Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Re-directed to Google.nl and pop-ups. Was referred here from another topic.


  • This topic is locked This topic is locked
14 replies to this topic

#1 bawe

bawe

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 25 April 2013 - 12:24 AM

Began trying to fix my computer in another topic and they sent me to start a new one here. 

 

Here is a link to my last one:

http://www.bleepingcomputer.com/forums/t/491142/windows-trojan-brings-pop-ups-and-google-nl/

 

Logs:

attach.txt:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 12/26/2012 10:22:05 PM
System Uptime: 4/24/2013 9:41:16 PM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | 8I945GMF
Processor: Intel® Pentium® 4 CPU 3.00GHz | Socket 775 | 2992/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 234 GiB total, 173.306 GiB free.
D: is FIXED (NTFS) - 75 GiB total, 1.26 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: 5613
Device ID: ROOT\LEGACY_5613\0000
Manufacturer:
Name: 5613
PNP Device ID: ROOT\LEGACY_5613\0000
Service: 5613
.
==== System Restore Points ===================
.
RP13: 3/10/2013 7:00:23 PM - Windows Backup
RP14: 3/18/2013 11:22:16 AM - Windows Backup
RP15: 3/24/2013 7:00:19 PM - Windows Backup
RP16: 4/3/2013 9:12:13 PM - Windows Backup
RP17: 4/7/2013 7:00:21 PM - Windows Backup
RP18: 4/14/2013 11:26:21 AM - avast! Free Antivirus Setup
RP19: 4/14/2013 9:47:58 PM - Windows Backup
RP20: 4/14/2013 11:58:42 PM - avast! Free Antivirus Setup
RP21: 4/17/2013 11:20:45 PM - Installed Microsoft Fix it 50195
RP22: 4/17/2013 11:40:46 PM - Installed Microsoft Fix it 50195
RP23: 4/24/2013 9:52:07 PM - Windows Backup
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Belkin USB Wireless Adaptor
ESET Online Scanner v3
Google Chrome
Google Drive
Google Update Helper
Left 4 Dead
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft Age of Empires II
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
Portal
Steam
Team Fortress 2
.
==== Event Viewer Messages From Past Week ========
.
4/24/2013 9:42:35 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
4/24/2013 9:42:35 PM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/24/2013 9:41:39 PM, Error: Service Control Manager [7000]  - The 5613 service failed to start due to the following error:  The system cannot find the file specified.
.
==== End Of File ===========================
 

 

 

dds.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16385
Run by FartDart at 22:01:19 on 2013-04-24
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.3328.2366 [GMT -7:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbengine.exe
C:\Windows\System32\vds.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{22303BE8-F7F8-4E82-9C9F-F9814C565E02} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2494D235-A14E-4AD8-82BC-8738F2F9E234} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\fartdart\appdata\roaming\mozilla\firefox\profiles\cg6xpnio.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-26 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-12-26 682344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-26 21104]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-7-8 603240]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-12-26 1343400]
.
=============== Created Last 30 ================
.
2013-04-15 06:55:50    --------    d-----w-    c:\program files\ESET
2013-04-15 06:04:39    --------    d-----w-    c:\windows\ERUNT
2013-04-15 06:04:18    --------    d-----w-    C:\JRT
2013-04-14 18:26:34    --------    d-----w-    c:\program files\AVAST Software
2013-04-14 18:25:51    --------    d-----w-    c:\programdata\AVAST Software
2013-04-08 16:42:17    --------    d-----w-    c:\users\fartdart\appdata\local\Programs
.
==================== Find3M  ====================
.
2013-04-16 06:05:16    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 06:05:16    691592    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 22:01:55.05 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:55 AM

Posted 25 April 2013 - 12:27 AM


Hello bawe

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 bawe

bawe
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 27 April 2013 - 12:45 AM

Security Check

 

