Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess, Chitka Ads, Blue Screen Crashes - ntoskrnl.exe


  • This topic is locked This topic is locked
22 replies to this topic

#1 RangerSmith

RangerSmith

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 13 May 2013 - 07:41 PM

Running Windows 7 - basically my computer runs fine when I start it in F8 - debugging mode but it will crash in normal mode on a regular basis with a blue screen and say 'modification of system code or critical data structure was dectected' and quote ntoskrnl.exe at the bottom of the blue screen crash.

 

Chitka Advertisements just started appearing before occured and when I ran RogueKiller originally it flashed up ZeroAccess - it does not show this anymore but still crashes and shows Chitka Ads on certain pages. Malwarebytes is showing no results but something is not right for the ads to still be coming up and the blue screen to be consistently happening when started normally.

 

------------------------------------------------------------------------------------------------------------

 

DDS only produced one Log - no DDS.txt was produced.

 

Attach.txt Log:
 

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 11/02/2013 08:40:41
System Uptime: 13/05/2013 16:58:56 (4 hours ago)
.
Motherboard: Dell Inc. |  | 0X574R
Processor: Intel® Core™2 Duo CPU     T9600  @ 2.80GHz | Microprocessor | 784/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 231 GiB total, 112.434 GiB free.
D: is CDROM (UDF)
E: is FIXED (NTFS) - 932 GiB total, 693.725 GiB free.
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02331028&REV_11\4&1C436F8B&0&0BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02331028&REV_11\4&1C436F8B&0&0BF0
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter for 64-bit Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter for 64-bit Windows
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP33: 30/03/2013 12:13:53 - Scheduled Checkpoint
RP34: 08/04/2013 08:00:42 - Scheduled Checkpoint
RP35: 09/04/2013 14:49:54 - Installed HP Standard TCP\IP Port Monitor
RP36: 09/04/2013 14:53:29 - Installed HP Web Registration
RP37: 09/04/2013 15:04:23 - Installed HP Proactive Services
RP38: 09/04/2013 15:05:11 - Installed HP Utility.
RP39: 16/04/2013 11:04:22 - Removed EAS Outlook Addin Installer.
RP40: 22/04/2013 19:31:34 - Windows Update
RP41: 22/04/2013 20:25:02 - Windows Update
RP42: 02/05/2013 15:03:27 - Scheduled Checkpoint
RP43: 07/05/2013 20:24:25 - Malwarebytes Anti-Rootkit Restore Point
.
==== Image File Execution Options =============
.
.
==== Installed Programs ======================
.
.

 

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:28 PM

Posted 13 May 2013 - 08:40 PM


Hello RangerSmith

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 RangerSmith

RangerSmith
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 14 May 2013 - 11:29 AM

Hi Gringo - thanks for the response.

 

I followed the instructions above for both of these. The AdwCleaner log is below - the Junkware Removal Tool flashes up as a dos screen before disapearing so I cant provide you with this log present... I am running MS Windows 7 Enterprise and right clicked to run as administrator - unfortunately this did not work. I am running these this in normal start mode and my computer is still crashing giving the 'modification of system code or critical data structure was dectected' message intermittently.

 

Log from the AdwCleaner below:

 

# AdwCleaner v2.300 - Logfile created 05/14/2013 at 12:12:39
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Enterprise Service Pack 1 (64 bits)
# User : hsutherl - LON-292YZL1
# Boot Mode : Normal
# Running from : C:\Users\hsutherl\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [620 octets] - [14/05/2013 12:12:39]

########## EOF - C:\AdwCleaner[S1].txt - [679 octets] ##########



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:28 PM

Posted 14 May 2013 - 01:03 PM


Hello RangerSmith

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 RangerSmith

RangerSmith
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 14 May 2013 - 04:20 PM

Attached File  P5142571.JPG   197.07KB   1 downloadsComboFix 13-05-14.01 - hsutherl 14/05/2013  16:32:55.2.2 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.44.1033.18.1972.748 [GMT -4:00]
Running from: c:\users\hsutherl\Desktop\ComboFix.exe
AV: Microsoft Forefront Endpoint Protection *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\hsutherl\AppData\Local\Microsoft\Windows\Temporary Internet Files\{10039568-D81B-4029-B0D3-F341A326B5CF}.xps
c:\users\hsutherl\AppData\Local\Microsoft\Windows\Temporary Internet Files\plot.log
c:\users\hsutherl\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\hsutherl\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-14 to 2013-05-14  )))))))))))))))))))))))))))))))
.
.
2013-05-14 20:46 . 2013-05-14 20:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-14 16:39 . 2013-05-14 17:22 -------- d-----w- C:\JRT
2013-05-10 00:26 . 2013-05-10 00:26 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-10 00:26 . 2013-05-10 00:26 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-08 00:05 . 2013-05-08 00:05 36680 ----a-w- c:\windows\system32\drivers\4EA11071.sys
2013-05-07 22:34 . 2013-05-07 22:34 -------- d-----w- C:\FRST
2013-05-05 19:22 . 2013-05-07 04:44 -------- d-----w- c:\users\hsutherl\AppData\Roaming\vlc
2013-05-05 19:21 . 2013-05-05 19:21 -------- d-----w- c:\program files (x86)\VideoLAN
2013-05-05 18:44 . 2013-05-14 16:32 -------- d-----w- c:\users\hsutherl\AppData\Local\Diagnostics
2013-05-05 18:18 . 2013-05-05 18:18 -------- d-----w- c:\program files (x86)\DivX
2013-05-05 18:17 . 2013-05-05 18:17 -------- d-----w- c:\programdata\DivX
2013-04-30 15:27 . 2013-04-30 15:27 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-25 22:17 . 2013-04-25 22:17 -------- d-----w- c:\program files\iPod
2013-04-25 22:17 . 2013-04-25 22:17 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-25 22:17 . 2013-04-25 22:17 -------- d-----w- c:\program files\iTunes
2013-04-25 22:17 . 2013-04-25 22:17 -------- d-----w- c:\program files (x86)\iTunes
2013-04-24 02:36 . 2013-04-24 02:36 -------- d-----w- c:\users\hsutherl\AppData\Roaming\MPEG Streamclip
2013-04-23 00:27 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-23 00:25 . 2013-03-02 05:49 12294656 ----a-w- c:\windows\system32\ieframe.dll
2013-04-23 00:25 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-16 15:06 . 2013-04-16 15:06 -------- d-----w- c:\windows\system32\appmgmt
2013-04-15 16:36 . 2013-04-15 16:45 -------- d-----w- c:\program files (x86)\Google
2013-04-15 16:36 . 2013-04-15 16:45 -------- d-----w- c:\users\hsutherl\AppData\Local\Google
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-22 23:32 . 2013-02-13 12:02 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-04 18:50 . 2013-03-16 17:23 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-22 10:48 . 2013-03-22 10:48 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-22 10:48 . 2013-03-22 10:48 310688 ----a-w- c:\windows\system32\javaws.exe
2013-03-22 10:48 . 2013-03-22 10:48 188832 ----a-w- c:\windows\system32\javaw.exe
2013-03-22 10:48 . 2013-03-22 10:48 188320 ----a-w- c:\windows\system32\java.exe
2013-03-22 10:48 . 2013-02-11 13:51 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-22 10:48 . 2013-02-11 13:51 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-22 10:42 . 2013-03-22 10:42 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-22 10:42 . 2013-02-11 13:51 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-22 10:42 . 2013-02-11 13:51 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-27 22:04 . 2013-02-27 22:04 110592 ----a-w- c:\windows\SysWow64\hpliSTDSoap.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE" [2012-12-04 773728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RunPUTasktray"="c:\program files (x86)\Hewlett-Packard\HP Printer Utility\HPPU.exe --regkeypath=Software\Hewlett-Packard\HP Printer Utility\HPPURun --valuename=InstallTTM" [X]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-09-28 12105344]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ITGadget"="c:\program files (x86)\Buro Happold\ITGadget\ITGadget.exe" [2012-10-23 972800]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"PUStarter"="c:\program files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\Appinterfaces\HPPUDS.exe" [2013-02-27 73728]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2010-8-24 1549680]
Network Server.lnk - c:\program files (x86)\WIBUKEY\Server\WkSvMgr.exe [2013-2-12 3768320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"dontdisplaylockeduserid"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"ForceRunOnStartMenu"= 1 (0x1)
"ClearRecentProgForNewUserInStartMenu"= 1 (0x1)
"NoStartMenuMyGames"= 1 (0x1)
"QuickLaunchEnabled"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-02-11 1432400]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver_AMDASF.sys [2012-09-11 41272]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2010-05-08 13872]
R3 vmxnet3ndis6;vmxnet3 NDIS 6 Ethernet Adapter Driver;c:\windows\system32\DRIVERS\vmxnet3n61x64.sys [2010-05-08 71728]
R3 Wibukey2_64;Wibukey2_64;c:\windows\system32\drivers\wibukey2_64.sys [2006-11-09 16896]
R3 WkSvw32.exe;WIBU-KEY Server;c:\program files (x86)\WIBUKEY\Server\WkSvw32.exe [2006-11-22 577536]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-03-24 1039776]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-03-24 31136]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-08-24 517488]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-11-03 38440]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2010-04-07 290008]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-06-23 56344]
S3 nskbfltr;nskbfltr;c:\windows\system32\drivers\nskbfltr.sys [2007-07-09 27680]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2012-09-11 43832]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-15 16:36]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-15 16:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2010-05-06 1712744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-12 16416360]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-05-12 95336]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
"BbPrintMonitor"="c:\program files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe" [2012-02-10 201376]
"BbInstallUser"="c:\program files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe" [2012-09-28 48248]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://home.burohappold.com/
mDefault_Page_URL = https://home.burohappold.com/
mStart Page = https://home.burohappold.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
Trusted Zone: krollontrack.co.uk\www
Trusted Zone: motivano.co.uk
TCP: DhcpNameServer = 8.8.8.8 4.2.2.1
DPF: {6D868B99-8B01-4B25-9BD1-ED37AFDF5E29} - hxxp://www.krollontrack.co.uk/support/ontrack-verifile-report/npvfasp.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-MsMpSvc
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\NetSupport\NetSupport Manager\client32.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\NetSupport\NetSupport Manager\client32.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\SysWOW64\CCM\CcmExec.exe
c:\program files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2013-05-14  16:55:47 - machine was rebooted
ComboFix-quarantined-files.txt  2013-05-14 20:55
.
Pre-Run: 121,946,583,040 bytes free
Post-Run: 122,793,054,208 bytes free
.
- - End Of File - - F6AA6591A0F2E904AD3105DBDBC5077D
 

 



#6 RangerSmith

RangerSmith
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 14 May 2013 - 04:24 PM

Gringo,

 

I followed the instructions above and ran the Combofix - my computer crased with the bluse screen saying 'modification of system code or critical data structure was dectected' twice during this process but it managed to run through on the third attempt. This occured again after Combofix ran while I was writing to you about 10 minutes ago. The log is above along with the image showing the blue screen and the message.

 

When I came back onto this page it gave me a 'Security Alert - you are about to view pages over a secure connection. Any information you exchange with this site cannot be viewed by anyone else on the web.' I am sure this is nothing but was the first time it had appeared when on this site.



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:28 PM

Posted 14 May 2013 - 05:01 PM


Hello RangerSmith

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 RangerSmith

RangerSmith
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 14 May 2013 - 06:17 PM

TDSSKiller link is not working - do you have an alternate link? Assume I need to do this before running RogueKiller so I will await your response before running that.



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:28 PM

Posted 14 May 2013 - 08:23 PM

it is working for me and what happens when you try and download it?


you can go ahead and run rougekiller if you can't get the other to work
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 RangerSmith

RangerSmith
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 14 May 2013 - 10:32 PM

Ok I tried it again and this time it downloaded - previously the window opened and the green loading bar at the bottom was all that was showing.

 

The TDSSKiller log was too long and is 612kb so will split it into two sections and attach half to this and half to the next post on the RogueKiller log.

 

TDSSKiller Scan Finished Section:

 

22:54:05.0629 3480  ============================================================
22:54:05.0629 3480  Scan finished
22:54:05.0629 3480  ============================================================
22:54:05.0629 0188  Detected object count: 6
22:54:05.0629 0188  Actual detected object count: 6
22:58:16.0305 0188  MDM ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:16.0305 0188  MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:16.0305 0188  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:16.0305 0188  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:16.0321 0188  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:16.0321 0188  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:16.0337 0188  WkSvw32.exe ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:16.0337 0188  WkSvw32.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:16.0352 0188  \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - skipped by user
22:58:16.0352 0188  \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Skip
22:58:16.0415 0188  \Device\Harddisk0\DR0\Partition1 - copied to quarantine
22:58:16.0415 0188  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
22:58:16.0415 0188  \Device\Harddisk0\DR0\Partition1 - ok
22:58:16.0415 0188  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
22:59:04.0837 2536  Deinitialize success
 

 

Attached Files



#11 RangerSmith

RangerSmith
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 14 May 2013 - 10:36 PM

As noted above the second half of the TDSSKiller log is attached to this reply. I have not had enough time since start up to give an update on the blue screen crashes - I will report seperately on this if they occur again.

 

Rogue Killer Report:

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : hsutherl [Admin rights]
Mode : Remove -- Date : 05/14/2013 23:15:13
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[TASK][SUSP PATH] {604981DF-BB2C-48B3-AA30-40624A4A0E83} : C:\Users\hsutherl\Desktop\JRT.exe  [-] -> DELETED
[TASK][SUSP PATH] {F5D9FD12-BB3C-4034-8F94-CE7F2592C610} : C:\Users\hsutherl\Desktop\JRT.exe  [-] -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEKT-75PVMT1 +++++
--- User ---
[MBR] 695b00056bb424fc1ca1a3a4ca0157a0
[BSP] 48eb99aa43a03fef3f2855adda8e1684 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 236087 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_05142013_02d2315.txt >>
RKreport[1]_S_05142013_02d2310.txt ; RKreport[2]_D_05142013_02d2315.txt



#12 RangerSmith

RangerSmith
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 14 May 2013 - 10:41 PM

Second half of TDSSKiller report:

