Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

internet crime complaint center virus + safe mode


  • This topic is locked This topic is locked
18 replies to this topic

#1 empire1012

empire1012

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 03 February 2013 - 08:16 PM

http://www.bleepingcomputer.com/forums/topic481664.html

I am having the same issues as this person was having with their computer.

The internet crime complaint center screen immediately shows up when booting to normal mode or safe mode with/without networking.

Here is my FRST.txt results and the search.txt results are below that. Thanks in advance for all of your hard work:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-02-2013 02
Ran by SYSTEM at 02-02-2013 09:25:51
Running from F:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [VMware Tools] "C:\Program Files\VMware\VMware Tools\VMwareTray.exe" [186992 2011-09-23] (VMware, Inc.)
HKLM\...\Run: [VMware User Process] "C:\Program Files\VMware\VMware Tools\VMwareUser.exe" [1104496 2011-09-23] (VMware, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\Owner\...\Run: [Otzaroys] C:\Users\Owner\AppData\Roaming\Nubiuv\riok.exe [277496 2012-12-18] ()
HKU\Owner\...\Policies\system: [DisableTaskMgr] 1
HKLM\...\Policies\Explorer\Run: [13969] C:\PROGRA~2\LOCALS~1\Temp\msmfyzv.com [39416 2012-06-02] ()
HKLM\...\Winlogon: [Shell] explorer.exe, C:\Users\Owner\AppData\Roaming\crrjaym [x ] ()
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$aae50394ddc710900980a2bf36d4e8cd\n. ATTENTION! ====> ZeroAccess
Tcpip\Parameters: [DhcpNameServer] 24.25.227.55 209.18.47.61 24.25.227.53

==================== Services (Whitelisted) ===================


==================== Drivers (Whitelisted) ====================

2 VMMEMCTL; \??\C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys [14448 2011-09-23] (VMware, Inc.)
3 vmscsi; C:\Windows\system32\drivers\vmscsi.sys [17968 2012-06-22] (VMware, Inc.)
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-01-31 10:43 - 2013-01-31 10:43 - 00000000 ____D C:\Users\Owner\AppData\Roaming\{AF916431-111A-45D8-B00F-868835A6D0FE}
2013-01-31 00:50 - 2013-02-02 10:42 - 00140271 ____A C:\Users\Owner\AppData\Roaming\crrjaym.exe
2013-01-31 00:19 - 2013-01-31 00:19 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-01-31 00:12 - 2013-01-31 00:12 - 00000000 _RASH C:\MSDOS.SYS
2013-01-31 00:12 - 2013-01-31 00:12 - 00000000 _RASH C:\IO.SYS
2013-01-31 00:10 - 2013-02-02 10:42 - 00140271 ____A C:\Users\Owner\AppData\Local\crrjaym.exe
2013-01-31 00:10 - 2013-02-01 00:40 - 00140271 ____A C:\Users\All Users\crrjaym.exe
2013-01-31 00:10 - 2013-02-01 00:40 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Efevvu
2013-01-31 00:10 - 2013-01-31 00:10 - 00162304 __ASH C:\Users\All Users\ms00EA8153.dat
2013-01-31 00:10 - 2013-01-31 00:10 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Udyr
2013-01-31 00:10 - 2013-01-31 00:10 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Nubiuv
2013-01-31 00:09 - 2013-01-31 00:09 - 00000000 ____D C:\Windows\Sun
2013-01-30 19:38 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-01-30 19:38 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-01-30 19:35 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-01-30 19:35 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-01-30 19:35 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-01-30 19:35 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-01-30 19:35 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-01-30 19:35 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-01-30 19:35 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-01-30 19:35 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-01-30 19:35 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-01-30 19:35 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-01-30 19:35 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-01-30 19:35 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-01-30 19:35 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-01-30 19:35 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-01-30 19:35 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-01-30 19:35 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-01-30 00:28 - 2013-01-30 00:28 - 00057560 ____A C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2013-01-27 19:53 - 2012-11-22 18:56 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-01-27 19:53 - 2012-11-22 18:48 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-01-27 19:53 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-01-27 19:53 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-01-27 19:53 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-01-27 19:53 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2013-01-27 19:53 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-01-27 19:53 - 2012-10-04 08:47 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-01-27 19:53 - 2012-10-04 08:43 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-01-27 19:53 - 2012-10-04 08:43 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-01-27 19:53 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-01-27 19:53 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-27 19:53 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-27 19:53 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-27 19:53 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-01-27 19:53 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-27 19:53 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-01-27 19:53 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-27 19:53 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-27 19:53 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-01-27 19:53 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-27 19:53 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-27 19:53 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-01-27 19:53 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-27 19:53 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-27 19:53 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-27 19:53 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-01-27 19:53 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-01-27 19:53 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-27 19:53 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-27 19:53 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-27 19:53 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-01-27 19:53 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-27 19:53 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-01-27 19:53 - 2012-10-04 06:57 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-01-27 19:53 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-01-27 19:53 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-27 19:53 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-27 19:53 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-27 19:53 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2013-01-27 19:53 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-01-27 19:53 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-01-27 19:53 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-01-27 19:53 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-01-27 19:53 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2013-01-27 19:53 - 2012-07-04 13:14 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2013-01-27 19:53 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2013-01-27 19:53 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-01-27 19:53 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-01-27 19:53 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-01-27 19:52 - 2012-08-22 09:16 - 01292144 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-01-27 19:52 - 2012-08-22 09:16 - 00240496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2013-01-27 19:52 - 2012-08-22 09:16 - 00187760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-01-27 19:52 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-01-27 19:52 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-01-27 19:52 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2013-01-27 19:52 - 2012-06-01 20:45 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-01-27 19:52 - 2012-06-01 20:45 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-01-27 19:52 - 2012-06-01 20:40 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-01-27 19:52 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-01-27 19:52 - 2012-05-13 20:33 - 00769024 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2013-01-27 19:52 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2013-01-27 19:44 - 2013-01-27 19:44 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe


==================== One Month Modified Files and Folders ========

2013-02-02 10:46 - 2012-06-22 12:46 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-02 10:42 - 2013-01-31 00:50 - 00140271 ____A C:\Users\Owner\AppData\Roaming\crrjaym.exe
2013-02-02 10:42 - 2013-01-31 00:10 - 00140271 ____A C:\Users\Owner\AppData\Local\crrjaym.exe
2013-02-02 09:24 - 2013-02-02 09:24 - 00000000 ____D C:\FRST
2013-02-02 09:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-02-01 00:40 - 2013-01-31 00:10 - 00140271 ____A C:\Users\All Users\crrjaym.exe
2013-02-01 00:40 - 2013-01-31 00:10 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Efevvu
2013-02-01 00:39 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-01 00:39 - 2009-07-13 20:39 - 00029271 ____A C:\Windows\setupact.log
2013-01-31 10:43 - 2013-01-31 10:43 - 00000000 ____D C:\Users\Owner\AppData\Roaming\{AF916431-111A-45D8-B00F-868835A6D0FE}
2013-01-31 10:43 - 2012-06-22 14:51 - 00000000 __SHD C:\Users\Owner\AppData\Roaming\303691
2013-01-31 00:48 - 2012-09-28 19:19 - 01037824 ____A C:\Windows\WindowsUpdate.log
2013-01-31 00:48 - 2012-06-22 13:17 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-31 00:19 - 2013-01-31 00:19 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-01-31 00:12 - 2013-01-31 00:12 - 00000000 _RASH C:\MSDOS.SYS
2013-01-31 00:12 - 2013-01-31 00:12 - 00000000 _RASH C:\IO.SYS
2013-01-31 00:10 - 2013-01-31 00:10 - 00162304 __ASH C:\Users\All Users\ms00EA8153.dat
2013-01-31 00:10 - 2013-01-31 00:10 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Udyr
2013-01-31 00:10 - 2013-01-31 00:10 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Nubiuv
2013-01-31 00:09 - 2013-01-31 00:09 - 00000000 ____D C:\Windows\Sun
2013-01-30 23:54 - 2009-07-13 20:34 - 00009584 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-30 23:54 - 2009-07-13 20:34 - 00009584 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-30 21:53 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-01-30 19:54 - 2009-07-13 20:33 - 00266808 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-30 19:26 - 2009-07-13 18:37 - 00000000 __RHD C:\Users\Public\Libraries
2013-01-30 00:28 - 2013-01-30 00:28 - 00057560 ____A C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2013-01-29 23:59 - 2012-06-22 13:17 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-01-29 23:59 - 2012-06-22 13:17 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-01-27 19:45 - 2012-06-22 13:04 - 00000000 ____D C:\Users\All Users\Adobe
2013-01-27 19:44 - 2013-01-27 19:44 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe
2013-01-27 19:44 - 2012-09-28 20:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe


ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2217746120-1550090041-3527412378-1001\$aae50394ddc710900980a2bf36d4e8cd

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$aae50394ddc710900980a2bf36d4e8cd

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-30 19:26:14

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 3062.05 MB
Available physical RAM: 2641.16 MB
Total Pagefile: 3060.33 MB
Available Pagefile: 2645.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.3 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:40 GB) (Free:23.76 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
4 Drive f: (MULTIBOOT) (Removable) (Total:29.82 GB) (Free:20.68 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 258 GB
Disk 1 No Media 0 B 0 B
Disk 2 Online 29 GB 0 B

Partitions of Disk 0:
===============

Disk ID: B8FF4501

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 39 GB 1024 KB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 39 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Disk ID: 01C39386

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 29 GB 1024 KB

=========================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F MULTIBOOT FAT32 Removable 29 GB Healthy

=========================================================

Last Boot: 2012-06-22 09:34

==================== End Of Log ============================



Farbar Recovery Scan Tool (x86) Version: 02-02-2013 02
Ran by SYSTEM at 2013-02-02 09:27:16
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

=== End Of Search ===

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:42 PM

Posted 03 February 2013 - 10:31 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

HKU\Owner\...\Run: [Otzaroys] C:\Users\Owner\AppData\Roaming\Nubiuv\riok.exe [277496 2012-12-18] ()
HKU\Owner\...\Policies\system: [DisableTaskMgr] 1
HKLM\...\Policies\Explorer\Run: [13969] C:\PROGRA~2\LOCALS~1\Temp\msmfyzv.com [39416 2012-06-02] ()
HKLM\...\Winlogon: [Shell] explorer.exe, C:\Users\Owner\AppData\Roaming\crrjaym [x ] ()
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$aae50394ddc710900980a2bf36d4e8cd\n. ATTENTION! ====> ZeroAccess
C:\Users\Owner\AppData\Roaming\crrjaym.exe
C:\Users\Owner\AppData\Local\crrjaym.exe
C:\Users\All Users\crrjaym.exe
C:\Users\Owner\AppData\Roaming\Efevvu
C:\Users\All Users\ms00EA8153.dat
C:\Users\Owner\AppData\Roaming\Udyr
C:\Users\Owner\AppData\Roaming\Nubiuv
C:\$Recycle.Bin\S-1-5-21-2217746120-1550090041-3527412378-1001\$aae50394ddc710900980a2bf36d4e8cd
C:\$Recycle.Bin\S-1-5-18\$aae50394ddc710900980a2bf36d4e8cd


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 empire1012

empire1012
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 04 February 2013 - 01:19 AM

Thanks for the quick response and your time, Gringo.

The computer booted into normal mode without an issue this time.

Is there anything I need to do now?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:42 PM

Posted 04 February 2013 - 08:57 AM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 empire1012

empire1012
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 05 February 2013 - 01:02 AM

Sorry for the delay. Here are the files:


# AdwCleaner v2.110 - Logfile created 02/03/2013 at 20:13:10
# Updated 03/02/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21U60TSU\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [715 octets] - [03/02/2013 20:13:10]

########## EOF - C:\AdwCleaner[S1].txt - [774 octets] ##########


RogueKiller V8.4.4 [Feb 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 02/03/2013 20:16:34
| ARK || MBR |

¤¤¤ Bad processes : 3 ¤¤¤
[SUSP PATH] msmfyzv.com -- C:\ProgramData\Local Settings\Temp\msmfyzv.com -> KILLED [TermProc]
[Rans.Gendarm][BLACKLIST] temp06.exe -- C:\Windows\Temp\temp06.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 15 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Memase (C:\Users\Owner\AppData\Roaming\Myufvu\laqoo.exe) -> FOUND
[RUN][HJNAME] HKLM\[...]\Run : SunJavaUpdateSched (C:\ProgramData\svchost.exe) -> FOUND
[RUN][Rans.Gendarm] HKLM\[...]\Run : SonyAgent (C:\Windows\Temp\temp06.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2217746120-1550090041-3527412378-1001[...]\Run : Memase (C:\Users\Owner\AppData\Roaming\Myufvu\laqoo.exe) -> FOUND
[RUN][ROGUE ST] HKCU\[...]\Policies\Explorer\\Run : Classes (C:\Users\Owner\AppData\Roaming\303691\303691.exe) -> FOUND
[RUN][ROGUE ST] HKLM\[...]\Policies\Explorer\\Run : 13969 (C:\ProgramData\Local Settings\Temp\msmfyzv.com) -> FOUND
[RUN][ROGUE ST] HKUS\S-1-5-21-2217746120-1550090041-3527412378-1001[...]\Policies\Explorer\\Run : Classes (C:\Users\Owner\AppData\Roaming\303691\303691.exe) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-2217746120-1550090041-3527412378-1001\$aae50394ddc710900980a2bf36d4e8cd\n) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$aae50394ddc710900980a2bf36d4e8cd\n) -> FOUND
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$aae50394ddc710900980a2bf36d4e8cd\n) -> FOUND
[HJ] HKCU\[...]\Command Processor : AutoRun ("C:\Users\Owner\AppData\Local\crrjaym.exe") -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-18\$aae50394ddc710900980a2bf36d4e8cd\n --> FOUND
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-2217746120-1550090041-3527412378-1001\$aae50394ddc710900980a2bf36d4e8cd\n --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$aae50394ddc710900980a2bf36d4e8cd\@ --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2217746120-1550090041-3527412378-1001\$aae50394ddc710900980a2bf36d4e8cd\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$aae50394ddc710900980a2bf36d4e8cd\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-2217746120-1550090041-3527412378-1001\$aae50394ddc710900980a2bf36d4e8cd\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$aae50394ddc710900980a2bf36d4e8cd\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-2217746120-1550090041-3527412378-1001\$aae50394ddc710900980a2bf36d4e8cd\L --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : Rans.Gendarm|ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEKT-00PVMT0 ATA Device +++++
--- User ---
[MBR] 3c134badcf331a8327c061750fd95876
[BSP] b957dc9334fd82625224db30060c0258 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 40958 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02032013_02d2016.txt >>
RKreport[1]_S_02032013_02d2016.txt



RogueKiller V8.4.4 [Feb 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 02/03/2013 20:17:14
| ARK || MBR |

¤¤¤ Bad processes : 3 ¤¤¤
[SUSP PATH] msmfyzv.com -- C:\ProgramData\Local Settings\Temp\msmfyzv.com -> KILLED [TermProc]
[Rans.Gendarm][BLACKLIST] temp06.exe -- C:\Windows\Temp\temp06.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Memase (C:\Users\Owner\AppData\Roaming\Myufvu\laqoo.exe) -> DELETED
[RUN][HJNAME] HKLM\[...]\Run : SunJavaUpdateSched (C:\ProgramData\svchost.exe) -> DELETED
[RUN][Rans.Gendarm] HKLM\[...]\Run : SonyAgent (C:\Windows\Temp\temp06.exe) -> DELETED
[RUN][ROGUE ST] HKCU\[...]\Policies\Explorer\\Run : Classes (C:\Users\Owner\AppData\Roaming\303691\303691.exe) -> DELETED
[RUN][ROGUE ST] HKLM\[...]\Policies\Explorer\\Run : 13969 (C:\ProgramData\Local Settings\Temp\msmfyzv.com) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-2217746120-1550090041-3527412378-1001\$aae50394ddc710900980a2bf36d4e8cd\n) -> REPLACED (C:\Windows\system32\shell32.dll)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$aae50394ddc710900980a2bf36d4e8cd\n) -> REPLACED (C:\Windows\system32\wbem\fastprox.dll)
[HJ] HKCU\[...]\Command Processor : AutoRun ("C:\Users\Owner\AppData\Local\crrjaym.exe") -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-18\$aae50394ddc710900980a2bf36d4e8cd\n --> REMOVED AT REBOOT
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-2217746120-1550090041-3527412378-1001\$aae50394ddc710900980a2bf36d4e8cd\n --> REMOVED AT REBOOT
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$aae50394ddc710900980a2bf36d4e8cd\@ --> REMOVED AT REBOOT
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2217746120-1550090041-3527412378-1001\$aae50394ddc710900980a2bf36d4e8cd\@ --> REMOVED
[Del.Parent][FILE] 00000001.@ : C:\$recycle.bin\S-1-5-18\$aae50394ddc710900980a2bf36d4e8cd\U\00000001.@ --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\$recycle.bin\S-1-5-18\$aae50394ddc710900980a2bf36d4e8cd\U\80000000.@ --> REMOVED
[Del.Parent][FILE] 800000cb.@ : C:\$recycle.bin\S-1-5-18\$aae50394ddc710900980a2bf36d4e8cd\U\800000cb.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$aae50394ddc710900980a2bf36d4e8cd\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-2217746120-1550090041-3527412378-1001\$aae50394ddc710900980a2bf36d4e8cd\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$aae50394ddc710900980a2bf36d4e8cd\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-2217746120-1550090041-3527412378-1001\$aae50394ddc710900980a2bf36d4e8cd\L --> REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : Rans.Gendarm|ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEKT-00PVMT0 ATA Device +++++
--- User ---
[MBR] 3c134badcf331a8327c061750fd95876
[BSP] b957dc9334fd82625224db30060c0258 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 40958 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_02032013_02d2017.txt >>
RKreport[1]_S_02032013_02d2016.txt ; RKreport[2]_D_02032013_02d2017.txt

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:42 PM

Posted 05 February 2013 - 09:34 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 empire1012

empire1012
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 06 February 2013 - 12:35 AM

The computer is running fine now... I think.

Here is the combofix log so I can get your expert opinion:

ComboFix 13-02-03.03 - Owner 02/05/2013 19:09:16.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.2356 [GMT -10:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\svchost.exe
c:\users\Owner\AppData\Roaming\303691
c:\users\Owner\AppData\Roaming\303691\303691.exe
c:\users\Owner\AppData\Roaming\Myufvu
c:\users\Owner\AppData\Roaming\Myufvu\laqoo.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-06 to 2013-02-06 )))))))))))))))))))))))))))))))
.
.
2013-02-04 06:15 . 2013-02-04 06:15 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2013-02-04 06:10 . 2013-02-06 05:08 -------- d-----w- c:\users\Owner\AppData\Roaming\Ukyb
2013-02-04 06:10 . 2013-02-04 06:10 -------- d-----w- c:\users\Owner\AppData\Roaming\Abkyc
2013-02-02 17:24 . 2013-02-02 17:24 -------- d-----w- C:\FRST
2013-01-31 18:43 . 2013-01-31 18:43 -------- d-----w- c:\users\Owner\AppData\Roaming\{AF916431-111A-45D8-B00F-868835A6D0FE}
2013-01-31 08:19 . 2013-01-31 08:19 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-01-31 08:09 . 2013-01-31 08:09 -------- d-----w- c:\programdata\Local Settings
2013-01-31 08:09 . 2013-01-31 08:09 -------- d-----w- c:\windows\Sun
2013-01-31 03:38 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-01-31 03:38 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-01-28 03:58 . 2013-01-15 12:49 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3E8AF06-AFDA-4188-923B-474387D72B28}\mpengine.dll
2013-01-28 03:52 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-28 03:44 . 2013-01-28 03:44 -------- d-----w- c:\users\Owner\AppData\Local\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 07:59 . 2012-06-22 21:17 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 07:59 . 2012-06-22 21:17 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VMware Tools"="c:\program files\VMware\VMware Tools\VMwareTray.exe" [2011-09-24 186992]
"VMware User Process"="c:\program files\VMware\VMware Tools\VMwareUser.exe" [2011-09-24 1104496]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R1 vmdebug;VMware Replay Debugging Helper;c:\windows\system32\Drivers\vmdebug.sys [x]
R2 VMTools;VMware Tools Service;c:\program files\VMware\VMware Tools\vmtoolsd.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TPAutoConnSvc;TP AutoConnect Service;c:\program files\VMware\VMware Tools\TPAutoConnSvc.exe [x]
R3 TPVCGateway;TP VC Gateway Service;c:\program files\VMware\VMware Tools\TPVCGateway.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vm3dmp;vm3dmp;c:\windows\system32\DRIVERS\vm3dmp.sys [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [x]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [x]
R3 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vmhgfs;vmhgfs;c:\windows\system32\DRIVERS\vmhgfs.sys [x]
S1 vmrawdsk;VMware Vista Physical Disk Helper;c:\program files\VMware\VMware Tools\vmrawdsk.sys [x]
S2 VMMEMCTL;Memory Control Driver;c:\program files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys [x]
S2 VMUpgradeHelper;VMware Upgrade Helper;c:\program files\VMware\VMware Tools\VMUpgradeHelper.exe [x]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 07:59]
.
.
------- Supplementary Scan -------
.
LSP: c:\program files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll
TCP: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Memase - c:\users\Owner\AppData\Roaming\Myufvu\laqoo.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2013-02-05 19:18:12 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-06 05:18
.
Pre-Run: 26,058,248,192 bytes free
Post-Run: 25,908,613,120 bytes free
.
- - End Of File - - 9F508F7E137F6D77ADCAB92B4F71C6FA

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:42 PM

Posted 06 February 2013 - 12:46 AM

Greetings

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 empire1012

empire1012
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 06 February 2013 - 01:46 AM

TDSKiller log:

