03:49.0923 4608 C:\Windows\System32\drivers\ws2ifsl.sys - ok
23:03:49.0923 4608 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] C:\Windows\System32\drivers\usbprint.sys
23:03:49.0923 4608 C:\Windows\System32\drivers\usbprint.sys - ok
23:03:49.0939 4608 [ 99514FAA8DF93D34B5589187DB3AA0BA ] C:\Windows\System32\drivers\pacer.sys
23:03:49.0939 4608 C:\Windows\System32\drivers\pacer.sys - ok
23:03:49.0954 4608 [ BE3DA31C191BC222D9AD503C5224F2AD ] C:\Windows\System32\drivers\USBSTOR.SYS
23:03:49.0954 4608 C:\Windows\System32\drivers\USBSTOR.SYS - ok
23:03:49.0970 4608 [ BCD093A5A6777CF626434568DC7DBA78 ] C:\Windows\System32\drivers\netbios.sys
23:03:49.0970 4608 C:\Windows\System32\drivers\netbios.sys - ok
23:03:49.0970 4608 [ 55201897378CCA7AF8B5EFD874374A26 ] C:\Windows\System32\drivers\wanarp.sys
23:03:49.0970 4608 C:\Windows\System32\drivers\wanarp.sys - ok
23:03:49.0986 4608 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] C:\Windows\System32\drivers\rdbss.sys
23:03:49.0986 4608 C:\Windows\System32\drivers\rdbss.sys - ok
23:03:49.0986 4608 [ 3DE33A522BB73E161F20D444687E978B ] C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
23:03:49.0986 4608 C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys - ok
23:03:50.0001 4608 [ 093B6A040BCF3FD4A0FFF397BAF28330 ] C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
23:03:50.0001 4608 C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys - ok
23:03:50.0017 4608 [ 5961CADB7CAD938368D2028725EF771D ] C:\Windows\System32\drivers\hidclass.sys
23:03:50.0017 4608 C:\Windows\System32\drivers\hidclass.sys - ok
23:03:50.0017 4608 [ CCA4B519B17E23A00B826C55716809CC ] C:\Windows\System32\drivers\hidusb.sys
23:03:50.0017 4608 C:\Windows\System32\drivers\hidusb.sys - ok
23:03:50.0032 4608 [ E2AA111B00F5205FFD52A57F48B4F642 ] C:\Windows\System32\drivers\RapportBuka.sys
23:03:50.0032 4608 C:\Windows\System32\drivers\RapportBuka.sys - ok
23:03:50.0048 4608 [ 609773E344A97410CE4EBF74A8914FCF ] C:\Windows\System32\drivers\nsiproxy.sys
23:03:50.0048 4608 C:\Windows\System32\drivers\nsiproxy.sys - ok
23:03:50.0048 4608 [ 622C41A07CA7E6DD91770F50D532CB6C ] C:\Windows\System32\drivers\dfsc.sys
23:03:50.0048 4608 C:\Windows\System32\drivers\dfsc.sys - ok
23:03:50.0064 4608 [ 2E5A2AD5004B55DF39B7606130A88142 ] C:\Windows\System32\drivers\aswSP.sys
23:03:50.0064 4608 C:\Windows\System32\drivers\aswSP.sys - ok
23:03:50.0079 4608 [ 93B8D4869E12CFBE663915502900876F ] C:\Windows\System32\drivers\mouhid.sys
23:03:50.0079 4608 C:\Windows\System32\drivers\mouhid.sys - ok
23:03:50.0079 4608 [ DDA770BBD7C2ED024D6F50E279D90E5B ] C:\Windows\System32\ntdll.dll
23:03:50.0079 4608 C:\Windows\System32\ntdll.dll - ok
23:03:50.0095 4608 [ 98AF15A94CD6AC37248E72E5FE789B35 ] C:\Windows\System32\smss.exe
23:03:50.0095 4608 C:\Windows\System32\smss.exe - ok
23:03:50.0110 4608 [ 10761177A6EBE45843F443E99509F5E7 ] C:\Windows\System32\autochk.exe
23:03:50.0110 4608 C:\Windows\System32\autochk.exe - ok
23:03:50.0110 4608 [ A64AEBC6C78B4CFD7F41A7277879DF8F ] C:\Windows\System32\nsi.dll
23:03:50.0110 4608 C:\Windows\System32\nsi.dll - ok
23:03:50.0126 4608 [ 75510147B94598407666F4802797C75A ] C:\Windows\System32\user32.dll
23:03:50.0126 4608 C:\Windows\System32\user32.dll - ok
23:03:50.0142 4608 [ 9176285122B7B849FEC2AA1B72A8F7A8 ] C:\Windows\System32\shlwapi.dll
23:03:50.0142 4608 C:\Windows\System32\shlwapi.dll - ok
23:03:50.0142 4608 [ B218342214D9BBA0F54EA12BA2E9278C ] C:\Windows\System32\oleaut32.dll
23:03:50.0142 4608 C:\Windows\System32\oleaut32.dll - ok
23:03:50.0157 4608 [ 50CAA7072C171B9887215C83D52069E4 ] C:\Windows\System32\advapi32.dll
23:03:50.0157 4608 C:\Windows\System32\advapi32.dll - ok
23:03:50.0157 4608 [ AAF101900A23D75AE1AE00840FA6F3B8 ] C:\Windows\System32\shell32.dll
23:03:50.0157 4608 C:\Windows\System32\shell32.dll - ok
23:03:50.0173 4608 [ EB0E02749CE5C488741C9A0ABEAB5DEC ] C:\Windows\System32\lpk.dll
23:03:50.0173 4608 C:\Windows\System32\lpk.dll - ok
23:03:50.0188 4608 [ EB49FAA5EBBC06356FB12476438781B9 ] C:\Windows\System32\imagehlp.dll
23:03:50.0188 4608 C:\Windows\System32\imagehlp.dll - ok
23:03:50.0204 4608 [ C8BDCECEE082B54F0BAC838BF0A34597 ] C:\Windows\System32\imm32.dll
23:03:50.0204 4608 C:\Windows\System32\imm32.dll - ok
23:03:50.0204 4608 [ B8A609FB5EFB4E44FC1355B1C01C64BC ] C:\Windows\System32\Wldap32.dll
23:03:50.0204 4608 C:\Windows\System32\Wldap32.dll - ok
23:03:50.0220 4608 [ DC3105CC925A0D47F61B54E66AB730FC ] C:\Windows\System32\kernel32.dll
23:03:50.0220 4608 C:\Windows\System32\kernel32.dll - ok
23:03:50.0235 4608 [ 80FFF14F1757B9AF8BE9D314FC1AE88B ] C:\Windows\System32\usp10.dll
23:03:50.0235 4608 C:\Windows\System32\usp10.dll - ok
23:03:50.0235 4608 [ E3C3BD69701CE6B7B17101E4F7740534 ] C:\Windows\System32\msctf.dll
23:03:50.0235 4608 C:\Windows\System32\msctf.dll - ok
23:03:50.0251 4608 [ 551F51B66E5EA87A38D8197EB3BDB57A ] C:\Windows\System32\setupapi.dll
23:03:50.0251 4608 C:\Windows\System32\setupapi.dll - ok
23:03:50.0251 4608 [ E2281CFF793D7A09CE2B35F9F8732EE3 ] C:\Windows\System32\rpcrt4.dll
23:03:50.0251 4608 C:\Windows\System32\rpcrt4.dll - ok
23:03:50.0266 4608 [ 7FA3A810F383588D46220967DE8B64FF ] C:\Windows\System32\wininet.dll
23:03:50.0266 4608 C:\Windows\System32\wininet.dll - ok
23:03:50.0282 4608 [ 7856E3B4594714EF89BB97375E8644EE ] C:\Windows\System32\gdi32.dll
23:03:50.0282 4608 C:\Windows\System32\gdi32.dll - ok
23:03:50.0282 4608 [ 4AA2A0E26CEF1A803741253DCF9A1503 ] C:\Windows\System32\comdlg32.dll
23:03:50.0282 4608 C:\Windows\System32\comdlg32.dll - ok
23:03:50.0298 4608 [ C394079EB162E812D682C73FA96AF6E4 ] C:\Windows\System32\clbcatq.dll
23:03:50.0298 4608 C:\Windows\System32\clbcatq.dll - ok
23:03:50.0313 4608 [ 780E80E5502015EDAEC91DC0A0C96A79 ] C:\Windows\System32\iertutil.dll
23:03:50.0313 4608 C:\Windows\System32\iertutil.dll - ok
23:03:50.0313 4608 [ 17AF64D727545F2804F6E6D998327E3F ] C:\Windows\System32\msvcrt.dll
23:03:50.0313 4608 C:\Windows\System32\msvcrt.dll - ok
23:03:50.0329 4608 [ 6F29236AB5926100972924BD29D9D225 ] C:\Windows\System32\normaliz.dll
23:03:50.0329 4608 C:\Windows\System32\normaliz.dll - ok
23:03:50.0344 4608 [ 4266A3230981DD4434C55957F6DD497D ] C:\Windows\System32\urlmon.dll
23:03:50.0344 4608 C:\Windows\System32\urlmon.dll - ok
23:03:50.0344 4608 [ 9586E7CB2255A8B097A7E4538202585E ] C:\Windows\System32\ole32.dll
23:03:50.0344 4608 C:\Windows\System32\ole32.dll - ok
23:03:50.0360 4608 [ DC8891A9203810FC994E7FCCF76E94C8 ] C:\Windows\System32\comctl32.dll
23:03:50.0360 4608 C:\Windows\System32\comctl32.dll - ok
23:03:50.0360 4608 [ 93A1732F7F997E36A5C3893539E2FF02 ] C:\Windows\System32\psapi.dll
23:03:50.0360 4608 C:\Windows\System32\psapi.dll - ok
23:03:50.0376 4608 [ B304D47D5744BA20FCB99FB8B2C07B0B ] C:\Windows\System32\ws2_32.dll
23:03:50.0376 4608 C:\Windows\System32\ws2_32.dll - ok
23:03:50.0391 4608 [ EAAAFEF04FBB45665C9576E525D45A12 ] C:\Windows\System32\drivers\dxapi.sys
23:03:50.0391 4608 C:\Windows\System32\drivers\dxapi.sys - ok
23:03:50.0391 4608 [ F167606EC2C01D804FC72F8F84E73E19 ] C:\Windows\System32\win32k.sys
23:03:50.0391 4608 C:\Windows\System32\win32k.sys - ok
23:03:50.0407 4608 [ 187076DD5D8D4D5D23079D0741195EAD ] C:\Windows\System32\csrsrv.dll
23:03:50.0407 4608 C:\Windows\System32\csrsrv.dll - ok
23:03:50.0422 4608 [ ABCA209EBA02CB59233614DB83B4F50D ] C:\Windows\System32\csrss.exe
23:03:50.0422 4608 C:\Windows\System32\csrss.exe - ok
23:03:50.0422 4608 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\System32\basesrv.dll
23:03:50.0422 4608 C:\Windows\System32\basesrv.dll - ok
23:03:50.0438 4608 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\System32\winsrv.dll
23:03:50.0438 4608 C:\Windows\System32\winsrv.dll - ok
23:03:50.0454 4608 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] C:\Windows\System32\drivers\monitor.sys
23:03:50.0454 4608 C:\Windows\System32\drivers\monitor.sys - ok
23:03:50.0454 4608 [ CC21507D246861671A0BF97E75CE1B00 ] C:\Windows\System32\tsddd.dll
23:03:50.0454 4608 C:\Windows\System32\tsddd.dll - ok
23:03:50.0469 4608 [ D602FEDBD9155FC2DED6863FB60C950F ] C:\Windows\System32\secur32.dll
23:03:50.0469 4608 C:\Windows\System32\secur32.dll - ok
23:03:50.0469 4608 [ 665417528489096BBCB8AEA46D3DA924 ] C:\Windows\System32\userenv.dll
23:03:50.0469 4608 C:\Windows\System32\userenv.dll - ok
23:03:50.0485 4608 [ 101BA3EA053480BB5D957EF37C06B5ED ] C:\Windows\System32\wininit.exe
23:03:50.0485 4608 C:\Windows\System32\wininit.exe - ok
23:03:50.0500 4608 [ C2383A7FA2608D384ACAE1CDDE19A9F2 ] C:\Windows\System32\KBDUK.DLL
23:03:50.0500 4608 C:\Windows\System32\KBDUK.DLL - ok
23:03:50.0500 4608 [ 1107BD574A84367735FEC38B9BD64E6B ] C:\Windows\System32\apphelp.dll
23:03:50.0500 4608 C:\Windows\System32\apphelp.dll - ok
23:03:50.0516 4608 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\System32\services.exe
23:03:50.0516 4608 C:\Windows\System32\services.exe - ok
23:03:50.0516 4608 [ 92283D9E33EC5F41ECC0B430B7459241 ] C:\Windows\System32\WlS0WndH.dll
23:03:50.0516 4608 C:\Windows\System32\WlS0WndH.dll - ok
23:03:50.0532 4608 [ BE6FAC6F0745C67DAE7522C96406D083 ] C:\Windows\System32\sxs.dll
23:03:50.0532 4608 C:\Windows\System32\sxs.dll - ok
23:03:50.0547 4608 [ CF9F5BBC2740C41DD471278C41B91F5F ] C:\Windows\System32\cdd.dll
23:03:50.0547 4608 C:\Windows\System32\cdd.dll - ok
23:03:50.0547 4608 [ A3E186B4B935905B829219502557314E ] C:\Windows\System32\lsass.exe
23:03:50.0547 4608 C:\Windows\System32\lsass.exe - ok
23:03:50.0563 4608 [ 178FAC2B7C66E9A4400CE7AC37623E3F ] C:\Windows\System32\lsasrv.dll
23:03:50.0563 4608 C:\Windows\System32\lsasrv.dll - ok
23:03:50.0578 4608 [ 4774AD6C447E02E954BD9A793614EBEC ] C:\Windows\System32\lsm.exe
23:03:50.0578 4608 C:\Windows\System32\lsm.exe - ok
23:03:50.0578 4608 [ D90911B3FA05D7B930C1286084B404DE ] C:\Windows\System32\scesrv.dll
23:03:50.0578 4608 C:\Windows\System32\scesrv.dll - ok
23:03:50.0594 4608 [ 71F5A7104FDF16C0AC5283A6CE666553 ] C:\Windows\System32\sysntfy.dll
23:03:50.0594 4608 C:\Windows\System32\sysntfy.dll - ok
23:03:50.0610 4608 [ F0321DA5203F1E71917F3B7A13DC4912 ] C:\Windows\System32\wmsgapi.dll
23:03:50.0610 4608 C:\Windows\System32\wmsgapi.dll - ok
23:03:50.0610 4608 [ 1AE011BB950A5E0B05023D2AFEC3666D ] C:\Windows\System32\authz.dll
23:03:50.0610 4608 C:\Windows\System32\authz.dll - ok
23:03:50.0625 4608 [ 98B656EAF128CD06F625B09C84D959E1 ] C:\Windows\System32\netapi32.dll
23:03:50.0625 4608 C:\Windows\System32\netapi32.dll - ok
23:03:50.0625 4608 [ 7808BF0E367ED7348808879CEF482AB3 ] C:\Windows\System32\samsrv.dll
23:03:50.0625 4608 C:\Windows\System32\samsrv.dll - ok
23:03:50.0641 4608 [ 2FA16465F64DB54B1F7F511395EB4FD7 ] C:\Windows\System32\ncobjapi.dll
23:03:50.0641 4608 C:\Windows\System32\ncobjapi.dll - ok
23:03:50.0656 4608 [ 459B48188494490707DCA8BAA91AA185 ] C:\Windows\System32\cryptdll.dll
23:03:50.0656 4608 C:\Windows\System32\cryptdll.dll - ok
23:03:50.0656 4608 [ 85E861D0B88DB2B54ACB0839654C09F7 ] C:\Windows\System32\dnsapi.dll
23:03:50.0656 4608 C:\Windows\System32\dnsapi.dll - ok
23:03:50.0672 4608 [ EE2FF9A3FC4404234BE3B7C6AA383AF8 ] C:\Windows\System32\msasn1.dll
23:03:50.0672 4608 C:\Windows\System32\msasn1.dll - ok
23:03:50.0688 4608 [ 7F0F1D4B0D847696F8E309423D227DCE ] C:\Windows\System32\ntdsapi.dll
23:03:50.0688 4608 C:\Windows\System32\ntdsapi.dll - ok
23:03:50.0688 4608 [ 453DE2958C885527E20C79A3FEFE6AF7 ] C:\Windows\System32\samlib.dll
23:03:50.0688 4608 C:\Windows\System32\samlib.dll - ok
23:03:50.0703 4608 [ B0F9073BE86C6D4EDD4EBA674251E699 ] C:\Windows\System32\crypt32.dll
23:03:50.0703 4608 C:\Windows\System32\crypt32.dll - ok
23:03:50.0719 4608 [ 965AC9FBF2C67231C157E99C03C58D24 ] C:\Windows\System32\feclient.dll
23:03:50.0719 4608 C:\Windows\System32\feclient.dll - ok
23:03:50.0719 4608 [ 1F94EA31C9543B855F53BDAC7792DA4E ] C:\Windows\System32\mpr.dll
23:03:50.0719 4608 C:\Windows\System32\mpr.dll - ok
23:03:50.0734 4608 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] C:\Windows\System32\aelupsvc.dll
23:03:50.0734 4608 C:\Windows\System32\aelupsvc.dll - ok
23:03:50.0750 4608 [ A1545B731579895D8CC44FC0481C1192 ] C:\Windows\System32\alg.exe
23:03:50.0750 4608 C:\Windows\System32\alg.exe - ok
23:03:50.0750 4608 [ C6DF7A87063D006ECF1FD8156CB6DE3F ] C:\Windows\System32\SLC.dll