Results of screen317's Security Check version 0.99.63 
Windows 7  x86 (UAC is enabled) 
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled! 
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100 
Adobe Flash Player  11.7.700.169 
Adobe Reader XI 
Mozilla Firefox (20.0.1)
Google Chrome 26.0.1410.43 
Google Chrome 26.0.1410.64 
````````Process Check: objlist.exe by Laurent```````` 
Malwarebytes Anti-Malware mbamservice.exe 
Malwarebytes Anti-Malware mbamgui.exe 
Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````



#4 bawe

bawe
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 27 April 2013 - 12:48 AM

AdwCleaner

 

 

 

# AdwCleaner v2.202 - Logfile created 04/26/2013 at 22:45:56
# Updated 23/04/2013 by Xplode
# Operating system : Windows 7 Ultimate  (32 bits)
# User : FartDart - FARTDART-PC
# Boot Mode : Normal
# Running from : C:\Users\FartDart\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****


***** [Files / Folders] *****

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\FartDart\AppData\Roaming\Mozilla\Firefox\Profiles\cg6xpnio.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\FartDart\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1020 octets] - [14/04/2013 22:55:01]
AdwCleaner[S2].txt - [867 octets] - [26/04/2013 22:45:56]

########## EOF - C:\AdwCleaner[S2].txt - [926 octets] ##########
 



#5 bawe

bawe
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 27 April 2013 - 01:12 AM

Rogue Killer

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : FartDart [Admin rights]
Mode : Remove -- Date : 04/26/2013 22:53:55
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\5613 (C:\Users\FartDart\AppData\Local\Temp\5613.sys) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\5613 (C:\Users\FartDart\AppData\Local\Temp\5613.sys) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[Faked.Drv][FILE] Wdf01000.sys : C:\Windows\system32\drivers\Wdf01000.sys [-] --> CANNOT FIX

¤¤¤ Driver : [LOADED] ¤¤¤
_INLINE_ : NtResumeThread -> HOOKED (Unknown @ 0x000000CC)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Maxtor 7Y250M0 ATA Device +++++
--- User ---
[MBR] 3d92adb9ed37b9302cf6e3afdcc4ea14
[BSP] a4653cdd485aaf02b2c07e589c9c1225 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 239269 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD800JD-00JRA0 ATA Device +++++
--- User ---
[MBR] 0aca33cd8557605cca56b1cd6f7e620f
[BSP] 32845794207557660db4ef328dfb4ebc : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 76317 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_04262013_02d2253.txt >>
RKreport[1]_S_04262013_02d2252.txt ; RKreport[2]_D_04262013_02d2253.txt



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:55 AM

Posted 27 April 2013 - 01:34 AM


Hello bawe

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 bawe

bawe
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 28 April 2013 - 08:20 PM

ComboFix 13-04-28.01 - FartDart 04/28/2013  16:03:10.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.3328.2543 [GMT -7:00]
Running from: c:\users\FartDart\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-28 to 2013-04-28  )))))))))))))))))))))))))))))))
.
.
2013-04-28 23:09 . 2013-04-28 23:09    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-04-27 05:52 . 2013-04-27 05:52    --------    d-----w-    c:\windows\snack
2013-04-15 06:55 . 2013-04-15 06:55    --------    d-----w-    c:\program files\ESET
2013-04-15 06:04 . 2013-04-15 06:04    --------    d-----w-    c:\windows\ERUNT
2013-04-15 06:04 . 2013-04-15 06:04    --------    d-----w-    C:\JRT
2013-04-14 18:27 . 2013-03-06 23:32    228600    ----a-w-    c:\windows\system32\aswBoot.exe
2013-04-14 18:26 . 2013-04-14 18:26    --------    d-----w-    c:\program files\AVAST Software
2013-04-14 18:25 . 2013-04-15 07:14    --------    d-----w-    c:\programdata\AVAST Software
2013-04-08 16:42 . 2013-04-08 16:42    --------    d-----w-    c:\users\FartDart\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-27 05:53 . 2013-04-27 05:52    445008    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys.dump
2013-04-16 06:05 . 2013-01-24 07:43    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 06:05 . 2013-01-24 07:43    691592    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-04-15 06:43 . 2013-04-15 06:43    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-12-27 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-03-07 23:31    576976    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-03-07 23:31    576976    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-03-07 23:31    576976    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-03-07 23:31    576976    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2013-04-19 1631144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 05:58    1642448    ----a-w-    c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-24 06:05]
.
2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-24 07:43]
.
2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-24 07:43]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
FF - ProfilePath - c:\users\FartDart\AppData\Roaming\Mozilla\Firefox\Profiles\cg6xpnio.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-28  16:12:44
ComboFix-quarantined-files.txt  2013-04-28 23:12
.
Pre-Run: 185,145,966,592 bytes free
Post-Run: 186,100,305,920 bytes free
.
- - End Of File - - 1B9F1BBAA678BCCFD51463225ED23C8A
 



no problems.

 

no change in computer.



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:55 AM

Posted 28 April 2013 - 08:57 PM



Hello bawe


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and MBAR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 bawe

bawe
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 28 April 2013 - 09:38 PM

TDS Killer Log

 

19:28:26.0000 2448  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:28:26.0796 2448  ============================================================
19:28:26.0796 2448  Current date / time: 2013/04/28 19:28:26.0796
19:28:26.0796 2448  SystemInfo:
19:28:26.0796 2448 
19:28:26.0796 2448  OS Version: 6.1.7600 ServicePack: 0.0
19:28:26.0796 2448  Product type: Workstation
19:28:26.0796 2448  ComputerName: FARTDART-PC
19:28:26.0796 2448  UserName: FartDart
19:28:26.0796 2448  Windows directory: C:\Windows
19:28:26.0796 2448  System windows directory: C:\Windows
19:28:26.0796 2448  Processor architecture: Intel x86
19:28:26.0796 2448  Number of processors: 2
19:28:26.0796 2448  Page size: 0x1000
19:28:26.0796 2448  Boot type: Normal boot
19:28:26.0796 2448  ============================================================
19:28:30.0921 2448  BG loaded
19:28:31.0531 2448  Drive \Device\Harddisk0\DR0 - Size: 0x3A70B67E00 (233.76 Gb), SectorSize: 0x200, Cylinders: 0x7EA6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
19:28:31.0531 2448  Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:28:31.0546 2448  ============================================================
19:28:31.0546 2448  \Device\Harddisk0\DR0:
19:28:31.0546 2448  MBR partitions:
19:28:31.0546 2448  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0x800, BlocksNum 0x32000
19:28:31.0546 2448  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D352800
19:28:31.0546 2448  \Device\Harddisk1\DR1:
19:28:31.0546 2448  MBR partitions:
19:28:31.0546 2448  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x950E800
19:28:31.0546 2448  ============================================================
19:28:31.0562 2448  C: <-> \Device\Harddisk0\DR0\Partition2
19:28:31.0562 2448  D: <-> \Device\Harddisk1\DR1\Partition1
19:28:31.0578 2448  ============================================================
19:28:31.0578 2448  Initialize success
19:28:31.0578 2448  ============================================================
19:30:14.0345 2188  ============================================================
19:30:14.0345 2188  Scan started
19:30:14.0345 2188  Mode: Manual; SigCheck; TDLFS;
19:30:14.0345 2188  ============================================================
19:30:15.0408 2188  ================ Scan system memory ========================
19:30:15.0408 2188  System memory - ok
19:30:15.0409 2188  ================ Scan services =============================
19:30:15.0557 2188  [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
19:30:15.0734 2188  1394ohci - ok
19:30:15.0779 2188  [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
19:30:15.0817 2188  ACPI - ok
19:30:15.0869 2188  [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
19:30:15.0928 2188  AcpiPmi - ok
19:30:16.0015 2188  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:30:16.0029 2188  AdobeARMservice - ok
19:30:16.0100 2188  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:30:16.0120 2188  AdobeFlashPlayerUpdateSvc - ok
19:30:16.0162 2188  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:30:16.0198 2188  adp94xx - ok
19:30:16.0221 2188  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:30:16.0247 2188  adpahci - ok
19:30:16.0270 2188  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:30:16.0290 2188  adpu320 - ok
19:30:16.0335 2188  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:30:16.0435 2188  AeLookupSvc - ok
19:30:16.0472 2188  [ DDC040FDB01EF1712A6B13E52AFB104C ] AFD             C:\Windows\system32\drivers\afd.sys
19:30:16.0529 2188  AFD - ok
19:30:16.0545 2188  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
19:30:16.0562 2188  agp440 - ok
19:30:16.0585 2188  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
19:30:16.0607 2188  aic78xx - ok
19:30:16.0624 2188  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
19:30:16.0696 2188  ALG - ok
19:30:16.0713 2188  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
19:30:16.0730 2188  aliide - ok
19:30:16.0746 2188  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\DRIVERS\amdagp.sys
19:30:16.0763 2188  amdagp - ok
19:30:16.0773 2188  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
19:30:16.0791 2188  amdide - ok
19:30:16.0813 2188  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:30:16.0833 2188  AmdK8 - ok
19:30:16.0846 2188  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:30:16.0885 2188  AmdPPM - ok
19:30:16.0914 2188  [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
19:30:16.0930 2188  amdsata - ok
19:30:16.0951 2188  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:30:16.0970 2188  amdsbs - ok
19:30:16.0985 2188  [ B81C2B5616F6420A9941EA093A92B150 ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
19:30:17.0000 2188  amdxata - ok
19:30:17.0018 2188  [ FEB834C02CE1E84B6A38F953CA067706 ] AppID           C:\Windows\system32\drivers\appid.sys
19:30:17.0084 2188  AppID - ok
19:30:17.0127 2188  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:30:17.0168 2188  AppIDSvc - ok
19:30:17.0189 2188  [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo         C:\Windows\System32\appinfo.dll
19:30:17.0239 2188  Appinfo - ok
19:30:17.0266 2188  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
19:30:17.0300 2188  AppMgmt - ok
19:30:17.0342 2188  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:30:17.0363 2188  arc - ok
19:30:17.0378 2188  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:30:17.0395 2188  arcsas - ok
19:30:17.0419 2188  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:30:17.0462 2188  AsyncMac - ok
19:30:17.0485 2188  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
19:30:17.0499 2188  atapi - ok
19:30:17.0585 2188  [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:30:17.0643 2188  AudioEndpointBuilder - ok
19:30:17.0683 2188  [ 510C873BFA135AA829F4180352772734 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:30:17.0728 2188  Audiosrv - ok
19:30:17.0796 2188  [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:30:17.0850 2188  AxInstSV - ok
19:30:17.0941 2188  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
19:30:17.0990 2188  b06bdrv - ok
19:30:18.0023 2188  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
19:30:18.0071 2188  b57nd60x - ok
19:30:18.0142 2188  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:30:18.0205 2188  BDESVC - ok
19:30:18.0235 2188  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:30:18.0305 2188  Beep - ok
19:30:18.0407 2188  [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE             C:\Windows\System32\bfe.dll
19:30:18.0458 2188  BFE - ok
19:30:18.0610 2188  [ 53F476476F55A27F580661BDE09C4EC4 ] BITS            C:\Windows\system32\qmgr.dll
19:30:18.0727 2188  BITS - ok
19:30:18.0757 2188  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:30:18.0791 2188  blbdrive - ok
19:30:18.0832 2188  [ FCAFAEF6798D7B51FF029F99A9898961 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:30:18.0880 2188  bowser - ok
19:30:18.0896 2188  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:30:18.0928 2188  BrFiltLo - ok
19:30:18.0944 2188  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:30:18.0977 2188  BrFiltUp - ok
19:30:19.0025 2188  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
19:30:19.0069 2188  BridgeMP - ok
19:30:19.0093 2188  [ 598E1280E7FF3744F4B8329366CC5635 ] Browser         C:\Windows\System32\browser.dll
19:30:19.0127 2188  Browser - ok
19:30:19.0150 2188  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:30:19.0187 2188  Brserid - ok
19:30:19.0201 2188  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:30:19.0236 2188  BrSerWdm - ok
19:30:19.0254 2188  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:30:19.0274 2188  BrUsbMdm - ok
19:30:19.0288 2188  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:30:19.0306 2188  BrUsbSer - ok
19:30:19.0321 2188  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:30:19.0348 2188  BTHMODEM - ok
19:30:19.0379 2188  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
19:30:19.0427 2188  bthserv - ok
19:30:19.0484 2188  catchme - ok
19:30:19.0514 2188  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:30:19.0558 2188  cdfs - ok
19:30:19.0615 2188  [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:30:19.0643 2188  cdrom - ok
19:30:19.0665 2188  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:30:19.0711 2188  CertPropSvc - ok
19:30:19.0727 2188  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:30:19.0749 2188  circlass - ok
19:30:19.0780 2188  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
19:30:19.0800 2188  CLFS - ok
19:30:19.0859 2188  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:30:19.0875 2188  clr_optimization_v2.0.50727_32 - ok
19:30:19.0888 2188  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:30:19.0906 2188  CmBatt - ok
19:30:19.0921 2188  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
19:30:19.0936 2188  cmdide - ok
19:30:19.0964 2188  [ 1B675691ED940766149C93E8F4488D68 ] CNG             C:\Windows\system32\Drivers\cng.sys
19:30:19.0993 2188  CNG - ok
19:30:20.0007 2188  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:30:20.0024 2188  Compbatt - ok
19:30:20.0052 2188  [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:30:20.0072 2188  CompositeBus - ok
19:30:20.0089 2188  COMSysApp - ok
19:30:20.0102 2188  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:30:20.0119 2188  crcdisk - ok
19:30:20.0148 2188  [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:30:20.0182 2188  CryptSvc - ok
19:30:20.0208 2188  [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC             C:\Windows\system32\drivers\csc.sys
19:30:20.0257 2188  CSC - ok
19:30:20.0288 2188  [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService      C:\Windows\System32\cscsvc.dll
19:30:20.0324 2188  CscService - ok
19:30:20.0366 2188  [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:30:20.0416 2188  DcomLaunch - ok
19:30:20.0444 2188  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:30:20.0492 2188  defragsvc - ok
19:30:20.0516 2188  [ 8E09E52EE2E3CEB199EF3DD99CF9E3FB ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:30:20.0565 2188  DfsC - ok
19:30:20.0605 2188  [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:30:20.0650 2188  Dhcp - ok
19:30:20.0680 2188  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
19:30:20.0728 2188  discache - ok
19:30:20.0758 2188  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:30:20.0774 2188  Disk - ok
19:30:20.0795 2188  [ D0722E963D3C6145446874241401B209 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:30:20.0844 2188  Dnscache - ok
19:30:20.0875 2188  [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:30:20.0921 2188  dot3svc - ok
19:30:20.0938 2188  [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS             C:\Windows\system32\dps.dll
19:30:20.0987 2188  DPS - ok
19:30:21.0018 2188  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:30:21.0049 2188  drmkaud - ok
19:30:21.0082 2188  [ 39806CFEDDCC55E686A49BCCD2972F23 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:30:21.0131 2188  DXGKrnl - ok
19:30:21.0162 2188  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
19:30:21.0204 2188  EapHost - ok
19:30:21.0298 2188  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
19:30:21.0427 2188  ebdrv - ok
19:30:21.0463 2188  [ F42309C4191C506B71DB5D1126D26318 ] EFS             C:\Windows\System32\lsass.exe
19:30:21.0483 2188  EFS - ok
19:30:21.0546 2188  [ 3A74A6E33685662B125A3269B1F2114F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:30:21.0610 2188  ehRecvr - ok
19:30:21.0626 2188  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
19:30:21.0665 2188  ehSched - ok
19:30:21.0738 2188  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:30:21.0772 2188  elxstor - ok
19:30:21.0785 2188  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
19:30:21.0813 2188  ErrDev - ok
19:30:21.0863 2188  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
19:30:21.0914 2188  EventSystem - ok
19:30:21.0939 2188  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
19:30:21.0976 2188  exfat - ok
19:30:21.0996 2188  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:30:22.0041 2188  fastfat - ok
19:30:22.0081 2188  [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax             C:\Windows\system32\fxssvc.exe
19:30:22.0130 2188  Fax - ok
19:30:22.0148 2188  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:30:22.0179 2188  fdc - ok
19:30:22.0201 2188  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
19:30:22.0249 2188  fdPHost - ok
19:30:22.0269 2188  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
19:30:22.0301 2188  FDResPub - ok
19:30:22.0314 2188  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:30:22.0330 2188  FileInfo - ok
19:30:22.0348 2188  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:30:22.0381 2188  Filetrace - ok
19:30:22.0396 2188  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:30:22.0426 2188  flpydisk - ok
19:30:22.0458 2188  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:30:22.0479 2188  FltMgr - ok
19:30:22.0517 2188  [ B6512A85815FDC3D560C3705F5BDB93D ] FontCache       C:\Windows\system32\FntCache.dll
19:30:22.0560 2188  FontCache - ok
19:30:22.0602 2188  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:30:22.0615 2188  FontCache3.0.0.0 - ok
19:30:22.0666 2188  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:30:22.0681 2188  FsDepends - ok
19:30:22.0695 2188  [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:30:22.0710 2188  Fs_Rec - ok
19:30:22.0737 2188  [ 5592F5DBA26282D24D2B080EB438A4D7 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:30:22.0758 2188  fvevol - ok
19:30:22.0777 2188  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:30:22.0796 2188  gagp30kx - ok
19:30:22.0833 2188  [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc           C:\Windows\System32\gpsvc.dll
19:30:22.0860 2188  gpsvc - ok
19:30:22.0920 2188  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
19:30:22.0932 2188  gupdate - ok
19:30:22.0939 2188  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
19:30:22.0951 2188  gupdatem - ok
19:30:22.0965 2188  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:30:23.0008 2188  hcw85cir - ok
19:30:23.0042 2188  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:30:23.0074 2188  HdAudAddService - ok
19:30:23.0104 2188  [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:30:23.0125 2188  HDAudBus - ok
19:30:23.0134 2188  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:30:23.0156 2188  HidBatt - ok
19:30:23.0181 2188  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:30:23.0213 2188  HidBth - ok
19:30:23.0237 2188  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:30:23.0256 2188  HidIr - ok
19:30:23.0290 2188  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
19:30:23.0325 2188  hidserv - ok
19:30:23.0347 2188  [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:30:23.0378 2188  HidUsb - ok
19:30:23.0405 2188  [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:30:23.0453 2188  hkmsvc - ok
19:30:23.0475 2188  [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:30:23.0510 2188  HomeGroupListener - ok
19:30:23.0540 2188  [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:30:23.0573 2188  HomeGroupProvider - ok
19:30:23.0598 2188  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
19:30:23.0614 2188  HpSAMD - ok
19:30:23.0692 2188  [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:30:23.0745 2188  HTTP - ok
19:30:23.0768 2188  [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:30:23.0785 2188  hwpolicy - ok
19:30:23.0818 2188  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:30:23.0863 2188  i8042prt - ok
19:30:23.0884 2188  [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
19:30:23.0913 2188  iaStorV - ok
19:30:23.0981 2188  [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:30:24.0058 2188  idsvc - ok
19:30:24.0078 2188  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:30:24.0094 2188  iirsp - ok
19:30:24.0141 2188  [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT          C:\Windows\System32\ikeext.dll
19:30:24.0207 2188  IKEEXT - ok
19:30:24.0232 2188  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
19:30:24.0252 2188  intelide - ok
19:30:24.0362 2188  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:30:24.0402 2188  intelppm - ok
19:30:24.0433 2188  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:30:24.0482 2188  IPBusEnum - ok
19:30:24.0497 2188  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:30:24.0544 2188  IpFilterDriver - ok
19:30:24.0576 2188  [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:30:24.0642 2188  iphlpsvc - ok
19:30:24.0669 2188  [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:30:24.0691 2188  IPMIDRV - ok