19:58:25.0557 3956 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:58:26.0354 3956 ============================================================
19:58:26.0354 3956 Current date / time: 2013/02/05 19:58:26.0354
19:58:26.0354 3956 SystemInfo:
19:58:26.0354 3956
19:58:26.0354 3956 OS Version: 6.1.7601 ServicePack: 1.0
19:58:26.0354 3956 Product type: Workstation
19:58:26.0354 3956 ComputerName: OWNER-PC
19:58:26.0354 3956 UserName: Owner
19:58:26.0354 3956 Windows directory: C:\Windows
19:58:26.0354 3956 System windows directory: C:\Windows
19:58:26.0354 3956 Processor architecture: Intel x86
19:58:26.0354 3956 Number of processors: 2
19:58:26.0354 3956 Page size: 0x1000
19:58:26.0354 3956 Boot type: Normal boot
19:58:26.0354 3956 ============================================================
19:58:27.0416 3956 BG loaded
19:58:27.0698 3956 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:58:27.0729 3956 ============================================================
19:58:27.0729 3956 \Device\Harddisk0\DR0:
19:58:27.0729 3956 MBR partitions:
19:58:27.0729 3956 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4FFF000
19:58:27.0729 3956 ============================================================
19:58:27.0745 3956 C: <-> \Device\Harddisk0\DR0\Partition1
19:58:27.0745 3956 ============================================================
19:58:27.0745 3956 Initialize success
19:58:27.0745 3956 ============================================================
19:58:35.0760 4080 ============================================================
19:58:35.0760 4080 Scan started
19:58:35.0760 4080 Mode: Manual; SigCheck; TDLFS;
19:58:35.0760 4080 ============================================================
19:58:36.0635 4080 ================ Scan system memory ========================
19:58:36.0635 4080 System memory - ok
19:58:36.0635 4080 ================ Scan services =============================
19:58:36.0995 4080 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
19:58:37.0041 4080 1394ohci - ok
19:58:37.0073 4080 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:58:37.0104 4080 ACPI - ok
19:58:37.0120 4080 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:58:37.0135 4080 AcpiPmi - ok
19:58:37.0229 4080 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:58:37.0245 4080 AdobeARMservice - ok
19:58:37.0291 4080 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:58:37.0307 4080 AdobeFlashPlayerUpdateSvc - ok
19:58:37.0354 4080 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:58:37.0370 4080 adp94xx - ok
19:58:37.0401 4080 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:58:37.0416 4080 adpahci - ok
19:58:37.0432 4080 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:58:37.0448 4080 adpu320 - ok
19:58:37.0463 4080 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:58:37.0479 4080 AeLookupSvc - ok
19:58:37.0526 4080 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
19:58:37.0541 4080 AFD - ok
19:58:37.0573 4080 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
19:58:37.0588 4080 agp440 - ok
19:58:37.0620 4080 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:58:37.0620 4080 aic78xx - ok
19:58:37.0651 4080 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:58:37.0666 4080 ALG - ok
19:58:37.0682 4080 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:58:37.0698 4080 aliide - ok
19:58:37.0713 4080 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:58:37.0729 4080 amdagp - ok
19:58:37.0745 4080 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:58:37.0745 4080 amdide - ok
19:58:37.0776 4080 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:58:37.0791 4080 AmdK8 - ok
19:58:37.0807 4080 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:58:37.0823 4080 AmdPPM - ok
19:58:37.0838 4080 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:58:37.0854 4080 amdsata - ok
19:58:37.0885 4080 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:58:37.0901 4080 amdsbs - ok
19:58:37.0901 4080 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:58:37.0916 4080 amdxata - ok
19:58:37.0948 4080 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
19:58:37.0979 4080 AppID - ok
19:58:38.0026 4080 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:58:38.0041 4080 AppIDSvc - ok
19:58:38.0073 4080 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
19:58:38.0104 4080 Appinfo - ok
19:58:38.0151 4080 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
19:58:38.0151 4080 AppMgmt - ok
19:58:38.0182 4080 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
19:58:38.0182 4080 arc - ok
19:58:38.0213 4080 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:58:38.0229 4080 arcsas - ok
19:58:38.0260 4080 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:58:38.0276 4080 AsyncMac - ok
19:58:38.0291 4080 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
19:58:38.0307 4080 atapi - ok
19:58:38.0338 4080 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:58:38.0370 4080 AudioEndpointBuilder - ok
19:58:38.0385 4080 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:58:38.0401 4080 Audiosrv - ok
19:58:38.0448 4080 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:58:38.0463 4080 AxInstSV - ok
19:58:38.0510 4080 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
19:58:38.0526 4080 b06bdrv - ok
19:58:38.0541 4080 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:58:38.0557 4080 b57nd60x - ok
19:58:38.0588 4080 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:58:38.0604 4080 BDESVC - ok
19:58:38.0604 4080 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:58:38.0635 4080 Beep - ok
19:58:38.0666 4080 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
19:58:38.0698 4080 BFE - ok
19:58:38.0729 4080 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
19:58:38.0760 4080 BITS - ok
19:58:38.0791 4080 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:58:38.0807 4080 blbdrive - ok
19:58:38.0823 4080 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:58:38.0838 4080 bowser - ok
19:58:38.0854 4080 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:58:38.0870 4080 BrFiltLo - ok
19:58:38.0885 4080 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:58:38.0901 4080 BrFiltUp - ok
19:58:38.0916 4080 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:58:38.0948 4080 BridgeMP - ok
19:58:38.0979 4080 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
19:58:38.0995 4080 Browser - ok
19:58:39.0010 4080 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:58:39.0026 4080 Brserid - ok
19:58:39.0057 4080 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:58:39.0073 4080 BrSerWdm - ok
19:58:39.0088 4080 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:58:39.0104 4080 BrUsbMdm - ok
19:58:39.0120 4080 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:58:39.0135 4080 BrUsbSer - ok
19:58:39.0182 4080 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
19:58:39.0198 4080 BthEnum - ok
19:58:39.0213 4080 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:58:39.0229 4080 BTHMODEM - ok
19:58:39.0229 4080 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:58:39.0245 4080 BthPan - ok
19:58:39.0276 4080 [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
19:58:39.0291 4080 BTHPORT - ok
19:58:39.0338 4080 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:58:39.0354 4080 bthserv - ok
19:58:39.0370 4080 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
19:58:39.0385 4080 BTHUSB - ok
19:58:39.0510 4080 catchme - ok
19:58:39.0526 4080 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:58:39.0557 4080 cdfs - ok
19:58:39.0588 4080 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:58:39.0588 4080 cdrom - ok
19:58:39.0620 4080 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
19:58:39.0651 4080 CertPropSvc - ok
19:58:39.0666 4080 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
19:58:39.0682 4080 circlass - ok
19:58:39.0729 4080 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:58:39.0745 4080 CLFS - ok
19:58:39.0870 4080 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:58:39.0870 4080 clr_optimization_v2.0.50727_32 - ok
19:58:40.0026 4080 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:58:40.0041 4080 clr_optimization_v4.0.30319_32 - ok
19:58:40.0057 4080 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:58:40.0073 4080 CmBatt - ok
19:58:40.0104 4080 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:58:40.0104 4080 cmdide - ok
19:58:40.0135 4080 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
19:58:40.0166 4080 CNG - ok
19:58:40.0198 4080 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:58:40.0198 4080 Compbatt - ok
19:58:40.0229 4080 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:58:40.0245 4080 CompositeBus - ok
19:58:40.0245 4080 COMSysApp - ok
19:58:40.0260 4080 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:58:40.0276 4080 crcdisk - ok
19:58:40.0307 4080 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:58:40.0323 4080 CryptSvc - ok
19:58:40.0354 4080 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
19:58:40.0370 4080 CSC - ok
19:58:40.0416 4080 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
19:58:40.0432 4080 CscService - ok
19:58:40.0448 4080 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:58:40.0479 4080 DcomLaunch - ok
19:58:40.0510 4080 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:58:40.0541 4080 defragsvc - ok
19:58:40.0573 4080 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:58:40.0588 4080 DfsC - ok
19:58:40.0635 4080 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:58:40.0666 4080 Dhcp - ok
19:58:40.0682 4080 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:58:40.0713 4080 discache - ok
19:58:40.0979 4080 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
19:58:40.0995 4080 Disk - ok
19:58:41.0010 4080 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
19:58:41.0026 4080 dmvsc - ok
19:58:41.0057 4080 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:58:41.0073 4080 Dnscache - ok
19:58:41.0104 4080 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
19:58:41.0135 4080 dot3svc - ok
19:58:41.0151 4080 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
19:58:41.0182 4080 DPS - ok
19:58:41.0213 4080 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:58:41.0229 4080 drmkaud - ok
19:58:41.0276 4080 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:58:41.0291 4080 DXGKrnl - ok
19:58:41.0338 4080 [ 22EF8965101685ADD128F03A2B03CE16 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
19:58:41.0354 4080 E1G60 - ok
19:58:41.0370 4080 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:58:41.0401 4080 EapHost - ok
19:58:41.0463 4080 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
19:58:41.0510 4080 ebdrv - ok
19:58:41.0541 4080 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
19:58:41.0557 4080 EFS - ok
19:58:41.0635 4080 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:58:41.0651 4080 ehRecvr - ok
19:58:41.0682 4080 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:58:41.0698 4080 ehSched - ok
19:58:41.0729 4080 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:58:41.0745 4080 elxstor - ok
19:58:41.0760 4080 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:58:41.0776 4080 ErrDev - ok
19:58:41.0807 4080 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:58:41.0838 4080 EventSystem - ok
19:58:41.0870 4080 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:58:41.0901 4080 exfat - ok
19:58:41.0901 4080 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:58:41.0932 4080 fastfat - ok
19:58:41.0963 4080 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
19:58:41.0979 4080 Fax - ok
19:58:42.0026 4080 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
19:58:42.0026 4080 fdc - ok
19:58:42.0057 4080 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:58:42.0088 4080 fdPHost - ok
19:58:42.0088 4080 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:58:42.0120 4080 FDResPub - ok
19:58:42.0120 4080 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:58:42.0135 4080 FileInfo - ok
19:58:42.0151 4080 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:58:42.0166 4080 Filetrace - ok
19:58:42.0182 4080 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:58:42.0198 4080 flpydisk - ok
19:58:42.0198 4080 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:58:42.0213 4080 FltMgr - ok
19:58:42.0260 4080 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
19:58:42.0276 4080 FontCache - ok
19:58:42.0338 4080 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:58:42.0338 4080 FontCache3.0.0.0 - ok
19:58:42.0354 4080 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:58:42.0370 4080 FsDepends - ok
19:58:42.0385 4080 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:58:42.0385 4080 Fs_Rec - ok
19:58:42.0416 4080 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:58:42.0448 4080 fvevol - ok
19:58:42.0495 4080 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:58:42.0510 4080 gagp30kx - ok
19:58:42.0541 4080 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
19:58:42.0573 4080 gpsvc - ok
19:58:42.0588 4080 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:58:42.0588 4080 hcw85cir - ok
19:58:42.0635 4080 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:58:42.0651 4080 HdAudAddService - ok
19:58:42.0682 4080 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:58:42.0698 4080 HDAudBus - ok
19:58:42.0729 4080 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:58:42.0745 4080 HidBatt - ok
19:58:42.0760 4080 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:58:42.0776 4080 HidBth - ok
19:58:42.0791 4080 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
19:58:42.0791 4080 HidIr - ok
19:58:42.0823 4080 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
19:58:42.0854 4080 hidserv - ok
19:58:42.0885 4080 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
19:58:42.0901 4080 HidUsb - ok
19:58:42.0932 4080 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:58:42.0963 4080 hkmsvc - ok
19:58:42.0979 4080 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:58:42.0995 4080 HomeGroupListener - ok
19:58:43.0010 4080 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:58:43.0026 4080 HomeGroupProvider - ok
19:58:43.0057 4080 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:58:43.0073 4080 HpSAMD - ok
19:58:43.0120 4080 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:58:43.0151 4080 HTTP - ok
19:58:43.0166 4080 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:58:43.0182 4080 hwpolicy - ok
19:58:43.0198 4080 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:58:43.0213 4080 i8042prt - ok
19:58:43.0245 4080 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:58:43.0260 4080 iaStorV - ok
19:58:43.0307 4080 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:58:43.0323 4080 idsvc - ok
19:58:43.0432 4080 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
19:58:43.0510 4080 igfx - ok
19:58:43.0541 4080 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:58:43.0557 4080 iirsp - ok
19:58:43.0588 4080 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
19:58:43.0620 4080 IKEEXT - ok
19:58:43.0635 4080 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:58:43.0651 4080 intelide - ok
19:58:43.0666 4080 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:58:43.0682 4080 intelppm - ok
19:58:43.0698 4080 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:58:43.0729 4080 IPBusEnum - ok
19:58:43.0760 4080 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:58:43.0791 4080 IpFilterDriver - ok
19:58:43.0838 4080 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:58:43.0870 4080 iphlpsvc - ok
19:58:43.0885 4080 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:58:43.0901 4080 IPMIDRV - ok
19:58:43.0901 4080 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:58:43.0932 4080 IPNAT - ok
19:58:43.0932 4080 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:58:43.0948 4080 IRENUM - ok
19:58:43.0963 4080 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:58:43.0963 4080 isapnp - ok
19:58:43.0995 4080 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:58:44.0010 4080 iScsiPrt - ok
19:58:44.0026 4080 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:58:44.0041 4080 kbdclass - ok
19:58:44.0057 4080 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:58:44.0073 4080 kbdhid - ok
19:58:44.0088 4080 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
19:58:44.0104 4080 KeyIso - ok
19:58:44.0135 4080 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:58:44.0151 4080 KSecDD - ok
19:58:44.0166 4080 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:58:44.0182 4080 KSecPkg - ok
19:58:44.0213 4080 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:58:44.0229 4080 KtmRm - ok
19:58:44.0260 4080 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
19:58:44.0291 4080 LanmanServer - ok
19:58:44.0307 4080 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:58:44.0338 4080 LanmanWorkstation - ok
19:58:44.0385 4080 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:58:44.0401 4080 lltdio - ok
19:58:44.0432 4080 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:58:44.0463 4080 lltdsvc - ok
19:58:44.0479 4080 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:58:44.0495 4080 lmhosts - ok
19:58:44.0526 4080 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:58:44.0541 4080 LSI_FC - ok
19:58:44.0557 4080 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:58:44.0573 4080 LSI_SAS - ok
19:58:44.0588 4080 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:58:44.0588 4080 LSI_SAS2 - ok
19:58:44.0620 4080 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:58:44.0635 4080 LSI_SCSI - ok
19:58:44.0666 4080 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:58:44.0682 4080 luafv - ok
19:58:44.0713 4080 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:58:44.0729 4080 Mcx2Svc - ok
19:58:44.0745 4080 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
19:58:44.0760 4080 megasas - ok
19:58:44.0776 4080 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:58:44.0791 4080 MegaSR - ok
19:58:44.0807 4080 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:58:44.0838 4080 MMCSS - ok
19:58:44.0838 4080 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:58:44.0870 4080 Modem - ok
19:58:44.0885 4080 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:58:44.0901 4080 monitor - ok
19:58:44.0916 4080 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:58:44.0932 4080 mouclass - ok
19:58:44.0948 4080 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\drivers\mouhid.sys
19:58:44.0963 4080 mouhid - ok
19:58:44.0979 4080 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:58:44.0995 4080 mountmgr - ok
19:58:45.0057 4080 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:58:45.0073 4080 MozillaMaintenance - ok
19:58:45.0120 4080 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:58:45.0135 4080 MpFilter - ok
19:58:45.0166 4080 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
19:58:45.0182 4080 mpio - ok
19:58:45.0260 4080 [ A69630D039C38018689190234F866D77 ] MpKsl83931b82 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{31272073-5134-45D0-856E-4F8A3F896D27}\MpKsl83931b82.sys
19:58:45.0276 4080 MpKsl83931b82 - ok
19:58:45.0307 4080 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:58:45.0323 4080 mpsdrv - ok
19:58:45.0370 4080 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:58:45.0401 4080 MpsSvc - ok
19:58:45.0416 4080 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:58:45.0432 4080 MRxDAV - ok
19:58:45.0463 4080 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:58:45.0479 4080 mrxsmb - ok
19:58:45.0495 4080 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:58:45.0510 4080 mrxsmb10 - ok
19:58:45.0526 4080 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:58:45.0526 4080 mrxsmb20 - ok
19:58:45.0541 4080 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
19:58:45.0557 4080 msahci - ok
19:58:45.0588 4080 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:58:45.0604 4080 msdsm - ok
19:58:45.0620 4080 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:58:45.0635 4080 MSDTC - ok
19:58:45.0651 4080 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:58:45.0682 4080 Msfs - ok
19:58:45.0698 4080 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:58:45.0713 4080 mshidkmdf - ok
19:58:45.0729 4080 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:58:45.0745 4080 msisadrv - ok
19:58:45.0760 4080 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:58:45.0791 4080 MSiSCSI - ok
19:58:45.0791 4080 msiserver - ok
19:58:45.0807 4080 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:58:45.0838 4080 MSKSSRV - ok
19:58:45.0885 4080 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:58:45.0901 4080 MsMpSvc - ok
19:58:45.0901 4080 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:58:45.0932 4080 MSPCLOCK - ok
19:58:45.0948 4080 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:58:45.0963 4080 MSPQM - ok
19:58:45.0979 4080 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:58:45.0995 4080 MsRPC - ok
19:58:46.0010 4080 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:58:46.0010 4080 mssmbios - ok
19:58:46.0026 4080 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:58:46.0057 4080 MSTEE - ok
19:58:46.0073 4080 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:58:46.0088 4080 MTConfig - ok
19:58:46.0088 4080 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:58:46.0104 4080 Mup - ok
19:58:46.0135 4080 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
19:58:46.0166 4080 napagent - ok
19:58:46.0198 4080 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:58:46.0213 4080 NativeWifiP - ok
19:58:46.0245 4080 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:58:46.0260 4080 NDIS - ok
19:58:46.0291 4080 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:58:46.0323 4080 NdisCap - ok
19:58:46.0338 4080 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:58:46.0354 4080 NdisTapi - ok
19:58:46.0385 4080 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:58:46.0416 4080 Ndisuio - ok
19:58:46.0432 4080 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:58:46.0463 4080 NdisWan - ok
19:58:46.0479 4080 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:58:46.0495 4080 NDProxy - ok
19:58:46.0510 4080 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:58:46.0541 4080 NetBIOS - ok
19:58:46.0573 4080 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:58:46.0588 4080 NetBT - ok
19:58:46.0604 4080 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
19:58:46.0620 4080 Netlogon - ok
19:58:46.0666 4080 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:58:46.0682 4080 Netman - ok
19:58:46.0698 4080 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:58:46.0729 4080 netprofm - ok
19:58:46.0745 4080 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:58:46.0760 4080 NetTcpPortSharing - ok
19:58:46.0838 4080 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
19:58:46.0916 4080 netw5v32 - ok
19:58:46.0948 4080 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:58:46.0948 4080 nfrd960 - ok
19:58:46.0995 4080 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:58:47.0010 4080 NisDrv - ok
19:58:47.0026 4080 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
19:58:47.0041 4080 NisSrv - ok
19:58:47.0073 4080 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:58:47.0104 4080 NlaSvc - ok
19:58:47.0120 4080 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:58:47.0151 4080 Npfs - ok
19:58:47.0166 4080 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:58:47.0198 4080 nsi - ok
19:58:47.0198 4080 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:58:47.0229 4080 nsiproxy - ok
19:58:47.0276 4080 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:58:47.0307 4080 Ntfs - ok
19:58:47.0307 4080 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:58:47.0338 4080 Null - ok
19:58:47.0370 4080 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:58:47.0385 4080 nvraid - ok
19:58:47.0401 4080 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:58:47.0401 4080 nvstor - ok
19:58:47.0416 4080 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:58:47.0432 4080 nv_agp - ok
19:58:47.0448 4080 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:58:47.0463 4080 ohci1394 - ok
19:58:47.0479 4080 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:58:47.0495 4080 p2pimsvc - ok
19:58:47.0510 4080 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:58:47.0526 4080 p2psvc - ok
19:58:47.0557 4080 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
19:58:47.0573 4080 Parport - ok
19:58:47.0588 4080 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:58:47.0604 4080 partmgr - ok
19:58:47.0620 4080 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
19:58:47.0635 4080 Parvdm - ok
19:58:47.0635 4080 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:58:47.0666 4080 PcaSvc - ok
19:58:47.0666 4080 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
19:58:47.0682 4080 pci - ok
19:58:47.0698 4080 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
19:58:47.0713 4080 pciide - ok
19:58:47.0745 4080 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:58:47.0760 4080 pcmcia - ok
19:58:47.0807 4080 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:58:47.0807 4080 pcw - ok
19:58:47.0838 4080 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:58:47.0870 4080 PEAUTH - ok
19:58:47.0916 4080 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:58:47.0948 4080 PeerDistSvc - ok
19:58:47.0995 4080 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:58:48.0041 4080 pla - ok
19:58:48.0073 4080 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:58:48.0088 4080 PlugPlay - ok
19:58:48.0104 4080 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:58:48.0104 4080 PNRPAutoReg - ok
19:58:48.0120 4080 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:58:48.0135 4080 PNRPsvc - ok
19:58:48.0151 4080 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:58:48.0182 4080 PolicyAgent - ok
19:58:48.0213 4080 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
19:58:48.0245 4080 Power - ok
19:58:48.0276 4080 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:58:48.0291 4080 PptpMiniport - ok
19:58:48.0323 4080 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
19:58:48.0338 4080 Processor - ok
19:58:48.0370 4080 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
19:58:48.0385 4080 ProfSvc - ok
19:58:48.0401 4080 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:58:48.0416 4080 ProtectedStorage - ok
19:58:48.0432 4080 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:58:48.0463 4080 Psched - ok
19:58:48.0495 4080 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:58:48.0526 4080 ql2300 - ok
19:58:48.0557 4080 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:58:48.0573 4080 ql40xx - ok
19:58:48.0588 4080 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:58:48.0620 4080 QWAVE - ok
19:58:48.0620 4080 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:58:48.0635 4080 QWAVEdrv - ok
19:58:48.0651 4080 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:58:48.0666 4080 RasAcd - ok
19:58:48.0682 4080 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:58:48.0713 4080 RasAgileVpn - ok
19:58:48.0713 4080 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:58:48.0745 4080 RasAuto - ok
19:58:48.0760 4080 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:58:48.0776 4080 Rasl2tp - ok
19:58:48.0823 4080 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
19:58:48.0854 4080 RasMan - ok
19:58:48.0854 4080 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:58:48.0885 4080 RasPppoe - ok
19:58:48.0885 4080 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:58:48.0916 4080 RasSstp - ok
19:58:48.0948 4080 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:58:48.0979 4080 rdbss - ok
19:58:48.0995 4080 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:58:49.0010 4080 rdpbus - ok
19:58:49.0026 4080 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:58:49.0057 4080 RDPCDD - ok
19:58:49.0073 4080 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:58:49.0073 4080 RDPDR - ok
19:58:49.0088 4080 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:58:49.0120 4080 RDPENCDD - ok
19:58:49.0120 4080 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:58:49.0151 4080 RDPREFMP - ok
19:58:49.0198 4080 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:58:49.0213 4080 RdpVideoMiniport - ok
19:58:49.0213 4080 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:58:49.0229 4080 RDPWD - ok
19:58:49.0260 4080 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:58:49.0276 4080 rdyboost - ok
19:58:49.0291 4080 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
19:58:49.0307 4080 RemoteAccess - ok
19:58:49.0338 4080 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:58:49.0370 4080 RemoteRegistry - ok
19:58:49.0385 4080 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:58:49.0401 4080 RFCOMM - ok
19:58:49.0401 4080 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:58:49.0432 4080 RpcEptMapper - ok
19:58:49.0463 4080 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
19:58:49.0463 4080 RpcLocator - ok
19:58:49.0495 4080 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
19:58:49.0526 4080 RpcSs - ok
19:58:49.0557 4080 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:58:49.0588 4080 rspndr - ok
19:58:49.0604 4080 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:58:49.0620 4080 s3cap - ok
19:58:49.0620 4080 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
19:58:49.0635 4080 SamSs - ok
19:58:49.0666 4080 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:58:49.0682 4080 sbp2port - ok
19:58:49.0713 4080 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:58:49.0729 4080 SCardSvr - ok
19:58:49.0745 4080 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:58:49.0776 4080 scfilter - ok
19:58:49.0807 4080 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
19:58:49.0838 4080 Schedule - ok
19:58:49.0854 4080 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:58:49.0870 4080 SCPolicySvc - ok
19:58:49.0901 4080 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:58:49.0916 4080 SDRSVC - ok
19:58:49.0963 4080 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:58:49.0995 4080 secdrv - ok
19:58:50.0010 4080 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
19:58:50.0041 4080 seclogon - ok
19:58:50.0057 4080 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
19:58:50.0088 4080 SENS - ok
19:58:50.0120 4080 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:58:50.0135 4080 SensrSvc - ok
19:58:50.0166 4080 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
19:58:50.0182 4080 Serenum - ok
19:58:50.0198 4080 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
19:58:50.0213 4080 Serial - ok
19:58:50.0229 4080 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:58:50.0245 4080 sermouse - ok
19:58:50.0276 4080 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
19:58:50.0307 4080 SessionEnv - ok
19:58:50.0354 4080 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
19:58:50.0370 4080 SFEP - ok
19:58:50.0385 4080 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:58:50.0385 4080 sffdisk - ok
19:58:50.0401 4080 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:58:50.0416 4080 sffp_mmc - ok
19:58:50.0432 4080 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:58:50.0448 4080 sffp_sd - ok
19:58:50.0463 4080 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:58:50.0479 4080 sfloppy - ok
19:58:50.0526 4080 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:58:50.0557 4080 SharedAccess - ok
19:58:50.0588 4080 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:58:50.0620 4080 ShellHWDetection - ok
19:58:50.0635 4080 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:58:50.0635 4080 sisagp - ok
19:58:50.0666 4080 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:58:50.0666 4080 SiSRaid2 - ok
19:58:50.0682 4080 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:58:50.0698 4080 SiSRaid4 - ok
19:58:50.0729 4080 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:58:50.0760 4080 Smb - ok
19:58:50.0791 4080 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:58:50.0807 4080 SNMPTRAP - ok
19:58:50.0823 4080 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:58:50.0823 4080 spldr - ok
19:58:50.0870 4080 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
19:58:50.0901 4080 Spooler - ok
19:58:50.0963 4080 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
19:58:51.0026 4080 sppsvc - ok
19:58:51.0057 4080 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:58:51.0073 4080 sppuinotify - ok
19:58:51.0104 4080 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:58:51.0120 4080 srv - ok
19:58:51.0135 4080 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:58:51.0151 4080 srv2 - ok
19:58:51.0198 4080 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:58:51.0213 4080 SrvHsfHDA - ok
19:58:51.0245 4080 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
19:58:51.0276 4080 SrvHsfV92 - ok
19:58:51.0291 4080 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
19:58:51.0323 4080 SrvHsfWinac - ok
19:58:51.0338 4080 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:58:51.0354 4080 srvnet - ok
19:58:51.0385 4080 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:58:51.0416 4080 SSDPSRV - ok
19:58:51.0416 4080 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:58:51.0448 4080 SstpSvc - ok
19:58:51.0463 4080 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:58:51.0479 4080 stexstor - ok
19:58:51.0495 4080 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
19:58:51.0526 4080 StiSvc - ok
19:58:51.0541 4080 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:58:51.0557 4080 storflt - ok
19:58:51.0573 4080 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:58:51.0573 4080 storvsc - ok
19:58:51.0604 4080 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:58:51.0604 4080 swenum - ok
19:58:51.0635 4080 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
19:58:51.0666 4080 swprv - ok
19:58:51.0666 4080 [ F2AD8960812FD111E20E84659EF19D43 ] Synth3dVsc C:\Windows\system32\drivers\Synth3dVsc.sys
19:58:51.0682 4080 Synth3dVsc - ok
19:58:51.0729 4080 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
19:58:51.0760 4080 SysMain - ok
19:58:51.0760 4080 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:58:51.0791 4080 TabletInputService - ok
19:58:51.0807 4080 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
19:58:51.0838 4080 TapiSrv - ok
19:58:51.0854 4080 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
19:58:51.0885 4080 TBS - ok
19:58:51.0916 4080 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:58:51.0948 4080 Tcpip - ok
19:58:51.0995 4080 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:58:52.0026 4080 TCPIP6 - ok
19:58:52.0057 4080 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:58:52.0088 4080 tcpipreg - ok
19:58:52.0104 4080 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:58:52.0104 4080 TDPIPE - ok
19:58:52.0120 4080 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:58:52.0120 4080 TDTCP - ok
19:58:52.0151 4080 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:58:52.0166 4080 tdx - ok
19:58:52.0213 4080 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:58:52.0229 4080 TermDD - ok
19:58:52.0229 4080 [ 052306FD76793D5D5AB5D9891FD1ADBB ] terminpt C:\Windows\system32\drivers\terminpt.sys
19:58:52.0245 4080 terminpt - ok
19:58:52.0276 4080 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
19:58:52.0307 4080 TermService - ok
19:58:52.0354 4080 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
19:58:52.0370 4080 Themes - ok
19:58:52.0370 4080 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
19:58:52.0401 4080 THREADORDER - ok
19:58:52.0479 4080 [ 318FECDB840272065BBB8D034749CB8A ] TPAutoConnSvc C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
19:58:52.0495 4080 TPAutoConnSvc - ok
19:58:52.0510 4080 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\Windows\system32\drivers\tpm.sys
19:58:52.0526 4080 TPM - ok
19:58:52.0541 4080 [ A2C4F995230DD11213BC465353E4C7A9 ] TPVCGateway C:\Program Files\VMware\VMware Tools\TPVCGateway.exe
19:58:52.0541 4080 TPVCGateway - ok
19:58:52.0557 4080 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
19:58:52.0588 4080 TrkWks - ok
19:58:52.0635 4080 [ 81532F3628F8ACC80FD1264095960C3A ] TrueSight C:\Windows\system32\drivers\TrueSight.sys
19:58:52.0651 4080 TrueSight ( UnsignedFile.Multi.Generic ) - warning
19:58:52.0651 4080 TrueSight - detected UnsignedFile.Multi.Generic (1)
19:58:52.0682 4080 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:58:52.0713 4080 TrustedInstaller - ok
19:58:52.0729 4080 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:58:52.0760 4080 tssecsrv - ok
19:58:52.0807 4080 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:58:52.0823 4080 TsUsbFlt - ok
19:58:52.0838 4080 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:58:52.0854 4080 TsUsbGD - ok
19:58:52.0870 4080 [ 045ACB987C650D8186C6B4A692223860 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
19:58:52.0885 4080 tsusbhub - ok
19:58:52.0916 4080 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:58:52.0948 4080 tunnel - ok
19:58:52.0948 4080 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:58:52.0963 4080 uagp35 - ok
19:58:52.0979 4080 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:58:53.0010 4080 udfs - ok
19:58:53.0041 4080 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:58:53.0057 4080 UI0Detect - ok
19:58:53.0073 4080 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:58:53.0088 4080 uliagpkx - ok
19:58:53.0135 4080 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:58:53.0151 4080 umbus - ok
19:58:53.0166 4080 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
19:58:53.0166 4080 UmPass - ok
19:58:53.0213 4080 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
19:58:53.0229 4080 UmRdpService - ok
19:58:53.0245 4080 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
19:58:53.0276 4080 upnphost - ok
19:58:53.0276 4080 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
19:58:53.0291 4080 usbccgp - ok
19:58:53.0307 4080 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:58:53.0323 4080 usbcir - ok
19:58:53.0338 4080 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:58:53.0354 4080 usbehci - ok
19:58:53.0370 4080 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:58:53.0385 4080 usbhub - ok
19:58:53.0401 4080 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:58:53.0401 4080 usbohci - ok
19:58:53.0416 4080 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys
19:58:53.0432 4080 usbprint - ok
19:58:53.0463 4080 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:58:53.0479 4080 USBSTOR - ok
19:58:53.0495 4080 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:58:53.0495 4080 usbuhci - ok
19:58:53.0526 4080 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
19:58:53.0557 4080 UxSms - ok
19:58:53.0573 4080 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
19:58:53.0588 4080 VaultSvc - ok
19:58:53.0604 4080 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:58:53.0620 4080 vdrvroot - ok
19:58:53.0651 4080 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
19:58:53.0682 4080 vds - ok
19:58:53.0713 4080 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:58:53.0729 4080 vga - ok
19:58:53.0760 4080 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:58:53.0776 4080 VgaSave - ok
19:58:53.0791 4080 VGPU - ok
19:58:53.0807 4080 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:58:53.0823 4080 vhdmp - ok
19:58:53.0838 4080 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:58:53.0854 4080 viaagp - ok
19:58:53.0870 4080 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:58:53.0885 4080 ViaC7 - ok
19:58:53.0885 4080 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
19:58:53.0901 4080 viaide - ok
19:58:53.0948 4080 [ 34DA5089EF81C075E57ED30B1C00FA65 ] vm3dmp C:\Windows\system32\DRIVERS\vm3dmp.sys
19:58:53.0963 4080 vm3dmp - ok
19:58:53.0963 4080 [ 98E6CC4D5A21DB9626A6B738C4F313A5 ] VMAUDIO C:\Windows\system32\drivers\vmaudio.sys
19:58:53.0995 4080 VMAUDIO - ok
19:58:54.0010 4080 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:58:54.0026 4080 vmbus - ok
19:58:54.0041 4080 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:58:54.0057 4080 VMBusHID - ok
19:58:54.0057 4080 [ C1A0A5232628CC4620AA2E6FF3CBBEEA ] vmci C:\Windows\system32\drivers\vmci.sys
19:58:54.0073 4080 vmci - ok
19:58:54.0088 4080 [ BF82EDD924525943A5627301706F3A58 ] vmdebug C:\Windows\system32\Drivers\vmdebug.sys
19:58:54.0104 4080 vmdebug - ok
19:58:54.0135 4080 [ BE1C04BA59A9683B4472F60DCC338284 ] vmhgfs C:\Windows\system32\DRIVERS\vmhgfs.sys
19:58:54.0151 4080 vmhgfs - ok
19:58:54.0166 4080 [ 1136302A7F25B0F7F20A844DBF510383 ] VMMEMCTL C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys
19:58:54.0166 4080 VMMEMCTL - ok
19:58:54.0182 4080 [ 794D1672CAF56DBB6479D943F7CA1286 ] vmmouse C:\Windows\system32\drivers\vmmouse.sys
19:58:54.0198 4080 vmmouse - ok
19:58:54.0198 4080 [ 6D374683AF46D61A74E28CD1B191EFA2 ] vmrawdsk C:\Program Files\VMware\VMware Tools\vmrawdsk.sys
19:58:54.0213 4080 vmrawdsk - ok
19:58:54.0213 4080 [ 19754658F7958E31F00F0227F87DAF1D ] vmscsi C:\Windows\system32\drivers\vmscsi.sys
19:58:54.0229 4080 vmscsi - ok
19:58:54.0245 4080 [ EB5A5FA4E12ECE500FF271E512846C39 ] VMTools C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