22:53:59.0170 3480  C:\Program Files (x86)\Skype\Updater\Updater.exe - ok
22:53:59.0170 3480  [ 94A0142B6AE74333BCCF6502D567CBB6 ] C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\msdbg2.dll
22:53:59.0170 3480  C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\msdbg2.dll - ok
22:53:59.0186 3480  [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
22:53:59.0186 3480  C:\Windows\System32\aepic.dll - ok
22:53:59.0201 3480  [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
22:53:59.0201 3480  C:\Windows\System32\sfc.dll - ok
22:53:59.0217 3480  [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
22:53:59.0217 3480  C:\Windows\System32\sfc_os.dll - ok
22:53:59.0217 3480  [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
22:53:59.0217 3480  C:\Windows\System32\webio.dll - ok
22:53:59.0233 3480  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] C:\Windows\System32\drivers\tcpipreg.sys
22:53:59.0233 3480  C:\Windows\System32\drivers\tcpipreg.sys - ok
22:53:59.0248 3480  [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
22:53:59.0248 3480  C:\Windows\SysWOW64\clbcatq.dll - ok
22:53:59.0248 3480  [ 19E41CCCEE697CC9465396B370929792 ] C:\Windows\System32\FXSMON.dll
22:53:59.0248 3480  C:\Windows\System32\FXSMON.dll - ok
22:53:59.0264 3480  [ BC617A4E1B4FA8DF523A061739A0BD87 ] C:\Windows\System32\seclogon.dll
22:53:59.0264 3480  C:\Windows\System32\seclogon.dll - ok
22:53:59.0279 3480  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] C:\Windows\System32\wiaservc.dll
22:53:59.0279 3480  C:\Windows\System32\wiaservc.dll - ok
22:53:59.0279 3480  [ 8D6B481601D01A456E75C3210F1830BE ] C:\Windows\System32\vds.exe
22:53:59.0279 3480  C:\Windows\System32\vds.exe - ok
22:53:59.0295 3480  [ 020DDBA420E020F84BDEDCC8C65B3A56 ] C:\Windows\System32\osuninst.dll
22:53:59.0295 3480  C:\Windows\System32\osuninst.dll - ok
22:53:59.0311 3480  [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
22:53:59.0311 3480  C:\Windows\System32\ssdpapi.dll - ok
22:53:59.0326 3480  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] C:\Windows\System32\sysmain.dll
22:53:59.0326 3480  C:\Windows\System32\sysmain.dll - ok
22:53:59.0326 3480  [ B6F9B45112E56992EF3EFA369FB7F047 ] C:\Windows\System32\vdsutil.dll
22:53:59.0326 3480  C:\Windows\System32\vdsutil.dll - ok
22:53:59.0342 3480  [ 73472FBB88159D7A76CD48C29EBFFBFF ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\8167f7d08668a5859e76aa9a1124a42f\System.Data.ni.dll
22:53:59.0342 3480  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\8167f7d08668a5859e76aa9a1124a42f\System.Data.ni.dll - ok
22:53:59.0357 3480  [ BCEA9AB347E53BC03B2E36BE0B8BA0EF ] C:\Windows\System32\httpapi.dll
22:53:59.0357 3480  C:\Windows\System32\httpapi.dll - ok
22:53:59.0373 3480  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] C:\Windows\System32\tapisrv.dll
22:53:59.0373 3480  C:\Windows\System32\tapisrv.dll - ok
22:53:59.0373 3480  [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
22:53:59.0373 3480  C:\Windows\SysWOW64\dwmapi.dll - ok
22:53:59.0389 3480  [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\SysWOW64\RpcRtRemote.dll
22:53:59.0389 3480  C:\Windows\SysWOW64\RpcRtRemote.dll - ok
22:53:59.0404 3480  [ 9BC93C9ACFA34DB5A41B89357B31E4ED ] C:\Windows\System32\FwRemoteSvr.dll
22:53:59.0404 3480  C:\Windows\System32\FwRemoteSvr.dll - ok
22:53:59.0420 3480  [ 9F5A7E7794F1EEBFB3F69A019E5EE1B8 ] C:\Windows\System32\novamnk6.dll
22:53:59.0420 3480  C:\Windows\System32\novamnk6.dll - ok
22:53:59.0420 3480  [ 3D1AE0543DD9FBA55409BF0A5103CA3D ] C:\Windows\System32\uexfat.dll
22:53:59.0420 3480  C:\Windows\System32\uexfat.dll - ok
22:53:59.0435 3480  [ EE11A3F03D8B801B721BC6D0089BDD9C ] C:\Windows\System32\ulib.dll
22:53:59.0435 3480  C:\Windows\System32\ulib.dll - ok
22:53:59.0451 3480  [ 5FC3CC6404DCAC1CB2BD464EB6D47512 ] C:\Windows\System32\gdihook5.dll
22:53:59.0451 3480  C:\Windows\System32\gdihook5.dll - ok
22:53:59.0451 3480  [ 028451ADEA8015E82BD48A6BE0450721 ] C:\Windows\System32\hpltlm5.dll
22:53:59.0451 3480  C:\Windows\System32\hpltlm5.dll - ok
22:53:59.0467 3480  [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5 ] C:\Windows\System32\wiatrace.dll
22:53:59.0467 3480  C:\Windows\System32\wiatrace.dll - ok
22:53:59.0482 3480  [ 064E179AFF2E2819ED8C0B39AB42B6D5 ] C:\Windows\System32\drivers\WibuKey64.sys
22:53:59.0482 3480  C:\Windows\System32\drivers\WibuKey64.sys - ok
22:53:59.0498 3480  [ E060CAF6D6C303A2C9BC13435F7F81A1 ] C:\Windows\System32\ifsutil.dll
22:53:59.0498 3480  C:\Windows\System32\ifsutil.dll - ok
22:53:59.0498 3480  [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
22:53:59.0498 3480  C:\Windows\System32\trkwks.dll - ok
22:53:59.0513 3480  [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
22:53:59.0513 3480  C:\Windows\System32\wbem\WMIsvc.dll - ok
22:53:59.0529 3480  [ C3804346CDF9A8744084EEBA6BA739AF ] C:\Windows\System32\uudf.dll
22:53:59.0529 3480  C:\Windows\System32\uudf.dll - ok
22:53:59.0545 3480  [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
22:53:59.0545 3480  C:\Windows\System32\tcpmon.dll - ok
22:53:59.0545 3480  [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
22:53:59.0545 3480  C:\Windows\System32\NapiNSP.dll - ok
22:53:59.0560 3480  [ B4CE0CAB186EBF4DF54BD34B4F0C0A06 ] C:\Windows\System32\untfs.dll
22:53:59.0560 3480  C:\Windows\System32\untfs.dll - ok
22:53:59.0560 3480  [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
22:53:59.0560 3480  C:\Windows\System32\pnrpnsp.dll - ok
22:53:59.0576 3480  [ CC37D9A25FF8D8CF12FC2F512C100F45 ] C:\Windows\System32\ufat.dll
22:53:59.0576 3480  C:\Windows\System32\ufat.dll - ok
22:53:59.0591 3480  [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
22:53:59.0591 3480  C:\Windows\System32\wbemcomn.dll - ok
22:53:59.0607 3480  [ EE867A0870FC9E4972BA9EAAD35651E2 ] C:\Windows\System32\rasmans.dll
22:53:59.0607 3480  C:\Windows\System32\rasmans.dll - ok
22:53:59.0607 3480  [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
22:53:59.0607 3480  C:\Windows\System32\wbem\WmiDcPrv.dll - ok
22:53:59.0623 3480  [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
22:53:59.0623 3480  C:\Windows\System32\winrnr.dll - ok
22:53:59.0638 3480  [ 491DA8248209835532DAABF18B0215DA ] C:\Windows\System32\fmifs.dll
22:53:59.0638 3480  C:\Windows\System32\fmifs.dll - ok
22:53:59.0654 3480  [ A454A9BAA25B8C8E76735DD86BD4B017 ] C:\Windows\SysWOW64\CCM\CcmExec.exe
22:53:59.0654 3480  C:\Windows\SysWOW64\CCM\CcmExec.exe - ok
22:53:59.0654 3480  [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
22:53:59.0654 3480  C:\Windows\System32\wbem\fastprox.dll - ok
22:53:59.0669 3480  [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
22:53:59.0669 3480  C:\Windows\System32\usbmon.dll - ok
22:53:59.0685 3480  [ 44C96B48112EB24AE7764EBF1C527000 ] C:\Windows\System32\rastapi.dll
22:53:59.0685 3480  C:\Windows\System32\rastapi.dll - ok
22:53:59.0701 3480  [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
22:53:59.0701 3480  C:\Windows\System32\WSDMon.dll - ok
22:53:59.0701 3480  [ F1B205F932F62F94506A5F332C895DAF ] C:\Windows\System32\WSDApi.dll
22:53:59.0701 3480  C:\Windows\System32\WSDApi.dll - ok
22:53:59.0716 3480  [ FAFAE01E889DC9C05A6CA2138CFC220B ] C:\Windows\System32\tapi32.dll
22:53:59.0716 3480  C:\Windows\System32\tapi32.dll - ok
22:53:59.0732 3480  [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
22:53:59.0732 3480  C:\Windows\System32\wbem\WinMgmtR.dll - ok
22:53:59.0732 3480  [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
22:53:59.0732 3480  C:\Windows\System32\aeevts.dll - ok
22:53:59.0747 3480  [ D2A0FFA75AB181B19B5EB93BB29C7686 ] C:\Windows\System32\unimdm.tsp
22:53:59.0747 3480  C:\Windows\System32\unimdm.tsp - ok
22:53:59.0763 3480  [ 29B86B3C8253280151EEBE843A9648CD ] C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
22:53:59.0763 3480  C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll - ok
22:53:59.0779 3480  [ 94B7DF336815B47236724019FAB24B7C ] C:\Windows\System32\uniplat.dll
22:53:59.0779 3480  C:\Windows\System32\uniplat.dll - ok
22:53:59.0779 3480  [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\SysWOW64\atl.dll
22:53:59.0779 3480  C:\Windows\SysWOW64\atl.dll - ok
22:53:59.0794 3480  [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
22:53:59.0794 3480  C:\Windows\System32\ntdsapi.dll - ok
22:53:59.0810 3480  [ C55516D98DD5D8F0153C2A9B4227DA86 ] C:\Windows\System32\webservices.dll
22:53:59.0810 3480  C:\Windows\System32\webservices.dll - ok
22:53:59.0810 3480  [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
22:53:59.0810 3480  C:\Windows\System32\wbem\wbemprox.dll - ok
22:53:59.0825 3480  [ 41326DD08ACC0CDC5F8177AF96C066E8 ] C:\Windows\System32\kmddsp.tsp
22:53:59.0825 3480  C:\Windows\System32\kmddsp.tsp - ok
22:53:59.0841 3480  [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
22:53:59.0841 3480  C:\Windows\System32\wbem\wbemcore.dll - ok
22:53:59.0857 3480  [ 1D6BC2769DA66C1145F4DA5A65F52E61 ] C:\Windows\System32\ndptsp.tsp
22:53:59.0857 3480  C:\Windows\System32\ndptsp.tsp - ok
22:53:59.0857 3480  [ 4B807127C4C627CF6F681688497054DC ] C:\Windows\SysWOW64\ccmcore.dll
22:53:59.0857 3480  C:\Windows\SysWOW64\ccmcore.dll - ok
22:53:59.0872 3480  [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
22:53:59.0872 3480  C:\Windows\System32\fundisc.dll - ok
22:53:59.0888 3480  [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
22:53:59.0888 3480  C:\Windows\System32\fdPnp.dll - ok
22:53:59.0888 3480  [ 7C1BAE7D23D4874FEE256A2B9C00E019 ] C:\Windows\System32\hidphone.tsp
22:53:59.0888 3480  C:\Windows\System32\hidphone.tsp - ok
22:53:59.0903 3480  [ 1D626FE2E13C1CE49CA0136CFF214E93 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
22:53:59.0903 3480  C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
22:53:59.0919 3480  [ B2439F49643C6DF9E900BB1AC2CF041B ] C:\Windows\System32\spool\prtprocs\x64\hpipp7sm.dll
22:53:59.0919 3480  C:\Windows\System32\spool\prtprocs\x64\hpipp7sm.dll - ok
22:53:59.0935 3480  [ 8F1C949FD695C83C4E30C3BFC004C81F ] C:\Windows\System32\spool\prtprocs\x64\HPZPPWN7.DLL
22:53:59.0935 3480  C:\Windows\System32\spool\prtprocs\x64\HPZPPWN7.DLL - ok
22:53:59.0935 3480  [ 0353B239C28B0E9EBC7FA3D1F6181661 ] C:\Windows\System32\win32spl.dll
22:53:59.0935 3480  C:\Windows\System32\win32spl.dll - ok
22:53:59.0950 3480  [ E697CD9824B583865E673A599B426E0B ] C:\Windows\SysWOW64\CCM\ccmperf.dll
22:53:59.0950 3480  C:\Windows\SysWOW64\CCM\ccmperf.dll - ok
22:53:59.0966 3480  [ 645259875C31090345E41E57934BD442 ] C:\Windows\SysWOW64\xprslib.dll
22:53:59.0966 3480  C:\Windows\SysWOW64\xprslib.dll - ok
22:53:59.0981 3480  [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
22:53:59.0981 3480  C:\Windows\System32\wbem\esscli.dll - ok
22:53:59.0981 3480  [ 507D5567A0A4EE86C4B0CE2CE1777025 ] C:\Windows\System32\inetpp.dll
22:53:59.0981 3480  C:\Windows\System32\inetpp.dll - ok
22:54:00.0013 3480  [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
22:54:00.0013 3480  C:\Windows\System32\wbem\wbemsvc.dll - ok
22:54:00.0028 3480  [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
22:54:00.0028 3480  C:\Windows\System32\wbem\wmiutils.dll - ok
22:54:00.0044 3480  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
22:54:00.0044 3480  C:\Windows\System32\netprofm.dll - ok
22:54:00.0044 3480  [ 46C26E7B5CB1127E325CA4F540FA68F5 ] C:\Windows\SysWOW64\CCM\ccmgencert.dll
22:54:00.0044 3480  C:\Windows\SysWOW64\CCM\ccmgencert.dll - ok
22:54:00.0059 3480  [ 3F50200237961034FACE602373838980 ] C:\Windows\SysWOW64\FirewallAPI.dll
22:54:00.0059 3480  C:\Windows\SysWOW64\FirewallAPI.dll - ok
22:54:00.0075 3480  [ A717A35120DBAB5AB707AB40662AF9DD ] C:\Windows\System32\rasppp.dll
22:54:00.0075 3480  C:\Windows\System32\rasppp.dll - ok
22:54:00.0075 3480  [ CA8F0B71B0A8C36F96739AE947DF5E41 ] C:\Windows\SysWOW64\CCM\smscore.dll
22:54:00.0075 3480  C:\Windows\SysWOW64\CCM\smscore.dll - ok
22:54:00.0091 3480  [ 0FE5CD5F9C9248F42D1EF56E495B182E ] C:\Windows\System32\vpnike.dll
22:54:00.0091 3480  C:\Windows\System32\vpnike.dll - ok
22:54:00.0106 3480  [ 58DCDB557772641C7867FDB013A59E41 ] C:\Windows\SysWOW64\CCM\ccmutillib.dll
22:54:00.0106 3480  C:\Windows\SysWOW64\CCM\ccmutillib.dll - ok
22:54:00.0106 3480  [ C406B4D6076B2A3C715965562FD48B23 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\9253eb314ef2f5adada0d5fdf1d4a839\System.Transactions.ni.dll
22:54:00.0106 3480  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\9253eb314ef2f5adada0d5fdf1d4a839\System.Transactions.ni.dll - ok
22:54:00.0122 3480  [ 18F268E2D2A30899499E3B8F76AD7ECB ] C:\Windows\System32\wbem\repdrvfs.dll
22:54:00.0122 3480  C:\Windows\System32\wbem\repdrvfs.dll - ok
22:54:00.0137 3480  [ 41962D5E18E9874390BC1F074571A6BB ] C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
22:54:00.0137 3480  C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll - ok
22:54:00.0153 3480  [ 4E51CF7F1F1214A887BF0C3CD1859C91 ] C:\Windows\SysWOW64\CCM\CcmTask.dll
22:54:00.0153 3480  C:\Windows\SysWOW64\CCM\CcmTask.dll - ok
22:54:00.0153 3480  [ 4300447A5D8D42D3EFDA70DC5A55D6E5 ] C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.Utilities.dll
22:54:00.0153 3480  C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.Utilities.dll - ok
22:54:00.0169 3480  [ 122E10430A84328AD48C53429FADC937 ] C:\Windows\SysWOW64\CCM\ccmid.dll
22:54:00.0169 3480  C:\Windows\SysWOW64\CCM\ccmid.dll - ok
22:54:00.0184 3480  [ 9BECA9E04C47323F7A02ECC5F6168160 ] C:\Windows\SysWOW64\CCM\LSUtilities.dll
22:54:00.0184 3480  C:\Windows\SysWOW64\CCM\LSUtilities.dll - ok
22:54:00.0200 3480  [ 1AC99F626C7B67616123887EABA4780C ] C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\sqlceme35.dll
22:54:00.0200 3480  C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\sqlceme35.dll - ok
22:54:00.0215 3480  [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\SysWOW64\netapi32.dll
22:54:00.0215 3480  C:\Windows\SysWOW64\netapi32.dll - ok
22:54:00.0247 3480  [ 88E69D845B1513634AF2FD0E725F9A29 ] C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\sqlceer35EN.dll
22:54:00.0247 3480  C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\sqlceer35EN.dll - ok