23:03:50.0750 4608 C:\Windows\System32\SLC.dll - ok
23:03:50.0766 4608 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] C:\Windows\System32\appinfo.dll
23:03:50.0766 4608 C:\Windows\System32\appinfo.dll - ok
23:03:50.0781 4608 [ 898E7C06A350D4A1A64A9EA264D55452 ] C:\Windows\System32\winlogon.exe
23:03:50.0781 4608 C:\Windows\System32\winlogon.exe - ok
23:03:50.0781 4608 [ 4AAFC7461633848AA87A363B2CBEC522 ] C:\Windows\System32\winsta.dll
23:03:50.0781 4608 C:\Windows\System32\winsta.dll - ok
23:03:50.0797 4608 [ 4DE3C4D07BAFDE616EFA0ADE076CBAC2 ] C:\Windows\System32\wevtapi.dll
23:03:50.0797 4608 C:\Windows\System32\wevtapi.dll - ok
23:03:50.0797 4608 [ 68E2A1A0407A66CF50DA0300852424AB ] C:\Windows\System32\audiosrv.dll
23:03:50.0797 4608 C:\Windows\System32\audiosrv.dll - ok
23:03:50.0812 4608 [ 4FE8425F21B3F0F8C4B4726351D43EAA ] C:\Windows\System32\IPHLPAPI.DLL
23:03:50.0812 4608 C:\Windows\System32\IPHLPAPI.DLL - ok
23:03:50.0828 4608 [ C789AF0F724FDA5852FB9A7D3A432381 ] C:\Windows\System32\BFE.DLL
23:03:50.0828 4608 C:\Windows\System32\BFE.DLL - ok
23:03:50.0828 4608 [ 9028559C132146FB75EB7ACF384B086A ] C:\Windows\System32\dhcpcsvc.dll
23:03:50.0828 4608 C:\Windows\System32\dhcpcsvc.dll - ok
23:03:50.0844 4608 [ 6B09105742C75DF80CEF21700F20F55A ] C:\Windows\System32\winnsi.dll
23:03:50.0844 4608 C:\Windows\System32\winnsi.dll - ok
23:03:50.0859 4608 [ DFB6B71CDABA9DFB49C9D2B318B97A1A ] C:\Windows\System32\dhcpcsvc6.dll
23:03:50.0859 4608 C:\Windows\System32\dhcpcsvc6.dll - ok
23:03:50.0859 4608 [ 7F15B4953378C8B5161D65C26D5FED4D ] C:\Windows\System32\cngaudit.dll
23:03:50.0859 4608 C:\Windows\System32\cngaudit.dll - ok
23:03:50.0875 4608 [ 188CC19108B0EBD6332D6628D4EDE469 ] C:\Windows\System32\ncrypt.dll
23:03:50.0875 4608 C:\Windows\System32\ncrypt.dll - ok
23:03:50.0875 4608 [ 93952506C6D67330367F7E7934B6A02F ] C:\Windows\System32\qmgr.dll
23:03:50.0875 4608 C:\Windows\System32\qmgr.dll - ok
23:03:50.0890 4608 [ DE0DD9AE3430F84A96B5501112A696BE ] C:\Windows\System32\bcrypt.dll
23:03:50.0890 4608 C:\Windows\System32\bcrypt.dll - ok
23:03:50.0906 4608 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] C:\Windows\System32\browser.dll
23:03:50.0906 4608 C:\Windows\System32\browser.dll - ok
23:03:50.0906 4608 [ 312EC3E37A0A1F2006534913E37B4423 ] C:\Windows\System32\certprop.dll
23:03:50.0906 4608 C:\Windows\System32\certprop.dll - ok
23:03:50.0922 4608 [ 4211249955AF9133E2E357CC92B54DFD ] C:\Windows\System32\comres.dll
23:03:50.0922 4608 C:\Windows\System32\comres.dll - ok
23:03:50.0937 4608 [ 26F139DDEC6407508071930D3D07337E ] C:\Windows\System32\credssp.dll
23:03:50.0937 4608 C:\Windows\System32\credssp.dll - ok
23:03:50.0937 4608 [ ABE9EEA1EABEA0711610A637A7B1C25D ] C:\Windows\System32\msprivs.dll
23:03:50.0937 4608 C:\Windows\System32\msprivs.dll - ok
23:03:50.0953 4608 [ F1E8C34892336D33EDDCDFE44E474F64 ] C:\Windows\System32\cryptsvc.dll
23:03:50.0953 4608 C:\Windows\System32\cryptsvc.dll - ok
23:03:50.0968 4608 [ AA01497884F9CBAC89470120AF78D2B1 ] C:\Windows\System32\kerberos.dll
23:03:50.0968 4608 C:\Windows\System32\kerberos.dll - ok
23:03:50.0968 4608 [ 74F380C8EC8813626C670D46E8A714D1 ] C:\Windows\System32\dfsrres.dll
23:03:50.0968 4608 C:\Windows\System32\dfsrres.dll - ok
23:03:50.0984 4608 [ 08D6D1692B62C9EE4062E1FA04D8FE2F ] C:\Windows\System32\oleres.dll
23:03:50.0984 4608 C:\Windows\System32\oleres.dll - ok
23:03:51.0000 4608 [ 22CFAEB9172F5F198048401485CD0571 ] C:\Windows\System32\WSHTCPIP.DLL
23:03:51.0000 4608 C:\Windows\System32\WSHTCPIP.DLL - ok
23:03:51.0000 4608 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] C:\Windows\System32\dot3svc.dll
23:03:51.0000 4608 C:\Windows\System32\dot3svc.dll - ok
23:03:51.0015 4608 [ 9E80FF0752E365F97FD2D1D68C2AFDA1 ] C:\Windows\System32\wship6.dll
23:03:51.0015 4608 C:\Windows\System32\wship6.dll - ok
23:03:51.0031 4608 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] C:\Windows\System32\dps.dll
23:03:51.0031 4608 C:\Windows\System32\dps.dll - ok
23:03:51.0031 4608 [ 05C3B38DB95BA5585817A4F898EE5581 ] C:\Windows\System32\wshqos.dll
23:03:51.0031 4608 C:\Windows\System32\wshqos.dll - ok
23:03:51.0046 4608 [ 9BE3744D295A7701EB425332014F0797 ] C:\Windows\ehome\ehrecvr.exe
23:03:51.0046 4608 C:\Windows\ehome\ehrecvr.exe - ok
23:03:51.0046 4608 [ C0B95E40D85CD807D614E264248A45B9 ] C:\Windows\System32\eapsvc.dll
23:03:51.0046 4608 C:\Windows\System32\eapsvc.dll - ok
23:03:51.0062 4608 [ FC62A635063B762E1C3C60EA77279378 ] C:\Windows\System32\NapiNSP.dll
23:03:51.0062 4608 C:\Windows\System32\NapiNSP.dll - ok
23:03:51.0078 4608 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] C:\Windows\System32\nlasvc.dll
23:03:51.0078 4608 C:\Windows\System32\nlasvc.dll - ok
23:03:51.0078 4608 [ 690D41DF1D555F96D4898A0F54EBA065 ] C:\Windows\System32\pnrpnsp.dll
23:03:51.0078 4608 C:\Windows\System32\pnrpnsp.dll - ok
23:03:51.0093 4608 [ AD1870C8E5D6DD340C829E6074BF3C3F ] C:\Windows\ehome\ehsched.exe
23:03:51.0093 4608 C:\Windows\ehome\ehsched.exe - ok
23:03:51.0109 4608 [ 8617350C9B590B63E620881092751BCB ] C:\Windows\System32\mswsock.dll
23:03:51.0109 4608 C:\Windows\System32\mswsock.dll - ok
23:03:51.0109 4608 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] C:\Windows\ehome\ehstart.dll
23:03:51.0109 4608 C:\Windows\ehome\ehstart.dll - ok
23:03:51.0124 4608 [ 4ABCE74D012971305249E45E095E9EA6 ] C:\Windows\System32\msv1_0.dll
23:03:51.0124 4608 C:\Windows\System32\msv1_0.dll - ok
23:03:51.0124 4608 [ 4E6B23DFC917EA39306B529B773950F4 ] C:\Windows\System32\emdmgmt.dll
23:03:51.0124 4608 C:\Windows\System32\emdmgmt.dll - ok
23:03:51.0140 4608 [ 95DAECF0FB120A7B5DA679CC54E37DDE ] C:\Windows\System32\netlogon.dll
23:03:51.0140 4608 C:\Windows\System32\netlogon.dll - ok
23:03:51.0156 4608 [ A1B40A28F38D27A7E3229EE4C7064434 ] C:\Windows\System32\wevtsvc.dll
23:03:51.0156 4608 C:\Windows\System32\wevtsvc.dll - ok
23:03:51.0156 4608 [ 72910BC4A218C49EA8E43D1FAEC403A5 ] C:\Windows\System32\winbrand.dll
23:03:51.0156 4608 C:\Windows\System32\winbrand.dll - ok
23:03:51.0171 4608 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] C:\Windows\System32\fdPHost.dll
23:03:51.0171 4608 C:\Windows\System32\fdPHost.dll - ok
23:03:51.0187 4608 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] C:\Windows\System32\FDResPub.dll
23:03:51.0187 4608 C:\Windows\System32\FDResPub.dll - ok
23:03:51.0187 4608 [ 50E3E76B0901BB4FC029BB88BFA5CE79 ] C:\Windows\System32\schannel.dll
23:03:51.0187 4608 C:\Windows\System32\schannel.dll - ok
23:03:51.0202 4608 [ 8CE364388C8ECA59B14B539179276D44 ] C:\Windows\System32\FntCache.dll
23:03:51.0202 4608 C:\Windows\System32\FntCache.dll - ok
23:03:51.0218 4608 [ 93620229F3CC3B67A3528BF39F064C30 ] C:\Windows\System32\wdigest.dll
23:03:51.0218 4608 C:\Windows\System32\wdigest.dll - ok
23:03:51.0218 4608 [ 302964DCAC79D618CC7B72C778DA9FD2 ] C:\Windows\System32\PresentationHost.exe
23:03:51.0218 4608 C:\Windows\System32\PresentationHost.exe - ok
23:03:51.0234 4608 [ E14170AEA125119B98FA2BDE3FF4F462 ] C:\Windows\System32\rsaenh.dll
23:03:51.0234 4608 C:\Windows\System32\rsaenh.dll - ok
23:03:51.0249 4608 [ F8873D15018F411588BEC02C1725BADA ] C:\Windows\System32\TSpkg.dll
23:03:51.0249 4608 C:\Windows\System32\TSpkg.dll - ok
23:03:51.0265 4608 [ 0F420E81062757EA8363CBACD4D40D6D ] C:\Windows\System32\gpapi.dll
23:03:51.0265 4608 C:\Windows\System32\gpapi.dll - ok
23:03:51.0265 4608 [ 84067081F3318162797385E11A8F0582 ] C:\Windows\System32\hidserv.dll
23:03:51.0265 4608 C:\Windows\System32\hidserv.dll - ok
23:03:51.0280 4608 [ D8AD255B37DA92434C26E4876DB7D418 ] C:\Windows\System32\KMSVC.DLL
23:03:51.0280 4608 C:\Windows\System32\KMSVC.DLL - ok
23:03:51.0296 4608 [ 05586F5438AB0DA4F5149159E0E5FD4B ] C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll
23:03:51.0296 4608 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll - ok
23:03:51.0296 4608 [ 9908D8A397B76CD8D31D0D383C5773C9 ] C:\Windows\System32\IKEEXT.DLL
23:03:51.0296 4608 C:\Windows\System32\IKEEXT.DLL - ok
23:03:51.0312 4608 [ 9AC218C6E6105477484C6FDBE7D409A4 ] C:\Windows\System32\IPBusEnum.dll
23:03:51.0312 4608 C:\Windows\System32\IPBusEnum.dll - ok
23:03:51.0312 4608 [ 3464DAE0E801F5A81A23C571D86F30B2 ] C:\Windows\System32\rascfg.dll
23:03:51.0312 4608 C:\Windows\System32\rascfg.dll - ok
23:03:51.0327 4608 [ 1998BD97F950680BB55F55A7244679C2 ] C:\Windows\System32\iphlpsvc.dll
23:03:51.0327 4608 C:\Windows\System32\iphlpsvc.dll - ok
23:03:51.0343 4608 [ 74C2F29CC612B2B34231BEBD824D2FB2 ] C:\Windows\System32\keyiso.dll
23:03:51.0343 4608 C:\Windows\System32\keyiso.dll - ok
23:03:51.0343 4608 [ 1BF5EEBFD518DD7298434D8C862F825D ] C:\Windows\System32\srvsvc.dll
23:03:51.0343 4608 C:\Windows\System32\srvsvc.dll - ok
23:03:51.0358 4608 [ 1DB69705B695B987082C8BAEC0C6B34F ] C:\Windows\System32\wkssvc.dll
23:03:51.0358 4608 C:\Windows\System32\wkssvc.dll - ok
23:03:51.0358 4608 [ 132F6237FA3BF3E9715F63A1CCF72BF1 ] C:\Windows\ehome\ehres.dll
23:03:51.0358 4608 C:\Windows\ehome\ehres.dll - ok
23:03:51.0374 4608 [ FA0593D936C9B95FB6FAA32AD1595D49 ] C:\Windows\System32\lltdres.dll
23:03:51.0374 4608 C:\Windows\System32\lltdres.dll - ok
23:03:51.0390 4608 [ 35D40113E4A5B961B6CE5C5857702518 ] C:\Windows\System32\lmhsvc.dll
23:03:51.0390 4608 C:\Windows\System32\lmhsvc.dll - ok
23:03:51.0390 4608 [ 95F1EB99B81CFD6F581C85F0A0AA9B2B ] C:\Windows\System32\FirewallAPI.dll
23:03:51.0390 4608 C:\Windows\System32\FirewallAPI.dll - ok
23:03:51.0405 4608 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] C:\Windows\System32\mmcss.dll
23:03:51.0405 4608 C:\Windows\System32\mmcss.dll - ok
23:03:51.0421 4608 [ EA822412BBBA9B7D2B1A3748AD50EFB8 ] C:\Windows\System32\iscsidsc.dll
23:03:51.0421 4608 C:\Windows\System32\iscsidsc.dll - ok
23:03:51.0421 4608 [ ED21401F1E2F6BC2F54C462BB66D0D6B ] C:\Windows\System32\msimsg.dll
23:03:51.0421 4608 C:\Windows\System32\msimsg.dll - ok
23:03:51.0436 4608 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] C:\Windows\System32\QAGENTRT.DLL
23:03:51.0436 4608 C:\Windows\System32\QAGENTRT.DLL - ok
23:03:51.0452 4608 [ C8052711DAECC48B982434C5116CA401 ] C:\Windows\System32\netman.dll
23:03:51.0452 4608 C:\Windows\System32\netman.dll - ok
23:03:51.0452 4608 [ ED640F4CE585058119B824CC76591D9C ] C:\Windows\System32\netprof.dll
23:03:51.0452 4608 C:\Windows\System32\netprof.dll - ok
23:03:51.0468 4608 [ CA461A203EF40A98C1C23DE3CBEE68B2 ] C:\Program Files\Microsoft Security Client\MpAsDesc.dll
23:03:51.0468 4608 C:\Program Files\Microsoft Security Client\MpAsDesc.dll - ok
23:03:51.0483 4608 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] C:\Windows\System32\nsisvc.dll
23:03:51.0483 4608 C:\Windows\System32\nsisvc.dll - ok
23:03:51.0483 4608 [ 0C8E8E61AD1EB0B250B846712C917506 ] C:\Windows\System32\p2psvc.dll
23:03:51.0483 4608 C:\Windows\System32\p2psvc.dll - ok
23:03:51.0499 4608 [ C6276AD11F4BB49B58AA1ED88537F14A ] C:\Windows\System32\pcasvc.dll
23:03:51.0499 4608 C:\Windows\System32\pcasvc.dll - ok
23:03:51.0514 4608 [ B1689DF169143F57053F795390C99DB3 ] C:\Windows\System32\pla.dll
23:03:51.0514 4608 C:\Windows\System32\pla.dll - ok
23:03:51.0514 4608 [ C5E7F8A996EC0A82D508FD9064A5569E ] C:\Windows\System32\umpnpmgr.dll
23:03:51.0514 4608 C:\Windows\System32\umpnpmgr.dll - ok
23:03:51.0530 4608 [ 64B28D672B5B6A01E87B0C3096B1E047 ] C:\Windows\System32\polstore.dll
23:03:51.0530 4608 C:\Windows\System32\polstore.dll - ok
23:03:51.0530 4608 [ 0508FAA222D28835310B7BFCA7A77346 ] C:\Windows\System32\profsvc.dll
23:03:51.0530 4608 C:\Windows\System32\profsvc.dll - ok
23:03:51.0546 4608 [ 08F9134A2215B7ED985409A4DF60AC60 ] C:\Windows\System32\psbase.dll
23:03:51.0546 4608 C:\Windows\System32\psbase.dll - ok
23:03:51.0561 4608 [ E9ECAE663F47E6CB43962D18AB18890F ] C:\Windows\System32\qwave.dll
23:03:51.0561 4608 C:\Windows\System32\qwave.dll - ok
23:03:51.0561 4608 [ 9F5E0E1926014D17486901C88ECA2DB7 ] C:\Windows\System32\drivers\qwavedrv.sys
23:03:51.0561 4608 C:\Windows\System32\drivers\qwavedrv.sys - ok
23:03:51.0577 4608 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] C:\Windows\System32\rasauto.dll
23:03:51.0577 4608 C:\Windows\System32\rasauto.dll - ok
23:03:51.0577 4608 [ 75D47445D70CA6F9F894B032FBC64FCF ] C:\Windows\System32\rasmans.dll
23:03:51.0577 4608 C:\Windows\System32\rasmans.dll - ok