19:30:24.0717 2188  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:30:24.0762 2188  IPNAT - ok
19:30:24.0788 2188  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:30:24.0809 2188  IRENUM - ok
19:30:24.0826 2188  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
19:30:24.0842 2188  isapnp - ok
19:30:24.0863 2188  [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
19:30:24.0885 2188  iScsiPrt - ok
19:30:24.0916 2188  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:30:24.0931 2188  kbdclass - ok
19:30:24.0959 2188  [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:30:24.0995 2188  kbdhid - ok
19:30:25.0013 2188  [ F42309C4191C506B71DB5D1126D26318 ] KeyIso          C:\Windows\system32\lsass.exe
19:30:25.0034 2188  KeyIso - ok
19:30:25.0051 2188  [ E36A061EC11B373826905B21BE10948F ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:30:25.0070 2188  KSecDD - ok
19:30:25.0085 2188  [ 26C046977E85B95036453D7B88BA1820 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:30:25.0104 2188  KSecPkg - ok
19:30:25.0141 2188  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:30:25.0184 2188  KtmRm - ok
19:30:25.0221 2188  [ BCA92CB047A4326925ECEF759DBAA233 ] LanmanServer    C:\Windows\System32\srvsvc.dll
19:30:25.0258 2188  LanmanServer - ok
19:30:25.0290 2188  [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:30:25.0326 2188  LanmanWorkstation - ok
19:30:25.0366 2188  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:30:25.0413 2188  lltdio - ok
19:30:25.0452 2188  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:30:25.0490 2188  lltdsvc - ok
19:30:25.0507 2188  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:30:25.0557 2188  lmhosts - ok
19:30:25.0579 2188  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:30:25.0597 2188  LSI_FC - ok
19:30:25.0617 2188  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:30:25.0654 2188  LSI_SAS - ok
19:30:25.0685 2188  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:30:25.0710 2188  LSI_SAS2 - ok
19:30:25.0741 2188  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:30:25.0768 2188  LSI_SCSI - ok
19:30:25.0789 2188  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
19:30:25.0838 2188  luafv - ok
19:30:25.0900 2188  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
19:30:25.0946 2188  MBAMProtector - ok
19:30:26.0004 2188  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:30:26.0019 2188  MBAMScheduler - ok
19:30:26.0044 2188  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:30:26.0065 2188  MBAMService - ok
19:30:26.0093 2188  [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:30:26.0115 2188  Mcx2Svc - ok
19:30:26.0128 2188  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:30:26.0145 2188  megasas - ok
19:30:26.0174 2188  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:30:26.0198 2188  MegaSR - ok
19:30:26.0250 2188  Microsoft SharePoint Workspace Audit Service - ok
19:30:26.0273 2188  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
19:30:26.0309 2188  MMCSS - ok
19:30:26.0326 2188  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
19:30:26.0371 2188  Modem - ok
19:30:26.0389 2188  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:30:26.0417 2188  monitor - ok
19:30:26.0449 2188  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:30:26.0464 2188  mouclass - ok
19:30:26.0476 2188  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:30:26.0510 2188  mouhid - ok
19:30:26.0530 2188  [ 921C18727C5920D6C0300736646931C2 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:30:26.0546 2188  mountmgr - ok
19:30:26.0593 2188  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:30:26.0608 2188  MozillaMaintenance - ok
19:30:26.0626 2188  [ 2AF5997438C55FB79D33D015C30E1974 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
19:30:26.0653 2188  mpio - ok
19:30:26.0674 2188  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:30:26.0720 2188  mpsdrv - ok
19:30:26.0760 2188  [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:30:26.0802 2188  MpsSvc - ok
19:30:26.0821 2188  [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:30:26.0844 2188  MRxDAV - ok
19:30:26.0872 2188  [ F4A054BE78AF7F410129C4B64B07DC9B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:30:26.0914 2188  mrxsmb - ok
19:30:26.0940 2188  [ DEFFA295BD1895C6ED8E3078412AC60B ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:30:26.0985 2188  mrxsmb10 - ok
19:30:27.0010 2188  [ 24D76ABE5DCAD22F19D105F76FDF0CE1 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:30:27.0044 2188  mrxsmb20 - ok
19:30:27.0059 2188  [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
19:30:27.0075 2188  msahci - ok
19:30:27.0093 2188  [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
19:30:27.0113 2188  msdsm - ok
19:30:27.0132 2188  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
19:30:27.0167 2188  MSDTC - ok
19:30:27.0192 2188  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:30:27.0224 2188  Msfs - ok
19:30:27.0241 2188  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:30:27.0286 2188  mshidkmdf - ok
19:30:27.0303 2188  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
19:30:27.0318 2188  msisadrv - ok
19:30:27.0349 2188  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:30:27.0385 2188  MSiSCSI - ok
19:30:27.0392 2188  msiserver - ok
19:30:27.0421 2188  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:30:27.0463 2188  MSKSSRV - ok
19:30:27.0486 2188  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:30:27.0533 2188  MSPCLOCK - ok
19:30:27.0547 2188  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:30:27.0581 2188  MSPQM - ok
19:30:27.0599 2188  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:30:27.0617 2188  MsRPC - ok
19:30:27.0658 2188  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:30:27.0672 2188  mssmbios - ok
19:30:27.0680 2188  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:30:27.0717 2188  MSTEE - ok
19:30:27.0728 2188  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:30:27.0758 2188  MTConfig - ok
19:30:27.0781 2188  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:30:27.0795 2188  Mup - ok
19:30:27.0832 2188  [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent        C:\Windows\system32\qagentRT.dll
19:30:27.0879 2188  napagent - ok
19:30:27.0918 2188  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:30:27.0953 2188  NativeWifiP - ok
19:30:27.0990 2188  [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:30:28.0036 2188  NDIS - ok
19:30:28.0051 2188  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:30:28.0084 2188  NdisCap - ok
19:30:28.0111 2188  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:30:28.0158 2188  NdisTapi - ok
19:30:28.0174 2188  [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:30:28.0208 2188  Ndisuio - ok
19:30:28.0229 2188  [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:30:28.0292 2188  NdisWan - ok
19:30:28.0320 2188  [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:30:28.0374 2188  NDProxy - ok
19:30:28.0399 2188  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:30:28.0432 2188  NetBIOS - ok
19:30:28.0452 2188  [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:30:28.0486 2188  NetBT - ok
19:30:28.0504 2188  [ F42309C4191C506B71DB5D1126D26318 ] Netlogon        C:\Windows\system32\lsass.exe
19:30:28.0523 2188  Netlogon - ok
19:30:28.0560 2188  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
19:30:28.0612 2188  Netman - ok
19:30:28.0669 2188  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
19:30:28.0716 2188  netprofm - ok
19:30:28.0750 2188  [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:30:28.0764 2188  NetTcpPortSharing - ok
19:30:28.0791 2188  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:30:28.0806 2188  nfrd960 - ok
19:30:28.0829 2188  [ 2226496E34BD40734946A054B1CD657F ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:30:28.0873 2188  NlaSvc - ok
19:30:28.0893 2188  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:30:28.0927 2188  Npfs - ok
19:30:28.0950 2188  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
19:30:28.0984 2188  nsi - ok
19:30:28.0994 2188  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:30:29.0040 2188  nsiproxy - ok
19:30:29.0091 2188  [ 3795DCD21F740EE799FB7223234215AF ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:30:29.0151 2188  Ntfs - ok
19:30:29.0171 2188  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
19:30:29.0204 2188  Null - ok
19:30:29.0457 2188  [ B0881DDA5A8160422561FFAB7F0008B1 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:30:29.0602 2188  nvlddmkm - ok
19:30:29.0659 2188  [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
19:30:29.0676 2188  nvraid - ok
19:30:29.0702 2188  [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
19:30:29.0720 2188  nvstor - ok
19:30:29.0740 2188  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
19:30:29.0759 2188  nv_agp - ok
19:30:29.0780 2188  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
19:30:29.0799 2188  ohci1394 - ok
19:30:29.0855 2188  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:30:29.0871 2188  ose - ok
19:30:30.0027 2188  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:30:30.0206 2188  osppsvc - ok
19:30:30.0260 2188  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:30:30.0295 2188  p2pimsvc - ok
19:30:30.0326 2188  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:30:30.0353 2188  p2psvc - ok
19:30:30.0387 2188  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:30:30.0406 2188  Parport - ok
19:30:30.0419 2188  [ FF4218952B51DE44FE910953A3E686B9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:30:30.0436 2188  partmgr - ok
19:30:30.0451 2188  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
19:30:30.0467 2188  Parvdm - ok
19:30:30.0489 2188  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:30:30.0514 2188  PcaSvc - ok
19:30:30.0532 2188  [ C858CB77C577780ECC456A892E7E7D0F ] pci             C:\Windows\system32\DRIVERS\pci.sys
19:30:30.0549 2188  pci - ok
19:30:30.0577 2188  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
19:30:30.0595 2188  pciide - ok
19:30:30.0618 2188  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:30:30.0637 2188  pcmcia - ok
19:30:30.0650 2188  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
19:30:30.0665 2188  pcw - ok
19:30:30.0711 2188  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:30:30.0760 2188  PEAUTH - ok
19:30:30.0809 2188  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
19:30:30.0882 2188  PeerDistSvc - ok
19:30:30.0951 2188  [ 9C1BFF7910C89A1D12E57343475840CB ] pla             C:\Windows\system32\pla.dll
19:30:31.0037 2188  pla - ok
19:30:31.0080 2188  [ 2CC2008F1296968FBA162ED9F9AFE328 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:30:31.0124 2188  PlugPlay - ok
19:30:31.0145 2188  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:30:31.0165 2188  PNRPAutoReg - ok
19:30:31.0185 2188  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:30:31.0206 2188  PNRPsvc - ok
19:30:31.0241 2188  [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:30:31.0293 2188  PolicyAgent - ok
19:30:31.0325 2188  [ DBFF83F709A91049621C1D35DD45C92C ] Power           C:\Windows\system32\umpo.dll
19:30:31.0361 2188  Power - ok
19:30:31.0397 2188  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:30:31.0440 2188  PptpMiniport - ok
19:30:31.0461 2188  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:30:31.0490 2188  Processor - ok
19:30:31.0524 2188  [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc         C:\Windows\system32\profsvc.dll
19:30:31.0560 2188  ProfSvc - ok
19:30:31.0580 2188  [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:30:31.0597 2188  ProtectedStorage - ok
19:30:31.0618 2188  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:30:31.0653 2188  Psched - ok
19:30:31.0704 2188  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:30:31.0765 2188  ql2300 - ok
19:30:31.0783 2188  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:30:31.0799 2188  ql40xx - ok
19:30:31.0830 2188  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
19:30:31.0864 2188  QWAVE - ok
19:30:31.0883 2188  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:30:31.0904 2188  QWAVEdrv - ok
19:30:31.0918 2188  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:30:31.0963 2188  RasAcd - ok
19:30:31.0997 2188  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:30:32.0046 2188  RasAgileVpn - ok
19:30:32.0064 2188  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
19:30:32.0103 2188  RasAuto - ok
19:30:32.0120 2188  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:30:32.0168 2188  Rasl2tp - ok
19:30:32.0204 2188  [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan          C:\Windows\System32\rasmans.dll
19:30:32.0257 2188  RasMan - ok
19:30:32.0280 2188  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:30:32.0324 2188  RasPppoe - ok
19:30:32.0353 2188  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:30:32.0386 2188  RasSstp - ok
19:30:32.0400 2188  [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:30:32.0458 2188  rdbss - ok
19:30:32.0477 2188  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:30:32.0523 2188  rdpbus - ok
19:30:32.0550 2188  [ 1E016846895B15A99F9A176A05029075 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:30:32.0605 2188  RDPCDD - ok
19:30:32.0662 2188  [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:30:32.0709 2188  RDPDR - ok
19:30:32.0740 2188  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:30:32.0799 2188  RDPENCDD - ok
19:30:32.0825 2188  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:30:32.0892 2188  RDPREFMP - ok
19:30:32.0922 2188  [ 801371BA9782282892D00AADB08EE367 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:30:32.0980 2188  RDPWD - ok
19:30:33.0014 2188  [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:30:33.0044 2188  rdyboost - ok
19:30:33.0082 2188  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:30:33.0145 2188  RemoteAccess - ok
19:30:33.0177 2188  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:30:33.0236 2188  RemoteRegistry - ok
19:30:33.0262 2188  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:30:33.0337 2188  RpcEptMapper - ok
19:30:33.0359 2188  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
19:30:33.0394 2188  RpcLocator - ok
19:30:33.0424 2188  [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs           C:\Windows\system32\rpcss.dll
19:30:33.0486 2188  RpcSs - ok
19:30:33.0529 2188  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:30:33.0591 2188  rspndr - ok
19:30:33.0694 2188  [ 030129520D4C75CBA170E0F0C6040C68 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
19:30:33.0730 2188  RTL8192su - ok
19:30:33.0760 2188  [ 5423D8437051E89DD34749F242C98648 ] s3cap           C:\Windows\system32\DRIVERS\vms3cap.sys
19:30:33.0793 2188  s3cap - ok
19:30:33.0821 2188  [ F42309C4191C506B71DB5D1126D26318 ] SamSs           C:\Windows\system32\lsass.exe
19:30:33.0846 2188  SamSs - ok
19:30:33.0886 2188  [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
19:30:33.0910 2188  sbp2port - ok
19:30:33.0942 2188  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:30:34.0017 2188  SCardSvr - ok
19:30:34.0061 2188  [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:30:34.0235 2188  scfilter - ok
19:30:34.0319 2188  [ 3E8B0C453E25613A1F59762A5C42AA75 ] Schedule        C:\Windows\system32\schedsvc.dll
19:30:34.0412 2188  Schedule - ok
19:30:34.0439 2188  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:30:34.0493 2188  SCPolicySvc - ok
19:30:34.0522 2188  [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:30:34.0582 2188  SDRSVC - ok
19:30:34.0624 2188  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:30:34.0718 2188  secdrv - ok
19:30:34.0750 2188  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
19:30:34.0826 2188  seclogon - ok
19:30:34.0872 2188  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
19:30:34.0925 2188  SENS - ok
19:30:35.0001 2188  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:30:35.0075 2188  SensrSvc - ok
19:30:35.0135 2188  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:30:35.0168 2188  Serenum - ok
19:30:35.0208 2188  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:30:35.0243 2188  Serial - ok
19:30:35.0260 2188  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:30:35.0296 2188  sermouse - ok
19:30:35.0350 2188  [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv      C:\Windows\system32\sessenv.dll
19:30:35.0431 2188  SessionEnv - ok
19:30:35.0458 2188  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
19:30:35.0497 2188  sffdisk - ok
19:30:35.0510 2188  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:30:35.0545 2188  sffp_mmc - ok
19:30:35.0561 2188  [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
19:30:35.0597 2188  sffp_sd - ok
19:30:35.0611 2188  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:30:35.0639 2188  sfloppy - ok
19:30:35.0712 2188  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:30:35.0748 2188  SharedAccess - ok
19:30:35.0783 2188  [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:30:35.0823 2188  ShellHWDetection - ok
19:30:35.0852 2188  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\DRIVERS\sisagp.sys
19:30:35.0868 2188  sisagp - ok
19:30:35.0890 2188  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:30:35.0907 2188  SiSRaid2 - ok
19:30:35.0944 2188  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:30:35.0960 2188  SiSRaid4 - ok
19:30:35.0990 2188  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:30:36.0038 2188  Smb - ok
19:30:36.0063 2188  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:30:36.0083 2188  SNMPTRAP - ok
19:30:36.0102 2188  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:30:36.0118 2188  spldr - ok
19:30:36.0147 2188  [ 49B6DD6AB3715B7A67965F17194E98A9 ] Spooler         C:\Windows\System32\spoolsv.exe
19:30:36.0170 2188  Spooler - ok
19:30:36.0263 2188  [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc          C:\Windows\system32\sppsvc.exe
19:30:36.0383 2188  sppsvc - ok
19:30:36.0407 2188  [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:30:36.0443 2188  sppuinotify - ok
19:30:36.0469 2188  [ 2BA4EBC7DFBA845A1EDBE1F75913BE33 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:30:36.0504 2188  srv - ok
19:30:36.0523 2188  [ DCE7E10FEAABD4CAE95948B3DE5340BB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:30:36.0564 2188  srv2 - ok
19:30:36.0583 2188  [ B5665BAA2120B8A54E22E9CD07C05106 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:30:36.0616 2188  srvnet - ok
19:30:36.0666 2188  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:30:36.0702 2188  SSDPSRV - ok
19:30:36.0722 2188  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:30:36.0757 2188  SstpSvc - ok
19:30:36.0785 2188  Steam Client Service - ok
19:30:36.0807 2188  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:30:36.0828 2188  stexstor - ok
19:30:36.0874 2188  [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc          C:\Windows\System32\wiaservc.dll
19:30:36.0912 2188  StiSvc - ok
19:30:36.0937 2188  [ 957E346CA948668F2496A6CCF6FF82CC ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
19:30:36.0953 2188  storflt - ok
19:30:36.0966 2188  [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc         C:\Windows\system32\DRIVERS\storvsc.sys
19:30:36.0981 2188  storvsc - ok
19:30:36.0995 2188  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:30:37.0008 2188  swenum - ok
19:30:37.0044 2188  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
19:30:37.0097 2188  swprv - ok
19:30:37.0147 2188  [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain         C:\Windows\system32\sysmain.dll
19:30:37.0193 2188  SysMain - ok
19:30:37.0212 2188  [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:30:37.0238 2188  TabletInputService - ok
19:30:37.0258 2188  [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:30:37.0295 2188  TapiSrv - ok
19:30:37.0309 2188  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
19:30:37.0345 2188  TBS - ok
19:30:37.0392 2188  [ 2CC3D75488ABD3EC628BBB9A4FC84EFC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:30:37.0452 2188  Tcpip - ok
19:30:37.0500 2188  [ 2CC3D75488ABD3EC628BBB9A4FC84EFC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:30:37.0535 2188  TCPIP6 - ok
19:30:37.0561 2188  [ E64444523ADD154F86567C469BC0B17F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:30:37.0604 2188  tcpipreg - ok
19:30:37.0628 2188  [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:30:37.0671 2188  TDPIPE - ok
19:30:37.0688 2188  [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:30:37.0726 2188  TDTCP - ok
19:30:37.0743 2188  [ CB39E896A2A83702D1737BFD402B3542 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:30:37.0783 2188  tdx - ok
19:30:37.0792 2188  [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:30:37.0809 2188  TermDD - ok
19:30:37.0846 2188  [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService     C:\Windows\System32\termsrv.dll
19:30:37.0907 2188  TermService - ok
19:30:37.0925 2188  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
19:30:37.0948 2188  Themes - ok
19:30:37.0964 2188  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
19:30:37.0999 2188  THREADORDER - ok
19:30:38.0037 2188  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
19:30:38.0084 2188  TrkWks - ok
19:30:38.0130 2188  [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:30:38.0151 2188  TrustedInstaller - ok
19:30:38.0170 2188  [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:30:38.0205 2188  tssecsrv - ok
19:30:38.0234 2188  [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:30:38.0268 2188  tunnel - ok
19:30:38.0307 2188  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:30:38.0326 2188  uagp35 - ok
19:30:38.0348 2188  [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:30:38.0385 2188  udfs - ok
19:30:38.0411 2188  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:30:38.0442 2188  UI0Detect - ok
19:30:38.0470 2188  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
19:30:38.0486 2188  uliagpkx - ok
19:30:38.0507 2188  [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:30:38.0525 2188  umbus - ok
19:30:38.0549 2188  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:30:38.0582 2188  UmPass - ok
19:30:38.0616 2188  [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService    C:\Windows\System32\umrdp.dll
19:30:38.0652 2188  UmRdpService - ok