22:54:00.0247 3480  [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\SysWOW64\netutils.dll
22:54:00.0247 3480  C:\Windows\SysWOW64\netutils.dll - ok
22:54:00.0262 3480  [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\SysWOW64\srvcli.dll
22:54:00.0262 3480  C:\Windows\SysWOW64\srvcli.dll - ok
22:54:00.0278 3480  [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\SysWOW64\wkscli.dll
22:54:00.0278 3480  C:\Windows\SysWOW64\wkscli.dll - ok
22:54:00.0278 3480  [ 958582542E5827C3B1B191F1C6C123F4 ] C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\sqlcese35.dll
22:54:00.0278 3480  C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\sqlcese35.dll - ok
22:54:00.0293 3480  [ 36CCD0CFE3FC326260BAA7425BDE5C9A ] C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\sqlceqp35.dll
22:54:00.0293 3480  C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\sqlceqp35.dll - ok
22:54:00.0309 3480  [ 8EA53101FF2B15BDFF934B62A8FB326D ] C:\Windows\SysWOW64\logoncli.dll
22:54:00.0309 3480  C:\Windows\SysWOW64\logoncli.dll - ok
22:54:00.0325 3480  [ 521B748A7F9923302CA18B7E6AA2EEAE ] C:\Windows\SysWOW64\activeds.dll
22:54:00.0325 3480  C:\Windows\SysWOW64\activeds.dll - ok
22:54:00.0340 3480  [ 51F5CC1E7DA3D9C664C2D0D61F315E06 ] C:\Windows\SysWOW64\adsldpc.dll
22:54:00.0340 3480  C:\Windows\SysWOW64\adsldpc.dll - ok
22:54:00.0340 3480  [ E13B08415CD2ED9F74295170D1A0FC78 ] C:\Windows\SysWOW64\CCM\fsputillib.dll
22:54:00.0340 3480  C:\Windows\SysWOW64\CCM\fsputillib.dll - ok
22:54:00.0356 3480  [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll
22:54:00.0356 3480  C:\Windows\SysWOW64\dnsapi.dll - ok
22:54:00.0356 3480  [ 230BFB96A86AB29DA6DEB234F8985D34 ] C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
22:54:00.0356 3480  C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe - ok
22:54:00.0371 3480  [ 11A2E9ADC7A49A1DC1CD82BFE55DBAF5 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d340a103e8f063a3771cbeaaec58d157\System.EnterpriseServices.ni.dll
22:54:00.0371 3480  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d340a103e8f063a3771cbeaaec58d157\System.EnterpriseServices.ni.dll - ok
22:54:00.0387 3480  [ 08C2957BB30058E663720C5606885653 ] C:\Windows\System32\iphlpsvc.dll
22:54:00.0387 3480  C:\Windows\System32\iphlpsvc.dll - ok
22:54:00.0403 3480  [ E362FAA5E232D9A326F42D8F78AEA2D8 ] C:\Windows\SysWOW64\framedyn.dll
22:54:00.0403 3480  C:\Windows\SysWOW64\framedyn.dll - ok
22:54:00.0418 3480  [ C755E17BAC396F9A9F468320B3F6CF46 ] C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
22:54:00.0418 3480  C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - ok
22:54:00.0418 3480  [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\SysWOW64\wbem\wbemprox.dll
22:54:00.0418 3480  C:\Windows\SysWOW64\wbem\wbemprox.dll - ok
22:54:00.0434 3480  [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\SysWOW64\wbemcomn.dll
22:54:00.0434 3480  C:\Windows\SysWOW64\wbemcomn.dll - ok
22:54:00.0449 3480  [ 768230C78724CB23F8166D6F6A2106AD ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d340a103e8f063a3771cbeaaec58d157\System.EnterpriseServices.Wrapper.dll
22:54:00.0449 3480  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d340a103e8f063a3771cbeaaec58d157\System.EnterpriseServices.Wrapper.dll - ok
22:54:00.0465 3480  [ 27B9E163740A226B65E4B9E186117911 ] C:\Windows\System32\sqmapi.dll
22:54:00.0465 3480  C:\Windows\System32\sqmapi.dll - ok
22:54:00.0465 3480  [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
22:54:00.0465 3480  C:\Windows\System32\wdscore.dll - ok
22:54:00.0481 3480  [ B95F6501A2F8B2E78C697FEC401970CE ] C:\Windows\System32\ipnathlp.dll
22:54:00.0481 3480  C:\Windows\System32\ipnathlp.dll - ok
22:54:00.0496 3480  [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
22:54:00.0496 3480  C:\Windows\System32\mprapi.dll - ok
22:54:00.0512 3480  [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
22:54:00.0512 3480  C:\Windows\System32\shacct.dll - ok
22:54:00.0512 3480  [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
22:54:00.0512 3480  C:\Windows\System32\imageres.dll - ok
22:54:00.0527 3480  [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
22:54:00.0527 3480  C:\Windows\System32\netshell.dll - ok
22:54:00.0543 3480  [ 61A30DEAE67AE7D42160394F16A810F0 ] C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.Scheduler.dll
22:54:00.0543 3480  C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.Scheduler.dll - ok
22:54:00.0559 3480  [ A722DD3D6894B9EC6E53106D02830B74 ] C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.Users.dll
22:54:00.0559 3480  C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.Users.dll - ok
22:54:00.0559 3480  [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\SysWOW64\wbem\wbemsvc.dll
22:54:00.0559 3480  C:\Windows\SysWOW64\wbem\wbemsvc.dll - ok
22:54:00.0574 3480  [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
22:54:00.0574 3480  C:\Windows\System32\hnetcfg.dll - ok
22:54:00.0590 3480  [ FEB91B4DA0D540865260A33838654FA3 ] C:\Windows\System32\nci.dll
22:54:00.0590 3480  C:\Windows\System32\nci.dll - ok
22:54:00.0605 3480  [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A ] C:\Windows\SysWOW64\wbem\fastprox.dll
22:54:00.0605 3480  C:\Windows\SysWOW64\wbem\fastprox.dll - ok
22:54:00.0605 3480  [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\SysWOW64\ntdsapi.dll
22:54:00.0605 3480  C:\Windows\SysWOW64\ntdsapi.dll - ok
22:54:00.0621 3480  [ B89CB7F3F1A1E2807E708F5435DEB13D ] C:\Program Files (x86)\Autodesk\Content Service\log4net.dll
22:54:00.0621 3480  C:\Program Files (x86)\Autodesk\Content Service\log4net.dll - ok
22:54:00.0637 3480  [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\SysWOW64\shfolder.dll
22:54:00.0637 3480  C:\Windows\SysWOW64\shfolder.dll - ok
22:54:00.0637 3480  [ 4C759C5DE4A29D7088793D534F9F1A87 ] C:\Program Files (x86)\Autodesk\Content Service\Lucene.Net.dll
22:54:00.0637 3480  C:\Program Files (x86)\Autodesk\Content Service\Lucene.Net.dll - ok
22:54:00.0652 3480  [ F9C6C2C4B5F265C1CF727B5660278073 ] C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.FileStore.dll
22:54:00.0652 3480  C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.FileStore.dll - ok
22:54:00.0668 3480  [ 96D561C929C7AACC8A63BA1B0D924488 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\62d047ff6c2865139d95eb19545b1cc6\SMDiagnostics.ni.dll
22:54:00.0668 3480  C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\62d047ff6c2865139d95eb19545b1cc6\SMDiagnostics.ni.dll - ok
22:54:00.0683 3480  [ 7F946B97B02F072DB47950ACC39EC2CD ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\22c60ca3c2b18e041ebff2578c90cba3\System.Runtime.DurableInstancing.ni.dll
22:54:00.0683 3480  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\22c60ca3c2b18e041ebff2578c90cba3\System.Runtime.DurableInstancing.ni.dll - ok
22:54:00.0683 3480  [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
22:54:00.0683 3480  C:\Windows\System32\cscapi.dll - ok
22:54:00.0699 3480  [ 5AC3CB53406CB9AABB25D46B3385528F ] C:\Windows\System32\spool\drivers\x64\3\unidrvui.dll
22:54:00.0699 3480  C:\Windows\System32\spool\drivers\x64\3\unidrvui.dll - ok
22:54:00.0715 3480  [ E81F5A2F6D52215C0E84F2849503EBA8 ] C:\Windows\System32\tcpmib.dll
22:54:00.0715 3480  C:\Windows\System32\tcpmib.dll - ok
22:54:00.0730 3480  [ 22F020C76E339EB2B2187BA73A7E4173 ] C:\Windows\System32\PrintIsolationHost.exe
22:54:00.0730 3480  C:\Windows\System32\PrintIsolationHost.exe - ok
22:54:00.0730 3480  [ ADE2BCD1FDE5C9669FCE1F4541AB46DD ] C:\Windows\System32\spool\drivers\x64\3\unidrv.dll
22:54:00.0746 3480  C:\Windows\System32\spool\drivers\x64\3\unidrv.dll - ok
22:54:00.0746 3480  [ 62A23746A82C68AAEE49B192A7ADE108 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\48ee0e1de873152ec7e85d7456c1cc09\System.Runtime.Serialization.ni.dll
22:54:00.0746 3480  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\48ee0e1de873152ec7e85d7456c1cc09\System.Runtime.Serialization.ni.dll - ok
22:54:00.0761 3480  [ 6797CEB7D07B09A0D79612657BCC6CCA ] C:\Windows\System32\spool\drivers\x64\3\HPZUIWN7.DLL
22:54:00.0761 3480  C:\Windows\System32\spool\drivers\x64\3\HPZUIWN7.DLL - ok
22:54:00.0777 3480  [ FDC385A0F7D7DD880C4622D1DF08ABE9 ] C:\Windows\System32\ntprint.dll
22:54:00.0777 3480  C:\Windows\System32\ntprint.dll - ok
22:54:00.0793 3480  [ FCE23E27F62989AD0BB88E256E847A41 ] C:\Windows\System32\CertPolEng.dll
22:54:00.0793 3480  C:\Windows\System32\CertPolEng.dll - ok
22:54:00.0793 3480  [ 198803E5E93E29967DFB0BCFD0186151 ] C:\Windows\System32\spfileq.dll
22:54:00.0793 3480  C:\Windows\System32\spfileq.dll - ok
22:54:00.0808 3480  [ 1326FCDF0A469084A5E323AF4CF5C5D3 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\3b1d7952215bc34df472d77057fb9a95\System.WorkflowServices.ni.dll
22:54:00.0808 3480  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\3b1d7952215bc34df472d77057fb9a95\System.WorkflowServices.ni.dll - ok
22:54:00.0824 3480  [ CDA59C183B3DB8CF35380836ADD74AAD ] C:\Windows\System32\compstui.dll
22:54:00.0824 3480  C:\Windows\System32\compstui.dll - ok
22:54:00.0839 3480  [ 65719AC8F7B500FFED6E2ED3B7BEAE3D ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\edf6ed0d469ab0053a56ec64be932f7d\System.ServiceModel.Web.ni.dll
22:54:00.0839 3480  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\edf6ed0d469ab0053a56ec64be932f7d\System.ServiceModel.Web.ni.dll - ok
22:54:00.0839 3480  [ AF5722AE217C697FFAE1196281DB5DBA ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\28ec5c157703b1816451954d6c52d5a4\System.ServiceModel.Discovery.ni.dll
22:54:00.0839 3480  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\28ec5c157703b1816451954d6c52d5a4\System.ServiceModel.Discovery.ni.dll - ok
22:54:00.0855 3480  [ 8187C39C2D19CA350CC2773A22E3E953 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e8488b8ed53ddd598c6d7d799ca54f28\System.ServiceModel.Activities.ni.dll
22:54:00.0855 3480  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e8488b8ed53ddd598c6d7d799ca54f28\System.ServiceModel.Activities.ni.dll - ok
22:54:00.0871 3480  [ 2AEBC60803A441D65FDF4C462E41F4CE ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\83596232d0f20049567d6cc181b83fcf\System.ServiceModel.Routing.ni.dll
22:54:00.0871 3480  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\83596232d0f20049567d6cc181b83fcf\System.ServiceModel.Routing.ni.dll - ok
22:54:00.0886 3480  [ 93BF0D41A908070AABF04D660DFB52CA ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\cc4f8731475c522e454265d5b1da958d\System.ServiceModel.Channels.ni.dll
22:54:00.0886 3480  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\cc4f8731475c522e454265d5b1da958d\System.ServiceModel.Channels.ni.dll - ok
22:54:00.0886 3480  [ 1752D27081725DCA38F0E943E3DA9253 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\8bf20667f0b0d4873ee748435427ca85\System.Web.Services.ni.dll
22:54:00.0886 3480  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\8bf20667f0b0d4873ee748435427ca85\System.Web.Services.ni.dll - ok
22:54:00.0902 3480  [ ABB5F926BB2ED6339B90514F8113DD4B ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\8e092d89921648308ac103bb08bfd370\System.IdentityModel.ni.dll
22:54:00.0902 3480  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\8e092d89921648308ac103bb08bfd370\System.IdentityModel.ni.dll - ok
22:54:00.0917 3480  [ 5893EBDCE371174AC89ECD7731DD6D77 ] C:\Windows\SysWOW64\pcwum.dll
22:54:00.0917 3480  C:\Windows\SysWOW64\pcwum.dll - ok
22:54:00.0933 3480  [ 8CD1DEE212E52B9C22E66DBA44991D32 ] C:\Windows\SysWOW64\httpapi.dll
22:54:00.0933 3480  C:\Windows\SysWOW64\httpapi.dll - ok
22:54:00.0933 3480  [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
22:54:00.0949 3480  C:\Windows\SysWOW64\wship6.dll - ok
22:54:00.0949 3480  [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files (x86)\Bonjour\mdnsNSP.dll
22:54:00.0949 3480  C:\Program Files (x86)\Bonjour\mdnsNSP.dll - ok
22:54:00.0964 3480  [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
22:54:00.0964 3480  C:\Windows\SysWOW64\rasadhlp.dll - ok
22:54:00.0964 3480  [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\SysWOW64\FWPUCLNT.DLL
22:54:00.0964 3480  C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
22:54:00.0980 3480  [ 8D90E8ABFE5B88D7BC646D825516D289 ] C:\Windows\System32\hpzjcd01.dll
22:54:00.0980 3480  C:\Windows\System32\hpzjcd01.dll - ok
22:54:00.0995 3480  [ 2B992299FFD739B84FBC9861E3C766AD ] C:\Windows\System32\icmp.dll
22:54:00.0995 3480  C:\Windows\System32\icmp.dll - ok
22:54:01.0011 3480  [ FA43D418BC945D27D0625B697B8442B5 ] C:\Windows\System32\cabinet.dll
22:54:01.0011 3480  C:\Windows\System32\cabinet.dll - ok
22:54:01.0011 3480  [ 9699DB0085C06D5E1D03089D88CA13B9 ] C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\PS5UI.DLL
22:54:01.0011 3480  C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\PS5UI.DLL - ok
22:54:01.0011 3480  [ 211A1CFF92CF7F70EB61606ABB729615 ] C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\PSCRIPT5.DLL
22:54:01.0011 3480  C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\PSCRIPT5.DLL - ok
22:54:01.0027 3480  [ 5DCD1E948BD9B056CA939292289048C9 ] C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\x2upKD.dll
22:54:01.0027 3480  C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\x2upKD.dll - ok
22:54:01.0027 3480  [ 5A4E32126F026629C86439FC947987BF ] C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\x2rpsKD.dll
22:54:01.0027 3480  C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\x2rpsKD.dll - ok
22:54:01.0042 3480  [ 57573A6237A6DD15B78CB1157658448A ] C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\x2wfuvKD.dll
22:54:01.0042 3480  C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\x2wfuvKD.dll - ok
22:54:01.0058 3480  [ 23EF937314FBD1DF26B11D572AFF150F ] C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\x2guiKD.dll
22:54:01.0058 3480  C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\x2guiKD.dll - ok
22:54:01.0058 3480  [ D4BE6833C4622133BCC45F5B44558AFC ] C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\x2coreKD.dll