End of post 1

#13 PhilCo3631

PhilCo3631
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 04 January 2013 - 06:44 PM

This is the second post due to length of TDSS report - please see previous post for start of message and first half of report).

23:03:51.0592 4608 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] C:\Windows\System32\mprdim.dll
23:03:51.0592 4608 C:\Windows\System32\mprdim.dll - ok
23:03:51.0608 4608 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] C:\Windows\System32\sstpsvc.dll
23:03:51.0608 4608 C:\Windows\System32\sstpsvc.dll - ok
23:03:51.0608 4608 [ 5123F83CBC4349D065534EEB6BBDC42B ] C:\Windows\System32\Locator.exe
23:03:51.0608 4608 C:\Windows\System32\Locator.exe - ok
23:03:51.0624 4608 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] C:\Windows\System32\regsvc.dll
23:03:51.0624 4608 C:\Windows\System32\regsvc.dll - ok
23:03:51.0639 4608 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] C:\Windows\System32\SCardSvr.dll
23:03:51.0639 4608 C:\Windows\System32\SCardSvr.dll - ok
23:03:51.0639 4608 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] C:\Windows\System32\schedsvc.dll
23:03:51.0639 4608 C:\Windows\System32\schedsvc.dll - ok
23:03:51.0655 4608 [ 716313D9F6B0529D03F726D5AAF6F191 ] C:\Windows\System32\sdrsvc.dll
23:03:51.0655 4608 C:\Windows\System32\sdrsvc.dll - ok
23:03:51.0670 4608 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] C:\Windows\System32\seclogon.dll
23:03:51.0670 4608 C:\Windows\System32\seclogon.dll - ok
23:03:51.0670 4608 [ A9BBAB5759771E523F55563D6CBE140F ] C:\Windows\System32\Sens.dll
23:03:51.0670 4608 C:\Windows\System32\Sens.dll - ok
23:03:51.0686 4608 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] C:\Windows\System32\ipnathlp.dll
23:03:51.0686 4608 C:\Windows\System32\ipnathlp.dll - ok
23:03:51.0686 4608 [ D2193326F729B163125610DBF3E17D57 ] C:\Windows\System32\SessEnv.dll
23:03:51.0686 4608 C:\Windows\System32\SessEnv.dll - ok
23:03:51.0702 4608 [ C7230FBEE14437716701C15BE02C27B8 ] C:\Windows\System32\shsvcs.dll
23:03:51.0702 4608 C:\Windows\System32\shsvcs.dll - ok
23:03:51.0717 4608 [ 862BB4CBC05D80C5B45BE430E5EF872F ] C:\Windows\System32\SLsvc.exe
23:03:51.0717 4608 C:\Windows\System32\SLsvc.exe - ok
23:03:51.0717 4608 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] C:\Windows\System32\SLUINotify.dll
23:03:51.0717 4608 C:\Windows\System32\SLUINotify.dll - ok
23:03:51.0733 4608 [ E4060CFE50F87C72316CB0FDB20E4913 ] C:\Windows\System32\tcpipcfg.dll
23:03:51.0733 4608 C:\Windows\System32\tcpipcfg.dll - ok
23:03:51.0748 4608 [ 2A146A055B4401C16EE62D18B8E2A032 ] C:\Windows\System32\snmptrap.exe
23:03:51.0748 4608 C:\Windows\System32\snmptrap.exe - ok
23:03:51.0748 4608 [ 8554097E5136C3BF9F69FE578A1B35F4 ] C:\Windows\System32\spoolsv.exe
23:03:51.0748 4608 C:\Windows\System32\spoolsv.exe - ok
23:03:51.0764 4608 [ 03D50B37234967433A5EA5BA72BC0B62 ] C:\Windows\System32\ssdpsrv.dll
23:03:51.0764 4608 C:\Windows\System32\ssdpsrv.dll - ok
23:03:51.0780 4608 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] C:\Windows\System32\wiaservc.dll
23:03:51.0780 4608 C:\Windows\System32\wiaservc.dll - ok
23:03:51.0780 4608 [ F21FD248040681CCA1FB6C9A03AAA93D ] C:\Windows\System32\swprv.dll
23:03:51.0780 4608 C:\Windows\System32\swprv.dll - ok
23:03:51.0795 4608 [ 9A51B04E9886AA4EE90093586B0BA88D ] C:\Windows\System32\sysmain.dll
23:03:51.0795 4608 C:\Windows\System32\sysmain.dll - ok
23:03:51.0811 4608 [ 2DCA225EAE15F42C0933E998EE0231C3 ] C:\Windows\System32\TabSvc.dll
23:03:51.0811 4608 C:\Windows\System32\TabSvc.dll - ok
23:03:51.0811 4608 [ D7673E4B38CE21EE54C59EEEB65E2483 ] C:\Windows\System32\tapisrv.dll
23:03:51.0811 4608 C:\Windows\System32\tapisrv.dll - ok
23:03:51.0826 4608 [ CB05822CD9CC6C688168E113C603DBE7 ] C:\Windows\System32\tbssvc.dll
23:03:51.0826 4608 C:\Windows\System32\tbssvc.dll - ok
23:03:51.0842 4608 [ BB95DA09BEF6E7A131BFF3BA5032090D ] C:\Windows\System32\termsrv.dll
23:03:51.0842 4608 C:\Windows\System32\termsrv.dll - ok
23:03:51.0842 4608 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] C:\Windows\servicing\TrustedInstaller.exe
23:03:51.0842 4608 C:\Windows\servicing\TrustedInstaller.exe - ok
23:03:51.0858 4608 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] C:\Windows\System32\trkwks.dll
23:03:51.0858 4608 C:\Windows\System32\trkwks.dll - ok
23:03:51.0873 4608 [ ECEF404F62863755951E09C802C94AD5 ] C:\Windows\System32\UI0Detect.exe
23:03:51.0873 4608 C:\Windows\System32\UI0Detect.exe - ok
23:03:51.0873 4608 [ 68308183F4AE0BE7BF8ECD07CB297999 ] C:\Windows\System32\upnphost.dll
23:03:51.0873 4608 C:\Windows\System32\upnphost.dll - ok
23:03:51.0889 4608 [ 01DD1004181FD46ECDC3628228EB269D ] C:\Windows\System32\dwm.exe
23:03:51.0889 4608 C:\Windows\System32\dwm.exe - ok
23:03:51.0904 4608 [ CD88D1B7776DC17A119049742EC07EB4 ] C:\Windows\System32\vds.exe
23:03:51.0904 4608 C:\Windows\System32\vds.exe - ok
23:03:51.0904 4608 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] C:\Windows\System32\VSSVC.exe
23:03:51.0904 4608 C:\Windows\System32\VSSVC.exe - ok
23:03:51.0920 4608 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] C:\Windows\System32\w32time.dll
23:03:51.0920 4608 C:\Windows\System32\w32time.dll - ok
23:03:51.0936 4608 [ A3CD60FD826381B49F03832590E069AF ] C:\Windows\System32\wcncsvc.dll
23:03:51.0936 4608 C:\Windows\System32\wcncsvc.dll - ok
23:03:51.0936 4608 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] C:\Windows\System32\WcsPlugInService.dll
23:03:51.0936 4608 C:\Windows\System32\WcsPlugInService.dll - ok
23:03:51.0951 4608 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] C:\Windows\System32\drivers\Wdf01000.sys
23:03:51.0951 4608 C:\Windows\System32\drivers\Wdf01000.sys - ok
23:03:51.0967 4608 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] C:\Windows\System32\wdi.dll
23:03:51.0967 4608 C:\Windows\System32\wdi.dll - ok
23:03:51.0967 4608 [ 04C37D8107320312FBAE09926103D5E2 ] C:\Windows\System32\WebClnt.dll
23:03:51.0967 4608 C:\Windows\System32\WebClnt.dll - ok
23:03:51.0982 4608 [ AE3736E7E8892241C23E4EBBB7453B60 ] C:\Windows\System32\wecsvc.dll
23:03:51.0982 4608 C:\Windows\System32\wecsvc.dll - ok
23:03:51.0998 4608 [ 670FF720071ED741206D69BD995EA453 ] C:\Windows\System32\wercplsupport.dll
23:03:51.0998 4608 C:\Windows\System32\wercplsupport.dll - ok
23:03:51.0998 4608 [ 32B88481D3B326DA6DEB07B1D03481E7 ] C:\Windows\System32\wersvc.dll
23:03:51.0998 4608 C:\Windows\System32\wersvc.dll - ok
23:03:52.0014 4608 [ DBD02E3E6F061EBBBF9B99A9D7CBA30B ] C:\Windows\System32\winhttp.dll
23:03:52.0014 4608 C:\Windows\System32\winhttp.dll - ok
23:03:52.0029 4608 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] C:\Windows\System32\wbem\WMIsvc.dll
23:03:52.0029 4608 C:\Windows\System32\wbem\WMIsvc.dll - ok
23:03:52.0029 4608 [ 7CFE68BDC065E55AA5E8421607037511 ] C:\Windows\System32\WsmSvc.dll
23:03:52.0029 4608 C:\Windows\System32\WsmSvc.dll - ok
23:03:52.0045 4608 [ C008405E4FEEB069E30DA1D823910234 ] C:\Windows\System32\wlansvc.dll
23:03:52.0045 4608 C:\Windows\System32\wlansvc.dll - ok
23:03:52.0060 4608 [ 43BE3875207DCB62A85C8C49970B66CC ] C:\Windows\System32\wbem\WmiApSrv.exe
23:03:52.0060 4608 C:\Windows\System32\wbem\WmiApSrv.exe - ok
23:03:52.0060 4608 [ 3978704576A121A9204F8CC49A301A9B ] C:\Program Files\Windows Media Player\wmpnetwk.exe
23:03:52.0060 4608 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
23:03:52.0076 4608 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] C:\Windows\System32\wpcsvc.dll
23:03:52.0076 4608 C:\Windows\System32\wpcsvc.dll - ok
23:03:52.0092 4608 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:03:52.0092 4608 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe - ok
23:03:52.0092 4608 [ 801FBDB89D472B3C467EB112A0FC9246 ] C:\Windows\System32\wpdbusenum.dll
23:03:52.0092 4608 C:\Windows\System32\wpdbusenum.dll - ok
23:03:52.0107 4608 [ AED0DFF80C6B3914769407E78D7AB21A ] C:\Windows\System32\SearchIndexer.exe
23:03:52.0107 4608 C:\Windows\System32\SearchIndexer.exe - ok
23:03:52.0107 4608 [ 1CA6C40261DDC0425987980D0CD2AAAB ] C:\Windows\System32\wscsvc.dll
23:03:52.0107 4608 C:\Windows\System32\wscsvc.dll - ok
23:03:52.0123 4608 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\Windows\System32\wuaueng.dll
23:03:52.0123 4608 C:\Windows\System32\wuaueng.dll - ok
23:03:52.0138 4608 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] C:\Windows\System32\drivers\WUDFPf.sys
23:03:52.0138 4608 C:\Windows\System32\drivers\WUDFPf.sys - ok
23:03:52.0138 4608 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] C:\Windows\System32\WUDFSvc.dll
23:03:52.0138 4608 C:\Windows\System32\WUDFSvc.dll - ok
23:03:52.0154 4608 [ 8FC182167381E9915651267044105EE1 ] C:\Windows\System32\scecli.dll
23:03:52.0154 4608 C:\Windows\System32\scecli.dll - ok
23:03:52.0170 4608 [ CD08EEC61C591AF59A39F4363C567D30 ] C:\Windows\System32\ntmarta.dll
23:03:52.0170 4608 C:\Windows\System32\ntmarta.dll - ok
23:03:52.0170 4608 [ 3794B461C45882E06856F282EEF025AF ] C:\Windows\System32\svchost.exe
23:03:52.0170 4608 C:\Windows\System32\svchost.exe - ok
23:03:52.0185 4608 [ 9A7F4B2EDACD11444D048AA19CBB26AF ] C:\Windows\System32\powrprof.dll
23:03:52.0185 4608 C:\Windows\System32\powrprof.dll - ok
23:03:52.0201 4608 [ 8F5C7426567798E62A3B3614965D62CC ] C:\Windows\System32\drivers\luafv.sys
23:03:52.0201 4608 C:\Windows\System32\drivers\luafv.sys - ok
23:03:52.0216 4608 [ E2851CB7DBB831888EAEA46C55C05E44 ] C:\Windows\System32\drivers\aswMonFlt.sys
23:03:52.0216 4608 C:\Windows\System32\drivers\aswMonFlt.sys - ok
23:03:52.0216 4608 [ B4079A98F294A3E262872CB76F4849F0 ] C:\Windows\System32\drivers\aswFsBlk.sys
23:03:52.0216 4608 C:\Windows\System32\drivers\aswFsBlk.sys - ok
23:03:52.0232 4608 [ FFC371525AA55D1BAE18715EBCB8797C ] C:\Windows\System32\drivers\DRVNDDM.SYS
23:03:52.0232 4608 C:\Windows\System32\drivers\DRVNDDM.SYS - ok
23:03:52.0248 4608 [ C950C2E7B9ED1A4FC4A2AC7EC044F1D6 ] C:\Windows\System32\DLA\DLADResM.SYS
23:03:52.0248 4608 C:\Windows\System32\DLA\DLADResM.SYS - ok
23:03:52.0248 4608 [ 24400137E387A24410C52A591F3CFB4D ] C:\Windows\System32\DLA\DLAIFS_M.SYS
23:03:52.0248 4608 C:\Windows\System32\DLA\DLAIFS_M.SYS - ok
23:03:52.0263 4608 [ 29A303FECEB28641ECEBDAE89EB71C63 ] C:\Windows\System32\DLA\DLAOPIOM.SYS
23:03:52.0263 4608 C:\Windows\System32\DLA\DLAOPIOM.SYS - ok
23:03:52.0279 4608 [ C93E33A22A1AE0C5508F3FB1F6D0A50C ] C:\Windows\System32\DLA\DLAPoolM.SYS
23:03:52.0279 4608 C:\Windows\System32\DLA\DLAPoolM.SYS - ok
23:03:52.0279 4608 [ F397A6FA4B83D243AD25A1DC401237A0 ] C:\Windows\System32\nvvsvc.exe
23:03:52.0279 4608 C:\Windows\System32\nvvsvc.exe - ok
23:03:52.0294 4608 [ F42483814FC39170B3982A184EC5AAA2 ] C:\Windows\System32\wtsapi32.dll
23:03:52.0294 4608 C:\Windows\System32\wtsapi32.dll - ok
23:03:52.0310 4608 [ BE3C082837866C4C291ADAF163C10EA6 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
23:03:52.0310 4608 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll - ok
23:03:52.0310 4608 [ A53723176D0002FEB486EFF8E17812F2 ] C:\Windows\System32\DLA\DLABMFSM.SYS
23:03:52.0310 4608 C:\Windows\System32\DLA\DLABMFSM.SYS - ok
23:03:52.0326 4608 [ D4587063ACEA776699251E177D719586 ] C:\Windows\System32\DLA\DLABOIOM.SYS
23:03:52.0326 4608 C:\Windows\System32\DLA\DLABOIOM.SYS - ok
23:03:52.0341 4608 [ B953498C35A31E5AC98F49ADBCF3E627 ] C:\Windows\System32\DLA\DLAUDFAM.SYS
23:03:52.0341 4608 C:\Windows\System32\DLA\DLAUDFAM.SYS - ok
23:03:52.0341 4608 [ 4897704C093C1F59CE58FC65E1E1EF1E ] C:\Windows\System32\DLA\DLAUDF_M.SYS
23:03:52.0341 4608 C:\Windows\System32\DLA\DLAUDF_M.SYS - ok
23:03:52.0357 4608 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] C:\Windows\System32\rpcss.dll
23:03:52.0357 4608 C:\Windows\System32\rpcss.dll - ok
23:03:52.0372 4608 [ 69827805A221C21450BA22F4326A2EE3 ] C:\Windows\System32\version.dll
23:03:52.0372 4608 C:\Windows\System32\version.dll - ok
23:03:52.0372 4608 [ DD1D685D387A8AC666BA3B7539C774E8 ] C:\Windows\System32\wpclsp.dll
23:03:52.0372 4608 C:\Windows\System32\wpclsp.dll - ok
23:03:52.0388 4608 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
23:03:52.0388 4608 C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
23:03:52.0388 4608 [ 9AC7F31404F784753C4C04296E48CFAB ] C:\Program Files\Microsoft Security Client\MpSvc.dll
23:03:52.0388 4608 C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
23:03:52.0404 4608 [ 84204FDA617A3611D510A1DCBAE64004 ] C:\Program Files\Microsoft Security Client\MpClient.dll
23:03:52.0404 4608 C:\Program Files\Microsoft Security Client\MpClient.dll - ok
23:03:52.0419 4608 [ 62D577288B48998FC6667BF22DC5B690 ] C:\Windows\System32\LogonUI.exe
23:03:52.0419 4608 C:\Windows\System32\LogonUI.exe - ok
23:03:52.0419 4608 [ B2E569EF26DAC9D6994A2AFF4F601B7A ] C:\Windows\System32\wintrust.dll
23:03:52.0419 4608 C:\Windows\System32\wintrust.dll - ok
23:03:52.0435 4608 [ 58C2521D87C494831A625202C80354AD ] C:\Windows\System32\authui.dll
23:03:52.0435 4608 C:\Windows\System32\authui.dll - ok
23:03:52.0450 4608 [ 2EC53B5A351C4D443896DBAD117F7E82 ] C:\Windows\System32\msimg32.dll
23:03:52.0450 4608 C:\Windows\System32\msimg32.dll - ok
23:03:52.0450 4608 [ 999D69DEB576C2C424294DF025891CC6 ] C:\Windows\System32\uxtheme.dll
23:03:52.0450 4608 C:\Windows\System32\uxtheme.dll - ok
23:03:52.0466 4608 [ 76EAEF4DDEBBC7C38853F586C0E91DCE ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\GdiPlus.dll
23:03:52.0466 4608 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\GdiPlus.dll - ok
23:03:52.0482 4608 [ 75EB73E64F5B4655D9797D20F26DE320 ] C:\Windows\System32\duser.dll
23:03:52.0482 4608 C:\Windows\System32\duser.dll - ok
23:03:52.0497 4608 [ 1908CC7673F72601AFFDCA022689CEDF ] C:\Windows\System32\xmllite.dll
23:03:52.0497 4608 C:\Windows\System32\xmllite.dll - ok
23:03:52.0497 4608 [ 0DBEE38060475A4C3E04D3B908AEC0B9 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
23:03:52.0497 4608 C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
23:03:52.0513 4608 [ 61B37C0B3FD7DA7414C20D917469BFFF ] C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
23:03:52.0513 4608 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe - ok
23:03:52.0528 4608 [ 47224DF05ED704DE0BBD6835953D3DDD ] C:\Program Files\Trusteer\Rapport\bin\RapportUtil.dll
23:03:52.0528 4608 C:\Program Files\Trusteer\Rapport\bin\RapportUtil.dll - ok
23:03:52.0528 4608 [ 7C29BC74635524E13FAA556A5FD48968 ] C:\Program Files\Microsoft Security Client\MpRTP.dll
23:03:52.0528 4608 C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
23:03:52.0544 4608 [ A9542FF2E9A82CF100E5729EC79068F0 ] C:\Windows\System32\fltLib.dll
23:03:52.0544 4608 C:\Windows\System32\fltLib.dll - ok
23:03:52.0560 4608 [ 00A0231FCA55C815853B957767E34B02 ] C:\Program Files\Microsoft Security Client\MsMpLics.dll
23:03:52.0560 4608 C:\Program Files\Microsoft Security Client\MsMpLics.dll - ok
23:03:52.0575 4608 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] C:\Windows\System32\drivers\MpFilter.sys
23:03:52.0575 4608 C:\Windows\System32\drivers\MpFilter.sys - ok
23:03:52.0575 4608 [ 2EF4E53ACB0DF0B34091335BB26C2BC2 ] C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll
23:03:52.0575 4608 C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll - ok
23:03:52.0591 4608 [ B25DBBA6C63A61FF4AFDB5ADAB4E70CB ] C:\Windows\System32\SmartcardCredentialProvider.dll
23:03:52.0591 4608 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
23:03:52.0606 4608 [ E60201FBA2548390B11C7B1900D536D0 ] C:\Program Files\Trusteer\Rapport\bin\msvcr80.dll
23:03:52.0606 4608 C:\Program Files\Trusteer\Rapport\bin\msvcr80.dll - ok
23:03:52.0606 4608 [ 9DC3723519F52B6BC63EACD4BD411313 ] C:\Windows\System32\rasplap.dll
23:03:52.0606 4608 C:\Windows\System32\rasplap.dll - ok
23:03:52.0622 4608 [ 23278C13894ACF0C2B47FF6D9B8B5165 ] C:\Program Files\Trusteer\Rapport\bin\msvcp80.dll
23:03:52.0622 4608 C:\Program Files\Trusteer\Rapport\bin\msvcp80.dll - ok
23:03:52.0638 4608 [ 3CB863B78642405371CB3A71C07E2382 ] C:\Windows\System32\rasapi32.dll
23:03:52.0638 4608 C:\Windows\System32\rasapi32.dll - ok
23:03:52.0638 4608 [ E582816A4855914DEFFC212E12B3B744 ] C:\Windows\System32\wsock32.dll
23:03:52.0638 4608 C:\Windows\System32\wsock32.dll - ok
23:03:52.0653 4608 [ 401DFFDBBBD3F07C747ED1AE2BB88106 ] C:\Windows\System32\msi.dll
23:03:52.0653 4608 C:\Windows\System32\msi.dll - ok
23:03:52.0653 4608 [ 3A1DDA77F331D107BA40DB06E4D666E9 ] C:\Windows\System32\rasman.dll
23:03:52.0653 4608 C:\Windows\System32\rasman.dll - ok
23:03:52.0669 4608 [ 70F08ECE7A30A639D3F0C8C433685C7D ] C:\Windows\System32\tapi32.dll
23:03:52.0669 4608 C:\Windows\System32\tapi32.dll - ok
23:03:52.0684 4608 [ 3D418A22A56471295AEB1CEB9027C3DA ] C:\Windows\System32\rtutils.dll
23:03:52.0684 4608 C:\Windows\System32\rtutils.dll - ok
23:03:52.0684 4608 [ 14FF750EFE13B0C21E5A06507C3A97B1 ] C:\Windows\System32\winmm.dll
23:03:52.0684 4608 C:\Windows\System32\winmm.dll - ok
23:03:52.0700 4608 [ DC15AB7168C0309D8F04FD95B6240422 ] C:\Windows\System32\oleacc.dll
23:03:52.0700 4608 C:\Windows\System32\oleacc.dll - ok
23:03:52.0716 4608 [ 11F06C27DAD83CD5E907D664CA591805 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9D68CAEE-9967-4B82-BB2B-C14263B2A04C}\mpengine.dll
23:03:52.0716 4608 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9D68CAEE-9967-4B82-BB2B-C14263B2A04C}\mpengine.dll - ok
23:03:52.0716 4608 [ 627920CFF5DFCF8CF54CF2D592D61307 ] C:\Windows\System32\WinSCard.dll
23:03:52.0716 4608 C:\Windows\System32\WinSCard.dll - ok
23:03:52.0731 4608 [ 12A1DF1B84FB45A00D47B2CDE2CEEBBA ] C:\Windows\System32\shgina.dll
23:03:52.0731 4608 C:\Windows\System32\shgina.dll - ok
23:03:52.0747 4608 [ 7DACD94118E2D8B6D72F47ADEB0367BF ] C:\Windows\System32\propsys.dll
23:03:52.0747 4608 C:\Windows\System32\propsys.dll - ok
23:03:52.0747 4608 [ 70932D6C3D59B416CBD2BE5A3B3D4BE6 ] C:\Windows\System32\shacct.dll
23:03:52.0747 4608 C:\Windows\System32\shacct.dll - ok
23:03:52.0762 4608 [ 244C631BE2F7F36EAD9DDAEED95AA298 ] C:\Windows\System32\ntkrnlpa.exe
23:03:52.0762 4608 C:\Windows\System32\ntkrnlpa.exe - ok
23:03:52.0778 4608 [ 25FB14A976A65455FE4C5579CD5628B2 ] C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll.data
23:03:52.0778 4608 C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll.data - ok
23:03:52.0778 4608 [ 4C089FA7CE5FF366E32BE3B3AEA71ED1 ] C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
23:03:52.0778 4608 C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll - ok
23:03:52.0794 4608 [ 8BFD09CE89567C3545D0EAF3C13C3E6C ] C:\Program Files\Trusteer\Rapport\bin\rookscom.dll.data
23:03:52.0794 4608 C:\Program Files\Trusteer\Rapport\bin\rookscom.dll.data - ok
23:03:52.0809 4608 [ 58F6ADAE5E04A178349DC76124269DA2 ] C:\Program Files\Trusteer\Rapport\bin\rookscom.dll
23:03:52.0809 4608 C:\Program Files\Trusteer\Rapport\bin\rookscom.dll - ok
23:03:52.0809 4608 [ 9EACAEDE751B9C5E3F058E9B57F0D1D2 ] C:\Program Files\Trusteer\Rapport\bin\rooksdol.dll.data