19:58:54.0260 4080 VMTools - ok
19:58:54.0260 4080 [ DA0425C9EDC86AC53753D2C88276209C ] VMUpgradeHelper C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe
19:58:54.0276 4080 VMUpgradeHelper - ok
19:58:54.0291 4080 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:58:54.0307 4080 volmgr - ok
19:58:54.0338 4080 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:58:54.0354 4080 volmgrx - ok
19:58:54.0385 4080 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:58:54.0401 4080 volsnap - ok
19:58:54.0432 4080 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:58:54.0432 4080 vsmraid - ok
19:58:54.0479 4080 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
19:58:54.0510 4080 VSS - ok
19:58:54.0510 4080 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:58:54.0526 4080 vwifibus - ok
19:58:54.0557 4080 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
19:58:54.0588 4080 W32Time - ok
19:58:54.0604 4080 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:58:54.0604 4080 WacomPen - ok
19:58:54.0651 4080 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:58:54.0666 4080 WANARP - ok
19:58:54.0666 4080 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:58:54.0698 4080 Wanarpv6 - ok
19:58:54.0760 4080 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:58:54.0791 4080 WatAdminSvc - ok
19:58:54.0823 4080 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
19:58:54.0854 4080 wbengine - ok
19:58:54.0885 4080 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:58:54.0901 4080 WbioSrvc - ok
19:58:54.0932 4080 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:58:54.0948 4080 wcncsvc - ok
19:58:54.0963 4080 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:58:54.0979 4080 WcsPlugInService - ok
19:58:54.0995 4080 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
19:58:55.0010 4080 Wd - ok
19:58:55.0041 4080 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:58:55.0057 4080 Wdf01000 - ok
19:58:55.0073 4080 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:58:55.0088 4080 WdiServiceHost - ok
19:58:55.0088 4080 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:58:55.0104 4080 WdiSystemHost - ok
19:58:55.0135 4080 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
19:58:55.0151 4080 WebClient - ok
19:58:55.0166 4080 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:58:55.0198 4080 Wecsvc - ok
19:58:55.0213 4080 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:58:55.0245 4080 wercplsupport - ok
19:58:55.0260 4080 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:58:55.0291 4080 WerSvc - ok
19:58:55.0291 4080 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:58:55.0323 4080 WfpLwf - ok
19:58:55.0323 4080 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:58:55.0338 4080 WIMMount - ok
19:58:55.0385 4080 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:58:55.0401 4080 WinDefend - ok
19:58:55.0416 4080 WinHttpAutoProxySvc - ok
19:58:55.0510 4080 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:58:55.0541 4080 Winmgmt - ok
19:58:55.0588 4080 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
19:58:55.0620 4080 WinRM - ok
19:58:55.0666 4080 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:58:55.0698 4080 Wlansvc - ok
19:58:55.0713 4080 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:58:55.0729 4080 WmiAcpi - ok
19:58:55.0745 4080 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:58:55.0760 4080 wmiApSrv - ok
19:58:55.0791 4080 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:58:55.0823 4080 WMPNetworkSvc - ok
19:58:55.0838 4080 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:58:55.0854 4080 WPCSvc - ok
19:58:55.0885 4080 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:58:55.0901 4080 WPDBusEnum - ok
19:58:55.0916 4080 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:58:55.0948 4080 ws2ifsl - ok
19:58:55.0979 4080 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
19:58:55.0995 4080 wscsvc - ok
19:58:55.0995 4080 WSearch - ok
19:58:56.0041 4080 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:58:56.0088 4080 wuauserv - ok
19:58:56.0120 4080 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:58:56.0151 4080 WudfPf - ok
19:58:56.0166 4080 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:58:56.0198 4080 WUDFRd - ok
19:58:56.0229 4080 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:58:56.0260 4080 wudfsvc - ok
19:58:56.0276 4080 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:58:56.0291 4080 WwanSvc - ok
19:58:56.0323 4080 [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
19:58:56.0338 4080 yukonw7 - ok
19:58:56.0354 4080 ================ Scan global ===============================
19:58:56.0370 4080 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:58:56.0385 4080 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
19:58:56.0401 4080 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
19:58:56.0416 4080 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:58:56.0448 4080 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:58:56.0448 4080 [Global] - ok
19:58:56.0448 4080 ================ Scan MBR ==================================
19:58:56.0463 4080 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:58:56.0948 4080 \Device\Harddisk0\DR0 - ok
19:58:56.0948 4080 ================ Scan VBR ==================================
19:58:56.0948 4080 [ CC5609DFDA27D13E902D86EF25AFADB9 ] \Device\Harddisk0\DR0\Partition1
19:58:56.0948 4080 \Device\Harddisk0\DR0\Partition1 - ok
19:58:56.0948 4080 ================ Scan active images ========================
19:58:56.0948 4080 [ 338C86357871C167A96AB976519BF59E ] C:\Windows\System32\drivers\atapi.sys
19:58:56.0948 4080 C:\Windows\System32\drivers\atapi.sys - ok
19:58:56.0948 4080 [ B7EFEF22FF426EC4158A177CB3B558D3 ] C:\Windows\System32\drivers\crashdmp.sys
19:58:56.0948 4080 C:\Windows\System32\drivers\crashdmp.sys - ok
19:58:56.0948 4080 [ 5428227D4730EBDFC842E9FB593F8C8A ] C:\Windows\System32\drivers\Dumpata.sys
19:58:56.0948 4080 C:\Windows\System32\drivers\Dumpata.sys - ok
19:58:56.0963 4080 [ 62A63EF2F3053B461CB327E4D69AAA74 ] C:\Windows\System32\drivers\dumpfve.sys
19:58:56.0963 4080 C:\Windows\System32\drivers\dumpfve.sys - ok
19:58:56.0963 4080 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] C:\Windows\System32\drivers\cdrom.sys
19:58:56.0963 4080 C:\Windows\System32\drivers\cdrom.sys - ok
19:58:56.0963 4080 [ 6D374683AF46D61A74E28CD1B191EFA2 ] C:\Program Files\VMware\VMware Tools\vmrawdsk.sys
19:58:56.0963 4080 C:\Program Files\VMware\VMware Tools\vmrawdsk.sys - ok
19:58:56.0963 4080 [ 505506526A9D467307B3C393DEDAF858 ] C:\Windows\System32\drivers\beep.sys
19:58:56.0963 4080 C:\Windows\System32\drivers\beep.sys - ok
19:58:56.0963 4080 [ F9756A98D69098DCA8945D62858A812C ] C:\Windows\System32\drivers\null.sys
19:58:56.0963 4080 C:\Windows\System32\drivers\null.sys - ok
19:58:56.0963 4080 [ 23DAE03F29D253AE74C44F99E515F9A1 ] C:\Windows\System32\drivers\RDPCDD.sys
19:58:56.0963 4080 C:\Windows\System32\drivers\RDPCDD.sys - ok
19:58:56.0979 4080 [ 8E38096AD5C8570A6F1570A61E251561 ] C:\Windows\System32\drivers\vga.sys
19:58:56.0979 4080 C:\Windows\System32\drivers\vga.sys - ok
19:58:56.0979 4080 [ 15C126D1B55814B9E5CAB10A9C1F4C67 ] C:\Windows\System32\drivers\videoprt.sys
19:58:56.0979 4080 C:\Windows\System32\drivers\videoprt.sys - ok
19:58:56.0979 4080 [ CB45A417C8EF7BA6BAC67EDCDDED8700 ] C:\Windows\System32\drivers\watchdog.sys
19:58:56.0979 4080 C:\Windows\System32\drivers\watchdog.sys - ok
19:58:56.0979 4080 [ 5A53CA1598DD4156D44196D200C94B8A ] C:\Windows\System32\drivers\RDPENCDD.sys
19:58:56.0979 4080 C:\Windows\System32\drivers\RDPENCDD.sys - ok
19:58:56.0979 4080 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] C:\Windows\System32\drivers\RDPREFMP.sys
19:58:56.0979 4080 C:\Windows\System32\drivers\RDPREFMP.sys - ok
19:58:56.0995 4080 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] C:\Windows\System32\drivers\afd.sys
19:58:56.0995 4080 C:\Windows\System32\drivers\afd.sys - ok
19:58:56.0995 4080 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] C:\Windows\System32\drivers\msfs.sys
19:58:56.0995 4080 C:\Windows\System32\drivers\msfs.sys - ok
19:58:56.0995 4080 [ 1DB262A9F8C087E8153D89BEF3D2235F ] C:\Windows\System32\drivers\npfs.sys
19:58:56.0995 4080 C:\Windows\System32\drivers\npfs.sys - ok
19:58:56.0995 4080 [ 2F885864D5BC8A16C86BEE595969A48A ] C:\Windows\System32\drivers\tdi.sys
19:58:56.0995 4080 C:\Windows\System32\drivers\tdi.sys - ok
19:58:56.0995 4080 [ B459575348C20E8121D6039DA063C704 ] C:\Windows\System32\drivers\tdx.sys
19:58:56.0995 4080 C:\Windows\System32\drivers\tdx.sys - ok
19:58:56.0995 4080 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] C:\Windows\System32\drivers\netbios.sys
19:58:56.0995 4080 C:\Windows\System32\drivers\netbios.sys - ok
19:58:57.0010 4080 [ 280122DDCF04B378EDD1AD54D71C1E54 ] C:\Windows\System32\drivers\netbt.sys
19:58:57.0010 4080 C:\Windows\System32\drivers\netbt.sys - ok
19:58:57.0010 4080 [ 6270CCAE2A86DE6D146529FE55B3246A ] C:\Windows\System32\drivers\pacer.sys
19:58:57.0010 4080 C:\Windows\System32\drivers\pacer.sys - ok
19:58:57.0010 4080 [ 8B9A943F3B53861F2BFAF6C186168F79 ] C:\Windows\System32\drivers\wfplwf.sys
19:58:57.0010 4080 C:\Windows\System32\drivers\wfplwf.sys - ok
19:58:57.0010 4080 [ 6DB3276587B853BF886B69528FDB048C ] C:\Windows\System32\drivers\ws2ifsl.sys
19:58:57.0010 4080 C:\Windows\System32\drivers\ws2ifsl.sys - ok
19:58:57.0010 4080 [ BF82EDD924525943A5627301706F3A58 ] C:\Windows\System32\drivers\vmdebug.sys
19:58:57.0010 4080 C:\Windows\System32\drivers\vmdebug.sys - ok
19:58:57.0026 4080 [ BE1C04BA59A9683B4472F60DCC338284 ] C:\Windows\System32\drivers\vmhgfs.sys
19:58:57.0026 4080 C:\Windows\System32\drivers\vmhgfs.sys - ok
19:58:57.0026 4080 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] C:\Windows\System32\drivers\wanarp.sys
19:58:57.0026 4080 C:\Windows\System32\drivers\wanarp.sys - ok
19:58:57.0026 4080 [ FC6B9FF600CC585EA38B12589BD4E246 ] C:\Windows\System32\drivers\mssmbios.sys
19:58:57.0026 4080 C:\Windows\System32\drivers\mssmbios.sys - ok
19:58:57.0026 4080 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] C:\Windows\System32\drivers\nsiproxy.sys
19:58:57.0026 4080 C:\Windows\System32\drivers\nsiproxy.sys - ok
19:58:57.0026 4080 [ D528BC58A489409BA40334EBF96A311B ] C:\Windows\System32\drivers\rdbss.sys
19:58:57.0026 4080 C:\Windows\System32\drivers\rdbss.sys - ok
19:58:57.0026 4080 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] C:\Windows\System32\drivers\termdd.sys
19:58:57.0026 4080 C:\Windows\System32\drivers\termdd.sys - ok
19:58:57.0041 4080 [ 2287078ED48FCFC477B05B20CF38F36F ] C:\Windows\System32\drivers\blbdrive.sys
19:58:57.0041 4080 C:\Windows\System32\drivers\blbdrive.sys - ok
19:58:57.0041 4080 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] C:\Windows\System32\drivers\csc.sys
19:58:57.0041 4080 C:\Windows\System32\drivers\csc.sys - ok
19:58:57.0041 4080 [ F024449C97EC1E464AAFFDA18593DB88 ] C:\Windows\System32\drivers\dfsc.sys
19:58:57.0041 4080 C:\Windows\System32\drivers\dfsc.sys - ok
19:58:57.0041 4080 [ 1A050B0274BFB3890703D490F330C0DA ] C:\Windows\System32\drivers\discache.sys
19:58:57.0041 4080 C:\Windows\System32\drivers\discache.sys - ok
19:58:57.0041 4080 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] C:\Windows\System32\drivers\intelppm.sys
19:58:57.0041 4080 C:\Windows\System32\drivers\intelppm.sys - ok
19:58:57.0041 4080 [ B2FA25D9B17A68BB93D58B0556E8C90D ] C:\Windows\System32\drivers\tunnel.sys
19:58:57.0041 4080 C:\Windows\System32\drivers\tunnel.sys - ok
19:58:57.0057 4080 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] C:\Windows\System32\drivers\igdkmd32.sys
19:58:57.0057 4080 C:\Windows\System32\drivers\igdkmd32.sys - ok
19:58:57.0057 4080 [ C30A91ADE8C9CB91E4281EC83C4500C6 ] C:\Windows\System32\ntdll.dll
19:58:57.0057 4080 C:\Windows\System32\ntdll.dll - ok
19:58:57.0057 4080 [ 16742790895960690237A5143CEDEC8B ] C:\Windows\System32\smss.exe
19:58:57.0057 4080 C:\Windows\System32\smss.exe - ok
19:58:57.0057 4080 [ F88A52EB62019D6A62FDD9E08034DBD8 ] C:\Windows\System32\autochk.exe
19:58:57.0057 4080 C:\Windows\System32\autochk.exe - ok
19:58:57.0057 4080 [ 4F154D2C9C6DF951FD6E5AABBAE6B5EE ] C:\Windows\System32\lpk.dll
19:58:57.0057 4080 C:\Windows\System32\lpk.dll - ok
19:58:57.0073 4080 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\System32\sechost.dll
19:58:57.0073 4080 C:\Windows\System32\sechost.dll - ok
19:58:57.0073 4080 [ 23F5D28378A160352BA8F817BD8C71CB ] C:\Windows\System32\drivers\dxgkrnl.sys
19:58:57.0073 4080 C:\Windows\System32\drivers\dxgkrnl.sys - ok
19:58:57.0073 4080 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\System32\msctf.dll
19:58:57.0073 4080 C:\Windows\System32\msctf.dll - ok
19:58:57.0073 4080 [ D458D1C7F1D49869000668E3C3BB0D4D ] C:\Windows\System32\drivers\dxgmms1.sys
19:58:57.0073 4080 C:\Windows\System32\drivers\dxgmms1.sys - ok
19:58:57.0073 4080 [ 9036377B8A6C15DC2EEC53E489D159B5 ] C:\Windows\System32\drivers\hdaudbus.sys
19:58:57.0073 4080 C:\Windows\System32\drivers\hdaudbus.sys - ok
19:58:57.0073 4080 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] C:\Windows\System32\drivers\netw5v32.sys
19:58:57.0073 4080 C:\Windows\System32\drivers\netw5v32.sys - ok
19:58:57.0088 4080 [ B07C5B7EFDF936FF93D4F540938725BE ] C:\Windows\System32\drivers\yk62x86.sys
19:58:57.0088 4080 C:\Windows\System32\drivers\yk62x86.sys - ok
19:58:57.0088 4080 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\System32\ole32.dll
19:58:57.0088 4080 C:\Windows\System32\ole32.dll - ok
19:58:57.0088 4080 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] C:\Windows\System32\drivers\1394ohci.sys
19:58:57.0088 4080 C:\Windows\System32\drivers\1394ohci.sys - ok
19:58:57.0088 4080 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] C:\Windows\System32\drivers\usbehci.sys
19:58:57.0088 4080 C:\Windows\System32\drivers\usbehci.sys - ok
19:58:57.0088 4080 [ 3AA940AA9AC3055FE32FF2D3D20CCD28 ] C:\Windows\System32\drivers\usbport.sys
19:58:57.0088 4080 C:\Windows\System32\drivers\usbport.sys - ok
19:58:57.0104 4080 [ 68DF884CF41CDADA664BEB01DAF67E3D ] C:\Windows\System32\drivers\usbuhci.sys
19:58:57.0104 4080 C:\Windows\System32\drivers\usbuhci.sys - ok
19:58:57.0104 4080 [ DEA805815E587DAD1DD2C502220B5616 ] C:\Windows\System32\drivers\CmBatt.sys
19:58:57.0104 4080 C:\Windows\System32\drivers\CmBatt.sys - ok
19:58:57.0104 4080 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] C:\Windows\System32\drivers\tpm.sys
19:58:57.0104 4080 C:\Windows\System32\drivers\tpm.sys - ok
19:58:57.0104 4080 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] C:\Windows\System32\drivers\SFEP.sys
19:58:57.0104 4080 C:\Windows\System32\drivers\SFEP.sys - ok
19:58:57.0104 4080 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] C:\Windows\System32\drivers\i8042prt.sys
19:58:57.0104 4080 C:\Windows\System32\drivers\i8042prt.sys - ok
19:58:57.0104 4080 [ ADEF52CA1AEAE82B50DF86B56413107E ] C:\Windows\System32\drivers\kbdclass.sys
19:58:57.0104 4080 C:\Windows\System32\drivers\kbdclass.sys - ok
19:58:57.0120 4080 [ 57EC4AEF73660166074D8F7F31C0D4FD ] C:\Windows\System32\drivers\agilevpn.sys
19:58:57.0120 4080 C:\Windows\System32\drivers\agilevpn.sys - ok
19:58:57.0120 4080 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] C:\Windows\System32\drivers\CompositeBus.sys
19:58:57.0120 4080 C:\Windows\System32\drivers\CompositeBus.sys - ok
19:58:57.0120 4080 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] C:\Windows\System32\drivers\mouclass.sys
19:58:57.0120 4080 C:\Windows\System32\drivers\mouclass.sys - ok
19:58:57.0120 4080 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] C:\Windows\System32\drivers\ndistapi.sys
19:58:57.0120 4080 C:\Windows\System32\drivers\ndistapi.sys - ok
19:58:57.0120 4080 [ D9F91EAFEC2815365CBE6D167E4E332A ] C:\Windows\System32\drivers\rasl2tp.sys
19:58:57.0120 4080 C:\Windows\System32\drivers\rasl2tp.sys - ok
19:58:57.0135 4080 [ 38FBE267E7E6983311179230FACB1017 ] C:\Windows\System32\drivers\ndiswan.sys
19:58:57.0135 4080 C:\Windows\System32\drivers\ndiswan.sys - ok
19:58:57.0135 4080 [ 0FE8B15916307A6AC12BFB6A63E45507 ] C:\Windows\System32\drivers\raspppoe.sys
19:58:57.0135 4080 C:\Windows\System32\drivers\raspppoe.sys - ok
19:58:57.0135 4080 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] C:\Windows\System32\drivers\raspptp.sys
19:58:57.0135 4080 C:\Windows\System32\drivers\raspptp.sys - ok
19:58:57.0135 4080 [ 44101F495A83EA6401D886E7FD70096B ] C:\Windows\System32\drivers\rassstp.sys
19:58:57.0135 4080 C:\Windows\System32\drivers\rassstp.sys - ok
19:58:57.0135 4080 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] C:\Windows\System32\drivers\rdpbus.sys
19:58:57.0135 4080 C:\Windows\System32\drivers\rdpbus.sys - ok
19:58:57.0135 4080 [ 5DCEF0C32BE0F33277326586FA503689 ] C:\Windows\System32\drivers\ks.sys
19:58:57.0135 4080 C:\Windows\System32\drivers\ks.sys - ok
19:58:57.0151 4080 [ E58C78A848ADD9610A4DB6D214AF5224 ] C:\Windows\System32\drivers\swenum.sys
19:58:57.0151 4080 C:\Windows\System32\drivers\swenum.sys - ok
19:58:57.0151 4080 [ D295BED4B898F0FD999FCFA9B32B071B ] C:\Windows\System32\drivers\umbus.sys
19:58:57.0151 4080 C:\Windows\System32\drivers\umbus.sys - ok
19:58:57.0151 4080 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] C:\Windows\System32\drivers\usbhub.sys
19:58:57.0151 4080 C:\Windows\System32\drivers\usbhub.sys - ok
19:58:57.0151 4080 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] C:\Windows\System32\drivers\ndproxy.sys
19:58:57.0151 4080 C:\Windows\System32\drivers\ndproxy.sys - ok
19:58:57.0151 4080 [ 27F9288AF019E6DACA281EDE51FF5928 ] C:\Windows\System32\drivers\drmk.sys
19:58:57.0151 4080 C:\Windows\System32\drivers\drmk.sys - ok
19:58:57.0166 4080 [ A5EF29D5315111C80A5C1ABAD14C8972 ] C:\Windows\System32\drivers\HdAudio.sys
19:58:57.0166 4080 C:\Windows\System32\drivers\HdAudio.sys - ok
19:58:57.0166 4080 [ D72708C9F49500C13D7D067E169B7715 ] C:\Windows\System32\drivers\portcls.sys
19:58:57.0166 4080 C:\Windows\System32\drivers\portcls.sys - ok
19:58:57.0166 4080 [ E00FDFAFF025E94F9821153750C35A6D ] C:\Windows\System32\drivers\VSTAZL3.SYS
19:58:57.0166 4080 C:\Windows\System32\drivers\VSTAZL3.SYS - ok
19:58:57.0166 4080 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] C:\Windows\System32\drivers\VSTDPV3.SYS
19:58:57.0166 4080 C:\Windows\System32\drivers\VSTDPV3.SYS - ok
19:58:57.0166 4080 [ BC0C7EA89194C299F051C24119000E17 ] C:\Windows\System32\drivers\VSTCNXT3.SYS
19:58:57.0166 4080 C:\Windows\System32\drivers\VSTCNXT3.SYS - ok
19:58:57.0166 4080 [ F001861E5700EE84E2D4E52C712F4964 ] C:\Windows\System32\drivers\modem.sys
19:58:57.0166 4080 C:\Windows\System32\drivers\modem.sys - ok
19:58:57.0182 4080 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\System32\psapi.dll
19:58:57.0182 4080 C:\Windows\System32\psapi.dll - ok
19:58:57.0182 4080 [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\System32\shell32.dll
19:58:57.0182 4080 C:\Windows\System32\shell32.dll - ok
19:58:57.0182 4080 [ 5787196F32D043572EC6565C0EF1B8E0 ] C:\Windows\System32\drivers\usbd.sys
19:58:57.0182 4080 C:\Windows\System32\drivers\usbd.sys - ok
19:58:57.0182 4080 [ F991AB9CC6B908DB552166768176896A ] C:\Windows\System32\drivers\USBSTOR.SYS
19:58:57.0182 4080 C:\Windows\System32\drivers\USBSTOR.SYS - ok
19:58:57.0182 4080 [ C2FBF6D271D9A94D839C416BF186EAD9 ] C:\Windows\System32\drivers\bthport.sys
19:58:57.0182 4080 C:\Windows\System32\drivers\bthport.sys - ok
19:58:57.0198 4080 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] C:\Windows\System32\drivers\BTHUSB.SYS
19:58:57.0198 4080 C:\Windows\System32\drivers\BTHUSB.SYS - ok
19:58:57.0198 4080 [ 2865A5C8E98C70C605F417908CEBB3A4 ] C:\Windows\System32\drivers\bthenum.sys
19:58:57.0198 4080 C:\Windows\System32\drivers\bthenum.sys - ok
19:58:57.0198 4080 [ CB928D9E6DAF51879DD6BA8D02F01321 ] C:\Windows\System32\drivers\rfcomm.sys
19:58:57.0198 4080 C:\Windows\System32\drivers\rfcomm.sys - ok
19:58:57.0198 4080 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] C:\Windows\System32\drivers\bthpan.sys
19:58:57.0198 4080 C:\Windows\System32\drivers\bthpan.sys - ok
19:58:57.0198 4080 [ 7FA3A810F383588D46220967DE8B64FF ] C:\Windows\System32\wininet.dll
19:58:57.0198 4080 C:\Windows\System32\wininet.dll - ok
19:58:57.0198 4080 [ 804AAAFEBB3AD5F49334DD906BCB1DE5 ] C:\Windows\System32\usp10.dll
19:58:57.0198 4080 C:\Windows\System32\usp10.dll - ok
19:58:57.0213 4080 [ E87F5393F7D8CE2FACC4DFF703531392 ] C:\Windows\System32\gdi32.dll
19:58:57.0213 4080 C:\Windows\System32\gdi32.dll - ok
19:58:57.0213 4080 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\System32\msvcrt.dll
19:58:57.0213 4080 C:\Windows\System32\msvcrt.dll - ok
19:58:57.0213 4080 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\System32\Wldap32.dll
19:58:57.0213 4080 C:\Windows\System32\Wldap32.dll - ok
19:58:57.0213 4080 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\System32\advapi32.dll
19:58:57.0213 4080 C:\Windows\System32\advapi32.dll - ok
19:58:57.0213 4080 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\System32\nsi.dll
19:58:57.0213 4080 C:\Windows\System32\nsi.dll - ok
19:58:57.0213 4080 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\System32\shlwapi.dll
19:58:57.0213 4080 C:\Windows\System32\shlwapi.dll - ok
19:58:57.0229 4080 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\System32\normaliz.dll
19:58:57.0229 4080 C:\Windows\System32\normaliz.dll - ok
19:58:57.0229 4080 [ 4266A3230981DD4434C55957F6DD497D ] C:\Windows\System32\urlmon.dll
19:58:57.0229 4080 C:\Windows\System32\urlmon.dll - ok
19:58:57.0229 4080 [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\System32\ws2_32.dll
19:58:57.0229 4080 C:\Windows\System32\ws2_32.dll - ok
19:58:57.0229 4080 [ 4A8E2F20809CC161107FAA94F6CF2685 ] C:\Windows\System32\imm32.dll
19:58:57.0229 4080 C:\Windows\System32\imm32.dll - ok
19:58:57.0229 4080 [ 6400774E903729ADD0A62A24A334EE56 ] C:\Windows\System32\rpcrt4.dll
19:58:57.0229 4080 C:\Windows\System32\rpcrt4.dll - ok
19:58:57.0229 4080 [ 070C5B9D3006602A07757179D9B56F5D ] C:\Windows\System32\difxapi.dll
19:58:57.0229 4080 C:\Windows\System32\difxapi.dll - ok
19:58:57.0245 4080 [ FF5688D309347F2720911D8796912834 ] C:\Windows\System32\clbcatq.dll
19:58:57.0245 4080 C:\Windows\System32\clbcatq.dll - ok
19:58:57.0245 4080 [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\System32\comdlg32.dll
19:58:57.0245 4080 C:\Windows\System32\comdlg32.dll - ok
19:58:57.0245 4080 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\System32\setupapi.dll
19:58:57.0245 4080 C:\Windows\System32\setupapi.dll - ok
19:58:57.0245 4080 [ 780E80E5502015EDAEC91DC0A0C96A79 ] C:\Windows\System32\iertutil.dll
19:58:57.0245 4080 C:\Windows\System32\iertutil.dll - ok
19:58:57.0245 4080 [ 3ED262888758E350C29E02207AF9AC59 ] C:\Windows\System32\kernel32.dll
19:58:57.0245 4080 C:\Windows\System32\kernel32.dll - ok
19:58:57.0245 4080 [ F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 ] C:\Windows\System32\user32.dll
19:58:57.0245 4080 C:\Windows\System32\user32.dll - ok
19:58:57.0260 4080 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\System32\oleaut32.dll
19:58:57.0260 4080 C:\Windows\System32\oleaut32.dll - ok
19:58:57.0260 4080 [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\System32\imagehlp.dll
19:58:57.0260 4080 C:\Windows\System32\imagehlp.dll - ok
19:58:57.0260 4080 [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\System32\crypt32.dll
19:58:57.0260 4080 C:\Windows\System32\crypt32.dll - ok
19:58:57.0260 4080 [ E40ADC3B848650F1D5A932FD7DE0D018 ] C:\Windows\System32\KernelBase.dll
19:58:57.0260 4080 C:\Windows\System32\KernelBase.dll - ok
19:58:57.0260 4080 [ 3FFAEA12666E565FF51BF2FCA674F543 ] C:\Windows\System32\cfgmgr32.dll
19:58:57.0260 4080 C:\Windows\System32\cfgmgr32.dll - ok
19:58:57.0276 4080 [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\System32\wintrust.dll
19:58:57.0276 4080 C:\Windows\System32\wintrust.dll - ok
19:58:57.0276 4080 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\System32\comctl32.dll
19:58:57.0276 4080 C:\Windows\System32\comctl32.dll - ok
19:58:57.0276 4080 [ CC4ED8BEA78B0DCA6F217E014C3291A7 ] C:\Windows\System32\devobj.dll
19:58:57.0276 4080 C:\Windows\System32\devobj.dll - ok
19:58:57.0276 4080 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\System32\msasn1.dll
19:58:57.0276 4080 C:\Windows\System32\msasn1.dll - ok
19:58:57.0276 4080 [ 5FCD3320AAE71506B43F9E12E4E72172 ] C:\Windows\System32\drivers\dxapi.sys
19:58:57.0276 4080 C:\Windows\System32\drivers\dxapi.sys - ok
19:58:57.0276 4080 [ C7ECD7583B56569DC3DE77FE05641565 ] C:\Windows\System32\win32k.sys
19:58:57.0276 4080 C:\Windows\System32\win32k.sys - ok
19:58:57.0291 4080 [ 6C062EA09313872D2235027EF7A4554E ] C:\Windows\System32\csrsrv.dll
19:58:57.0291 4080 C:\Windows\System32\csrsrv.dll - ok
19:58:57.0291 4080 [ 342271F6142E7C70805B8A81E1BA5F5C ] C:\Windows\System32\csrss.exe
19:58:57.0291 4080 C:\Windows\System32\csrss.exe - ok
19:58:57.0291 4080 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\System32\basesrv.dll
19:58:57.0291 4080 C:\Windows\System32\basesrv.dll - ok
19:58:57.0291 4080 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\System32\winsrv.dll
19:58:57.0291 4080 C:\Windows\System32\winsrv.dll - ok
19:58:57.0291 4080 [ 79D10964DE86B292320E9DFE02282A23 ] C:\Windows\System32\drivers\monitor.sys
19:58:57.0291 4080 C:\Windows\System32\drivers\monitor.sys - ok
19:58:57.0291 4080 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\System32\sxssrv.dll
19:58:57.0291 4080 C:\Windows\System32\sxssrv.dll - ok
19:58:57.0307 4080 [ 7C76B61A5E1EF5D1FA554CF134100F18 ] C:\Windows\System32\tsddd.dll
19:58:57.0307 4080 C:\Windows\System32\tsddd.dll - ok
19:58:57.0307 4080 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\System32\profapi.dll
19:58:57.0307 4080 C:\Windows\System32\profapi.dll - ok
19:58:57.0307 4080 [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\System32\RpcRtRemote.dll
19:58:57.0307 4080 C:\Windows\System32\RpcRtRemote.dll - ok
19:58:57.0307 4080 [ B5C5DCAD3899512020D135600129D665 ] C:\Windows\System32\wininit.exe
19:58:57.0307 4080 C:\Windows\System32\wininit.exe - ok
19:58:57.0307 4080 [ CAEF9CD6C10B1017E2C298D849CD31DB ] C:\Windows\System32\cdd.dll
19:58:57.0307 4080 C:\Windows\System32\cdd.dll - ok
19:58:57.0323 4080 [ 357B990A4249D7F7485B230C0CC8825A ] C:\Windows\System32\KBDUS.DLL
19:58:57.0323 4080 C:\Windows\System32\KBDUS.DLL - ok
19:58:57.0323 4080 [ 633C2C060CF857099F6C4F8D75C952B1 ] C:\Windows\System32\WlS0WndH.dll
19:58:57.0323 4080 C:\Windows\System32\WlS0WndH.dll - ok
19:58:57.0323 4080 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\System32\cryptbase.dll
19:58:57.0323 4080 C:\Windows\System32\cryptbase.dll - ok
19:58:57.0323 4080 [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\System32\sxs.dll
19:58:57.0323 4080 C:\Windows\System32\sxs.dll - ok
19:58:57.0323 4080 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\System32\apphelp.dll
19:58:57.0323 4080 C:\Windows\System32\apphelp.dll - ok
19:58:57.0323 4080 [ 8AEA9A37C1A3565A204D37C5E72AB791 ] C:\Windows\System32\lsm.exe
19:58:57.0323 4080 C:\Windows\System32\lsm.exe - ok
19:58:57.0338 4080 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\System32\services.exe
19:58:57.0338 4080 C:\Windows\System32\services.exe - ok
19:58:57.0338 4080 [ 81951F51E318AECC2D68559E47485CC4 ] C:\Windows\System32\lsass.exe
19:58:57.0338 4080 C:\Windows\System32\lsass.exe - ok
19:58:57.0338 4080 [ 250AA41DE690561AF1282D598914564C ] C:\Windows\System32\scesrv.dll
19:58:57.0338 4080 C:\Windows\System32\scesrv.dll - ok
19:58:57.0338 4080 [ 3369D021265E369D57317D61FA86DD79 ] C:\Windows\System32\scext.dll
19:58:57.0338 4080 C:\Windows\System32\scext.dll - ok
19:58:57.0338 4080 [ 69678722290C78D5D7198C60B5A4E3E8 ] C:\Windows\System32\secur32.dll
19:58:57.0338 4080 C:\Windows\System32\secur32.dll - ok
19:58:57.0338 4080 [ 4A054C853031616D161A84BECF281F47 ] C:\Windows\System32\sspicli.dll
19:58:57.0338 4080 C:\Windows\System32\sspicli.dll - ok
19:58:57.0354 4080 [ E361AE3010EA4B3123DAB5BDAE21798F ] C:\Windows\System32\sspisrv.dll
19:58:57.0354 4080 C:\Windows\System32\sspisrv.dll - ok
19:58:57.0354 4080 [ BA51FFE170C5B3AE8EC4F5BD2581A29E ] C:\Windows\System32\sysntfy.dll
19:58:57.0354 4080 C:\Windows\System32\sysntfy.dll - ok
19:58:57.0354 4080 [ D412B1B72C5AB020218E9A047D90CA05 ] C:\Windows\System32\wmsgapi.dll
19:58:57.0354 4080 C:\Windows\System32\wmsgapi.dll - ok
19:58:57.0354 4080 [ C95CA687D32DDAB1C91E1122E80D5E16 ] C:\Windows\System32\lsasrv.dll
19:58:57.0354 4080 C:\Windows\System32\lsasrv.dll - ok
19:58:57.0354 4080 [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\System32\srvcli.dll
19:58:57.0354 4080 C:\Windows\System32\srvcli.dll - ok
19:58:57.0354 4080 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] C:\Windows\System32\aelupsvc.dll
19:58:57.0354 4080 C:\Windows\System32\aelupsvc.dll - ok
19:58:57.0370 4080 [ 245F4691314F42D4D1BC06442F0B2086 ] C:\Windows\System32\samsrv.dll
19:58:57.0370 4080 C:\Windows\System32\samsrv.dll - ok
19:58:57.0370 4080 [ 18A54E132947CD98FEA9ACCC57F98F13 ] C:\Windows\System32\alg.exe
19:58:57.0370 4080 C:\Windows\System32\alg.exe - ok
19:58:57.0370 4080 [ 1128637CAD49A8E3C8B5FA5D0A061525 ] C:\Windows\System32\cryptdll.dll
19:58:57.0370 4080 C:\Windows\System32\cryptdll.dll - ok
19:58:57.0370 4080 [ 82C089EA2A3EEFADF3588EA71E8BDADA ] C:\Windows\System32\wevtapi.dll
19:58:57.0370 4080 C:\Windows\System32\wevtapi.dll - ok
19:58:57.0370 4080 [ 62A9C86CB6085E20DB4823E4E97826F5 ] C:\Windows\System32\appidsvc.dll
19:58:57.0370 4080 C:\Windows\System32\appidsvc.dll - ok
19:58:57.0370 4080 [ FB1959012294D6AD43E5304DF65E3C26 ] C:\Windows\System32\appinfo.dll
19:58:57.0370 4080 C:\Windows\System32\appinfo.dll - ok
19:58:57.0385 4080 [ FB4EB9352B7D698E6B3C2AA2ED724DAD ] C:\Windows\System32\authz.dll
19:58:57.0385 4080 C:\Windows\System32\authz.dll - ok
19:58:57.0385 4080 [ 50BA656134F78AF64E4DD3C8B6FEFD7E ] C:\Windows\System32\cngaudit.dll
19:58:57.0385 4080 C:\Windows\System32\cngaudit.dll - ok
19:58:57.0385 4080 [ BF6D6ED5FADCEEE885BD0144ECF1BA27 ] C:\Windows\System32\ncrypt.dll
19:58:57.0385 4080 C:\Windows\System32\ncrypt.dll - ok
19:58:57.0385 4080 [ FC7650224790CAE75A5E9231961FDEC5 ] C:\Windows\System32\bcrypt.dll
19:58:57.0385 4080 C:\Windows\System32\bcrypt.dll - ok
19:58:57.0385 4080 [ C90878913DF3DC504790282043DB5F4C ] C:\Windows\System32\msprivs.dll
19:58:57.0385 4080 C:\Windows\System32\msprivs.dll - ok
19:58:57.0401 4080 [ A45D184DF6A8803DA13A0B329517A64A ] C:\Windows\System32\appmgmts.dll
19:58:57.0401 4080 C:\Windows\System32\appmgmts.dll - ok
19:58:57.0401 4080 [ E343CABBD8D600ABAF3F11625D33B3D0 ] C:\Windows\System32\netjoin.dll
19:58:57.0401 4080 C:\Windows\System32\netjoin.dll - ok
19:58:57.0401 4080 [ 761A3A4038C1FD4F5795427907C28484 ] C:\Windows\System32\rascfg.dll
19:58:57.0401 4080 C:\Windows\System32\rascfg.dll - ok
19:58:57.0401 4080 [ BDA0B954A30498B5A7EDC6204CBA07ED ] C:\Windows\System32\kerberos.dll
19:58:57.0401 4080 C:\Windows\System32\kerberos.dll - ok
19:58:57.0401 4080 [ 6DCFAEC6D1334AA6CDF8961DB4633CBF ] C:\Windows\System32\negoexts.dll
19:58:57.0401 4080 C:\Windows\System32\negoexts.dll - ok
19:58:57.0401 4080 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] C:\Windows\System32\audiosrv.dll
19:58:57.0401 4080 C:\Windows\System32\audiosrv.dll - ok
19:58:57.0416 4080 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\System32\cryptsp.dll
19:58:57.0416 4080 C:\Windows\System32\cryptsp.dll - ok
19:58:57.0416 4080 [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\System32\mswsock.dll
19:58:57.0416 4080 C:\Windows\System32\mswsock.dll - ok
19:58:57.0416 4080 [ 4C1E16B9A53102C8D6FBA587CBCB95DE ] C:\Windows\System32\msv1_0.dll
19:58:57.0416 4080 C:\Windows\System32\msv1_0.dll - ok
19:58:57.0416 4080 [ C1809B9907ADEDAF16F50C894100883B ] C:\Windows\System32\netlogon.dll
19:58:57.0416 4080 C:\Windows\System32\netlogon.dll - ok
19:58:57.0416 4080 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\System32\wship6.dll
19:58:57.0416 4080 C:\Windows\System32\wship6.dll - ok
19:58:57.0416 4080 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] C:\Windows\System32\AxInstSv.dll
19:58:57.0416 4080 C:\Windows\System32\AxInstSv.dll - ok
19:58:57.0432 4080 [ EE1E9C3BB8228AE423DD38DB69128E71 ] C:\Windows\System32\bdesvc.dll
19:58:57.0432 4080 C:\Windows\System32\bdesvc.dll - ok
19:58:57.0432 4080 [ 1E2BAC209D184BB851E1A187D8A29136 ] C:\Windows\System32\BFE.DLL
19:58:57.0432 4080 C:\Windows\System32\BFE.DLL - ok
19:58:57.0432 4080 [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\System32\dnsapi.dll
19:58:57.0432 4080 C:\Windows\System32\dnsapi.dll - ok
19:58:57.0432 4080 [ 8EA53101FF2B15BDFF934B62A8FB326D ] C:\Windows\System32\logoncli.dll
19:58:57.0432 4080 C:\Windows\System32\logoncli.dll - ok
19:58:57.0432 4080 [ 3D3CBD1847F980FB03343A63671E7886 ] C:\Windows\System32\schannel.dll
19:58:57.0432 4080 C:\Windows\System32\schannel.dll - ok
19:58:57.0448 4080 [ 0450CF487ECD8A67B56F59F9A96D024D ] C:\Windows\System32\wdigest.dll
19:58:57.0448 4080 C:\Windows\System32\wdigest.dll - ok
19:58:57.0448 4080 [ E585445D5021971FAE10393F0F1C3961 ] C:\Windows\System32\qmgr.dll
19:58:57.0448 4080 C:\Windows\System32\qmgr.dll - ok
19:58:57.0448 4080 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\System32\rsaenh.dll
19:58:57.0448 4080 C:\Windows\System32\rsaenh.dll - ok
19:58:57.0448 4080 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\System32\bcryptprimitives.dll
19:58:57.0448 4080 C:\Windows\System32\bcryptprimitives.dll - ok
19:58:57.0448 4080 [ 37CC990D4E2CDFAE12AC47F6B620FC13 ] C:\Windows\System32\pku2u.dll
19:58:57.0448 4080 C:\Windows\System32\pku2u.dll - ok
19:58:57.0448 4080 [ D29E45078CF4020CE0AAC82EC652D1EA ] C:\Windows\System32\TSpkg.dll
19:58:57.0448 4080 C:\Windows\System32\TSpkg.dll - ok
19:58:57.0448 4080 [ 6D13E1406F50C66E2A95D97F22C47560 ] C:\Windows\System32\winlogon.exe
19:58:57.0448 4080 C:\Windows\System32\winlogon.exe - ok
19:58:57.0463 4080 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] C:\Windows\System32\browser.dll
19:58:57.0463 4080 C:\Windows\System32\browser.dll - ok
19:58:57.0463 4080 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\System32\credssp.dll
19:58:57.0463 4080 C:\Windows\System32\credssp.dll - ok
19:58:57.0463 4080 [ 91F434FF6606ED9BDC6A05D651B69553 ] C:\Windows\System32\efslsaext.dll
19:58:57.0463 4080 C:\Windows\System32\efslsaext.dll - ok
19:58:57.0463 4080 [ 8124944EC89D6A1815E4E53F5B96AAF4 ] C:\Windows\System32\scecli.dll
19:58:57.0463 4080 C:\Windows\System32\scecli.dll - ok
19:58:57.0463 4080 [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\System32\winsta.dll
19:58:57.0463 4080 C:\Windows\System32\winsta.dll - ok
19:58:57.0479 4080 [ 1180159EE45AD1B110F6E482F244899E ] C:\Windows\System32\bridgeres.dll
19:58:57.0479 4080 C:\Windows\System32\bridgeres.dll - ok
19:58:57.0479 4080 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] C:\Windows\System32\bthserv.dll
19:58:57.0479 4080 C:\Windows\System32\bthserv.dll - ok
19:58:57.0479 4080 [ 319C6B309773D063541D01DF8AC6F55F ] C:\Windows\System32\certprop.dll
19:58:57.0479 4080 C:\Windows\System32\certprop.dll - ok
19:58:57.0479 4080 [ 635181E0E9BBF16871BF5380D71DB02D ] C:\Windows\System32\clfs.sys
19:58:57.0479 4080 C:\Windows\System32\clfs.sys - ok
19:58:57.0479 4080 [ 808D8A8B2A3074002852BC856D419576 ] C:\Windows\System32\comres.dll
19:58:57.0479 4080 C:\Windows\System32\comres.dll - ok
19:58:57.0479 4080 [ 96C0E38905CFD788313BE8E11DAE3F2F ] C:\Windows\System32\cryptsvc.dll
19:58:57.0479 4080 C:\Windows\System32\cryptsvc.dll - ok
19:58:57.0495 4080 [ 15F93B37F6801943360D9EB42485D5D3 ] C:\Windows\System32\cscsvc.dll
19:58:57.0495 4080 C:\Windows\System32\cscsvc.dll - ok
19:58:57.0495 4080 [ 370E6FB6F6FF1B3DAC7F1182AC493BB6 ] C:\Windows\System32\oleres.dll
19:58:57.0495 4080 C:\Windows\System32\oleres.dll - ok
19:58:57.0495 4080 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] C:\Windows\System32\defragsvc.dll
19:58:57.0495 4080 C:\Windows\System32\defragsvc.dll - ok
19:58:57.0495 4080 [ E9E01EB683C132F7FA27CD607B8A2B63 ] C:\Windows\System32\dhcpcore.dll
19:58:57.0495 4080 C:\Windows\System32\dhcpcore.dll - ok
19:58:57.0495 4080 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] C:\Windows\System32\dot3svc.dll
19:58:57.0495 4080 C:\Windows\System32\dot3svc.dll - ok
19:58:57.0495 4080 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] C:\Windows\System32\dps.dll
19:58:57.0495 4080 C:\Windows\System32\dps.dll - ok
19:58:57.0510 4080 [ 8600142FA91C1B96367D3300AD0F3F3A ] C:\Windows\System32\eapsvc.dll
19:58:57.0510 4080 C:\Windows\System32\eapsvc.dll - ok
19:58:57.0510 4080 [ 00A99DA54C14969A899ED316D16E9A9E ] C:\Windows\System32\efssvc.dll
19:58:57.0510 4080 C:\Windows\System32\efssvc.dll - ok
19:58:57.0510 4080 [ A8C362018EFC87BEB013EE28F29C0863 ] C:\Windows\ehome\ehrecvr.exe
19:58:57.0510 4080 C:\Windows\ehome\ehrecvr.exe - ok
19:58:57.0510 4080 [ D389BFF34F80CAEDE417BF9D1507996A ] C:\Windows\ehome\ehsched.exe
19:58:57.0510 4080 C:\Windows\ehome\ehsched.exe - ok
19:58:57.0510 4080 [ 241E015DD809CFB23242F890B1FC575B ] C:\Windows\System32\wevtsvc.dll
19:58:57.0510 4080 C:\Windows\System32\wevtsvc.dll - ok
19:58:57.0510 4080 [ C4096CA42199428B3D63DC206C197F0E ] C:\Windows\System32\FXSRESM.dll
19:58:57.0510 4080 C:\Windows\System32\FXSRESM.dll - ok
19:58:57.0526 4080 [ F3222C893BD2F5821A0179E5C71E88FB ] C:\Windows\System32\fdPHost.dll
19:58:57.0526 4080 C:\Windows\System32\fdPHost.dll - ok
19:58:57.0526 4080 [ 6CF00369C97F3CF563BE99BE983D13D8 ] C:\Windows\System32\drivers\fileinfo.sys
19:58:57.0526 4080 C:\Windows\System32\drivers\fileinfo.sys - ok
19:58:57.0526 4080 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] C:\Windows\System32\FDResPub.dll
19:58:57.0526 4080 C:\Windows\System32\FDResPub.dll - ok
19:58:57.0526 4080 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] C:\Windows\System32\drivers\filetrace.sys
19:58:57.0526 4080 C:\Windows\System32\drivers\filetrace.sys - ok
19:58:57.0526 4080 [ 7520EC808E0C35E0EE6F841294316653 ] C:\Windows\System32\drivers\fltMgr.sys
19:58:57.0526 4080 C:\Windows\System32\drivers\fltMgr.sys - ok
19:58:57.0541 4080 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] C:\Windows\System32\FntCache.dll
19:58:57.0541 4080 C:\Windows\System32\FntCache.dll - ok
19:58:57.0541 4080 [ 6A08F1C87BBF6197F5DAD95CF41E5175 ] C:\Windows\System32\PresentationHost.exe
19:58:57.0541 4080 C:\Windows\System32\PresentationHost.exe - ok
19:58:57.0541 4080 [ 1A16B57943853E598CFF37FE2B8CBF1D ] C:\Windows\System32\drivers\fsdepends.sys
19:58:57.0541 4080 C:\Windows\System32\drivers\fsdepends.sys - ok
19:58:57.0541 4080 [ 8A73E79089B282100B9393B644CB853B ] C:\Windows\System32\drivers\fvevol.sys
19:58:57.0541 4080 C:\Windows\System32\drivers\fvevol.sys - ok
19:58:57.0541 4080 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\System32\gpapi.dll
19:58:57.0541 4080 C:\Windows\System32\gpapi.dll - ok
19:58:57.0541 4080 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] C:\Windows\System32\hidserv.dll
19:58:57.0541 4080 C:\Windows\System32\hidserv.dll - ok
19:58:57.0557 4080 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] C:\Windows\System32\KMSVC.DLL
19:58:57.0557 4080 C:\Windows\System32\KMSVC.DLL - ok
19:58:57.0557 4080 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] C:\Windows\System32\ListSvc.dll
19:58:57.0557 4080 C:\Windows\System32\ListSvc.dll - ok
19:58:57.0557 4080 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] C:\Windows\System32\provsvc.dll
19:58:57.0557 4080 C:\Windows\System32\provsvc.dll - ok
19:58:57.0557 4080 [ 871917B07A141BFF43D76D8844D48106 ] C:\Windows\System32\drivers\http.sys
19:58:57.0557 4080 C:\Windows\System32\drivers\http.sys - ok
19:58:57.0557 4080 [ 68F94A45AB26C06221B6BF5C491436D8 ] C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll
19:58:57.0557 4080 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll - ok
19:58:57.0573 4080 [ 0C4E035C7F105F1299258C90886C64C5 ] C:\Windows\System32\drivers\hwpolicy.sys
19:58:57.0573 4080 C:\Windows\System32\drivers\hwpolicy.sys - ok
19:58:57.0573 4080 [ F95622F161474511B8D80D6B093AA610 ] C:\Windows\System32\IKEEXT.DLL
19:58:57.0573 4080 C:\Windows\System32\IKEEXT.DLL - ok
19:58:57.0573 4080 [ ACB364B9075A45C0736E5C47BE5CAE19 ] C:\Windows\System32\IPBusEnum.dll
19:58:57.0573 4080 C:\Windows\System32\IPBusEnum.dll - ok
19:58:57.0573 4080 [ 4D65A07B795D6674312F879D09AA7663 ] C:\Windows\System32\iphlpsvc.dll
19:58:57.0573 4080 C:\Windows\System32\iphlpsvc.dll - ok
19:58:57.0573 4080 [ 42996CFF20A3084A56017B7902307E9F ] C:\Windows\System32\drivers\irenum.sys
19:58:57.0573 4080 C:\Windows\System32\drivers\irenum.sys - ok
19:58:57.0573 4080 [ AF75DBA674E55221B7A055B0A4345F16 ] C:\Windows\System32\keyiso.dll
19:58:57.0573 4080 C:\Windows\System32\keyiso.dll - ok
19:58:57.0588 4080 [ D64AF876D53ECA3668BB97B51B4E70AB ] C:\Windows\System32\srvsvc.dll
19:58:57.0588 4080 C:\Windows\System32\srvsvc.dll - ok
19:58:57.0588 4080 [ 58405E4F68BA8E4057C6E914F326ABA2 ] C:\Windows\System32\wkssvc.dll
19:58:57.0588 4080 C:\Windows\System32\wkssvc.dll - ok
19:58:57.0588 4080 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] C:\Windows\System32\drivers\luafv.sys
19:58:57.0588 4080 C:\Windows\System32\drivers\luafv.sys - ok
19:58:57.0588 4080 [ 276678C13E3F01E9EC32ED7E56B4FEA0 ] C:\Windows\System32\lltdres.dll
19:58:57.0588 4080 C:\Windows\System32\lltdres.dll - ok
19:58:57.0588 4080 [ 55CA01BA19D0006C8F2639B6C045E08B ] C:\Windows\System32\lmhsvc.dll
19:58:57.0588 4080 C:\Windows\System32\lmhsvc.dll - ok
19:58:57.0588 4080 [ F7807FFF85E636D53A0C2C2CD8BCDC5F ] C:\Windows\ehome\ehres.dll