19:30:38.0680 2188  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
19:30:38.0720 2188  upnphost - ok
19:30:38.0731 2188  [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:30:38.0751 2188  usbccgp - ok
19:30:38.0779 2188  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
19:30:38.0812 2188  usbcir - ok
19:30:38.0833 2188  [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:30:38.0859 2188  usbehci - ok
19:30:38.0883 2188  [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:30:38.0903 2188  usbhub - ok
19:30:38.0916 2188  [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
19:30:38.0935 2188  usbohci - ok
19:30:38.0950 2188  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:30:38.0969 2188  usbprint - ok
19:30:38.0990 2188  [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:30:39.0009 2188  USBSTOR - ok
19:30:39.0027 2188  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:30:39.0059 2188  usbuhci - ok
19:30:39.0076 2188  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
19:30:39.0126 2188  UxSms - ok
19:30:39.0146 2188  [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc        C:\Windows\system32\lsass.exe
19:30:39.0164 2188  VaultSvc - ok
19:30:39.0181 2188  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
19:30:39.0197 2188  vdrvroot - ok
19:30:39.0221 2188  [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds             C:\Windows\System32\vds.exe
19:30:39.0270 2188  vds - ok
19:30:39.0295 2188  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:30:39.0332 2188  vga - ok
19:30:39.0349 2188  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:30:39.0380 2188  VgaSave - ok
19:30:39.0405 2188  [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
19:30:39.0425 2188  vhdmp - ok
19:30:39.0455 2188  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\DRIVERS\viaagp.sys
19:30:39.0470 2188  viaagp - ok
19:30:39.0484 2188  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
19:30:39.0515 2188  ViaC7 - ok
19:30:39.0535 2188  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
19:30:39.0549 2188  viaide - ok
19:30:39.0574 2188  [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus           C:\Windows\system32\DRIVERS\vmbus.sys
19:30:39.0594 2188  vmbus - ok
19:30:39.0610 2188  [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
19:30:39.0627 2188  VMBusHID - ok
19:30:39.0666 2188  [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
19:30:39.0681 2188  volmgr - ok
19:30:39.0713 2188  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:30:39.0735 2188  volmgrx - ok
19:30:39.0751 2188  [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
19:30:39.0772 2188  volsnap - ok
19:30:39.0797 2188  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:30:39.0815 2188  vsmraid - ok
19:30:39.0874 2188  [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS             C:\Windows\system32\vssvc.exe
19:30:39.0929 2188  VSS - ok
19:30:39.0950 2188  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:30:39.0981 2188  vwifibus - ok
19:30:40.0003 2188  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:30:40.0041 2188  vwififlt - ok
19:30:40.0065 2188  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
19:30:40.0109 2188  W32Time - ok
19:30:40.0127 2188  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:30:40.0145 2188  WacomPen - ok
19:30:40.0166 2188  [ 692A712062146E96D28BA0B7D75DE31B ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:30:40.0201 2188  WANARP - ok
19:30:40.0208 2188  [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:30:40.0245 2188  Wanarpv6 - ok
19:30:40.0312 2188  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:30:40.0375 2188  WatAdminSvc - ok
19:30:40.0421 2188  [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine        C:\Windows\system32\wbengine.exe
19:30:40.0488 2188  wbengine - ok
19:30:40.0506 2188  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:30:40.0533 2188  WbioSrvc - ok
19:30:40.0551 2188  [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:30:40.0589 2188  wcncsvc - ok
19:30:40.0614 2188  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:30:40.0670 2188  WcsPlugInService - ok
19:30:40.0696 2188  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:30:40.0710 2188  Wd - ok
19:30:40.0737 2188  [ 77D80469DD64DFDDF3F2B881C68DCBE1 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:30:40.0753 2188  Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: 77D80469DD64DFDDF3F2B881C68DCBE1, Fake md5: 9950E3D0F08141C7E89E64456AE7DC73
19:30:40.0755 2188  Wdf01000 ( Virus.Win32.Rloader.a ) - infected
19:30:40.0755 2188  Wdf01000 - detected Virus.Win32.Rloader.a (0)
19:30:40.0770 2188  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:30:40.0805 2188  WdiServiceHost - ok
19:30:40.0813 2188  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:30:40.0842 2188  WdiSystemHost - ok
19:30:40.0871 2188  [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient       C:\Windows\System32\webclnt.dll
19:30:40.0899 2188  WebClient - ok
19:30:40.0918 2188  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:30:40.0962 2188  Wecsvc - ok
19:30:40.0979 2188  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:30:41.0026 2188  wercplsupport - ok
19:30:41.0053 2188  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:30:41.0094 2188  WerSvc - ok
19:30:41.0116 2188  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:30:41.0155 2188  WfpLwf - ok
19:30:41.0181 2188  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:30:41.0198 2188  WIMMount - ok
19:30:41.0262 2188  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
19:30:41.0291 2188  WinDefend - ok
19:30:41.0303 2188  WinHttpAutoProxySvc - ok
19:30:41.0357 2188  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:30:41.0392 2188  Winmgmt - ok
19:30:41.0454 2188  [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:30:41.0537 2188  WinRM - ok
19:30:41.0583 2188  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:30:41.0633 2188  Wlansvc - ok
19:30:41.0668 2188  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:30:41.0717 2188  WmiAcpi - ok
19:30:41.0744 2188  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:30:41.0776 2188  wmiApSrv - ok
19:30:41.0852 2188  [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
19:30:41.0909 2188  WMPNetworkSvc - ok
19:30:41.0939 2188  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:30:41.0987 2188  WPCSvc - ok
19:30:42.0001 2188  [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:30:42.0022 2188  WPDBusEnum - ok
19:30:42.0039 2188  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:30:42.0086 2188  ws2ifsl - ok
19:30:42.0113 2188  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
19:30:42.0147 2188  wscsvc - ok
19:30:42.0157 2188  WSearch - ok
19:30:42.0246 2188  [ A33408CC036F9C08142B11BE5E93F0A1 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:30:42.0310 2188  wuauserv - ok
19:30:42.0333 2188  [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:30:42.0378 2188  WudfPf - ok
19:30:42.0407 2188  [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:30:42.0453 2188  wudfsvc - ok
19:30:42.0477 2188  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:30:42.0514 2188  WwanSvc - ok
19:30:42.0566 2188  [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7         C:\Windows\system32\DRIVERS\yk62x86.sys
19:30:42.0587 2188  yukonw7 - ok
19:30:42.0601 2188  ================ Scan global ===============================
19:30:42.0622 2188  [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
19:30:42.0683 2188  [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
19:30:42.0694 2188  [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
19:30:42.0726 2188  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:30:42.0743 2188  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:30:42.0748 2188  [Global] - ok
19:30:42.0749 2188  ================ Scan MBR ==================================
19:30:42.0762 2188  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:30:42.0904 2188  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:30:42.0904 2188  \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:30:42.0910 2188  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
19:30:42.0964 2188  \Device\Harddisk1\DR1 - ok
19:30:42.0964 2188  ================ Scan VBR ==================================
19:30:42.0987 2188  [ A1A1CC4BA4AE1C51FC0245E9B1587FFB ] \Device\Harddisk0\DR0\Partition1
19:30:42.0987 2188  \Device\Harddisk0\DR0\Partition1 - ok
19:30:42.0996 2188  [ 47064B42E1883694B196479B1FE42F00 ] \Device\Harddisk0\DR0\Partition2
19:30:42.0999 2188  \Device\Harddisk0\DR0\Partition2 - ok
19:30:43.0003 2188  [ 6E0D43550A1C3033A4D06203BA5E18C9 ] \Device\Harddisk1\DR1\Partition1
19:30:43.0006 2188  \Device\Harddisk1\DR1\Partition1 - ok
19:30:43.0009 2188  ================ Scan active images ========================
19:30:43.0013 2188  [ B7EFEF22FF426EC4158A177CB3B558D3 ] C:\Windows\System32\drivers\crashdmp.sys
19:30:43.0013 2188  C:\Windows\System32\drivers\crashdmp.sys - ok
19:30:43.0021 2188  [ 338C86357871C167A96AB976519BF59E ] C:\Windows\System32\drivers\atapi.sys
19:30:43.0021 2188  C:\Windows\System32\drivers\atapi.sys - ok
19:30:43.0031 2188  [ 5428227D4730EBDFC842E9FB593F8C8A ] C:\Windows\System32\drivers\Dumpata.sys
19:30:43.0031 2188  C:\Windows\System32\drivers\Dumpata.sys - ok
19:30:43.0040 2188  [ 62A63EF2F3053B461CB327E4D69AAA74 ] C:\Windows\System32\drivers\dumpfve.sys
19:30:43.0040 2188  C:\Windows\System32\drivers\dumpfve.sys - ok
19:30:43.0048 2188  [ BA6E70AA0E6091BC39DE29477D866A77 ] C:\Windows\System32\drivers\cdrom.sys
19:30:43.0048 2188  C:\Windows\System32\drivers\cdrom.sys - ok
19:30:43.0059 2188  [ F9756A98D69098DCA8945D62858A812C ] C:\Windows\System32\drivers\null.sys
19:30:43.0059 2188  C:\Windows\System32\drivers\null.sys - ok
19:30:43.0068 2188  [ 505506526A9D467307B3C393DEDAF858 ] C:\Windows\System32\drivers\beep.sys
19:30:43.0068 2188  C:\Windows\System32\drivers\beep.sys - ok
19:30:43.0078 2188  [ 1E016846895B15A99F9A176A05029075 ] C:\Windows\System32\drivers\RDPCDD.sys
19:30:43.0078 2188  C:\Windows\System32\drivers\RDPCDD.sys - ok
19:30:43.0086 2188  [ 5A53CA1598DD4156D44196D200C94B8A ] C:\Windows\System32\drivers\RDPENCDD.sys
19:30:43.0086 2188  C:\Windows\System32\drivers\RDPENCDD.sys - ok
19:30:43.0097 2188  [ 8E38096AD5C8570A6F1570A61E251561 ] C:\Windows\System32\drivers\vga.sys
19:30:43.0097 2188  C:\Windows\System32\drivers\vga.sys - ok
19:30:43.0107 2188  [ 15C126D1B55814B9E5CAB10A9C1F4C67 ] C:\Windows\System32\drivers\videoprt.sys
19:30:43.0107 2188  C:\Windows\System32\drivers\videoprt.sys - ok
19:30:43.0114 2188  [ CB45A417C8EF7BA6BAC67EDCDDED8700 ] C:\Windows\System32\drivers\watchdog.sys
19:30:43.0114 2188  C:\Windows\System32\drivers\watchdog.sys - ok
19:30:43.0123 2188  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] C:\Windows\System32\drivers\msfs.sys
19:30:43.0123 2188  C:\Windows\System32\drivers\msfs.sys - ok
19:30:43.0132 2188  [ 1DB262A9F8C087E8153D89BEF3D2235F ] C:\Windows\System32\drivers\npfs.sys
19:30:43.0132 2188  C:\Windows\System32\drivers\npfs.sys - ok
19:30:43.0142 2188  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] C:\Windows\System32\drivers\RDPREFMP.sys
19:30:43.0142 2188  C:\Windows\System32\drivers\RDPREFMP.sys - ok
19:30:43.0150 2188  [ 52639C994FE3CD975BFE7428B939B320 ] C:\Windows\System32\drivers\tdi.sys
19:30:43.0150 2188  C:\Windows\System32\drivers\tdi.sys - ok
19:30:43.0160 2188  [ CB39E896A2A83702D1737BFD402B3542 ] C:\Windows\System32\drivers\tdx.sys
19:30:43.0160 2188  C:\Windows\System32\drivers\tdx.sys - ok
19:30:43.0168 2188  [ DDC040FDB01EF1712A6B13E52AFB104C ] C:\Windows\System32\drivers\afd.sys
19:30:43.0168 2188  C:\Windows\System32\drivers\afd.sys - ok
19:30:43.0177 2188  [ DD52A733BF4CA5AF84562A5E2F963B91 ] C:\Windows\System32\drivers\netbt.sys
19:30:43.0178 2188  C:\Windows\System32\drivers\netbt.sys - ok
19:30:43.0187 2188  [ 6DB3276587B853BF886B69528FDB048C ] C:\Windows\System32\drivers\ws2ifsl.sys
19:30:43.0187 2188  C:\Windows\System32\drivers\ws2ifsl.sys - ok
19:30:43.0197 2188  [ 6270CCAE2A86DE6D146529FE55B3246A ] C:\Windows\System32\drivers\pacer.sys
19:30:43.0197 2188  C:\Windows\System32\drivers\pacer.sys - ok
19:30:43.0207 2188  [ 8B9A943F3B53861F2BFAF6C186168F79 ] C:\Windows\System32\drivers\wfplwf.sys
19:30:43.0207 2188  C:\Windows\System32\drivers\wfplwf.sys - ok
19:30:43.0218 2188  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] C:\Windows\System32\drivers\netbios.sys
19:30:43.0218 2188  C:\Windows\System32\drivers\netbios.sys - ok
19:30:43.0230 2188  [ 7090D3436EEB4E7DA3373090A23448F7 ] C:\Windows\System32\drivers\vwififlt.sys
19:30:43.0230 2188  C:\Windows\System32\drivers\vwififlt.sys - ok
19:30:43.0239 2188  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] C:\Windows\System32\drivers\serial.sys
19:30:43.0239 2188  C:\Windows\System32\drivers\serial.sys - ok
19:30:43.0249 2188  [ 692A712062146E96D28BA0B7D75DE31B ] C:\Windows\System32\drivers\wanarp.sys
19:30:43.0249 2188  C:\Windows\System32\drivers\wanarp.sys - ok
19:30:43.0260 2188  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] C:\Windows\System32\drivers\nsiproxy.sys
19:30:43.0260 2188  C:\Windows\System32\drivers\nsiproxy.sys - ok
19:30:43.0268 2188  [ 835D7E81BF517A3B72384BDCC85E1CE6 ] C:\Windows\System32\drivers\rdbss.sys
19:30:43.0268 2188  C:\Windows\System32\drivers\rdbss.sys - ok
19:30:43.0279 2188  [ C36F41EE20E6999DBF4B0425963268A5 ] C:\Windows\System32\drivers\termdd.sys
19:30:43.0279 2188  C:\Windows\System32\drivers\termdd.sys - ok
19:30:43.0289 2188  [ 1A050B0274BFB3890703D490F330C0DA ] C:\Windows\System32\drivers\discache.sys
19:30:43.0289 2188  C:\Windows\System32\drivers\discache.sys - ok
19:30:43.0297 2188  [ FC6B9FF600CC585EA38B12589BD4E246 ] C:\Windows\System32\drivers\mssmbios.sys
19:30:43.0297 2188  C:\Windows\System32\drivers\mssmbios.sys - ok
19:30:43.0307 2188  [ 27C9490BDD0AE48911AB8CF1932591ED ] C:\Windows\System32\drivers\csc.sys
19:30:43.0307 2188  C:\Windows\System32\drivers\csc.sys - ok
19:30:43.0317 2188  [ 8E09E52EE2E3CEB199EF3DD99CF9E3FB ] C:\Windows\System32\drivers\dfsc.sys
19:30:43.0317 2188  C:\Windows\System32\drivers\dfsc.sys - ok
19:30:43.0326 2188  [ 2287078ED48FCFC477B05B20CF38F36F ] C:\Windows\System32\drivers\blbdrive.sys
19:30:43.0326 2188  C:\Windows\System32\drivers\blbdrive.sys - ok
19:30:43.0335 2188  [ 3E461D890A97F9D4C168F5FDA36E1D00 ] C:\Windows\System32\drivers\tunnel.sys
19:30:43.0335 2188  C:\Windows\System32\drivers\tunnel.sys - ok
19:30:43.0345 2188  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] C:\Windows\System32\drivers\intelppm.sys
19:30:43.0346 2188  C:\Windows\System32\drivers\intelppm.sys - ok
19:30:43.0354 2188  [ F87212E64DE6DACDD55610B847DC2A60 ] C:\Windows\System32\ntdll.dll
19:30:43.0354 2188  C:\Windows\System32\ntdll.dll - ok
19:30:43.0366 2188  [ 16742790895960690237A5143CEDEC8B ] C:\Windows\System32\smss.exe
19:30:43.0366 2188  C:\Windows\System32\smss.exe - ok
19:30:43.0375 2188  [ 41E4C8EBA464E7D6A5BA5E8827732AEB ] C:\Windows\System32\autochk.exe
19:30:43.0376 2188  C:\Windows\System32\autochk.exe - ok
19:30:43.0385 2188  [ B0881DDA5A8160422561FFAB7F0008B1 ] C:\Windows\System32\drivers\nvlddmkm.sys
19:30:43.0386 2188  C:\Windows\System32\drivers\nvlddmkm.sys - ok
19:30:43.0397 2188  [ 39806CFEDDCC55E686A49BCCD2972F23 ] C:\Windows\System32\drivers\dxgkrnl.sys
19:30:43.0397 2188  C:\Windows\System32\drivers\dxgkrnl.sys - ok
19:30:43.0414 2188  [ F9BA894F72F78A5B74EECD97394F97E0 ] C:\Windows\System32\drivers\dxgmms1.sys
19:30:43.0414 2188  C:\Windows\System32\drivers\dxgmms1.sys - ok
19:30:43.0422 2188  [ 717A2207FD6F13AD3E664C7D5A43C7BF ] C:\Windows\System32\drivers\hdaudbus.sys
19:30:43.0422 2188  C:\Windows\System32\drivers\hdaudbus.sys - ok
19:30:43.0433 2188  [ B07C5B7EFDF936FF93D4F540938725BE ] C:\Windows\System32\drivers\yk62x86.sys
19:30:43.0433 2188  C:\Windows\System32\drivers\yk62x86.sys - ok
19:30:43.0445 2188  [ F6D1C957C5BF4F274AAD1DA7059916E4 ] C:\Windows\System32\drivers\usbport.sys
19:30:43.0445 2188  C:\Windows\System32\drivers\usbport.sys - ok
19:30:43.0453 2188  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] C:\Windows\System32\drivers\usbuhci.sys
19:30:43.0453 2188  C:\Windows\System32\drivers\usbuhci.sys - ok
19:30:43.0463 2188  [ 6D2ACA41739BFE8CB86EE8E85F29697D ] C:\Windows\System32\drivers\1394ohci.sys
19:30:43.0463 2188  C:\Windows\System32\drivers\1394ohci.sys - ok
19:30:43.0472 2188  [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] C:\Windows\System32\drivers\usbehci.sys
19:30:43.0472 2188  C:\Windows\System32\drivers\usbehci.sys - ok
19:30:43.0482 2188  [ E817A017F82DF2A1F8CFDBDA29388B29 ] C:\Windows\System32\drivers\fdc.sys
19:30:43.0482 2188  C:\Windows\System32\drivers\fdc.sys - ok
19:30:43.0494 2188  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] C:\Windows\System32\drivers\serenum.sys
19:30:43.0494 2188  C:\Windows\System32\drivers\serenum.sys - ok
19:30:43.0502 2188  [ 57EC4AEF73660166074D8F7F31C0D4FD ] C:\Windows\System32\drivers\agilevpn.sys
19:30:43.0502 2188  C:\Windows\System32\drivers\agilevpn.sys - ok
19:30:43.0512 2188  [ F1724BA27E97D627F808FB0BA77A28A6 ] C:\Windows\System32\drivers\CompositeBus.sys
19:30:43.0512 2188  C:\Windows\System32\drivers\CompositeBus.sys - ok
19:30:43.0522 2188  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] C:\Windows\System32\drivers\parport.sys
19:30:43.0522 2188  C:\Windows\System32\drivers\parport.sys - ok
19:30:43.0539 2188  [ D9F91EAFEC2815365CBE6D167E4E332A ] C:\Windows\System32\drivers\rasl2tp.sys
19:30:43.0540 2188  C:\Windows\System32\drivers\rasl2tp.sys - ok
19:30:43.0545 2188  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] C:\Windows\System32\drivers\ndistapi.sys
19:30:43.0545 2188  C:\Windows\System32\drivers\ndistapi.sys - ok
19:30:43.0555 2188  [ 267C415EADCBE53C9CA873DEE39CF3A4 ] C:\Windows\System32\drivers\ndiswan.sys
19:30:43.0555 2188  C:\Windows\System32\drivers\ndiswan.sys - ok
19:30:43.0566 2188  [ 0FE8B15916307A6AC12BFB6A63E45507 ] C:\Windows\System32\drivers\raspppoe.sys
19:30:43.0566 2188  C:\Windows\System32\drivers\raspppoe.sys - ok
19:30:43.0575 2188  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] C:\Windows\System32\drivers\raspptp.sys
19:30:43.0575 2188  C:\Windows\System32\drivers\raspptp.sys - ok
19:30:43.0584 2188  [ 44101F495A83EA6401D886E7FD70096B ] C:\Windows\System32\drivers\rassstp.sys
19:30:43.0584 2188  C:\Windows\System32\drivers\rassstp.sys - ok
19:30:43.0593 2188  [ ADEF52CA1AEAE82B50DF86B56413107E ] C:\Windows\System32\drivers\kbdclass.sys
19:30:43.0593 2188  C:\Windows\System32\drivers\kbdclass.sys - ok
19:30:43.0603 2188  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] C:\Windows\System32\drivers\rdpbus.sys
19:30:43.0603 2188  C:\Windows\System32\drivers\rdpbus.sys - ok
19:30:43.0614 2188  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] C:\Windows\System32\drivers\mouclass.sys
19:30:43.0614 2188  C:\Windows\System32\drivers\mouclass.sys - ok
19:30:43.0621 2188  [ F762EDD3ACCA095F5AF4D719F3B8AE3D ] C:\Windows\System32\drivers\ks.sys
19:30:43.0621 2188  C:\Windows\System32\drivers\ks.sys - ok
19:30:43.0632 2188  [ E58C78A848ADD9610A4DB6D214AF5224 ] C:\Windows\System32\drivers\swenum.sys
19:30:43.0632 2188  C:\Windows\System32\drivers\swenum.sys - ok
19:30:43.0642 2188  [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] C:\Windows\System32\drivers\umbus.sys
19:30:43.0643 2188  C:\Windows\System32\drivers\umbus.sys - ok
19:30:43.0655 2188  [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] C:\Windows\System32\drivers\usbhub.sys
19:30:43.0655 2188  C:\Windows\System32\drivers\usbhub.sys - ok
19:30:43.0666 2188  [ 87907AA70CB3C56600F1C2FB8841579B ] C:\Windows\System32\drivers\flpydisk.sys
19:30:43.0667 2188  C:\Windows\System32\drivers\flpydisk.sys - ok
19:30:43.0677 2188  [ AF7E7C63DCEF3F8772726F86039D6EB4 ] C:\Windows\System32\drivers\ndproxy.sys
19:30:43.0677 2188  C:\Windows\System32\drivers\ndproxy.sys - ok
19:30:43.0686 2188  [ 27F9288AF019E6DACA281EDE51FF5928 ] C:\Windows\System32\drivers\drmk.sys
19:30:43.0687 2188  C:\Windows\System32\drivers\drmk.sys - ok
19:30:43.0698 2188  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] C:\Windows\System32\drivers\HdAudio.sys
19:30:43.0698 2188  C:\Windows\System32\drivers\HdAudio.sys - ok
19:30:43.0710 2188  [ D72708C9F49500C13D7D067E169B7715 ] C:\Windows\System32\drivers\portcls.sys
19:30:43.0710 2188  C:\Windows\System32\drivers\portcls.sys - ok
19:30:43.0718 2188  [ 6C26122F1931D4D7810240F32DDCE890 ] C:\Windows\System32\drivers\hidparse.sys
19:30:43.0718 2188  C:\Windows\System32\drivers\hidparse.sys - ok
19:30:43.0728 2188  [ B682E1CC0FDC7AC04B71D1FA9A07EF21 ] C:\Windows\System32\drivers\hidclass.sys
19:30:43.0728 2188  C:\Windows\System32\drivers\hidclass.sys - ok
19:30:43.0737 2188  [ 18E71EA0E063037A5C3C8272A5262B7C ] C:\Windows\System32\drivers\usbd.sys
19:30:43.0737 2188  C:\Windows\System32\drivers\usbd.sys - ok
19:30:43.0748 2188  [ 25072FB35AC90B25F9E4E3BACF774102 ] C:\Windows\System32\drivers\hidusb.sys
19:30:43.0748 2188  C:\Windows\System32\drivers\hidusb.sys - ok
19:30:43.0758 2188  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] C:\Windows\System32\drivers\mouhid.sys
19:30:43.0758 2188  C:\Windows\System32\drivers\mouhid.sys - ok
19:30:43.0768 2188  [ 030129520D4C75CBA170E0F0C6040C68 ] C:\Windows\System32\drivers\RTL8192su.sys
19:30:43.0768 2188  C:\Windows\System32\drivers\RTL8192su.sys - ok
19:30:43.0778 2188  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] C:\Windows\System32\drivers\vwifibus.sys
19:30:43.0778 2188  C:\Windows\System32\drivers\vwifibus.sys - ok
19:30:43.0788 2188  [ 4605F7EE9805F7E1C98D6C959DD2949C ] C:\Windows\System32\kernel32.dll
19:30:43.0788 2188  C:\Windows\System32\kernel32.dll - ok
19:30:43.0797 2188  [ 225F6F663B94ACAF4307055FBB42E55F ] C:\Windows\System32\gdi32.dll
19:30:43.0797 2188  C:\Windows\System32\gdi32.dll - ok
19:30:43.0805 2188  [ 7BD7F45FF37FA0669CD32CA0EF46E22C ] C:\Windows\System32\user32.dll
19:30:43.0805 2188  C:\Windows\System32\user32.dll - ok
19:30:43.0815 2188  [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\System32\normaliz.dll
19:30:43.0815 2188  C:\Windows\System32\normaliz.dll - ok
19:30:43.0825 2188  [ 0BA19F3198C40AC4E8CC66EE02EDA6C6 ] C:\Windows\System32\usp10.dll
19:30:43.0826 2188  C:\Windows\System32\usp10.dll - ok
19:30:43.0833 2188  [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\System32\psapi.dll
19:30:43.0833 2188  C:\Windows\System32\psapi.dll - ok
19:30:43.0843 2188  [ F037DB14CF6165C62F4A64D12A25B07C ] C:\Windows\System32\shlwapi.dll