23:03:52.0809 4608 C:\Program Files\Trusteer\Rapport\bin\rooksdol.dll.data - ok
23:03:52.0825 4608 [ 9EACAEDE751B9C5E3F058E9B57F0D1D2 ] C:\Program Files\Trusteer\Rapport\bin\rooksdol.dll
23:03:52.0825 4608 C:\Program Files\Trusteer\Rapport\bin\rooksdol.dll - ok
23:03:52.0840 4608 [ FC5372FD2DEB28E847C8394C58BC76FA ] C:\Program Files\Microsoft Security Client\MpCmdRun.exe
23:03:52.0840 4608 C:\Program Files\Microsoft Security Client\MpCmdRun.exe - ok
23:03:52.0856 4608 [ A99871BA522CB2539AE275AC18CACC8F ] C:\Windows\System32\cabinet.dll
23:03:52.0856 4608 C:\Windows\System32\cabinet.dll - ok
23:03:52.0856 4608 [ A0F4852A5DB9754BEC06F84B400AE743 ] C:\Windows\System32\wscapi.dll
23:03:52.0856 4608 C:\Windows\System32\wscapi.dll - ok
23:03:52.0872 4608 [ 5CAAE5333EF36DB4A8D294418AB37E80 ] C:\Windows\System32\p2pcollab.dll
23:03:52.0872 4608 C:\Windows\System32\p2pcollab.dll - ok
23:03:52.0887 4608 [ 3B47E60E1012B23873ED2E4A9B4F2310 ] C:\Program Files\Microsoft Security Client\MsseWat.dll
23:03:52.0887 4608 C:\Program Files\Microsoft Security Client\MsseWat.dll - ok
23:03:52.0887 4608 [ DA887F28054D78EE8637BEBB924A2DB5 ] C:\Windows\System32\slwga.dll
23:03:52.0887 4608 C:\Windows\System32\slwga.dll - ok
23:03:52.0903 4608 [ 5DB99BBD7A50F2A45A5118D9532064C4 ] C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\KoanLight.dll
23:03:52.0903 4608 C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\KoanLight.dll - ok
23:03:52.0903 4608 [ 23278C13894ACF0C2B47FF6D9B8B5165 ] C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\msvcp80.dll
23:03:52.0903 4608 C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\msvcp80.dll - ok
23:03:52.0918 4608 [ E60201FBA2548390B11C7B1900D536D0 ] C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\msvcr80.dll
23:03:52.0918 4608 C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\msvcr80.dll - ok
23:03:52.0934 4608 [ A021AC9899224F9C52E5A093552D6D67 ] C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\atl80.dll
23:03:52.0934 4608 C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\atl80.dll - ok
23:03:52.0950 4608 [ 29820425D7B6407793C8C0ACB9622FF0 ] C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\NikkoLight.dll
23:03:52.0950 4608 C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\NikkoLight.dll - ok
23:03:52.0950 4608 [ E60201FBA2548390B11C7B1900D536D0 ] C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\msvcr80.dll
23:03:52.0950 4608 C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\msvcr80.dll - ok
23:03:52.0965 4608 [ 23278C13894ACF0C2B47FF6D9B8B5165 ] C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\msvcp80.dll
23:03:52.0965 4608 C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\msvcp80.dll - ok
23:03:52.0981 4608 [ A021AC9899224F9C52E5A093552D6D67 ] C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\atl80.dll
23:03:52.0981 4608 C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\atl80.dll - ok
23:03:52.0981 4608 [ 378C296F78EBC17E57C6CF96CD024D59 ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus.dll
23:03:52.0981 4608 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus.dll - ok
23:03:52.0996 4608 [ 8FAC274A1CF31E180BE90586588761C7 ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP.dll
23:03:52.0996 4608 C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP.dll - ok
23:03:53.0012 4608 [ 23278C13894ACF0C2B47FF6D9B8B5165 ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\msvcp80.dll
23:03:53.0012 4608 C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\msvcp80.dll - ok
23:03:53.0028 4608 [ E60201FBA2548390B11C7B1900D536D0 ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\msvcr80.dll
23:03:53.0028 4608 C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\msvcr80.dll - ok
23:03:53.0028 4608 [ 5BEB722294C6A21BBE79E816F4E933DA ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
23:03:53.0028 4608 C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll - ok
23:03:53.0043 4608 [ F7E7EFD5A34F15D2A334341D0D26B839 ] C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\TanzanLight.dll
23:03:53.0043 4608 C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\TanzanLight.dll - ok
23:03:53.0059 4608 [ 23278C13894ACF0C2B47FF6D9B8B5165 ] C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\msvcp80.dll
23:03:53.0059 4608 C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\msvcp80.dll - ok
23:03:53.0074 4608 [ E60201FBA2548390B11C7B1900D536D0 ] C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\msvcr80.dll
23:03:53.0074 4608 C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\msvcr80.dll - ok
23:03:53.0074 4608 [ A021AC9899224F9C52E5A093552D6D67 ] C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\atl80.dll
23:03:53.0074 4608 C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\atl80.dll - ok
23:03:53.0090 4608 [ 56B5914070B2C243DFB3D186070DA89D ] C:\Windows\System32\MMDevAPI.dll
23:03:53.0090 4608 C:\Windows\System32\MMDevAPI.dll - ok
23:03:53.0106 4608 [ C9244BCAC83B259B920BBEE18A97BFE1 ] C:\Windows\System32\avrt.dll
23:03:53.0106 4608 C:\Windows\System32\avrt.dll - ok
23:03:53.0106 4608 [ D5CF1536137026ACDED95BF6CBF849F6 ] C:\Windows\System32\WUDFPlatform.dll
23:03:53.0106 4608 C:\Windows\System32\WUDFPlatform.dll - ok
23:03:53.0121 4608 [ EC43D9CC95C3BB5FEFDBCF22D375E1F5 ] C:\Windows\System32\adtschema.dll
23:03:53.0121 4608 C:\Windows\System32\adtschema.dll - ok
23:03:53.0137 4608 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] C:\Windows\System32\drivers\fltMgr.sys
23:03:53.0137 4608 C:\Windows\System32\drivers\fltMgr.sys - ok
23:03:53.0137 4608 [ 22F73612087430A94DBE912AB58E0C79 ] C:\Windows\System32\ci.dll
23:03:53.0137 4608 C:\Windows\System32\ci.dll - ok
23:03:53.0152 4608 [ 57418956DDAE128D1023C508E7D07071 ] C:\Windows\System32\PSHED.DLL
23:03:53.0152 4608 C:\Windows\System32\PSHED.DLL - ok
23:03:53.0168 4608 [ 97FEF831AB90BEE128C9AF390E243F80 ] C:\Windows\System32\drivers\drmkaud.sys
23:03:53.0168 4608 C:\Windows\System32\drivers\drmkaud.sys - ok
23:03:53.0168 4608 [ 3437B9E218A2E4586BEF4F7A3BD00777 ] C:\Windows\System32\audiodg.exe
23:03:53.0168 4608 C:\Windows\System32\audiodg.exe - ok
23:03:53.0184 4608 [ 4DF066ECEE5A7B20BF8B39EF4D646600 ] C:\Windows\System32\wdmaud.drv
23:03:53.0184 4608 C:\Windows\System32\wdmaud.drv - ok
23:03:53.0184 4608 [ 919CC2A0476D5A6A4C935D4B88E29912 ] C:\Windows\System32\ksuser.dll
23:03:53.0184 4608 C:\Windows\System32\ksuser.dll - ok
23:03:53.0199 4608 [ DB7F4AB85298F3FE522C5512B8B0F56D ] C:\Windows\System32\AudioEng.dll
23:03:53.0199 4608 C:\Windows\System32\AudioEng.dll - ok
23:03:53.0215 4608 [ 7258434974EA735725FD2D4A65C5E821 ] C:\Windows\System32\AudioSes.dll
23:03:53.0215 4608 C:\Windows\System32\AudioSes.dll - ok
23:03:53.0230 4608 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] C:\Windows\System32\gpsvc.dll
23:03:53.0230 4608 C:\Windows\System32\gpsvc.dll - ok
23:03:53.0246 4608 [ D1A84F7D4CAFCFE2A32149FF418056E5 ] C:\Windows\System32\nlaapi.dll
23:03:53.0246 4608 C:\Windows\System32\nlaapi.dll - ok
23:03:53.0246 4608 [ 409F36C8BD06FCE184631EB4142B009A ] C:\Windows\System32\atl.dll
23:03:53.0246 4608 C:\Windows\System32\atl.dll - ok
23:03:53.0262 4608 [ A7F8BAD9590ADDC425B4003E94780DFA ] C:\Windows\System32\drivers\spsys.sys
23:03:53.0262 4608 C:\Windows\System32\drivers\spsys.sys - ok
23:03:53.0277 4608 [ 67058C46504BC12D821F38CF99B7B28F ] C:\Windows\System32\es.dll
23:03:53.0277 4608 C:\Windows\System32\es.dll - ok
23:03:53.0293 4608 [ BDBB449425991154135E5ED1559927E6 ] C:\Windows\System32\msacm32.dll
23:03:53.0293 4608 C:\Windows\System32\msacm32.dll - ok
23:03:53.0308 4608 [ 166F004D73EA2CF4AC61800CA469458D ] C:\Windows\System32\msacm32.drv
23:03:53.0308 4608 C:\Windows\System32\msacm32.drv - ok
23:03:53.0308 4608 [ 83199EF88D691E730B80666E29F90D58 ] C:\Windows\System32\midimap.dll
23:03:53.0308 4608 C:\Windows\System32\midimap.dll - ok
23:03:53.0324 4608 [ 4B555106290BD117334E9A08761C035A ] C:\Windows\System32\rundll32.exe
23:03:53.0324 4608 C:\Windows\System32\rundll32.exe - ok
23:03:53.0340 4608 [ 1DACD1530C6E58AEAE9F6DE7DA851935 ] C:\Windows\System32\shimeng.dll
23:03:53.0340 4608 C:\Windows\System32\shimeng.dll - ok
23:03:53.0340 4608 [ D6804F089CBB6749E95124E7C4D80900 ] C:\Windows\AppPatch\AcLayers.dll
23:03:53.0340 4608 C:\Windows\AppPatch\AcLayers.dll - ok
23:03:53.0355 4608 [ 6836D001FC733F205ACB80A7986CB6C9 ] C:\Windows\System32\WindowsCodecs.dll
23:03:53.0355 4608 C:\Windows\System32\WindowsCodecs.dll - ok
23:03:53.0371 4608 [ 5EC8FB83F31AA2D6F421F02C3F4F4475 ] C:\Windows\System32\winspool.drv
23:03:53.0371 4608 C:\Windows\System32\winspool.drv - ok
23:03:53.0371 4608 [ B88B306A3DD3B470A8747B15B7C00703 ] C:\Windows\System32\nvsvc.dll
23:03:53.0371 4608 C:\Windows\System32\nvsvc.dll - ok
23:03:53.0386 4608 [ 89426C1045587D812521875E34E4772E ] C:\Windows\System32\nvapi.dll
23:03:53.0386 4608 C:\Windows\System32\nvapi.dll - ok
23:03:53.0402 4608 [ 296937202E4D930AAE98085B99D744D8 ] C:\Windows\System32\AUDIOKSE.dll
23:03:53.0402 4608 C:\Windows\System32\AUDIOKSE.dll - ok
23:03:53.0402 4608 [ 8269CC01940A202BBB9FDF26705DBD67 ] C:\Windows\System32\hid.dll
23:03:53.0402 4608 C:\Windows\System32\hid.dll - ok
23:03:53.0418 4608 [ D76EF22D86646EFE8B1B3CCBB362D4CC ] C:\Windows\System32\DaisyWrp.dll
23:03:53.0418 4608 C:\Windows\System32\DaisyWrp.dll - ok
23:03:53.0433 4608 [ 6F766EB966D33DFF62810C0B3190FCF7 ] C:\Windows\System32\CTAPO32.dll
23:03:53.0433 4608 C:\Windows\System32\CTAPO32.dll - ok
23:03:53.0433 4608 [ 1509E705F3AC1D474C92454A5C2DD81F ] C:\Windows\System32\uxsms.dll
23:03:53.0433 4608 C:\Windows\System32\uxsms.dll - ok
23:03:53.0449 4608 [ C76672234D46FA1A81547F97332EB5D6 ] C:\Windows\System32\RtkAPO.dll
23:03:53.0449 4608 C:\Windows\System32\RtkAPO.dll - ok
23:03:53.0464 4608 [ 7522597DD61F651A95A471D798E08304 ] C:\Windows\System32\nvcpl.dll
23:03:53.0464 4608 C:\Windows\System32\nvcpl.dll - ok
23:03:53.0464 4608 [ D1C5883087A0C3F1344D9D55A44901F6 ] C:\Windows\System32\drivers\lltdio.sys
23:03:53.0464 4608 C:\Windows\System32\drivers\lltdio.sys - ok
23:03:53.0480 4608 [ D6973AA34C4D5D76C0430B181C3CD389 ] C:\Windows\System32\drivers\ndisuio.sys
23:03:53.0480 4608 C:\Windows\System32\drivers\ndisuio.sys - ok
23:03:53.0496 4608 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] C:\Windows\System32\drivers\nwifi.sys
23:03:53.0496 4608 C:\Windows\System32\drivers\nwifi.sys - ok
23:03:53.0496 4608 [ 9C508F4074A39E8B4B31D27198146FAD ] C:\Windows\System32\drivers\rspndr.sys
23:03:53.0496 4608 C:\Windows\System32\drivers\rspndr.sys - ok
23:03:53.0511 4608 [ EC760B0B76A4353DE49D66520EB2141F ] C:\Windows\System32\SensApi.dll
23:03:53.0511 4608 C:\Windows\System32\SensApi.dll - ok
23:03:53.0527 4608 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] C:\Windows\System32\dnsrslvr.dll
23:03:53.0527 4608 C:\Windows\System32\dnsrslvr.dll - ok
23:03:53.0527 4608 [ 0727200F10320A6BA7E59433094FBBA7 ] C:\Windows\System32\WMALFXGFXDSP.dll
23:03:53.0527 4608 C:\Windows\System32\WMALFXGFXDSP.dll - ok
23:03:53.0542 4608 [ BF142D4F8C61ED3629A9CDD7BA867900 ] C:\Windows\System32\mfplat.dll
23:03:53.0542 4608 C:\Windows\System32\mfplat.dll - ok
23:03:53.0558 4608 [ 35ACD5EA63D75E97DD0E9A1629E582B2 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll
23:03:53.0558 4608 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll - ok
23:03:53.0558 4608 [ E0B8B4BA759441AF97B7DBE53F8CD6EB ] C:\Windows\System32\nvd3dum.dll
23:03:53.0558 4608 C:\Windows\System32\nvd3dum.dll - ok
23:03:53.0574 4608 [ BE01E566D1F569AAB32D0335613E1EEA ] C:\Windows\System32\dllhost.exe
23:03:53.0574 4608 C:\Windows\System32\dllhost.exe - ok
23:03:53.0589 4608 [ 3AB4023CBD406AC33AB8CDFF6C8079A0 ] C:\Windows\System32\eapphost.dll
23:03:53.0589 4608 C:\Windows\System32\eapphost.dll - ok
23:03:53.0589 4608 [ 3B0489DE8CC3058B48471660C60A7B75 ] C:\Windows\System32\rastls.dll
23:03:53.0589 4608 C:\Windows\System32\rastls.dll - ok
23:03:53.0605 4608 [ 82A79D5BE740D0AE9C91AA6DE4B3AC5A ] C:\Windows\System32\raschap.dll
23:03:53.0605 4608 C:\Windows\System32\raschap.dll - ok
23:03:53.0620 4608 [ E45051C374F845EDF3DB02A35BA13193 ] C:\Windows\System32\umb.dll
23:03:53.0620 4608 C:\Windows\System32\umb.dll - ok
23:03:53.0620 4608 [ 3727F8B85E24BBDD325BFF75F029DDE3 ] C:\Windows\System32\wlanmsm.dll
23:03:53.0620 4608 C:\Windows\System32\wlanmsm.dll - ok
23:03:53.0636 4608 [ 4662AF853DFAD5648CE3814E7D9EF3D6 ] C:\Windows\System32\wlansec.dll
23:03:53.0636 4608 C:\Windows\System32\wlansec.dll - ok
23:03:53.0636 4608 [ B64AC7967D6B9FB2D6152AC768A1CB88 ] C:\Windows\System32\onex.dll
23:03:53.0636 4608 C:\Windows\System32\onex.dll - ok
23:03:53.0652 4608 [ 9D9FFC923FADBB575E0452EA0BBB15BD ] C:\Windows\System32\eappprxy.dll
23:03:53.0652 4608 C:\Windows\System32\eappprxy.dll - ok
23:03:53.0667 4608 [ 5D0FE613570CABE3992F7DBCD68E61D1 ] C:\Windows\System32\eappcfg.dll
23:03:53.0667 4608 C:\Windows\System32\eappcfg.dll - ok
23:03:53.0667 4608 [ 91D995A67D9447592A1BF21CBC15C628 ] C:\Windows\System32\wlgpclnt.dll
23:03:53.0667 4608 C:\Windows\System32\wlgpclnt.dll - ok
23:03:53.0683 4608 [ 19FFAD68A02AF1BF0BC336EE26CD6767 ] C:\Windows\System32\l2gpstore.dll
23:03:53.0683 4608 C:\Windows\System32\l2gpstore.dll - ok
23:03:53.0698 4608 [ EB2170D0DDF3B2A92506AE16BC524B0B ] C:\Windows\System32\wlanutil.dll
23:03:53.0698 4608 C:\Windows\System32\wlanutil.dll - ok
23:03:53.0698 4608 [ 024528E25BBE8768536861EA09BE1672 ] C:\Windows\System32\msxml6.dll
23:03:53.0698 4608 C:\Windows\System32\msxml6.dll - ok
23:03:53.0714 4608 [ 3CD1B69551236977918E60F9543C89A2 ] C:\Windows\System32\AtBroker.exe
23:03:53.0714 4608 C:\Windows\System32\AtBroker.exe - ok
23:03:53.0730 4608 [ 0AAF6B848185899CF76AE04E62EAB3D2 ] C:\Program Files\Alwil Software\Avast4\ashServ.exe
23:03:53.0730 4608 C:\Program Files\Alwil Software\Avast4\ashServ.exe - ok
23:03:53.0730 4608 [ 8EA778943B7E155991AE9E3C818269AB ] C:\Program Files\Alwil Software\Avast4\aswAux.dll
23:03:53.0730 4608 C:\Program Files\Alwil Software\Avast4\aswAux.dll - ok
23:03:53.0745 4608 [ 0E135526E9785D085BCD9AEDE6FBCBF9 ] C:\Windows\System32\userinit.exe
23:03:53.0745 4608 C:\Windows\System32\userinit.exe - ok
23:03:53.0761 4608 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Windows\System32\msvcp71.dll
23:03:53.0761 4608 C:\Windows\System32\msvcp71.dll - ok
23:03:53.0761 4608 [ 9B96F6952186336CC6E3D4E08BE2E0AF ] C:\Windows\System32\dwmapi.dll
23:03:53.0761 4608 C:\Windows\System32\dwmapi.dll - ok
23:03:53.0776 4608 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Windows\System32\msvcr71.dll
23:03:53.0776 4608 C:\Windows\System32\msvcr71.dll - ok
23:03:53.0792 4608 [ F8DF17A0090F29EE330B34145152F38A ] C:\Program Files\Alwil Software\Avast4\aswCmnB.dll
23:03:53.0792 4608 C:\Program Files\Alwil Software\Avast4\aswCmnB.dll - ok
23:03:53.0792 4608 [ 6D6416FA182FA865D265DFFA5A03C3C2 ] C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll
23:03:53.0792 4608 C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll - ok
23:03:53.0808 4608 [ 144137D2E91504F551E82135673D89AE ] C:\Program Files\Alwil Software\Avast4\aswEngin.dll
23:03:53.0808 4608 C:\Program Files\Alwil Software\Avast4\aswEngin.dll - ok
23:03:53.0823 4608 [ D80C6539C00CB4F5D59066865479C308 ] C:\Windows\System32\dwmredir.dll
23:03:53.0823 4608 C:\Windows\System32\dwmredir.dll - ok
23:03:53.0823 4608 [ C99403A5B641520DAED0021DDA06F272 ] C:\Windows\System32\milcore.dll
23:03:53.0823 4608 C:\Windows\System32\milcore.dll - ok
23:03:53.0839 4608 [ 9FB2179200238536B788CB4046C61C24 ] C:\Program Files\Alwil Software\Avast4\aswScan.dll
23:03:53.0839 4608 C:\Program Files\Alwil Software\Avast4\aswScan.dll - ok
23:03:53.0854 4608 [ 7D79CD441ED208D062B326145C7B3AED ] C:\Program Files\Alwil Software\Avast4\aswCmnS.dll
23:03:53.0854 4608 C:\Program Files\Alwil Software\Avast4\aswCmnS.dll - ok
23:03:53.0854 4608 [ E8B0EDD5C8518D9A1F73AC0C54A94D7C ] C:\Program Files\Alwil Software\Avast4\ashBase.dll
23:03:53.0854 4608 C:\Program Files\Alwil Software\Avast4\ashBase.dll - ok
23:03:53.0870 4608 [ 0B9DBFE71F4EB4355985EE60E6A1DC3F ] C:\Program Files\Alwil Software\Avast4\ashTask.dll
23:03:53.0870 4608 C:\Program Files\Alwil Software\Avast4\ashTask.dll - ok
23:03:53.0886 4608 [ D933B267939363888A40F86017561552 ] C:\Program Files\Alwil Software\Avast4\aswInteg.dll
23:03:53.0886 4608 C:\Program Files\Alwil Software\Avast4\aswInteg.dll - ok
23:03:53.0886 4608 [ C04BDF9FD9A6903FD49ECB798BD26E94 ] C:\Program Files\Alwil Software\Avast4\aswIdle.dll
23:03:53.0886 4608 C:\Program Files\Alwil Software\Avast4\aswIdle.dll - ok
23:03:53.0901 4608 [ D07D4C3038F3578FFCE1C0237F2A1253 ] C:\Windows\explorer.exe
23:03:53.0901 4608 C:\Windows\explorer.exe - ok
23:03:53.0917 4608 [ 6CA1292225B47A5421E941B3CFEF48AF ] C:\Program Files\Alwil Software\Avast4\Aavm4h.dll
23:03:53.0917 4608 C:\Program Files\Alwil Software\Avast4\Aavm4h.dll - ok
23:03:53.0917 4608 [ F3EAC60879AE425D81DBA70C3DA76D13 ] C:\Program Files\Alwil Software\Avast4\AavmRpch.dll
23:03:53.0917 4608 C:\Program Files\Alwil Software\Avast4\AavmRpch.dll - ok
23:03:53.0932 4608 [ 8AAEEE8E59A70F37579993D118A34EE0 ] C:\Windows\System32\d3d9.dll
23:03:53.0932 4608 C:\Windows\System32\d3d9.dll - ok
23:03:53.0948 4608 [ 4934241CD20AC87D78121352E3BA8318 ] C:\Windows\System32\dbghelp.dll
23:03:53.0948 4608 C:\Windows\System32\dbghelp.dll - ok
23:03:53.0948 4608 [ CD6DA5770CAE9D5E6E86722E17B442E0 ] C:\Windows\System32\d3d8thk.dll
23:03:53.0948 4608 C:\Windows\System32\d3d8thk.dll - ok
23:03:53.0964 4608 [ 6B115977A1CA2999EB626E85F3E13333 ] C:\PROGRA~1\ALWILS~1\Avast4\ENGLISH\Base.dll
23:03:53.0964 4608 C:\PROGRA~1\ALWILS~1\Avast4\ENGLISH\Base.dll - ok
23:03:53.0964 4608 [ 167AC31450C0C53A01FA1491E94D7678 ] C:\Windows\System32\shdocvw.dll
23:03:53.0964 4608 C:\Windows\System32\shdocvw.dll - ok
23:03:53.0979 4608 [ D922592AB65C5D9B88B30B4510A3464E ] C:\Windows\System32\cscapi.dll
23:03:53.0979 4608 C:\Windows\System32\cscapi.dll - ok
23:03:53.0995 4608 [ D0A95E567224B4C347CBDD6541E5D928 ] C:\Windows\System32\wscisvif.dll
23:03:53.0995 4608 C:\Windows\System32\wscisvif.dll - ok
23:03:54.0010 4608 [ FE3702015BE4D214808A2FBC07B8E5FF ] C:\Windows\System32\wscproxystub.dll
23:03:54.0010 4608 C:\Windows\System32\wscproxystub.dll - ok
23:03:54.0010 4608 [ 4504819D18FAC09B6108D8728467E5B2 ] C:\Windows\System32\browseui.dll
23:03:54.0010 4608 C:\Windows\System32\browseui.dll - ok
23:03:54.0026 4608 [ CA0B849566776A17F35F0339BE17DFD9 ] C:\Windows\System32\ktmw32.dll
23:03:54.0026 4608 C:\Windows\System32\ktmw32.dll - ok
23:03:54.0042 4608 [ 2A6A2C09ECC2CB495628E45F1379ECE8 ] C:\Windows\System32\taskcomp.dll
23:03:54.0042 4608 C:\Windows\System32\taskcomp.dll - ok
23:03:54.0042 4608 [ 7A623F6B4C51F6F2BC1A31D5787FC0A7 ] C:\Windows\System32\uDWM.dll
23:03:54.0042 4608 C:\Windows\System32\uDWM.dll - ok
23:03:54.0057 4608 [ F870AA3E254628EBEAFE754108D664DE ] C:\Windows\System32\drivers\http.sys
23:03:54.0057 4608 C:\Windows\System32\drivers\http.sys - ok