19:58:57.0588 4080 C:\Windows\ehome\ehres.dll - ok
19:58:57.0604 4080 [ 146B6F43A673379A3C670E86D89BE5EA ] C:\Windows\System32\mmcss.dll
19:58:57.0604 4080 C:\Windows\System32\mmcss.dll - ok
19:58:57.0604 4080 [ FC8771F45ECCCFD89684E38842539B9B ] C:\Windows\System32\drivers\mountmgr.sys
19:58:57.0604 4080 C:\Windows\System32\drivers\mountmgr.sys - ok
19:58:57.0604 4080 [ 3F50200237961034FACE602373838980 ] C:\Windows\System32\FirewallAPI.dll
19:58:57.0604 4080 C:\Windows\System32\FirewallAPI.dll - ok
19:58:57.0604 4080 [ A9D880F97530D5B8FEE278923349929D ] C:\Windows\System32\WebClnt.dll
19:58:57.0604 4080 C:\Windows\System32\WebClnt.dll - ok
19:58:57.0604 4080 [ 3E1E5767043C5AF9367F0056295E9F84 ] C:\Windows\System32\drivers\mshidkmdf.sys
19:58:57.0604 4080 C:\Windows\System32\drivers\mshidkmdf.sys - ok
19:58:57.0620 4080 [ BB5B4BA716D145B2ADF241052EDAB983 ] C:\Windows\System32\iscsidsc.dll
19:58:57.0620 4080 C:\Windows\System32\iscsidsc.dll - ok
19:58:57.0620 4080 [ 1F59B386F652A0484A3CC0B680B1132B ] C:\Windows\System32\msimsg.dll
19:58:57.0620 4080 C:\Windows\System32\msimsg.dll - ok
19:58:57.0620 4080 [ 159FAD02F64E6381758C990F753BCC80 ] C:\Windows\System32\drivers\mup.sys
19:58:57.0620 4080 C:\Windows\System32\drivers\mup.sys - ok
19:58:57.0620 4080 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] C:\Windows\System32\QAGENTRT.DLL
19:58:57.0620 4080 C:\Windows\System32\QAGENTRT.DLL - ok
19:58:57.0620 4080 [ E7C54812A2AAF43316EB6930C1FFA108 ] C:\Windows\System32\drivers\ndis.sys
19:58:57.0620 4080 C:\Windows\System32\drivers\ndis.sys - ok
19:58:57.0620 4080 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] C:\Windows\System32\netman.dll
19:58:57.0620 4080 C:\Windows\System32\netman.dll - ok
19:58:57.0635 4080 [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\System32\netprofm.dll
19:58:57.0635 4080 C:\Windows\System32\netprofm.dll - ok
19:58:57.0635 4080 [ CA461A203EF40A98C1C23DE3CBEE68B2 ] C:\Program Files\Microsoft Security Client\MpAsDesc.dll
19:58:57.0635 4080 C:\Program Files\Microsoft Security Client\MpAsDesc.dll - ok
19:58:57.0635 4080 [ 912084381D30D8B89EC4E293053F4710 ] C:\Windows\System32\nlasvc.dll
19:58:57.0635 4080 C:\Windows\System32\nlasvc.dll - ok
19:58:57.0635 4080 [ BA387E955E890C8A88306D9B8D06BF17 ] C:\Windows\System32\nsisvc.dll
19:58:57.0635 4080 C:\Windows\System32\nsisvc.dll - ok
19:58:57.0635 4080 [ 82A8521DDC60710C3D3D3E7325209BEC ] C:\Windows\System32\pnrpsvc.dll
19:58:57.0635 4080 C:\Windows\System32\pnrpsvc.dll - ok
19:58:57.0635 4080 [ 59C3DDD501E39E006DAC31BF55150D91 ] C:\Windows\System32\p2psvc.dll
19:58:57.0635 4080 C:\Windows\System32\p2psvc.dll - ok
19:58:57.0651 4080 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] C:\Windows\System32\drivers\partmgr.sys
19:58:57.0651 4080 C:\Windows\System32\drivers\partmgr.sys - ok
19:58:57.0651 4080 [ 358AB7956D3160000726574083DFC8A6 ] C:\Windows\System32\pcasvc.dll
19:58:57.0651 4080 C:\Windows\System32\pcasvc.dll - ok
19:58:57.0651 4080 [ AF4D64D2A57B9772CF3801950B8058A6 ] C:\Windows\System32\PeerDistSvc.dll
19:58:57.0651 4080 C:\Windows\System32\PeerDistSvc.dll - ok
19:58:57.0651 4080 [ 414BBA67A3DED1D28437EB66AEB8A720 ] C:\Windows\System32\pla.dll
19:58:57.0651 4080 C:\Windows\System32\pla.dll - ok
19:58:57.0651 4080 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] C:\Windows\System32\umpnpmgr.dll
19:58:57.0651 4080 C:\Windows\System32\umpnpmgr.dll - ok
19:58:57.0651 4080 [ 63FF8572611249931EB16BB8EED6AFC8 ] C:\Windows\System32\pnrpauto.dll
19:58:57.0651 4080 C:\Windows\System32\pnrpauto.dll - ok
19:58:57.0666 4080 [ 0E6DCD164732580CC1E57276252F49CF ] C:\Windows\System32\polstore.dll
19:58:57.0666 4080 C:\Windows\System32\polstore.dll - ok
19:58:57.0666 4080 [ F87D30E72E03D579A5199CCB3831D6EA ] C:\Windows\System32\umpo.dll
19:58:57.0666 4080 C:\Windows\System32\umpo.dll - ok
19:58:57.0666 4080 [ CADEFAC453040E370A1BDFF3973BE00D ] C:\Windows\System32\profsvc.dll
19:58:57.0666 4080 C:\Windows\System32\profsvc.dll - ok
19:58:57.0666 4080 [ 274992D0945889A6B56D0E1BD4288A6E ] C:\Windows\System32\psbase.dll
19:58:57.0666 4080 C:\Windows\System32\psbase.dll - ok
19:58:57.0666 4080 [ 31AC809E7707EB580B2BDB760390765A ] C:\Windows\System32\qwave.dll
19:58:57.0666 4080 C:\Windows\System32\qwave.dll - ok
19:58:57.0682 4080 [ 584078CA1B95CA72DF2A27C336F9719D ] C:\Windows\System32\drivers\qwavedrv.sys
19:58:57.0682 4080 C:\Windows\System32\drivers\qwavedrv.sys - ok
19:58:57.0682 4080 [ A60F1839849C0C00739787FD5EC03F13 ] C:\Windows\System32\rasauto.dll
19:58:57.0682 4080 C:\Windows\System32\rasauto.dll - ok
19:58:57.0682 4080 [ CB9E04DC05EACF5B9A36CA276D475006 ] C:\Windows\System32\rasmans.dll
19:58:57.0682 4080 C:\Windows\System32\rasmans.dll - ok
19:58:57.0682 4080 [ D318F23BE45D5E3A107469EB64815B50 ] C:\Windows\System32\sstpsvc.dll
19:58:57.0682 4080 C:\Windows\System32\sstpsvc.dll - ok
19:58:57.0682 4080 [ 7B5E1419717FAC363A31CC302895217A ] C:\Windows\System32\mprdim.dll
19:58:57.0682 4080 C:\Windows\System32\mprdim.dll - ok
19:58:57.0682 4080 [ CB9A8683F4EF2BF99E123D79950D7935 ] C:\Windows\System32\regsvc.dll
19:58:57.0682 4080 C:\Windows\System32\regsvc.dll - ok
19:58:57.0698 4080 [ 78D072F35BC45D9E4E1B61895C152234 ] C:\Windows\System32\RpcEpMap.dll
19:58:57.0698 4080 C:\Windows\System32\RpcEpMap.dll - ok
19:58:57.0698 4080 [ 94D36C0E44677DD26981D2BFEEF2A29D ] C:\Windows\System32\Locator.exe
19:58:57.0698 4080 C:\Windows\System32\Locator.exe - ok
19:58:57.0698 4080 [ 8FC518FFE9519C2631D37515A68009C4 ] C:\Windows\System32\SCardSvr.dll
19:58:57.0698 4080 C:\Windows\System32\SCardSvr.dll - ok
19:58:57.0698 4080 [ 0693B5EC673E34DC147E195779A4DCF6 ] C:\Windows\System32\drivers\scfilter.sys
19:58:57.0698 4080 C:\Windows\System32\drivers\scfilter.sys - ok
19:58:57.0698 4080 [ A04BB13F8A72F8B6E8B4071723E4E336 ] C:\Windows\System32\schedsvc.dll
19:58:57.0698 4080 C:\Windows\System32\schedsvc.dll - ok
19:58:57.0698 4080 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] C:\Windows\System32\sdrsvc.dll
19:58:57.0698 4080 C:\Windows\System32\sdrsvc.dll - ok
19:58:57.0713 4080 [ A59B3A4442C52060CC7A85293AA3546F ] C:\Windows\System32\seclogon.dll
19:58:57.0713 4080 C:\Windows\System32\seclogon.dll - ok
19:58:57.0713 4080 [ DCB7FCDCC97F87360F75D77425B81737 ] C:\Windows\System32\Sens.dll
19:58:57.0713 4080 C:\Windows\System32\Sens.dll - ok
19:58:57.0713 4080 [ 50087FE1EE447009C9CC2997B90DE53F ] C:\Windows\System32\sensrsvc.dll
19:58:57.0713 4080 C:\Windows\System32\sensrsvc.dll - ok
19:58:57.0713 4080 [ 4AE380F39A0032EAB7DD953030B26D28 ] C:\Windows\System32\SessEnv.dll
19:58:57.0713 4080 C:\Windows\System32\SessEnv.dll - ok
19:58:57.0713 4080 [ D1A079A0DE2EA524513B6930C24527A2 ] C:\Windows\System32\ipnathlp.dll
19:58:57.0713 4080 C:\Windows\System32\ipnathlp.dll - ok
19:58:57.0713 4080 [ 414DA952A35BF5D50192E28263B40577 ] C:\Windows\System32\shsvcs.dll
19:58:57.0713 4080 C:\Windows\System32\shsvcs.dll - ok
19:58:57.0729 4080 [ CAFC0B884E5590B5E80D84F592388B3D ] C:\Windows\System32\tcpipcfg.dll
19:58:57.0729 4080 C:\Windows\System32\tcpipcfg.dll - ok
19:58:57.0729 4080 [ 6A984831644ECA1A33FFEAE4126F4F37 ] C:\Windows\System32\snmptrap.exe
19:58:57.0729 4080 C:\Windows\System32\snmptrap.exe - ok
19:58:57.0729 4080 [ 866A43013535DC8587C258E43579C764 ] C:\Windows\System32\spoolsv.exe
19:58:57.0729 4080 C:\Windows\System32\spoolsv.exe - ok
19:58:57.0729 4080 [ CF87A1DE791347E75B98885214CED2B8 ] C:\Windows\System32\sppsvc.exe
19:58:57.0729 4080 C:\Windows\System32\sppsvc.exe - ok
19:58:57.0729 4080 [ B0180B20B065D89232A78A40FE56EAA6 ] C:\Windows\System32\sppuinotify.dll
19:58:57.0729 4080 C:\Windows\System32\sppuinotify.dll - ok
19:58:57.0729 4080 [ D887C9FD02AC9FA880F6E5027A43E118 ] C:\Windows\System32\ssdpsrv.dll
19:58:57.0745 4080 C:\Windows\System32\ssdpsrv.dll - ok
19:58:57.0745 4080 [ E1FB3706030FB4578A0D72C2FC3689E4 ] C:\Windows\System32\wiaservc.dll
19:58:57.0745 4080 C:\Windows\System32\wiaservc.dll - ok
19:58:57.0745 4080 [ B0AC902EFD7E46708014625ECEB25741 ] C:\Windows\System32\vmstorfltres.dll
19:58:57.0745 4080 C:\Windows\System32\vmstorfltres.dll - ok
19:58:57.0745 4080 [ A28BD92DF340E57B024BA433165D34D7 ] C:\Windows\System32\swprv.dll
19:58:57.0745 4080 C:\Windows\System32\swprv.dll - ok
19:58:57.0745 4080 [ 36650D618CA34C9D357DFD3D89B2C56F ] C:\Windows\System32\sysmain.dll
19:58:57.0745 4080 C:\Windows\System32\sysmain.dll - ok
19:58:57.0745 4080 [ 763FECDC3D30C815FE72DD57936C6CD1 ] C:\Windows\System32\TabSvc.dll
19:58:57.0745 4080 C:\Windows\System32\TabSvc.dll - ok
19:58:57.0760 4080 [ 613BF4820361543956909043A265C6AC ] C:\Windows\System32\tapisrv.dll
19:58:57.0760 4080 C:\Windows\System32\tapisrv.dll - ok
19:58:57.0760 4080 [ B799D9FDB26111737F58288D8DC172D9 ] C:\Windows\System32\tbssvc.dll
19:58:57.0760 4080 C:\Windows\System32\tbssvc.dll - ok
19:58:57.0760 4080 [ 382C804C92811BE57829D8E550A900E2 ] C:\Windows\System32\termsrv.dll
19:58:57.0760 4080 C:\Windows\System32\termsrv.dll - ok
19:58:57.0760 4080 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] C:\Windows\System32\themeservice.dll
19:58:57.0760 4080 C:\Windows\System32\themeservice.dll - ok
19:58:57.0760 4080 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] C:\Windows\System32\trkwks.dll
19:58:57.0760 4080 C:\Windows\System32\trkwks.dll - ok
19:58:57.0760 4080 [ 2C49B175AEE1D4364B91B531417FE583 ] C:\Windows\servicing\TrustedInstaller.exe
19:58:57.0760 4080 C:\Windows\servicing\TrustedInstaller.exe - ok
19:58:57.0776 4080 [ 254BB140EEE3C59D6114C1A86B636877 ] C:\Windows\System32\drivers\tssecsrv.sys
19:58:57.0776 4080 C:\Windows\System32\drivers\tssecsrv.sys - ok
19:58:57.0776 4080 [ 8344FD4FCE927880AA1AA7681D4927E5 ] C:\Windows\System32\UI0Detect.exe
19:58:57.0776 4080 C:\Windows\System32\UI0Detect.exe - ok
19:58:57.0776 4080 [ 409994A8EACEEE4E328749C0353527A0 ] C:\Windows\System32\umrdp.dll
19:58:57.0776 4080 C:\Windows\System32\umrdp.dll - ok
19:58:57.0776 4080 [ 833FBB672460EFCE8011D262175FAD33 ] C:\Windows\System32\upnphost.dll
19:58:57.0776 4080 C:\Windows\System32\upnphost.dll - ok
19:58:57.0776 4080 [ 505BF4D1CADEB8D4F8BCD08D944DE25D ] C:\Windows\System32\dwm.exe
19:58:57.0776 4080 C:\Windows\System32\dwm.exe - ok
19:58:57.0776 4080 [ 6FEC7B9A76B41D9AC67615A3040017F5 ] C:\Windows\System32\vaultsvc.dll
19:58:57.0776 4080 C:\Windows\System32\vaultsvc.dll - ok
19:58:57.0791 4080 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] C:\Windows\System32\drivers\volmgrx.sys
19:58:57.0791 4080 C:\Windows\System32\drivers\volmgrx.sys - ok
19:58:57.0791 4080 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] C:\Windows\System32\vds.exe
19:58:57.0791 4080 C:\Windows\System32\vds.exe - ok
19:58:57.0791 4080 [ 209A3B1901B83AEB8527ED211CCE9E4C ] C:\Windows\System32\VSSVC.exe
19:58:57.0791 4080 C:\Windows\System32\VSSVC.exe - ok
19:58:57.0791 4080 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] C:\Windows\System32\drivers\vwifibus.sys
19:58:57.0791 4080 C:\Windows\System32\drivers\vwifibus.sys - ok
19:58:57.0791 4080 [ 55187FD710E27D5095D10A472C8BAF1C ] C:\Windows\System32\w32time.dll
19:58:57.0791 4080 C:\Windows\System32\w32time.dll - ok
19:58:57.0807 4080 [ 6F3705B2E59AC26FDA582BF5826F9D21 ] C:\Windows\System32\Wat\WatUX.exe
19:58:57.0807 4080 C:\Windows\System32\Wat\WatUX.exe - ok
19:58:57.0807 4080 [ 691E3285E53DCA558E1A84667F13E15A ] C:\Windows\System32\wbengine.exe
19:58:57.0807 4080 C:\Windows\System32\wbengine.exe - ok
19:58:57.0807 4080 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] C:\Windows\System32\wbiosrvc.dll
19:58:57.0807 4080 C:\Windows\System32\wbiosrvc.dll - ok
19:58:57.0807 4080 [ 34EEE0DFAADB4F691D6D5308A51315DC ] C:\Windows\System32\wcncsvc.dll
19:58:57.0807 4080 C:\Windows\System32\wcncsvc.dll - ok
19:58:57.0807 4080 [ 5D930B6357A6D2AF4D7653BDABBF352F ] C:\Windows\System32\WcsPlugInService.dll
19:58:57.0807 4080 C:\Windows\System32\WcsPlugInService.dll - ok
19:58:57.0807 4080 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] C:\Windows\System32\wdi.dll
19:58:57.0807 4080 C:\Windows\System32\wdi.dll - ok
19:58:57.0823 4080 [ 760F0AFE937A77CFF27153206534F275 ] C:\Windows\System32\wecsvc.dll
19:58:57.0823 4080 C:\Windows\System32\wecsvc.dll - ok
19:58:57.0823 4080 [ AC804569BB2364FB6017370258A4091B ] C:\Windows\System32\wercplsupport.dll
19:58:57.0823 4080 C:\Windows\System32\wercplsupport.dll - ok
19:58:57.0823 4080 [ EFD4E29FED530564BE4C3076C806FB65 ] C:\Program Files\Windows Defender\MsMpRes.dll
19:58:57.0823 4080 C:\Program Files\Windows Defender\MsMpRes.dll - ok
19:58:57.0823 4080 [ 08E420D873E4FD85241EE2421B02C4A4 ] C:\Windows\System32\wersvc.dll
19:58:57.0823 4080 C:\Windows\System32\wersvc.dll - ok
19:58:57.0823 4080 [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\System32\winhttp.dll
19:58:57.0823 4080 C:\Windows\System32\winhttp.dll - ok
19:58:57.0823 4080 [ F62E510B6AD4C21EB9FE8668ED251826 ] C:\Windows\System32\wbem\WMIsvc.dll
19:58:57.0823 4080 C:\Windows\System32\wbem\WMIsvc.dll - ok
19:58:57.0838 4080 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] C:\Windows\System32\WsmSvc.dll
19:58:57.0838 4080 C:\Windows\System32\WsmSvc.dll - ok
19:58:57.0838 4080 [ 16935C98FF639D185086A3529B1F2067 ] C:\Windows\System32\wlansvc.dll
19:58:57.0838 4080 C:\Windows\System32\wlansvc.dll - ok
19:58:57.0838 4080 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] C:\Windows\System32\wbem\WmiApSrv.exe
19:58:57.0838 4080 C:\Windows\System32\wbem\WmiApSrv.exe - ok
19:58:57.0838 4080 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] C:\Program Files\Windows Media Player\wmpnetwk.exe
19:58:57.0838 4080 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
19:58:57.0838 4080 [ A2F0EC770A92F2B3F9DE6D518E11409C ] C:\Windows\System32\wpcsvc.dll
19:58:57.0838 4080 C:\Windows\System32\wpcsvc.dll - ok
19:58:57.0854 4080 [ AA53356D60AF47EACC85BC617A4F3F66 ] C:\Windows\System32\wpdbusenum.dll
19:58:57.0854 4080 C:\Windows\System32\wpdbusenum.dll - ok
19:58:57.0854 4080 [ 236F286E103FD44BD85FDD93097FD5DD ] C:\Windows\System32\SearchIndexer.exe
19:58:57.0854 4080 C:\Windows\System32\SearchIndexer.exe - ok
19:58:57.0854 4080 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] C:\Windows\System32\wscsvc.dll
19:58:57.0854 4080 C:\Windows\System32\wscsvc.dll - ok
19:58:57.0854 4080 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\Windows\System32\wuaueng.dll
19:58:57.0854 4080 C:\Windows\System32\wuaueng.dll - ok
19:58:57.0854 4080 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] C:\Windows\System32\WUDFSvc.dll
19:58:57.0854 4080 C:\Windows\System32\WUDFSvc.dll - ok
19:58:57.0854 4080 [ FF2D745B560F7C71B31F30F4D49F73D2 ] C:\Windows\System32\wwansvc.dll
19:58:57.0854 4080 C:\Windows\System32\wwansvc.dll - ok
19:58:57.0870 4080 [ 7222995615BF93B628DCEA4BD6CCACF7 ] C:\Windows\System32\ubpm.dll
19:58:57.0870 4080 C:\Windows\System32\ubpm.dll - ok
19:58:57.0870 4080 [ 54A47F6B5E09A77E61649109C6A08866 ] C:\Windows\System32\svchost.exe
19:58:57.0870 4080 C:\Windows\System32\svchost.exe - ok
19:58:57.0870 4080 [ FD07F21E0A19C27ED4E1EEC2B07452B3 ] C:\Windows\System32\devrtl.dll
19:58:57.0870 4080 C:\Windows\System32\devrtl.dll - ok
19:58:57.0870 4080 [ 4BDBBE5E4208022DD794F7EEEB0F7366 ] C:\Windows\System32\SPInf.dll
19:58:57.0870 4080 C:\Windows\System32\SPInf.dll - ok
19:58:57.0870 4080 [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\System32\userenv.dll
19:58:57.0870 4080 C:\Windows\System32\userenv.dll - ok
19:58:57.0870 4080 [ 5893EBDCE371174AC89ECD7731DD6D77 ] C:\Windows\System32\pcwum.dll
19:58:57.0870 4080 C:\Windows\System32\pcwum.dll - ok
19:58:57.0885 4080 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\System32\powrprof.dll
19:58:57.0885 4080 C:\Windows\System32\powrprof.dll - ok
19:58:57.0885 4080 [ E714A1C0354636837E20CCBF00888EE7 ] C:\Windows\System32\drivers\WUDFPf.sys
19:58:57.0885 4080 C:\Windows\System32\drivers\WUDFPf.sys - ok
19:58:57.0885 4080 [ 7660F01D3B38ACA1747E397D21D790AF ] C:\Windows\System32\rpcss.dll
19:58:57.0885 4080 C:\Windows\System32\rpcss.dll - ok
19:58:57.0885 4080 [ 81F08948A0F1475894C99D4D19A158A8 ] C:\Windows\System32\wshqos.dll
19:58:57.0885 4080 C:\Windows\System32\wshqos.dll - ok
19:58:57.0885 4080 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\System32\WSHTCPIP.DLL
19:58:57.0885 4080 C:\Windows\System32\WSHTCPIP.DLL - ok
19:58:57.0885 4080 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\System32\version.dll
19:58:57.0885 4080 C:\Windows\System32\version.dll - ok
19:58:57.0901 4080 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
19:58:57.0901 4080 C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
19:58:57.0901 4080 [ 3EF0D8AB08385AAB5802E773511A2E6A ] C:\Windows\System32\LogonUI.exe
19:58:57.0901 4080 C:\Windows\System32\LogonUI.exe - ok
19:58:57.0901 4080 [ CDD35C1CE1EBFE80C055691CDC8DF443 ] C:\Windows\System32\authui.dll
19:58:57.0901 4080 C:\Windows\System32\authui.dll - ok
19:58:57.0901 4080 [ 9AC7F31404F784753C4C04296E48CFAB ] C:\Program Files\Microsoft Security Client\MpSvc.dll
19:58:57.0901 4080 C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
19:58:57.0901 4080 [ 28CA821606669BB9215CE010767720FA ] C:\Windows\System32\cryptui.dll
19:58:57.0901 4080 C:\Windows\System32\cryptui.dll - ok
19:58:57.0916 4080 [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\System32\wtsapi32.dll
19:58:57.0916 4080 C:\Windows\System32\wtsapi32.dll - ok
19:58:57.0916 4080 [ 84204FDA617A3611D510A1DCBAE64004 ] C:\Program Files\Microsoft Security Client\MpClient.dll
19:58:57.0916 4080 C:\Program Files\Microsoft Security Client\MpClient.dll - ok
19:58:57.0916 4080 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
19:58:57.0916 4080 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
19:58:57.0916 4080 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\System32\ntmarta.dll
19:58:57.0916 4080 C:\Windows\System32\ntmarta.dll - ok
19:58:57.0916 4080 [ F14A9B1778376D0B1788E402AC1F831A ] C:\Windows\System32\shacct.dll
19:58:57.0916 4080 C:\Windows\System32\shacct.dll - ok
19:58:57.0932 4080 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\System32\propsys.dll
19:58:57.0932 4080 C:\Windows\System32\propsys.dll - ok
19:58:57.0932 4080 [ C30A3E5DEEEBA22E782AC54C5AF5F352 ] C:\Windows\System32\samlib.dll
19:58:57.0932 4080 C:\Windows\System32\samlib.dll - ok
19:58:57.0932 4080 [ 63BFDF555DA2075A77D677829C3CCCD0 ] C:\Windows\System32\uxtheme.dll
19:58:57.0932 4080 C:\Windows\System32\uxtheme.dll - ok
19:58:57.0932 4080 [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
19:58:57.0932 4080 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok
19:58:57.0932 4080 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\System32\dui70.dll
19:58:57.0932 4080 C:\Windows\System32\dui70.dll - ok
19:58:57.0932 4080 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\System32\duser.dll
19:58:57.0932 4080 C:\Windows\System32\duser.dll - ok
19:58:57.0948 4080 [ 2CFA4569350B7F84F815E9EC34E85766 ] C:\Windows\System32\SndVolSSO.dll
19:58:57.0948 4080 C:\Windows\System32\SndVolSSO.dll - ok
19:58:57.0948 4080 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\System32\dwmapi.dll
19:58:57.0948 4080 C:\Windows\System32\dwmapi.dll - ok
19:58:57.0948 4080 [ 63DF770DF74ACB370EF5A16727069AAF ] C:\Windows\System32\hid.dll
19:58:57.0948 4080 C:\Windows\System32\hid.dll - ok
19:58:57.0948 4080 [ 243974EC02F7AE49E4179C54624143AB ] C:\Windows\System32\MMDevAPI.dll
19:58:57.0948 4080 C:\Windows\System32\MMDevAPI.dll - ok
19:58:57.0948 4080 [ EDF2A5E96BEC469DA3F64E9BDD386111 ] C:\Windows\System32\xmllite.dll
19:58:57.0948 4080 C:\Windows\System32\xmllite.dll - ok
19:58:57.0948 4080 [ 1DB71A41DAEE6B3F8CD0DDA8209FA2D5 ] C:\Windows\System32\WindowsCodecs.dll
19:58:57.0948 4080 C:\Windows\System32\WindowsCodecs.dll - ok
19:58:57.0963 4080 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\System32\winbrand.dll
19:58:57.0963 4080 C:\Windows\System32\winbrand.dll - ok
19:58:57.0963 4080 [ 65BF13016A3C22775F3E17591AE5268A ] C:\Windows\System32\VaultCredProvider.dll
19:58:57.0963 4080 C:\Windows\System32\VaultCredProvider.dll - ok
19:58:57.0963 4080 [ 05BF975CA428E04B462FB90841B37C95 ] C:\Windows\System32\SmartcardCredentialProvider.dll
19:58:57.0963 4080 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
19:58:57.0963 4080 [ E59F08ED9D2A128CE436BBFC232247F6 ] C:\Windows\System32\BioCredProv.dll
19:58:57.0963 4080 C:\Windows\System32\BioCredProv.dll - ok
19:58:57.0963 4080 [ 3FAD263CE1E2A6FFF40D00043B2275E3 ] C:\Windows\System32\winbio.dll
19:58:57.0963 4080 C:\Windows\System32\winbio.dll - ok
19:58:57.0979 4080 [ 108C2CFA5527458C096A699929ECBD80 ] C:\Windows\System32\credui.dll
19:58:57.0979 4080 C:\Windows\System32\credui.dll - ok
19:58:57.0979 4080 [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\System32\netapi32.dll
19:58:57.0979 4080 C:\Windows\System32\netapi32.dll - ok
19:58:57.0979 4080 [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\System32\netutils.dll
19:58:57.0979 4080 C:\Windows\System32\netutils.dll - ok
19:58:57.0979 4080 [ 36B8D5903CEEF0AA42A1EE002BD27FF1 ] C:\Windows\System32\vaultcli.dll
19:58:57.0979 4080 C:\Windows\System32\vaultcli.dll - ok
19:58:57.0979 4080 [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\System32\wkscli.dll
19:58:57.0979 4080 C:\Windows\System32\wkscli.dll - ok
19:58:57.0979 4080 [ 6D8CACF3B1B54943EFCF420C2D667B37 ] C:\Windows\System32\certCredProvider.dll
19:58:57.0979 4080 C:\Windows\System32\certCredProvider.dll - ok
19:58:57.0995 4080 [ 68ECCA523ED760AAFC03C5D587569859 ] C:\Windows\System32\samcli.dll
19:58:57.0995 4080 C:\Windows\System32\samcli.dll - ok
19:58:57.0995 4080 [ FFE4BEC5C187C426A17AE76A773063A6 ] C:\Windows\System32\rasplap.dll
19:58:57.0995 4080 C:\Windows\System32\rasplap.dll - ok
19:58:57.0995 4080 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\System32\rasapi32.dll
19:58:57.0995 4080 C:\Windows\System32\rasapi32.dll - ok
19:58:57.0995 4080 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\System32\rasman.dll
19:58:57.0995 4080 C:\Windows\System32\rasman.dll - ok
19:58:57.0995 4080 [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\System32\rtutils.dll
19:58:57.0995 4080 C:\Windows\System32\rtutils.dll - ok
19:58:57.0995 4080 [ 0DBEE38060475A4C3E04D3B908AEC0B9 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
19:58:57.0995 4080 C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
19:58:58.0010 4080 [ 7C29BC74635524E13FAA556A5FD48968 ] C:\Program Files\Microsoft Security Client\MpRTP.dll
19:58:58.0010 4080 C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
19:58:58.0010 4080 [ AC8C80DC4F1A6E60C9A762C1799F0B39 ] C:\Windows\System32\adtschema.dll
19:58:58.0010 4080 C:\Windows\System32\adtschema.dll - ok
19:58:58.0010 4080 [ 139D3AB6AA920C34C50CBFFB9EB7D222 ] C:\Windows\System32\avrt.dll
19:58:58.0010 4080 C:\Windows\System32\avrt.dll - ok
19:58:58.0010 4080 [ 8B0B4C5927A333A05513791758350DC4 ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
19:58:58.0010 4080 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
19:58:58.0010 4080 [ F68194F74350D4A2ADE98961E33F884C ] C:\Windows\System32\audiodg.exe
19:58:58.0010 4080 C:\Windows\System32\audiodg.exe - ok
19:58:58.0026 4080 [ 1EBE9524683C7C4EED8B8BC93FB6FBCC ] C:\Windows\System32\fltLib.dll
19:58:58.0026 4080 C:\Windows\System32\fltLib.dll - ok
19:58:58.0026 4080 [ 9FBCFD7E88A7ACE0E94456504895DD7F ] C:\Windows\System32\WUDFPlatform.dll
19:58:58.0026 4080 C:\Windows\System32\WUDFPlatform.dll - ok
19:58:58.0026 4080 [ 9835584E999D25004E1EE8E5F3E3B881 ] C:\Windows\System32\MPSSVC.dll
19:58:58.0026 4080 C:\Windows\System32\MPSSVC.dll - ok
19:58:58.0026 4080 [ 00A0231FCA55C815853B957767E34B02 ] C:\Program Files\Microsoft Security Client\MsMpLics.dll
19:58:58.0026 4080 C:\Program Files\Microsoft Security Client\MsMpLics.dll - ok
19:58:58.0026 4080 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] C:\Windows\System32\drivers\MpFilter.sys
19:58:58.0026 4080 C:\Windows\System32\drivers\MpFilter.sys - ok
19:58:58.0041 4080 [ E897EAF5ED6BA41E081060C9B447A673 ] C:\Windows\System32\gpsvc.dll
19:58:58.0041 4080 C:\Windows\System32\gpsvc.dll - ok
19:58:58.0041 4080 [ 772F44012DBE49DE894976AE2259A659 ] C:\Windows\System32\PeerDist.dll
19:58:58.0041 4080 C:\Windows\System32\PeerDist.dll - ok
19:58:58.0041 4080 [ D93A937A2A9D2CBC06B3A615A197011F ] C:\Windows\System32\PSHED.DLL
19:58:58.0041 4080 C:\Windows\System32\PSHED.DLL - ok
19:58:58.0041 4080 [ 544EFF88AC6C85DF5A4D6F18DFE08CFC ] C:\Windows\System32\taskschd.dll
19:58:58.0041 4080 C:\Windows\System32\taskschd.dll - ok
19:58:58.0041 4080 [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\System32\atl.dll
19:58:58.0041 4080 C:\Windows\System32\atl.dll - ok
19:58:58.0041 4080 [ 104A1070E90F1C530328E69B49718841 ] C:\Windows\System32\nlaapi.dll
19:58:58.0041 4080 C:\Windows\System32\nlaapi.dll - ok
19:58:58.0057 4080 [ 2F040CF0613A6D64DCBBA9EE81F5A5AE ] C:\Windows\System32\dsrole.dll
19:58:58.0057 4080 C:\Windows\System32\dsrole.dll - ok
19:58:58.0057 4080 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\System32\slc.dll
19:58:58.0057 4080 C:\Windows\System32\slc.dll - ok
19:58:58.0057 4080 [ F6916EFC29D9953D5D0DF06882AE8E16 ] C:\Windows\System32\es.dll
19:58:58.0057 4080 C:\Windows\System32\es.dll - ok
19:58:58.0057 4080 [ 1F5497D7D3D79C7BF0AB0C8B4C5BFE6E ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
19:58:58.0057 4080 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
19:58:58.0057 4080 [ C5A99A4C0DC9F0F5A95BA0C83D30A549 ] C:\Windows\System32\mstask.dll
19:58:58.0057 4080 C:\Windows\System32\mstask.dll - ok
19:58:58.0057 4080 [ A12829E9974F57E9B5DBFEA7C93190F6 ] C:\Windows\System32\UXInit.dll
19:58:58.0057 4080 C:\Windows\System32\UXInit.dll - ok
19:58:58.0073 4080 [ 2EF4E53ACB0DF0B34091335BB26C2BC2 ] C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll
19:58:58.0073 4080 C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll - ok
19:58:58.0073 4080 [ 081E6E1C91AEC36758902A9F727CD23C ] C:\Windows\System32\uxsms.dll
19:58:58.0073 4080 C:\Windows\System32\uxsms.dll - ok
19:58:58.0073 4080 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] C:\Windows\System32\drivers\lltdio.sys
19:58:58.0073 4080 C:\Windows\System32\drivers\lltdio.sys - ok
19:58:58.0073 4080 [ D8A65DAFB3EB41CBB622745676FCD072 ] C:\Windows\System32\drivers\ndisuio.sys
19:58:58.0073 4080 C:\Windows\System32\drivers\ndisuio.sys - ok
19:58:58.0073 4080 [ 26384429FCD85D83746F63E798AB1480 ] C:\Windows\System32\drivers\nwifi.sys
19:58:58.0073 4080 C:\Windows\System32\drivers\nwifi.sys - ok
19:58:58.0073 4080 [ 032B0D36AD92B582D869879F5AF5B928 ] C:\Windows\System32\drivers\rspndr.sys
19:58:58.0073 4080 C:\Windows\System32\drivers\rspndr.sys - ok
19:58:58.0088 4080 [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\System32\IPHLPAPI.DLL
19:58:58.0088 4080 C:\Windows\System32\IPHLPAPI.DLL - ok
19:58:58.0088 4080 [ D2A937964199F647B1C3BC435712E5D9 ] C:\Windows\System32\nrpsrv.dll
19:58:58.0088 4080 C:\Windows\System32\nrpsrv.dll - ok
19:58:58.0088 4080 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\System32\winnsi.dll
19:58:58.0088 4080 C:\Windows\System32\winnsi.dll - ok
19:58:58.0088 4080 [ 990A58A0B01720E419B55EFC5FF387F8 ] C:\Windows\System32\dhcpcore6.dll
19:58:58.0088 4080 C:\Windows\System32\dhcpcore6.dll - ok
19:58:58.0088 4080 [ 33EF4861F19A0736B11314AAD9AE28D0 ] C:\Windows\System32\dnsrslvr.dll
19:58:58.0088 4080 C:\Windows\System32\dnsrslvr.dll - ok
19:58:58.0104 4080 [ 9A892B3439884C62B04718F0303A49E9 ] C:\Windows\System32\eapphost.dll
19:58:58.0104 4080 C:\Windows\System32\eapphost.dll - ok
19:58:58.0104 4080 [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\System32\FWPUCLNT.DLL
19:58:58.0104 4080 C:\Windows\System32\FWPUCLNT.DLL - ok
19:58:58.0104 4080 [ 100103C6535C66265267F5EEA5F5846E ] C:\Windows\System32\dnsext.dll
19:58:58.0104 4080 C:\Windows\System32\dnsext.dll - ok
19:58:58.0104 4080 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\System32\dhcpcsvc.dll