22:54:01.0058 3480  C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\x2coreKD.dll - ok
22:54:01.0058 3480  [ C3522E7D0DD565A68E09420FF347283B ] C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\x2comsKD.dll
22:54:01.0058 3480  C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\x2comsKD.dll - ok
22:54:01.0073 3480  [ FC1C4DE3B6F83C638F164D43F4C72FA9 ] C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\x2jobtKD.exe
22:54:01.0073 3480  C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\x2jobtKD.exe - ok
22:54:01.0089 3480  [ 5D9F416F3560ABD45F1095A4F7EFB118 ] C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\x2rnutKD.dll
22:54:01.0089 3480  C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\x2rnutKD.dll - ok
22:54:01.0089 3480  [ 375569AE162DD268705BDD971F550F79 ] C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\x2utilKD.dll
22:54:01.0089 3480  C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\x2utilKD.dll - ok
22:54:01.0105 3480  [ 0ABDA1A8CE4646E188ACA52E078EEBF6 ] C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\x2ptpcKD.dll
22:54:01.0105 3480  C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\x2ptpcKD.dll - ok
22:54:01.0105 3480  [ BD99AB61927FCD947B6137103A84229D ] C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\x2fputKD.dll
22:54:01.0105 3480  C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\x2fputKD.dll - ok
22:54:01.0120 3480  [ 69B5D4729E6BBAEB1ED68F99463D6D81 ] C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\x2fpbKD.exe
22:54:01.0120 3480  C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\x2fpbKD.exe - ok
22:54:01.0120 3480  [ 24813C26C703C9AA78981856B38F802D ] C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\x2fpd02.dll
22:54:01.0120 3480  C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\x2fpd02.dll - ok
22:54:01.0136 3480  [ 3ED4A041CC026AE976E495AD5A7910FA ] C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\xlibeay.dll
22:54:01.0136 3480  C:\Windows\System32\spool\drivers\x64\{C77BB342-99B1-4773-A8FF-71D969352184}\xlibeay.dll - ok
22:54:01.0136 3480  [ 211A1CFF92CF7F70EB61606ABB729615 ] C:\Windows\System32\spool\drivers\x64\3\PSCRIPT5.DLL
22:54:01.0136 3480  C:\Windows\System32\spool\drivers\x64\3\PSCRIPT5.DLL - ok
22:54:01.0136 3480  [ 9699DB0085C06D5E1D03089D88CA13B9 ] C:\Windows\System32\spool\drivers\x64\3\PS5UI.DLL
22:54:01.0136 3480  C:\Windows\System32\spool\drivers\x64\3\PS5UI.DLL - ok
22:54:01.0151 3480  [ 5DCD1E948BD9B056CA939292289048C9 ] C:\Windows\System32\spool\drivers\x64\3\x2upKD.dll
22:54:01.0151 3480  C:\Windows\System32\spool\drivers\x64\3\x2upKD.dll - ok
22:54:01.0151 3480  [ 5A4E32126F026629C86439FC947987BF ] C:\Windows\System32\spool\drivers\x64\3\x2rpsKD.dll
22:54:01.0151 3480  C:\Windows\System32\spool\drivers\x64\3\x2rpsKD.dll - ok
22:54:01.0167 3480  [ 57573A6237A6DD15B78CB1157658448A ] C:\Windows\System32\spool\drivers\x64\3\x2wfuvKD.dll
22:54:01.0167 3480  C:\Windows\System32\spool\drivers\x64\3\x2wfuvKD.dll - ok
22:54:01.0167 3480  [ 23EF937314FBD1DF26B11D572AFF150F ] C:\Windows\System32\spool\drivers\x64\3\x2guiKD.dll
22:54:01.0167 3480  C:\Windows\System32\spool\drivers\x64\3\x2guiKD.dll - ok
22:54:01.0183 3480  [ D4BE6833C4622133BCC45F5B44558AFC ] C:\Windows\System32\spool\drivers\x64\3\x2coreKD.dll
22:54:01.0183 3480  C:\Windows\System32\spool\drivers\x64\3\x2coreKD.dll - ok
22:54:01.0183 3480  [ 375569AE162DD268705BDD971F550F79 ] C:\Windows\System32\spool\drivers\x64\3\x2utilKD.dll
22:54:01.0183 3480  C:\Windows\System32\spool\drivers\x64\3\x2utilKD.dll - ok
22:54:01.0198 3480  [ 5D9F416F3560ABD45F1095A4F7EFB118 ] C:\Windows\System32\spool\drivers\x64\3\x2rnutKD.dll
22:54:01.0198 3480  C:\Windows\System32\spool\drivers\x64\3\x2rnutKD.dll - ok
22:54:01.0198 3480  [ C3522E7D0DD565A68E09420FF347283B ] C:\Windows\System32\spool\drivers\x64\3\x2comsKD.dll
22:54:01.0198 3480  C:\Windows\System32\spool\drivers\x64\3\x2comsKD.dll - ok
22:54:01.0214 3480  [ FC1C4DE3B6F83C638F164D43F4C72FA9 ] C:\Windows\System32\spool\drivers\x64\3\x2jobtKD.exe
22:54:01.0214 3480  C:\Windows\System32\spool\drivers\x64\3\x2jobtKD.exe - ok
22:54:01.0214 3480  [ 0ABDA1A8CE4646E188ACA52E078EEBF6 ] C:\Windows\System32\spool\drivers\x64\3\x2ptpcKD.dll
22:54:01.0214 3480  C:\Windows\System32\spool\drivers\x64\3\x2ptpcKD.dll - ok
22:54:01.0229 3480  [ BD99AB61927FCD947B6137103A84229D ] C:\Windows\System32\spool\drivers\x64\3\x2fputKD.dll
22:54:01.0229 3480  C:\Windows\System32\spool\drivers\x64\3\x2fputKD.dll - ok
22:54:01.0229 3480  [ 69B5D4729E6BBAEB1ED68F99463D6D81 ] C:\Windows\System32\spool\drivers\x64\3\x2fpbKD.exe
22:54:01.0229 3480  C:\Windows\System32\spool\drivers\x64\3\x2fpbKD.exe - ok
22:54:01.0245 3480  [ 3ED4A041CC026AE976E495AD5A7910FA ] C:\Windows\System32\spool\drivers\x64\3\xlibeay.dll
22:54:01.0245 3480  C:\Windows\System32\spool\drivers\x64\3\xlibeay.dll - ok
22:54:01.0245 3480  [ 24813C26C703C9AA78981856B38F802D ] C:\Windows\System32\spool\drivers\x64\3\x2fpd02.dll
22:54:01.0245 3480  C:\Windows\System32\spool\drivers\x64\3\x2fpd02.dll - ok
22:54:01.0261 3480  [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
22:54:01.0261 3480  C:\Windows\System32\wbem\WmiPrvSD.dll - ok
22:54:01.0261 3480  [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
22:54:01.0261 3480  C:\Windows\System32\ncobjapi.dll - ok
22:54:01.0261 3480  [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
22:54:01.0261 3480  C:\Windows\System32\wbem\wbemess.dll - ok
22:54:01.0276 3480  [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\SysWOW64\msi.dll
22:54:01.0276 3480  C:\Windows\SysWOW64\msi.dll - ok
22:54:01.0292 3480  [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
22:54:01.0292 3480  C:\Windows\System32\npmproxy.dll - ok
22:54:01.0307 3480  [ 2E648163254233755035B46DD7B89123 ] C:\Windows\System32\termsrv.dll
22:54:01.0307 3480  C:\Windows\System32\termsrv.dll - ok
22:54:01.0307 3480  [ CC8E52DAA9826064BA464DBE531F2BB5 ] C:\Windows\System32\drivers\CVPNDRVA.sys
22:54:01.0307 3480  C:\Windows\System32\drivers\CVPNDRVA.sys - ok
22:54:01.0323 3480  [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
22:54:01.0323 3480  C:\Windows\System32\wdi.dll - ok
22:54:01.0339 3480  [ AB886378EEB55C6C75B4F2D14B6C869F ] C:\Windows\System32\drivers\WUDFPf.sys
22:54:01.0339 3480  C:\Windows\System32\drivers\WUDFPf.sys - ok
22:54:01.0354 3480  [ B20F051B03A966392364C83F009F7D17 ] C:\Windows\System32\WUDFSvc.dll
22:54:01.0354 3480  C:\Windows\System32\WUDFSvc.dll - ok
22:54:01.0370 3480  [ 7E236CC26FF0C2513819FA453E2C5371 ] C:\Windows\System32\icaapi.dll
22:54:01.0370 3480  C:\Windows\System32\icaapi.dll - ok
22:54:01.0385 3480  [ 7961AAD46149CD5510DD405FA5DE1D3F ] C:\Windows\System32\vmictimeprovider.dll
22:54:01.0385 3480  C:\Windows\System32\vmictimeprovider.dll - ok
22:54:01.0385 3480  [ 0BA65122FFA7E37564EE86422DBF7AE8 ] C:\Windows\SysWOW64\nlaapi.dll
22:54:01.0385 3480  C:\Windows\SysWOW64\nlaapi.dll - ok
22:54:01.0401 3480  [ 253F38D0D7074C02FF8DEB9836C97D2B ] C:\Windows\System32\drivers\scfilter.sys
22:54:01.0401 3480  C:\Windows\System32\drivers\scfilter.sys - ok
22:54:01.0417 3480  [ 93221146D4EBBF314C29B23CD6CC391D ] C:\Windows\System32\wpdbusenum.dll
22:54:01.0417 3480  C:\Windows\System32\wpdbusenum.dll - ok
22:54:01.0417 3480  [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\SysWOW64\NapiNSP.dll
22:54:01.0417 3480  C:\Windows\SysWOW64\NapiNSP.dll - ok
22:54:01.0432 3480  [ 4449D23E8F197862F1B16F1E6C89C36C ] C:\Windows\System32\diagperf.dll
22:54:01.0432 3480  C:\Windows\System32\diagperf.dll - ok
22:54:01.0448 3480  [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\SysWOW64\pnrpnsp.dll
22:54:01.0448 3480  C:\Windows\SysWOW64\pnrpnsp.dll - ok
22:54:01.0463 3480  [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\SysWOW64\winrnr.dll
22:54:01.0463 3480  C:\Windows\SysWOW64\winrnr.dll - ok
22:54:01.0479 3480  [ 988121D083B7AB61D4A7E244290BAAB0 ] C:\Windows\System32\lsmproxy.dll
22:54:01.0479 3480  C:\Windows\System32\lsmproxy.dll - ok
22:54:01.0479 3480  [ 639774C9ACD063F028F6084ABF5593AD ] C:\Windows\System32\taskhost.exe
22:54:01.0479 3480  C:\Windows\System32\taskhost.exe - ok
22:54:01.0495 3480  [ E377BBA01F34E4183C32E5BBD688CE83 ] C:\Windows\System32\regapi.dll
22:54:01.0495 3480  C:\Windows\System32\regapi.dll - ok
22:54:01.0510 3480  [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
22:54:01.0510 3480  C:\Windows\System32\pnpts.dll - ok
22:54:01.0526 3480  [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
22:54:01.0526 3480  C:\Windows\System32\perftrack.dll - ok
22:54:01.0526 3480  [ E811F8510B133E70CF6E509FB809824F ] C:\Windows\System32\wdiasqmmodule.dll
22:54:01.0541 3480  C:\Windows\System32\wdiasqmmodule.dll - ok
22:54:01.0541 3480  [ 8F69EE5E0EB0779DC3E90DFD8D8E8683 ] C:\Windows\System32\rdpcorets.dll
22:54:01.0541 3480  C:\Windows\System32\rdpcorets.dll - ok
22:54:01.0557 3480  [ A190DA6546501CB4146BBCC0B6A3F48B ] C:\Windows\System32\msiexec.exe
22:54:01.0557 3480  C:\Windows\System32\msiexec.exe - ok
22:54:01.0573 3480  [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
22:54:01.0573 3480  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
22:54:01.0588 3480  [ 92E0508D924512F63FFEEFE498CBD11F ] C:\Windows\System32\p2pcollab.dll
22:54:01.0588 3480  C:\Windows\System32\p2pcollab.dll - ok
22:54:01.0588 3480  [ 1F59B386F652A0484A3CC0B680B1132B ] C:\Windows\SysWOW64\msimsg.dll
22:54:01.0588 3480  C:\Windows\SysWOW64\msimsg.dll - ok
22:54:01.0604 3480  [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
22:54:01.0604 3480  C:\Windows\System32\wer.dll - ok
22:54:01.0619 3480  [ 79AFFC7FEEA9CD2FEFEA5EF3B631A02C ] C:\Windows\System32\ndiscapCfg.dll
22:54:01.0619 3480  C:\Windows\System32\ndiscapCfg.dll - ok
22:54:01.0635 3480  [ 3D6AF45673C4B31CDECD7F80AF09D443 ] C:\Windows\System32\rascfg.dll
22:54:01.0635 3480  C:\Windows\System32\rascfg.dll - ok
22:54:01.0635 3480  [ 1CF21800E337F4039AAD4C94B4280EE4 ] C:\Windows\System32\mprmsg.dll
22:54:01.0635 3480  C:\Windows\System32\mprmsg.dll - ok
22:54:01.0651 3480  [ 55DE45B116711881C852D2841E4C84DD ] C:\Windows\System32\tcpipcfg.dll
22:54:01.0651 3480  C:\Windows\System32\tcpipcfg.dll - ok
22:54:01.0666 3480  [ 5EB6E9C8BE1ACC5830780E0F9A846255 ] C:\Windows\System32\msi.dll
22:54:01.0666 3480  C:\Windows\System32\msi.dll - ok
22:54:01.0682 3480  [ 582AC6D9873E31DFA28A4547270862DD ] C:\Windows\System32\QAGENTRT.DLL
22:54:01.0682 3480  C:\Windows\System32\QAGENTRT.DLL - ok
22:54:01.0682 3480  [ 506A83A3BEEE9FCA09F0170DE9FC7D1B ] C:\Windows\System32\fveui.dll
22:54:01.0682 3480  C:\Windows\System32\fveui.dll - ok
22:54:01.0697 3480  [ 1B4A711265FEA91259553D7B4E83394B ] C:\Windows\System32\tlscsp.dll
22:54:01.0697 3480  C:\Windows\System32\tlscsp.dll - ok
22:54:01.0713 3480  [ 4C3DAEE652B005B483F16B8E9131C99D ] C:\Windows\System32\d3d9.dll
22:54:01.0713 3480  C:\Windows\System32\d3d9.dll - ok
22:54:01.0729 3480  [ 86987386B3A25F956760C6F43F982E47 ] C:\Windows\AppPatch\AppPatch64\AcLayers.dll
22:54:01.0729 3480  C:\Windows\AppPatch\AppPatch64\AcLayers.dll - ok
22:54:01.0729 3480  [ AC0C9CEA1218DAB1994AF8B28E680BD9 ] C:\Windows\System32\wlaninst.dll
22:54:01.0729 3480  C:\Windows\System32\wlaninst.dll - ok
22:54:01.0744 3480  [ 5A406C9C8E0880D3EABADC5DFD1ACDAE ] C:\Windows\System32\wwaninst.dll
22:54:01.0744 3480  C:\Windows\System32\wwaninst.dll - ok
22:54:01.0760 3480  [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
22:54:01.0760 3480  C:\Windows\System32\mpr.dll - ok
22:54:01.0775 3480  [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
22:54:01.0775 3480  C:\Windows\System32\SensApi.dll - ok
22:54:01.0775 3480  [ 8CFBCCDD3DF24D6194FC4B6DBDFA6383 ] C:\Windows\AppPatch\AppPatch64\AcGenral.dll
22:54:01.0775 3480  C:\Windows\AppPatch\AppPatch64\AcGenral.dll - ok
22:54:01.0791 3480  [ 3044D07ABDF4BBEA27E2EE7B1E0C0C65 ] C:\Windows\System32\d3d8thk.dll
22:54:01.0791 3480  C:\Windows\System32\d3d8thk.dll - ok
22:54:01.0807 3480  [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
22:54:01.0807 3480  C:\Windows\System32\radardt.dll - ok
22:54:01.0822 3480  [ 5B236296E233CAA6BF86BE0C6501A224 ] C:\Windows\System32\rdpcorekmts.dll
22:54:01.0822 3480  C:\Windows\System32\rdpcorekmts.dll - ok
22:54:01.0838 3480  [ 6D5DCC1579B3961D791ABDE286A1CB5E ] C:\Windows\System32\rdpwsx.dll
22:54:01.0838 3480  C:\Windows\System32\rdpwsx.dll - ok
22:54:01.0838 3480  [ 1B6163C503398B23FF8B939C67747683 ] C:\Windows\System32\drivers\rdpdr.sys
22:54:01.0838 3480  C:\Windows\System32\drivers\rdpdr.sys - ok
22:54:01.0869 3480  [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\SysWOW64\sxs.dll
22:54:01.0869 3480  C:\Windows\SysWOW64\sxs.dll - ok
22:54:01.0885 3480  [ 0B6231BF38174A1628C4AC812CC75804 ] C:\Windows\System32\SessEnv.dll
22:54:01.0885 3480  C:\Windows\System32\SessEnv.dll - ok
22:54:01.0885 3480  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] C:\Windows\System32\drivers\tdtcp.sys
22:54:01.0885 3480  C:\Windows\System32\drivers\tdtcp.sys - ok
22:54:01.0900 3480  [ E61608AA35E98999AF9AAEEEA6114B0A ] C:\Windows\System32\drivers\rdpwd.sys
22:54:01.0900 3480  C:\Windows\System32\drivers\rdpwd.sys - ok
22:54:01.0916 3480  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] C:\Windows\System32\drivers\tssecsrv.sys
22:54:01.0916 3480  C:\Windows\System32\drivers\tssecsrv.sys - ok
22:54:01.0931 3480  [ FBD879D17B26D49DD7A48FF58062FAE6 ] C:\Windows\System32\tdh.dll
22:54:01.0931 3480  C:\Windows\System32\tdh.dll - ok
22:54:01.0947 3480  [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
22:54:01.0947 3480  C:\Windows\System32\pnidui.dll - ok
22:54:01.0963 3480  [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
22:54:01.0963 3480  C:\Windows\System32\dimsjob.dll - ok
22:54:01.0978 3480  [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll
22:54:01.0978 3480  C:\Windows\System32\pautoenr.dll - ok
22:54:01.0994 3480  [ 94DFBB481BF51158B216E23C5C1C9D6E ] C:\Windows\System32\certcli.dll
22:54:01.0994 3480  C:\Windows\System32\certcli.dll - ok
22:54:01.0994 3480  [ 1EB82516F21F27EED1833B4F9FD9614E ] C:\Windows\System32\wmp.dll
22:54:01.0994 3480  C:\Windows\System32\wmp.dll - ok