19:30:43.0843 2188  C:\Windows\System32\shlwapi.dll - ok
19:30:43.0853 2188  [ 4AF9FD44342A024B867E1950EE46FCB8 ] C:\Windows\System32\urlmon.dll
19:30:43.0853 2188  C:\Windows\System32\urlmon.dll - ok
19:30:43.0862 2188  [ 13D1F490AF6C7649F51BA29F9CCBB778 ] C:\Windows\System32\iertutil.dll
19:30:43.0862 2188  C:\Windows\System32\iertutil.dll - ok
19:30:43.0871 2188  [ BFA70A99AD1434263F2DFBBA103BDEF8 ] C:\Windows\System32\Wldap32.dll
19:30:43.0871 2188  C:\Windows\System32\Wldap32.dll - ok
19:30:43.0884 2188  [ FF5688D309347F2720911D8796912834 ] C:\Windows\System32\clbcatq.dll
19:30:43.0884 2188  C:\Windows\System32\clbcatq.dll - ok
19:30:43.0892 2188  [ 5DF8132ADF721329234403189FC94E16 ] C:\Windows\System32\imm32.dll
19:30:43.0893 2188  C:\Windows\System32\imm32.dll - ok
19:30:43.0903 2188  [ 4F154D2C9C6DF951FD6E5AABBAE6B5EE ] C:\Windows\System32\lpk.dll
19:30:43.0903 2188  C:\Windows\System32\lpk.dll - ok
19:30:43.0911 2188  [ 070C5B9D3006602A07757179D9B56F5D ] C:\Windows\System32\difxapi.dll
19:30:43.0911 2188  C:\Windows\System32\difxapi.dll - ok
19:30:43.0918 2188  [ 41323AB614A2B66AD77B1121D24AC895 ] C:\Windows\System32\setupapi.dll
19:30:43.0919 2188  C:\Windows\System32\setupapi.dll - ok
19:30:43.0929 2188  [ DAAE8A9B8C0ACC7F858454132553C30D ] C:\Windows\System32\ws2_32.dll
19:30:43.0929 2188  C:\Windows\System32\ws2_32.dll - ok
19:30:43.0938 2188  [ FADBB267FE9846233ED486DE6EEAAEB9 ] C:\Windows\System32\oleaut32.dll
19:30:43.0938 2188  C:\Windows\System32\oleaut32.dll - ok
19:30:43.0949 2188  [ 518C6116079414E7074E726925D07A41 ] C:\Windows\System32\shell32.dll
19:30:43.0949 2188  C:\Windows\System32\shell32.dll - ok
19:30:43.0958 2188  [ A223CF703E28CBD7E9E7982141FA403C ] C:\Windows\System32\comdlg32.dll
19:30:43.0958 2188  C:\Windows\System32\comdlg32.dll - ok
19:30:43.0970 2188  [ 0C65FA8214D6F8378D1D3BA1CA46AF0A ] C:\Windows\System32\advapi32.dll
19:30:43.0970 2188  C:\Windows\System32\advapi32.dll - ok
19:30:43.0980 2188  [ 4ACB903AD1693858A918907358CBD9E4 ] C:\Windows\System32\ole32.dll
19:30:43.0981 2188  C:\Windows\System32\ole32.dll - ok
19:30:43.0989 2188  [ 0D874F3BC751CC2198AF2E6783FB8B35 ] C:\Windows\System32\wininet.dll
19:30:43.0989 2188  C:\Windows\System32\wininet.dll - ok
19:30:43.0999 2188  [ E46D48A7FE961401F1CBF85531CDF05D ] C:\Windows\System32\msvcrt.dll
19:30:43.0999 2188  C:\Windows\System32\msvcrt.dll - ok
19:30:44.0007 2188  [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\System32\msctf.dll
19:30:44.0007 2188  C:\Windows\System32\msctf.dll - ok
19:30:44.0017 2188  [ 61DA1DD85F7A9A8F8DEA8771931FAAF6 ] C:\Windows\System32\imagehlp.dll
19:30:44.0017 2188  C:\Windows\System32\imagehlp.dll - ok
19:30:44.0027 2188  [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\System32\sechost.dll
19:30:44.0028 2188  C:\Windows\System32\sechost.dll - ok
19:30:44.0036 2188  [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\System32\nsi.dll
19:30:44.0036 2188  C:\Windows\System32\nsi.dll - ok
19:30:44.0046 2188  [ 416D1DC8224A64B8C59DF79096EE6D1D ] C:\Windows\System32\rpcrt4.dll
19:30:44.0046 2188  C:\Windows\System32\rpcrt4.dll - ok
19:30:44.0055 2188  [ 15B94E4AC75C9295275BDC9A1D7054C3 ] C:\Windows\System32\cfgmgr32.dll
19:30:44.0055 2188  C:\Windows\System32\cfgmgr32.dll - ok
19:30:44.0064 2188  [ CC4ED8BEA78B0DCA6F217E014C3291A7 ] C:\Windows\System32\devobj.dll
19:30:44.0064 2188  C:\Windows\System32\devobj.dll - ok
19:30:44.0078 2188  [ 27CBC636ABCE09CDB5227A872BE7A79C ] C:\Windows\System32\wintrust.dll
19:30:44.0078 2188  C:\Windows\System32\wintrust.dll - ok
19:30:44.0085 2188  [ E6B5DE86ABF68D7D67E451C29287B5C5 ] C:\Windows\System32\crypt32.dll
19:30:44.0085 2188  C:\Windows\System32\crypt32.dll - ok
19:30:44.0094 2188  [ B62AA1BB1F63839051441D2C6DD7B775 ] C:\Windows\System32\comctl32.dll
19:30:44.0095 2188  C:\Windows\System32\comctl32.dll - ok
19:30:44.0108 2188  [ B03C89367C03C19A742482DC78904DD0 ] C:\Windows\System32\KernelBase.dll
19:30:44.0109 2188  C:\Windows\System32\KernelBase.dll - ok
19:30:44.0118 2188  [ F5777C29E38E4BF12C6F93A0B2F1B2D7 ] C:\Windows\System32\msasn1.dll
19:30:44.0118 2188  C:\Windows\System32\msasn1.dll - ok
19:30:44.0126 2188  [ 5FCD3320AAE71506B43F9E12E4E72172 ] C:\Windows\System32\drivers\dxapi.sys
19:30:44.0126 2188  C:\Windows\System32\drivers\dxapi.sys - ok
19:30:44.0132 2188  [ 34999766FBCAB11BA5C4D26CE0378903 ] C:\Windows\System32\win32k.sys
19:30:44.0132 2188  C:\Windows\System32\win32k.sys - ok
19:30:44.0142 2188  [ 10DE24CCCD418C31107813682EB73542 ] C:\Windows\System32\csrsrv.dll
19:30:44.0142 2188  C:\Windows\System32\csrsrv.dll - ok
19:30:44.0150 2188  [ 342271F6142E7C70805B8A81E1BA5F5C ] C:\Windows\System32\csrss.exe
19:30:44.0150 2188  C:\Windows\System32\csrss.exe - ok
19:30:44.0159 2188  [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\System32\basesrv.dll
19:30:44.0159 2188  C:\Windows\System32\basesrv.dll - ok
19:30:44.0167 2188  [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\System32\winsrv.dll
19:30:44.0167 2188  C:\Windows\System32\winsrv.dll - ok
19:30:44.0176 2188  [ 79D10964DE86B292320E9DFE02282A23 ] C:\Windows\System32\drivers\monitor.sys
19:30:44.0176 2188  C:\Windows\System32\drivers\monitor.sys - ok
19:30:44.0186 2188  [ 7C76B61A5E1EF5D1FA554CF134100F18 ] C:\Windows\System32\tsddd.dll
19:30:44.0186 2188  C:\Windows\System32\tsddd.dll - ok
19:30:44.0195 2188  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\System32\sxssrv.dll
19:30:44.0195 2188  C:\Windows\System32\sxssrv.dll - ok
19:30:44.0203 2188  [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\System32\profapi.dll
19:30:44.0203 2188  C:\Windows\System32\profapi.dll - ok
19:30:44.0212 2188  [ B5C5DCAD3899512020D135600129D665 ] C:\Windows\System32\wininit.exe
19:30:44.0212 2188  C:\Windows\System32\wininit.exe - ok
19:30:44.0223 2188  [ 6C0BD9D59C7E97DEE2FB3407D17BF697 ] C:\Windows\System32\RpcRtRemote.dll
19:30:44.0223 2188  C:\Windows\System32\RpcRtRemote.dll - ok
19:30:44.0231 2188  [ B4A73F01055635AE9E65F85712663D3B ] C:\Windows\System32\KBDUS.DLL
19:30:44.0231 2188  C:\Windows\System32\KBDUS.DLL - ok
19:30:44.0242 2188  [ 8455C4ED038EFD09E99327F9D2D48FFA ] C:\Windows\System32\drivers\usbccgp.sys
19:30:44.0242 2188  C:\Windows\System32\drivers\usbccgp.sys - ok
19:30:44.0250 2188  [ 633C2C060CF857099F6C4F8D75C952B1 ] C:\Windows\System32\WlS0WndH.dll
19:30:44.0250 2188  C:\Windows\System32\WlS0WndH.dll - ok
19:30:44.0258 2188  [ ACCBA604D34842844133A731F8045B32 ] C:\Windows\System32\sxs.dll
19:30:44.0258 2188  C:\Windows\System32\sxs.dll - ok
19:30:44.0266 2188  [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\System32\cryptbase.dll
19:30:44.0266 2188  C:\Windows\System32\cryptbase.dll - ok
19:30:44.0276 2188  [ 56FEFE9BB63CC6386CA1B8E49E5C5B7B ] C:\Windows\System32\cdd.dll
19:30:44.0276 2188  C:\Windows\System32\cdd.dll - ok
19:30:44.0285 2188  [ 3D9F0EBF350EDCFD6498057301455964 ] C:\Windows\System32\drivers\kbdhid.sys
19:30:44.0285 2188  C:\Windows\System32\drivers\kbdhid.sys - ok
19:30:44.0294 2188  [ C02E3CE20E7776C922B5C8938350B5F1 ] C:\Windows\System32\apphelp.dll
19:30:44.0294 2188  C:\Windows\System32\apphelp.dll - ok
19:30:44.0310 2188  [ 398DC10274C0CB861338CFC56E727C9F ] C:\Windows\System32\lsm.exe
19:30:44.0310 2188  C:\Windows\System32\lsm.exe - ok
19:30:44.0315 2188  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\System32\services.exe
19:30:44.0315 2188  C:\Windows\System32\services.exe - ok
19:30:44.0326 2188  [ F42309C4191C506B71DB5D1126D26318 ] C:\Windows\System32\lsass.exe
19:30:44.0326 2188  C:\Windows\System32\lsass.exe - ok
19:30:44.0333 2188  [ 3369D021265E369D57317D61FA86DD79 ] C:\Windows\System32\scext.dll
19:30:44.0333 2188  C:\Windows\System32\scext.dll - ok
19:30:44.0342 2188  [ 033CA30E335588E243C42D715BF48DDF ] C:\Windows\System32\secur32.dll
19:30:44.0342 2188  C:\Windows\System32\secur32.dll - ok
19:30:44.0354 2188  [ 3450BB5465D61E8876FD3006F772DEA9 ] C:\Windows\System32\sspicli.dll
19:30:44.0354 2188  C:\Windows\System32\sspicli.dll - ok
19:30:44.0360 2188  [ 1C9CDBDF895A556E66AEBFD93A36B536 ] C:\Windows\System32\scesrv.dll
19:30:44.0360 2188  C:\Windows\System32\scesrv.dll - ok
19:30:44.0369 2188  [ BA51FFE170C5B3AE8EC4F5BD2581A29E ] C:\Windows\System32\sysntfy.dll
19:30:44.0369 2188  C:\Windows\System32\sysntfy.dll - ok
19:30:44.0378 2188  [ D412B1B72C5AB020218E9A047D90CA05 ] C:\Windows\System32\wmsgapi.dll
19:30:44.0378 2188  C:\Windows\System32\wmsgapi.dll - ok
19:30:44.0383 2188  [ 89D840773C9C4358A5031DCC860449EC ] C:\Windows\System32\srvcli.dll
19:30:44.0384 2188  C:\Windows\System32\srvcli.dll - ok
19:30:44.0393 2188  [ 4BC5B6D0B7BA1B92C9610A7EB1BAD8AB ] C:\Windows\System32\lsasrv.dll
19:30:44.0393 2188  C:\Windows\System32\lsasrv.dll - ok
19:30:44.0402 2188  [ 54C5EB1FD11027FB23BC4F79146CE159 ] C:\Windows\System32\sspisrv.dll
19:30:44.0402 2188  C:\Windows\System32\sspisrv.dll - ok
19:30:44.0411 2188  [ 1180159EE45AD1B110F6E482F244899E ] C:\Windows\System32\bridgeres.dll
19:30:44.0411 2188  C:\Windows\System32\bridgeres.dll - ok
19:30:44.0422 2188  [ 8EC6A4AB12B8F3759E21F8E3A388F2CF ] C:\Windows\System32\winlogon.exe
19:30:44.0422 2188  C:\Windows\System32\winlogon.exe - ok
19:30:44.0429 2188  [ 4BEF53964DC519550EE030253FC1E25E ] C:\Windows\System32\samsrv.dll
19:30:44.0429 2188  C:\Windows\System32\samsrv.dll - ok
19:30:44.0436 2188  [ 1128637CAD49A8E3C8B5FA5D0A061525 ] C:\Windows\System32\cryptdll.dll
19:30:44.0437 2188  C:\Windows\System32\cryptdll.dll - ok
19:30:44.0446 2188  [ 82C089EA2A3EEFADF3588EA71E8BDADA ] C:\Windows\System32\wevtapi.dll
19:30:44.0446 2188  C:\Windows\System32\wevtapi.dll - ok
19:30:44.0458 2188  [ FB4EB9352B7D698E6B3C2AA2ED724DAD ] C:\Windows\System32\authz.dll
19:30:44.0458 2188  C:\Windows\System32\authz.dll - ok
19:30:44.0466 2188  [ 50BA656134F78AF64E4DD3C8B6FEFD7E ] C:\Windows\System32\cngaudit.dll
19:30:44.0466 2188  C:\Windows\System32\cngaudit.dll - ok
19:30:44.0472 2188  [ C20FF1A17726C357461A7AC5B3BFC3AD ] C:\Windows\System32\ncrypt.dll
19:30:44.0472 2188  C:\Windows\System32\ncrypt.dll - ok
19:30:44.0481 2188  [ FC7650224790CAE75A5E9231961FDEC5 ] C:\Windows\System32\bcrypt.dll
19:30:44.0481 2188  C:\Windows\System32\bcrypt.dll - ok
19:30:44.0493 2188  [ AE5FF948400A51B040F999BF04290373 ] C:\Windows\System32\winsta.dll
19:30:44.0493 2188  C:\Windows\System32\winsta.dll - ok
19:30:44.0501 2188  [ C90878913DF3DC504790282043DB5F4C ] C:\Windows\System32\msprivs.dll
19:30:44.0501 2188  C:\Windows\System32\msprivs.dll - ok
19:30:44.0511 2188  [ C1AE600C554A0EBC6CD211541FA6815F ] C:\Windows\System32\netjoin.dll
19:30:44.0511 2188  C:\Windows\System32\netjoin.dll - ok
19:30:44.0519 2188  [ 718B8DD9C887576E078EC2F84315F864 ] C:\Windows\System32\kerberos.dll
19:30:44.0519 2188  C:\Windows\System32\kerberos.dll - ok
19:30:44.0529 2188  [ 6DCFAEC6D1334AA6CDF8961DB4633CBF ] C:\Windows\System32\negoexts.dll
19:30:44.0529 2188  C:\Windows\System32\negoexts.dll - ok
19:30:44.0538 2188  [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\System32\cryptsp.dll
19:30:44.0538 2188  C:\Windows\System32\cryptsp.dll - ok
19:30:44.0546 2188  [ 11A41F17527ED75D6B758FDD7F4FD00D ] C:\Windows\System32\mswsock.dll
19:30:44.0546 2188  C:\Windows\System32\mswsock.dll - ok
19:30:44.0558 2188  [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\System32\wship6.dll
19:30:44.0558 2188  C:\Windows\System32\wship6.dll - ok
19:30:44.0565 2188  [ F40388A19F3BE3CEC25656CE07392877 ] C:\Windows\System32\msv1_0.dll
19:30:44.0565 2188  C:\Windows\System32\msv1_0.dll - ok
19:30:44.0573 2188  [ EAA75D9000B71F10EEC04D2AE6C60E81 ] C:\Windows\System32\netlogon.dll
19:30:44.0573 2188  C:\Windows\System32\netlogon.dll - ok
19:30:44.0583 2188  [ 6D5A49D6479EB753C7879F73A4C35E0F ] C:\Windows\System32\dnsapi.dll
19:30:44.0583 2188  C:\Windows\System32\dnsapi.dll - ok
19:30:44.0591 2188  [ D8ECA7A87AAA3AE308B5277411666622 ] C:\Windows\System32\logoncli.dll
19:30:44.0591 2188  C:\Windows\System32\logoncli.dll - ok
19:30:44.0605 2188  [ 0A53FD4EBBD92002CCC362A9B8087885 ] C:\Windows\System32\schannel.dll
19:30:44.0605 2188  C:\Windows\System32\schannel.dll - ok
19:30:44.0612 2188  [ 0450CF487ECD8A67B56F59F9A96D024D ] C:\Windows\System32\wdigest.dll
19:30:44.0613 2188  C:\Windows\System32\wdigest.dll - ok
19:30:44.0622 2188  [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\System32\rsaenh.dll
19:30:44.0622 2188  C:\Windows\System32\rsaenh.dll - ok
19:30:44.0630 2188  [ 37CC990D4E2CDFAE12AC47F6B620FC13 ] C:\Windows\System32\pku2u.dll
19:30:44.0631 2188  C:\Windows\System32\pku2u.dll - ok
19:30:44.0636 2188  [ A739793F1A4F04B66E2444E90AE9E694 ] C:\Windows\System32\TSpkg.dll
19:30:44.0636 2188  C:\Windows\System32\TSpkg.dll - ok
19:30:44.0645 2188  [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\System32\bcryptprimitives.dll
19:30:44.0645 2188  C:\Windows\System32\bcryptprimitives.dll - ok
19:30:44.0654 2188  [ BF591B5C2CC38314518467E883AE37C5 ] C:\Windows\System32\credssp.dll
19:30:44.0654 2188  C:\Windows\System32\credssp.dll - ok
19:30:44.0664 2188  [ 91F434FF6606ED9BDC6A05D651B69553 ] C:\Windows\System32\efslsaext.dll
19:30:44.0664 2188  C:\Windows\System32\efslsaext.dll - ok
19:30:44.0671 2188  [ 26073302DAEA83CC5B944C546D6B47D2 ] C:\Windows\System32\scecli.dll
19:30:44.0671 2188  C:\Windows\System32\scecli.dll - ok
19:30:44.0683 2188  [ 7222995615BF93B628DCEA4BD6CCACF7 ] C:\Windows\System32\ubpm.dll
19:30:44.0683 2188  C:\Windows\System32\ubpm.dll - ok
19:30:44.0690 2188  [ 54A47F6B5E09A77E61649109C6A08866 ] C:\Windows\System32\svchost.exe
19:30:44.0690 2188  C:\Windows\System32\svchost.exe - ok
19:30:44.0701 2188  [ 4BDBBE5E4208022DD794F7EEEB0F7366 ] C:\Windows\System32\SPInf.dll
19:30:44.0701 2188  C:\Windows\System32\SPInf.dll - ok
19:30:44.0709 2188  [ 2CC2008F1296968FBA162ED9F9AFE328 ] C:\Windows\System32\umpnpmgr.dll
19:30:44.0709 2188  C:\Windows\System32\umpnpmgr.dll - ok
19:30:44.0718 2188  [ FD07F21E0A19C27ED4E1EEC2B07452B3 ] C:\Windows\System32\devrtl.dll
19:30:44.0719 2188  C:\Windows\System32\devrtl.dll - ok
19:30:44.0728 2188  [ 9C0DC1DAAD14D443DD5A0D1EE78D775E ] C:\Windows\System32\userenv.dll
19:30:44.0728 2188  C:\Windows\System32\userenv.dll - ok
19:30:44.0736 2188  [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\System32\gpapi.dll
19:30:44.0736 2188  C:\Windows\System32\gpapi.dll - ok
19:30:44.0747 2188  [ DBFF83F709A91049621C1D35DD45C92C ] C:\Windows\System32\umpo.dll
19:30:44.0747 2188  C:\Windows\System32\umpo.dll - ok
19:30:44.0752 2188  [ 5893EBDCE371174AC89ECD7731DD6D77 ] C:\Windows\System32\pcwum.dll
19:30:44.0752 2188  C:\Windows\System32\pcwum.dll - ok
19:30:44.0762 2188  [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\System32\powrprof.dll
19:30:44.0762 2188  C:\Windows\System32\powrprof.dll - ok
19:30:44.0771 2188  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] C:\Windows\System32\drivers\luafv.sys
19:30:44.0771 2188  C:\Windows\System32\drivers\luafv.sys - ok
19:30:44.0780 2188  [ 629CABB0421668C9D3D402A3C3D77E14 ] C:\Windows\System32\drivers\mbam.sys
19:30:44.0780 2188  C:\Windows\System32\drivers\mbam.sys - ok
19:30:44.0791 2188  [ B82CD39E336973359D7C9BF911E8E84F ] C:\Windows\System32\rpcss.dll
19:30:44.0791 2188  C:\Windows\System32\rpcss.dll - ok
19:30:44.0797 2188  [ 78D072F35BC45D9E4E1B61895C152234 ] C:\Windows\System32\RpcEpMap.dll
19:30:44.0798 2188  C:\Windows\System32\RpcEpMap.dll - ok
19:30:44.0807 2188  [ 81F08948A0F1475894C99D4D19A158A8 ] C:\Windows\System32\wshqos.dll
19:30:44.0807 2188  C:\Windows\System32\wshqos.dll - ok
19:30:44.0815 2188  [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\System32\WSHTCPIP.DLL
19:30:44.0816 2188  C:\Windows\System32\WSHTCPIP.DLL - ok
19:30:44.0824 2188  [ 3F50200237961034FACE602373838980 ] C:\Windows\System32\FirewallAPI.dll
19:30:44.0824 2188  C:\Windows\System32\FirewallAPI.dll - ok
19:30:44.0833 2188  [ 702254574E7E52052DE39408457B7149 ] C:\Windows\System32\version.dll
19:30:44.0833 2188  C:\Windows\System32\version.dll - ok
19:30:44.0842 2188  [ 1B97EBF7F60798814C4E5C8FDC79EAD2 ] C:\Windows\System32\LogonUI.exe
19:30:44.0842 2188  C:\Windows\System32\LogonUI.exe - ok
19:30:44.0854 2188  [ 2873DFE622F4A3929D93F7BC85ADE13E ] C:\Windows\System32\wevtsvc.dll
19:30:44.0854 2188  C:\Windows\System32\wevtsvc.dll - ok
19:30:44.0861 2188  [ FABFC817547EABB19B74849CEF410622 ] C:\Windows\System32\authui.dll
19:30:44.0861 2188  C:\Windows\System32\authui.dll - ok
19:30:44.0870 2188  [ E8132FB3BAC7C0CDBD581485B8BA947F ] C:\Windows\System32\cryptui.dll
19:30:44.0870 2188  C:\Windows\System32\cryptui.dll - ok
19:30:44.0879 2188  [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\System32\ntmarta.dll
19:30:44.0879 2188  C:\Windows\System32\ntmarta.dll - ok
19:30:44.0884 2188  [ 510C873BFA135AA829F4180352772734 ] C:\Windows\System32\audiosrv.dll
19:30:44.0884 2188  C:\Windows\System32\audiosrv.dll - ok
19:30:44.0894 2188  [ 16935C98FF639D185086A3529B1F2067 ] C:\Windows\System32\wlansvc.dll
19:30:44.0894 2188  C:\Windows\System32\wlansvc.dll - ok
19:30:44.0903 2188  [ AC8C80DC4F1A6E60C9A762C1799F0B39 ] C:\Windows\System32\adtschema.dll
19:30:44.0903 2188  C:\Windows\System32\adtschema.dll - ok
19:30:44.0912 2188  [ 139D3AB6AA920C34C50CBFFB9EB7D222 ] C:\Windows\System32\avrt.dll
19:30:44.0912 2188  C:\Windows\System32\avrt.dll - ok
19:30:44.0919 2188  [ 146B6F43A673379A3C670E86D89BE5EA ] C:\Windows\System32\mmcss.dll
19:30:44.0919 2188  C:\Windows\System32\mmcss.dll - ok
19:30:44.0929 2188  [ 8C680C0E6B3D6711B2B88AC82FE1804E ] C:\Windows\System32\MMDevAPI.dll
19:30:44.0929 2188  C:\Windows\System32\MMDevAPI.dll - ok
19:30:44.0938 2188  [ 26EAEE08CAF82AA7F03C5020F51DA541 ] C:\Windows\System32\propsys.dll
19:30:44.0938 2188  C:\Windows\System32\propsys.dll - ok
19:30:44.0947 2188  [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\System32\netprofm.dll
19:30:44.0947 2188  C:\Windows\System32\netprofm.dll - ok
19:30:44.0956 2188  [ 5826854E4E420E29F59C2865F0FA562F ] C:\Program Files\Windows Defender\MpEvMsg.dll
19:30:44.0956 2188  C:\Program Files\Windows Defender\MpEvMsg.dll - ok
19:30:44.0965 2188  [ 8B0B4C5927A333A05513791758350DC4 ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
19:30:44.0965 2188  C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
19:30:44.0973 2188  [ 7520EC808E0C35E0EE6F841294316653 ] C:\Windows\System32\drivers\fltMgr.sys
19:30:44.0973 2188  C:\Windows\System32\drivers\fltMgr.sys - ok
19:30:44.0983 2188  [ 0FA436A553408CBEBA070E3182658DE3 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
19:30:44.0984 2188  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll - ok
19:30:44.0996 2188  [ 5CD996CECF45CBC3E8D109C86B82D69E ] C:\Windows\System32\MPSSVC.dll
19:30:44.0996 2188  C:\Windows\System32\MPSSVC.dll - ok
19:30:45.0006 2188  [ B45DA4D9075AF4297DF675CCD11D4997 ] C:\Windows\System32\audiodg.exe
19:30:45.0006 2188  C:\Windows\System32\audiodg.exe - ok
19:30:45.0015 2188  [ D93A937A2A9D2CBC06B3A615A197011F ] C:\Windows\System32\PSHED.DLL
19:30:45.0015 2188  C:\Windows\System32\PSHED.DLL - ok
19:30:45.0024 2188  [ 56FB5F222EA30D3D3FC459879772CB73 ] C:\Windows\System32\cscsvc.dll
19:30:45.0024 2188  C:\Windows\System32\cscsvc.dll - ok
19:30:45.0033 2188  [ 8BA3C04702BF8F927AB36AE8313CA4EE ] C:\Windows\System32\gpsvc.dll
19:30:45.0033 2188  C:\Windows\System32\gpsvc.dll - ok
19:30:45.0041 2188  [ 1F5497D7D3D79C7BF0AB0C8B4C5BFE6E ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
19:30:45.0041 2188  C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
19:30:45.0049 2188  [ D6415224AD96840153E283A0268DE384 ] C:\Windows\System32\shacct.dll
19:30:45.0049 2188  C:\Windows\System32\shacct.dll - ok
19:30:45.0059 2188  [ C30A3E5DEEEBA22E782AC54C5AF5F352 ] C:\Windows\System32\samlib.dll
19:30:45.0059 2188  C:\Windows\System32\samlib.dll - ok
19:30:45.0067 2188  [ 045DB4EAB4FBD23210E85ECC3F464A2E ] C:\Windows\System32\nlaapi.dll
19:30:45.0067 2188  C:\Windows\System32\nlaapi.dll - ok
19:30:45.0078 2188  [ 772F44012DBE49DE894976AE2259A659 ] C:\Windows\System32\PeerDist.dll
19:30:45.0078 2188  C:\Windows\System32\PeerDist.dll - ok
19:30:45.0085 2188  [ 63BFDF555DA2075A77D677829C3CCCD0 ] C:\Windows\System32\uxtheme.dll
19:30:45.0086 2188  C:\Windows\System32\uxtheme.dll - ok
19:30:45.0095 2188  [ 630CF26F0227498B7D5A92B12548960F ] C:\Windows\System32\profsvc.dll
19:30:45.0095 2188  C:\Windows\System32\profsvc.dll - ok
19:30:45.0106 2188  [ EDB57065790B62EF83BE117AD3EDFDE2 ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll
19:30:45.0107 2188  C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll - ok
19:30:45.0117 2188  [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\System32\atl.dll
19:30:45.0117 2188  C:\Windows\System32\atl.dll - ok
19:30:45.0125 2188  [ 9F758BF982DE530C8C77C9F03334DEEB ] C:\Windows\System32\taskschd.dll
19:30:45.0125 2188  C:\Windows\System32\taskschd.dll - ok
19:30:45.0134 2188  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] C:\Windows\System32\themeservice.dll
19:30:45.0135 2188  C:\Windows\System32\themeservice.dll - ok
19:30:45.0145 2188  [ 2F040CF0613A6D64DCBBA9EE81F5A5AE ] C:\Windows\System32\dsrole.dll
19:30:45.0145 2188  C:\Windows\System32\dsrole.dll - ok
19:30:45.0152 2188  [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\System32\slc.dll
19:30:45.0152 2188  C:\Windows\System32\slc.dll - ok
19:30:45.0162 2188  [ F6916EFC29D9953D5D0DF06882AE8E16 ] C:\Windows\System32\es.dll
19:30:45.0163 2188  C:\Windows\System32\es.dll - ok
19:30:45.0170 2188  [ 808D8A8B2A3074002852BC856D419576 ] C:\Windows\System32\comres.dll
19:30:45.0170 2188  C:\Windows\System32\comres.dll - ok
19:30:45.0180 2188  [ DCB7FCDCC97F87360F75D77425B81737 ] C:\Windows\System32\Sens.dll
19:30:45.0180 2188  C:\Windows\System32\Sens.dll - ok
19:30:45.0188 2188  [ 0089563F324FA784DA849D6A636141E0 ] C:\Windows\System32\mstask.dll
19:30:45.0189 2188  C:\Windows\System32\mstask.dll - ok
19:30:45.0198 2188  [ E30E5BB0DBA49EFE5BBBAFEA440CFBD9 ] C:\Windows\System32\wtsapi32.dll
19:30:45.0198 2188  C:\Windows\System32\wtsapi32.dll - ok
19:30:45.0206 2188  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] C:\Windows\System32\drivers\lltdio.sys
19:30:45.0206 2188  C:\Windows\System32\drivers\lltdio.sys - ok
19:30:45.0215 2188  [ 081E6E1C91AEC36758902A9F727CD23C ] C:\Windows\System32\uxsms.dll
19:30:45.0215 2188  C:\Windows\System32\uxsms.dll - ok
19:30:45.0225 2188  [ 26384429FCD85D83746F63E798AB1480 ] C:\Windows\System32\drivers\nwifi.sys
19:30:45.0225 2188  C:\Windows\System32\drivers\nwifi.sys - ok
19:30:45.0234 2188  [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] C:\Windows\System32\drivers\ndisuio.sys
19:30:45.0234 2188  C:\Windows\System32\drivers\ndisuio.sys - ok
19:30:45.0244 2188  [ 032B0D36AD92B582D869879F5AF5B928 ] C:\Windows\System32\drivers\rspndr.sys