19:58:58.0104 4080 C:\Windows\System32\dhcpcsvc.dll - ok
19:58:58.0104 4080 [ 29CA5974FAB0E8AE4AA7814FE05CF832 ] C:\Windows\System32\dhcpcsvc6.dll
19:58:58.0104 4080 C:\Windows\System32\dhcpcsvc6.dll - ok
19:58:58.0104 4080 [ 6944501ED659F2C835F8DD16182C9330 ] C:\Windows\System32\rastls.dll
19:58:58.0104 4080 C:\Windows\System32\rastls.dll - ok
19:58:58.0120 4080 [ 5F4B4BD17FA4C8D03A4D1B5D9FF96641 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{31272073-5134-45D0-856E-4F8A3F896D27}\mpengine.dll
19:58:58.0120 4080 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{31272073-5134-45D0-856E-4F8A3F896D27}\mpengine.dll - ok
19:58:58.0120 4080 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\System32\imageres.dll
19:58:58.0120 4080 C:\Windows\System32\imageres.dll - ok
19:58:58.0120 4080 [ 207CF171B1C6B8AE50C1FBF87363EEBC ] C:\Windows\System32\raschap.dll
19:58:58.0120 4080 C:\Windows\System32\raschap.dll - ok
19:58:58.0120 4080 [ D33E95C0A2754061233B58DC41F8094C ] C:\Windows\System32\umb.dll
19:58:58.0120 4080 C:\Windows\System32\umb.dll - ok
19:58:58.0120 4080 [ 3C9035085141162416A0DD34DBF3F3C1 ] C:\Windows\System32\wlanmsm.dll
19:58:58.0120 4080 C:\Windows\System32\wlanmsm.dll - ok
19:58:58.0120 4080 [ 20C06A50DFC097E134BC6FA8444CA9BC ] C:\Windows\System32\wlansec.dll
19:58:58.0120 4080 C:\Windows\System32\wlansec.dll - ok
19:58:58.0135 4080 [ F748F53FE09D21D8ECBB6421E6792024 ] C:\Windows\System32\onex.dll
19:58:58.0135 4080 C:\Windows\System32\onex.dll - ok
19:58:58.0135 4080 [ 5A5FEDDF02588B8F9FE4A95E5E7EAE97 ] C:\Windows\System32\eappcfg.dll
19:58:58.0135 4080 C:\Windows\System32\eappcfg.dll - ok
19:58:58.0135 4080 [ 666E57B6B51824D1D235F80A3DD70A13 ] C:\Windows\System32\eappprxy.dll
19:58:58.0135 4080 C:\Windows\System32\eappprxy.dll - ok
19:58:58.0135 4080 [ C1585EAA67C37A05BF6F93726FAFC069 ] C:\Windows\System32\l2gpstore.dll
19:58:58.0135 4080 C:\Windows\System32\l2gpstore.dll - ok
19:58:58.0135 4080 [ 749F9795F01C35EEBE100A87D82B9681 ] C:\Windows\System32\wlgpclnt.dll
19:58:58.0135 4080 C:\Windows\System32\wlgpclnt.dll - ok
19:58:58.0151 4080 [ 9419ABF3163B6F0E3AD3DD2B381C879F ] C:\Windows\System32\WinSCard.dll
19:58:58.0151 4080 C:\Windows\System32\WinSCard.dll - ok
19:58:58.0151 4080 [ 1D6A771D1D702AE07919DB52C889A249 ] C:\Windows\System32\wlanutil.dll
19:58:58.0151 4080 C:\Windows\System32\wlanutil.dll - ok
19:58:58.0151 4080 [ EAADD6E47ED2A7003ACE1793B98CF63F ] C:\Windows\System32\msxml6.dll
19:58:58.0151 4080 C:\Windows\System32\msxml6.dll - ok
19:58:58.0151 4080 [ 38B13C0DF479DBA23ECFA815159BA86E ] C:\Windows\System32\ktmw32.dll
19:58:58.0151 4080 C:\Windows\System32\ktmw32.dll - ok
19:58:58.0151 4080 [ 1FF7E4F548C7C372C804938F0D5B36AE ] C:\Windows\System32\netcfgx.dll
19:58:58.0151 4080 C:\Windows\System32\netcfgx.dll - ok
19:58:58.0151 4080 [ E6D90DC604F407B3B5E0FD285E46B2A0 ] C:\Windows\System32\fveapi.dll
19:58:58.0151 4080 C:\Windows\System32\fveapi.dll - ok
19:58:58.0166 4080 [ C87F28A34B3840F4B40011D170B1A159 ] C:\Windows\System32\fvecerts.dll
19:58:58.0166 4080 C:\Windows\System32\fvecerts.dll - ok
19:58:58.0166 4080 [ EAFC149CD3BD78C443E31BB157841197 ] C:\Windows\System32\tbs.dll
19:58:58.0166 4080 C:\Windows\System32\tbs.dll - ok
19:58:58.0166 4080 [ E2D56AE1D40E3725084054CD8E9CFBB1 ] C:\Windows\System32\wiarpc.dll
19:58:58.0166 4080 C:\Windows\System32\wiarpc.dll - ok
19:58:58.0166 4080 [ 1C3E8371377E988B683797A132EFFE1B ] C:\Windows\System32\taskcomp.dll
19:58:58.0166 4080 C:\Windows\System32\taskcomp.dll - ok
19:58:58.0166 4080 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] C:\Windows\System32\drivers\bowser.sys
19:58:58.0166 4080 C:\Windows\System32\drivers\bowser.sys - ok
19:58:58.0166 4080 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] C:\Windows\System32\drivers\mpsdrv.sys
19:58:58.0166 4080 C:\Windows\System32\drivers\mpsdrv.sys - ok
19:58:58.0182 4080 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] C:\Windows\System32\drivers\mrxsmb.sys
19:58:58.0182 4080 C:\Windows\System32\drivers\mrxsmb.sys - ok
19:58:58.0182 4080 [ 6D17A4791ACA19328C685D256349FEFC ] C:\Windows\System32\drivers\mrxsmb10.sys
19:58:58.0182 4080 C:\Windows\System32\drivers\mrxsmb10.sys - ok
19:58:58.0182 4080 [ 019C372B1A9DA73A22D0D35A4D40F5C9 ] C:\Windows\System32\wfapigp.dll
19:58:58.0182 4080 C:\Windows\System32\wfapigp.dll - ok
19:58:58.0182 4080 [ B81F204D146000BE76651A50670A5E9E ] C:\Windows\System32\drivers\mrxsmb20.sys
19:58:58.0182 4080 C:\Windows\System32\drivers\mrxsmb20.sys - ok
19:58:58.0182 4080 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:58:58.0182 4080 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
19:58:58.0198 4080 [ 1136302A7F25B0F7F20A844DBF510383 ] C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys
19:58:58.0198 4080 C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys - ok
19:58:58.0198 4080 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] C:\Windows\System32\drivers\parport.sys
19:58:58.0198 4080 C:\Windows\System32\drivers\parport.sys - ok
19:58:58.0198 4080 [ 7F8678C59F188528D60104E697C2361E ] C:\Windows\System32\mscms.dll
19:58:58.0198 4080 C:\Windows\System32\mscms.dll - ok
19:58:58.0198 4080 [ B3892E6DA8E2C8CE4B0A9D3EB9A185E5 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcr90.dll
19:58:58.0198 4080 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcr90.dll - ok
19:58:58.0198 4080 [ A2F17346CC5C502D4E29EF986BD17D34 ] C:\Windows\System32\PeerDistSh.dll
19:58:58.0198 4080 C:\Windows\System32\PeerDistSh.dll - ok
19:58:58.0198 4080 [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\System32\cryptnet.dll
19:58:58.0198 4080 C:\Windows\System32\cryptnet.dll - ok
19:58:58.0213 4080 [ 13337A3FB17F2242487FD45488ED0485 ] C:\Windows\System32\vssapi.dll
19:58:58.0213 4080 C:\Windows\System32\vssapi.dll - ok
19:58:58.0213 4080 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] C:\Windows\System32\drivers\NisDrvWFP.sys
19:58:58.0213 4080 C:\Windows\System32\drivers\NisDrvWFP.sys - ok
19:58:58.0213 4080 [ B940289C83121046BD6A60ACC6028593 ] C:\Windows\System32\vsstrace.dll
19:58:58.0213 4080 C:\Windows\System32\vsstrace.dll - ok
19:58:58.0213 4080 [ 9E0104BA49F4E6973749A02BF41344ED ] C:\Windows\System32\drivers\PEAuth.sys
19:58:58.0213 4080 C:\Windows\System32\drivers\PEAuth.sys - ok
19:58:58.0213 4080 [ 90A3935D05B494A5A39D37E71F09A677 ] C:\Windows\System32\drivers\secdrv.sys
19:58:58.0213 4080 C:\Windows\System32\drivers\secdrv.sys - ok
19:58:58.0213 4080 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] C:\Windows\System32\drivers\srvnet.sys
19:58:58.0213 4080 C:\Windows\System32\drivers\srvnet.sys - ok
19:58:58.0229 4080 [ 8CD1DEE212E52B9C22E66DBA44991D32 ] C:\Windows\System32\httpapi.dll
19:58:58.0229 4080 C:\Windows\System32\httpapi.dll - ok
19:58:58.0229 4080 [ 75EA62927355189876081EF863064982 ] C:\Windows\System32\ncsi.dll
19:58:58.0229 4080 C:\Windows\System32\ncsi.dll - ok
19:58:58.0229 4080 [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\System32\webio.dll
19:58:58.0229 4080 C:\Windows\System32\webio.dll - ok
19:58:58.0229 4080 [ CCA24162E055C3714CE5A88B100C64ED ] C:\Windows\System32\drivers\tcpipreg.sys
19:58:58.0229 4080 C:\Windows\System32\drivers\tcpipreg.sys - ok
19:58:58.0229 4080 [ EB5A5FA4E12ECE500FF271E512846C39 ] C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
19:58:58.0229 4080 C:\Program Files\VMware\VMware Tools\vmtoolsd.exe - ok
19:58:58.0245 4080 [ 5FF5E12F28725D14CAA3B408848ADFFC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
19:58:58.0245 4080 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll - ok
19:58:58.0245 4080 [ A63DC5C2EA944E6657203E0C8EDEAF61 ] C:\Windows\System32\dllhost.exe
19:58:58.0245 4080 C:\Windows\System32\dllhost.exe - ok
19:58:58.0245 4080 [ 28E2231BD34A39C854BDF3923AB2FF86 ] C:\Windows\System32\ssdpapi.dll
19:58:58.0245 4080 C:\Windows\System32\ssdpapi.dll - ok
19:58:58.0245 4080 [ D89F5D17AE04A351873FEED772AA80C5 ] C:\Program Files\VMware\VMware Tools\intl.dll
19:58:58.0245 4080 C:\Program Files\VMware\VMware Tools\intl.dll - ok
19:58:58.0245 4080 [ FB48BEB7E0A2401A45D39CA6FD5642C9 ] C:\Program Files\VMware\VMware Tools\iconv.dll
19:58:58.0245 4080 C:\Program Files\VMware\VMware Tools\iconv.dll - ok
19:58:58.0245 4080 [ A8A0B23A6180C9705C846DF6C7D2401F ] C:\Program Files\VMware\VMware Tools\glib-2.0.dll
19:58:58.0245 4080 C:\Program Files\VMware\VMware Tools\glib-2.0.dll - ok
19:58:58.0260 4080 [ 72767A9D1B358CED5060E8E7CD91D440 ] C:\Program Files\VMware\VMware Tools\gmodule-2.0.dll
19:58:58.0260 4080 C:\Program Files\VMware\VMware Tools\gmodule-2.0.dll - ok
19:58:58.0260 4080 [ 1959B22AD821437F980E9709510302EB ] C:\Program Files\VMware\VMware Tools\gobject-2.0.dll
19:58:58.0260 4080 C:\Program Files\VMware\VMware Tools\gobject-2.0.dll - ok
19:58:58.0260 4080 [ 5D96308FE61040C2CAB709BAADF515EE ] C:\Program Files\VMware\VMware Tools\gthread-2.0.dll
19:58:58.0260 4080 C:\Program Files\VMware\VMware Tools\gthread-2.0.dll - ok
19:58:58.0260 4080 [ A8359059735ACEF49DF57D013517FFF4 ] C:\Program Files\VMware\VMware Tools\vmtools.dll
19:58:58.0260 4080 C:\Program Files\VMware\VMware Tools\vmtools.dll - ok
19:58:58.0260 4080 [ 533631FE7DB9FF2A1D456A3D15A2DD46 ] C:\Windows\System32\icmp.dll
19:58:58.0260 4080 C:\Windows\System32\icmp.dll - ok
19:58:58.0276 4080 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
19:58:58.0276 4080 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
19:58:58.0276 4080 [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\System32\wbemcomn.dll
19:58:58.0276 4080 C:\Windows\System32\wbemcomn.dll - ok
19:58:58.0276 4080 [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\System32\shfolder.dll
19:58:58.0276 4080 C:\Windows\System32\shfolder.dll - ok
19:58:58.0276 4080 [ 232627E9A68DD2D80BC4FBBA24C043E5 ] C:\Program Files\VMware\VMware Tools\plugins\vmsvc\autoLogon.dll
19:58:58.0276 4080 C:\Program Files\VMware\VMware Tools\plugins\vmsvc\autoLogon.dll - ok
19:58:58.0276 4080 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] C:\Windows\System32\drivers\srv2.sys
19:58:58.0276 4080 C:\Windows\System32\drivers\srv2.sys - ok
19:58:58.0276 4080 [ B2E1E4A16EDD02396F451F915FA3CBFA ] C:\Windows\System32\rastapi.dll
19:58:58.0276 4080 C:\Windows\System32\rastapi.dll - ok
19:58:58.0291 4080 [ BA32509D9B340162327B341013DE6522 ] C:\Windows\System32\tapi32.dll
19:58:58.0291 4080 C:\Windows\System32\tapi32.dll - ok
19:58:58.0291 4080 [ A3C190D644E88DE5872FC7FEC7377E35 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcp80.dll
19:58:58.0291 4080 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcp80.dll - ok
19:58:58.0291 4080 [ DA0425C9EDC86AC53753D2C88276209C ] C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe
19:58:58.0291 4080 C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe - ok
19:58:58.0291 4080 [ 0B31464B7B2D616BD5F7036673588EC1 ] C:\Windows\System32\IDStore.dll
19:58:58.0291 4080 C:\Windows\System32\IDStore.dll - ok
19:58:58.0291 4080 [ 701C9EB15E1E23D22F7C7184C0506673 ] C:\Windows\System32\wbem\WmiDcPrv.dll
19:58:58.0291 4080 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
19:58:58.0307 4080 [ 377F0C1DDBFA6A43CB7E7568BC0ECED0 ] C:\Windows\System32\unimdm.tsp
19:58:58.0307 4080 C:\Windows\System32\unimdm.tsp - ok
19:58:58.0307 4080 [ 881D9F2D6E04E1C323050CF1574870F7 ] C:\Windows\System32\wbem\WinMgmtR.dll
19:58:58.0307 4080 C:\Windows\System32\wbem\WinMgmtR.dll - ok
19:58:58.0307 4080 [ 72E953215CADE1A726C04AAFDF6B463D ] C:\Windows\System32\taskhost.exe
19:58:58.0307 4080 C:\Windows\System32\taskhost.exe - ok
19:58:58.0307 4080 [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A ] C:\Windows\System32\wbem\fastprox.dll
19:58:58.0307 4080 C:\Windows\System32\wbem\fastprox.dll - ok
19:58:58.0307 4080 [ E675DE8CF57D8814218733B3DAE896D7 ] C:\Windows\System32\uniplat.dll
19:58:58.0307 4080 C:\Windows\System32\uniplat.dll - ok
19:58:58.0307 4080 [ A9EE191993A63BFD732273FE36933D4B ] C:\Program Files\VMware\VMware Tools\plugins\vmsvc\autoUpgrade.dll
19:58:58.0307 4080 C:\Program Files\VMware\VMware Tools\plugins\vmsvc\autoUpgrade.dll - ok
19:58:58.0323 4080 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\System32\ntdsapi.dll
19:58:58.0323 4080 C:\Windows\System32\ntdsapi.dll - ok
19:58:58.0323 4080 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\System32\wbem\wbemprox.dll
19:58:58.0323 4080 C:\Windows\System32\wbem\wbemprox.dll - ok
19:58:58.0323 4080 [ 7319102526BD11B45FD66335CF90CA12 ] C:\Windows\System32\HotStartUserAgent.dll
19:58:58.0323 4080 C:\Windows\System32\HotStartUserAgent.dll - ok
19:58:58.0323 4080 [ 4EAF682E27490A3D45C0EBB6537EE6A8 ] C:\Windows\System32\modemui.dll
19:58:58.0323 4080 C:\Windows\System32\modemui.dll - ok
19:58:58.0323 4080 [ 53CA6BF58658815FCB472205291DD953 ] C:\Windows\System32\unimdmat.dll
19:58:58.0323 4080 C:\Windows\System32\unimdmat.dll - ok
19:58:58.0338 4080 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] C:\Windows\System32\drivers\srv.sys
19:58:58.0338 4080 C:\Windows\System32\drivers\srv.sys - ok
19:58:58.0338 4080 [ B43687C534A49700BF4B3C9898763752 ] C:\Windows\System32\MsCtfMonitor.dll
19:58:58.0338 4080 C:\Windows\System32\MsCtfMonitor.dll - ok
19:58:58.0338 4080 [ 56CEED370508F69A1BA04939BD1BADDA ] C:\Windows\System32\msutb.dll
19:58:58.0338 4080 C:\Windows\System32\msutb.dll - ok
19:58:58.0338 4080 [ CE292C4C10B8DB6070F262EA2733F0DC ] C:\Windows\System32\sqmapi.dll
19:58:58.0338 4080 C:\Windows\System32\sqmapi.dll - ok
19:58:58.0338 4080 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\System32\mpr.dll
19:58:58.0338 4080 C:\Windows\System32\mpr.dll - ok
19:58:58.0338 4080 [ F58516E2DC0D963EF70D6BFC21FD82C4 ] C:\Windows\System32\PlaySndSrv.dll
19:58:58.0338 4080 C:\Windows\System32\PlaySndSrv.dll - ok
19:58:58.0354 4080 [ A399514D3B28C9A3453A486BBAAFF1C7 ] C:\Windows\System32\wdscore.dll
19:58:58.0354 4080 C:\Windows\System32\wdscore.dll - ok
19:58:58.0354 4080 [ E2F6CC0D191361EE94FEA3957653F531 ] C:\Windows\System32\hidphone.tsp
19:58:58.0354 4080 C:\Windows\System32\hidphone.tsp - ok
19:58:58.0354 4080 [ F3FB146CDBDD26FCD0CF7941C547BEE4 ] C:\Windows\System32\kmddsp.tsp
19:58:58.0354 4080 C:\Windows\System32\kmddsp.tsp - ok
19:58:58.0354 4080 [ AA11A26692E0DB2996CAEFE9EC61F61F ] C:\Windows\System32\ndptsp.tsp
19:58:58.0354 4080 C:\Windows\System32\ndptsp.tsp - ok
19:58:58.0354 4080 [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\System32\winmm.dll
19:58:58.0354 4080 C:\Windows\System32\winmm.dll - ok
19:58:58.0354 4080 [ E4B72E71EC37A59FE574A998A0C0EB9B ] C:\Windows\System32\netmsg.dll
19:58:58.0354 4080 C:\Windows\System32\netmsg.dll - ok
19:58:58.0370 4080 [ AE9898D5600A232CD8AE3298692162E5 ] C:\Windows\System32\clusapi.dll
19:58:58.0370 4080 C:\Windows\System32\clusapi.dll - ok
19:58:58.0370 4080 [ 89E783711AF91AF09E1EF30EF3107446 ] C:\Windows\System32\sscore.dll
19:58:58.0370 4080 C:\Windows\System32\sscore.dll - ok
19:58:58.0370 4080 [ 61AC3EFDFACFDD3F0F11DD4FD4044223 ] C:\Windows\System32\userinit.exe
19:58:58.0370 4080 C:\Windows\System32\userinit.exe - ok
19:58:58.0370 4080 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\System32\rasadhlp.dll
19:58:58.0370 4080 C:\Windows\System32\rasadhlp.dll - ok
19:58:58.0370 4080 [ 754AFC50022C95DA7C86B7020DB78136 ] C:\Windows\System32\dwmredir.dll
19:58:58.0370 4080 C:\Windows\System32\dwmredir.dll - ok
19:58:58.0385 4080 [ 74AF6AA2E8B3180AADAE5FE8813CB1CD ] C:\Windows\System32\localspl.dll
19:58:58.0385 4080 C:\Windows\System32\localspl.dll - ok
19:58:58.0385 4080 [ 2AF094C822BD6094F14A8E85FB51D52A ] C:\Windows\System32\resutils.dll
19:58:58.0385 4080 C:\Windows\System32\resutils.dll - ok
19:58:58.0385 4080 [ 6383C60EC0133B14F5705F96369421B2 ] C:\Windows\System32\hnetcfg.dll
19:58:58.0385 4080 C:\Windows\System32\hnetcfg.dll - ok
19:58:58.0385 4080 [ 629181C26A78EB66B0B4E774E5AC2882 ] C:\Windows\System32\spoolss.dll
19:58:58.0385 4080 C:\Windows\System32\spoolss.dll - ok
19:58:58.0385 4080 [ 585EB475E7AF55C9065256E8FFB751A1 ] C:\Windows\System32\wbem\wbemcore.dll
19:58:58.0385 4080 C:\Windows\System32\wbem\wbemcore.dll - ok
19:58:58.0385 4080 [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\System32\winspool.drv
19:58:58.0385 4080 C:\Windows\System32\winspool.drv - ok
19:58:58.0401 4080 [ 03CF941D031F30272D3063E5A4D686F5 ] C:\Windows\System32\PrintIsolationProxy.dll
19:58:58.0401 4080 C:\Windows\System32\PrintIsolationProxy.dll - ok
19:58:58.0401 4080 [ 5AE88135C6A86FCD67BA16AFBB1C8389 ] C:\Windows\System32\wbem\esscli.dll
19:58:58.0401 4080 C:\Windows\System32\wbem\esscli.dll - ok
19:58:58.0401 4080 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\System32\wbem\wbemsvc.dll
19:58:58.0401 4080 C:\Windows\System32\wbem\wbemsvc.dll - ok
19:58:58.0401 4080 [ 67F9B5C7E215B48F9256757E9CC09A7B ] C:\Windows\System32\rasppp.dll
19:58:58.0401 4080 C:\Windows\System32\rasppp.dll - ok
19:58:58.0401 4080 [ 126F8331BD023178C7F0EF2F5EDE16B3 ] C:\Windows\System32\FXSMON.dll
19:58:58.0401 4080 C:\Windows\System32\FXSMON.dll - ok
19:58:58.0401 4080 [ 80B562B5B59ED850C328DD75F964F3D8 ] C:\Windows\System32\vpnike.dll
19:58:58.0401 4080 C:\Windows\System32\vpnike.dll - ok
19:58:58.0416 4080 [ 371E3B05894549113D07CD3081ED55EF ] C:\Windows\System32\wbem\repdrvfs.dll
19:58:58.0416 4080 C:\Windows\System32\wbem\repdrvfs.dll - ok
19:58:58.0416 4080 [ 5610B0425518D185331CB8E968D060E6 ] C:\Windows\System32\wbem\wmiutils.dll
19:58:58.0416 4080 C:\Windows\System32\wbem\wmiutils.dll - ok
19:58:58.0416 4080 [ B390C1D825C7687493BEDE237C6C2F25 ] C:\Windows\System32\tcpmon.dll
19:58:58.0416 4080 C:\Windows\System32\tcpmon.dll - ok
19:58:58.0416 4080 [ D4191EFAB91E00FC09257AA5EBAF503B ] C:\Windows\System32\mprapi.dll
19:58:58.0416 4080 C:\Windows\System32\mprapi.dll - ok
19:58:58.0416 4080 [ 1220595CABA75AB91A6B3FA3B89483CC ] C:\Windows\System32\snmpapi.dll
19:58:58.0416 4080 C:\Windows\System32\snmpapi.dll - ok
19:58:58.0416 4080 [ EAB975DB4C2805927FE5BD047D05C9AA ] C:\Windows\System32\netshell.dll
19:58:58.0416 4080 C:\Windows\System32\netshell.dll - ok
19:58:58.0432 4080 [ 8B88EBBB05A0E56B7DCC708498C02B3E ] C:\Windows\explorer.exe
19:58:58.0432 4080 C:\Windows\explorer.exe - ok
19:58:58.0432 4080 [ E9E5F909A985E4DA3EE925D34D70658B ] C:\Program Files\VMware\VMware Tools\plugins\vmsvc\deployPkgPlugin.dll
19:58:58.0432 4080 C:\Program Files\VMware\VMware Tools\plugins\vmsvc\deployPkgPlugin.dll - ok
19:58:58.0432 4080 [ 2A353A5FBE2EDC6A17A979533527B2E9 ] C:\Program Files\VMware\VMware Tools\plugins\vmsvc\disableGuestHibernate.dll
19:58:58.0432 4080 C:\Program Files\VMware\VMware Tools\plugins\vmsvc\disableGuestHibernate.dll - ok
19:58:58.0432 4080 [ 6357E2B68753A1F5CF4A68A25C4FD14A ] C:\Windows\System32\wsnmp32.dll
19:58:58.0432 4080 C:\Windows\System32\wsnmp32.dll - ok
19:58:58.0432 4080 [ 801BA6A31469702367E6A5A224ABA296 ] C:\Program Files\VMware\VMware Tools\plugins\vmsvc\guestInfo.dll
19:58:58.0432 4080 C:\Program Files\VMware\VMware Tools\plugins\vmsvc\guestInfo.dll - ok
19:58:58.0448 4080 [ 200A4857819CA5922334A7A506F2D9FD ] C:\Program Files\VMware\VMware Tools\plugins\vmsvc\hgfsServer.dll
19:58:58.0448 4080 C:\Program Files\VMware\VMware Tools\plugins\vmsvc\hgfsServer.dll - ok
19:58:58.0448 4080 [ 1A5B7C51F267D03CAB11E950F232B0E8 ] C:\Program Files\VMware\VMware Tools\plugins\vmsvc\hgfsUsability.dll
19:58:58.0448 4080 C:\Program Files\VMware\VMware Tools\plugins\vmsvc\hgfsUsability.dll - ok
19:58:58.0448 4080 [ 333FD0837C7CC5418E1BAA8EB88179D5 ] C:\Program Files\VMware\VMware Tools\plugins\vmsvc\powerOps.dll
19:58:58.0448 4080 C:\Program Files\VMware\VMware Tools\plugins\vmsvc\powerOps.dll - ok
19:58:58.0448 4080 [ 12D82F9B89B41ED2EAD173D2843599CD ] C:\Windows\System32\TPVMMon.dll
19:58:58.0448 4080 C:\Windows\System32\TPVMMon.dll - ok
19:58:58.0448 4080 [ DF85F77FDFC83372F73CD763CF24A85D ] C:\Program Files\VMware\VMware Tools\plugins\vmsvc\resolutionSet.dll
19:58:58.0448 4080 C:\Program Files\VMware\VMware Tools\plugins\vmsvc\resolutionSet.dll - ok
19:58:58.0463 4080 [ B9BC0E6AFCE7A9865E3AA0E896C02170 ] C:\Program Files\VMware\VMware Tools\plugins\vmsvc\thinprint.dll
19:58:58.0463 4080 C:\Program Files\VMware\VMware Tools\plugins\vmsvc\thinprint.dll - ok
19:58:58.0463 4080 [ 7246CB22C4F7FFE582826F41415DCBA7 ] C:\Program Files\VMware\VMware Tools\plugins\vmsvc\timeSync.dll
19:58:58.0463 4080 C:\Program Files\VMware\VMware Tools\plugins\vmsvc\timeSync.dll - ok
19:58:58.0463 4080 [ 2FC78BDFDBE3D2307F262A2BD7F25A95 ] C:\Windows\System32\TPVMW32.dll
19:58:58.0463 4080 C:\Windows\System32\TPVMW32.dll - ok
19:58:58.0463 4080 [ F215F3AF0A952E2FD776DBE7949A5EE5 ] C:\Program Files\VMware\VMware Tools\plugins\vmsvc\vix.dll
19:58:58.0463 4080 C:\Program Files\VMware\VMware Tools\plugins\vmsvc\vix.dll - ok
19:58:58.0463 4080 [ 263F4A2F429808FDC582B226952E9717 ] C:\Program Files\VMware\VMware Tools\plugins\vmsvc\vmbackup.dll
19:58:58.0463 4080 C:\Program Files\VMware\VMware Tools\plugins\vmsvc\vmbackup.dll - ok
19:58:58.0479 4080 [ 923CDD30092DB73EC4A0EBCDDD16C686 ] C:\Windows\System32\usbmon.dll
19:58:58.0479 4080 C:\Windows\System32\usbmon.dll - ok
19:58:58.0479 4080 [ A8EB761DE499242BECF153B2B34F020E ] C:\Windows\System32\WSDMon.dll
19:58:58.0479 4080 C:\Windows\System32\WSDMon.dll - ok
19:58:58.0479 4080 [ 73F6C5223F7E9B5780DD4A6C30FCF569 ] C:\Windows\System32\WSDApi.dll
19:58:58.0479 4080 C:\Windows\System32\WSDApi.dll - ok
19:58:58.0479 4080 [ 3CDE2911462FEC80064A409C07710C06 ] C:\Windows\System32\wbem\WmiPrvSD.dll
19:58:58.0479 4080 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
19:58:58.0479 4080 [ DB846EECA70EE9D2E2FF31147C57B0F4 ] C:\Windows\System32\webservices.dll
19:58:58.0479 4080 C:\Windows\System32\webservices.dll - ok
19:58:58.0479 4080 [ A4CC7227A452C4909F9499D91B184364 ] C:\Windows\System32\ncobjapi.dll
19:58:58.0479 4080 C:\Windows\System32\ncobjapi.dll - ok
19:58:58.0495 4080 [ B350509B6C9296529BC464C60FEEAEF1 ] C:\Windows\System32\wbem\wbemess.dll
19:58:58.0495 4080 C:\Windows\System32\wbem\wbemess.dll - ok
19:58:58.0495 4080 [ 4FB491AC8D46AAF22BA8BC5C73DABEF7 ] C:\Windows\System32\wbem\WmiPrvSE.exe
19:58:58.0495 4080 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
19:58:58.0495 4080 [ 89D90579E5FB1469CB0464F6512E42B7 ] C:\Windows\System32\fundisc.dll
19:58:58.0495 4080 C:\Windows\System32\fundisc.dll - ok
19:58:58.0495 4080 [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\System32\npmproxy.dll
19:58:58.0495 4080 C:\Windows\System32\npmproxy.dll - ok
19:58:58.0495 4080 [ F34CFADA6C48DAA41B996D24C7D8D3CA ] C:\Windows\System32\fdPnp.dll
19:58:58.0495 4080 C:\Windows\System32\fdPnp.dll - ok
19:58:58.0495 4080 [ 7E82616BEE76BF5EAA5B30F681414E21 ] C:\Windows\System32\perftrack.dll
19:58:58.0495 4080 C:\Windows\System32\perftrack.dll - ok
19:58:58.0510 4080 [ 590D5C506044FE02FF7643E32FF9BDAC ] C:\Windows\System32\wer.dll
19:58:58.0510 4080 C:\Windows\System32\wer.dll - ok
19:58:58.0510 4080 [ CB67C2B94302DC94BC15ED6553A5C1C7 ] C:\Windows\System32\wbem\cimwin32.dll
19:58:58.0510 4080 C:\Windows\System32\wbem\cimwin32.dll - ok
19:58:58.0510 4080 [ CD72C6406BA561BED6D42CB145E55307 ] C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll
19:58:58.0510 4080 C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll - ok
19:58:58.0510 4080 [ D0481FB85BEEDD30A0884BE327880F80 ] C:\Windows\System32\framedynos.dll
19:58:58.0510 4080 C:\Windows\System32\framedynos.dll - ok
19:58:58.0510 4080 [ 192F7774290DF6A0054582A6B685D43B ] C:\Windows\System32\spool\prtprocs\w32x86\TPWinPrn.dll
19:58:58.0510 4080 C:\Windows\System32\spool\prtprocs\w32x86\TPWinPrn.dll - ok
19:58:58.0526 4080 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\System32\wsock32.dll
19:58:58.0526 4080 C:\Windows\System32\wsock32.dll - ok
19:58:58.0526 4080 [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\System32\NapiNSP.dll
19:58:58.0526 4080 C:\Windows\System32\NapiNSP.dll - ok
19:58:58.0526 4080 [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\System32\pnrpnsp.dll
19:58:58.0526 4080 C:\Windows\System32\pnrpnsp.dll - ok
19:58:58.0526 4080 [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\System32\winrnr.dll
19:58:58.0526 4080 C:\Windows\System32\winrnr.dll - ok
19:58:58.0526 4080 [ AC122407B29378FF9646F03404AC7C54 ] C:\Windows\System32\wshbth.dll
19:58:58.0526 4080 C:\Windows\System32\wshbth.dll - ok
19:58:58.0526 4080 [ 52CCA2E9FFD0653CACED1E808AADE4B6 ] C:\Windows\System32\win32spl.dll
19:58:58.0526 4080 C:\Windows\System32\win32spl.dll - ok
19:58:58.0541 4080 [ D27DDE7E0444C7F1819F958469EB7D93 ] C:\Windows\System32\inetpp.dll
19:58:58.0541 4080 C:\Windows\System32\inetpp.dll - ok
19:58:58.0541 4080 [ 8B794AE6D5C7D42092804BC39A2EB8F6 ] C:\Windows\System32\aepic.dll
19:58:58.0541 4080 C:\Windows\System32\aepic.dll - ok
19:58:58.0541 4080 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\System32\sfc.dll
19:58:58.0541 4080 C:\Windows\System32\sfc.dll - ok
19:58:58.0541 4080 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\System32\sfc_os.dll
19:58:58.0541 4080 C:\Windows\System32\sfc_os.dll - ok
19:58:58.0541 4080 [ ECF036299AA554B5E0455262857B39D0 ] C:\Windows\System32\diagperf.dll
19:58:58.0541 4080 C:\Windows\System32\diagperf.dll - ok
19:58:58.0541 4080 [ F8E882C10AF4C29E378D1E28D4817CB1 ] C:\Windows\System32\pnpts.dll
19:58:58.0541 4080 C:\Windows\System32\pnpts.dll - ok
19:58:58.0557 4080 [ F0016853FA3F38F55FD868FF74C0359B ] C:\Windows\System32\wdiasqmmodule.dll
19:58:58.0557 4080 C:\Windows\System32\wdiasqmmodule.dll - ok
19:58:58.0557 4080 [ 7FFD52D73352806969D424EF327D10A7 ] C:\Windows\System32\radardt.dll
19:58:58.0557 4080 C:\Windows\System32\radardt.dll - ok
19:58:58.0557 4080 [ E98278865E8DABA21CFE5FE4BE34210A ] C:\Windows\System32\PortableDeviceApi.dll
19:58:58.0557 4080 C:\Windows\System32\PortableDeviceApi.dll - ok
19:58:58.0557 4080 [ C693E642ACFBDD76433AF6BE3C3EEE6F ] C:\Windows\System32\PortableDeviceConnectApi.dll
19:58:58.0557 4080 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
19:58:58.0557 4080 [ D99621C0735B21DCC8BC4FEF02F379EF ] C:\Windows\System32\Apphlpdm.dll
19:58:58.0557 4080 C:\Windows\System32\Apphlpdm.dll - ok
19:58:58.0573 4080 [ C5C867CD7EFAC60D5021223E374DEEC5 ] C:\Windows\System32\dimsjob.dll
19:58:58.0573 4080 C:\Windows\System32\dimsjob.dll - ok
19:58:58.0573 4080 [ 1023EE888C9B47178C5293ED5336AB69 ] C:\Windows\System32\drivers\WUDFRd.sys
19:58:58.0573 4080 C:\Windows\System32\drivers\WUDFRd.sys - ok
19:58:58.0573 4080 [ 14486EB6AF542F2BD3239F7FC3E713F7 ] C:\Windows\System32\pautoenr.dll
19:58:58.0573 4080 C:\Windows\System32\pautoenr.dll - ok
19:58:58.0573 4080 [ 61B1ED5F429EFAC7E2036769870AB93E ] C:\Windows\System32\certcli.dll
19:58:58.0573 4080 C:\Windows\System32\certcli.dll - ok
19:58:58.0573 4080 [ 311A281F5199EC39711017530DC06B64 ] C:\Windows\System32\WUDFHost.exe
19:58:58.0573 4080 C:\Windows\System32\WUDFHost.exe - ok
19:58:58.0573 4080 [ 497E59D9F01C6F247E72222A61835119 ] C:\Windows\System32\dwmcore.dll
19:58:58.0573 4080 C:\Windows\System32\dwmcore.dll - ok
19:58:58.0588 4080 [ 8549E6ABF8B270CC10C31B480239E116 ] C:\Windows\System32\WUDFx.dll
19:58:58.0588 4080 C:\Windows\System32\WUDFx.dll - ok
19:58:58.0588 4080 [ 7ABBDC3B08950992D218FA1E52D52A96 ] C:\Windows\System32\drivers\UMDF\WpdFs.dll
19:58:58.0588 4080 C:\Windows\System32\drivers\UMDF\WpdFs.dll - ok
19:58:58.0588 4080 [ 0F416E23DD2EB4DEBE70608020CFD283 ] C:\Windows\System32\WMVCORE.DLL
19:58:58.0588 4080 C:\Windows\System32\WMVCORE.DLL - ok
19:58:58.0588 4080 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\System32\ExplorerFrame.dll
19:58:58.0588 4080 C:\Windows\System32\ExplorerFrame.dll - ok
19:58:58.0588 4080 [ A7DD56261518373F70F23079EB3CD0A2 ] C:\Windows\System32\WMASF.DLL
19:58:58.0588 4080 C:\Windows\System32\WMASF.DLL - ok
19:58:58.0588 4080 [ 81490FDAE27F0082E5CC2DC78DCA96FA ] C:\Windows\System32\PortableDeviceClassExtension.dll
19:58:58.0588 4080 C:\Windows\System32\PortableDeviceClassExtension.dll - ok
19:58:58.0604 4080 [ ADB45A977BD9E45790CA496DB84BA148 ] C:\Windows\System32\PortableDeviceTypes.dll