22:54:01.0994 3480  [ 6C69EA6A0C308A0FB81992CAC9F39C59 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll
22:54:01.0994 3480  C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll - ok
22:54:02.0009 3480  [ F6F21358DD6BBC65BA45CA595E557611 ] C:\Windows\System32\gpscript.exe
22:54:02.0009 3480  C:\Windows\System32\gpscript.exe - ok
22:54:02.0009 3480  [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
22:54:02.0009 3480  C:\Windows\SysWOW64\gpapi.dll - ok
22:54:02.0025 3480  [ BF6D6ED5FADCEEE885BD0144ECF1BA27 ] C:\Windows\SysWOW64\ncrypt.dll
22:54:02.0025 3480  C:\Windows\SysWOW64\ncrypt.dll - ok
22:54:02.0025 3480  [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
22:54:02.0025 3480  C:\Windows\SysWOW64\bcrypt.dll - ok
22:54:02.0025 3480  [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
22:54:02.0025 3480  C:\Windows\SysWOW64\bcryptprimitives.dll - ok
22:54:02.0041 3480  [ AE84ED6A560CBC4942D0A38C51FC8B8F ] C:\Windows\SysWOW64\CCM\PolicyAgent.dll
22:54:02.0041 3480  C:\Windows\SysWOW64\CCM\PolicyAgent.dll - ok
22:54:02.0041 3480  [ 4FB491AC8D46AAF22BA8BC5C73DABEF7 ] C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
22:54:02.0041 3480  C:\Windows\SysWOW64\wbem\WmiPrvSE.exe - ok
22:54:02.0056 3480  [ A4CC7227A452C4909F9499D91B184364 ] C:\Windows\SysWOW64\ncobjapi.dll
22:54:02.0056 3480  C:\Windows\SysWOW64\ncobjapi.dll - ok
22:54:02.0056 3480  [ 471CFD948321711B5420817250D61CB6 ] C:\Windows\SysWOW64\CCM\PolicyAgentProvider.dll
22:54:02.0056 3480  C:\Windows\SysWOW64\CCM\PolicyAgentProvider.dll - ok
22:54:02.0072 3480  [ 5610B0425518D185331CB8E968D060E6 ] C:\Windows\SysWOW64\wbem\wmiutils.dll
22:54:02.0072 3480  C:\Windows\SysWOW64\wbem\wmiutils.dll - ok
22:54:02.0072 3480  [ BD9EB3958F213F96B97B1D897DEE006D ] C:\Windows\System32\hidserv.dll
22:54:02.0072 3480  C:\Windows\System32\hidserv.dll - ok
22:54:02.0087 3480  [ 5AE88135C6A86FCD67BA16AFBB1C8389 ] C:\Windows\SysWOW64\wbem\esscli.dll
22:54:02.0087 3480  C:\Windows\SysWOW64\wbem\esscli.dll - ok
22:54:02.0087 3480  [ 263B26106606A010CF877472B535E4BB ] C:\Windows\System32\CertEnroll.dll
22:54:02.0087 3480  C:\Windows\System32\CertEnroll.dll - ok
22:54:02.0087 3480  [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
22:54:02.0087 3480  C:\Windows\System32\wbem\NCProv.dll - ok
22:54:02.0103 3480  [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\SysWOW64\powrprof.dll
22:54:02.0103 3480  C:\Windows\SysWOW64\powrprof.dll - ok
22:54:02.0103 3480  [ E6410546E86DC2C8068DCA88065BD7AB ] C:\Windows\SysWOW64\wbem\WmiPerfClass.dll
22:54:02.0103 3480  C:\Windows\SysWOW64\wbem\WmiPerfClass.dll - ok
22:54:02.0119 3480  [ 487F44B08EFEAF5AD087878357B9403D ] C:\Windows\SysWOW64\pdh.dll
22:54:02.0119 3480  C:\Windows\SysWOW64\pdh.dll - ok
22:54:02.0119 3480  [ 82C089EA2A3EEFADF3588EA71E8BDADA ] C:\Windows\SysWOW64\wevtapi.dll
22:54:02.0119 3480  C:\Windows\SysWOW64\wevtapi.dll - ok
22:54:02.0119 3480  [ C02F50BBC064689FE3FCD89348C884EB ] C:\Windows\SysWOW64\netfxperf.dll
22:54:02.0119 3480  C:\Windows\SysWOW64\netfxperf.dll - ok
22:54:02.0134 3480  [ 257147843B66B67CB72AE8197DD479CD ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\PerfCounter.dll
22:54:02.0134 3480  C:\Windows\Microsoft.NET\Framework\v4.0.30319\PerfCounter.dll - ok
22:54:02.0134 3480  [ DC3078BA1B58562416C843582A42284C ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll
22:54:02.0134 3480  C:\Windows\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll - ok
22:54:02.0150 3480  [ ADD7A08E7016694FE1C73DD7498DEAD6 ] C:\Windows\SysWOW64\aspnet_counters.dll
22:54:02.0150 3480  C:\Windows\SysWOW64\aspnet_counters.dll - ok
22:54:02.0150 3480  [ F4E9693F449600A30088A0B16079F3CD ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\Aspnet_perf.dll
22:54:02.0150 3480  C:\Windows\Microsoft.NET\Framework\v4.0.30319\Aspnet_perf.dll - ok
22:54:02.0165 3480  [ 0552A8684BF7566F744D5B19FF6AEC6B ] C:\Windows\SysWOW64\bitsperf.dll
22:54:02.0165 3480  C:\Windows\SysWOW64\bitsperf.dll - ok
22:54:02.0165 3480  [ DA61EF0B5AE0B97CF2764CE54F565DC4 ] C:\Windows\SysWOW64\FrameworkPerf.dll
22:54:02.0165 3480  C:\Windows\SysWOW64\FrameworkPerf.dll - ok
22:54:02.0165 3480  [ E697CD9824B583865E673A599B426E0B ] C:\Windows\SysWOW64\ccmperf.dll
22:54:02.0165 3480  C:\Windows\SysWOW64\ccmperf.dll - ok
22:54:02.0181 3480  [ 8C9179609935F84202028849112D355A ] C:\Windows\SysWOW64\esentprf.dll
22:54:02.0181 3480  C:\Windows\SysWOW64\esentprf.dll - ok
22:54:02.0181 3480  [ A113AFEED3159A1ED52D78CB0226006D ] C:\Windows\SysWOW64\secur32.dll
22:54:02.0181 3480  C:\Windows\SysWOW64\secur32.dll - ok
22:54:02.0197 3480  [ E991956ACE9E57BFB9F8BB077D11B34E ] C:\Windows\SysWOW64\msdtcuiu.dll
22:54:02.0197 3480  C:\Windows\SysWOW64\msdtcuiu.dll - ok
22:54:02.0197 3480  [ 19B8C44BC54C7859E57E0EC1312D5B92 ] C:\Windows\SysWOW64\msdtcprx.dll
22:54:02.0197 3480  C:\Windows\SysWOW64\msdtcprx.dll - ok
22:54:02.0197 3480  [ 8483DD8F87DBE86AAB55BBF95C207061 ] C:\Windows\SysWOW64\mtxclu.dll
22:54:02.0197 3480  C:\Windows\SysWOW64\mtxclu.dll - ok
22:54:02.0212 3480  [ AE9898D5600A232CD8AE3298692162E5 ] C:\Windows\SysWOW64\clusapi.dll
22:54:02.0212 3480  C:\Windows\SysWOW64\clusapi.dll - ok
22:54:02.0212 3480  [ 1128637CAD49A8E3C8B5FA5D0A061525 ] C:\Windows\SysWOW64\cryptdll.dll
22:54:02.0212 3480  C:\Windows\SysWOW64\cryptdll.dll - ok
22:54:02.0228 3480  [ 2AF094C822BD6094F14A8E85FB51D52A ] C:\Windows\SysWOW64\resutils.dll
22:54:02.0228 3480  C:\Windows\SysWOW64\resutils.dll - ok
22:54:02.0228 3480  [ 38B13C0DF479DBA23ECFA815159BA86E ] C:\Windows\SysWOW64\ktmw32.dll
22:54:02.0228 3480  C:\Windows\SysWOW64\ktmw32.dll - ok
22:54:02.0228 3480  [ 2DC6285EC4F902BE08E7C5FA6D3FD017 ] C:\Windows\SysWOW64\msscntrs.dll
22:54:02.0228 3480  C:\Windows\SysWOW64\msscntrs.dll - ok
22:54:02.0243 3480  [ 6A3B2480EEB8BA5FF409AFB0391F5675 ] C:\PROGRA~2\MICROS~3\Office14\OLMAPI32.DLL
22:54:02.0243 3480  C:\PROGRA~2\MICROS~3\Office14\OLMAPI32.DLL - ok
22:54:02.0243 3480  [ DB001FAEA818AE2E14A74E0ADC530FC0 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcp90.dll
22:54:02.0243 3480  C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcp90.dll - ok
22:54:02.0259 3480  [ A00D2AAF88FD04652C6BB355074F79C6 ] C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSO.DLL
22:54:02.0259 3480  C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSO.DLL - ok
22:54:02.0259 3480  [ B92E9318F7E4AEF633B8EC3A873565AF ] C:\Windows\SysWOW64\perfdisk.dll
22:54:02.0259 3480  C:\Windows\SysWOW64\perfdisk.dll - ok
22:54:02.0259 3480  [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
22:54:02.0259 3480  C:\Windows\System32\PortableDeviceApi.dll - ok
22:54:02.0275 3480  [ A293DCD756D04D8492A750D03B9A297C ] C:\Windows\System32\umrdp.dll
22:54:02.0275 3480  C:\Windows\System32\umrdp.dll - ok
22:54:02.0275 3480  [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
22:54:02.0275 3480  C:\Windows\System32\Apphlpdm.dll - ok
22:54:02.0290 3480  [ 8ABFE00F213F2571498F1B8FD7939A98 ] C:\Windows\System32\WUDFHost.exe
22:54:02.0290 3480  C:\Windows\System32\WUDFHost.exe - ok
22:54:02.0290 3480  [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
22:54:02.0290 3480  C:\Windows\System32\PortableDeviceConnectApi.dll - ok
22:54:02.0306 3480  [ 5D0F03EEF3205F66ECFBE72A7CBBAD1F ] C:\Windows\System32\winusb.dll
22:54:02.0306 3480  C:\Windows\System32\winusb.dll - ok
22:54:02.0306 3480  [ 25AE683DCB4AE7E6F1B193A0CB9DB35F ] C:\Windows\System32\WUDFx.dll
22:54:02.0306 3480  C:\Windows\System32\WUDFx.dll - ok
22:54:02.0306 3480  [ 8691A502CFF70D360372A86434A8C723 ] C:\Windows\System32\drivers\UMDF\WUDFUsbccidDriver.dll
22:54:02.0306 3480  C:\Windows\System32\drivers\UMDF\WUDFUsbccidDriver.dll - ok
22:54:02.0321 3480  [ 1ACC2484F3F111D577ABE4FFB1CAF2A5 ] C:\Windows\SysWOW64\perfnet.dll
22:54:02.0321 3480  C:\Windows\SysWOW64\perfnet.dll - ok
22:54:02.0321 3480  [ 72910F1DEB838E6E08A9017BFB7D4F0B ] C:\Windows\SysWOW64\browcli.dll
22:54:02.0321 3480  C:\Windows\SysWOW64\browcli.dll - ok
22:54:02.0337 3480  [ 6FA41E0C86EF049A12C05CA4BBA8F9AF ] C:\Windows\SysWOW64\perfos.dll
22:54:02.0337 3480  C:\Windows\SysWOW64\perfos.dll - ok
22:54:02.0337 3480  [ 752F8E96BAB993517838315508FB82CB ] C:\Windows\SysWOW64\perfproc.dll
22:54:02.0337 3480  C:\Windows\SysWOW64\perfproc.dll - ok
22:54:02.0337 3480  [ 6E608664EBEEAB5A03BA32324016695B ] C:\Windows\SysWOW64\rasctrs.dll
22:54:02.0337 3480  C:\Windows\SysWOW64\rasctrs.dll - ok
22:54:02.0353 3480  [ 5BBD1F824741AA1FDA9A9DFD3A9D5416 ] C:\Windows\SysWOW64\tapiperf.dll
22:54:02.0353 3480  C:\Windows\SysWOW64\tapiperf.dll - ok
22:54:02.0353 3480  [ BA32509D9B340162327B341013DE6522 ] C:\Windows\SysWOW64\tapi32.dll
22:54:02.0353 3480  C:\Windows\SysWOW64\tapi32.dll - ok
22:54:02.0368 3480  [ EDD2AD141DEBD425D74A52A4D7BE6AC4 ] C:\Windows\SysWOW64\perfctrs.dll
22:54:02.0368 3480  C:\Windows\SysWOW64\perfctrs.dll - ok
22:54:02.0368 3480  [ FB1BA42D1A1440E99C6B8667E141CFB1 ] C:\Windows\SysWOW64\perfts.dll
22:54:02.0368 3480  C:\Windows\SysWOW64\perfts.dll - ok
22:54:02.0368 3480  [ D25958B2A71EF488959272878EF934BE ] C:\Windows\SysWOW64\utildll.dll
22:54:02.0368 3480  C:\Windows\SysWOW64\utildll.dll - ok
22:54:02.0384 3480  [ 68ECCA523ED760AAFC03C5D587569859 ] C:\Windows\SysWOW64\samcli.dll
22:54:02.0384 3480  C:\Windows\SysWOW64\samcli.dll - ok
22:54:02.0384 3480  [ 109007869CB95CBD9B92FDF35B96D7B5 ] C:\Windows\SysWOW64\usbperf.dll
22:54:02.0384 3480  C:\Windows\SysWOW64\usbperf.dll - ok
22:54:02.0399 3480  [ 91429E9A7458899034952047B2B58842 ] C:\Windows\SysWOW64\wbem\WmiApRpl.dll
22:54:02.0399 3480  C:\Windows\SysWOW64\wbem\WmiApRpl.dll - ok
22:54:02.0399 3480  [ 529879612A7FAE235914E3AA6A9A669C ] C:\Windows\SysWOW64\loadperf.dll
22:54:02.0399 3480  C:\Windows\SysWOW64\loadperf.dll - ok
22:54:02.0415 3480  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] C:\Windows\System32\wbem\WmiApSrv.exe
22:54:02.0415 3480  C:\Windows\System32\wbem\WmiApSrv.exe - ok
22:54:02.0415 3480  [ 9FE3ED67345F0FF829A4A53B90E09672 ] C:\Windows\System32\loadperf.dll
22:54:02.0415 3480  C:\Windows\System32\loadperf.dll - ok
22:54:02.0415 3480  [ 465DBF63A5049E4DB4BC5C12FFE781CB ] C:\Windows\SysWOW64\tquery.dll
22:54:02.0415 3480  C:\Windows\SysWOW64\tquery.dll - ok
22:54:02.0431 3480  [ 619A67C9F617B7E69315BB28ECD5E1DF ] C:\Windows\System32\wbem\WmiPrvSE.exe
22:54:02.0431 3480  C:\Windows\System32\wbem\WmiPrvSE.exe - ok
22:54:02.0431 3480  [ 07AD88DF9EF73215458867EFC1BFFE9E ] C:\Windows\System32\wbem\wmiprov.dll
22:54:02.0431 3480  C:\Windows\System32\wbem\wmiprov.dll - ok
22:54:02.0446 3480  [ A16195753E7C603FB732C53FE08C64BF ] C:\Windows\SysWOW64\wbem\WmiPerfInst.dll
22:54:02.0446 3480  C:\Windows\SysWOW64\wbem\WmiPerfInst.dll - ok
22:54:02.0446 3480  [ 0464F693C59CC02CF261DE7E4D33E5B7 ] C:\Windows\System32\wbem\WmiPerfClass.dll
22:54:02.0446 3480  C:\Windows\System32\wbem\WmiPerfClass.dll - ok
22:54:02.0446 3480  [ CF6850A72BEB4845A3BFFB3F5E8014B2 ] C:\Windows\System32\pdh.dll
22:54:02.0446 3480  C:\Windows\System32\pdh.dll - ok
22:54:02.0462 3480  [ A08C010D859F8EB42BDD7E1D55B8CA27 ] C:\Windows\System32\mscoree.dll
22:54:02.0462 3480  C:\Windows\System32\mscoree.dll - ok
22:54:02.0462 3480  [ 0F02C3FF97EAB0D8295854D6C4F82BEE ] C:\Windows\System32\netfxperf.dll
22:54:02.0462 3480  C:\Windows\System32\netfxperf.dll - ok
22:54:02.0462 3480  [ AA794B099F776B37ACCDEAD00E0FBFC9 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
22:54:02.0462 3480  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
22:54:02.0477 3480  [ 60A12C094689484B7556ED9BF930E0B8 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\PerfCounter.dll
22:54:02.0477 3480  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\PerfCounter.dll - ok
22:54:02.0477 3480  [ CB21CD39637AC13F3455454B2F648257 ] C:\Windows\System32\msvcr100_clr0400.dll
22:54:02.0477 3480  C:\Windows\System32\msvcr100_clr0400.dll - ok
22:54:02.0493 3480  [ C5C3575BD6D6F9BF6BF8C1714AD18FA5 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CORPerfMonExt.dll
22:54:02.0493 3480  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CORPerfMonExt.dll - ok
22:54:02.0493 3480  [ 413801C6C7FE1AAD4E946BD1BCEBCBC8 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Aspnet_perf.dll
22:54:02.0493 3480  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Aspnet_perf.dll - ok
22:54:02.0493 3480  [ B2D08488A32EAFCECF8BD19B5BD1294F ] C:\Windows\System32\aspnet_counters.dll
22:54:02.0493 3480  C:\Windows\System32\aspnet_counters.dll - ok
22:54:02.0509 3480  [ 29409ED7400CA5BCCC30C0EE5147A60D ] C:\Windows\System32\bitsperf.dll
22:54:02.0509 3480  C:\Windows\System32\bitsperf.dll - ok
22:54:02.0509 3480  [ BFCCB94CBCE9A3CE51F8F4B7E15EC7D7 ] C:\Windows\System32\esentprf.dll
22:54:02.0509 3480  C:\Windows\System32\esentprf.dll - ok
22:54:02.0524 3480  [ 5E0943036CB6C0779E17E21BF19EE6AB ] C:\Windows\System32\msdtcuiu.dll
22:54:02.0524 3480  C:\Windows\System32\msdtcuiu.dll - ok
22:54:02.0524 3480  [ 60A92D87B1473294574C331F9D0E8C20 ] C:\Windows\System32\msdtcprx.dll
22:54:02.0524 3480  C:\Windows\System32\msdtcprx.dll - ok
22:54:02.0540 3480  [ ACB4F32174EB5066D4684369CEA925E9 ] C:\Windows\System32\mtxclu.dll
22:54:02.0540 3480  C:\Windows\System32\mtxclu.dll - ok
22:54:02.0540 3480  [ 093747DAE1C1A7F6DEA8D16E26D4F648 ] C:\Windows\System32\msscntrs.dll
22:54:02.0540 3480  C:\Windows\System32\msscntrs.dll - ok
22:54:02.0540 3480  [ 5EC49EF61A278F8CE6A2D0C96BA8CEB3 ] C:\Program Files\Microsoft Security Client\Antimalware\NisPerformanceProvider.dll
22:54:02.0540 3480  C:\Program Files\Microsoft Security Client\Antimalware\NisPerformanceProvider.dll - ok
22:54:02.0555 3480  [ 807EB11BD87CD9026906FB79015414CE ] C:\Windows\System32\perfdisk.dll
22:54:02.0555 3480  C:\Windows\System32\perfdisk.dll - ok
22:54:02.0555 3480  [ 00499168B9CC556647590707E6701ADB ] C:\Windows\System32\perfnet.dll
22:54:02.0555 3480  C:\Windows\System32\perfnet.dll - ok
22:54:02.0571 3480  [ 012787CEB35505EB78DF82E0A0072888 ] C:\Windows\System32\browcli.dll
22:54:02.0571 3480  C:\Windows\System32\browcli.dll - ok
22:54:02.0571 3480  [ E601860AA04CE2198DBC6AC2AF80AFF7 ] C:\Windows\System32\perfos.dll
22:54:02.0571 3480  C:\Windows\System32\perfos.dll - ok