23:03:54.0073 4608 [ 9AEE3C126ACC7DED1FF2126BFA28BDB8 ] C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
23:03:54.0073 4608 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe - ok
23:03:54.0073 4608 [ 3D50C4B10352367D5CB20ED1F50F8DA2 ] C:\Windows\System32\taskeng.exe
23:03:54.0088 4608 C:\Windows\System32\taskeng.exe - ok
23:03:54.0088 4608 [ E79FDA8D320147FDC347C504B3487F87 ] C:\Windows\System32\spoolss.dll
23:03:54.0088 4608 C:\Windows\System32\spoolss.dll - ok
23:03:54.0104 4608 [ 7605C0E1D01A08F3ECD743F38B834A44 ] C:\Windows\System32\drivers\srvnet.sys
23:03:54.0104 4608 C:\Windows\System32\drivers\srvnet.sys - ok
23:03:54.0120 4608 [ B0D12F4344EB2AE96E487D2DF6F74413 ] C:\Windows\System32\FWPUCLNT.DLL
23:03:54.0120 4608 C:\Windows\System32\FWPUCLNT.DLL - ok
23:03:54.0120 4608 [ 95CCD10BE06A2E0949B7C33B83038FA7 ] C:\Program Files\Trusteer\Rapport\bin\js32.dll
23:03:54.0120 4608 C:\Program Files\Trusteer\Rapport\bin\js32.dll - ok
23:03:54.0135 4608 [ 14E4470BF8ACA69A85D741BA99F75F96 ] C:\Windows\System32\EhStorShell.dll
23:03:54.0135 4608 C:\Windows\System32\EhStorShell.dll - ok
23:03:54.0151 4608 [ 660C8E78B94F483E44B0243A774A4746 ] C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
23:03:54.0151 4608 C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL - ok
23:03:54.0151 4608 [ 73FE2E5FA55088A241AA2732F5D387D6 ] C:\Windows\System32\wiarpc.dll
23:03:54.0151 4608 C:\Windows\System32\wiarpc.dll - ok
23:03:54.0166 4608 [ 7538050656FE5D63CB4B80349DD1CFE3 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
23:03:54.0166 4608 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll - ok
23:03:54.0182 4608 [ B2EEE3DEE31F50E082E9C720A6D7757D ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
23:03:54.0182 4608 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll - ok
23:03:54.0182 4608 [ 78B62E4C13378F737603136975A07E1A ] C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.dll
23:03:54.0182 4608 C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.dll - ok
23:03:54.0198 4608 [ E9901A7E569C4156FDA69F5C9356B8ED ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\OFFICE.ODF
23:03:54.0198 4608 C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\OFFICE.ODF - ok
23:03:54.0213 4608 [ B11FDCA4410D6252964EF97F9A47DE74 ] C:\Windows\System32\TSChannel.dll
23:03:54.0213 4608 C:\Windows\System32\TSChannel.dll - ok
23:03:54.0229 4608 [ 35F376253F687BDE63976CCB3F2108CA ] C:\Windows\System32\drivers\bowser.sys
23:03:54.0229 4608 C:\Windows\System32\drivers\bowser.sys - ok
23:03:54.0229 4608 [ 676CCC08D9E9A3F4CA39CB04E97048DF ] C:\PROGRA~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
23:03:54.0229 4608 C:\PROGRA~1\MICROS~2\Office14\1033\GrooveIntlResource.dll - ok
23:03:54.0244 4608 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] C:\Windows\System32\drivers\mpsdrv.sys
23:03:54.0244 4608 C:\Windows\System32\drivers\mpsdrv.sys - ok
23:03:54.0260 4608 [ 82CEA0395524AACFEB58BA1448E8325C ] C:\Windows\System32\drivers\mrxdav.sys
23:03:54.0260 4608 C:\Windows\System32\drivers\mrxdav.sys - ok
23:03:54.0260 4608 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] C:\Windows\System32\drivers\mrxsmb.sys
23:03:54.0260 4608 C:\Windows\System32\drivers\mrxsmb.sys - ok
23:03:54.0276 4608 [ 4FCCB34D793B116423209C0F8B7A3B03 ] C:\Windows\System32\drivers\mrxsmb10.sys
23:03:54.0276 4608 C:\Windows\System32\drivers\mrxsmb10.sys - ok
23:03:54.0291 4608 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] C:\Windows\System32\drivers\mrxsmb20.sys
23:03:54.0291 4608 C:\Windows\System32\drivers\mrxsmb20.sys - ok
23:03:54.0291 4608 [ FF33AFF99564B1AA534F58868CBE41EF ] C:\Windows\System32\drivers\srv2.sys
23:03:54.0291 4608 C:\Windows\System32\drivers\srv2.sys - ok
23:03:54.0307 4608 [ 5DE62C6E9108F14F6794060A9BDECAEC ] C:\Windows\System32\MPSSVC.dll
23:03:54.0307 4608 C:\Windows\System32\MPSSVC.dll - ok
23:03:54.0322 4608 [ 111C47816F39A91EAAA18DA0A54E8E63 ] C:\Windows\System32\imageres.dll
23:03:54.0322 4608 C:\Windows\System32\imageres.dll - ok
23:03:54.0322 4608 [ 08578F3CA5365F896D90CE2BF97FD000 ] C:\Windows\System32\IconCodecService.dll
23:03:54.0322 4608 C:\Windows\System32\IconCodecService.dll - ok
23:03:54.0338 4608 [ 8F0DE4FEF8201E306F9938B0905AC96A ] C:\Program Files\Google\Update\GoogleUpdate.exe
23:03:54.0338 4608 C:\Program Files\Google\Update\GoogleUpdate.exe - ok
23:03:54.0354 4608 [ 41987F9FC0E61ADF54F581E15029AD91 ] C:\Windows\System32\drivers\srv.sys
23:03:54.0354 4608 C:\Windows\System32\drivers\srv.sys - ok
23:03:54.0354 4608 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Program Files\Google\Update\1.3.21.123\goopdate.dll
23:03:54.0354 4608 C:\Program Files\Google\Update\1.3.21.123\goopdate.dll - ok
23:03:54.0369 4608 [ 782C8019C89920A77B1907AD3B4C8FF9 ] C:\Windows\System32\HotStartUserAgent.dll
23:03:54.0369 4608 C:\Windows\System32\HotStartUserAgent.dll - ok
23:03:54.0385 4608 [ 0745D6EAD386710110817FBEC03F5161 ] C:\Windows\System32\wfapigp.dll
23:03:54.0385 4608 C:\Windows\System32\wfapigp.dll - ok
23:03:54.0400 4608 [ B7EE47B4D960BF55BDD7EC1812373872 ] C:\Program Files\Real\RealUpgrade\realupgrade.exe
23:03:54.0400 4608 C:\Program Files\Real\RealUpgrade\realupgrade.exe - ok
23:03:54.0400 4608 [ A324D72A06C110152E7607745F39BFA1 ] C:\Windows\System32\netmsg.dll
23:03:54.0400 4608 C:\Windows\System32\netmsg.dll - ok
23:03:54.0416 4608 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
23:03:54.0416 4608 C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok
23:03:54.0432 4608 [ D333058925CE305E39DE8D5AD2B52A46 ] C:\Windows\System32\clusapi.dll
23:03:54.0432 4608 C:\Windows\System32\clusapi.dll - ok
23:03:54.0432 4608 [ 452341E471D2D961229DFE0842957272 ] C:\Windows\System32\sscore.dll
23:03:54.0432 4608 C:\Windows\System32\sscore.dll - ok
23:03:54.0447 4608 [ 5F1DEC3824E566457F53F24F493FEF08 ] C:\Windows\System32\mscms.dll
23:03:54.0447 4608 C:\Windows\System32\mscms.dll - ok
23:03:54.0463 4608 [ 57125869A7B9638A5D11DD685AA65EB4 ] C:\Windows\System32\PlaySndSrv.dll
23:03:54.0463 4608 C:\Windows\System32\PlaySndSrv.dll - ok
23:03:54.0463 4608 [ 6468C3FF6D0C7874FA8C619AF3E23B22 ] C:\Windows\System32\activeds.dll
23:03:54.0463 4608 C:\Windows\System32\activeds.dll - ok
23:03:54.0478 4608 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\Real\RealUpgrade\msvcr71.dll
23:03:54.0478 4608 C:\Program Files\Real\RealUpgrade\msvcr71.dll - ok
23:03:54.0494 4608 [ E9B9C1B98C8D6D48407E1C1203EAC659 ] C:\Windows\System32\adsldpc.dll
23:03:54.0494 4608 C:\Windows\System32\adsldpc.dll - ok
23:03:54.0494 4608 [ 43E1054C713C48D252A1826C5E14AACA ] C:\Windows\System32\MsCtfMonitor.dll
23:03:54.0494 4608 C:\Windows\System32\MsCtfMonitor.dll - ok
23:03:54.0510 4608 [ C6DA42ADA0C5FC8CB05744229D632B47 ] C:\Windows\System32\msutb.dll
23:03:54.0510 4608 C:\Windows\System32\msutb.dll - ok
23:03:54.0510 4608 [ 1311171CF8F6D2954441EF2A42693035 ] C:\Windows\System32\WsmRes.dll
23:03:54.0510 4608 C:\Windows\System32\WsmRes.dll - ok
23:03:54.0525 4608 [ 93E317D7AD783D8EAEE2E3500BFE889D ] C:\Windows\System32\credui.dll
23:03:54.0525 4608 C:\Windows\System32\credui.dll - ok
23:03:54.0541 4608 [ E230F3776F373F4C5E788794B53101E4 ] C:\Windows\System32\plasrv.exe
23:03:54.0541 4608 C:\Windows\System32\plasrv.exe - ok
23:03:54.0541 4608 [ 293C5CCD99D332ECC94637FEDA38D1F2 ] C:\Windows\System32\TMM.dll
23:03:54.0541 4608 C:\Windows\System32\TMM.dll - ok
23:03:54.0556 4608 [ B9F3FF52B84FD9E3CAFB29B8EE385E5B ] C:\Windows\System32\resutils.dll
23:03:54.0556 4608 C:\Windows\System32\resutils.dll - ok
23:03:54.0572 4608 [ 73FD66B14D3C4252F7A524B8836A4359 ] C:\Windows\System32\mstask.dll
23:03:54.0572 4608 C:\Windows\System32\mstask.dll - ok
23:03:54.0572 4608 [ D5DD87741F4511D88A97E6EF444604BD ] C:\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll
23:03:54.0572 4608 C:\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll - ok
23:03:54.0588 4608 [ 51BCE5D55D80FC7EEE10025656B80555 ] C:\Program Files\Trusteer\Rapport\bin\RapportKoan.dll
23:03:54.0588 4608 C:\Program Files\Trusteer\Rapport\bin\RapportKoan.dll - ok
23:03:54.0603 4608 [ A021AC9899224F9C52E5A093552D6D67 ] C:\Program Files\Trusteer\Rapport\bin\atl80.dll
23:03:54.0603 4608 C:\Program Files\Trusteer\Rapport\bin\atl80.dll - ok
23:03:54.0603 4608 [ C9CA375C04567CF6411118D719EDDF32 ] C:\Program Files\Trusteer\Rapport\bin\RapportTanzan3.dll
23:03:54.0603 4608 C:\Program Files\Trusteer\Rapport\bin\RapportTanzan3.dll - ok
23:03:54.0619 4608 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files\Real\RealUpgrade\msvcp71.dll
23:03:54.0619 4608 C:\Program Files\Real\RealUpgrade\msvcp71.dll - ok
23:03:54.0634 4608 [ BAD03DF1130100EC9CB10FC0D1010043 ] C:\Program Files\Trusteer\Rapport\bin\RapportTanzan35.dll
23:03:54.0634 4608 C:\Program Files\Trusteer\Rapport\bin\RapportTanzan35.dll - ok
23:03:54.0634 4608 [ F61450B8CE017D8CBBDFE8F2CC8A9FE1 ] C:\Program Files\Trusteer\Rapport\bin\RapportTanzan36.dll
23:03:54.0634 4608 C:\Program Files\Trusteer\Rapport\bin\RapportTanzan36.dll - ok
23:03:54.0650 4608 [ DC20CE23E0027243151BDEEE912B2692 ] C:\Program Files\Trusteer\Rapport\bin\RapportTanzan4.dll
23:03:54.0650 4608 C:\Program Files\Trusteer\Rapport\bin\RapportTanzan4.dll - ok
23:03:54.0666 4608 [ 742AADBF29F2B449FB3E55267FA79B69 ] C:\Program Files\Trusteer\Rapport\bin\RapportTanzan5.dll
23:03:54.0666 4608 C:\Program Files\Trusteer\Rapport\bin\RapportTanzan5.dll - ok
23:03:54.0681 4608 [ BFFCCCEDF31AAF2613A9A97761C37B8F ] C:\Program Files\Trusteer\Rapport\bin\RapportTanzan6.dll
23:03:54.0681 4608 C:\Program Files\Trusteer\Rapport\bin\RapportTanzan6.dll - ok
23:03:54.0681 4608 [ BDE89AB6F15F0093A2A7861D1FC413ED ] C:\Windows\System32\QAGENT.DLL
23:03:54.0681 4608 C:\Windows\System32\QAGENT.DLL - ok
23:03:54.0697 4608 [ 769D027B977CED05658C85E698D3C5B1 ] C:\Windows\System32\QUTIL.DLL
23:03:54.0697 4608 C:\Windows\System32\QUTIL.DLL - ok
23:03:54.0712 4608 [ DA61CBA3BC01AE31B972F9C4F2D83D90 ] C:\Program Files\Trusteer\Rapport\bin\RapportTanzan7.dll
23:03:54.0712 4608 C:\Program Files\Trusteer\Rapport\bin\RapportTanzan7.dll - ok
23:03:54.0712 4608 [ 8663FEB17D318A63D835B4CDFAE225AB ] C:\Program Files\Trusteer\Rapport\bin\RapportTanzan8.dll
23:03:54.0712 4608 C:\Program Files\Trusteer\Rapport\bin\RapportTanzan8.dll - ok
23:03:54.0728 4608 [ F05C96F9EB4E2095C00C6CB74F100042 ] C:\Program Files\Trusteer\Rapport\bin\RapportTanzan9.dll
23:03:54.0728 4608 C:\Program Files\Trusteer\Rapport\bin\RapportTanzan9.dll - ok
23:03:54.0744 4608 [ 9A6156BBF8DB56CC6167E488E046F8E2 ] C:\Program Files\Trusteer\Rapport\bin\RapportTanzan10.dll
23:03:54.0744 4608 C:\Program Files\Trusteer\Rapport\bin\RapportTanzan10.dll - ok
23:03:54.0744 4608 [ ACFD86C0FCBCE7855612D0A38EB1E47F ] C:\Program Files\Trusteer\Rapport\bin\RapportTanzan11.dll
23:03:54.0744 4608 C:\Program Files\Trusteer\Rapport\bin\RapportTanzan11.dll - ok
23:03:54.0759 4608 [ F2BB4395FED6F300E8DB9228280825A1 ] C:\Program Files\Trusteer\Rapport\bin\RapportTanzan12.dll
23:03:54.0759 4608 C:\Program Files\Trusteer\Rapport\bin\RapportTanzan12.dll - ok
23:03:54.0775 4608 [ 8C9F918263D6BBF964E4EC35B90782E5 ] C:\Program Files\Trusteer\Rapport\bin\RapportTanzan13.dll
23:03:54.0775 4608 C:\Program Files\Trusteer\Rapport\bin\RapportTanzan13.dll - ok
23:03:54.0775 4608 [ 093495D1CD9DE1EA372A94AE65C189D6 ] C:\Program Files\Trusteer\Rapport\bin\RapportTanzan14.dll
23:03:54.0775 4608 C:\Program Files\Trusteer\Rapport\bin\RapportTanzan14.dll - ok
23:03:54.0790 4608 [ 917E8E7758A6E140860A66650064291D ] C:\Program Files\Trusteer\Rapport\bin\RapportNikko.dll
23:03:54.0790 4608 C:\Program Files\Trusteer\Rapport\bin\RapportNikko.dll - ok
23:03:54.0806 4608 [ 1851C12437091DB8EBFB3F4F3408AB36 ] C:\Program Files\Real\RealUpgrade\Plugins\upgrade.dll
23:03:54.0806 4608 C:\Program Files\Real\RealUpgrade\Plugins\upgrade.dll - ok
23:03:54.0806 4608 [ 300E3336B7BD92A29404E6157521C120 ] C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
23:03:54.0806 4608 C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll - ok
23:03:54.0822 4608 [ 5466DCAEF5A648E04D1B6580F2C901B5 ] C:\Windows\System32\ieframe.dll
23:03:54.0822 4608 C:\Windows\System32\ieframe.dll - ok
23:03:54.0837 4608 [ A8EA3F37F4F31E620383F40526E723FE ] C:\Program Files\Java\jre7\bin\ssv.dll
23:03:54.0837 4608 C:\Program Files\Java\jre7\bin\ssv.dll - ok
23:03:54.0837 4608 [ 0FA9B5055484649D63C303FE404E5F4D ] C:\Windows\System32\drivers\parport.sys
23:03:54.0837 4608 C:\Windows\System32\drivers\parport.sys - ok
23:03:54.0853 4608 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:03:54.0853 4608 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
23:03:54.0868 4608 [ 330A1E4DF07C2E29949ED8631CD8828E ] C:\Windows\System32\AERTSrv.exe
23:03:54.0868 4608 C:\Windows\System32\AERTSrv.exe - ok
23:03:54.0868 4608 [ A5299D04ED225D64CF07A568A3E1BF8C ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:03:54.0868 4608 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
23:03:54.0884 4608 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
23:03:54.0884 4608 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
23:03:54.0900 4608 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
23:03:54.0900 4608 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
23:03:54.0900 4608 [ 6C63DC384A15E2AFD4A860031EF40267 ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
23:03:54.0900 4608 C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
23:03:54.0915 4608 [ 87E063F1E676C99B6C1C047794DEB115 ] C:\Program Files\Java\jre7\bin\jp2ssv.dll
23:03:54.0915 4608 C:\Program Files\Java\jre7\bin\jp2ssv.dll - ok
23:03:54.0931 4608 [ 64894527838C86454E2F378FF39FA336 ] C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
23:03:54.0931 4608 C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
23:03:54.0931 4608 [ EF8CD3C64EE9C08980D6D06CCCE46C68 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
23:03:54.0931 4608 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
23:03:54.0946 4608 [ C9680F06E51DB8B9A0772C20F3E10DB6 ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
23:03:54.0946 4608 C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
23:03:54.0962 4608 [ 78865ABC5F5D13190F8B35BD9044714A ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
23:03:54.0962 4608 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
23:03:54.0962 4608 [ FF9831030678C7B6D70BAC00F68F8976 ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
23:03:54.0962 4608 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
23:03:54.0978 4608 [ 5A963C340DE1A01BA6E24945CE05D16A ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
23:03:54.0978 4608 C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll - ok
23:03:54.0993 4608 [ F4BC62990E7E5C29799A895B80FC3177 ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
23:03:54.0993 4608 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
23:03:55.0009 4608 [ 149D74E1128A86DC9CFB2851FBEA11EB ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
23:03:55.0009 4608 C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll - ok
23:03:55.0009 4608 [ 1631B83DB38541CAE9F7E206CB91E441 ] C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
23:03:55.0009 4608 C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll - ok
23:03:55.0024 4608 [ 30F0DC266B46118E9FBCF5B2A30EB1DB ] C:\Windows\System32\wbem\wbemprox.dll
23:03:55.0024 4608 C:\Windows\System32\wbem\wbemprox.dll - ok
23:03:55.0024 4608 [ 74B8C2EA72D43727142D12397D5A49F9 ] C:\Windows\System32\wbemcomn.dll
23:03:55.0024 4608 C:\Windows\System32\wbemcomn.dll - ok
23:03:55.0040 4608 [ F6FD367C9EAAEDF90CD7A7952AE0B336 ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
23:03:55.0040 4608 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
23:03:55.0056 4608 [ 4E4EDF9CA82E95BAB2977DD9F21B00F6 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
23:03:55.0056 4608 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
23:03:55.0056 4608 [ 062373995EAE5F0EAC9EAA9192136BFB ] C:\Windows\System32\dnssd.dll
23:03:55.0056 4608 C:\Windows\System32\dnssd.dll - ok
23:03:55.0071 4608 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] C:\Program Files\Bonjour\mDNSResponder.exe
23:03:55.0071 4608 C:\Program Files\Bonjour\mDNSResponder.exe - ok
23:03:55.0087 4608 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] C:\Windows\System32\drivers\dsunidrv.sys
23:03:55.0087 4608 C:\Windows\System32\drivers\dsunidrv.sys - ok
23:03:55.0087 4608 [ 0E1B02C9CC352A1F61703B7D1A8A2C45 ] C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll
23:03:55.0087 4608 C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
23:03:55.0102 4608 [ 17FC3EDA0162F513E858B8C8FA7FA6E0 ] C:\Windows\System32\vssapi.dll
23:03:55.0102 4608 C:\Windows\System32\vssapi.dll - ok
23:03:55.0118 4608 [ AD48183027CAFCEBC322CB9CAC60F9B8 ] C:\Windows\System32\WSDApi.dll
23:03:55.0118 4608 C:\Windows\System32\WSDApi.dll - ok
23:03:55.0118 4608 [ F86293D93760C70ADF4F19E66E3FA5E8 ] C:\Windows\System32\httpapi.dll
23:03:55.0118 4608 C:\Windows\System32\httpapi.dll - ok
23:03:55.0134 4608 [ E7D0F91E44D9D3B2116FA549BDCDB756 ] C:\Windows\System32\wdscore.dll
23:03:55.0134 4608 C:\Windows\System32\wdscore.dll - ok
23:03:55.0149 4608 [ 6349F6ED9C623B44B52EA3C63C831A92 ] C:\Windows\System32\drivers\PEAuth.sys
23:03:55.0149 4608 C:\Windows\System32\drivers\PEAuth.sys - ok
23:03:55.0149 4608 [ 52E129522C1775DBB8CC252E7A0655C7 ] C:\Windows\System32\taskschd.dll
23:03:55.0149 4608 C:\Windows\System32\taskschd.dll - ok
23:03:55.0165 4608 [ 4EDA94333BDB75B1BC0A7610BED34F00 ] C:\Windows\System32\fundisc.dll
23:03:55.0165 4608 C:\Windows\System32\fundisc.dll - ok
23:03:55.0180 4608 [ 2E14406E05789F91C9282AE7CFCA3A07 ] C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
23:03:55.0180 4608 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll - ok
23:03:55.0180 4608 [ AB2B1DE1C8F31EFCE2384B14B3DC4260 ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
23:03:55.0180 4608 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe - ok
23:03:55.0196 4608 [ D0494460421A03CD5225CCA0059AA146 ] C:\Windows\System32\IPSECSVC.DLL
23:03:55.0196 4608 C:\Windows\System32\IPSECSVC.DLL - ok
23:03:55.0212 4608 [ DC3AE9F1554DCD97F90983DDBDACD83D ] C:\Windows\System32\vsstrace.dll
23:03:55.0212 4608 C:\Windows\System32\vsstrace.dll - ok
23:03:55.0212 4608 [ AF54247F97CCF3539DE7505C09972FF9 ] C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
23:03:55.0212 4608 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
23:03:55.0227 4608 [ F6C66188DEF298E2C3827AF6FB2C0637 ] C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\CPSCommonTools9.dll
23:03:55.0227 4608 C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\CPSCommonTools9.dll - ok
23:03:55.0243 4608 [ 09469B8EDD2755143FDA06867AAD7E73 ] C:\Windows\System32\cryptnet.dll
23:03:55.0243 4608 C:\Windows\System32\cryptnet.dll - ok
23:03:55.0243 4608 [ 6ABD253226770EAE1292B4C945ED4B4B ] C:\Windows\System32\msxml3.dll
23:03:55.0243 4608 C:\Windows\System32\msxml3.dll - ok