19:58:58.0604 4080 C:\Windows\System32\PortableDeviceTypes.dll - ok
19:58:58.0604 4080 [ FC5372FD2DEB28E847C8394C58BC76FA ] C:\Program Files\Microsoft Security Client\MpCmdRun.exe
19:58:58.0604 4080 C:\Program Files\Microsoft Security Client\MpCmdRun.exe - ok
19:58:58.0604 4080 [ 3B846434055F80D9E89D0742F3ADAD34 ] C:\Program Files\Microsoft Security Client\NisSrv.exe
19:58:58.0604 4080 C:\Program Files\Microsoft Security Client\NisSrv.exe - ok
19:58:58.0604 4080 [ 2DE90400A63818FA38C4C5C9ADB166BF ] C:\Windows\System32\d3d10_1.dll
19:58:58.0604 4080 C:\Windows\System32\d3d10_1.dll - ok
19:58:58.0604 4080 [ A8CDF3768604FF95B54669E20053D569 ] C:\Windows\System32\wscapi.dll
19:58:58.0604 4080 C:\Windows\System32\wscapi.dll - ok
19:58:58.0620 4080 [ 310E9119D0A1CFDF1DA897089B533D81 ] C:\Windows\System32\conhost.exe
19:58:58.0620 4080 C:\Windows\System32\conhost.exe - ok
19:58:58.0620 4080 [ 9C36A3CA80F9B204C670336D344F5DF8 ] C:\Windows\System32\d3d10_1core.dll
19:58:58.0620 4080 C:\Windows\System32\d3d10_1core.dll - ok
19:58:58.0620 4080 [ 4C6CA0F172E264B432666A81E4B466AB ] C:\Program Files\Microsoft Security Client\NisLog.dll
19:58:58.0620 4080 C:\Program Files\Microsoft Security Client\NisLog.dll - ok
19:58:58.0620 4080 [ 29BC473072568C072EC8B176498DE996 ] C:\Windows\System32\CertEnroll.dll
19:58:58.0620 4080 C:\Windows\System32\CertEnroll.dll - ok
19:58:58.0620 4080 [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\System32\cscapi.dll
19:58:58.0620 4080 C:\Windows\System32\cscapi.dll - ok
19:58:58.0620 4080 [ 0411B7958C524BB2E91EE1B3035FE321 ] C:\Windows\System32\dxgi.dll
19:58:58.0620 4080 C:\Windows\System32\dxgi.dll - ok
19:58:58.0635 4080 [ F7FE730CE31B54145DEE1F1482BCCDD7 ] C:\Windows\System32\ndiscapCfg.dll
19:58:58.0635 4080 C:\Windows\System32\ndiscapCfg.dll - ok
19:58:58.0635 4080 [ 9A7B54D57594233EEB17892BAD309970 ] C:\Windows\System32\mprmsg.dll
19:58:58.0635 4080 C:\Windows\System32\mprmsg.dll - ok
19:58:58.0635 4080 [ F75BFDACAF4AD540444FFC31B49BDA99 ] C:\Windows\System32\d3d10level9.dll
19:58:58.0635 4080 C:\Windows\System32\d3d10level9.dll - ok
19:58:58.0635 4080 [ 7A6986DD659B96398A11AF5173892715 ] C:\Windows\System32\cabinet.dll
19:58:58.0635 4080 C:\Windows\System32\cabinet.dll - ok
19:58:58.0635 4080 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\System32\EhStorShell.dll
19:58:58.0635 4080 C:\Windows\System32\EhStorShell.dll - ok
19:58:58.0635 4080 [ 3EC541C196DE18ED9A0D0AC82A694D4C ] C:\Windows\System32\cscui.dll
19:58:58.0635 4080 C:\Windows\System32\cscui.dll - ok
19:58:58.0651 4080 [ 57A51217581614DE07F30E34D6BB4993 ] C:\Windows\System32\cscdll.dll
19:58:58.0651 4080 C:\Windows\System32\cscdll.dll - ok
19:58:58.0651 4080 [ 39C3B2EEBEE102ADDA573C346FF5F3B7 ] C:\Windows\System32\igdumd32.dll
19:58:58.0651 4080 C:\Windows\System32\igdumd32.dll - ok
19:58:58.0651 4080 [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\System32\ntshrui.dll
19:58:58.0651 4080 C:\Windows\System32\ntshrui.dll - ok
19:58:58.0651 4080 [ 1B0EC94520CAB89A9CE1B2DA405166AF ] C:\Windows\System32\p2pcollab.dll
19:58:58.0651 4080 C:\Windows\System32\p2pcollab.dll - ok
19:58:58.0651 4080 [ 523CF74A52C9A1762DA8B83AEE734498 ] C:\Windows\System32\IconCodecService.dll
19:58:58.0651 4080 C:\Windows\System32\IconCodecService.dll - ok
19:58:58.0666 4080 [ 9FD6496B6D91C8BE2A10BD55EAE2D5F2 ] C:\Windows\System32\fveui.dll
19:58:58.0666 4080 C:\Windows\System32\fveui.dll - ok
19:58:58.0666 4080 [ 3B47E60E1012B23873ED2E4A9B4F2310 ] C:\Program Files\Microsoft Security Client\MsseWat.dll
19:58:58.0666 4080 C:\Program Files\Microsoft Security Client\MsseWat.dll - ok
19:58:58.0666 4080 [ 19F75D71E4256F5113D64CE2BB66B838 ] C:\Windows\System32\slwga.dll
19:58:58.0666 4080 C:\Windows\System32\slwga.dll - ok
19:58:58.0666 4080 [ 8E4B58E12B3FA65ED1462846906E0B59 ] C:\Windows\System32\sppc.dll
19:58:58.0666 4080 C:\Windows\System32\sppc.dll - ok
19:58:58.0666 4080 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\System32\runonce.exe
19:58:58.0666 4080 C:\Windows\System32\runonce.exe - ok
19:58:58.0666 4080 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\System32\cmd.exe
19:58:58.0666 4080 C:\Windows\System32\cmd.exe - ok
19:58:58.0682 4080 [ 78DE417B7921DACA072059E6BF410FC7 ] C:\Windows\System32\wshnetbs.dll
19:58:58.0682 4080 C:\Windows\System32\wshnetbs.dll - ok
19:58:58.0682 4080 [ 45D9F6CD2469CDB6A640DD4BD2B01471 ] C:\Windows\System32\nci.dll
19:58:58.0682 4080 C:\Windows\System32\nci.dll - ok
19:58:58.0682 4080 [ 9E6AF823733C70E207D9FB6731A63B3D ] C:\Windows\System32\wlaninst.dll
19:58:58.0682 4080 C:\Windows\System32\wlaninst.dll - ok
19:58:58.0682 4080 [ 5466DCAEF5A648E04D1B6580F2C901B5 ] C:\Windows\System32\ieframe.dll
19:58:58.0682 4080 C:\Windows\System32\ieframe.dll - ok
19:58:58.0682 4080 [ 5B6EF0861BB5AC0EC347548E85C24A1D ] C:\Windows\System32\wwaninst.dll
19:58:58.0682 4080 C:\Windows\System32\wwaninst.dll - ok
19:58:58.0682 4080 [ 51138BEEA3E2C21EC44D0932C71762A8 ] C:\Windows\System32\rundll32.exe
19:58:58.0682 4080 C:\Windows\System32\rundll32.exe - ok
19:58:58.0698 4080 [ 368B2BEE3F88BFB883D2C74A258DE6F6 ] C:\Windows\AppPatch\AcLayers.dll
19:58:58.0698 4080 C:\Windows\AppPatch\AcLayers.dll - ok
19:58:58.0698 4080 [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\System32\oleacc.dll
19:58:58.0698 4080 C:\Windows\System32\oleacc.dll - ok
19:58:58.0698 4080 [ D2958325C1AE1AE37A83334C6229E3BC ] C:\Windows\System32\actxprxy.dll
19:58:58.0698 4080 C:\Windows\System32\actxprxy.dll - ok
19:58:58.0698 4080 [ BE247AE996A9FDE007A27B51413A6C79 ] C:\Windows\System32\shdocvw.dll
19:58:58.0698 4080 C:\Windows\System32\shdocvw.dll - ok
19:58:58.0698 4080 [ 4B9E4CE667DF26ADA061AA81E9AA841D ] C:\Windows\System32\spfileq.dll
19:58:58.0698 4080 C:\Windows\System32\spfileq.dll - ok
19:58:58.0713 4080 [ 5C3F9DBA818CD93379D1A0F215270374 ] C:\Windows\System32\esent.dll
19:58:58.0713 4080 C:\Windows\System32\esent.dll - ok
19:58:58.0713 4080 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Owner\AppData\Local\Temp\E29AAB33-0B74-45F4-9DEC-4921BBD7F055.exe
19:58:58.0713 4080 C:\Users\Owner\AppData\Local\Temp\E29AAB33-0B74-45F4-9DEC-4921BBD7F055.exe - ok
19:58:58.0713 4080 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\System32\SensApi.dll
19:58:58.0713 4080 C:\Windows\System32\SensApi.dll - ok
19:58:58.0713 4080 [ 0FBC74AA20FE0AE6884279F893169C60 ] C:\Windows\System32\wmploc.DLL
19:58:58.0713 4080 C:\Windows\System32\wmploc.DLL - ok
19:58:58.0713 4080 [ C0B8B96D018849FD8CCF15FED84E8782 ] C:\Windows\System32\ie4uinit.exe
19:58:58.0713 4080 C:\Windows\System32\ie4uinit.exe - ok
19:58:58.0713 4080 [ F0FEFB0B5D25A75D478A4317139D937E ] C:\Windows\System32\iedkcs32.dll
19:58:58.0713 4080 C:\Windows\System32\iedkcs32.dll - ok
19:58:58.0729 4080 [ 5992A9DF57FD5E6960FDCC2DB69867F7 ] C:\Windows\System32\themeui.dll
19:58:58.0729 4080 C:\Windows\System32\themeui.dll - ok
19:58:58.0729 4080 [ 7E9917D5309A90E7576653BFE39F80D8 ] C:\Windows\System32\timedate.cpl
19:58:58.0729 4080 C:\Windows\System32\timedate.cpl - ok
19:58:58.0729 4080 [ 7CA00998C1AAF913AC089E29DB746037 ] C:\Windows\System32\unregmp2.exe
19:58:58.0729 4080 C:\Windows\System32\unregmp2.exe - ok
19:58:58.0729 4080 [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\System32\linkinfo.dll
19:58:58.0729 4080 C:\Windows\System32\linkinfo.dll - ok
19:58:58.0729 4080 [ 175383778EB24D98C84E624021E3AA0B ] C:\Windows\System32\aeevts.dll
19:58:58.0729 4080 C:\Windows\System32\aeevts.dll - ok
19:58:58.0745 4080 [ 45C0DF404182850C21749AF7763C095F ] C:\Windows\System32\accessibilitycpl.dll
19:58:58.0745 4080 C:\Windows\System32\accessibilitycpl.dll - ok
19:58:58.0745 4080 [ 3A16EA01FCFAAB40882DB5BFEE632322 ] C:\Windows\System32\msftedit.dll
19:58:58.0745 4080 C:\Windows\System32\msftedit.dll - ok
19:58:58.0745 4080 [ 35AAE2E841AA1A949775168E119482C9 ] C:\Windows\System32\msls31.dll
19:58:58.0745 4080 C:\Windows\System32\msls31.dll - ok
19:58:58.0745 4080 [ 7896EFFDEE215C172BE724A64931EF1C ] C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
19:58:58.0745 4080 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll - ok
19:58:58.0745 4080 [ 2A39F32E0067CBF221611FE1FA8C6D8F ] C:\Windows\System32\DeviceCenter.dll
19:58:58.0745 4080 C:\Windows\System32\DeviceCenter.dll - ok
19:58:58.0745 4080 [ F1E9A22C1D4F5D3AC7BA555D4E95329C ] C:\Windows\System32\sud.dll
19:58:58.0745 4080 C:\Windows\System32\sud.dll - ok
19:58:58.0760 4080 [ 672D7C5080ACB003343006405DA2E621 ] C:\Windows\System32\thumbcache.dll
19:58:58.0760 4080 C:\Windows\System32\thumbcache.dll - ok
19:58:58.0760 4080 [ 3D57FFBAD3ED16B63DE3879BAB0FB56F ] C:\Windows\System32\networkexplorer.dll
19:58:58.0760 4080 C:\Windows\System32\networkexplorer.dll - ok
19:58:58.0760 4080 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\40639019.sys
19:58:58.0760 4080 C:\Windows\System32\drivers\40639019.sys - ok
19:58:58.0760 4080 [ 285C594C4913FA9DC7BB6BA3AD6F101A ] C:\Windows\System32\wucltux.dll
19:58:58.0760 4080 C:\Windows\System32\wucltux.dll - ok
19:58:58.0760 4080 [ D205C24A9D069049FE2DF2A1B38726A7 ] C:\Windows\System32\wdmaud.drv
19:58:58.0760 4080 C:\Windows\System32\wdmaud.drv - ok
19:58:58.0760 4080 [ 9C67F6BBDA3881CFD02095160CF91576 ] C:\Windows\System32\ksuser.dll
19:58:58.0760 4080 C:\Windows\System32\ksuser.dll - ok
19:58:58.0776 4080 [ C940F2F5C60B3727C5F18840735B229C ] C:\Windows\System32\AudioSes.dll
19:58:58.0776 4080 C:\Windows\System32\AudioSes.dll - ok
19:58:58.0776 4080 [ DCCA4B04AF87E52EF9EAA2190E06CBAC ] C:\Program Files\Windows Sidebar\sidebar.exe
19:58:58.0776 4080 C:\Program Files\Windows Sidebar\sidebar.exe - ok
19:58:58.0776 4080 [ 07393A09C46083588E751B63B03C8301 ] C:\Windows\System32\msacm32.drv
19:58:58.0776 4080 C:\Windows\System32\msacm32.drv - ok
19:58:58.0776 4080 [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\System32\msacm32.dll
19:58:58.0776 4080 C:\Windows\System32\msacm32.dll - ok
19:58:58.0776 4080 [ 5A12C364AD1D4FCC0AD0E56DBBC34462 ] C:\Windows\System32\midimap.dll
19:58:58.0776 4080 C:\Windows\System32\midimap.dll - ok
19:58:58.0776 4080 [ BBA9D5A730D5E304117AD26923EBD8AA ] C:\Windows\System32\AudioEng.dll
19:58:58.0776 4080 C:\Windows\System32\AudioEng.dll - ok
19:58:58.0791 4080 [ 96F0F8F4DEE598C8D12AD9633E0CFE2A ] C:\Windows\System32\AUDIOKSE.dll
19:58:58.0791 4080 C:\Windows\System32\AUDIOKSE.dll - ok
19:58:58.0791 4080 [ 5A8EBF167F36A7C0D6E9BDD027D55EEB ] C:\Program Files\DVD Maker\DVDMaker.exe
19:58:58.0791 4080 C:\Program Files\DVD Maker\DVDMaker.exe - ok
19:58:58.0791 4080 [ 4E30ED3E551E867ADD1C8D58F5EDD9DF ] C:\Windows\System32\WMALFXGFXDSP.dll
19:58:58.0791 4080 C:\Windows\System32\WMALFXGFXDSP.dll - ok
19:58:58.0791 4080 [ 40B82688907A7DBA4DB3B5ADDE3EAB3B ] C:\Windows\System32\mfplat.dll
19:58:58.0791 4080 C:\Windows\System32\mfplat.dll - ok
19:58:58.0791 4080 [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\System32\msi.dll
19:58:58.0791 4080 C:\Windows\System32\msi.dll - ok
19:58:58.0807 4080 [ 59B7280D73906B43B13B273A1F9CC3DD ] C:\Windows\System32\xpsrchvw.exe
19:58:58.0807 4080 C:\Windows\System32\xpsrchvw.exe - ok
19:58:58.0807 4080 [ 368A5F0D5FD18CDBF25E98FB1BDF6DBB ] C:\Windows\System32\fsquirt.exe
19:58:58.0807 4080 C:\Windows\System32\fsquirt.exe - ok
19:58:58.0807 4080 [ BA4E1A60BD20CA7978C76D79F19E37F0 ] C:\Windows\System32\DisplaySwitch.exe
19:58:58.0807 4080 C:\Windows\System32\DisplaySwitch.exe - ok
19:58:58.0807 4080 [ 7B554081A0A80B14F1E5D06441DBAF58 ] C:\Program Files\Common Files\microsoft shared\ink\mip.exe
19:58:58.0807 4080 C:\Program Files\Common Files\microsoft shared\ink\mip.exe - ok
19:58:58.0807 4080 [ B5FFA9977015ED3E1B2C3FF266A1BEB9 ] C:\Windows\System32\mblctr.exe
19:58:58.0807 4080 C:\Windows\System32\mblctr.exe - ok
19:58:58.0807 4080 [ D378BFFB70923139D6A4F546864AA61C ] C:\Windows\System32\notepad.exe
19:58:58.0807 4080 C:\Windows\System32\notepad.exe - ok
19:58:58.0823 4080 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\System32\riched20.dll
19:58:58.0823 4080 C:\Windows\System32\riched20.dll - ok
19:58:58.0823 4080 [ 6B9BEFC3B8D8A9B4598F9507133FBB0D ] C:\Windows\System32\NetProjW.dll
19:58:58.0823 4080 C:\Windows\System32\NetProjW.dll - ok
19:58:58.0823 4080 [ 62CBF36E3E10BAA74224BC7A6DD998B5 ] C:\Program Files\Internet Explorer\ieproxy.dll
19:58:58.0823 4080 C:\Program Files\Internet Explorer\ieproxy.dll - ok
19:58:58.0823 4080 [ 2A40F6AD59D3E598ECDAA6CAB90360A4 ] C:\Windows\System32\SoundRecorder.exe
19:58:58.0823 4080 C:\Windows\System32\SoundRecorder.exe - ok
19:58:58.0823 4080 [ 2DDEA2C345DA5BC589EFD398F220DB0E ] C:\Windows\System32\SyncCenter.dll
19:58:58.0823 4080 C:\Windows\System32\SyncCenter.dll - ok
19:58:58.0838 4080 [ BE54E44F60F121782B84E5B1BFADF315 ] C:\Windows\System32\Speech\SpeechUX\sapi.cpl
19:58:58.0838 4080 C:\Windows\System32\Speech\SpeechUX\sapi.cpl - ok
19:58:58.0838 4080 [ FB036244DBD2FADC225AD8650886B641 ] C:\Windows\System32\dfrgui.exe
19:58:58.0838 4080 C:\Windows\System32\dfrgui.exe - ok
19:58:58.0838 4080 [ 8BCF1DCE05F4494C8891F33EEA450D0A ] C:\Windows\System32\wdc.dll
19:58:58.0838 4080 C:\Windows\System32\wdc.dll - ok
19:58:58.0838 4080 [ 5F2122888583347C9B81724CF169EFC6 ] C:\Windows\System32\msinfo32.exe
19:58:58.0838 4080 C:\Windows\System32\msinfo32.exe - ok
19:58:58.0838 4080 [ 78079EB83665E1AC18AC9C5E273845BF ] C:\Windows\System32\rstrui.exe
19:58:58.0838 4080 C:\Windows\System32\rstrui.exe - ok
19:58:58.0838 4080 [ B72F77DA5A69F5626696182E17B503BA ] C:\Windows\System32\miguiresource.dll
19:58:58.0838 4080 C:\Windows\System32\miguiresource.dll - ok
19:58:58.0854 4080 [ 912649A1B3F9E6ACB3899FBDABA2ED5F ] C:\Windows\System32\stobject.dll
19:58:58.0854 4080 C:\Windows\System32\stobject.dll - ok
19:58:58.0854 4080 [ 67C1B58706B47EEBA4E117AC197289E6 ] C:\Windows\System32\batmeter.dll
19:58:58.0854 4080 C:\Windows\System32\batmeter.dll - ok
19:58:58.0854 4080 [ 2FF112EF1984C2AD73684F0B290DBFA3 ] C:\Windows\System32\migwiz\wet.dll
19:58:58.0854 4080 C:\Windows\System32\migwiz\wet.dll - ok
19:58:58.0854 4080 [ C8333F1F77A1B2E25F2202E892CAF634 ] C:\Windows\System32\prnfldr.dll
19:58:58.0854 4080 C:\Windows\System32\prnfldr.dll - ok
19:58:58.0854 4080 [ 5BCB0EB1A8EC016C03375E5C87344400 ] C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe
19:58:58.0854 4080 C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe - ok
19:58:58.0854 4080 [ ADDB05C93272A62606599B24730BD645 ] C:\Windows\System32\DXP.dll
19:58:58.0854 4080 C:\Windows\System32\DXP.dll - ok
19:58:58.0870 4080 [ 5AF22331F2CA24D7688DE5C374519BA3 ] C:\Program Files\Windows Journal\Journal.exe
19:58:58.0870 4080 C:\Program Files\Windows Journal\Journal.exe - ok
19:58:58.0870 4080 [ 856CFFCD835528136367BB1A8FE1DB87 ] C:\Windows\System32\Syncreg.dll
19:58:58.0870 4080 C:\Windows\System32\Syncreg.dll - ok
19:58:58.0870 4080 [ 92F44E405DB16AC55D97E3BFE3B132FA ] C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
19:58:58.0870 4080 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe - ok
19:58:58.0870 4080 [ F8F03D206F7D5811D630349A23E9B9B9 ] C:\Windows\ehome\ehSSO.dll
19:58:58.0870 4080 C:\Windows\ehome\ehSSO.dll - ok
19:58:58.0870 4080 [ 0BBDB0F5A25A2FE0502F44CA7D04AB61 ] C:\Windows\System32\mycomput.dll
19:58:58.0870 4080 C:\Windows\System32\mycomput.dll - ok
19:58:58.0885 4080 [ ABA457BFC7EC0B5E130B2F1E0F549DFF ] C:\Windows\System32\odbcint.dll
19:58:58.0885 4080 C:\Windows\System32\odbcint.dll - ok
19:58:58.0885 4080 [ B2B3DAE040F6B5AE1DF52B0CD7631A18 ] C:\Windows\System32\AltTab.dll
19:58:58.0885 4080 C:\Windows\System32\AltTab.dll - ok
19:58:58.0885 4080 [ F945ADCEF203E6104AEC8EC9C337CFD0 ] C:\Windows\System32\iscsicpl.dll
19:58:58.0885 4080 C:\Windows\System32\iscsicpl.dll - ok
19:58:58.0885 4080 [ 4D05BDE56A7116B744B04192173A0122 ] C:\Windows\System32\MdSched.exe
19:58:58.0885 4080 C:\Windows\System32\MdSched.exe - ok
19:58:58.0885 4080 [ 735263DA17BF5BAF9CCD483843BF9D5A ] C:\Windows\System32\WPDShServiceObj.dll
19:58:58.0885 4080 C:\Windows\System32\WPDShServiceObj.dll - ok
19:58:58.0885 4080 [ 3D6F22551D422F97AACB0BB927E4C846 ] C:\Windows\System32\pnidui.dll
19:58:58.0885 4080 C:\Windows\System32\pnidui.dll - ok
19:58:58.0901 4080 [ 465DBF63A5049E4DB4BC5C12FFE781CB ] C:\Windows\System32\tquery.dll
19:58:58.0901 4080 C:\Windows\System32\tquery.dll - ok
19:58:58.0901 4080 [ 2BCF9DD935DAE5A34BACE0F76DD0B581 ] C:\Windows\System32\pmcsnap.dll
19:58:58.0901 4080 C:\Windows\System32\pmcsnap.dll - ok
19:58:58.0901 4080 [ BD626EF05967D14C772B8096292731A3 ] C:\Windows\System32\QUTIL.DLL
19:58:58.0901 4080 C:\Windows\System32\QUTIL.DLL - ok
19:58:58.0901 4080 [ CF4274CEEA9F7791FB7FC40A066BC2C7 ] C:\Windows\System32\cscobj.dll
19:58:58.0901 4080 C:\Windows\System32\cscobj.dll - ok
19:58:58.0901 4080 [ 0241CB16136B9A4939CA0395768AE286 ] C:\Windows\System32\mssrch.dll
19:58:58.0901 4080 C:\Windows\System32\mssrch.dll - ok
19:58:58.0901 4080 [ 674B0C0F6A448EB185CAAB9C51D44032 ] C:\Windows\System32\srchadmin.dll
19:58:58.0901 4080 C:\Windows\System32\srchadmin.dll - ok
19:58:58.0916 4080 [ CA75367CE419922291A11227E32FBA0C ] C:\Windows\System32\wsecedit.dll
19:58:58.0916 4080 C:\Windows\System32\wsecedit.dll - ok
19:58:58.0916 4080 [ 81600E2E27ED61427AAD865B9BCDDB9D ] C:\Windows\System32\msidle.dll
19:58:58.0916 4080 C:\Windows\System32\msidle.dll - ok
19:58:58.0916 4080 [ 1CBF15FDB0310345A68972EB5C5B948F ] C:\Windows\System32\mssprxy.dll
19:58:58.0916 4080 C:\Windows\System32\mssprxy.dll - ok
19:58:58.0916 4080 [ D39DA70FEA6BD713682F70635587DA9E ] C:\Windows\System32\rasdlg.dll
19:58:58.0916 4080 C:\Windows\System32\rasdlg.dll - ok
19:58:58.0916 4080 [ A3E23DD82AA7963D9F7D184BEEEE5448 ] C:\Windows\System32\filemgmt.dll
19:58:58.0916 4080 C:\Windows\System32\filemgmt.dll - ok
19:58:58.0932 4080 [ B63E24E9271E99FD4540E3CA22A937DA ] C:\Windows\System32\en-US\tquery.dll.mui
19:58:58.0932 4080 C:\Windows\System32\en-US\tquery.dll.mui - ok
19:58:58.0932 4080 [ A00075951E38A73FE2F9D8384311710A ] C:\Windows\System32\msconfig.exe
19:58:58.0932 4080 C:\Windows\System32\msconfig.exe - ok
19:58:58.0932 4080 [ 81241E7723D5675AF6E27A7F0E7F3324 ] C:\Windows\System32\AuthFWGP.dll
19:58:58.0932 4080 C:\Windows\System32\AuthFWGP.dll - ok
19:58:58.0932 4080 [ 04B88428A872390D235BE52D38A9D4EF ] C:\Windows\System32\dot3api.dll
19:58:58.0932 4080 C:\Windows\System32\dot3api.dll - ok
19:58:58.0932 4080 [ 8063046AA70B97CA9985672B8848FB2E ] C:\Windows\System32\wlanhlp.dll
19:58:58.0932 4080 C:\Windows\System32\wlanhlp.dll - ok
19:58:58.0932 4080 [ B010CF886420EE29C2C276646721D255 ] C:\Windows\System32\wlanapi.dll
19:58:58.0932 4080 C:\Windows\System32\wlanapi.dll - ok
19:58:58.0948 4080 [ 19BC13711AC403FEB830522E4831701B ] C:\Windows\System32\gameux.dll
19:58:58.0948 4080 C:\Windows\System32\gameux.dll - ok
19:58:58.0948 4080 [ C02AA67276FEE0C15CC4D6D616BDE95E ] C:\Windows\System32\WWanAPI.dll
19:58:58.0948 4080 C:\Windows\System32\WWanAPI.dll - ok
19:58:58.0948 4080 [ F2ED6D00921CA138289E5E0CCB9ABF87 ] C:\Windows\System32\wwapi.dll
19:58:58.0948 4080 C:\Windows\System32\wwapi.dll - ok
19:58:58.0948 4080 [ 02530B0B7E048DD5AC8D52DAEACAEB2B ] C:\Windows\System32\QAGENT.DLL
19:58:58.0948 4080 C:\Windows\System32\QAGENT.DLL - ok
19:58:58.0948 4080 [ E3D5E244807AD655787FCD25477CC1BC ] C:\Windows\System32\bthprops.cpl
19:58:58.0948 4080 C:\Windows\System32\bthprops.cpl - ok
19:58:58.0948 4080 [ E24BB41C4EFC309A14709FC127A3B847 ] C:\Windows\System32\sdcpl.dll
19:58:58.0948 4080 C:\Windows\System32\sdcpl.dll - ok
19:58:58.0963 4080 [ 5193DE33F3284C447E0D31DAFBF92570 ] C:\Windows\System32\webcheck.dll
19:58:58.0963 4080 C:\Windows\System32\webcheck.dll - ok
19:58:58.0963 4080 [ 8EE6BDE1D572677AA35707C52C585F75 ] C:\Windows\System32\mlang.dll
19:58:58.0963 4080 C:\Windows\System32\mlang.dll - ok
19:58:58.0963 4080 [ 2D11BC8B460957E62E4420373A0D8BDA ] C:\Windows\System32\imapi2.dll
19:58:58.0963 4080 C:\Windows\System32\imapi2.dll - ok
19:58:58.0963 4080 [ 7635B6502882E4B1713F049FD8FD2EA4 ] C:\Windows\System32\recdisc.exe
19:58:58.0963 4080 C:\Windows\System32\recdisc.exe - ok
19:58:58.0963 4080 [ 4AC5B4A0B8D22185C09EE5584BF1CFB5 ] C:\Windows\System32\msra.exe
19:58:58.0963 4080 C:\Windows\System32\msra.exe - ok
19:58:58.0963 4080 [ C7952D0A4C43A965A1741916BB134751 ] C:\Windows\System32\hgcpl.dll
19:58:58.0963 4080 C:\Windows\System32\hgcpl.dll - ok
19:58:58.0979 4080 [ E1AC89F6C5252057E6062843E36A6701 ] C:\Windows\System32\SearchProtocolHost.exe
19:58:58.0979 4080 C:\Windows\System32\SearchProtocolHost.exe - ok
19:58:58.0979 4080 [ A5D237B8673025B052C0E6FDB6A883E8 ] C:\Windows\System32\msshooks.dll
19:58:58.0979 4080 C:\Windows\System32\msshooks.dll - ok
19:58:58.0979 4080 [ F1278B3514EA6FA9BC39B20D26139AAC ] C:\Windows\System32\msiltcfg.dll
19:58:58.0979 4080 C:\Windows\System32\msiltcfg.dll - ok
19:58:58.0979 4080 [ A6CD6B3F71E13E2E45B727FB8A47EA87 ] C:\Windows\System32\SearchFilterHost.exe
19:58:58.0979 4080 C:\Windows\System32\SearchFilterHost.exe - ok
19:58:58.0979 4080 [ 0DCA6A11D09D4C2CBE6B898B897EA915 ] C:\Windows\System32\UIAnimation.dll
19:58:58.0979 4080 C:\Windows\System32\UIAnimation.dll - ok
19:58:58.0995 4080 [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\System32\mscoree.dll
19:58:58.0995 4080 C:\Windows\System32\mscoree.dll - ok
19:58:58.0995 4080 [ 83BA5E873164A3711B44052F58C8FE9F ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
19:58:58.0995 4080 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
19:58:58.0995 4080 [ C2D6A4475B87651D5909E364439FDA52 ] C:\Windows\System32\FXSST.dll
19:58:58.0995 4080 C:\Windows\System32\FXSST.dll - ok
19:58:58.0995 4080 [ 942E57152F1CD0533644AB30EF1A4728 ] C:\Windows\System32\FXSAPI.dll
19:58:58.0995 4080 C:\Windows\System32\FXSAPI.dll - ok
19:58:58.0995 4080 [ 967EA5B213E9984CBE270205DF37755B ] C:\Windows\System32\FXSSVC.exe
19:58:58.0995 4080 C:\Windows\System32\FXSSVC.exe - ok
19:58:58.0995 4080 [ 987323F0247D023AD1AE52195540ECE0 ] C:\Windows\System32\mssvp.dll
19:58:58.0995 4080 C:\Windows\System32\mssvp.dll - ok
19:58:59.0010 4080 [ 8BC9DB92C4B2F3BE89185BEAB2AFC1F6 ] C:\Windows\System32\mapi32.dll
19:58:59.0010 4080 C:\Windows\System32\mapi32.dll - ok
19:58:59.0010 4080 [ A69630D039C38018689190234F866D77 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{31272073-5134-45D0-856E-4F8A3F896D27}\MpKsl83931b82.sys
19:58:59.0010 4080 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{31272073-5134-45D0-856E-4F8A3F896D27}\MpKsl83931b82.sys - ok
19:58:59.0010 4080 [ F148865E4AC4F715E322EA06E6E21D84 ] C:\Windows\System32\wbem\NCProv.dll
19:58:59.0010 4080 C:\Windows\System32\wbem\NCProv.dll - ok
19:58:59.0010 4080 [ 0552A8684BF7566F744D5B19FF6AEC6B ] C:\Windows\System32\bitsperf.dll
19:58:59.0010 4080 C:\Windows\System32\bitsperf.dll - ok
19:58:59.0010 4080 [ F45ED8C4F9AF862CD9992849B5203C11 ] C:\Windows\System32\bitsigd.dll
19:58:59.0010 4080 C:\Windows\System32\bitsigd.dll - ok
19:58:59.0010 4080 [ 954EA9B34F155C844B11F4047A8F6F89 ] C:\Windows\System32\upnp.dll
19:58:59.0010 4080 C:\Windows\System32\upnp.dll - ok
19:58:59.0026 4080 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:58:59.0026 4080 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
19:58:59.0026 4080 [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\System32\msvcr100_clr0400.dll
19:58:59.0026 4080 C:\Windows\System32\msvcr100_clr0400.dll - ok
19:58:59.0026 4080 [ D16D818E9930A6E5B4F6476DD0998D1A ] C:\Windows\System32\drivers\spsys.sys
19:58:59.0026 4080 C:\Windows\System32\drivers\spsys.sys - ok
19:58:59.0026 4080 [ 3A11396EAC2414012155AB14E5C1E332 ] C:\Windows\System32\sppwinob.dll
19:58:59.0026 4080 C:\Windows\System32\sppwinob.dll - ok
19:58:59.0026 4080 [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\System32\dbghelp.dll
19:58:59.0026 4080 C:\Windows\System32\dbghelp.dll - ok
19:58:59.0041 4080 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\Windows\System32\wuapi.dll
19:58:59.0041 4080 C:\Windows\System32\wuapi.dll - ok
19:58:59.0041 4080 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\Windows\System32\wups.dll
19:58:59.0041 4080 C:\Windows\System32\wups.dll - ok
19:58:59.0041 4080 [ 421D9645B72CD341ECDBB0FCE06C97DE ] C:\Windows\System32\sppobjs.dll
19:58:59.0041 4080 C:\Windows\System32\sppobjs.dll - ok
19:58:59.0041 4080 [ 387A8A473ECC5BA02CF453277C1F3274 ] C:\Windows\System32\mspatcha.dll
19:58:59.0041 4080 C:\Windows\System32\mspatcha.dll - ok
19:58:59.0041 4080 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\Windows\System32\wups2.dll
19:58:59.0041 4080 C:\Windows\System32\wups2.dll - ok
19:58:59.0041 4080 [ 8258362DDB18B644A82D8B5061AD9426 ] C:\Windows\System32\wscisvif.dll
19:58:59.0041 4080 C:\Windows\System32\wscisvif.dll - ok
19:58:59.0057 4080 [ 7DF186D86CF8C571A12AAB788C777F84 ] C:\Windows\System32\wscproxystub.dll
19:58:59.0057 4080 C:\Windows\System32\wscproxystub.dll - ok
19:58:59.0057 4080 [ 20308CF0675AD7CE5AAA6712DB823216 ] C:\Program Files\Windows Defender\MpClient.dll
19:58:59.0057 4080 C:\Program Files\Windows Defender\MpClient.dll - ok
19:58:59.0057 4080 [ 1CDEA9188899E76D4FFD54C9D512CCDB ] C:\Windows\System32\msxml3.dll
19:58:59.0057 4080 C:\Windows\System32\msxml3.dll - ok
19:58:59.0057 4080 [ 4F6E72B34ED3DC53DCC5E8708E60B61F ] C:\Windows\System32\security.dll
19:58:59.0057 4080 C:\Windows\System32\security.dll - ok
19:58:59.0057 4080 [ 99B9343280AF6A4C0F27CF2E28E94BBF ] C:\Windows\System32\dssenh.dll
19:58:59.0057 4080 C:\Windows\System32\dssenh.dll - ok
19:58:59.0057 4080 [ 72910F1DEB838E6E08A9017BFB7D4F0B ] C:\Windows\System32\browcli.dll
19:58:59.0057 4080 C:\Windows\System32\browcli.dll - ok
19:58:59.0073 4080 [ A42E7748BE906434C5FD17161D168C20 ] C:\Windows\System32\schedcli.dll
19:58:59.0073 4080 C:\Windows\System32\schedcli.dll - ok
19:58:59.0073 4080 [ 43BE3B9CA431F88E049928DC45C4365C ] C:\Windows\System32\wbem\wmipcima.dll
19:58:59.0073 4080 C:\Windows\System32\wbem\wmipcima.dll - ok
19:58:59.0073 4080 [ 907281ED4AD35D41B29FFDC211EBAD80 ] C:\Windows\System32\wmi.dll
19:58:59.0073 4080 C:\Windows\System32\wmi.dll - ok
19:58:59.0073 4080 [ 52799EAD792B0E9AE7FD4BA5BD18FE5C ] C:\Windows\System32\wbem\WMIADAP.exe
19:58:59.0073 4080 C:\Windows\System32\wbem\WMIADAP.exe - ok
19:58:59.0073 4080 [ 529879612A7FAE235914E3AA6A9A669C ] C:\Windows\System32\loadperf.dll
19:58:59.0073 4080 C:\Windows\System32\loadperf.dll - ok
19:58:59.0088 4080 [ C6B0509AA89F656247694E2D6ABF7255 ] C:\Windows\System32\wbem\wmiprov.dll
19:58:59.0088 4080 C:\Windows\System32\wbem\wmiprov.dll - ok
19:58:59.0088 4080 [ 8B57A1AD493653BB57F281FE75DD175B ] C:\Windows\System32\NaturalLanguage6.dll
19:58:59.0088 4080 C:\Windows\System32\NaturalLanguage6.dll - ok
19:58:59.0088 4080 [ 2992932C1AB1D29A1A4A9E8CB8530CBF ] C:\Windows\System32\NlsData0009.dll
19:58:59.0088 4080 C:\Windows\System32\NlsData0009.dll - ok
19:58:59.0088 4080 [ C8CB301BF896C7C556BBE963FADF5BB6 ] C:\Windows\System32\NlsLexicons0009.dll
19:58:59.0088 4080 C:\Windows\System32\NlsLexicons0009.dll - ok
19:58:59.0088 4080 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Owner\Desktop\tdsskiller.exe
19:58:59.0088 4080 C:\Users\Owner\Desktop\tdsskiller.exe - ok
19:58:59.0088 4080 [ 804D1B3F83682288619DF795543BF382 ] C:\Windows\System32\consent.exe
19:58:59.0088 4080 C:\Windows\System32\consent.exe - ok
19:58:59.0104 4080 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\System32\msimg32.dll
19:58:59.0104 4080 C:\Windows\System32\msimg32.dll - ok
19:58:59.0104 4080 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\93079760.sys
19:58:59.0104 4080 C:\Windows\System32\drivers\93079760.sys - ok
19:58:59.0104 4080 ============================================================
19:58:59.0104 4080 Scan finished
19:58:59.0104 4080 ============================================================
19:58:59.0104 4072 Detected object count: 1
19:58:59.0104 4072 Actual detected object count: 1
19:59:45.0213 4072 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
19:59:45.0213 4072 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:59:48.0682 3940 Deinitialize success