19:30:45.0244 2188  C:\Windows\System32\drivers\rspndr.sys - ok
19:30:45.0252 2188  [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\System32\dui70.dll
19:30:45.0252 2188  C:\Windows\System32\dui70.dll - ok
19:30:45.0263 2188  [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\System32\duser.dll
19:30:45.0263 2188  C:\Windows\System32\duser.dll - ok
19:30:45.0269 2188  [ 6095266CAAF5E75F394CFD4844CC4C25 ] C:\Windows\System32\IPHLPAPI.DLL
19:30:45.0269 2188  C:\Windows\System32\IPHLPAPI.DLL - ok
19:30:45.0279 2188  [ 55CA01BA19D0006C8F2639B6C045E08B ] C:\Windows\System32\lmhsvc.dll
19:30:45.0279 2188  C:\Windows\System32\lmhsvc.dll - ok
19:30:45.0286 2188  [ 16707EC5FD029A4415B138796F0981CE ] C:\Windows\System32\nrpsrv.dll
19:30:45.0287 2188  C:\Windows\System32\nrpsrv.dll - ok
19:30:45.0295 2188  [ BA387E955E890C8A88306D9B8D06BF17 ] C:\Windows\System32\nsisvc.dll
19:30:45.0295 2188  C:\Windows\System32\nsisvc.dll - ok
19:30:45.0306 2188  [ 6B18F23108E6FA70B9F62B4D89668ED8 ] C:\Windows\System32\SndVolSSO.dll
19:30:45.0306 2188  C:\Windows\System32\SndVolSSO.dll - ok
19:30:45.0313 2188  [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\System32\winnsi.dll
19:30:45.0313 2188  C:\Windows\System32\winnsi.dll - ok
19:30:45.0322 2188  [ C56495FBD770712367CAD35E5DE72DA6 ] C:\Windows\System32\dhcpcore.dll
19:30:45.0322 2188  C:\Windows\System32\dhcpcore.dll - ok
19:30:45.0332 2188  [ 990A58A0B01720E419B55EFC5FF387F8 ] C:\Windows\System32\dhcpcore6.dll
19:30:45.0332 2188  C:\Windows\System32\dhcpcore6.dll - ok
19:30:45.0339 2188  [ D0722E963D3C6145446874241401B209 ] C:\Windows\System32\dnsrslvr.dll
19:30:45.0339 2188  C:\Windows\System32\dnsrslvr.dll - ok
19:30:45.0349 2188  [ 8600142FA91C1B96367D3300AD0F3F3A ] C:\Windows\System32\eapsvc.dll
19:30:45.0350 2188  C:\Windows\System32\eapsvc.dll - ok
19:30:45.0359 2188  [ AF75DBA674E55221B7A055B0A4345F16 ] C:\Windows\System32\keyiso.dll
19:30:45.0359 2188  C:\Windows\System32\keyiso.dll - ok
19:30:45.0367 2188  [ 496C56361F57C2CA54931EBBC7D6C2CF ] C:\Windows\System32\eapphost.dll
19:30:45.0367 2188  C:\Windows\System32\eapphost.dll - ok
19:30:45.0376 2188  [ 158117F3CF278F01C6F24E89E2141E81 ] C:\Windows\System32\FWPUCLNT.DLL
19:30:45.0376 2188  C:\Windows\System32\FWPUCLNT.DLL - ok
19:30:45.0385 2188  [ 100103C6535C66265267F5EEA5F5846E ] C:\Windows\System32\dnsext.dll
19:30:45.0385 2188  C:\Windows\System32\dnsext.dll - ok
19:30:45.0391 2188  [ 63DF770DF74ACB370EF5A16727069AAF ] C:\Windows\System32\hid.dll
19:30:45.0391 2188  C:\Windows\System32\hid.dll - ok
19:30:45.0399 2188  [ 91DA0906B27ADC98B7CC9D17F6F8227C ] C:\Windows\System32\umb.dll
19:30:45.0399 2188  C:\Windows\System32\umb.dll - ok
19:30:45.0410 2188  [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\System32\dhcpcsvc.dll
19:30:45.0410 2188  C:\Windows\System32\dhcpcsvc.dll - ok
19:30:45.0418 2188  [ 29CA5974FAB0E8AE4AA7814FE05CF832 ] C:\Windows\System32\dhcpcsvc6.dll
19:30:45.0418 2188  C:\Windows\System32\dhcpcsvc6.dll - ok
19:30:45.0427 2188  [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\System32\dwmapi.dll
19:30:45.0427 2188  C:\Windows\System32\dwmapi.dll - ok
19:30:45.0435 2188  [ 81E1423A5D3F0F350307B537D33599FC ] C:\Windows\System32\wlanmsm.dll
19:30:45.0435 2188  C:\Windows\System32\wlanmsm.dll - ok
19:30:45.0445 2188  [ 7BF5EA753D4CC056B9462A02AC51B160 ] C:\Windows\System32\xmllite.dll
19:30:45.0445 2188  C:\Windows\System32\xmllite.dll - ok
19:30:45.0454 2188  [ 20C06A50DFC097E134BC6FA8444CA9BC ] C:\Windows\System32\wlansec.dll
19:30:45.0454 2188  C:\Windows\System32\wlansec.dll - ok
19:30:45.0462 2188  [ ADEE99F825F8C247C37541EA102CA975 ] C:\Windows\System32\onex.dll
19:30:45.0462 2188  C:\Windows\System32\onex.dll - ok
19:30:45.0471 2188  [ 691C8DFB208227F0CBB5C0897C742ACE ] C:\Windows\System32\WindowsCodecs.dll
19:30:45.0471 2188  C:\Windows\System32\WindowsCodecs.dll - ok
19:30:45.0481 2188  [ 5A5FEDDF02588B8F9FE4A95E5E7EAE97 ] C:\Windows\System32\eappcfg.dll
19:30:45.0481 2188  C:\Windows\System32\eappcfg.dll - ok
19:30:45.0489 2188  [ 666E57B6B51824D1D235F80A3DD70A13 ] C:\Windows\System32\eappprxy.dll
19:30:45.0489 2188  C:\Windows\System32\eappprxy.dll - ok
19:30:45.0499 2188  [ C1585EAA67C37A05BF6F93726FAFC069 ] C:\Windows\System32\l2gpstore.dll
19:30:45.0499 2188  C:\Windows\System32\l2gpstore.dll - ok
19:30:45.0514 2188  [ 749F9795F01C35EEBE100A87D82B9681 ] C:\Windows\System32\wlgpclnt.dll
19:30:45.0515 2188  C:\Windows\System32\wlgpclnt.dll - ok
19:30:45.0520 2188  [ 3C33562F4FAE3D58E47F662DCE07675E ] C:\Windows\System32\WinSCard.dll
19:30:45.0520 2188  C:\Windows\System32\WinSCard.dll - ok
19:30:45.0530 2188  [ 1D6A771D1D702AE07919DB52C889A249 ] C:\Windows\System32\wlanutil.dll
19:30:45.0530 2188  C:\Windows\System32\wlanutil.dll - ok
19:30:45.0539 2188  [ 3612142EAA6227028F010714D71BBD5F ] C:\Windows\System32\msxml6.dll
19:30:45.0539 2188  C:\Windows\System32\msxml6.dll - ok
19:30:45.0547 2188  [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\System32\winbrand.dll
19:30:45.0547 2188  C:\Windows\System32\winbrand.dll - ok
19:30:45.0555 2188  [ CD2E48FA5B29EE2B3B5858056D246EF2 ] C:\Windows\System32\shsvcs.dll
19:30:45.0556 2188  C:\Windows\System32\shsvcs.dll - ok
19:30:45.0565 2188  [ 65BF13016A3C22775F3E17591AE5268A ] C:\Windows\System32\VaultCredProvider.dll
19:30:45.0565 2188  C:\Windows\System32\VaultCredProvider.dll - ok
19:30:45.0576 2188  [ C5B5CCDBF8ED1475240313ED88234E3F ] C:\Windows\System32\netcfgx.dll
19:30:45.0576 2188  C:\Windows\System32\netcfgx.dll - ok
19:30:45.0583 2188  [ 9F1BB2E5177D8C7AF7CC45BFC18010C8 ] C:\Windows\System32\SmartcardCredentialProvider.dll
19:30:45.0583 2188  C:\Windows\System32\SmartcardCredentialProvider.dll - ok
19:30:45.0591 2188  [ E59F08ED9D2A128CE436BBFC232247F6 ] C:\Windows\System32\BioCredProv.dll
19:30:45.0591 2188  C:\Windows\System32\BioCredProv.dll - ok
19:30:45.0603 2188  [ 3E8B0C453E25613A1F59762A5C42AA75 ] C:\Windows\System32\schedsvc.dll
19:30:45.0603 2188  C:\Windows\System32\schedsvc.dll - ok
19:30:45.0612 2188  [ 702A13ED6F2B4740FA77A7A19B382348 ] C:\Windows\System32\credui.dll
19:30:45.0612 2188  C:\Windows\System32\credui.dll - ok
19:30:45.0621 2188  [ 3FAD263CE1E2A6FFF40D00043B2275E3 ] C:\Windows\System32\winbio.dll
19:30:45.0622 2188  C:\Windows\System32\winbio.dll - ok
19:30:45.0630 2188  [ C3DBF7DFF5A38136E26BADB7AB4E2972 ] C:\Windows\System32\netapi32.dll
19:30:45.0630 2188  C:\Windows\System32\netapi32.dll - ok
19:30:45.0635 2188  [ C6BB27D9A8AC13D4A44486F528B5C884 ] C:\Windows\System32\netutils.dll
19:30:45.0636 2188  C:\Windows\System32\netutils.dll - ok
19:30:45.0646 2188  [ 36B8D5903CEEF0AA42A1EE002BD27FF1 ] C:\Windows\System32\vaultcli.dll
19:30:45.0646 2188  C:\Windows\System32\vaultcli.dll - ok
19:30:45.0654 2188  [ 7AD12703039056D2A0815F85960E1FA1 ] C:\Windows\System32\wkscli.dll
19:30:45.0654 2188  C:\Windows\System32\wkscli.dll - ok
19:30:45.0663 2188  [ 742AA02BD9FA3492C9E525BBD427D87D ] C:\Windows\System32\samcli.dll
19:30:45.0664 2188  C:\Windows\System32\samcli.dll - ok
19:30:45.0672 2188  [ 6D8CACF3B1B54943EFCF420C2D667B37 ] C:\Windows\System32\certCredProvider.dll
19:30:45.0672 2188  C:\Windows\System32\certCredProvider.dll - ok
19:30:45.0680 2188  [ 38B13C0DF479DBA23ECFA815159BA86E ] C:\Windows\System32\ktmw32.dll
19:30:45.0680 2188  C:\Windows\System32\ktmw32.dll - ok
19:30:45.0691 2188  [ FFE4BEC5C187C426A17AE76A773063A6 ] C:\Windows\System32\rasplap.dll
19:30:45.0692 2188  C:\Windows\System32\rasplap.dll - ok
19:30:45.0701 2188  [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\System32\rasapi32.dll
19:30:45.0701 2188  C:\Windows\System32\rasapi32.dll - ok
19:30:45.0714 2188  [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\System32\rasman.dll
19:30:45.0714 2188  C:\Windows\System32\rasman.dll - ok
19:30:45.0724 2188  [ 2DD44566FF92EC81726C5FAFEFA3FE8B ] C:\Windows\System32\rtutils.dll
19:30:45.0724 2188  C:\Windows\System32\rtutils.dll - ok
19:30:45.0734 2188  [ 0D4E8439AD3159A335FA720E043EA22E ] C:\Windows\System32\taskcomp.dll
19:30:45.0734 2188  C:\Windows\System32\taskcomp.dll - ok
19:30:45.0745 2188  [ CBD010BFBED9657C3813400AAD03CF8A ] C:\Windows\System32\oleacc.dll
19:30:45.0745 2188  C:\Windows\System32\oleacc.dll - ok
19:30:45.0754 2188  [ FD049C25A168D3DE310D9207B7B6367B ] C:\Windows\System32\UIAutomationCore.dll
19:30:45.0754 2188  C:\Windows\System32\UIAutomationCore.dll - ok
19:30:45.0765 2188  [ A12829E9974F57E9B5DBFEA7C93190F6 ] C:\Windows\System32\UXInit.dll
19:30:45.0765 2188  C:\Windows\System32\UXInit.dll - ok
19:30:45.0775 2188  [ C531C7FD9E8B62021112787C4E2C5A5A ] C:\Windows\System32\drivers\http.sys
19:30:45.0775 2188  C:\Windows\System32\drivers\http.sys - ok
19:30:45.0786 2188  [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\System32\imageres.dll
19:30:45.0786 2188  C:\Windows\System32\imageres.dll - ok
19:30:45.0795 2188  [ DB7F4DE9079F8D073622F18A96A671D5 ] C:\Windows\System32\fveapi.dll
19:30:45.0795 2188  C:\Windows\System32\fveapi.dll - ok
19:30:45.0805 2188  [ C87F28A34B3840F4B40011D170B1A159 ] C:\Windows\System32\fvecerts.dll
19:30:45.0805 2188  C:\Windows\System32\fvecerts.dll - ok
19:30:45.0816 2188  [ EAFC149CD3BD78C443E31BB157841197 ] C:\Windows\System32\tbs.dll
19:30:45.0816 2188  C:\Windows\System32\tbs.dll - ok
19:30:45.0826 2188  [ 49B6DD6AB3715B7A67965F17194E98A9 ] C:\Windows\System32\spoolsv.exe
19:30:45.0826 2188  C:\Windows\System32\spoolsv.exe - ok
19:30:45.0835 2188  [ E0FE1259D88A89493098D9269144FD5F ] C:\Windows\System32\wiarpc.dll
19:30:45.0835 2188  C:\Windows\System32\wiarpc.dll - ok
19:30:45.0845 2188  [ 85AC71C045CEB054ED48A7841AAE0C11 ] C:\Windows\System32\BFE.DLL
19:30:45.0845 2188  C:\Windows\System32\BFE.DLL - ok
19:30:45.0854 2188  [ FCAFAEF6798D7B51FF029F99A9898961 ] C:\Windows\System32\drivers\bowser.sys
19:30:45.0854 2188  C:\Windows\System32\drivers\bowser.sys - ok
19:30:45.0865 2188  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] C:\Windows\System32\drivers\mpsdrv.sys
19:30:45.0865 2188  C:\Windows\System32\drivers\mpsdrv.sys - ok
19:30:45.0875 2188  [ F4A054BE78AF7F410129C4B64B07DC9B ] C:\Windows\System32\drivers\mrxsmb.sys
19:30:45.0875 2188  C:\Windows\System32\drivers\mrxsmb.sys - ok
19:30:45.0885 2188  [ DEFFA295BD1895C6ED8E3078412AC60B ] C:\Windows\System32\drivers\mrxsmb10.sys
19:30:45.0885 2188  C:\Windows\System32\drivers\mrxsmb10.sys - ok
19:30:45.0892 2188  [ 24D76ABE5DCAD22F19D105F76FDF0CE1 ] C:\Windows\System32\drivers\mrxsmb20.sys
19:30:45.0892 2188  C:\Windows\System32\drivers\mrxsmb20.sys - ok
19:30:45.0902 2188  [ B9891F885DCF1F0513A51CB58493CB1F ] C:\Windows\System32\wkssvc.dll
19:30:45.0902 2188  C:\Windows\System32\wkssvc.dll - ok
19:30:45.0913 2188  [ EB0A59F29C19B86479D36B35983DAADC ] C:\Windows\System32\drivers\parvdm.sys
19:30:45.0913 2188  C:\Windows\System32\drivers\parvdm.sys - ok
19:30:45.0922 2188  [ 3927397AC60D943DAF8808AFFED582B7 ] C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:30:45.0922 2188  C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
19:30:45.0935 2188  [ 019C372B1A9DA73A22D0D35A4D40F5C9 ] C:\Windows\System32\wfapigp.dll
19:30:45.0935 2188  C:\Windows\System32\wfapigp.dll - ok
19:30:45.0946 2188  [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
19:30:45.0946 2188  C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
19:30:45.0958 2188  [ 205B7034B64DE5A68DEB96B47B7E889B ] C:\Windows\System32\mscms.dll
19:30:45.0958 2188  C:\Windows\System32\mscms.dll - ok
19:30:45.0965 2188  [ 9C231178CE4FB385F4B54B0A9080B8A4 ] C:\Windows\System32\cryptsvc.dll
19:30:45.0966 2188  C:\Windows\System32\cryptsvc.dll - ok
19:30:45.0975 2188  [ EFBC1DD333C99CA52A1371C74D4BA7A7 ] C:\Windows\System32\vssapi.dll
19:30:45.0975 2188  C:\Windows\System32\vssapi.dll - ok
19:30:45.0985 2188  [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] C:\Windows\System32\dps.dll
19:30:45.0985 2188  C:\Windows\System32\dps.dll - ok
19:30:45.0995 2188  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:30:45.0995 2188  C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe - ok
19:30:46.0003 2188  [ 358AB7956D3160000726574083DFC8A6 ] C:\Windows\System32\pcasvc.dll
19:30:46.0003 2188  C:\Windows\System32\pcasvc.dll - ok
19:30:46.0014 2188  [ 8624E0E2418413614EE1FECDB7B76B88 ] C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
19:30:46.0014 2188  C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll - ok
19:30:46.0022 2188  [ 6A984831644ECA1A33FFEAE4126F4F37 ] C:\Windows\System32\snmptrap.exe
19:30:46.0022 2188  C:\Windows\System32\snmptrap.exe - ok
19:30:46.0032 2188  [ D4467A285C91752018F67CDBA8680BAB ] C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
19:30:46.0032 2188  C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll - ok
19:30:46.0041 2188  [ A2F17346CC5C502D4E29EF986BD17D34 ] C:\Windows\System32\PeerDistSh.dll
19:30:46.0041 2188  C:\Windows\System32\PeerDistSh.dll - ok
19:30:46.0049 2188  [ B940289C83121046BD6A60ACC6028593 ] C:\Windows\System32\vsstrace.dll
19:30:46.0049 2188  C:\Windows\System32\vsstrace.dll - ok
19:30:46.0059 2188  [ FB08DEC5EF43D0C66D83B8E9694E7549 ] C:\Windows\System32\provsvc.dll
19:30:46.0059 2188  C:\Windows\System32\provsvc.dll - ok
19:30:46.0068 2188  [ D318F23BE45D5E3A107469EB64815B50 ] C:\Windows\System32\sstpsvc.dll
19:30:46.0068 2188  C:\Windows\System32\sstpsvc.dll - ok
19:30:46.0077 2188  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:30:46.0077 2188  C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe - ok
19:30:46.0090 2188  [ 4BE1DCAD76BE96D1EC887A41E570C404 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll
19:30:46.0090 2188  C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll - ok
19:30:46.0097 2188  [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\System32\mpr.dll
19:30:46.0097 2188  C:\Windows\System32\mpr.dll - ok
19:30:46.0106 2188  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] C:\Windows\System32\netman.dll
19:30:46.0106 2188  C:\Windows\System32\netman.dll - ok
19:30:46.0117 2188  [ 9E0104BA49F4E6973749A02BF41344ED ] C:\Windows\System32\drivers\PEAuth.sys
19:30:46.0117 2188  C:\Windows\System32\drivers\PEAuth.sys - ok
19:30:46.0125 2188  [ 2226496E34BD40734946A054B1CD657F ] C:\Windows\System32\nlasvc.dll
19:30:46.0126 2188  C:\Windows\System32\nlasvc.dll - ok
19:30:46.0135 2188  [ 3F2DEAFC463D75611CB9C5E36A8CCF15 ] C:\Windows\System32\ncsi.dll
19:30:46.0135 2188  C:\Windows\System32\ncsi.dll - ok
19:30:46.0141 2188  [ D757F59EED634C595727534B60E640B8 ] C:\Windows\System32\winhttp.dll
19:30:46.0142 2188  C:\Windows\System32\winhttp.dll - ok
19:30:46.0151 2188  [ 90A3935D05B494A5A39D37E71F09A677 ] C:\Windows\System32\drivers\secdrv.sys
19:30:46.0151 2188  C:\Windows\System32\drivers\secdrv.sys - ok
19:30:46.0162 2188  [ B5665BAA2120B8A54E22E9CD07C05106 ] C:\Windows\System32\drivers\srvnet.sys
19:30:46.0162 2188  C:\Windows\System32\drivers\srvnet.sys - ok
19:30:46.0172 2188  [ 8E33E2B24306C5249154322BC99493F5 ] C:\Windows\System32\httpapi.dll
19:30:46.0172 2188  C:\Windows\System32\httpapi.dll - ok
19:30:46.0181 2188  [ 7F739F89F7F60221740DA9DE1B1DABB6 ] C:\Windows\System32\webio.dll
19:30:46.0181 2188  C:\Windows\System32\webio.dll - ok
19:30:46.0192 2188  [ E64444523ADD154F86567C469BC0B17F ] C:\Windows\System32\drivers\tcpipreg.sys
19:30:46.0192 2188  C:\Windows\System32\drivers\tcpipreg.sys - ok
19:30:46.0201 2188  [ 04105C8DA62353589C29BDAEB8D88BD8 ] C:\Windows\System32\sysmain.dll
19:30:46.0201 2188  C:\Windows\System32\sysmain.dll - ok
19:30:46.0211 2188  [ A59B3A4442C52060CC7A85293AA3546F ] C:\Windows\System32\seclogon.dll
19:30:46.0211 2188  C:\Windows\System32\seclogon.dll - ok
19:30:46.0223 2188  [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] C:\Windows\System32\tapisrv.dll
19:30:46.0223 2188  C:\Windows\System32\tapisrv.dll - ok
19:30:46.0233 2188  [ 28E2231BD34A39C854BDF3923AB2FF86 ] C:\Windows\System32\ssdpapi.dll
19:30:46.0233 2188  C:\Windows\System32\ssdpapi.dll - ok
19:30:46.0242 2188  [ D6692338B985D4A0CA52B828314D897D ] C:\Windows\System32\drprov.dll
19:30:46.0242 2188  C:\Windows\System32\drprov.dll - ok
19:30:46.0255 2188  [ 06018B349666595970E15397E78A0D77 ] C:\Windows\System32\ntlanman.dll
19:30:46.0256 2188  C:\Windows\System32\ntlanman.dll - ok
19:30:46.0261 2188  [ ADD9D33D685DFADDFAD5AFB42CF31A70 ] C:\Windows\System32\cscapi.dll
19:30:46.0261 2188  C:\Windows\System32\cscapi.dll - ok
19:30:46.0270 2188  [ 44F7AC99B73AF64884A67F17D9E0A773 ] C:\Windows\System32\davclnt.dll
19:30:46.0270 2188  C:\Windows\System32\davclnt.dll - ok
19:30:46.0281 2188  [ 179BECE8D1A4C488DDB7191FF9BE3FB0 ] C:\Windows\System32\davhlpr.dll
19:30:46.0281 2188  C:\Windows\System32\davhlpr.dll - ok
19:30:46.0288 2188  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] C:\Windows\System32\trkwks.dll
19:30:46.0288 2188  C:\Windows\System32\trkwks.dll - ok
19:30:46.0297 2188  [ F62E510B6AD4C21EB9FE8668ED251826 ] C:\Windows\System32\wbem\WMIsvc.dll
19:30:46.0297 2188  C:\Windows\System32\wbem\WMIsvc.dll - ok
19:30:46.0306 2188  [ 96F3F676B4D0DF4DA9C4081358C4662F ] C:\Windows\System32\wbemcomn.dll
19:30:46.0306 2188  C:\Windows\System32\wbemcomn.dll - ok
19:30:46.0315 2188  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] C:\Program Files\Windows Defender\MpSvc.dll
19:30:46.0315 2188  C:\Program Files\Windows Defender\MpSvc.dll - ok
19:30:46.0327 2188  [ DCE7E10FEAABD4CAE95948B3DE5340BB ] C:\Windows\System32\drivers\srv2.sys
19:30:46.0327 2188  C:\Windows\System32\drivers\srv2.sys - ok
19:30:46.0336 2188  [ 0CE66EC736B7FC526D78F7624C7D2A94 ] C:\Windows\System32\rasmans.dll
19:30:46.0336 2188  C:\Windows\System32\rasmans.dll - ok
19:30:46.0346 2188  [ 2BA4EBC7DFBA845A1EDBE1F75913BE33 ] C:\Windows\System32\drivers\srv.sys
19:30:46.0346 2188  C:\Windows\System32\drivers\srv.sys - ok
19:30:46.0360 2188  [ 0E7441BE4D8C31C7F94D4E09AF8339C8 ] C:\Windows\System32\wbem\WmiDcPrv.dll
19:30:46.0360 2188  C:\Windows\System32\wbem\WmiDcPrv.dll - ok
19:30:46.0371 2188  [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\System32\sfc.dll
19:30:46.0371 2188  C:\Windows\System32\sfc.dll - ok
19:30:46.0383 2188  [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\System32\sfc_os.dll
19:30:46.0383 2188  C:\Windows\System32\sfc_os.dll - ok
19:30:46.0396 2188  [ 20308CF0675AD7CE5AAA6712DB823216 ] C:\Program Files\Windows Defender\MpClient.dll
19:30:46.0396 2188  C:\Program Files\Windows Defender\MpClient.dll - ok
19:30:46.0405 2188  [ 92B214B7E5436A3310A9138CE4A03D23 ] C:\Windows\System32\esent.dll
19:30:46.0405 2188  C:\Windows\System32\esent.dll - ok
19:30:46.0414 2188  [ 089B5F924E96BA9C40E4E4522BF43770 ] C:\Program Files\Windows Defender\MpRTP.dll
19:30:46.0415 2188  C:\Program Files\Windows Defender\MpRTP.dll - ok
19:30:46.0422 2188  [ 8D47D01378347889A662D54037A988CC ] C:\Windows\System32\tdh.dll
19:30:46.0422 2188  C:\Windows\System32\tdh.dll - ok
19:30:46.0432 2188  [ 1CEDFE91F527858CACA1B08B04666BC0 ] C:\Windows\System32\wbem\fastprox.dll
19:30:46.0432 2188  C:\Windows\System32\wbem\fastprox.dll - ok
19:30:46.0444 2188  [ 11F06C27DAD83CD5E907D664CA591805 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8ABCB725-968E-4DA6-B426-D02C535642E6}\mpengine.dll
19:30:46.0444 2188  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8ABCB725-968E-4DA6-B426-D02C535642E6}\mpengine.dll - ok
19:30:46.0453 2188  [ B144A2223EF11ED42310124A7839258E ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8ABCB725-968E-4DA6-B426-D02C535642E6}\mpasbase.vdm
19:30:46.0453 2188  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8ABCB725-968E-4DA6-B426-D02C535642E6}\mpasbase.vdm - ok
19:30:46.0462 2188  [ 167B79B958DBB8A2903514C0E58ADE6B ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8ABCB725-968E-4DA6-B426-D02C535642E6}\mpasdlta.vdm
19:30:46.0462 2188  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8ABCB725-968E-4DA6-B426-D02C535642E6}\mpasdlta.vdm - ok
19:30:46.0474 2188  [ 477397B432A256A50EE7E4339EB9EA14 ] C:\Windows\System32\iphlpsvc.dll
19:30:46.0474 2188  C:\Windows\System32\iphlpsvc.dll - ok
19:30:46.0482 2188  [ 6AC23D88F560593F5138F54C751A9979 ] C:\Windows\System32\sqmapi.dll
19:30:46.0482 2188  C:\Windows\System32\sqmapi.dll - ok
19:30:46.0491 2188  [ 36F0BAA49BD0EBB5E8DBDED3EC75806C ] C:\Windows\System32\wdscore.dll
19:30:46.0491 2188  C:\Windows\System32\wdscore.dll - ok
19:30:46.0499 2188  [ 598E1280E7FF3744F4B8329366CC5635 ] C:\Windows\System32\browser.dll
19:30:46.0500 2188  C:\Windows\System32\browser.dll - ok
19:30:46.0509 2188  [ BCA92CB047A4326925ECEF759DBAA233 ] C:\Windows\System32\srvsvc.dll
19:30:46.0509 2188  C:\Windows\System32\srvsvc.dll - ok
19:30:46.0517 2188  [ 881D9F2D6E04E1C323050CF1574870F7 ] C:\Windows\System32\wbem\WinMgmtR.dll
19:30:46.0517 2188  C:\Windows\System32\wbem\WinMgmtR.dll - ok
19:30:46.0527 2188  [ B5C452BAF3A3914EF87628252EA12FEB ] C:\Windows\System32\rastapi.dll
19:30:46.0527 2188  C:\Windows\System32\rastapi.dll - ok
19:30:46.0540 2188  [ BA32509D9B340162327B341013DE6522 ] C:\Windows\System32\tapi32.dll
19:30:46.0541 2188  C:\Windows\System32\tapi32.dll - ok
19:30:46.0545 2188  [ E4B72E71EC37A59FE574A998A0C0EB9B ] C:\Windows\System32\netmsg.dll
19:30:46.0545 2188  C:\Windows\System32\netmsg.dll - ok
19:30:46.0553 2188  [ 2F94E3709F029512A1BD8F6C108D7B62 ] C:\Windows\System32\sscore.dll
19:30:46.0553 2188  C:\Windows\System32\sscore.dll - ok
19:30:46.0564 2188  [ 9092668DAF4061898FD3F2C19D8C7F85 ] C:\Windows\System32\clusapi.dll
19:30:46.0564 2188  C:\Windows\System32\clusapi.dll - ok
19:30:46.0572 2188  [ 9015EE5171BCB15653DA27024BD27128 ] C:\Windows\System32\resutils.dll
19:30:46.0572 2188  C:\Windows\System32\resutils.dll - ok
19:30:46.0587 2188  [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\System32\ntdsapi.dll
19:30:46.0587 2188  C:\Windows\System32\ntdsapi.dll - ok
19:30:46.0593 2188  [ A63DC5C2EA944E6657203E0C8EDEAF61 ] C:\Windows\System32\dllhost.exe
19:30:46.0593 2188  C:\Windows\System32\dllhost.exe - ok
19:30:46.0601 2188  [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\System32\wbem\wbemprox.dll
19:30:46.0602 2188  C:\Windows\System32\wbem\wbemprox.dll - ok
19:30:46.0611 2188  [ 6383C60EC0133B14F5705F96369421B2 ] C:\Windows\System32\hnetcfg.dll
19:30:46.0612 2188  C:\Windows\System32\hnetcfg.dll - ok
19:30:46.0621 2188  [ F45330F0364BC8223EF835EA5E3EBB8E ] C:\Windows\System32\unimdm.tsp
19:30:46.0621 2188  C:\Windows\System32\unimdm.tsp - ok
19:30:46.0629 2188  [ E675DE8CF57D8814218733B3DAE896D7 ] C:\Windows\System32\uniplat.dll
19:30:46.0629 2188  C:\Windows\System32\uniplat.dll - ok
19:30:46.0638 2188  [ 5F610783FBF01F9885D80A1DB1A2F220 ] C:\Windows\System32\nci.dll
19:30:46.0638 2188  C:\Windows\System32\nci.dll - ok
19:30:46.0644 2188  [ 0B31464B7B2D616BD5F7036673588EC1 ] C:\Windows\System32\IDStore.dll