22:54:02.0571 3480  [ B466E673B5E219520A12B40F1289E455 ] C:\Windows\System32\perfproc.dll
22:54:02.0571 3480  C:\Windows\System32\perfproc.dll - ok
22:54:02.0587 3480  [ 40BF963CBE064A1A72C3230C22C6D352 ] C:\Windows\System32\rasctrs.dll
22:54:02.0587 3480  C:\Windows\System32\rasctrs.dll - ok
22:54:02.0587 3480  [ C6238A6D6663567576D1624463864F3C ] C:\Windows\System32\tapiperf.dll
22:54:02.0587 3480  C:\Windows\System32\tapiperf.dll - ok
22:54:02.0602 3480  [ 8056A3E51B569C3F437A5026A0ABE66D ] C:\Windows\System32\perfctrs.dll
22:54:02.0602 3480  C:\Windows\System32\perfctrs.dll - ok
22:54:02.0602 3480  [ E1A20227B09B3A7BCC523294ED9BBA69 ] C:\Windows\System32\perfts.dll
22:54:02.0602 3480  C:\Windows\System32\perfts.dll - ok
22:54:02.0602 3480  [ BAFBBD9D6A9FF4085036C25D060A754C ] C:\Windows\System32\utildll.dll
22:54:02.0602 3480  C:\Windows\System32\utildll.dll - ok
22:54:02.0618 3480  [ B3BA3CB8515B27110A4791DCE9EEF402 ] C:\Windows\System32\usbperf.dll
22:54:02.0618 3480  C:\Windows\System32\usbperf.dll - ok
22:54:02.0618 3480  [ 677CCEADE829839BB8979190A251B09C ] C:\Windows\System32\wbem\WmiApRpl.dll
22:54:02.0618 3480  C:\Windows\System32\wbem\WmiApRpl.dll - ok
22:54:02.0633 3480  [ 589DF683A6C81424A6CECE52ABF98A50 ] C:\Windows\System32\tquery.dll
22:54:02.0633 3480  C:\Windows\System32\tquery.dll - ok
22:54:02.0633 3480  [ 1DCCC105D453A6D3BAD126C15F566860 ] C:\Windows\System32\ieframe.dll
22:54:02.0633 3480  C:\Windows\System32\ieframe.dll - ok
22:54:02.0633 3480  [ 1BCDB508143B517F21BBDAC10F5777BF ] C:\Windows\System32\conhost.exe
22:54:02.0633 3480  C:\Windows\System32\conhost.exe - ok
22:54:02.0649 3480  [ 4EBBC2B0AD7F9075AE9D6835D2A62B6E ] C:\Windows\System32\sc.exe
22:54:02.0649 3480  C:\Windows\System32\sc.exe - ok
22:54:02.0649 3480  [ 6A1B51F414E2F83ECC2B9AFA0121FEF6 ] C:\Windows\System32\sysclass.dll
22:54:02.0649 3480  C:\Windows\System32\sysclass.dll - ok
22:54:02.0665 3480  [ 48EC7F715473871E69549BD212B81241 ] C:\Windows\System32\Storprop.dll
22:54:02.0665 3480  C:\Windows\System32\Storprop.dll - ok
22:54:02.0665 3480  [ E0B340996A41C9A75DFA3B99BBA9C500 ] C:\Windows\System32\SearchIndexer.exe
22:54:02.0665 3480  C:\Windows\System32\SearchIndexer.exe - ok
22:54:02.0665 3480  [ 7568CC720ACE4D03B84AF97817E745EF ] C:\Windows\System32\mssrch.dll
22:54:02.0665 3480  C:\Windows\System32\mssrch.dll - ok
22:54:02.0680 3480  [ 522B0466ED967A0762E9AF5B37D8F40A ] C:\Windows\System32\esent.dll
22:54:02.0680 3480  C:\Windows\System32\esent.dll - ok
22:54:02.0680 3480  [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
22:54:02.0680 3480  C:\Windows\System32\msidle.dll - ok
22:54:02.0696 3480  [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
22:54:02.0696 3480  C:\Windows\System32\en-US\tquery.dll.mui - ok
22:54:02.0696 3480  [ D9E21CBF9E6A87847AFFD39EA3FA28EE ] C:\Windows\System32\SearchProtocolHost.exe
22:54:02.0696 3480  C:\Windows\System32\SearchProtocolHost.exe - ok
22:54:02.0696 3480  [ D2A5B2B09F2AF5ED13BF494508B09788 ] C:\Windows\System32\msshooks.dll
22:54:02.0696 3480  C:\Windows\System32\msshooks.dll - ok
22:54:02.0711 3480  [ 49A3AD5CE578CD77F445F3D244AEAB2D ] C:\Windows\System32\SearchFilterHost.exe
22:54:02.0711 3480  C:\Windows\System32\SearchFilterHost.exe - ok
22:54:02.0711 3480  [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
22:54:02.0711 3480  C:\Windows\System32\mssprxy.dll - ok
22:54:02.0727 3480  [ 48041BAEB60CE5F34F13CC2A1361E49C ] C:\Windows\System32\mssph.dll
22:54:02.0727 3480  C:\Windows\System32\mssph.dll - ok
22:54:02.0727 3480  [ 8F4BB0CFECED925D440ABC2481278360 ] C:\Windows\System32\mapi32.dll
22:54:02.0727 3480  C:\Windows\System32\mapi32.dll - ok
22:54:02.0727 3480  [ 01E2855FB06C422E721D890AF201C2D7 ] C:\Windows\System32\NaturalLanguage6.dll
22:54:02.0727 3480  C:\Windows\System32\NaturalLanguage6.dll - ok
22:54:02.0743 3480  [ 701D9F5F3F21580936638D5C5F86B460 ] C:\Windows\System32\NlsData0009.dll
22:54:02.0743 3480  C:\Windows\System32\NlsData0009.dll - ok
22:54:02.0743 3480  [ 148A733B93A2AC104280495DA09D3CC2 ] C:\Windows\System32\NlsLexicons0009.dll
22:54:02.0743 3480  C:\Windows\System32\NlsLexicons0009.dll - ok
22:54:02.0758 3480  [ 76D86E65FF7D10292886A1F2DB93A911 ] C:\Windows\System32\ELSCore.dll
22:54:02.0758 3480  C:\Windows\System32\ELSCore.dll - ok
22:54:02.0758 3480  [ 12929BDE96189F4E968AD035573424F0 ] C:\Windows\System32\elsTrans.dll
22:54:02.0758 3480  C:\Windows\System32\elsTrans.dll - ok
22:54:02.0758 3480  [ AEE087CF7423BA44CC2DE03CC565E399 ] C:\Windows\System32\elslad.dll
22:54:02.0758 3480  C:\Windows\System32\elslad.dll - ok
22:54:02.0774 3480  [ 11542EC1F1C53EDB3CCF5AADF4C9972F ] C:\Windows\System32\NlsData0000.dll
22:54:02.0774 3480  C:\Windows\System32\NlsData0000.dll - ok
22:54:02.0774 3480  [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
22:54:02.0774 3480  C:\Windows\System32\dllhost.exe - ok
22:54:02.0789 3480  [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
22:54:02.0789 3480  C:\Windows\System32\IDStore.dll - ok
22:54:02.0789 3480  [ 5F639198C4137075DA50E61C23963C11 ] C:\Windows\System32\drprov.dll
22:54:02.0789 3480  C:\Windows\System32\drprov.dll - ok
22:54:02.0789 3480  [ BC566D17914B07ABAAB3A5A385CC3300 ] C:\Windows\System32\ntlanman.dll
22:54:02.0789 3480  C:\Windows\System32\ntlanman.dll - ok
22:54:02.0805 3480  [ B3A33600DCDFB84D7FBE09ADEB1C9B8A ] C:\Windows\System32\davclnt.dll
22:54:02.0805 3480  C:\Windows\System32\davclnt.dll - ok
22:54:02.0805 3480  [ 45B24A357C801CE62052FE0CDC8BD4D2 ] C:\Windows\System32\davhlpr.dll
22:54:02.0805 3480  C:\Windows\System32\davhlpr.dll - ok
22:54:02.0821 3480  [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
22:54:02.0821 3480  C:\Windows\System32\PlaySndSrv.dll - ok
22:54:02.0821 3480  [ 65EA57712340C09B1B0C427B4848AE05 ] C:\Windows\System32\taskeng.exe
22:54:02.0821 3480  C:\Windows\System32\taskeng.exe - ok
22:54:02.0821 3480  [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
22:54:02.0821 3480  C:\Windows\System32\MsCtfMonitor.dll - ok
22:54:02.0836 3480  [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
22:54:02.0836 3480  C:\Windows\System32\msutb.dll - ok
22:54:02.0836 3480  [ 9BB99503D6A4DD62569EDE9E5E2672A5 ] C:\Windows\System32\HotStartUserAgent.dll
22:54:02.0836 3480  C:\Windows\System32\HotStartUserAgent.dll - ok
22:54:02.0852 3480  [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
22:54:02.0852 3480  C:\Windows\System32\userinit.exe - ok
22:54:02.0852 3480  [ 805A52C5AE26C28E88FDD9BCCFE6F312 ] C:\Windows\System32\TSChannel.dll
22:54:02.0852 3480  C:\Windows\System32\TSChannel.dll - ok
22:54:02.0867 3480  [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
22:54:02.0867 3480  C:\Windows\System32\dwm.exe - ok
22:54:02.0867 3480  [ 506708142BC63DABA64F2D3AD1DCD5BF ] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:54:02.0867 3480  C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - ok
22:54:02.0867 3480  [ FCFCD1101C5DA23B4B95F93D02B2C169 ] C:\Windows\System32\dwmredir.dll
22:54:02.0867 3480  C:\Windows\System32\dwmredir.dll - ok
22:54:02.0883 3480  [ 4BA77A5EF71C14C764B0ED4701683E3E ] C:\Windows\System32\dwmcore.dll
22:54:02.0883 3480  C:\Windows\System32\dwmcore.dll - ok
22:54:02.0883 3480  [ E1374D37477322D4956604711008C69D ] C:\Windows\System32\d3d10_1.dll
22:54:02.0883 3480  C:\Windows\System32\d3d10_1.dll - ok
22:54:02.0899 3480  [ 426BA4E737A7988FD1202AF2F2B2F4A6 ] C:\Windows\System32\d3d10_1core.dll
22:54:02.0899 3480  C:\Windows\System32\d3d10_1core.dll - ok
22:54:02.0899 3480  [ F404E59DB6A0F122AB26BF4F3E2FD0FA ] C:\Windows\System32\dxgi.dll
22:54:02.0899 3480  C:\Windows\System32\dxgi.dll - ok
22:54:02.0899 3480  [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe
22:54:02.0899 3480  C:\Windows\explorer.exe - ok
22:54:02.0914 3480  [ 758D99511FD82B6C55E70494039E9F1A ] C:\Program Files (x86)\Google\Update\1.3.21.145\goopdate.dll
22:54:02.0914 3480  C:\Program Files (x86)\Google\Update\1.3.21.145\goopdate.dll - ok
22:54:02.0914 3480  [ AACDBECCD4B9BB0CC2C668E435F6DC98 ] C:\Windows\System32\nvwgf2umx.dll
22:54:02.0914 3480  C:\Windows\System32\nvwgf2umx.dll - ok
22:54:02.0930 3480  [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\SysWOW64\imagehlp.dll
22:54:02.0930 3480  C:\Windows\SysWOW64\imagehlp.dll - ok
22:54:02.0930 3480  [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\SysWOW64\cscapi.dll
22:54:02.0930 3480  C:\Windows\SysWOW64\cscapi.dll - ok
22:54:02.0930 3480  [ 76B35CB0F3A4E69D6DFF27F542B9F856 ] C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
22:54:02.0930 3480  C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe - ok
22:54:02.0945 3480  [ 4E252E85E5DC31BD645E809222AFAF27 ] C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
22:54:02.0945 3480  C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe - ok
22:54:02.0945 3480  [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
22:54:02.0945 3480  C:\Windows\System32\ExplorerFrame.dll - ok
22:54:02.0961 3480  [ A7A8CA53D9C9FD90C07AB0EB38E5316B ] C:\Windows\System32\dbghelp.dll
22:54:02.0961 3480  C:\Windows\System32\dbghelp.dll - ok
22:54:02.0961 3480  [ 06C6EF27F6236406013E00B547DE95F4 ] C:\Windows\System32\AcSignIcon.dll
22:54:02.0961 3480  C:\Windows\System32\AcSignIcon.dll - ok
22:54:02.0961 3480  [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll
22:54:02.0961 3480  C:\Windows\System32\uDWM.dll - ok
22:54:02.0977 3480  [ C5A99A4C0DC9F0F5A95BA0C83D30A549 ] C:\Windows\SysWOW64\mstask.dll
22:54:02.0977 3480  C:\Windows\SysWOW64\mstask.dll - ok
22:54:02.0977 3480  [ 76168DD534E0ADF0F30F0CA809525FCE ] C:\Windows\System32\mfc100u.dll
22:54:02.0977 3480  C:\Windows\System32\mfc100u.dll - ok
22:54:02.0992 3480  [ DF3CA8D16BDED6A54977B30E66864D33 ] C:\Windows\System32\msvcr100.dll
22:54:02.0992 3480  C:\Windows\System32\msvcr100.dll - ok
22:54:02.0992 3480  [ 91D051930E1AC33FBD9014FF3CB9B5BD ] C:\Windows\System32\mfc100enu.dll
22:54:02.0992 3480  C:\Windows\System32\mfc100enu.dll - ok
22:54:02.0992 3480  [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
22:54:02.0992 3480  C:\Windows\System32\EhStorShell.dll - ok
22:54:03.0008 3480  [ F1D2ABA7038E01F7465E36F2057E7C13 ] C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
22:54:03.0008 3480  C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL - ok
22:54:03.0008 3480  [ 0D7BE936A44E6B70F822D272A5CEBC22 ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\msvcr90.dll
22:54:03.0008 3480  C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\msvcr90.dll - ok
22:54:03.0023 3480  [ BE165318E0052A91F7EA36F515B5F2B1 ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\msvcp90.dll
22:54:03.0023 3480  C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\msvcp90.dll - ok
22:54:03.0023 3480  [ 18E756E0FE2FFCD5DE35F6B9F91244A6 ] C:\Windows\winsxs\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_0a1d2fcba76b3f00\ATL90.dll
22:54:03.0023 3480  C:\Windows\winsxs\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_0a1d2fcba76b3f00\ATL90.dll - ok
22:54:03.0039 3480  [ 5ABAEB53E6ECF7878A5C4C4ABED92050 ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\OFFICE.ODF
22:54:03.0039 3480  C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\OFFICE.ODF - ok
22:54:03.0039 3480  [ 66E3C667D853DF349E310568F60B9B6A ] C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
22:54:03.0039 3480  C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll - ok
22:54:03.0039 3480  [ 32802C0F6FC7C8F561B9D91F52A46421 ] C:\Windows\System32\cscui.dll
22:54:03.0039 3480  C:\Windows\System32\cscui.dll - ok
22:54:03.0055 3480  [ 7EE5F17A21D9A9101207DF4BC37B085D ] C:\Windows\System32\cscdll.dll
22:54:03.0055 3480  C:\Windows\System32\cscdll.dll - ok
22:54:03.0055 3480  [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll
22:54:03.0055 3480  C:\Windows\System32\ntshrui.dll - ok
22:54:03.0070 3480  [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
22:54:03.0070 3480  C:\Windows\System32\IconCodecService.dll - ok
22:54:03.0070 3480  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] C:\Windows\System32\appinfo.dll
22:54:03.0070 3480  C:\Windows\System32\appinfo.dll - ok
22:54:03.0086 3480  [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
22:54:03.0086 3480  C:\Windows\System32\aelupsvc.dll - ok
22:54:03.0086 3480  [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
22:54:03.0086 3480  C:\Windows\System32\runonce.exe - ok
22:54:03.0086 3480  [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
22:54:03.0086 3480  C:\Windows\SysWOW64\runonce.exe - ok
22:54:03.0101 3480  [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\SysWOW64\propsys.dll
22:54:03.0101 3480  C:\Windows\SysWOW64\propsys.dll - ok
22:54:03.0101 3480  [ FB8C6A46EAF7585D2CA8583C4C9A8EDF ] C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
22:54:03.0101 3480  C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL - ok
22:54:03.0117 3480  [ 78B62E4C13378F737603136975A07E1A ] C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.dll
22:54:03.0117 3480  C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.dll - ok
22:54:03.0133 3480  [ 74624AEE2D3814E91F60619827DAD662 ] C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
22:54:03.0133 3480  C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF - ok
22:54:03.0133 3480  [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\SysWOW64\cmd.exe
22:54:03.0133 3480  C:\Windows\SysWOW64\cmd.exe - ok
22:54:03.0148 3480  [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
22:54:03.0148 3480  C:\Windows\SysWOW64\winbrand.dll - ok
22:54:03.0148 3480  [ CE12A0DC20B543779A5DAD795297A6EB ] C:\Windows\SysWOW64\ieframe.dll
22:54:03.0148 3480  C:\Windows\SysWOW64\ieframe.dll - ok
22:54:03.0148 3480  [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\SysWOW64\oleacc.dll
22:54:03.0148 3480  C:\Windows\SysWOW64\oleacc.dll - ok
22:54:03.0164 3480  [ BE247AE996A9FDE007A27B51413A6C79 ] C:\Windows\SysWOW64\shdocvw.dll
22:54:03.0164 3480  C:\Windows\SysWOW64\shdocvw.dll - ok
22:54:03.0164 3480  [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\hsutherl\AppData\Local\Temp\FAAB0502-3FAE-4AC6-9707-FF1D4DD1FBED.exe