aswMBR log:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-05 20:01:21
-----------------------------
20:01:21.685 OS Version: Windows 6.1.7601 Service Pack 1
20:01:21.685 Number of processors: 2 586 0xF06
20:01:21.685 ComputerName: OWNER-PC UserName: Owner
20:01:36.419 Initialize success
20:27:53.128 AVAST engine defs: 13020501
20:34:29.707 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
20:34:29.707 Disk 0 Vendor: WDC_WD3200BEKT-00PVMT0 01.01A01 Size: 305245MB BusType: 3
20:34:29.722 Disk 0 MBR read successfully
20:34:29.722 Disk 0 MBR scan
20:34:29.738 Disk 0 Windows 7 default MBR code
20:34:29.738 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 40958 MB offset 2048
20:34:29.769 Disk 0 scanning sectors +83884032
20:34:29.800 Disk 0 scanning C:\Windows\system32\drivers
20:34:29.816 Service scanning
20:34:41.300 Service MpKsl83931b82 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{31272073-5134-45D0-856E-4F8A3F896D27}\MpKsl83931b82.sys **LOCKED** 32
20:34:57.707 Modules scanning
20:35:02.660 Disk 0 trace - called modules:
20:35:02.675 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
20:35:03.191 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d91a78]
20:35:03.191 3 CLASSPNP.SYS[8b21f59e] -> nt!IofCallDriver -> [0x85935918]
20:35:03.191 5 ACPI.sys[8aa8f3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x858ef030]
20:35:03.738 AVAST engine scan C:\Windows
20:35:06.472 AVAST engine scan C:\Windows\system32
20:38:39.691 AVAST engine scan C:\Windows\system32\drivers
20:38:56.832 AVAST engine scan C:\Users\Owner
20:40:54.113 AVAST engine scan C:\ProgramData
20:41:05.332 Scan finished successfully
20:42:13.066 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
20:42:13.144 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:42 PM