19:30:46.0644 2188  C:\Windows\System32\IDStore.dll - ok
19:30:46.0653 2188  [ 801211DCFD6414FFA48BCA661A76C6FA ] C:\Windows\System32\wbem\wbemcore.dll
19:30:46.0653 2188  C:\Windows\System32\wbem\wbemcore.dll - ok
19:30:46.0663 2188  [ 5AE88135C6A86FCD67BA16AFBB1C8389 ] C:\Windows\System32\wbem\esscli.dll
19:30:46.0663 2188  C:\Windows\System32\wbem\esscli.dll - ok
19:30:46.0673 2188  [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\System32\wbem\wbemsvc.dll
19:30:46.0673 2188  C:\Windows\System32\wbem\wbemsvc.dll - ok
19:30:46.0681 2188  [ 371E3B05894549113D07CD3081ED55EF ] C:\Windows\System32\wbem\repdrvfs.dll
19:30:46.0681 2188  C:\Windows\System32\wbem\repdrvfs.dll - ok
19:30:46.0693 2188  [ 5610B0425518D185331CB8E968D060E6 ] C:\Windows\System32\wbem\wmiutils.dll
19:30:46.0693 2188  C:\Windows\System32\wbem\wmiutils.dll - ok
19:30:46.0703 2188  [ F3FB146CDBDD26FCD0CF7941C547BEE4 ] C:\Windows\System32\kmddsp.tsp
19:30:46.0703 2188  C:\Windows\System32\kmddsp.tsp - ok
19:30:46.0712 2188  [ AA11A26692E0DB2996CAEFE9EC61F61F ] C:\Windows\System32\ndptsp.tsp
19:30:46.0712 2188  C:\Windows\System32\ndptsp.tsp - ok
19:30:46.0720 2188  [ E2F6CC0D191361EE94FEA3957653F531 ] C:\Windows\System32\hidphone.tsp
19:30:46.0720 2188  C:\Windows\System32\hidphone.tsp - ok
19:30:46.0730 2188  [ 26A634B2E0FD87F23541AD13A503CA72 ] C:\Windows\System32\winmm.dll
19:30:46.0730 2188  C:\Windows\System32\winmm.dll - ok
19:30:46.0738 2188  [ 8F4F5A5C1BAE72CE6EAEEA1CA3F98CA2 ] C:\Windows\System32\taskhost.exe
19:30:46.0738 2188  C:\Windows\System32\taskhost.exe - ok
19:30:46.0748 2188  [ 98963BD29723A373009B017E87BE9CE8 ] C:\Windows\System32\rasppp.dll
19:30:46.0748 2188  C:\Windows\System32\rasppp.dll - ok
19:30:46.0755 2188  [ 582C191F861D18B8C937FB9859B80E9C ] C:\Windows\System32\vpnike.dll
19:30:46.0756 2188  C:\Windows\System32\vpnike.dll - ok
19:30:46.0764 2188  [ 75DD1448B57D1F9382A8B59ED8E3790B ] C:\Windows\System32\raschap.dll
19:30:46.0764 2188  C:\Windows\System32\raschap.dll - ok
19:30:46.0774 2188  [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\System32\rasadhlp.dll
19:30:46.0774 2188  C:\Windows\System32\rasadhlp.dll - ok
19:30:46.0783 2188  [ 3CA5D661E6C5DDE5574D02F324C32E53 ] C:\Program Files\Windows Defender\MsMpLics.dll
19:30:46.0784 2188  C:\Program Files\Windows Defender\MsMpLics.dll - ok
19:30:46.0791 2188  [ F58516E2DC0D963EF70D6BFC21FD82C4 ] C:\Windows\System32\PlaySndSrv.dll
19:30:46.0791 2188  C:\Windows\System32\PlaySndSrv.dll - ok
19:30:46.0801 2188  [ 7853D2AB445C10F97610B2B05FA4CF0A ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
19:30:46.0801 2188  C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe - ok
19:30:46.0810 2188  [ B8F4A6990A6295159792B4AD189D460D ] C:\Windows\System32\wbem\WmiPrvSD.dll
19:30:46.0810 2188  C:\Windows\System32\wbem\WmiPrvSD.dll - ok
19:30:46.0821 2188  [ B43687C534A49700BF4B3C9898763752 ] C:\Windows\System32\MsCtfMonitor.dll
19:30:46.0821 2188  C:\Windows\System32\MsCtfMonitor.dll - ok
19:30:46.0830 2188  [ 415132079EAF93D6E90D9CA1B641F068 ] C:\Windows\System32\msutb.dll
19:30:46.0830 2188  C:\Windows\System32\msutb.dll - ok
19:30:46.0840 2188  [ A4CC7227A452C4909F9499D91B184364 ] C:\Windows\System32\ncobjapi.dll
19:30:46.0840 2188  C:\Windows\System32\ncobjapi.dll - ok
19:30:46.0847 2188  [ 6DE80F60D7DE9CE6B8C2DDFDF79EF175 ] C:\Windows\System32\userinit.exe
19:30:46.0847 2188  C:\Windows\System32\userinit.exe - ok
19:30:46.0857 2188  [ D1A079A0DE2EA524513B6930C24527A2 ] C:\Windows\System32\ipnathlp.dll
19:30:46.0857 2188  C:\Windows\System32\ipnathlp.dll - ok
19:30:46.0866 2188  [ E8D0FA821AAA7DF5EE42E1AA4D7E4193 ] C:\Windows\System32\mprapi.dll
19:30:46.0866 2188  C:\Windows\System32\mprapi.dll - ok
19:30:46.0882 2188  [ 505BF4D1CADEB8D4F8BCD08D944DE25D ] C:\Windows\System32\dwm.exe
19:30:46.0882 2188  C:\Windows\System32\dwm.exe - ok
19:30:46.0887 2188  [ F7611E0F05B4EB272102CA9883CA98A7 ] C:\Windows\System32\netshell.dll
19:30:46.0888 2188  C:\Windows\System32\netshell.dll - ok
19:30:46.0895 2188  [ B73793F6A0EE0F61D6FA578B2EBF197A ] C:\Windows\System32\dwmredir.dll
19:30:46.0895 2188  C:\Windows\System32\dwmredir.dll - ok
19:30:46.0903 2188  [ 60CC965A89E2072EBD26D63D5E1E1D18 ] C:\Windows\System32\dwmcore.dll
19:30:46.0904 2188  C:\Windows\System32\dwmcore.dll - ok
19:30:46.0914 2188  [ F7CD6BC217C7277B987103002DD99032 ] C:\Windows\System32\HotStartUserAgent.dll
19:30:46.0914 2188  C:\Windows\System32\HotStartUserAgent.dll - ok
19:30:46.0920 2188  [ 15BC38A7492BEFE831966ADB477CF76F ] C:\Windows\explorer.exe
19:30:46.0921 2188  C:\Windows\explorer.exe - ok
19:30:46.0930 2188  [ 6E05F39AF5B91CEE0D2A84501EEEDBD8 ] C:\Windows\System32\d3d10_1.dll
19:30:46.0930 2188  C:\Windows\System32\d3d10_1.dll - ok
19:30:46.0940 2188  [ D7953299DD7ABA019A9C7F21A1515A5D ] C:\Windows\System32\d3d10_1core.dll
19:30:46.0940 2188  C:\Windows\System32\d3d10_1core.dll - ok
19:30:46.0949 2188  [ DD76301614636306414EFA94A9AC5A03 ] C:\Windows\System32\dxgi.dll
19:30:46.0949 2188  C:\Windows\System32\dxgi.dll - ok
19:30:46.0959 2188  [ 5DA8B6D2242334B1B55451E734E37EEB ] C:\Windows\System32\nvwgf2um.dll
19:30:46.0959 2188  C:\Windows\System32\nvwgf2um.dll - ok
19:30:46.0968 2188  [ 5242F0AB85D48F18C33783C86879DC19 ] C:\Windows\System32\wscapi.dll
19:30:46.0968 2188  C:\Windows\System32\wscapi.dll - ok
19:30:46.0979 2188  [ 8258362DDB18B644A82D8B5061AD9426 ] C:\Windows\System32\wscisvif.dll
19:30:46.0979 2188  C:\Windows\System32\wscisvif.dll - ok
19:30:46.0991 2188  [ 7DF186D86CF8C571A12AAB788C777F84 ] C:\Windows\System32\wscproxystub.dll
19:30:46.0991 2188  C:\Windows\System32\wscproxystub.dll - ok
19:30:47.0001 2188  [ B350509B6C9296529BC464C60FEEAEF1 ] C:\Windows\System32\wbem\wbemess.dll
19:30:47.0001 2188  C:\Windows\System32\wbem\wbemess.dll - ok
19:30:47.0009 2188  [ FD13400115D3D0D70E087AB826DF593A ] C:\Windows\System32\ExplorerFrame.dll
19:30:47.0010 2188  C:\Windows\System32\ExplorerFrame.dll - ok
19:30:47.0018 2188  [ 2100560AF3F7F2948F2676E44DFB4ECF ] C:\Windows\System32\uDWM.dll
19:30:47.0018 2188  C:\Windows\System32\uDWM.dll - ok
19:30:47.0028 2188  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] C:\Windows\System32\wdi.dll
19:30:47.0028 2188  C:\Windows\System32\wdi.dll - ok
19:30:47.0036 2188  [ B7F658A2EBC07129538AD9AB35212637 ] C:\Windows\System32\wpdbusenum.dll
19:30:47.0036 2188  C:\Windows\System32\wpdbusenum.dll - ok
19:30:47.0045 2188  [ 86CAA1B14F29093EC790779F47C9D99F ] C:\Windows\System32\diagperf.dll
19:30:47.0045 2188  C:\Windows\System32\diagperf.dll - ok
19:30:47.0053 2188  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] C:\Windows\System32\hidserv.dll
19:30:47.0054 2188  C:\Windows\System32\hidserv.dll - ok
19:30:47.0063 2188  [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\System32\npmproxy.dll
19:30:47.0063 2188  C:\Windows\System32\npmproxy.dll - ok
19:30:47.0072 2188  [ 36060A75D9EDB1AEF0825988C7DD8511 ] C:\Windows\System32\PortableDeviceApi.dll
19:30:47.0072 2188  C:\Windows\System32\PortableDeviceApi.dll - ok
19:30:47.0082 2188  [ C693E642ACFBDD76433AF6BE3C3EEE6F ] C:\Windows\System32\PortableDeviceConnectApi.dll
19:30:47.0083 2188  C:\Windows\System32\PortableDeviceConnectApi.dll - ok
19:30:47.0091 2188  [ 7E82616BEE76BF5EAA5B30F681414E21 ] C:\Windows\System32\perftrack.dll
19:30:47.0091 2188  C:\Windows\System32\perftrack.dll - ok
19:30:47.0099 2188  [ F8E882C10AF4C29E378D1E28D4817CB1 ] C:\Windows\System32\pnpts.dll
19:30:47.0100 2188  C:\Windows\System32\pnpts.dll - ok
19:30:47.0109 2188  [ 23D5AE191D918BB82FD8027E1BA869D4 ] C:\Windows\System32\wdiasqmmodule.dll
19:30:47.0109 2188  C:\Windows\System32\wdiasqmmodule.dll - ok
19:30:47.0117 2188  [ 7FFD52D73352806969D424EF327D10A7 ] C:\Windows\System32\radardt.dll
19:30:47.0117 2188  C:\Windows\System32\radardt.dll - ok
19:30:47.0126 2188  [ 8019A904EBB6F8CFBA9E41A76A99604A ] C:\Windows\System32\wer.dll
19:30:47.0126 2188  C:\Windows\System32\wer.dll - ok
19:30:47.0139 2188  [ D99621C0735B21DCC8BC4FEF02F379EF ] C:\Windows\System32\Apphlpdm.dll
19:30:47.0139 2188  C:\Windows\System32\Apphlpdm.dll - ok
19:30:47.0144 2188  [ 8B794AE6D5C7D42092804BC39A2EB8F6 ] C:\Windows\System32\aepic.dll
19:30:47.0144 2188  C:\Windows\System32\aepic.dll - ok
19:30:47.0150 2188  [ 9A7B54D57594233EEB17892BAD309970 ] C:\Windows\System32\mprmsg.dll
19:30:47.0150 2188  C:\Windows\System32\mprmsg.dll - ok
19:30:47.0159 2188  [ F7FE730CE31B54145DEE1F1482BCCDD7 ] C:\Windows\System32\ndiscapCfg.dll
19:30:47.0159 2188  C:\Windows\System32\ndiscapCfg.dll - ok
19:30:47.0167 2188  [ 761A3A4038C1FD4F5795427907C28484 ] C:\Windows\System32\rascfg.dll
19:30:47.0167 2188  C:\Windows\System32\rascfg.dll - ok
19:30:47.0176 2188  [ C5C867CD7EFAC60D5021223E374DEEC5 ] C:\Windows\System32\dimsjob.dll
19:30:47.0176 2188  C:\Windows\System32\dimsjob.dll - ok
19:30:47.0191 2188  [ A6AB92DEBE2D8F08D3452D09FBAF73AE ] C:\Windows\System32\tcpipcfg.dll
19:30:47.0191 2188  C:\Windows\System32\tcpipcfg.dll - ok
19:30:47.0198 2188  [ 0174C3636D001197F10A52DB8BBF960D ] C:\Windows\System32\certcli.dll
19:30:47.0198 2188  C:\Windows\System32\certcli.dll - ok
19:30:47.0208 2188  [ 14486EB6AF542F2BD3239F7FC3E713F7 ] C:\Windows\System32\pautoenr.dll
19:30:47.0208 2188  C:\Windows\System32\pautoenr.dll - ok
19:30:47.0218 2188  [ 431BF8D33C8933D76FD4ED6098806A56 ] C:\Windows\System32\CertEnroll.dll
19:30:47.0218 2188  C:\Windows\System32\CertEnroll.dll - ok
19:30:47.0224 2188  [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\System32\EhStorShell.dll
19:30:47.0225 2188  C:\Windows\System32\EhStorShell.dll - ok
19:30:47.0234 2188  [ 8EA7933B80FBC023C538C0FA5471778E ] C:\Program Files\Google\Drive\googledrivesync32.dll
19:30:47.0234 2188  C:\Program Files\Google\Drive\googledrivesync32.dll - ok
19:30:47.0244 2188  [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
19:30:47.0244 2188  C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
19:30:47.0252 2188  [ AA5312B5B37F8E8C97615F8357EA65A8 ] C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
19:30:47.0252 2188  C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL - ok
19:30:47.0261 2188  [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\System32\winrnr.dll
19:30:47.0262 2188  C:\Windows\System32\winrnr.dll - ok
19:30:47.0272 2188  [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\System32\NapiNSP.dll
19:30:47.0272 2188  C:\Windows\System32\NapiNSP.dll - ok
19:30:47.0280 2188  [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\System32\pnrpnsp.dll
19:30:47.0280 2188  C:\Windows\System32\pnrpnsp.dll - ok
19:30:47.0288 2188  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] C:\Windows\System32\aelupsvc.dll
19:30:47.0289 2188  C:\Windows\System32\aelupsvc.dll - ok
19:30:47.0298 2188  [ 58A14C45A5CD2528F10A889E7B0C3FC2 ] C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll
19:30:47.0298 2188  C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll - ok
19:30:47.0308 2188  [ E9901A7E569C4156FDA69F5C9356B8ED ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\OFFICE.ODF
19:30:47.0308 2188  C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\OFFICE.ODF - ok
19:30:47.0317 2188  [ 78DE417B7921DACA072059E6BF410FC7 ] C:\Windows\System32\wshnetbs.dll
19:30:47.0317 2188  C:\Windows\System32\wshnetbs.dll - ok
19:30:47.0326 2188  [ 9E6AF823733C70E207D9FB6731A63B3D ] C:\Windows\System32\wlaninst.dll
19:30:47.0326 2188  C:\Windows\System32\wlaninst.dll - ok
19:30:47.0334 2188  [ 5B6EF0861BB5AC0EC347548E85C24A1D ] C:\Windows\System32\wwaninst.dll
19:30:47.0334 2188  C:\Windows\System32\wwaninst.dll - ok
19:30:47.0345 2188  [ 676CCC08D9E9A3F4CA39CB04E97048DF ] C:\PROGRA~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
19:30:47.0345 2188  C:\PROGRA~1\MICROS~2\Office14\1033\GrooveIntlResource.dll - ok
19:30:47.0353 2188  [ 51138BEEA3E2C21EC44D0932C71762A8 ] C:\Windows\System32\rundll32.exe
19:30:47.0353 2188  C:\Windows\System32\rundll32.exe - ok
19:30:47.0362 2188  [ 46663013E49875B6C5BA32BC206A6519 ] C:\Windows\System32\cscui.dll
19:30:47.0362 2188  C:\Windows\System32\cscui.dll - ok
19:30:47.0371 2188  [ 49358A80DED5A4F564A203C0E0CAB253 ] C:\Windows\System32\cscdll.dll
19:30:47.0371 2188  C:\Windows\System32\cscdll.dll - ok
19:30:47.0381 2188  [ 523CF74A52C9A1762DA8B83AEE734498 ] C:\Windows\System32\IconCodecService.dll
19:30:47.0381 2188  C:\Windows\System32\IconCodecService.dll - ok
19:30:47.0388 2188  [ 7DEAD9E3F65DCB2794F2711003BBF650 ] C:\Windows\System32\appinfo.dll
19:30:47.0388 2188  C:\Windows\System32\appinfo.dll - ok
19:30:47.0400 2188  [ 1351931877DE0C46C4D42DAA26F7B5B1 ] C:\Windows\AppPatch\AcLayers.dll
19:30:47.0400 2188  C:\Windows\AppPatch\AcLayers.dll - ok
19:30:47.0408 2188  [ 61E02CC3184B63FAFE0B83EAC8B3B8EF ] C:\Windows\System32\winspool.drv
19:30:47.0408 2188  C:\Windows\System32\winspool.drv - ok
19:30:47.0422 2188  [ B6C4063297C7D07CD0532BDC3350436C ] C:\Windows\System32\actxprxy.dll
19:30:47.0422 2188  C:\Windows\System32\actxprxy.dll - ok
19:30:47.0428 2188  [ 169F916EFEAA44487E65305B7D2D754B ] C:\Windows\System32\runonce.exe
19:30:47.0428 2188  C:\Windows\System32\runonce.exe - ok
19:30:47.0436 2188  [ 8AE6DD9A6D246004DA047F704F0CC487 ] C:\Windows\System32\cmd.exe
19:30:47.0436 2188  C:\Windows\System32\cmd.exe - ok
19:30:47.0445 2188  [ 29D9FCDF65B7C823688A035937BB6697 ] C:\Windows\System32\conhost.exe
19:30:47.0445 2188  C:\Windows\System32\conhost.exe - ok
19:30:47.0454 2188  [ 672ECBB050F17BF90FE00758596F38CA ] C:\Windows\System32\ieframe.dll
19:30:47.0455 2188  C:\Windows\System32\ieframe.dll - ok
19:30:47.0463 2188  [ E07B77C3BDC82A024E294FB67ABFEDA0 ] C:\Windows\System32\shdocvw.dll
19:30:47.0463 2188  C:\Windows\System32\shdocvw.dll - ok
19:30:47.0472 2188  [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\FartDart\AppData\Local\Temp\6E9077D6-B795-4A38-A2AA-CD8A1BDDA2EB.exe
19:30:47.0472 2188  C:\Users\FartDart\AppData\Local\Temp\6E9077D6-B795-4A38-A2AA-CD8A1BDDA2EB.exe - ok
19:30:47.0484 2188  [ 04D16553664796613FE98D441A0C35D7 ] C:\Windows\System32\cryptnet.dll
19:30:47.0484 2188  C:\Windows\System32\cryptnet.dll - ok
19:30:47.0495 2188  [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\System32\SensApi.dll
19:30:47.0495 2188  C:\Windows\System32\SensApi.dll - ok
19:30:47.0502 2188  [ DEF30CBEA881149C2AFFDF9A059FB759 ] C:\Windows\System32\cabinet.dll
19:30:47.0502 2188  C:\Windows\System32\cabinet.dll - ok
19:30:47.0511 2188  [ DE5DACEBD4C89834EC6D2C41C8643CDA ] C:\Windows\System32\taskeng.exe
19:30:47.0511 2188  C:\Windows\System32\taskeng.exe - ok
19:30:47.0519 2188  [ 724A74BA9B5832A91562D2AC393E540B ] C:\Windows\System32\localspl.dll
19:30:47.0520 2188  C:\Windows\System32\localspl.dll - ok
19:30:47.0529 2188  [ 629181C26A78EB66B0B4E774E5AC2882 ] C:\Windows\System32\spoolss.dll
19:30:47.0529 2188  C:\Windows\System32\spoolss.dll - ok
19:30:47.0538 2188  [ D5CC5113671AC70993A5B46923212F16 ] C:\Windows\System32\FXSMON.dll
19:30:47.0538 2188  C:\Windows\System32\FXSMON.dll - ok
19:30:47.0546 2188  [ DDA6CFD632DCB8D9C72ADA58799BF776 ] C:\Windows\System32\PrintIsolationProxy.dll
19:30:47.0546 2188  C:\Windows\System32\PrintIsolationProxy.dll - ok
19:30:47.0557 2188  [ B390C1D825C7687493BEDE237C6C2F25 ] C:\Windows\System32\tcpmon.dll
19:30:47.0557 2188  C:\Windows\System32\tcpmon.dll - ok
19:30:47.0564 2188  [ 1220595CABA75AB91A6B3FA3B89483CC ] C:\Windows\System32\snmpapi.dll
19:30:47.0565 2188  C:\Windows\System32\snmpapi.dll - ok
19:30:47.0574 2188  [ 596371A825C6ABB55E436B6F0966A24F ] C:\Windows\System32\wsnmp32.dll
19:30:47.0574 2188  C:\Windows\System32\wsnmp32.dll - ok
19:30:47.0582 2188  [ 923CDD30092DB73EC4A0EBCDDD16C686 ] C:\Windows\System32\usbmon.dll
19:30:47.0582 2188  C:\Windows\System32\usbmon.dll - ok
19:30:47.0591 2188  [ 659E04E74135927CA6D7BC5E75C84417 ] C:\Windows\System32\TSChannel.dll
19:30:47.0591 2188  C:\Windows\System32\TSChannel.dll - ok
19:30:47.0601 2188  [ 206ECCF79765E9F3FC6CCA04114EE058 ] C:\Windows\System32\WSDApi.dll
19:30:47.0601 2188  C:\Windows\System32\WSDApi.dll - ok
19:30:47.0610 2188  [ A8EB761DE499242BECF153B2B34F020E ] C:\Windows\System32\WSDMon.dll
19:30:47.0610 2188  C:\Windows\System32\WSDMon.dll - ok
19:30:47.0625 2188  [ 506708142BC63DABA64F2D3AD1DCD5BF ] C:\Program Files\Google\Update\GoogleUpdate.exe
19:30:47.0625 2188  C:\Program Files\Google\Update\GoogleUpdate.exe - ok
19:30:47.0631 2188  [ 4262220B609AD082CE66914172597A96 ] C:\Windows\System32\webservices.dll
19:30:47.0632 2188  C:\Windows\System32\webservices.dll - ok
19:30:47.0642 2188  [ 2E5672EEA419A4DC9DACD714632E1DC3 ] C:\Program Files\Google\Update\1.3.21.135\goopdate.dll
19:30:47.0642 2188  C:\Program Files\Google\Update\1.3.21.135\goopdate.dll - ok
19:30:47.0650 2188  [ 89D90579E5FB1469CB0464F6512E42B7 ] C:\Windows\System32\fundisc.dll
19:30:47.0651 2188  C:\Windows\System32\fundisc.dll - ok
19:30:47.0656 2188  [ F34CFADA6C48DAA41B996D24C7D8D3CA ] C:\Windows\System32\fdPnp.dll
19:30:47.0656 2188  C:\Windows\System32\fdPnp.dll - ok
19:30:47.0668 2188  [ AE6AF014B616F53BA762F0BCFD8F7F21 ] C:\Windows\System32\msi.dll
19:30:47.0669 2188  C:\Windows\System32\msi.dll - ok
19:30:47.0675 2188  [ DBD10464E7246C9E722025DEBC093D01 ] C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll
19:30:47.0675 2188  C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll - ok
19:30:47.0683 2188  [ 2F998E1FCA7749E836FDFAFE88DE9237 ] C:\Windows\System32\win32spl.dll
19:30:47.0683 2188  C:\Windows\System32\win32spl.dll - ok
19:30:47.0693 2188  [ 79C7CFAEA6879A8C1A1E8B5FFE8983AA ] C:\Windows\System32\dbghelp.dll
19:30:47.0693 2188  C:\Windows\System32\dbghelp.dll - ok
19:30:47.0701 2188  [ 258A532CFFAAD910B5B14F27DCD7BFB3 ] C:\Windows\System32\inetpp.dll
19:30:47.0701 2188  C:\Windows\System32\inetpp.dll - ok
19:30:47.0711 2188  [ BECDDA0990DEBD72A30096533521AD73 ] C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
19:30:47.0711 2188  C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe - ok
19:30:47.0720 2188  [ 52FC6799B30366814D1CE6E5C2E28875 ] C:\Windows\System32\ntprint.dll
19:30:47.0720 2188  C:\Windows\System32\ntprint.dll - ok
19:30:47.0729 2188  [ 4B9E4CE667DF26ADA061AA81E9AA841D ] C:\Windows\System32\spfileq.dll
19:30:47.0729 2188  C:\Windows\System32\spfileq.dll - ok
19:30:47.0738 2188  [ 1B0EC94520CAB89A9CE1B2DA405166AF ] C:\Windows\System32\p2pcollab.dll
19:30:47.0738 2188  C:\Windows\System32\p2pcollab.dll - ok
19:30:47.0748 2188  [ 80284F1985C70C86F0B5F86DA2DFE1DF ] C:\Windows\System32\QAGENTRT.DLL
19:30:47.0748 2188  C:\Windows\System32\QAGENTRT.DLL - ok
19:30:47.0757 2188  [ 9FD6496B6D91C8BE2A10BD55EAE2D5F2 ] C:\Windows\System32\fveui.dll
19:30:47.0757 2188  C:\Windows\System32\fveui.dll - ok
19:30:47.0765 2188  [ 48610F455B27BA98ADAF6AE2A925D59D ] C:\Windows\System32\iedkcs32.dll
19:30:47.0765 2188  C:\Windows\System32\iedkcs32.dll - ok
19:30:47.0775 2188  [ AE571A4036D5770B64E10EA49CB930FE ] C:\Windows\System32\ie4uinit.exe
19:30:47.0775 2188  C:\Windows\System32\ie4uinit.exe - ok
19:30:47.0786 2188  [ A4155E8A6B30607FB2609B27493BC0AD ] C:\Windows\System32\timedate.cpl
19:30:47.0786 2188  C:\Windows\System32\timedate.cpl - ok
19:30:47.0792 2188  [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\System32\linkinfo.dll
19:30:47.0793 2188  C:\Windows\System32\linkinfo.dll - ok
19:30:47.0805 2188  [ 175383778EB24D98C84E624021E3AA0B ] C:\Windows\System32\aeevts.dll
19:30:47.0805 2188  C:\Windows\System32\aeevts.dll - ok
19:30:47.0813 2188  [ C01A5E602E827FD00240370C1B617608 ] C:\Windows\System32\gameux.dll
19:30:47.0813 2188  C:\Windows\System32\gameux.dll - ok
19:30:47.0822 2188  [ FBE9BC55CF7ED9CC1452F7AF02C31864 ] C:\Windows\System32\msftedit.dll
19:30:47.0822 2188  C:\Windows\System32\msftedit.dll - ok
19:30:47.0832 2188  [ 26025A46FB3FDB40FF06BBF1834093B5 ] C:\Windows\System32\msls31.dll
19:30:47.0832 2188  C:\Windows\System32\msls31.dll - ok
19:30:47.0840 2188  [ 7896EFFDEE215C172BE724A64931EF1C ] C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
19:30:47.0840 2188  C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll - ok
19:30:47.0853 2188  [ F1278B3514EA6FA9BC39B20D26139AAC ] C:\Windows\System32\msiltcfg.dll
19:30:47.0853 2188  C:\Windows\System32\msiltcfg.dll - ok
19:30:47.0859 2188  [ 3E19163966261CCDBA4C8C030E601998 ] C:\Windows\System32\DeviceCenter.dll
19:30:47.0859 2188  C:\Windows\System32\DeviceCenter.dll - ok
19:30:47.0868 2188  [ 901AA7A38CE13F14B6BBEC38C0595698 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
19:30:47.0868 2188  C:\Program Files\Microsoft Office\Office14\BCSSync.exe - ok
19:30:47.0878 2188  [ DBE2AA52B5D67DA319D33A175B8BB41E ] C:\Windows\System32\thumbcache.dll
19:30:47.0878 2188  C:\Windows\System32\thumbcache.dll - ok
19:30:47.0890 2188  [ 3CB07566302BCEEB898DE270A0BEC175 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
19:30:47.0890 2188  C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
19:30:47.0896 2188  [ 3CDEDF4059A2BDBB9CD888EA1979D54C ] C:\Windows\System32\mscoree.dll
19:30:47.0896 2188  C:\Windows\System32\mscoree.dll - ok
19:30:47.0904 2188  [ 4A056D7392F31EDA3AE1975E7010D7E3 ] C:\Windows\System32\networkexplorer.dll
19:30:47.0904 2188  C:\Windows\System32\networkexplorer.dll - ok
19:30:47.0912 2188  [ 407FE7D64BF0257EC28D8DA8EF77DDA4 ] C:\Program Files\Steam\Steam.exe
19:30:47.0912 2188  C:\Program Files\Steam\Steam.exe - ok
19:30:47.0923 2188  [ 4441BAFA07B59A664AD1E58658B532DE ] C:\Program Files\Steam\crashhandler.dll
19:30:47.0923 2188  C:\Program Files\Steam\crashhandler.dll - ok
19:30:47.0930 2188  [ 12DBA51A6D1126E88F78D79AE0F7600F ] C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
19:30:47.0930 2188  C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe - ok
19:30:47.0940 2188  [ 6B06C4037A0BAC51877D95BE69358994 ] C:\Program Files\Steam\steamerrorreporter.exe
19:30:47.0940 2188  C:\Program Files\Steam\steamerrorreporter.exe - ok
19:30:47.0948 2188  [ D9298AF94E6BF21665A42261A02AB0C9 ] C:\Program Files\Steam\tier0_s.dll
19:30:47.0948 2188  C:\Program Files\Steam\tier0_s.dll - ok
19:30:47.0957 2188  [ D47BD344124A01202EDBDF091E60313D ] C:\Program Files\Steam\vstdlib_s.dll
19:30:47.0958 2188  C:\Program Files\Steam\vstdlib_s.dll - ok
19:30:47.0965 2188  [ 58B8702C20DE211D1FCB248D2FDD71D1 ] C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe
19:30:47.0965 2188  C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe - ok
19:30:47.0975 2188  [ E3C817F7FE44CC870ECDBCBC3EA36132 ] C:\Windows\System32\msvcp100.dll
19:30:47.0975 2188  C:\Windows\System32\msvcp100.dll - ok
19:30:47.0984 2188  [ BF38660A9125935658CFA3E53FDC7D65 ] C:\Windows\System32\msvcr100.dll
19:30:47.0984 2188  C:\Windows\System32\msvcr100.dll - ok
19:30:47.0993 2188  [ B24ABFAB2D541996A38905369D511953 ] C:\Windows\System32\wdmaud.drv