23:03:55.0258 4608 [ 3C03DB6F66C9792C9B6E30473E847CA2 ] C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
23:03:55.0258 4608 C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll - ok
23:03:55.0274 4608 [ 42608AE9AF2641EE473A1797C25CFFC2 ] C:\Windows\System32\FwRemoteSvr.dll
23:03:55.0274 4608 C:\Windows\System32\FwRemoteSvr.dll - ok
23:03:55.0290 4608 [ 1A09CB187440993FA5E24DE1EEB7B916 ] C:\Windows\System32\cfgmgr32.dll
23:03:55.0290 4608 C:\Windows\System32\cfgmgr32.dll - ok
23:03:55.0290 4608 [ F4D9ED6BD74AD7CC0BEC83C43A1CB76B ] C:\Windows\System32\ncsi.dll
23:03:55.0290 4608 C:\Windows\System32\ncsi.dll - ok
23:03:55.0305 4608 [ 01BCD91CC2B0EFDA4890F547010750BD ] C:\Windows\System32\ssdpapi.dll
23:03:55.0305 4608 C:\Windows\System32\ssdpapi.dll - ok
23:03:55.0321 4608 [ 1E9B9A70D332103C52995E957DC09EF8 ] C:\Windows\System32\drivers\fastfat.sys
23:03:55.0321 4608 C:\Windows\System32\drivers\fastfat.sys - ok
23:03:55.0336 4608 [ 8BA9851E671E8B5E49E303748FFD530C ] C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
23:03:55.0336 4608 C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
23:03:55.0336 4608 [ 5E33C164DC7FA74728D8A83036C438BB ] C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
23:03:55.0336 4608 C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll - ok
23:03:55.0352 4608 [ 5FCE5B36991DBAA99DA9E9C62D8E60AC ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\LeResourceLoader.dll
23:03:55.0352 4608 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\LeResourceLoader.dll - ok
23:03:55.0368 4608 [ 1BAC818025403333C11817DAFBCEE283 ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSFileLoader.dll
23:03:55.0368 4608 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSFileLoader.dll - ok
23:03:55.0368 4608 [ C7C30B24C8C57078654BA9574CE70E3D ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSCommonObjects.dll
23:03:55.0368 4608 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSCommonObjects.dll - ok
23:03:55.0383 4608 [ 41857DA3EA7A2568E1AAE8FEDC8D8939 ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSCommonEnglish.dll
23:03:55.0383 4608 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSCommonEnglish.dll - ok
23:03:55.0399 4608 [ 09DEF3ABB6A196749299359AC5578DD8 ] C:\Windows\System32\msxml4.dll
23:03:55.0399 4608 C:\Windows\System32\msxml4.dll - ok
23:03:55.0399 4608 [ 90A3935D05B494A5A39D37E71F09A677 ] C:\Windows\System32\drivers\secdrv.sys
23:03:55.0399 4608 C:\Windows\System32\drivers\secdrv.sys - ok
23:03:55.0414 4608 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] C:\Program Files\Skype\Updater\Updater.exe
23:03:55.0414 4608 C:\Program Files\Skype\Updater\Updater.exe - ok
23:03:55.0430 4608 [ 0D77554B62A9090EB05ECBB96058646E ] C:\Program Files\TalkTalk\bin\sprtsvc.exe
23:03:55.0430 4608 C:\Program Files\TalkTalk\bin\sprtsvc.exe - ok
23:03:55.0430 4608 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] C:\Windows\System32\drivers\tcpipreg.sys
23:03:55.0430 4608 C:\Windows\System32\drivers\tcpipreg.sys - ok
23:03:55.0446 4608 [ 0E8BE65DAA22027624A7289090E3841E ] C:\Program Files\Common Files\supportsoft\bin\tgsrvc.exe
23:03:55.0446 4608 C:\Program Files\Common Files\supportsoft\bin\tgsrvc.exe - ok
23:03:55.0461 4608 [ B997C867D7A252B8ED50E427425EBE81 ] C:\Program Files\TalkTalk\bin\sprtsched.dll
23:03:55.0461 4608 C:\Program Files\TalkTalk\bin\sprtsched.dll - ok
23:03:55.0461 4608 [ 85FCEA2958822100EA11B4E54B94710D ] C:\Program Files\TalkTalk\bin\sprtfod.dll
23:03:55.0461 4608 C:\Program Files\TalkTalk\bin\sprtfod.dll - ok
23:03:55.0477 4608 [ 0C84B6AFFA7486422235584110D7176F ] C:\Windows\System32\icaapi.dll
23:03:55.0477 4608 C:\Windows\System32\icaapi.dll - ok
23:03:55.0492 4608 [ 428FF21418ADCD6FAD6189CD9520A67B ] C:\Windows\System32\wiatrace.dll
23:03:55.0492 4608 C:\Windows\System32\wiatrace.dll - ok
23:03:55.0492 4608 [ 5144AE67D60EC653F97DDF3FEED29E77 ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
23:03:55.0492 4608 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE - ok
23:03:55.0508 4608 [ B1CC240B3B818E460929F4228039527E ] C:\Program Files\TalkTalk\bin\sprtsync.dll
23:03:55.0508 4608 C:\Program Files\TalkTalk\bin\sprtsync.dll - ok
23:03:55.0508 4608 [ 4DBA143F06BAD1DF935CB9603140CF2A ] C:\Windows\System32\wsdchngr.dll
23:03:55.0508 4608 C:\Windows\System32\wsdchngr.dll - ok
23:03:55.0524 4608 [ C2FA196F8DD651F04E120C7214F18FD1 ] C:\Program Files\TalkTalk\bin\libeay32.dll
23:03:55.0524 4608 C:\Program Files\TalkTalk\bin\libeay32.dll - ok
23:03:55.0539 4608 [ 1F18B9EA1BBFF033413414C3BEA13AD6 ] C:\Windows\System32\wbem\WinMgmtR.dll
23:03:55.0539 4608 C:\Windows\System32\wbem\WinMgmtR.dll - ok
23:03:55.0555 4608 [ 5EB87BA0B93CA7E894FC8002E3CE4C2A ] C:\Program Files\Common Files\microsoft shared\Windows Live\SQMAPI.DLL
23:03:55.0555 4608 C:\Program Files\Common Files\microsoft shared\Windows Live\SQMAPI.DLL - ok
23:03:55.0555 4608 [ 2205A220A264E8C8B86492BF3D112907 ] C:\Windows\System32\PortableDeviceApi.dll
23:03:55.0555 4608 C:\Windows\System32\PortableDeviceApi.dll - ok
23:03:55.0570 4608 [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files\Bonjour\mdnsNSP.dll
23:03:55.0570 4608 C:\Program Files\Bonjour\mdnsNSP.dll - ok
23:03:55.0570 4608 [ C411C80F90D6732380352B98B37BBD53 ] C:\Windows\System32\winrnr.dll
23:03:55.0570 4608 C:\Windows\System32\winrnr.dll - ok
23:03:55.0586 4608 [ A7D525E5C0D91C8C1D84C6BCD25AD77D ] C:\Windows\System32\rasadhlp.dll
23:03:55.0586 4608 C:\Windows\System32\rasadhlp.dll - ok
23:03:55.0602 4608 [ A1CF0ED4315C7EBFF0B8E86C36B86FE6 ] C:\ProgramData\Microsoft\IdentityCRL\production\wlidui.dll
23:03:55.0602 4608 C:\ProgramData\Microsoft\IdentityCRL\production\wlidui.dll - ok
23:03:55.0602 4608 [ B53BD9E63867CD9FD853F666CA172713 ] C:\Windows\System32\PortableDeviceConnectApi.dll
23:03:55.0602 4608 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
23:03:55.0617 4608 [ DEB9D08750423069647C3A066CEC7A1B ] C:\Windows\System32\tquery.dll
23:03:55.0617 4608 C:\Windows\System32\tquery.dll - ok
23:03:55.0633 4608 [ 218B73EA8341EA9FDF018D43052E790A ] C:\Windows\System32\mssrch.dll
23:03:55.0633 4608 C:\Windows\System32\mssrch.dll - ok
23:03:55.0633 4608 [ 867C301E8B790040AE9CF6486E8041DF ] C:\Windows\System32\drivers\WUDFRd.sys
23:03:55.0633 4608 C:\Windows\System32\drivers\WUDFRd.sys - ok
23:03:55.0648 4608 [ 8D78BA30DB4AE040A52EDEE725782715 ] C:\Windows\System32\actxprxy.dll
23:03:55.0648 4608 C:\Windows\System32\actxprxy.dll - ok
23:03:55.0664 4608 [ AAB5FEAABF4CB6F76D794203831C8D94 ] C:\Windows\System32\msidle.dll
23:03:55.0664 4608 C:\Windows\System32\msidle.dll - ok
23:03:55.0664 4608 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] C:\Windows\System32\netprofm.dll
23:03:55.0664 4608 C:\Windows\System32\netprofm.dll - ok
23:03:55.0680 4608 [ BF7E4D6F60A6D9E866432855C6F8C262 ] C:\Windows\System32\sqmapi.dll
23:03:55.0680 4608 C:\Windows\System32\sqmapi.dll - ok
23:03:55.0680 4608 [ 76FF9F849B0B56A73082DA8294821460 ] C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll
23:03:55.0680 4608 C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll - ok
23:03:55.0695 4608 [ B458B58F7BB97C48D01AC3CF5805AAAC ] C:\Windows\System32\Query.dll
23:03:55.0695 4608 C:\Windows\System32\Query.dll - ok
23:03:55.0711 4608 [ DFCAB29E8FD38F95650CC1E203E8D318 ] C:\Windows\System32\npmproxy.dll
23:03:55.0711 4608 C:\Windows\System32\npmproxy.dll - ok
23:03:55.0711 4608 [ 1D6B95871DC006190964B04E5657E35F ] C:\Windows\System32\rastapi.dll
23:03:55.0711 4608 C:\Windows\System32\rastapi.dll - ok
23:03:55.0742 4608 [ 6BC5FCEF351E4CB5A269C1E84B5A06DA ] C:\Windows\System32\netcfgx.dll
23:03:55.0742 4608 C:\Windows\System32\netcfgx.dll - ok
23:03:55.0758 4608 [ 8F58544719E1C435BC36A8B207096581 ] C:\Windows\System32\verclsid.exe
23:03:55.0758 4608 C:\Windows\System32\verclsid.exe - ok
23:03:55.0758 4608 [ B96B60EC821F86D445C9739A0F3DED59 ] C:\Windows\System32\unimdm.tsp
23:03:55.0758 4608 C:\Windows\System32\unimdm.tsp - ok
23:03:55.0773 4608 [ A952D0DED445F26AEFCF593A935AB300 ] C:\Windows\System32\hnetcfg.dll
23:03:55.0773 4608 C:\Windows\System32\hnetcfg.dll - ok
23:03:55.0789 4608 [ DFBAADF1B624DC71E88D34D86B3595BE ] C:\Windows\System32\uniplat.dll
23:03:55.0789 4608 C:\Windows\System32\uniplat.dll - ok
23:03:55.0789 4608 [ D7675F963BE522060140ECD15607BCB8 ] C:\Windows\System32\DLAAPI_W.DLL
23:03:55.0789 4608 C:\Windows\System32\DLAAPI_W.DLL - ok
23:03:55.0804 4608 [ D299BE72FB0554016F69C3CF04274D7C ] C:\Program Files\Roxio\Drag-to-Disc\ShellRes.DLL
23:03:55.0804 4608 C:\Program Files\Roxio\Drag-to-Disc\ShellRes.DLL - ok
23:03:55.0820 4608 [ BADC359C9A0D9C217B7E8DA17BF3F5BB ] C:\Windows\System32\ntshrui.dll
23:03:55.0820 4608 C:\Windows\System32\ntshrui.dll - ok
23:03:55.0820 4608 [ FC1EEE57EB9CD57279D70BA2A9131C38 ] C:\Windows\System32\wbem\wbemcore.dll
23:03:55.0820 4608 C:\Windows\System32\wbem\wbemcore.dll - ok
23:03:55.0836 4608 [ B8A21907FE2F1A113F3487D9AB60BEF9 ] C:\Windows\System32\en-US\tquery.dll.mui
23:03:55.0836 4608 C:\Windows\System32\en-US\tquery.dll.mui - ok
23:03:55.0836 4608 [ C10E13721B0AAEBEB5EBA914F1D18181 ] C:\Windows\System32\wbem\esscli.dll
23:03:55.0836 4608 C:\Windows\System32\wbem\esscli.dll - ok
23:03:55.0851 4608 [ 22DC784B32BEE306A99F50D6DC2460BC ] C:\Windows\System32\esent.dll
23:03:55.0851 4608 C:\Windows\System32\esent.dll - ok
23:03:55.0867 4608 [ BC5A34B6A14C93BF04E3F4E8EA57090A ] C:\Windows\System32\wbem\fastprox.dll
23:03:55.0867 4608 C:\Windows\System32\wbem\fastprox.dll - ok
23:03:55.0867 4608 [ B4B59AC042EE3733A862F26CBC0B17FC ] C:\Windows\System32\hidphone.tsp
23:03:55.0867 4608 C:\Windows\System32\hidphone.tsp - ok
23:03:55.0882 4608 [ 953193A9DEA40348C1086D171F6440AE ] C:\Windows\System32\kmddsp.tsp
23:03:55.0882 4608 C:\Windows\System32\kmddsp.tsp - ok
23:03:55.0898 4608 [ 2F6776ACEFE41EE889C464EA407918F2 ] C:\Windows\System32\ndptsp.tsp
23:03:55.0898 4608 C:\Windows\System32\ndptsp.tsp - ok
23:03:55.0898 4608 [ DB0F37DBA4C245C61E5936DDBDE62438 ] C:\Windows\System32\wbem\wbemsvc.dll
23:03:55.0898 4608 C:\Windows\System32\wbem\wbemsvc.dll - ok
23:03:55.0914 4608 [ 2C3B09E586BDA2CC49A292BE7BADC589 ] C:\Windows\System32\wbem\wmiutils.dll
23:03:55.0914 4608 C:\Windows\System32\wbem\wmiutils.dll - ok
23:03:55.0914 4608 [ F85134BF76CB335A39F8D7BC4173D4FB ] C:\Windows\System32\msscb.dll
23:03:55.0914 4608 C:\Windows\System32\msscb.dll - ok
23:03:55.0929 4608 [ 8B645890A93F1FBBC7DA3E07CC72D762 ] C:\Windows\System32\rasppp.dll
23:03:55.0929 4608 C:\Windows\System32\rasppp.dll - ok
23:03:55.0945 4608 [ 980B6A5F92B8DB235C4A26728C2BE732 ] C:\Windows\System32\WUDFHost.exe
23:03:55.0945 4608 C:\Windows\System32\WUDFHost.exe - ok
23:03:55.0945 4608 [ 56E315ACFB08A177B4D01E42B9044DB5 ] C:\Windows\System32\mprapi.dll
23:03:55.0945 4608 C:\Windows\System32\mprapi.dll - ok
23:03:55.0960 4608 [ 118D5C5B6FD11EF9120FEB59F8B1C2B6 ] C:\Windows\System32\eswiaud.dll
23:03:55.0960 4608 C:\Windows\System32\eswiaud.dll - ok
23:03:55.0976 4608 [ 834933F16EA839AC5AC7CBF88638DF27 ] C:\Windows\System32\wbem\repdrvfs.dll
23:03:55.0976 4608 C:\Windows\System32\wbem\repdrvfs.dll - ok
23:03:55.0976 4608 [ 88225070DD2F7B0B2ED51E7935078641 ] C:\Windows\System32\rasqec.dll
23:03:55.0976 4608 C:\Windows\System32\rasqec.dll - ok
23:03:55.0992 4608 [ 248A1F31ABB58DDDDC01490EF0BDC777 ] C:\Windows\System32\cryptui.dll
23:03:55.0992 4608 C:\Windows\System32\cryptui.dll - ok
23:03:56.0007 4608 [ E98E402067978DB38282158F9E8609CA ] C:\Windows\System32\netshell.dll
23:03:56.0007 4608 C:\Windows\System32\netshell.dll - ok
23:03:56.0007 4608 [ A36F7A256E65D858A7039DB00ADEEBDD ] C:\Windows\System32\WUDFx.dll
23:03:56.0007 4608 C:\Windows\System32\WUDFx.dll - ok
23:03:56.0023 4608 [ 119A487B94FCB54D5154EBFBFA124755 ] C:\Windows\System32\drivers\UMDF\WpdFs.dll
23:03:56.0023 4608 C:\Windows\System32\drivers\UMDF\WpdFs.dll - ok
23:03:56.0038 4608 [ C2C6C014B96581EC8BF0C8604DE1743E ] C:\Windows\System32\wbem\WmiPrvSD.dll
23:03:56.0038 4608 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
23:03:56.0038 4608 [ 50ABE7CDA2DAE898216121D14092C182 ] C:\Windows\System32\WMVCORE.DLL
23:03:56.0038 4608 C:\Windows\System32\WMVCORE.DLL - ok
23:03:56.0054 4608 [ A609A192E98934A8D352704C99AB8577 ] C:\Windows\System32\wbem\wbemess.dll
23:03:56.0054 4608 C:\Windows\System32\wbem\wbemess.dll - ok
23:03:56.0070 4608 [ 36CCD8A79539C4ACE3BABE09C2CFBA16 ] C:\Windows\System32\WMASF.DLL
23:03:56.0070 4608 C:\Windows\System32\WMASF.DLL - ok
23:03:56.0070 4608 [ F0062778F50838145AC46B384FFB4FA3 ] C:\Windows\System32\pcadm.dll
23:03:56.0070 4608 C:\Windows\System32\pcadm.dll - ok
23:03:56.0085 4608 [ 1DFC366D2154EF2B381A7F2CB165C7F4 ] C:\Windows\System32\diagperf.dll
23:03:56.0085 4608 C:\Windows\System32\diagperf.dll - ok
23:03:56.0085 4608 [ FEA6D21F78922D641A0C9346D885133B ] C:\Windows\System32\mssprxy.dll
23:03:56.0085 4608 C:\Windows\System32\mssprxy.dll - ok
23:03:56.0101 4608 [ B2B117BD8D1EA80536CDD91797EF4A0A ] C:\Windows\System32\PortableDeviceClassExtension.dll
23:03:56.0101 4608 C:\Windows\System32\PortableDeviceClassExtension.dll - ok
23:03:56.0101 4608 [ 21322832C99E8DE85BD047689A2A69DB ] C:\Windows\System32\pnpts.dll
23:03:56.0116 4608 C:\Windows\System32\pnpts.dll - ok
23:03:56.0116 4608 [ F21F255B91CA4F04E4250DECD2067CBB ] C:\Windows\System32\bitsperf.dll
23:03:56.0116 4608 C:\Windows\System32\bitsperf.dll - ok
23:03:56.0132 4608 [ 883D02AB5D350BC45E0F60E8CFA97FDC ] C:\Windows\System32\PortableDeviceTypes.dll
23:03:56.0132 4608 C:\Windows\System32\PortableDeviceTypes.dll - ok
23:03:56.0132 4608 [ 3606CE1AC3D6A9A9CB7DB35D7F5C54EC ] C:\Windows\System32\shfolder.dll
23:03:56.0132 4608 C:\Windows\System32\shfolder.dll - ok
23:03:56.0148 4608 [ 632557F2495931D952161465AA177B3B ] C:\Windows\System32\bitsigd.dll
23:03:56.0148 4608 C:\Windows\System32\bitsigd.dll - ok
23:03:56.0163 4608 [ 3192ED5E2FFDF5B630541B9643AE1AA3 ] C:\Windows\System32\upnp.dll
23:03:56.0163 4608 C:\Windows\System32\upnp.dll - ok
23:03:56.0163 4608 [ 9495FCC01D7AB7B60E5B8BA7AEFE9E3D ] C:\Windows\System32\wbem\WmiPrvSE.exe
23:03:56.0163 4608 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
23:03:56.0179 4608 [ 10F13FFF542FEC4A2C4FA734EEBE56B9 ] C:\Windows\System32\qmgrprxy.dll
23:03:56.0179 4608 C:\Windows\System32\qmgrprxy.dll - ok
23:03:56.0194 4608 [ 9A6A653ADF28D9D69670B48F535E6B90 ] C:\Windows\System32\runonce.exe
23:03:56.0194 4608 C:\Windows\System32\runonce.exe - ok
23:03:56.0194 4608 [ F723422A11CD6FA13036746272200993 ] C:\Windows\System32\wbem\cimwin32.dll
23:03:56.0194 4608 C:\Windows\System32\wbem\cimwin32.dll - ok
23:03:56.0210 4608 [ 67BB7141F7F5F37411F796943B3418B6 ] C:\Windows\System32\framedynos.dll
23:03:56.0210 4608 C:\Windows\System32\framedynos.dll - ok
23:03:56.0226 4608 [ 74F26FC01B180D4A99A168ED69C30A53 ] C:\Windows\System32\cmd.exe
23:03:56.0226 4608 C:\Windows\System32\cmd.exe - ok
23:03:56.0226 4608 [ 63396CBB1365769D520E0FD89C2419F2 ] C:\Windows\System32\localspl.dll
23:03:56.0226 4608 C:\Windows\System32\localspl.dll - ok
23:03:56.0241 4608 [ F4E1AA5D59C849A4AB47E895DC76B9C8 ] C:\Windows\System32\sfc.dll
23:03:56.0241 4608 C:\Windows\System32\sfc.dll - ok
23:03:56.0257 4608 [ B20DD954D1AD81E47018A2033E233A32 ] C:\Windows\System32\E_FLBFDE.DLL
23:03:56.0257 4608 C:\Windows\System32\E_FLBFDE.DLL - ok
23:03:56.0257 4608 [ 87CDFFCBD09C1CA03A068343D5D93250 ] C:\Windows\System32\wmi.dll
23:03:56.0257 4608 C:\Windows\System32\wmi.dll - ok
23:03:56.0272 4608 [ EBCDE8B48FADC6479D96A56D0A432160 ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
23:03:56.0272 4608 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe - ok
23:03:56.0288 4608 [ B288FF7C1987A736726E87C79148C360 ] C:\Windows\System32\PortableDeviceWiaCompat.dll
23:03:56.0288 4608 C:\Windows\System32\PortableDeviceWiaCompat.dll - ok
23:03:56.0288 4608 [ 7D1A10A1F3562CCA1FD38E9BADA8FEC0 ] C:\Windows\System32\perfos.dll
23:03:56.0288 4608 C:\Windows\System32\perfos.dll - ok
23:03:56.0304 4608 [ 37EAAE02EBF3B89F4F7BD1D40761F80B ] C:\Windows\System32\hpz3l4pi.dll
23:03:56.0304 4608 C:\Windows\System32\hpz3l4pi.dll - ok
23:03:56.0304 4608 [ BB0EB921877A1A7EF15AE2D97A71CBA9 ] C:\Windows\System32\tcpmon.dll
23:03:56.0319 4608 C:\Windows\System32\tcpmon.dll - ok
23:03:56.0319 4608 [ AF24A9DF84637BF9858EC6FB88EBA7B2 ] C:\Windows\System32\snmpapi.dll
23:03:56.0319 4608 C:\Windows\System32\snmpapi.dll - ok
23:03:56.0335 4608 [ 1EDE113859276E4B0F19B80F39E2CC95 ] C:\Windows\System32\wsnmp32.dll
23:03:56.0335 4608 C:\Windows\System32\wsnmp32.dll - ok
23:03:56.0335 4608 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Phil\AppData\Local\Temp\C3035B35-6A85-4969-BF9D-E38D65B94BCA.exe
23:03:56.0350 4608 C:\Users\Phil\AppData\Local\Temp\C3035B35-6A85-4969-BF9D-E38D65B94BCA.exe - ok
23:03:56.0350 4608 [ B4F5DE3DAD8E6B97272F45DB97674878 ] C:\Windows\System32\mgmtapi.dll
23:03:56.0350 4608 C:\Windows\System32\mgmtapi.dll - ok
23:03:56.0366 4608 [ 5091452DC719281CF1DD69367E13B494 ] C:\Windows\System32\tcpmib.dll
23:03:56.0366 4608 C:\Windows\System32\tcpmib.dll - ok
23:03:56.0366 4608 [ 0BF0BB276F17B6AD61A8694D2551EC28 ] C:\Windows\System32\usbmon.dll
23:03:56.0366 4608 C:\Windows\System32\usbmon.dll - ok
23:03:56.0382 4608 [ 0EB1CC5EBFCAAB7DBAEE881E2887F7F9 ] C:\Windows\System32\WSDMon.dll
23:03:56.0382 4608 C:\Windows\System32\WSDMon.dll - ok
23:03:56.0382 4608 [ 9B8DDEEDB31EDD8042D3B337B47D0409 ] C:\Windows\System32\spool\prtprocs\w32x86\hpzpp4pi.dll
23:03:56.0382 4608 C:\Windows\System32\spool\prtprocs\w32x86\hpzpp4pi.dll - ok
23:03:56.0397 4608 [ C90B296C43EDD9DD1751AD3B590ACDE6 ] C:\Windows\System32\win32spl.dll
23:03:56.0397 4608 C:\Windows\System32\win32spl.dll - ok
23:03:56.0413 4608 [ 4BF053944E973C073339BE841C9ECF28 ] C:\Windows\System32\netrap.dll
23:03:56.0413 4608 C:\Windows\System32\netrap.dll - ok
23:03:56.0413 4608 [ E340845C8E96D107C36420065D7A5733 ] C:\Windows\System32\printcom.dll
23:03:56.0413 4608 C:\Windows\System32\printcom.dll - ok
23:03:56.0428 4608 [ 2E8E30F3B318A9FDA5A2485723F4C2B3 ] C:\Windows\System32\inetpp.dll
23:03:56.0428 4608 C:\Windows\System32\inetpp.dll - ok
23:03:56.0444 4608 [ 83C2F5076E1B4A63C04F2B14EE7CAD47 ] C:\Windows\System32\wbem\wbemdisp.dll
23:03:56.0444 4608 C:\Windows\System32\wbem\wbemdisp.dll - ok
23:03:56.0444 4608 [ A18AEC9A43D158874075C5B5C1629B4B ] C:\Program Files\Common Files\microsoft shared\DAO\dao360.dll
23:03:56.0444 4608 C:\Program Files\Common Files\microsoft shared\DAO\dao360.dll - ok
23:03:56.0460 4608 [ 7CE1E4240F9FA41EE85683B9EEAB8767 ] C:\Windows\System32\msjet40.dll
23:03:56.0460 4608 C:\Windows\System32\msjet40.dll - ok
23:03:56.0475 4608 [ CA21FA27DF770C209F272B74B9C2B4C4 ] C:\Windows\System32\srwmi.dll
23:03:56.0475 4608 C:\Windows\System32\srwmi.dll - ok
23:03:56.0475 4608 [ 43AEF7355D24090CA7C24C83846BD981 ] C:\Windows\System32\spp.dll
23:03:56.0475 4608 C:\Windows\System32\spp.dll - ok
23:03:56.0491 4608 [ BC8E5F6AAF447364A6F6A00D3F8FAF29 ] C:\Windows\System32\srclient.dll