22:54:03.0164 3480  C:\Users\hsutherl\AppData\Local\Temp\FAAB0502-3FAE-4AC6-9707-FF1D4DD1FBED.exe - ok
22:54:03.0179 3480  [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\SysWOW64\cryptnet.dll
22:54:03.0179 3480  C:\Windows\SysWOW64\cryptnet.dll - ok
22:54:03.0179 3480  [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
22:54:03.0179 3480  C:\Windows\SysWOW64\SensApi.dll - ok
22:54:03.0195 3480  [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll
22:54:03.0195 3480  C:\Windows\SysWOW64\winhttp.dll - ok
22:54:03.0195 3480  [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll
22:54:03.0195 3480  C:\Windows\SysWOW64\webio.dll - ok
22:54:03.0195 3480  [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
22:54:03.0195 3480  C:\Windows\SysWOW64\credssp.dll - ok
22:54:03.0211 3480  [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
22:54:03.0211 3480  C:\Windows\System32\rasdlg.dll - ok
22:54:03.0211 3480  [ 1DB71A41DAEE6B3F8CD0DDA8209FA2D5 ] C:\Windows\SysWOW64\WindowsCodecs.dll
22:54:03.0211 3480  C:\Windows\SysWOW64\WindowsCodecs.dll - ok
22:54:03.0226 3480  [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
22:54:03.0226 3480  C:\Windows\SysWOW64\EhStorShell.dll - ok
22:54:03.0226 3480  [ 676CCC08D9E9A3F4CA39CB04E97048DF ] C:\PROGRA~2\MICROS~3\Office14\1033\GrooveIntlResource.dll
22:54:03.0226 3480  C:\PROGRA~2\MICROS~3\Office14\1033\GrooveIntlResource.dll - ok
22:54:03.0226 3480  [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\SysWOW64\ntshrui.dll
22:54:03.0226 3480  C:\Windows\SysWOW64\ntshrui.dll - ok
22:54:03.0242 3480  [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
22:54:03.0242 3480  C:\Windows\SysWOW64\slc.dll - ok
22:54:03.0242 3480  [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
22:54:03.0242 3480  C:\Windows\SysWOW64\imageres.dll - ok
22:54:03.0257 3480  [ 96C450ECE93C0C84BFA83555EBEA157F ] C:\Windows\SysWOW64\CCM\SrcUpdateMgr.dll
22:54:03.0257 3480  C:\Windows\SysWOW64\CCM\SrcUpdateMgr.dll - ok
22:54:03.0257 3480  [ 91CD4D7AAE98150CE63DCC38EE6D0C60 ] C:\Windows\SysWOW64\CCM\CcmDTS.dll
22:54:03.0257 3480  C:\Windows\SysWOW64\CCM\CcmDTS.dll - ok
22:54:03.0257 3480  [ 3603471788B0BCA891845A91C14B50EB ] C:\Windows\SysWOW64\CCM\CcmCTMNotification.dll
22:54:03.0257 3480  C:\Windows\SysWOW64\CCM\CcmCTMNotification.dll - ok
22:54:03.0273 3480  [ FF4047C964F5E2019513AEEE54782D70 ] C:\Windows\SysWOW64\CCM\smssha.dll
22:54:03.0273 3480  C:\Windows\SysWOW64\CCM\smssha.dll - ok
22:54:03.0273 3480  [ F931798C3A94478BEE548EC47EA0955A ] C:\Windows\SysWOW64\CCM\UpdatesDeployment.dll
22:54:03.0273 3480  C:\Windows\SysWOW64\CCM\UpdatesDeployment.dll - ok
22:54:03.0289 3480  [ D4E1CA768B9741B3C6143112C3EDF72F ] C:\Windows\SysWOW64\CCM\ScanAgent.dll
22:54:03.0289 3480  C:\Windows\SysWOW64\CCM\ScanAgent.dll - ok
22:54:03.0289 3480  [ 3954E070B94CBD04D5E775D5611F8066 ] C:\Windows\SysWOW64\CCM\Sched.dll
22:54:03.0289 3480  C:\Windows\SysWOW64\CCM\Sched.dll - ok
22:54:03.0304 3480  [ 8080F8DFF9E332825E7E605843A2F390 ] C:\Windows\SysWOW64\CCM\rebootcoord.dll
22:54:03.0304 3480  C:\Windows\SysWOW64\CCM\rebootcoord.dll - ok
22:54:03.0304 3480  [ 734113B929E18C20F7978B103B2CF479 ] C:\Windows\SysWOW64\CCM\RTConfiguration.dll
22:54:03.0304 3480  C:\Windows\SysWOW64\CCM\RTConfiguration.dll - ok
22:54:03.0304 3480  [ A6154A954F08E99D27CEA4D3B9563172 ] C:\Windows\SysWOW64\newdev.dll
22:54:03.0304 3480  C:\Windows\SysWOW64\newdev.dll - ok
22:54:03.0320 3480  [ 162D247E995EAEBF3EF4289069E1111C ] C:\Windows\SysWOW64\devrtl.dll
22:54:03.0320 3480  C:\Windows\SysWOW64\devrtl.dll - ok
22:54:03.0320 3480  [ 98D2D549F4B4A97AB628109AB6F0F19C ] C:\Windows\SysWOW64\CCM\UpdatesStore.dll
22:54:03.0320 3480  C:\Windows\SysWOW64\CCM\UpdatesStore.dll - ok
22:54:03.0335 3480  [ FA962A229F7E129F853CFE0712790A64 ] C:\Windows\SysWOW64\CCM\ContentAccess.dll
22:54:03.0335 3480  C:\Windows\SysWOW64\CCM\ContentAccess.dll - ok
22:54:03.0335 3480  [ 1A8C189F1BE65D44C7F816D9C521E08D ] C:\Windows\SysWOW64\CCM\CPApplet.dll
22:54:03.0335 3480  C:\Windows\SysWOW64\CCM\CPApplet.dll - ok
22:54:03.0351 3480  [ 769AD58D16C6E7314D252BDDA3B13157 ] C:\Windows\SysWOW64\CCM\CcmCTM.dll
22:54:03.0351 3480  C:\Windows\SysWOW64\CCM\CcmCTM.dll - ok
22:54:03.0351 3480  [ 44CF581237948F2742987C87E7C28E5B ] C:\Windows\SysWOW64\CCM\librdc.dll
22:54:03.0351 3480  C:\Windows\SysWOW64\CCM\librdc.dll - ok
22:54:03.0367 3480  [ DAD9E1739A0A3E86F6AD40E4A662ADFF ] C:\Windows\SysWOW64\CCM\execmgr.dll
22:54:03.0367 3480  C:\Windows\SysWOW64\CCM\execmgr.dll - ok
22:54:03.0367 3480  [ 9AA842F64141BA16947706B5C7CBC925 ] C:\Windows\SysWOW64\CCM\VAppLaunchMgr.dll
22:54:03.0367 3480  C:\Windows\SysWOW64\CCM\VAppLaunchMgr.dll - ok
22:54:03.0382 3480  [ 99EBE5D789796C952B0E86879B3EA501 ] C:\Windows\SysWOW64\CCM\SrvWinMgr.dll
22:54:03.0382 3480  C:\Windows\SysWOW64\CCM\SrvWinMgr.dll - ok
22:54:03.0382 3480  [ 1F1F60D2D5D29A8C342182EBB88E3B43 ] C:\Windows\SysWOW64\wbem\stdprov.dll
22:54:03.0382 3480  C:\Windows\SysWOW64\wbem\stdprov.dll - ok
22:54:03.0398 3480  [ F6916EFC29D9953D5D0DF06882AE8E16 ] C:\Windows\SysWOW64\es.dll
22:54:03.0398 3480  C:\Windows\SysWOW64\es.dll - ok
22:54:03.0398 3480  [ EFEFBEED50EFB289FA877C9AF275A813 ] C:\Windows\SysWOW64\CCM\StatusAgent.dll
22:54:03.0398 3480  C:\Windows\SysWOW64\CCM\StatusAgent.dll - ok
22:54:03.0413 3480  [ 701C9EB15E1E23D22F7C7184C0506673 ] C:\Windows\SysWOW64\wbem\WmiDcPrv.dll
22:54:03.0413 3480  C:\Windows\SysWOW64\wbem\WmiDcPrv.dll - ok
22:54:03.0413 3480  [ 5F865E727F969A91F69FB40AC1949742 ] C:\Windows\SysWOW64\CCM\RTEndPoint.dll
22:54:03.0413 3480  C:\Windows\SysWOW64\CCM\RTEndPoint.dll - ok
22:54:03.0429 3480  [ 2E0338E9FAA15A82FC4444AEF405311E ] C:\Windows\SysWOW64\CCM\ccmident.dll
22:54:03.0429 3480  C:\Windows\SysWOW64\CCM\ccmident.dll - ok
22:54:03.0429 3480  [ 62821D9C90F2B3C7B4D1204CCD3AA881 ] C:\Windows\SysWOW64\CCM\RCConfigRes.dll
22:54:03.0429 3480  C:\Windows\SysWOW64\CCM\RCConfigRes.dll - ok
22:54:03.0429 3480  [ C30A3E5DEEEBA22E782AC54C5AF5F352 ] C:\Windows\SysWOW64\samlib.dll
22:54:03.0429 3480  C:\Windows\SysWOW64\samlib.dll - ok
22:54:03.0445 3480  [ 6607C2182C6A53ED983813AFE2F85768 ] C:\Windows\System32\wbem\cimwin32.dll
22:54:03.0445 3480  C:\Windows\System32\wbem\cimwin32.dll - ok
22:54:03.0445 3480  [ F4CB9FF6AA4F0D3FBE707BE54BB05768 ] C:\Windows\SysWOW64\gpedit.dll
22:54:03.0445 3480  C:\Windows\SysWOW64\gpedit.dll - ok
22:54:03.0460 3480  [ 1484B9EBF567346582DE571B0E164AE0 ] C:\Windows\System32\framedynos.dll
22:54:03.0460 3480  C:\Windows\System32\framedynos.dll - ok
22:54:03.0460 3480  [ 918379B6C94AA59F567E06FB4E0E5E1B ] C:\Windows\SysWOW64\dsuiext.dll
22:54:03.0460 3480  C:\Windows\SysWOW64\dsuiext.dll - ok
22:54:03.0476 3480  [ 2F040CF0613A6D64DCBBA9EE81F5A5AE ] C:\Windows\SysWOW64\dsrole.dll
22:54:03.0476 3480  C:\Windows\SysWOW64\dsrole.dll - ok
22:54:03.0476 3480  [ C00DB14550E4BD49737F311C644E45FF ] C:\Windows\System32\wmi.dll
22:54:03.0476 3480  C:\Windows\System32\wmi.dll - ok
22:54:03.0476 3480  [ 7FAEB58D3AEA4C0A6764060A08C67579 ] C:\Windows\SysWOW64\dssec.dll
22:54:03.0476 3480  C:\Windows\SysWOW64\dssec.dll - ok
22:54:03.0491 3480  [ FB4EB9352B7D698E6B3C2AA2ED724DAD ] C:\Windows\SysWOW64\authz.dll
22:54:03.0491 3480  C:\Windows\SysWOW64\authz.dll - ok
22:54:03.0491 3480  [ 7AA994D0757EF3FDB4F3F7656E1E4D60 ] C:\Windows\SysWOW64\dfscli.dll
22:54:03.0491 3480  C:\Windows\SysWOW64\dfscli.dll - ok
22:54:03.0491 3480  [ D0481FB85BEEDD30A0884BE327880F80 ] C:\Windows\SysWOW64\framedynos.dll
22:54:03.0491 3480  C:\Windows\SysWOW64\framedynos.dll - ok
22:54:03.0507 3480  [ EC79BE98DA3FA1C6E373547F6F8B28E9 ] C:\Windows\SysWOW64\CCM\CCMAuthMessageHook.dll
22:54:03.0507 3480  C:\Windows\SysWOW64\CCM\CCMAuthMessageHook.dll - ok
22:54:03.0507 3480  [ 21F3490AA2B7429820712A91DB2964E5 ] C:\Windows\SysWOW64\CCM\smsclient.dll
22:54:03.0507 3480  C:\Windows\SysWOW64\CCM\smsclient.dll - ok
22:54:03.0523 3480  [ D4C5FCB080357C2D181D144BDF6F10F1 ] C:\Windows\SysWOW64\CCM\StatusAgentProxy.dll
22:54:03.0523 3480  C:\Windows\SysWOW64\CCM\StatusAgentProxy.dll - ok
22:54:03.0523 3480  [ BC547A33D2FE37252A52EB3C747C26D5 ] C:\Windows\SysWOW64\CCM\LSInterface.dll
22:54:03.0523 3480  C:\Windows\SysWOW64\CCM\LSInterface.dll - ok
22:54:03.0523 3480  [ 3E709F7BFA217CD3B6FC338780465E20 ] C:\Windows\SysWOW64\adsldp.dll
22:54:03.0523 3480  C:\Windows\SysWOW64\adsldp.dll - ok
22:54:03.0538 3480  [ 807B6562009E5858C93E1C0F435C0382 ] C:\Windows\SysWOW64\netbios.dll
22:54:03.0538 3480  C:\Windows\SysWOW64\netbios.dll - ok
22:54:03.0538 3480  [ 81F08948A0F1475894C99D4D19A158A8 ] C:\Windows\SysWOW64\wshqos.dll
22:54:03.0538 3480  C:\Windows\SysWOW64\wshqos.dll - ok
22:54:03.0538 3480  [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
22:54:03.0538 3480  C:\Windows\SysWOW64\sfc.dll - ok
22:54:03.0554 3480  [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
22:54:03.0554 3480  C:\Windows\SysWOW64\sfc_os.dll - ok
22:54:03.0554 3480  [ D56C13F26ADCB3BC0455DB42883F6E7D ] C:\Windows\System32\iedkcs32.dll
22:54:03.0554 3480  C:\Windows\System32\iedkcs32.dll - ok
22:54:03.0569 3480  [ 6D220604AA4240303DD8DEAEAB428377 ] C:\Windows\System32\ie4uinit.exe
22:54:03.0569 3480  C:\Windows\System32\ie4uinit.exe - ok
22:54:03.0569 3480  [ 2C647ABE9A424E55B5F3DAE4629B4277 ] C:\Windows\System32\themeui.dll
22:54:03.0569 3480  C:\Windows\System32\themeui.dll - ok
22:54:03.0585 3480  [ FB10715E4099AF9FA389C71873245226 ] C:\Windows\System32\timedate.cpl
22:54:03.0585 3480  C:\Windows\System32\timedate.cpl - ok
22:54:03.0585 3480  [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll
22:54:03.0585 3480  C:\Windows\System32\actxprxy.dll - ok
22:54:03.0601 3480  [ C4F40F6CACD796A8E16671D0E9A2F319 ] C:\Windows\System32\shdocvw.dll
22:54:03.0601 3480  C:\Windows\System32\shdocvw.dll - ok
22:54:03.0601 3480  [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
22:54:03.0601 3480  C:\Windows\System32\linkinfo.dll - ok
22:54:03.0601 3480  [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
22:54:03.0601 3480  C:\Windows\System32\msiltcfg.dll - ok
22:54:03.0616 3480  [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
22:54:03.0616 3480  C:\Windows\System32\msftedit.dll - ok
22:54:03.0616 3480  [ 7CB3ACB163DE051169095DC6507B8977 ] C:\Windows\System32\msls31.dll
22:54:03.0616 3480  C:\Windows\System32\msls31.dll - ok
22:54:03.0632 3480  [ 7DBA84667DC18877AEF693E3543DFAD7 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
22:54:03.0632 3480  C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
22:54:03.0632 3480  [ 2BCBA6052374959A30BD7948444DBB79 ] C:\Windows\System32\gameux.dll
22:54:03.0632 3480  C:\Windows\System32\gameux.dll - ok
22:54:03.0632 3480  [ 9AAD1C4C58822EDA9FDB950208F36497 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
22:54:03.0632 3480  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - ok
22:54:03.0647 3480  [ 635E73496E2BE586DF70BBA613D84987 ] C:\Windows\System32\nwiz.exe
22:54:03.0647 3480  C:\Windows\System32\nwiz.exe - ok
22:54:03.0647 3480  [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
22:54:03.0647 3480  C:\Windows\System32\DeviceCenter.dll - ok
22:54:03.0647 3480  [ DD81D91FF3B0763C392422865C9AC12E ] C:\Windows\System32\rundll32.exe
22:54:03.0647 3480  C:\Windows\System32\rundll32.exe - ok
22:54:03.0663 3480  [ 690051005AED736DA0F5DD40DA5937DB ] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
22:54:03.0663 3480  C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe - ok
22:54:03.0663 3480  [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
22:54:03.0663 3480  C:\Windows\System32\thumbcache.dll - ok
22:54:03.0679 3480  [ C5C9C4D22C277BE0CF3D620897FA00CA ] C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe
22:54:03.0679 3480  C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe - ok
22:54:03.0679 3480  [ CB0B6AFEA43EA6614735A4C21DF798DE ] C:\Windows\System32\nvhotkey.dll
22:54:03.0679 3480  C:\Windows\System32\nvhotkey.dll - ok
22:54:03.0679 3480  [ 9EF86F2FE881BFD00EAF6DBE0A90A7A8 ] C:\Windows\System32\nView64.dll
22:54:03.0679 3480  C:\Windows\System32\nView64.dll - ok
22:54:03.0694 3480  [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll
22:54:03.0694 3480  C:\Windows\System32\UIAnimation.dll - ok
22:54:03.0694 3480  [ 60C76D457A6A37742FC4EB6C82FD4EAC ] C:\Program Files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe
22:54:03.0694 3480  C:\Program Files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe - ok
22:54:03.0694 3480  [ 649760A96BF5F9869F3040673900334F ] C:\Program Files\Microsoft Security Client\msseces.exe
22:54:03.0694 3480  C:\Program Files\Microsoft Security Client\msseces.exe - ok
22:54:03.0710 3480  [ 173D93AB55B6602C115E1E0BCDA3BDBC ] C:\Windows\Speech\Common\sapisvr.exe
22:54:03.0710 3480  C:\Windows\Speech\Common\sapisvr.exe - ok
22:54:03.0710 3480  [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
22:54:03.0710 3480  C:\Windows\System32\networkexplorer.dll - ok
22:54:03.0710 3480  [ 02CD5B2C3B017122CAC00BDB520CD7AC ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
22:54:03.0710 3480  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll - ok
22:54:03.0725 3480  [ 33A1D53AFEC8043622CF93A65104D4B5 ] C:\Program Files\Autodesk\Autodesk Sync\Interfaces.dll
22:54:03.0725 3480  C:\Program Files\Autodesk\Autodesk Sync\Interfaces.dll - ok
22:54:03.0725 3480  [ 069AAA52661E943C6B68AC81278E49B5 ] C:\Program Files\Autodesk\Autodesk Sync\QtCore_Ad_4.dll
22:54:03.0725 3480  C:\Program Files\Autodesk\Autodesk Sync\QtCore_Ad_4.dll - ok
22:54:03.0725 3480  [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Microsoft Security Client\sqmapi.dll
22:54:03.0725 3480  C:\Program Files\Microsoft Security Client\sqmapi.dll - ok
22:54:03.0741 3480  [ 2124F64AC15BF1FC1FE117F942ED8EC0 ] C:\Program Files\Common Files\Autodesk Shared\DirectConnect2013 (64-bit)\bin\Aruba\AcSignCore16.dll
22:54:03.0741 3480  C:\Program Files\Common Files\Autodesk Shared\DirectConnect2013 (64-bit)\bin\Aruba\AcSignCore16.dll - ok
22:54:03.0741 3480  [ 4F096D96285E06CD51AEF7D2D3DE04DA ] C:\Windows\System32\msvcp100.dll
22:54:03.0741 3480  C:\Windows\System32\msvcp100.dll - ok