Posted 06 February 2013 - 02:06 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 empire1012

empire1012
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 06 February 2013 - 02:30 AM

Thanks again Gringo. Here is the new ComboFix log:

ComboFix 13-02-03.03 - Owner 02/05/2013 21:20:46.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.2283 [GMT -10:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-01-06 to 2013-02-06 )))))))))))))))))))))))))))))))
.
.
2013-02-06 07:24 . 2013-02-06 07:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-06 07:18 . 2013-02-06 07:18 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31272073-5134-45D0-856E-4F8A3F896D27}\MpKsl0f7dd166.sys
2013-02-06 06:48 . 2013-02-06 06:48 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31272073-5134-45D0-856E-4F8A3F896D27}\offreg.dll
2013-02-06 05:47 . 2013-02-06 05:47 740840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D807C0BC-CBFF-44FD-8722-EF5E17B004FA}\gapaengine.dll
2013-02-06 05:47 . 2013-01-08 06:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31272073-5134-45D0-856E-4F8A3F896D27}\mpengine.dll
2013-02-06 05:41 . 2013-02-06 05:41 -------- d-----w- c:\program files\Microsoft Security Client
2013-02-06 05:35 . 2013-02-06 05:35 -------- d-----w- c:\users\Owner\AppData\Local\Mozilla
2013-02-06 05:34 . 2013-02-06 05:34 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-02-04 06:15 . 2013-02-04 06:15 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2013-02-04 06:10 . 2013-02-06 05:08 -------- d-----w- c:\users\Owner\AppData\Roaming\Ukyb
2013-02-04 06:10 . 2013-02-04 06:10 -------- d-----w- c:\users\Owner\AppData\Roaming\Abkyc
2013-02-02 17:24 . 2013-02-02 17:24 -------- d-----w- C:\FRST
2013-01-31 18:43 . 2013-01-31 18:43 -------- d-----w- c:\users\Owner\AppData\Roaming\{AF916431-111A-45D8-B00F-868835A6D0FE}
2013-01-31 08:19 . 2013-01-31 08:19 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-01-31 08:09 . 2013-01-31 08:09 -------- d-----w- c:\programdata\Local Settings
2013-01-31 08:09 . 2013-01-31 08:09 -------- d-----w- c:\windows\Sun
2013-01-31 03:38 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-01-31 03:38 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-01-28 03:58 . 2013-01-15 12:49 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3E8AF06-AFDA-4188-923B-474387D72B28}\mpengine.dll
2013-01-28 03:52 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-28 03:44 . 2013-01-28 03:44 -------- d-----w- c:\users\Owner\AppData\Local\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 10:53 . 2012-06-22 21:06 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-30 07:59 . 2012-06-22 21:17 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 07:59 . 2012-06-22 21:17 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-01 18:22 . 2013-02-06 05:34 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VMware Tools"="c:\program files\VMware\VMware Tools\VMwareTray.exe" [2011-09-24 186992]
"VMware User Process"="c:\program files\VMware\VMware Tools\VMwareUser.exe" [2011-09-24 1104496]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 vmdebug;VMware Replay Debugging Helper;c:\windows\system32\Drivers\vmdebug.sys [x]
R2 VMTools;VMware Tools Service;c:\program files\VMware\VMware Tools\vmtoolsd.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TPAutoConnSvc;TP AutoConnect Service;c:\program files\VMware\VMware Tools\TPAutoConnSvc.exe [x]
R3 TPVCGateway;TP VC Gateway Service;c:\program files\VMware\VMware Tools\TPVCGateway.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vm3dmp;vm3dmp;c:\windows\system32\DRIVERS\vm3dmp.sys [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [x]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [x]
R3 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 MpKsl0f7dd166;MpKsl0f7dd166;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31272073-5134-45D0-856E-4F8A3F896D27}\MpKsl0f7dd166.sys [x]
S1 vmhgfs;vmhgfs;c:\windows\system32\DRIVERS\vmhgfs.sys [x]
S1 vmrawdsk;VMware Vista Physical Disk Helper;c:\program files\VMware\VMware Tools\vmrawdsk.sys [x]
S2 VMMEMCTL;Memory Control Driver;c:\program files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys [x]
S2 VMUpgradeHelper;VMware Upgrade Helper;c:\program files\VMware\VMware Tools\VMUpgradeHelper.exe [x]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL0F7DD166
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 07:59]
.
.
------- Supplementary Scan -------
.
LSP: c:\program files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll
TCP: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6o6xz1ez.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-84003277.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-05 21:25:51
ComboFix-quarantined-files.txt 2013-02-06 07:25
.
Pre-Run: 24,625,491,968 bytes free
Post-Run: 24,830,554,112 bytes free
.
- - End Of File - - 87324B3AAC955AE2D56A431AD9934F1E

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:42 PM

Posted 06 February 2013 - 02:38 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 empire1012

empire1012
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 06 February 2013 - 03:06 AM

Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Intel® Graphics Media Accelerator Driver
Java Auto Updater
Java™ 7 Update 5
JavaFX 2.1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
VMware Tools
WinRAR 4.20 (32-bit)

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:42 PM

Posted 06 February 2013 - 03:15 AM

Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove


Adobe Reader X (10.1.3)
Java™ 7 Update 5
JavaFX 2.1.1

[/list]


Please download and install Revo Uninstaller Free

  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. default settings are fine
  • Click Run Cleaner.
  • Close CCleaner.

Run Malwarebytes

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 empire1012

empire1012
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 06 February 2013 - 11:40 PM

Done, done, and done

here are the logs:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:37:48 PM, on 2/6/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [VMware Tools] "C:\Program Files\VMware\VMware Tools\VMwareTray.exe"
O4 - HKLM\..\Run: [VMware User Process] "C:\Program Files\VMware\VMware Tools\VMwareUser.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware tools\vsock sdk\bin\win32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware tools\vsock sdk\bin\win32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: TP AutoConnect Service (TPAutoConnSvc) - ThinPrint AG - C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
O23 - Service: TP VC Gateway Service (TPVCGateway) - ThinPrint AG - C:\Program Files\VMware\VMware Tools\TPVCGateway.exe
O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
O23 - Service: VMware Upgrade Helper (VMUpgradeHelper) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe

--
End of file - 3563 bytes



aMalwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.06.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

2/5/2013 10:55:46 PM
mbam-log-2013-02-05 (22-55-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193711
Time elapsed: 2 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)a

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users