23:03:56.0491 4608 C:\Windows\System32\srclient.dll - ok
23:03:56.0506 4608 [ E0B787702BAF0CF4CEDF8F61B71F8383 ] C:\Windows\System32\mswstr10.dll
23:03:56.0506 4608 C:\Windows\System32\mswstr10.dll - ok
23:03:56.0506 4608 [ 4995B131F6B4DA0F8F7D2191E37054BD ] C:\Windows\System32\vbajet32.dll
23:03:56.0506 4608 C:\Windows\System32\vbajet32.dll - ok
23:03:56.0522 4608 [ 254AC97C9AF4DDF3F5F57855198527B7 ] C:\Windows\System32\wermgr.exe
23:03:56.0522 4608 C:\Windows\System32\wermgr.exe - ok
23:03:56.0538 4608 [ 254C64B570A99F10952ACA71F24A2236 ] C:\Windows\System32\expsrv.dll
23:03:56.0538 4608 C:\Windows\System32\expsrv.dll - ok
23:03:56.0538 4608 [ AAAE543C535ED596ECAD2AB8761C2C6F ] C:\Windows\System32\dxgi.dll
23:03:56.0538 4608 C:\Windows\System32\dxgi.dll - ok
23:03:56.0553 4608 [ 86947F0A12A04408467305A8437140A6 ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSAlbumObjects.dll
23:03:56.0553 4608 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSAlbumObjects.dll - ok
23:03:56.0553 4608 [ 79B0463638C7ED08DB71FE3437C95A44 ] C:\Windows\System32\msjtes40.dll
23:03:56.0553 4608 C:\Windows\System32\msjtes40.dll - ok
23:03:56.0569 4608 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\Windows\System32\wuapi.dll
23:03:56.0569 4608 C:\Windows\System32\wuapi.dll - ok
23:03:56.0584 4608 [ 8BE000F9A0B0FF7194AAEFB02C9BDE99 ] C:\Windows\System32\wer.dll
23:03:56.0584 4608 C:\Windows\System32\wer.dll - ok
23:03:56.0584 4608 [ 900A9D261859EC999C9C7243410C3203 ] C:\Program Files\Common Files\Roxio Shared\DLLShared\HomeUtils9.dll
23:03:56.0584 4608 C:\Program Files\Common Files\Roxio Shared\DLLShared\HomeUtils9.dll - ok
23:03:56.0600 4608 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\Windows\System32\wups.dll
23:03:56.0600 4608 C:\Windows\System32\wups.dll - ok
23:03:56.0616 4608 [ 743E556A998074ED7EEB99CA495B2E5D ] C:\Program Files\Common Files\Roxio Shared\DLLShared\rsl.dll
23:03:56.0616 4608 C:\Program Files\Common Files\Roxio Shared\DLLShared\rsl.dll - ok
23:03:56.0616 4608 [ F35A584E947A5B401FEB0FE01DB4A0D7 ] C:\Windows\System32\mfc71.dll
23:03:56.0616 4608 C:\Windows\System32\mfc71.dll - ok
23:03:56.0631 4608 [ 5E41139EC6EFBCAFFD96D46925E544AB ] C:\Windows\System32\mspatcha.dll
23:03:56.0631 4608 C:\Windows\System32\mspatcha.dll - ok
23:03:56.0631 4608 [ E91B5FA739CCF7F0CE3282B0FCFA5108 ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
23:03:56.0631 4608 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE - ok
23:03:56.0647 4608 [ 24F90AEFEBE601D427CB4511E74CDCB6 ] C:\Windows\System32\linkinfo.dll
23:03:56.0647 4608 C:\Windows\System32\linkinfo.dll - ok
23:03:56.0662 4608 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\Windows\System32\wups2.dll
23:03:56.0662 4608 C:\Windows\System32\wups2.dll - ok
23:03:56.0662 4608 [ BF899F57858B8C6F162D9EEB2370641C ] C:\Windows\System32\wercon.exe
23:03:56.0662 4608 C:\Windows\System32\wercon.exe - ok
23:03:56.0678 4608 [ BAF751E7061FF626AA60F56D1D5D1FDC ] C:\Windows\System32\MFC71ENU.DLL
23:03:56.0678 4608 C:\Windows\System32\MFC71ENU.DLL - ok
23:03:56.0694 4608 [ 3C84FCA13C4EB607478A45F2D7E16DB3 ] C:\Program Files\Common Files\Roxio Shared\DLLShared\SonicHTTPClient9.dll
23:03:56.0694 4608 C:\Program Files\Common Files\Roxio Shared\DLLShared\SonicHTTPClient9.dll - ok
23:03:56.0694 4608 [ DCA3FA9F9DD103DC39C24C85EF073DB1 ] C:\Windows\System32\icmp.dll
23:03:56.0694 4608 C:\Windows\System32\icmp.dll - ok
23:03:56.0709 4608 [ 24422E879BAEA2B69C9B131548D16888 ] C:\Program Files\Common Files\Roxio Shared\DLLShared\rcsl.dll
23:03:56.0709 4608 C:\Program Files\Common Files\Roxio Shared\DLLShared\rcsl.dll - ok
23:03:56.0725 4608 [ 0A990AFB9F2726323D61C8ECB8B70B17 ] C:\Windows\System32\security.dll
23:03:56.0725 4608 C:\Windows\System32\security.dll - ok
23:03:56.0725 4608 [ C8DBFEF835FF54467425C8F3ABCF7046 ] C:\Windows\System32\dssenh.dll
23:03:56.0725 4608 C:\Windows\System32\dssenh.dll - ok
23:03:56.0740 4608 [ 5FA382106B145A920E2A4F7087AF1B90 ] C:\Windows\System32\wbem\wmipcima.dll
23:03:56.0740 4608 C:\Windows\System32\wbem\wmipcima.dll - ok
23:03:56.0756 4608 [ 7ADD03E75BEB9E6DD102C3081D29840A ] C:\Windows\System32\drivers\cdfs.sys
23:03:56.0756 4608 C:\Windows\System32\drivers\cdfs.sys - ok
23:03:56.0756 4608 [ 70C6489D56008D75DEDF73226FA63C11 ] C:\Windows\System32\dimsjob.dll
23:03:56.0756 4608 C:\Windows\System32\dimsjob.dll - ok
23:03:56.0772 4608 [ 98638A4CA187245C469DA0DEC4F04A45 ] C:\Windows\System32\pautoenr.dll
23:03:56.0772 4608 C:\Windows\System32\pautoenr.dll - ok
23:03:56.0787 4608 [ C8AE490A93C3CC2E537B6E06247785A1 ] C:\Windows\System32\wbem\NCProv.dll
23:03:56.0787 4608 C:\Windows\System32\wbem\NCProv.dll - ok
23:03:56.0787 4608 [ AC48FD62E22C4425879FCA5A63F50497 ] C:\Windows\System32\certcli.dll
23:03:56.0787 4608 C:\Windows\System32\certcli.dll - ok
23:03:56.0803 4608 [ E3F535656B5ABF249702EB64F3CF9AF0 ] C:\Windows\System32\wbem\wbemcons.dll
23:03:56.0803 4608 C:\Windows\System32\wbem\wbemcons.dll - ok
23:03:56.0818 4608 [ 0053319C4438CDE659AA75C19BBD22F1 ] C:\Windows\System32\CertEnroll.dll
23:03:56.0818 4608 C:\Windows\System32\CertEnroll.dll - ok
23:03:56.0818 4608 [ 35199EC35EDC7DCBA71FDA711DFB05C0 ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys
23:03:56.0818 4608 C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys - ok
23:03:56.0834 4608 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\Windows\System32\wuauclt.exe
23:03:56.0834 4608 C:\Windows\System32\wuauclt.exe - ok
23:03:56.0850 4608 [ 285C594C4913FA9DC7BB6BA3AD6F101A ] C:\Windows\System32\wucltux.dll
23:03:56.0850 4608 C:\Windows\System32\wucltux.dll - ok
23:03:56.0850 4608 [ B5EF1DA337DB9859709A387638AC5E07 ] C:\Windows\System32\SearchProtocolHost.exe
23:03:56.0850 4608 C:\Windows\System32\SearchProtocolHost.exe - ok
23:03:56.0865 4608 [ 582BE479E7E286BB3B31C5A4C3DC3987 ] C:\Windows\System32\msshooks.dll
23:03:56.0865 4608 C:\Windows\System32\msshooks.dll - ok
23:03:56.0865 4608 [ 771AF583BC58373A84496CCD52C36E33 ] C:\Windows\System32\mssvp.dll
23:03:56.0865 4608 C:\Windows\System32\mssvp.dll - ok
23:03:56.0881 4608 [ 98C77FD99F3DB37B2C03F32B8F837B65 ] C:\Windows\System32\mapi32.dll
23:03:56.0881 4608 C:\Windows\System32\mapi32.dll - ok
23:03:56.0881 4608 [ 351319EF11C263C95FB721AC76F436D6 ] C:\Windows\System32\mssph.dll
23:03:56.0881 4608 C:\Windows\System32\mssph.dll - ok
23:03:56.0896 4608 [ 07ACE87D978985460F248CBD33F2D2C1 ] C:\Program Files\Microsoft Office\Office14\MAPIPH.DLL
23:03:56.0896 4608 C:\Program Files\Microsoft Office\Office14\MAPIPH.DLL - ok
23:03:56.0912 4608 [ 390070A88E7690C1128876ED3F8B6A4D ] C:\Program Files\Microsoft Office\Office14\OLMAPI32.DLL
23:03:56.0912 4608 C:\Program Files\Microsoft Office\Office14\OLMAPI32.DLL - ok
23:03:56.0928 4608 [ 911F487F7DD6538AC9FB17DEDFD5117F ] C:\Program Files\Common Files\microsoft shared\OFFICE14\MSO.DLL
23:03:56.0928 4608 C:\Program Files\Common Files\microsoft shared\OFFICE14\MSO.DLL - ok
23:03:56.0928 4608 [ 1AAD451CCBECE62987591B35AE8037A8 ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
23:03:56.0928 4608 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe - ok
23:03:56.0943 4608 [ D706A6F8532AA65F3B40C8749F57B79A ] C:\Program Files\Epson Software\Event Manager\EEventManager.exe
23:03:56.0943 4608 C:\Program Files\Epson Software\Event Manager\EEventManager.exe - ok
23:03:56.0959 4608 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
23:03:56.0959 4608 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe - ok
23:03:56.0959 4608 [ 7685012305BC2C395139BAA9A1D7462E ] C:\Program Files\TalkTalk\bin\sprtcmd.exe
23:03:56.0959 4608 C:\Program Files\TalkTalk\bin\sprtcmd.exe - ok
23:03:56.0974 4608 [ E290E3FDF645DF29D00D6368B9127E30 ] C:\Windows\System32\msfeeds.dll
23:03:56.0974 4608 C:\Windows\System32\msfeeds.dll - ok
23:03:56.0990 4608 [ 554446B4C9B3FD663F183F77FC74E7CA ] C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
23:03:56.0990 4608 C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL - ok
23:03:56.0990 4608 [ C9EE7FF225EAC1CB9C78C413667CDB80 ] C:\Windows\System32\SearchFilterHost.exe
23:03:56.0990 4608 C:\Windows\System32\SearchFilterHost.exe - ok
23:03:57.0006 4608 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:03:57.0006 4608 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
23:03:57.0021 4608 [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\System32\msvcr100_clr0400.dll
23:03:57.0021 4608 C:\Windows\System32\msvcr100_clr0400.dll - ok
23:03:57.0021 4608 [ 128DD9AF8640DBCC711940903C8B554F ] C:\Windows\System32\mscoree.dll
23:03:57.0021 4608 C:\Windows\System32\mscoree.dll - ok
23:03:57.0037 4608 [ 7AAC8CBAD3FE103F380076E7F679CE88 ] C:\Program Files\Google\Update\1.3.21.123\goopdateres_en-GB.dll
23:03:57.0037 4608 C:\Program Files\Google\Update\1.3.21.123\goopdateres_en-GB.dll - ok
23:03:57.0052 4608 [ 8078F8F8F7A79E2E6B494523A828C585 ] C:\Windows\System32\msdtckrm.dll
23:03:57.0052 4608 C:\Windows\System32\msdtckrm.dll - ok
23:03:57.0052 4608 [ F8D8BB3F6173FFF00128612F33D3197A ] C:\Windows\System32\wbem\WMIADAP.exe
23:03:57.0052 4608 C:\Windows\System32\wbem\WMIADAP.exe - ok
23:03:57.0068 4608 [ 8B2D61CA83825CEAD423228ACD40CFBC ] C:\Windows\System32\loadperf.dll
23:03:57.0068 4608 C:\Windows\System32\loadperf.dll - ok
23:03:57.0084 4608 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
23:03:57.0084 4608 C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe - ok
23:03:57.0084 4608 [ BA0ED7AA3C36A8DA27DED1D6B3508158 ] C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
23:03:57.0084 4608 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - ok
23:03:57.0099 4608 [ 0200D126A4DC2721C0B7DD85DACB7CC6 ] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
23:03:57.0099 4608 C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll - ok
23:03:57.0115 4608 [ D46ED7D33E847CD9E78E9F02910536B5 ] C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
23:03:57.0115 4608 C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll - ok
23:03:57.0130 4608 [ EA3329E06D7C794B788CEADA90AB7000 ] C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
23:03:57.0130 4608 C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll - ok
23:03:57.0130 4608 [ A5D08B86E8A437AA6DEAF7A187BF6CA5 ] C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
23:03:57.0130 4608 C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL - ok
23:03:57.0146 4608 [ 1A4F60EF6DA38621F1091B0CB0FA2C09 ] C:\Program Files\BAE\BAE.dll
23:03:57.0146 4608 C:\Program Files\BAE\BAE.dll - ok
23:03:57.0146 4608 [ 7E04B7EDE397A41D56212238A8F97354 ] C:\Windows\System32\srcore.dll
23:03:57.0146 4608 C:\Windows\System32\srcore.dll - ok
23:03:57.0162 4608 [ 80C97417CCE0C1E1FBC09894C55CC231 ] C:\Windows\System32\sxproxy.dll
23:03:57.0162 4608 C:\Windows\System32\sxproxy.dll - ok
23:03:57.0177 4608 [ F8DE6670A5F7A1676C640925A1112B1E ] C:\Windows\System32\xolehlp.dll
23:03:57.0177 4608 C:\Windows\System32\xolehlp.dll - ok
23:03:57.0177 4608 [ AF25ECAA3D7F85DC13E348A6F79AD40D ] C:\Windows\System32\vss_ps.dll
23:03:57.0177 4608 C:\Windows\System32\vss_ps.dll - ok
23:03:57.0193 4608 [ A36E1A0CB17DDDF6E0BF3CEA4E7A52EC ] C:\Windows\System32\catsrvut.dll
23:03:57.0193 4608 C:\Windows\System32\catsrvut.dll - ok
23:03:57.0193 4608 [ 169F4763D943FB712948292066318635 ] C:\Windows\System32\catsrv.dll
23:03:57.0208 4608 C:\Windows\System32\catsrv.dll - ok
23:03:57.0208 4608 [ DE3021B382D37122850280B6392397CD ] C:\Windows\System32\mfcsubs.dll
23:03:57.0208 4608 C:\Windows\System32\mfcsubs.dll - ok
23:03:57.0224 4608 [ 95A5497D129D95D12A46F7848AFFE1DB ] C:\Windows\System32\comsvcs.dll
23:03:57.0224 4608 C:\Windows\System32\comsvcs.dll - ok
23:03:57.0224 4608 [ B17D18FD6594AAA25CBC95E799B1BF40 ] C:\Windows\System32\logon.scr
23:03:57.0224 4608 C:\Windows\System32\logon.scr - ok
23:03:57.0240 4608 [ E8B0A9ECB76AAA0C3519E16F34A49858 ] C:\Windows\System32\wsqmcons.exe
23:03:57.0240 4608 C:\Windows\System32\wsqmcons.exe - ok
23:03:57.0255 4608 [ 8A38B5E8493A9D103083B8620AC5F3A1 ] C:\Windows\System32\tdh.dll
23:03:57.0255 4608 C:\Windows\System32\tdh.dll - ok
23:03:57.0255 4608 [ 801F1E963F7EEFFDA3F9EF89DB3EF133 ] C:\Windows\System32\radardt.dll
23:03:57.0255 4608 C:\Windows\System32\radardt.dll - ok
23:03:57.0271 4608 [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042 ] C:\Program Files\Microsoft Security Client\sqmapi.dll
23:03:57.0271 4608 C:\Program Files\Microsoft Security Client\sqmapi.dll - ok
23:03:57.0286 4608 [ 42B311AED708D3773C5A94F1F92F581E ] C:\Windows\System32\lpremove.exe
23:03:57.0286 4608 C:\Windows\System32\lpremove.exe - ok
23:03:57.0286 4608 [ FBD6B3BB2A40478DF5434A073D571CAE ] C:\Windows\System32\RacAgent.exe
23:03:57.0286 4608 C:\Windows\System32\RacAgent.exe - ok
23:03:57.0302 4608 [ 9EFF12E09FF0EA85D43A3AC1F1EEBCE9 ] C:\Windows\System32\RacEngn.dll
23:03:57.0302 4608 C:\Windows\System32\RacEngn.dll - ok
23:03:57.0318 4608 [ 01FB02762AEF28A55CF21363D3919AB4 ] C:\Windows\System32\lpksetup.exe
23:03:57.0318 4608 C:\Windows\System32\lpksetup.exe - ok
23:03:57.0318 4608 [ 1F171553F1138DC0062A71A7D275055A ] C:\Windows\System32\schtasks.exe
23:03:57.0318 4608 C:\Windows\System32\schtasks.exe - ok
23:03:57.0333 4608 [ 3A72AB0BAF2DC1AE0BA6E1EE28FFCC0B ] C:\Windows\System32\msftedit.dll
23:03:57.0333 4608 C:\Windows\System32\msftedit.dll - ok
23:03:57.0349 4608 [ 12BCF4DAD8E5A1B3D5FA7AB4A79DA105 ] C:\Windows\System32\sfc_os.dll
23:03:57.0349 4608 C:\Windows\System32\sfc_os.dll - ok
23:03:57.0349 4608 [ C0B8B96D018849FD8CCF15FED84E8782 ] C:\Windows\System32\ie4uinit.exe
23:03:57.0349 4608 C:\Windows\System32\ie4uinit.exe - ok
23:03:57.0364 4608 [ F0FEFB0B5D25A75D478A4317139D937E ] C:\Windows\System32\iedkcs32.dll
23:03:57.0364 4608 C:\Windows\System32\iedkcs32.dll - ok
23:03:57.0380 4608 [ 4B19A9A4191353007E9819A832B81186 ] C:\Windows\System32\timedate.cpl
23:03:57.0380 4608 C:\Windows\System32\timedate.cpl - ok
23:03:57.0380 4608 [ FF41E1AC301F51E16F61AD7C0F45467C ] C:\Windows\System32\msshsq.dll
23:03:57.0380 4608 C:\Windows\System32\msshsq.dll - ok
23:03:57.0396 4608 [ 1CE4A2790EB4A96F4ED1E4264866AFE6 ] C:\Windows\System32\NaturalLanguage6.dll
23:03:57.0396 4608 C:\Windows\System32\NaturalLanguage6.dll - ok
23:03:57.0411 4608 [ AA111488C03C58A2BF66509ABB4FDE60 ] C:\Windows\System32\NlsData0009.dll
23:03:57.0411 4608 C:\Windows\System32\NlsData0009.dll - ok
23:03:57.0411 4608 [ 8629B71343F61E1140243581C63BC0C7 ] C:\Windows\System32\NlsLexicons0009.dll
23:03:57.0411 4608 C:\Windows\System32\NlsLexicons0009.dll - ok
23:03:57.0427 4608 [ DE7F813217EC88C0A6D4D8F2F39D7949 ] C:\Windows\System32\msiltcfg.dll
23:03:57.0427 4608 C:\Windows\System32\msiltcfg.dll - ok
23:03:57.0427 4608 [ B503285B5D1CAC5AE445D60C690DCFF9 ] C:\Windows\RtHDVCpl.exe
23:03:57.0427 4608 C:\Windows\RtHDVCpl.exe - ok
23:03:57.0442 4608 [ 5016B8FC59AD616F03813FBE63295081 ] C:\Windows\System32\thumbcache.dll
23:03:57.0442 4608 C:\Windows\System32\thumbcache.dll - ok
23:03:57.0458 4608 [ FF3BF05021BFECC92DB81B8257EEB026 ] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
23:03:57.0458 4608 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe - ok
23:03:57.0458 4608 [ 84B8827562B005C118CADBA0F25DB2C6 ] C:\Windows\System32\dsound.dll
23:03:57.0458 4608 C:\Windows\System32\dsound.dll - ok
23:03:57.0474 4608 [ BCB30677F086E0E84CFD22D1FEFF9BDB ] C:\DELL\E-Center\EULALauncher.exe
23:03:57.0474 4608 C:\DELL\E-Center\EULALauncher.exe - ok
23:03:57.0489 4608 [ 80BD4B26E2CBC0D65445D0463DFF6FC2 ] C:\Windows\System32\oledlg.dll
23:03:57.0489 4608 C:\Windows\System32\oledlg.dll - ok
23:03:57.0489 4608 [ 04044BF8E6989BE45FA718C24407CA28 ] C:\Windows\System32\networkexplorer.dll
23:03:57.0489 4608 C:\Windows\System32\networkexplorer.dll - ok
23:03:57.0505 4608 [ 39877CE56747FEA382175CD57D3BBA10 ] C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
23:03:57.0505 4608 C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll - ok
23:03:57.0520 4608 [ 59DAC066B544F434F3EF8FBE52BCF6CF ] C:\Program Files\Google\Google Desktop Search\GoogleServices.dll
23:03:57.0520 4608 C:\Program Files\Google\Google Desktop Search\GoogleServices.dll - ok
23:03:57.0520 4608 [ 61216539E55DDF2F78E421E7EF140650 ] C:\Windows\System32\ExplorerFrame.dll
23:03:57.0520 4608 C:\Windows\System32\ExplorerFrame.dll - ok
23:03:57.0536 4608 [ DF5F4ECACF6DF29A0738CCAE7E322371 ] C:\Program Files\Google\Google Desktop Search\GoogleDesktopCommon.dll
23:03:57.0536 4608 C:\Program Files\Google\Google Desktop Search\GoogleDesktopCommon.dll - ok
23:03:57.0552 4608 [ FD89A30C8A9FF4929ABC5039E6A527A4 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
23:03:57.0552 4608 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe - ok
23:03:57.0552 4608 [ E2724029D3648C2EB226D16678727FA9 ] C:\Program Files\Common Files\Real\Update_OB\realsched.exe
23:03:57.0552 4608 C:\Program Files\Common Files\Real\Update_OB\realsched.exe - ok
23:03:57.0567 4608 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\54846957.sys
23:03:57.0567 4608 C:\Windows\System32\drivers\54846957.sys - ok
23:03:57.0583 4608 [ 027E5E14C9CFF810377701BDEAD8210F ] C:\Windows\System32\control.exe
23:03:57.0583 4608 C:\Windows\System32\control.exe - ok
23:03:57.0583 4608 [ 285A5A3B3A450C365ABA2565C43B9453 ] C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en_gb.dll
23:03:57.0583 4608 C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en_gb.dll - ok
23:03:57.0598 4608 [ 4E79D74A5833CC409EB03FFC843594EB ] C:\Program Files\Common Files\Apple\Mobile Device Support\MobileMeNotification.dll
23:03:57.0598 4608 C:\Program Files\Common Files\Apple\Mobile Device Support\MobileMeNotification.dll - ok
23:03:57.0614 4608 [ 901AA7A38CE13F14B6BBEC38C0595698 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
23:03:57.0614 4608 C:\Program Files\Microsoft Office\Office14\BCSSync.exe - ok
23:03:57.0614 4608 [ 73430E79D6DF4DE9055E2A7742B881D3 ] C:\Program Files\QuickTime\QTTask.exe
23:03:57.0614 4608 C:\Program Files\QuickTime\QTTask.exe - ok
23:03:57.0630 4608 [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
23:03:57.0630 4608 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
23:03:57.0645 4608 [ EF24642D5FB52A1EEF56DE9E47CBB993 ] C:\Windows\System32\mfc42.dll
23:03:57.0645 4608 C:\Windows\System32\mfc42.dll - ok
23:03:57.0645 4608 [ 862363973DCBCC31DD161EF41A69153C ] C:\Windows\System32\odbc32.dll
23:03:57.0645 4608 C:\Windows\System32\odbc32.dll - ok
23:03:57.0661 4608 [ CCA0000B5F9F73ACA4B74D60D590AC48 ] C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll
23:03:57.0661 4608 C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll - ok
23:03:57.0676 4608 [ 7E1B0C85B7347D9391FE60F6DADFDDF0 ] C:\Program Files\Microsoft Security Client\msseces.exe
23:03:57.0676 4608 C:\Program Files\Microsoft Security Client\msseces.exe - ok
23:03:57.0676 4608 [ 0DAAF8032546D1B4543D7B101B53FD6C ] C:\Windows\System32\odbcint.dll
23:03:57.0676 4608 C:\Windows\System32\odbcint.dll - ok