19:30:47.0993 2188  C:\Windows\System32\wdmaud.drv - ok
19:30:48.0001 2188  [ 9C67F6BBDA3881CFD02095160CF91576 ] C:\Windows\System32\ksuser.dll
19:30:48.0001 2188  C:\Windows\System32\ksuser.dll - ok
19:30:48.0011 2188  [ 36333D345062E42E849C0AF00CBEFC97 ] C:\Windows\System32\ntshrui.dll
19:30:48.0011 2188  C:\Windows\System32\ntshrui.dll - ok
19:30:48.0019 2188  [ AFBB5060A2DAD431A2EAEB2C86CFFE81 ] C:\Windows\System32\AudioSes.dll
19:30:48.0019 2188  C:\Windows\System32\AudioSes.dll - ok
19:30:48.0032 2188  [ 07393A09C46083588E751B63B03C8301 ] C:\Windows\System32\msacm32.drv
19:30:48.0032 2188  C:\Windows\System32\msacm32.drv - ok
19:30:48.0041 2188  [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\System32\msacm32.dll
19:30:48.0041 2188  C:\Windows\System32\msacm32.dll - ok
19:30:48.0052 2188  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\84896325.sys
19:30:48.0052 2188  C:\Windows\System32\drivers\84896325.sys - ok
19:30:48.0059 2188  [ 5A12C364AD1D4FCC0AD0E56DBBC34462 ] C:\Windows\System32\midimap.dll
19:30:48.0059 2188  C:\Windows\System32\midimap.dll - ok
19:30:48.0068 2188  [ 6EC594AB7EFA45EACDE65FD4040F53D9 ] C:\Windows\System32\riched20.dll
19:30:48.0068 2188  C:\Windows\System32\riched20.dll - ok
19:30:48.0078 2188  [ 0DCA6A11D09D4C2CBE6B898B897EA915 ] C:\Windows\System32\UIAnimation.dll
19:30:48.0078 2188  C:\Windows\System32\UIAnimation.dll - ok
19:30:48.0085 2188  [ 6850CAB88C6689D9A9936AFF033578AF ] C:\Windows\System32\stobject.dll
19:30:48.0085 2188  C:\Windows\System32\stobject.dll - ok
19:30:48.0095 2188  [ DAD1F753E1F8563629FBC93F8B15D9F8 ] C:\Windows\System32\batmeter.dll
19:30:48.0095 2188  C:\Windows\System32\batmeter.dll - ok
19:30:48.0107 2188  [ 803768444B482D61B92D715A05B5712A ] C:\Windows\System32\prnfldr.dll
19:30:48.0107 2188  C:\Windows\System32\prnfldr.dll - ok
19:30:48.0115 2188  [ 6EC0A1BC384DA75511FAEDE0B45A82D4 ] C:\Windows\System32\DXP.dll
19:30:48.0115 2188  C:\Windows\System32\DXP.dll - ok
19:30:48.0122 2188  [ 856CFFCD835528136367BB1A8FE1DB87 ] C:\Windows\System32\Syncreg.dll
19:30:48.0122 2188  C:\Windows\System32\Syncreg.dll - ok
19:30:48.0130 2188  [ F8F03D206F7D5811D630349A23E9B9B9 ] C:\Windows\ehome\ehSSO.dll
19:30:48.0130 2188  C:\Windows\ehome\ehSSO.dll - ok
19:30:48.0139 2188  [ 0C78E06A66288E4B5293104A38FEFD18 ] C:\Program Files\Steam\Steam.dll
19:30:48.0139 2188  C:\Program Files\Steam\Steam.dll - ok
19:30:48.0148 2188  [ B2B3DAE040F6B5AE1DF52B0CD7631A18 ] C:\Windows\System32\AltTab.dll
19:30:48.0148 2188  C:\Windows\System32\AltTab.dll - ok
19:30:48.0158 2188  [ C85CE85A6EE327C755605501CC51B406 ] C:\Program Files\Steam\SteamUI.dll
19:30:48.0158 2188  C:\Program Files\Steam\SteamUI.dll - ok
19:30:48.0167 2188  [ F5EB1E039498D6F1D106E96CE7C1F3C6 ] C:\Windows\System32\WPDShServiceObj.dll
19:30:48.0167 2188  C:\Windows\System32\WPDShServiceObj.dll - ok
19:30:48.0173 2188  [ ADB45A977BD9E45790CA496DB84BA148 ] C:\Windows\System32\PortableDeviceTypes.dll
19:30:48.0173 2188  C:\Windows\System32\PortableDeviceTypes.dll - ok
19:30:48.0182 2188  [ 2862A3819BBC9757DD27BAC41A4E0A3E ] C:\Windows\System32\pnidui.dll
19:30:48.0182 2188  C:\Windows\System32\pnidui.dll - ok
19:30:48.0191 2188  [ 45F0F12A11861CE0FB682B87A310FE41 ] C:\Windows\System32\QUTIL.DLL
19:30:48.0191 2188  C:\Windows\System32\QUTIL.DLL - ok
19:30:48.0199 2188  [ B1E5099DC69DA99E7D90E442DE297D4F ] C:\Windows\System32\cscobj.dll
19:30:48.0199 2188  C:\Windows\System32\cscobj.dll - ok
19:30:48.0208 2188  [ 622D95520182F6D3D05310D5810CA8B3 ] C:\Windows\System32\SearchIndexer.exe
19:30:48.0208 2188  C:\Windows\System32\SearchIndexer.exe - ok
19:30:48.0219 2188  [ D4C438883154C3D082FB2E629191C45F ] C:\Windows\System32\srchadmin.dll
19:30:48.0219 2188  C:\Windows\System32\srchadmin.dll - ok
19:30:48.0231 2188  [ 7C6A2CCF98024A5EF8740162701CE3E7 ] C:\Windows\System32\tquery.dll
19:30:48.0231 2188  C:\Windows\System32\tquery.dll - ok
19:30:48.0241 2188  [ D39DA70FEA6BD713682F70635587DA9E ] C:\Windows\System32\rasdlg.dll
19:30:48.0241 2188  C:\Windows\System32\rasdlg.dll - ok
19:30:48.0250 2188  [ 8A615BA7EA2E374E4FF9CA6664AE07C4 ] C:\Program Files\Steam\SDL2.dll
19:30:48.0250 2188  C:\Program Files\Steam\SDL2.dll - ok
19:30:48.0258 2188  [ 0CE7A0FFBBA93810384B6794C6901F4C ] C:\Windows\System32\mssrch.dll
19:30:48.0258 2188  C:\Windows\System32\mssrch.dll - ok
19:30:48.0267 2188  [ F79828CEF4F501F60F94B1CD00C47041 ] C:\Windows\System32\dot3api.dll
19:30:48.0267 2188  C:\Windows\System32\dot3api.dll - ok
19:30:48.0276 2188  [ 8063046AA70B97CA9985672B8848FB2E ] C:\Windows\System32\wlanhlp.dll
19:30:48.0276 2188  C:\Windows\System32\wlanhlp.dll - ok
19:30:48.0284 2188  [ B010CF886420EE29C2C276646721D255 ] C:\Windows\System32\wlanapi.dll
19:30:48.0284 2188  C:\Windows\System32\wlanapi.dll - ok
19:30:48.0293 2188  [ F4055BF49A90375FD7672A604F3B0B8E ] C:\Windows\System32\ActionCenter.dll
19:30:48.0293 2188  C:\Windows\System32\ActionCenter.dll - ok
19:30:48.0302 2188  [ 81600E2E27ED61427AAD865B9BCDDB9D ] C:\Windows\System32\msidle.dll
19:30:48.0302 2188  C:\Windows\System32\msidle.dll - ok
19:30:48.0311 2188  [ 1CBF15FDB0310345A68972EB5C5B948F ] C:\Windows\System32\mssprxy.dll
19:30:48.0311 2188  C:\Windows\System32\mssprxy.dll - ok
19:30:48.0322 2188  [ A7532E66EA2F168A0970E829D8986423 ] C:\Program Files\Steam\dbghelp.dll
19:30:48.0322 2188  C:\Program Files\Steam\dbghelp.dll - ok
19:30:48.0329 2188  [ 53683A331F8A1BB20ADD0330F1DE6388 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
19:30:48.0329 2188  C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
19:30:48.0339 2188  [ C02AA67276FEE0C15CC4D6D616BDE95E ] C:\Windows\System32\WWanAPI.dll
19:30:48.0340 2188  C:\Windows\System32\WWanAPI.dll - ok
19:30:48.0346 2188  [ F2ED6D00921CA138289E5E0CCB9ABF87 ] C:\Windows\System32\wwapi.dll
19:30:48.0346 2188  C:\Windows\System32\wwapi.dll - ok
19:30:48.0355 2188  [ 173C217E677C4B0C4F8A6D54BA13BF9B ] C:\Program Files\Steam\CSERHelper.dll
19:30:48.0355 2188  C:\Program Files\Steam\CSERHelper.dll - ok
19:30:48.0364 2188  [ 99BD4B9B15A823A6C46B561329178122 ] C:\Windows\System32\QAGENT.DLL
19:30:48.0364 2188  C:\Windows\System32\QAGENT.DLL - ok
19:30:48.0374 2188  [ 69ECE6902682037EA5187C702359445F ] C:\Program Files\Steam\bin\filesystem_steam.dll
19:30:48.0374 2188  C:\Program Files\Steam\bin\filesystem_steam.dll - ok
19:30:48.0382 2188  [ 8F8AB20AA863EA95A421B9D54C74F20C ] C:\Program Files\Windows Media Player\wmpnssci.dll
19:30:48.0382 2188  C:\Program Files\Windows Media Player\wmpnssci.dll - ok
19:30:48.0390 2188  [ 2D15C41214F518FC3C72A4C01C30882F ] C:\Windows\System32\bthprops.cpl
19:30:48.0390 2188  C:\Windows\System32\bthprops.cpl - ok
19:30:48.0399 2188  [ B63E24E9271E99FD4540E3CA22A937DA ] C:\Windows\System32\en-US\tquery.dll.mui
19:30:48.0399 2188  C:\Windows\System32\en-US\tquery.dll.mui - ok
19:30:48.0411 2188  [ D654B89C1009437A21D42B909F129154 ] C:\Program Files\Steam\bin\vgui2_s.dll
19:30:48.0411 2188  C:\Program Files\Steam\bin\vgui2_s.dll - ok
19:30:48.0417 2188  [ 77FBD400984CF72BA0FC4B3489D65F74 ] C:\Program Files\Windows Media Player\wmpnetwk.exe
19:30:48.0417 2188  C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
19:30:48.0427 2188  [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\System32\msimg32.dll
19:30:48.0427 2188  C:\Windows\System32\msimg32.dll - ok
19:30:48.0436 2188  [ D1BBE227367ED791D5FCF08E132D2956 ] C:\Windows\System32\opengl32.dll
19:30:48.0436 2188  C:\Windows\System32\opengl32.dll - ok
19:30:48.0445 2188  [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\System32\wsock32.dll
19:30:48.0445 2188  C:\Windows\System32\wsock32.dll - ok
19:30:48.0454 2188  [ DE76461D3E5EBE1C762967D21C17B8C0 ] C:\Windows\System32\wmdrmdev.dll
19:30:48.0454 2188  C:\Windows\System32\wmdrmdev.dll - ok
19:30:48.0466 2188  [ DE3897365B04C4DA1CF8FF725577C082 ] C:\Windows\System32\glu32.dll
19:30:48.0467 2188  C:\Windows\System32\glu32.dll - ok
19:30:48.0473 2188  [ 198552AEFECA69D646867EC8D792DE95 ] C:\Windows\System32\ddraw.dll
19:30:48.0473 2188  C:\Windows\System32\ddraw.dll - ok
19:30:48.0481 2188  [ 47D052D9EE1FD3BA2A55D13F61E3EF24 ] C:\Windows\System32\drmv2clt.dll
19:30:48.0481 2188  C:\Windows\System32\drmv2clt.dll - ok
19:30:48.0490 2188  [ 55E5B32AE8D1F51A63C82919656FD275 ] C:\Windows\System32\dciman32.dll
19:30:48.0491 2188  C:\Windows\System32\dciman32.dll - ok
19:30:48.0499 2188  [ 11600E7F792BC361EF69B981F10A9E74 ] C:\Program Files\Steam\bin\chromehtml.dll
19:30:48.0499 2188  C:\Program Files\Steam\bin\chromehtml.dll - ok
19:30:48.0508 2188  [ 40B82688907A7DBA4DB3B5ADDE3EAB3B ] C:\Windows\System32\mfplat.dll
19:30:48.0508 2188  C:\Windows\System32\mfplat.dll - ok
19:30:48.0517 2188  [ C2D6A4475B87651D5909E364439FDA52 ] C:\Windows\System32\FXSST.dll
19:30:48.0517 2188  C:\Windows\System32\FXSST.dll - ok
19:30:48.0526 2188  [ 942E57152F1CD0533644AB30EF1A4728 ] C:\Windows\System32\FXSAPI.dll
19:30:48.0527 2188  C:\Windows\System32\FXSAPI.dll - ok
19:30:48.0535 2188  [ DE92625114A5A02C715F7E03CA3F6016 ] C:\Windows\System32\blackbox.dll
19:30:48.0535 2188  C:\Windows\System32\blackbox.dll - ok
19:30:48.0544 2188  [ C4096CA42199428B3D63DC206C197F0E ] C:\Windows\System32\FXSRESM.dll
19:30:48.0544 2188  C:\Windows\System32\FXSRESM.dll - ok
19:30:48.0554 2188  [ 9DA621EE05B8F692ABC52B5D8076C3C7 ] C:\Program Files\Steam\bin\libcef.dll
19:30:48.0555 2188  C:\Program Files\Steam\bin\libcef.dll - ok
19:30:48.0562 2188  [ 7372A79A5F906CD959A74A32E6FEDB1F ] C:\Windows\System32\upnp.dll
19:30:48.0562 2188  C:\Windows\System32\upnp.dll - ok
19:30:48.0570 2188  [ 3D7DD3C29DAF738624DE918F666F70FA ] C:\Windows\System32\wmp.dll
19:30:48.0570 2188  C:\Windows\System32\wmp.dll - ok
19:30:48.0579 2188  [ D887C9FD02AC9FA880F6E5027A43E118 ] C:\Windows\System32\ssdpsrv.dll
19:30:48.0580 2188  C:\Windows\System32\ssdpsrv.dll - ok
19:30:48.0588 2188  [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] C:\Windows\System32\FXSSVC.exe
19:30:48.0588 2188  C:\Windows\System32\FXSSVC.exe - ok
19:30:48.0598 2188  [ 177DF28315BF4300ECB5CBEEEE961292 ] C:\Windows\System32\webcheck.dll
19:30:48.0598 2188  C:\Windows\System32\webcheck.dll - ok
19:30:48.0607 2188  [ 8EE6BDE1D572677AA35707C52C585F75 ] C:\Windows\System32\mlang.dll
19:30:48.0607 2188  C:\Windows\System32\mlang.dll - ok
19:30:48.0618 2188  [ 8C7FE6B9559204765849BFF308764FA5 ] C:\Windows\System32\SyncCenter.dll
19:30:48.0619 2188  C:\Windows\System32\SyncCenter.dll - ok
19:30:48.0630 2188  [ 5F16C07CFA97228DB5AC98D61D770827 ] C:\Windows\System32\imapi2.dll
19:30:48.0630 2188  C:\Windows\System32\imapi2.dll - ok
19:30:48.0639 2188  [ 8CC4ECA2177510674DB92BB8F1CEBBEE ] C:\Windows\System32\hgcpl.dll
19:30:48.0640 2188  C:\Windows\System32\hgcpl.dll - ok
19:30:48.0648 2188  [ F3222C893BD2F5821A0179E5C71E88FB ] C:\Windows\System32\fdPHost.dll
19:30:48.0648 2188  C:\Windows\System32\fdPHost.dll - ok
19:30:48.0658 2188  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] C:\Windows\System32\FDResPub.dll
19:30:48.0658 2188  C:\Windows\System32\FDResPub.dll - ok
19:30:48.0663 2188  [ DE6F4B7E62FDE776F3DE8E5FB5A05C48 ] C:\Windows\System32\fdWSD.dll
19:30:48.0663 2188  C:\Windows\System32\fdWSD.dll - ok
19:30:48.0670 2188  [ 674611721264013DB169EC12AFC9C3B6 ] C:\Windows\System32\fdSSDP.dll
19:30:48.0671 2188  C:\Windows\System32\fdSSDP.dll - ok
19:30:48.0680 2188  [ 3FF0FA0A81910617739644A06D06D016 ] C:\Windows\System32\fdProxy.dll
19:30:48.0680 2188  C:\Windows\System32\fdProxy.dll - ok
19:30:48.0688 2188  [ B315C62E9046BCB58137A49625B6E253 ] C:\Windows\System32\wmploc.DLL
19:30:48.0688 2188  C:\Windows\System32\wmploc.DLL - ok
19:30:48.0698 2188  [ 4DDC46C5FEECF9EB92AD554D6ED37E0C ] C:\Program Files\Internet Explorer\ieproxy.dll
19:30:48.0698 2188  C:\Program Files\Internet Explorer\ieproxy.dll - ok
19:30:48.0707 2188  [ B194D2CFE72FD79F5199C46F2EE19D92 ] C:\Windows\System32\DWrite.dll
19:30:48.0707 2188  C:\Windows\System32\DWrite.dll - ok
19:30:48.0715 2188  [ 045D0F4F41CA53D4CB22BDC814A22B64 ] C:\Program Files\Steam\bin\icudt.dll
19:30:48.0715 2188  C:\Program Files\Steam\bin\icudt.dll - ok
19:30:48.0731 2188  [ B6512A85815FDC3D560C3705F5BDB93D ] C:\Windows\System32\FntCache.dll
19:30:48.0731 2188  C:\Windows\System32\FntCache.dll - ok
19:30:48.0737 2188  [ 9DA78C1F1F15CE5424EDF18CE4728C01 ] C:\Windows\System32\wmpps.dll
19:30:48.0737 2188  C:\Windows\System32\wmpps.dll - ok
19:30:48.0746 2188  [ BBA1FE328CEA501FCCE1E5DF16276439 ] C:\Program Files\Steam\bin\avcodec-53.dll
19:30:48.0746 2188  C:\Program Files\Steam\bin\avcodec-53.dll - ok
19:30:48.0757 2188  [ 2A8B8A15A58EDF3B443083EC29894E54 ] C:\Program Files\Steam\bin\avutil-51.dll
19:30:48.0757 2188  C:\Program Files\Steam\bin\avutil-51.dll - ok
19:30:48.0765 2188  [ C5CCB86CD745746B9908031A54315F90 ] C:\Program Files\Steam\bin\avformat-53.dll
19:30:48.0765 2188  C:\Program Files\Steam\bin\avformat-53.dll - ok
19:30:48.0774 2188  [ 2F91685947C05D9FD822802A66511C1A ] C:\Program Files\Steam\steamclient.dll
19:30:48.0774 2188  C:\Program Files\Steam\steamclient.dll - ok
19:30:48.0783 2188  [ 21894CB605E416D26892DC445507408E ] C:\Windows\System32\pdh.dll
19:30:48.0783 2188  C:\Windows\System32\pdh.dll - ok
19:30:48.0791 2188  [ 0AB205EDC2D0DD419D88AF0E3C2358F2 ] C:\Program Files\Common Files\Steam\SteamService.exe
19:30:48.0791 2188  C:\Program Files\Common Files\Steam\SteamService.exe - ok
19:30:48.0800 2188  [ 00D5C509A656A171FB05812DF59C554E ] C:\Program Files\Steam\bin\steamservice.dll
19:30:48.0800 2188  C:\Program Files\Steam\bin\steamservice.dll - ok
19:30:48.0809 2188  [ 0E85C11F8850D524B02181C6E02BA9AE ] C:\Windows\System32\dsound.dll
19:30:48.0809 2188  C:\Windows\System32\dsound.dll - ok
19:30:48.0821 2188  [ 203C3380A744CA5B9B1A9CAEB57F7D57 ] C:\Windows\System32\wbem\WmiPrvSE.exe
19:30:48.0821 2188  C:\Windows\System32\wbem\WmiPrvSE.exe - ok
19:30:48.0829 2188  [ E530A15E1DC33EF3D84322586284DA2E ] C:\Windows\System32\wbem\cimwin32.dll
19:30:48.0829 2188  C:\Windows\System32\wbem\cimwin32.dll - ok
19:30:48.0836 2188  [ 173ACF6C35627AF10D8A449AB8D61C0E ] C:\Windows\System32\framedynos.dll
19:30:48.0836 2188  C:\Windows\System32\framedynos.dll - ok
19:30:48.0846 2188  [ 43BE3B9CA431F88E049928DC45C4365C ] C:\Windows\System32\wbem\wmipcima.dll
19:30:48.0846 2188  C:\Windows\System32\wbem\wmipcima.dll - ok
19:30:48.0853 2188  [ F148865E4AC4F715E322EA06E6E21D84 ] C:\Windows\System32\wbem\NCProv.dll
19:30:48.0854 2188  C:\Windows\System32\wbem\NCProv.dll - ok
19:30:48.0863 2188  [ 1002E991FBFA253CD406CA1F0B15CD75 ] C:\Program Files\Steam\bin\friendsui.dll
19:30:48.0863 2188  C:\Program Files\Steam\bin\friendsui.dll - ok
19:30:48.0872 2188  [ B5D62827CFD1A710B3FA2BEB024661A9 ] C:\Program Files\Steam\bin\serverbrowser.dll
19:30:48.0872 2188  C:\Program Files\Steam\bin\serverbrowser.dll - ok
19:30:48.0880 2188  [ 5E08AC958BE05247FF1539E0D1CE7905 ] C:\Windows\System32\dinput8.dll
19:30:48.0880 2188  C:\Windows\System32\dinput8.dll - ok
19:30:48.0890 2188  [ DA9506E800E13DA0ABBA32BB0C105382 ] C:\Program Files\Steam\bin\xinput1_3.dll
19:30:48.0890 2188  C:\Program Files\Steam\bin\xinput1_3.dll - ok
19:30:48.0899 2188  [ 7459301D21C2E21468823F73042D9F87 ] C:\Windows\System32\d3d9.dll
19:30:48.0899 2188  C:\Windows\System32\d3d9.dll - ok
19:30:48.0915 2188  [ 77B1471A490B53B24EFE136F09F76550 ] C:\Windows\System32\d3d8thk.dll
19:30:48.0915 2188  C:\Windows\System32\d3d8thk.dll - ok
19:30:48.0920 2188  [ DD6D6D7C8E644904D897FCED6B09BD02 ] C:\Windows\System32\nvd3dum.dll
19:30:48.0920 2188  C:\Windows\System32\nvd3dum.dll - ok
19:30:48.0930 2188  [ 6F5386A655598F71BAAB2D6B63A69D6A ] C:\Program Files\Mozilla Firefox\firefox.exe
19:30:48.0930 2188  C:\Program Files\Mozilla Firefox\firefox.exe - ok
19:30:48.0938 2188  [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Mozilla Firefox\msvcr100.dll
19:30:48.0938 2188  C:\Program Files\Mozilla Firefox\msvcr100.dll - ok
19:30:48.0948 2188  [ E0FD85DADD7EF3E892ECBB0DC4D68E0A ] C:\Program Files\Mozilla Firefox\mozglue.dll
19:30:48.0948 2188  C:\Program Files\Mozilla Firefox\mozglue.dll - ok
19:30:48.0958 2188  [ 4F94DC9D7156DF622FB1AEFEC85B0F85 ] C:\Program Files\Mozilla Firefox\nspr4.dll
19:30:48.0958 2188  C:\Program Files\Mozilla Firefox\nspr4.dll - ok
19:30:48.0965 2188  [ 03E9314004F504A14A61C3D364B62F66 ] C:\Program Files\Mozilla Firefox\msvcp100.dll
19:30:48.0965 2188  C:\Program Files\Mozilla Firefox\msvcp100.dll - ok
19:30:48.0975 2188  [ 5957AA52E13272E041E009F9176CF702 ] C:\Program Files\Mozilla Firefox\mozjs.dll
19:30:48.0975 2188  C:\Program Files\Mozilla Firefox\mozjs.dll - ok
19:30:48.0987 2188  [ AC1782CDBAF09F3AE2845BCAE25863C0 ] C:\Program Files\Mozilla Firefox\plc4.dll
19:30:48.0987 2188  C:\Program Files\Mozilla Firefox\plc4.dll - ok
19:30:48.0994 2188  [ 9FAB315A6F54DDAFF67C45C6B0E8180A ] C:\Program Files\Mozilla Firefox\plds4.dll
19:30:48.0994 2188  C:\Program Files\Mozilla Firefox\plds4.dll - ok
19:30:49.0001 2188  [ E64EF4732DC96115AFD6902739FEDEA9 ] C:\Program Files\Mozilla Firefox\nssutil3.dll
19:30:49.0001 2188  C:\Program Files\Mozilla Firefox\nssutil3.dll - ok
19:30:49.0011 2188  [ 37CF212AE1AE34852C08950868C99451 ] C:\Program Files\Mozilla Firefox\nss3.dll
19:30:49.0011 2188  C:\Program Files\Mozilla Firefox\nss3.dll - ok
19:30:49.0019 2188  [ 6B030923B2ED4341FA0FC2439EBA6937 ] C:\Program Files\Mozilla Firefox\smime3.dll
19:30:49.0019 2188  C:\Program Files\Mozilla Firefox\smime3.dll - ok
19:30:49.0032 2188  [ 71CD356DD1CB8D414906797912093AB7 ] C:\Program Files\Mozilla Firefox\ssl3.dll
19:30:49.0032 2188  C:\Program Files\Mozilla Firefox\ssl3.dll - ok
19:30:49.0041 2188  [ EB03052F8D4343CFA74BDAA0FC9781B1 ] C:\Program Files\Mozilla Firefox\mozsqlite3.dll
19:30:49.0041 2188  C:\Program Files\Mozilla Firefox\mozsqlite3.dll - ok
19:30:49.0049 2188  [ 30F13CC50B40AC23A25861BDB8FDEDE9 ] C:\Program Files\Mozilla Firefox\mozalloc.dll
19:30:49.0049 2188  C:\Program Files\Mozilla Firefox\mozalloc.dll - ok
19:30:49.0059 2188  [ 03C0475B64A49A531A1FCA445EFAF714 ] C:\Program Files\Mozilla Firefox\gkmedias.dll
19:30:49.0059 2188  C:\Program Files\Mozilla Firefox\gkmedias.dll - ok
19:30:49.0068 2188  [ 35DB83C4DE9FA3889E937125D115EAA0 ] C:\Program Files\Google\Update\1.3.21.135\goopdateres_en.dll
19:30:49.0068 2188  C:\Program Files\Google\Update\1.3.21.135\goopdateres_en.dll - ok
19:30:49.0078 2188  [ ED24A2D1D94A90E188FFCA4A21453E39 ] C:\Program Files\Mozilla Firefox\xul.dll
19:30:49.0078 2188  C:\Program Files\Mozilla Firefox\xul.dll - ok
19:30:49.0089 2188  [ 70F03B29A62194E69911952B3640D9D2 ] C:\Windows\System32\msdmo.dll
19:30:49.0089 2188  C:\Windows\System32\msdmo.dll - ok
19:30:49.0095 2188  [ 0D1A879E307914CA59724450690DABBA ] C:\Program Files\Mozilla Firefox\xpcom.dll
19:30:49.0096 2188  C:\Program Files\Mozilla Firefox\xpcom.dll - ok
19:30:49.0103 2188  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] C:\Windows\System32\wscsvc.dll
19:30:49.0103 2188  C:\Windows\System32\wscsvc.dll - ok
19:30:49.0113 2188  [ A33408CC036F9C08142B11BE5E93F0A1 ] C:\Windows\System32\wuaueng.dll
19:30:49.0113 2188  C:\Windows\System32\wuaueng.dll - ok
19:30:49.0124 2188  [ 51FA7CB7C76E56D478768F64A1AEF24B ] C:\Program Files\Mozilla Firefox\components\browsercomps.dll
19:30:49.0124 2188  C:\Program Files\Mozilla Firefox\components\browsercomps.dll - ok
19:30:49.0131 2188  [ 387A8A473ECC5BA02CF453277C1F3274 ] C:\Windows\System32\mspatcha.dll
19:30:49.0131 2188  C:\Windows\System32\mspatcha.dll - ok
19:30:49.0141 2188  [ DD4400813589985677A363F8A589CD02 ] C:\Windows\System32\wuapi.dll
19:30:49.0141 2188  C:\Windows\System32\wuapi.dll - ok
19:30:49.0149 2188  [ 2EA045FDD715FB03F65F6915B7FE8916 ] C:\Windows\System32\wups.dll
19:30:49.0150 2188  C:\Windows\System32\wups.dll - ok
19:30:49.0159 2188  [ A2631C4465BBCE72B7E371DFB924A9D3 ] C:\Windows\System32\feclient.dll
19:30:49.0159 2188  C:\Windows\System32\feclient.dll - ok
19:30:49.0166 2188  [ FAD2A307838F66F2037868460A71DBBD ] C:\Windows\System32\t2embed.dll
19:30:49.0166 2188  C:\Windows\System32\t2embed.dll - ok
19:30:49.0173 2188  [ 2B3D64E795F6080E02CFCD9B8553AE2F ] C:\Windows\System32\wups2.dll
19:30:49.0173 2188  C:\Windows\System32\wups2.dll - ok
19:30:49.0181 2188  [ 0028FFB55B16A31CA25F87007A87CCEF ] C:\Program Files\Mozilla Firefox\softokn3.dll
19:30:49.0181 2188  C:\Program Files\Mozilla Firefox\softokn3.dll - ok
19:30:49.0191 2188  [ E714F5AB9D7C81E56AE3D99B61267D9A ] C:\Program Files\Mozilla Firefox\nssdbm3.dll
19:30:49.0191 2188  C:\Program Files\Mozilla Firefox\nssdbm3.dll - ok
19:30:49.0199 2188  [ 81C39B4B7FC14493958860AC06057AD9 ] C:\Program Files\Mozilla Firefox\freebl3.dll
19:30:49.0199 2188  C:\Program Files\Mozilla Firefox\freebl3.dll - ok
19:30:49.0208 2188  [ DDE3A1D8D9A0AE1999CAD3EC6F0ED1F3 ] C:\Program Files\Mozilla Firefox\nssckbi.dll
19:30:49.0208 2188  C:\Program Files\Mozilla Firefox\nssckbi.dll - ok
19:30:49.0213 2188  ============================================================
19:30:49.0213 2188  Scan finished
19:30:49.0213 2188  ============================================================
19:30:49.0241 2200  Detected object count: 2
19:30:49.0241 2200  Actual detected object count: 2
19:30:56.0862 2200  C:\Windows\system32\drivers\Wdf01000.sys - copied to quarantine
19:30:56.0957 2200  Backup copy found, using it..
19:30:56.0970 2200  C:\Windows\system32\drivers\Wdf01000.sys - will be cured on reboot
19:30:56.0971 2200  Wdf01000 ( Virus.Win32.Rloader.a ) - User select action: Cure
19:30:56.0973 2200  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:30:56.0973 2200  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
19:31:20.0307 2416  Deinitialize success



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:55 AM

Posted 28 April 2013 - 09:41 PM


Hello



I would like you to rerun TDSSKiller and this time when it gets to this part
  • \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
I want you to select Delete this time instead of skip.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 bawe

bawe
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 28 April 2013 - 10:19 PM

Ran TDSS again.  Had run Malwarebytes but it didn't find anything.  Despite that everything seems to be back to normal on the computer.  I'll keep an eye on it and report back in the next few days about how it is going.



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:55 AM

Posted 28 April 2013 - 10:25 PM


Hello bawe

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:55 AM

Posted 03 May 2013 - 05:24 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:55 AM

Posted 07 May 2013 - 01:34 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:55 AM

Posted 10 May 2013 - 03:12 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users