23:03:57.0692 4608 [ C26B09276755E0698B31CF0BAE0BF182 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
23:03:57.0692 4608 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
23:03:57.0692 4608 [ 0CFCDE5D9D074D96B78D1F1CBF1AAB1D ] C:\Windows\System32\riched20.dll
23:03:57.0692 4608 C:\Windows\System32\riched20.dll - ok
23:03:57.0708 4608 [ 790222D6CCFC576F0D07D418E6115D85 ] C:\Program Files\Windows Calendar\WinCal.exe
23:03:57.0708 4608 C:\Program Files\Windows Calendar\WinCal.exe - ok
23:03:57.0723 4608 [ 4005831804369DD7E5D163A00514B5C0 ] C:\Program Files\Common Files\Apple\Mobile Device Support\XMPP.dll
23:03:57.0723 4608 C:\Program Files\Common Files\Apple\Mobile Device Support\XMPP.dll - ok
23:03:57.0723 4608 [ 12916E0642E92561C98B18A2A2D01B14 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
23:03:57.0723 4608 C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
23:03:57.0739 4608 [ 06164026C38AA5366E4D127E2E36FDE8 ] C:\Program Files\Windows Mail\wab.exe
23:03:57.0739 4608 C:\Program Files\Windows Mail\wab.exe - ok
23:03:57.0754 4608 [ B63E5C7807334A3A8F731062F15462CC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
23:03:57.0754 4608 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
23:03:57.0754 4608 [ 395335431AD55C167CFDBBAB8420DA73 ] C:\Program Files\Movie Maker\DVDMaker.exe
23:03:57.0754 4608 C:\Program Files\Movie Maker\DVDMaker.exe - ok
23:03:57.0770 4608 [ E187024A181F6145D6DCB6B6EB544007 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncPref.resources\en.lproj\AppleSyncPrefLocalized.dll
23:03:57.0770 4608 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncPref.resources\en.lproj\AppleSyncPrefLocalized.dll - ok
23:03:57.0786 4608 [ B7ED332A57FC78CA29E40D3619550225 ] C:\Windows\ehome\ehshell.exe
23:03:57.0786 4608 C:\Windows\ehome\ehshell.exe - ok
23:03:57.0786 4608 [ E4401CF27225C1D6E664E86195978562 ] C:\Program Files\iTunes\iTunesHelper.exe
23:03:57.0786 4608 C:\Program Files\iTunes\iTunesHelper.exe - ok
23:03:57.0801 4608 [ 52BC119E49F88F2A5D1466230B1275C7 ] C:\Program Files\Windows Collaboration\WinCollab.exe
23:03:57.0801 4608 C:\Program Files\Windows Collaboration\WinCollab.exe - ok
23:03:57.0817 4608 [ C4AB08459CD7B59B410ACFC04D90E87B ] C:\Program Files\Movie Maker\MOVIEMK.exe
23:03:57.0817 4608 C:\Program Files\Movie Maker\MOVIEMK.exe - ok
23:03:57.0817 4608 [ 81E7E920312D372CF57A817049AC7C76 ] C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
23:03:57.0817 4608 C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL - ok
23:03:57.0832 4608 [ C03AC1FBCD625F93D2C245D97E06F270 ] C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe
23:03:57.0832 4608 C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe - ok
23:03:57.0848 4608 [ 365828E555E9479246EFD9090C41C2D7 ] C:\Windows\System32\sti.dll
23:03:57.0848 4608 C:\Windows\System32\sti.dll - ok
23:03:57.0848 4608 [ 069385484EA57B663D688894C88975C5 ] C:\Windows\System32\wuapp.exe
23:03:57.0848 4608 C:\Windows\System32\wuapp.exe - ok
23:03:57.0864 4608 [ 4E289C24E5BEB5FF9CF5B118AB96FDB0 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
23:03:57.0864 4608 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
23:03:57.0879 4608 [ C1648084C395152FBFA1B333D92056BC ] C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
23:03:57.0879 4608 C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe - ok
23:03:57.0879 4608 [ C85ECCBAA179719E658FFDBF99221E1E ] C:\Program Files\iTunes\iTunesHelper.dll
23:03:57.0879 4608 C:\Program Files\iTunes\iTunesHelper.dll - ok
23:03:57.0895 4608 [ 814A169C40B55178BD8E1F79D1ADA649 ] C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll
23:03:57.0895 4608 C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok
23:03:57.0910 4608 [ 9DF319F1C2D4B80D8CE8214EA4899ADF ] C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
23:03:57.0910 4608 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok
23:03:57.0910 4608 [ CE9191729CD550E871494CBA6ADCA112 ] C:\Program Files\Microsoft Security Client\MsMpRes.dll
23:03:57.0910 4608 C:\Program Files\Microsoft Security Client\MsMpRes.dll - ok
23:03:57.0926 4608 [ BB87F0D17A6E0C54918F488E1C68A55A ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSFileProtocolHandler.dll
23:03:57.0926 4608 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSFileProtocolHandler.dll - ok
23:03:57.0942 4608 [ 6F3ADA96F3E73D4FF39D0C284D5E0C9D ] C:\Program Files\Google\Google Desktop Search\GoogleDesktopHyper.dll
23:03:57.0942 4608 C:\Program Files\Google\Google Desktop Search\GoogleDesktopHyper.dll - ok
23:03:57.0942 4608 [ 8E4EDDA5D22CEF2FDEEE48C55BAE7C55 ] C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
23:03:57.0942 4608 C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll - ok
23:03:57.0957 4608 [ 0BF1785D199B5DA3CB6C61D7AEECE654 ] C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Ism.dll
23:03:57.0957 4608 C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Ism.dll - ok
23:03:57.0973 4608 [ A6950BA89334D51EC281904781B89BD2 ] C:\Windows\System32\asycfilt.dll
23:03:57.0973 4608 C:\Windows\System32\asycfilt.dll - ok
23:03:57.0973 4608 [ 7741F775060E84319198A7A67F1FE664 ] C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Tcm.dll
23:03:57.0973 4608 C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Tcm.dll - ok
23:03:57.0988 4608 [ AE907631F30E001E3118328D838A9C59 ] C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
23:03:57.0988 4608 C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll - ok
23:03:58.0004 4608 [ DFD0D26D2056F1D01ADCDBB1E851119F ] C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\fioall32.dll
23:03:58.0004 4608 C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\fioall32.dll - ok
23:03:58.0004 4608 [ EF5A686DC00A9C60E3E7C02E1411DE96 ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSFormatLoaderPNG.dll
23:03:58.0004 4608 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSFormatLoaderPNG.dll - ok
23:03:58.0020 4608 [ 900DFE1CD09595247080639728104F89 ] C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\SASM.dll
23:03:58.0020 4608 C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\SASM.dll - ok
23:03:58.0035 4608 [ B5950DF243837D8217F4E597919B224A ] C:\Windows\System32\stobject.dll
23:03:58.0035 4608 C:\Windows\System32\stobject.dll - ok
23:03:58.0035 4608 [ 83B863270E112C7F5A0BF7FBD3E24C91 ] C:\Windows\twain_32.dll
23:03:58.0035 4608 C:\Windows\twain_32.dll - ok
23:03:58.0051 4608 [ EC69B16644C613F41A57169F8D068F1D ] C:\Windows\System32\batmeter.dll
23:03:58.0051 4608 C:\Windows\System32\batmeter.dll - ok
23:03:58.0066 4608 [ 3F88D3D7C8DC3F00AAF911F87050E853 ] C:\Program Files\TalkTalk\bin\sprtevent.dll
23:03:58.0066 4608 C:\Program Files\TalkTalk\bin\sprtevent.dll - ok
23:03:58.0066 4608 [ 3C6FA2F4D58611579B21798E0568F548 ] C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
23:03:58.0066 4608 C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe - ok
23:03:58.0082 4608 [ 30F02D9C55053367E26A11482F51E255 ] C:\Windows\System32\SndVolSSO.dll
23:03:58.0082 4608 C:\Windows\System32\SndVolSSO.dll - ok
23:03:58.0098 4608 [ 313B30189557A2E2793F845DE0F0A4D5 ] C:\Windows\ehome\ehSSO.dll
23:03:58.0098 4608 C:\Windows\ehome\ehSSO.dll - ok
23:03:58.0098 4608 [ 75AD59B9B12EB194486BE8D97B062994 ] C:\Windows\System32\pnidui.dll
23:03:58.0098 4608 C:\Windows\System32\pnidui.dll - ok
23:03:58.0113 4608 [ ABAEAEE763E287BDD39094C4165E1F3F ] C:\Windows\System32\fdProxy.dll
23:03:58.0113 4608 C:\Windows\System32\fdProxy.dll - ok
23:03:58.0129 4608 [ 4BAEC13BCAA595639EBB5185278DEFEA ] C:\Windows\System32\fdWSD.dll
23:03:58.0129 4608 C:\Windows\System32\fdWSD.dll - ok
23:03:58.0129 4608 [ 3EB6D30D82F0E300FCFBAD0498F654FD ] C:\Windows\System32\mlang.dll
23:03:58.0129 4608 C:\Windows\System32\mlang.dll - ok
23:03:58.0144 4608 [ 2DD6AF8E97F59C9D39329BBC2A81F13F ] C:\Windows\System32\rasdlg.dll
23:03:58.0144 4608 C:\Windows\System32\rasdlg.dll - ok
23:03:58.0144 4608 [ 443C5961CACD4ABC16648874AF06E4A0 ] C:\Windows\System32\fdSSDP.dll
23:03:58.0144 4608 C:\Windows\System32\fdSSDP.dll - ok
23:03:58.0160 4608 [ C551D15D5D0F875D7BF0BC4FBB6EB2D9 ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
23:03:58.0160 4608 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe - ok
23:03:58.0176 4608 [ 35937EAD711207544E219C2A19A78A7D ] C:\Program Files\Windows Media Player\wmpnscfg.exe
23:03:58.0176 4608 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
23:03:58.0176 4608 [ 17C0E094BEE5BC03CF491972F71AA6EF ] C:\Windows\System32\wlanapi.dll
23:03:58.0176 4608 C:\Windows\System32\wlanapi.dll - ok
23:03:58.0191 4608 [ E46A4765F8E6D631C9C9CB0B083602F5 ] C:\Program Files\Windows Media Player\wmpnssci.dll
23:03:58.0191 4608 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
23:03:58.0207 4608 [ 4A839160ED1963F9A1526DDA2D1233B2 ] C:\Windows\System32\AltTab.dll
23:03:58.0207 4608 C:\Windows\System32\AltTab.dll - ok
23:03:58.0207 4608 [ 6B5C53E0932C510606D700B7A896EF73 ] C:\Windows\System32\WPDShServiceObj.dll
23:03:58.0207 4608 C:\Windows\System32\WPDShServiceObj.dll - ok
23:03:58.0222 4608 [ 648AB74D9C104FB500B6C4EEDC6A8772 ] C:\Windows\System32\wmpmde.dll
23:03:58.0222 4608 C:\Windows\System32\wmpmde.dll - ok
23:03:58.0238 4608 [ AB781C0E4C09E08F464081D17C0F6184 ] C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
23:03:58.0238 4608 C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok
23:03:58.0238 4608 [ 67D16247C56C26A4F0D79D1A7F272B8F ] C:\Windows\System32\mf.dll
23:03:58.0238 4608 C:\Windows\System32\mf.dll - ok
23:03:58.0254 4608 [ 05B6A5CE1C7767C32DF35966107CB1EC ] C:\Windows\System32\hhctrl.ocx
23:03:58.0254 4608 C:\Windows\System32\hhctrl.ocx - ok
23:03:58.0269 4608 [ 2495C4204C63678F8FD5D488CA7DAD26 ] C:\Windows\System32\evr.dll
23:03:58.0269 4608 C:\Windows\System32\evr.dll - ok
23:03:58.0269 4608 [ 4DF10CE50010D70152944B51E03588B0 ] C:\Windows\System32\wmdrmsdk.dll
23:03:58.0269 4608 C:\Windows\System32\wmdrmsdk.dll - ok
23:03:58.0285 4608 [ 744F08CF9ACFFB1C715191D04DEEE907 ] C:\Windows\System32\srchadmin.dll
23:03:58.0285 4608 C:\Windows\System32\srchadmin.dll - ok
23:03:58.0300 4608 [ 5193DE33F3284C447E0D31DAFBF92570 ] C:\Windows\System32\webcheck.dll
23:03:58.0300 4608 C:\Windows\System32\webcheck.dll - ok
23:03:58.0316 4608 [ 4ACEA0C4BB15ACE55E3AE5EC4E88DD55 ] C:\Windows\System32\SyncCenter.dll
23:03:58.0316 4608 C:\Windows\System32\SyncCenter.dll - ok
23:03:58.0316 4608 [ EFD278F8129EE12F1D4AE0250494B791 ] C:\Windows\System32\dxva2.dll
23:03:58.0316 4608 C:\Windows\System32\dxva2.dll - ok
23:03:58.0332 4608 [ E8A39D41474BE42FD8830CED32932D6C ] C:\Program Files\iPod\bin\iPodService.exe
23:03:58.0332 4608 C:\Program Files\iPod\bin\iPodService.exe - ok
23:03:58.0347 4608 [ 0B5AC46982E77CAF3EC1D55C9AC6AB56 ] C:\Windows\System32\wscntfy.dll
23:03:58.0347 4608 C:\Windows\System32\wscntfy.dll - ok
23:03:58.0347 4608 [ 9B0726A03B790E5B82BED44D24009BEF ] C:\Windows\System32\imapi2.dll
23:03:58.0347 4608 C:\Windows\System32\imapi2.dll - ok
23:03:58.0363 4608 [ 280013E1CA1A648A6B896D884CC46601 ] C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll
23:03:58.0363 4608 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll - ok
23:03:58.0378 4608 [ 015E99A7634B93E8BB0380C70F3D2CC3 ] C:\Windows\System32\wmp.dll
23:03:58.0378 4608 C:\Windows\System32\wmp.dll - ok
23:03:58.0378 4608 [ 7DF0DECD3006B8BA450AEC714086FF3C ] C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll
23:03:58.0378 4608 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll - ok
23:03:58.0394 4608 [ 8274C87726D4561EE8750D883764ACC1 ] C:\Windows\System32\wbem\unsecapp.exe
23:03:58.0394 4608 C:\Windows\System32\wbem\unsecapp.exe - ok
23:03:58.0410 4608 [ EACACA0F2FF4CC54A909E3C5721FCDE8 ] C:\Windows\System32\msvfw32.dll
23:03:58.0410 4608 C:\Windows\System32\msvfw32.dll - ok
23:03:58.0410 4608 [ 9441A231C0AA0712F7CF3B10D9CFCF76 ] C:\Windows\System32\wmploc.DLL
23:03:58.0410 4608 C:\Windows\System32\wmploc.DLL - ok
23:03:58.0425 4608 [ 617F9A5813E69F6E9ED94B811EC75396 ] C:\Windows\System32\wmpps.dll
23:03:58.0425 4608 C:\Windows\System32\wmpps.dll - ok
23:03:58.0441 4608 [ 47765ECA8B3D855DEB4397ECA9C2BA36 ] C:\Program Files\TalkTalk\bin\sprtui.dll
23:03:58.0441 4608 C:\Program Files\TalkTalk\bin\sprtui.dll - ok
23:03:58.0441 4608 [ 10DE220BDFE330073762F89974DB8403 ] C:\Windows\System32\wbem\wmiprov.dll
23:03:58.0456 4608 C:\Windows\System32\wbem\wmiprov.dll - ok
23:03:58.0456 4608 [ 4AFE8423EA964C95DC0C6DB0374B3AD7 ] C:\Program Files\TalkTalk\bin\sprttrigger.dll
23:03:58.0456 4608 C:\Program Files\TalkTalk\bin\sprttrigger.dll - ok
23:03:58.0472 4608 [ 58C47FB5A669372EABE83F57711E79FB ] C:\Program Files\TalkTalk\bin\sprtupdate.dll
23:03:58.0472 4608 C:\Program Files\TalkTalk\bin\sprtupdate.dll - ok
23:03:58.0472 4608 [ 143A247AB424D2AB25A94189D10484AA ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
23:03:58.0472 4608 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll - ok
23:03:58.0488 4608 [ 48F7A3E0B70C815A5AE88BF7736103A9 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
23:03:58.0488 4608 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll - ok
23:03:58.0503 4608 [ 9BF6EFFF98EB48F96AE02F3E1EF4AAD3 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll
23:03:58.0503 4608 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll - ok
23:03:58.0503 4608 [ C2CA4CB1650AE3DEF41C948FF9D37B86 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll
23:03:58.0503 4608 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll - ok
23:03:58.0519 4608 [ 3787A4BC97CE6C630F4B581425223D96 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
23:03:58.0519 4608 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
23:03:58.0534 4608 [ 23C8B66417E69CBBB3C15754CCE7FF81 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
23:03:58.0534 4608 C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll - ok
23:03:58.0534 4608 [ 6E787792EDD9039B02D8244C02E57DC4 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\d1cdb687ca296d0e95ff3abe946cb3c7\Microsoft.VisualBasic.ni.dll
23:03:58.0534 4608 C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\d1cdb687ca296d0e95ff3abe946cb3c7\Microsoft.VisualBasic.ni.dll - ok
23:03:58.0550 4608 [ 3DB1530CDD7AEF2BCFA6FB77D097CDDA ] C:\Windows\System32\scrrun.dll
23:03:58.0550 4608 C:\Windows\System32\scrrun.dll - ok
23:03:58.0566 4608 [ C0ABD66F31C0B84CD944802E6D3D02C2 ] C:\Windows\System32\bthprops.cpl
23:03:58.0566 4608 C:\Windows\System32\bthprops.cpl - ok
23:03:58.0581 4608 [ D0ECC7822585E6A7D891AC6B4294E043 ] C:\Windows\twain_32\escndv\sx210.ds
23:03:58.0581 4608 C:\Windows\twain_32\escndv\sx210.ds - ok
23:03:58.0581 4608 [ 65283279D4EDE387C988F8B753C8F7E5 ] C:\Windows\System32\wiadss.dll
23:03:58.0581 4608 C:\Windows\System32\wiadss.dll - ok
23:03:58.0597 4608 [ 0A8D3F81D75E56947A58AC576A3810E4 ] C:\Windows\twain_32\wiatwain.ds
23:03:58.0597 4608 C:\Windows\twain_32\wiatwain.ds - ok
23:03:58.0612 4608 [ 5112FBD9885D79A9FC73BDE9B1EF9334 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
23:03:58.0612 4608 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
23:03:58.0612 4608 [ C59E2DCBBB5943818399681292BC8409 ] C:\Program Files\Epson Software\Event Manager\EPNSM.dll
23:03:58.0612 4608 C:\Program Files\Epson Software\Event Manager\EPNSM.dll - ok
23:03:58.0628 4608 [ 637124CDBFF5819CB8A8478838A33048 ] C:\Program Files\Epson Software\Event Manager\ESPSUTL.dll
23:03:58.0628 4608 C:\Program Files\Epson Software\Event Manager\ESPSUTL.dll - ok
23:03:58.0644 4608 [ 822864A90EC876032B370855BC4F7109 ] C:\Program Files\TalkTalk\bin\sprthook.dll
23:03:58.0644 4608 C:\Program Files\TalkTalk\bin\sprthook.dll - ok
23:03:58.0644 4608 [ 4071D132E66ACDA3776F1FEAD19E6E01 ] C:\Windows\System32\vbscript.dll
23:03:58.0644 4608 C:\Windows\System32\vbscript.dll - ok
23:03:58.0659 4608 [ 8992F45DED6B63B919BDEB6D270FF9C8 ] C:\Windows\System32\wshom.ocx
23:03:58.0659 4608 C:\Windows\System32\wshom.ocx - ok
23:03:58.0659 4608 ============================================================
23:03:58.0659 4608 Scan finished
23:03:58.0659 4608 ============================================================
23:03:58.0690 4600 Detected object count: 10
23:03:58.0690 4600 Actual detected object count: 10
23:04:53.0463 4600 DCamUSBSQTECH ( UnsignedFile.Multi.Generic ) - skipped by user
23:04:53.0463 4600 DCamUSBSQTECH ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:04:53.0479 4600 DSBrokerService ( UnsignedFile.Multi.Generic ) - skipped by user
23:04:53.0479 4600 DSBrokerService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:04:53.0479 4600 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
23:04:53.0479 4600 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:04:53.0479 4600 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:04:53.0479 4600 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:04:53.0494 4600 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
23:04:53.0494 4600 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:04:53.0494 4600 RapportBuka ( UnsignedFile.Multi.Generic ) - skipped by user
23:04:53.0494 4600 RapportBuka ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:04:53.0494 4600 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - skipped by user
23:04:53.0494 4600 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:04:53.0494 4600 RoxWatch9 ( UnsignedFile.Multi.Generic ) - skipped by user
23:04:53.0494 4600 RoxWatch9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:04:53.0510 4600 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
23:04:53.0510 4600 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:04:53.0510 4600 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
23:04:53.0510 4600 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:07:28.0038 3044 Deinitialize success

End of Post 2.

Cheers for now,

Phil

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:15 PM

Posted 04 January 2013 - 06:57 PM

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
•Internet access
•Windows Update
•Windows Firewall9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 PhilCo3631

PhilCo3631
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 05 January 2013 - 04:11 AM

Hi Gringo,

Malwarebytes ran successfully, detected and cleaned content with no need for reboot.
Internet access is fine; Windows has successfully updated since running the scan and windows Firewall is functioning normally.
No MSE activity in the history log.
Everything else working normally as well.

I backup on an external USB hard drive with an incremental backup using Cobian 8. The external hard drive has been disconnected from the computer since this clean up activity began but there are a number of zipped folders that were created, prior to the clean-up activity, but after the computer was infected. Presumably some of these folders may be infected - do I need to take any action on the external hard drive before resuming normal back up activity?

Thanks,

Phil




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users