22:54:03.0757 3480  [ BC8BEA88A6FB74C7D2E2FD101F83088E ] C:\Program Files\Microsoft Security Client\Antimalware\MpClient.dll
22:54:03.0757 3480  C:\Program Files\Microsoft Security Client\Antimalware\MpClient.dll - ok
22:54:03.0757 3480  [ 5ED332254E4F252636EC067CD41300F6 ] C:\Program Files\Autodesk\Autodesk Sync\QtNetwork_Ad_4.dll
22:54:03.0757 3480  C:\Program Files\Autodesk\Autodesk Sync\QtNetwork_Ad_4.dll - ok
22:54:03.0757 3480  [ D2C8B2543B8C319D64D220D082657ADC ] C:\Program Files\Microsoft Security Client\MsMpRes.dll
22:54:03.0757 3480  C:\Program Files\Microsoft Security Client\MsMpRes.dll - ok
22:54:03.0772 3480  [ 5A5339F66E695E6F0A713336EA999A13 ] C:\Program Files\Microsoft Security Client\eppmanifest.dll
22:54:03.0772 3480  C:\Program Files\Microsoft Security Client\eppmanifest.dll - ok
22:54:03.0772 3480  [ 371948BC5911ABA06168FAC91ED25F06 ] C:\Windows\System32\msxml3.dll
22:54:03.0772 3480  C:\Windows\System32\msxml3.dll - ok
22:54:03.0772 3480  [ 48C47A7423AEC014FA9B3FDA274F336D ] C:\Program Files\Autodesk\Autodesk Sync\SyncCore.dll
22:54:03.0772 3480  C:\Program Files\Autodesk\Autodesk Sync\SyncCore.dll - ok
22:54:03.0788 3480  [ 2C1BB3AD51826AA96C9802CBC123814F ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\51a23687fdafc32b697f5a719e364651\mscorlib.ni.dll
22:54:03.0788 3480  C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\51a23687fdafc32b697f5a719e364651\mscorlib.ni.dll - ok
22:54:03.0788 3480  [ 0B5511674394666E9D221F8681B2C2E6 ] C:\Windows\System32\consent.exe
22:54:03.0788 3480  C:\Windows\System32\consent.exe - ok
22:54:03.0788 3480  [ 455A6F9F827FF70914412B7C003F3856 ] C:\Program Files\Autodesk\Autodesk Sync\QtGui_Ad_4.dll
22:54:03.0788 3480  C:\Program Files\Autodesk\Autodesk Sync\QtGui_Ad_4.dll - ok
22:54:03.0803 3480  [ 0A94DE4AA9864D312E60D747FD249ABE ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll
22:54:03.0803 3480  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll - ok
22:54:03.0803 3480  [ 850BD2D2D9CB5894935C3B6333CAD6FD ] C:\Windows\System32\riched20.dll
22:54:03.0803 3480  C:\Windows\System32\riched20.dll - ok
22:54:03.0803 3480  [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\96259211.sys
22:54:03.0803 3480  C:\Windows\System32\drivers\96259211.sys - ok
22:54:03.0819 3480  [ E791C167B7AFEC5BA6C55E9CF8872151 ] C:\Program Files\Autodesk\Autodesk Sync\QtXml_Ad_4.dll
22:54:03.0819 3480  C:\Program Files\Autodesk\Autodesk Sync\QtXml_Ad_4.dll - ok
22:54:03.0819 3480  [ F103B99F8C637322A3624767EC23C378 ] C:\Program Files\Autodesk\Autodesk Sync\log4cplusU.dll
22:54:03.0819 3480  C:\Program Files\Autodesk\Autodesk Sync\log4cplusU.dll - ok
22:54:03.0819 3480  [ 0720BD8941909CBB6FE7E22E02E51743 ] C:\Program Files\Autodesk\Autodesk Sync\Configuration.dll
22:54:03.0819 3480  C:\Program Files\Autodesk\Autodesk Sync\Configuration.dll - ok
22:54:03.0835 3480  [ 6753D73A6BCC8E0A058BB2773416CA88 ] C:\Windows\System32\Speech\Common\sapi.dll
22:54:03.0835 3480  C:\Windows\System32\Speech\Common\sapi.dll - ok
22:54:03.0835 3480  [ 1B1431D9520C7578AD5633ED2A70625F ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
22:54:03.0835 3480  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll - ok
22:54:03.0835 3480  [ 949563C60DA47163B86891197FB0C4EA ] C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
22:54:03.0835 3480  C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe - ok
22:54:03.0850 3480  [ 84A67EA87F3012B12E1C4048460BFA29 ] C:\Program Files\Autodesk\Autodesk Sync\Database.dll
22:54:03.0850 3480  C:\Program Files\Autodesk\Autodesk Sync\Database.dll - ok
22:54:03.0850 3480  [ 3C6FA2F4D58611579B21798E0568F548 ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
22:54:03.0850 3480  C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe - ok
22:54:03.0850 3480  [ 558C42D165DB5799B4072DC0A9C27C0B ] C:\Windows\System32\msdmo.dll
22:54:03.0850 3480  C:\Windows\System32\msdmo.dll - ok
22:54:03.0866 3480  [ BD2F7D1BA034038815577B2627A75AF2 ] C:\Windows\System32\Speech\SpeechUX\SpeechUX.dll
22:54:03.0866 3480  C:\Windows\System32\Speech\SpeechUX\SpeechUX.dll - ok
22:54:03.0866 3480  [ D544030DAE030F6B0D1DA332C8171FA8 ] C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
22:54:03.0866 3480  C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe - ok
22:54:03.0881 3480  [ 9682D5B9D9309377C1A7E08C3E6B7B3D ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System\6be6efa1e2ffc9d46e99839edac5c5a8\System.ni.dll
22:54:03.0881 3480  C:\Windows\assembly\NativeImages_v2.0.50727_64\System\6be6efa1e2ffc9d46e99839edac5c5a8\System.ni.dll - ok
22:54:03.0881 3480  [ 0C000A8C64B2165C52268073E7FEC879 ] C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
22:54:03.0881 3480  C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe - ok
22:54:03.0881 3480  [ B63E5C7807334A3A8F731062F15462CC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
22:54:03.0881 3480  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
22:54:03.0897 3480  [ E097467E1B9F966C7ED5DE20321F021F ] C:\Program Files\Autodesk\Autodesk Sync\QtSql_Ad_4.dll
22:54:03.0897 3480  C:\Program Files\Autodesk\Autodesk Sync\QtSql_Ad_4.dll - ok
22:54:03.0897 3480  [ C51B3679DB08D11F49367D3A7CCA9E3C ] C:\Program Files (x86)\Microsoft Lync\communicator.exe
22:54:03.0897 3480  C:\Program Files (x86)\Microsoft Lync\communicator.exe - ok
22:54:03.0897 3480  [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
22:54:03.0897 3480  C:\Windows\System32\stobject.dll - ok
22:54:03.0913 3480  [ 39B1C217AC8697E118293DE4AE3F7AA5 ] C:\Program Files\Autodesk\Autodesk Sync\UI.dll
22:54:03.0913 3480  C:\Program Files\Autodesk\Autodesk Sync\UI.dll - ok
22:54:03.0913 3480  [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
22:54:03.0913 3480  C:\Windows\System32\batmeter.dll - ok
22:54:03.0913 3480  [ 9BE41DB728260D8F9D2AF11E99EFB648 ] C:\Program Files\Zoner\Photo Studio 15\Program32\Zxl.dll
22:54:03.0913 3480  C:\Program Files\Zoner\Photo Studio 15\Program32\Zxl.dll - ok
22:54:03.0928 3480  [ A2EE1F52E5FCEA6F81237E4399550F1E ] C:\Program Files\Autodesk\Autodesk Sync\ConfigurationFactory.dll
22:54:03.0928 3480  C:\Program Files\Autodesk\Autodesk Sync\ConfigurationFactory.dll - ok
22:54:03.0928 3480  [ 6BB8915399855C462494F373E264FCA2 ] C:\Program Files\Autodesk\Autodesk Sync\CoreFactory.dll
22:54:03.0928 3480  C:\Program Files\Autodesk\Autodesk Sync\CoreFactory.dll - ok
22:54:03.0928 3480  [ E9017D8024BD96E95791DB3957C4230A ] C:\Windows\winsxs\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_04480933ab2137b1\mfc90u.dll
22:54:03.0928 3480  C:\Windows\winsxs\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_04480933ab2137b1\mfc90u.dll - ok
22:54:03.0944 3480  [ A16182095951FFD29D358DF2B27A69F2 ] C:\Windows\System32\Speech\SpeechUX\en-gb\SpeechUXRes.dll
22:54:03.0944 3480  C:\Windows\System32\Speech\SpeechUX\en-gb\SpeechUXRes.dll - ok
22:54:03.0944 3480  [ 8C5BE3C93617B06C3A34651917ADDA66 ] C:\Program Files\Autodesk\Autodesk Sync\BuzzsawSyncSupport.dll
22:54:03.0944 3480  C:\Program Files\Autodesk\Autodesk Sync\BuzzsawSyncSupport.dll - ok
22:54:03.0959 3480  [ 583952045EBC0CDC13BA947B512655D0 ] C:\Program Files\Autodesk\Autodesk Sync\DatabaseFactory.dll
22:54:03.0959 3480  C:\Program Files\Autodesk\Autodesk Sync\DatabaseFactory.dll - ok
22:54:03.0959 3480  [ F4CF638191A0A483F77BB0F0BB524377 ] C:\Program Files\Autodesk\Autodesk Sync\Http.dll
22:54:03.0959 3480  C:\Program Files\Autodesk\Autodesk Sync\Http.dll - ok
22:54:03.0959 3480  [ 70A03CC595C92667FD35834164CE9CC9 ] C:\Program Files\Autodesk\Autodesk Sync\QtXmlPatterns_Ad_4.dll
22:54:03.0959 3480  C:\Program Files\Autodesk\Autodesk Sync\QtXmlPatterns_Ad_4.dll - ok
22:54:03.0975 3480  [ 5D2004EA97C19B90D087C435A7849250 ] C:\Program Files\Autodesk\Autodesk Sync\Threading.dll
22:54:03.0975 3480  C:\Program Files\Autodesk\Autodesk Sync\Threading.dll - ok
22:54:03.0975 3480  [ C1648084C395152FBFA1B333D92056BC ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
22:54:03.0975 3480  C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe - ok
22:54:03.0975 3480  [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
22:54:03.0975 3480  C:\Windows\System32\prnfldr.dll - ok
22:54:03.0991 3480  [ 2F83B19EAC2C12D61DCA4D7193E9B508 ] C:\Program Files\Autodesk\Autodesk Sync\HttpFactory.dll
22:54:03.0991 3480  C:\Program Files\Autodesk\Autodesk Sync\HttpFactory.dll - ok
22:54:03.0991 3480  [ 54BB6EB6B7088A27454600C77A3910BA ] C:\Program Files\Autodesk\Autodesk Sync\AdSyncServices.dll
22:54:03.0991 3480  C:\Program Files\Autodesk\Autodesk Sync\AdSyncServices.dll - ok
22:54:03.0991 3480  [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
22:54:03.0991 3480  C:\Windows\System32\DXP.dll - ok
22:54:04.0006 3480  [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
22:54:04.0006 3480  C:\Windows\System32\Syncreg.dll - ok
22:54:04.0006 3480  [ FC70F49F1B15802F5AE7F818AE3ECBC8 ] C:\Windows\winsxs\amd64_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_01c6b44660ce74c3\MFC90ENU.DLL
22:54:04.0006 3480  C:\Windows\winsxs\amd64_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_01c6b44660ce74c3\MFC90ENU.DLL - ok
22:54:04.0006 3480  [ 7F8678C59F188528D60104E697C2361E ] C:\Windows\SysWOW64\mscms.dll
22:54:04.0006 3480  C:\Windows\SysWOW64\mscms.dll - ok
22:54:04.0022 3480  [ 70E69E6215A1ED2569CFEA40C8764B31 ] C:\Program Files\Autodesk\Autodesk Sync\AdWebServices.dll
22:54:04.0022 3480  C:\Program Files\Autodesk\Autodesk Sync\AdWebServices.dll - ok
22:54:04.0022 3480  [ B24785D48B5B07B355BC925A0B357EF8 ] C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
22:54:04.0022 3480  C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll - ok
22:54:04.0022 3480  [ 81C57089F59D4F0519CFCA0448256550 ] C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
22:54:04.0022 3480  C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll - ok
22:54:04.0037 3480  [ 8CEAE965FF8BE099536B3064E0565663 ] C:\Program Files\Zoner\Photo Studio 15\Program32\zcl.dll
22:54:04.0037 3480  C:\Program Files\Zoner\Photo Studio 15\Program32\zcl.dll - ok
22:54:04.0037 3480  [ 901AA7A38CE13F14B6BBEC38C0595698 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
22:54:04.0037 3480  C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe - ok
22:54:04.0053 3480  [ C0BDAD8955B48946516C57D775E97210 ] C:\Program Files (x86)\Buro Happold\ITGadget\ITGadget.exe
22:54:04.0053 3480  C:\Program Files (x86)\Buro Happold\ITGadget\ITGadget.exe - ok
22:54:04.0053 3480  [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
22:54:04.0053 3480  C:\Windows\ehome\ehSSO.dll - ok
22:54:04.0053 3480  [ 46DA8E7484AC7A52CE1D6E428398724B ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
22:54:04.0053 3480  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
22:54:04.0069 3480  [ 8DDA2B606279753601F9415DA503CA63 ] C:\Program Files (x86)\QuickTime\QTTask.exe
22:54:04.0069 3480  C:\Program Files (x86)\QuickTime\QTTask.exe - ok
22:54:04.0069 3480  [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
22:54:04.0069 3480  C:\Windows\SysWOW64\ExplorerFrame.dll - ok
22:54:04.0069 3480  [ BF38660A9125935658CFA3E53FDC7D65 ] C:\Program Files\Zoner\Photo Studio 15\Program32\msvcr100.dll
22:54:04.0069 3480  C:\Program Files\Zoner\Photo Studio 15\Program32\msvcr100.dll - ok
22:54:04.0084 3480  [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
22:54:04.0084 3480  C:\Windows\System32\AltTab.dll - ok
22:54:04.0084 3480  [ 47763189BA66DB5ED078514638F8FE84 ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDS.exe
22:54:04.0084 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDS.exe - ok
22:54:04.0084 3480  [ E3C817F7FE44CC870ECDBCBC3EA36132 ] C:\Program Files\Zoner\Photo Studio 15\Program32\msvcp100.dll
22:54:04.0084 3480  C:\Program Files\Zoner\Photo Studio 15\Program32\msvcp100.dll - ok
22:54:04.0100 3480  [ C82229C61BCA902124B236D5F7527FCE ] C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\HPPU.exe
22:54:04.0100 3480  C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\HPPU.exe - ok
22:54:04.0100 3480  [ 20649269325F1D29D9FFEB5704059B50 ] C:\Program Files\Autodesk\Autodesk Sync\libeay32.dll
22:54:04.0100 3480  C:\Program Files\Autodesk\Autodesk Sync\libeay32.dll - ok
22:54:04.0100 3480  [ 0ECCB325392B31A5F8F43E6954FEEB50 ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDH.exe
22:54:04.0100 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDH.exe - ok
22:54:04.0115 3480  [ 8E2A7F1F62467A7DCB8AB2C0642F47CA ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
22:54:04.0115 3480  C:\Program Files (x86)\iTunes\iTunesHelper.exe - ok
22:54:04.0115 3480  [ A7E63D69F1D55A3662907ECD48B345CA ] C:\Program Files\Zoner\Photo Studio 15\Program32\vcomp100.dll
22:54:04.0115 3480  C:\Program Files\Zoner\Photo Studio 15\Program32\vcomp100.dll - ok
22:54:04.0131 3480  [ D1BBE227367ED791D5FCF08E132D2956 ] C:\Windows\SysWOW64\opengl32.dll
22:54:04.0131 3480  C:\Windows\SysWOW64\opengl32.dll - ok
22:54:04.0131 3480  [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
22:54:04.0131 3480  C:\Windows\System32\WPDShServiceObj.dll - ok
22:54:04.0131 3480  [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
22:54:04.0131 3480  C:\Windows\System32\QUTIL.DLL - ok
22:54:04.0147 3480  [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
22:54:04.0147 3480  C:\Windows\SysWOW64\duser.dll - ok
22:54:04.0147 3480  [ BB41AF71796E51B7891877C3BA6DEE8C ] C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluTTM.dll
22:54:04.0147 3480  C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluTTM.dll - ok
22:54:04.0147 3480  [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Windows\SysWOW64\msvcp71.dll
22:54:04.0147 3480  C:\Windows\SysWOW64\msvcp71.dll - ok
22:54:04.0162 3480  [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
22:54:04.0162 3480  C:\Windows\SysWOW64\dui70.dll - ok
22:54:04.0162 3480  [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
22:54:04.0162 3480  C:\Windows\System32\PortableDeviceTypes.dll - ok
22:54:04.0162 3480  [ DE3897365B04C4DA1CF8FF725577C082 ] C:\Windows\SysWOW64\glu32.dll
22:54:04.0162 3480  C:\Windows\SysWOW64\glu32.dll - ok
22:54:04.0178 3480  [ 198552AEFECA69D646867EC8D792DE95 ] C:\Windows\SysWOW64\ddraw.dll
22:54:04.0178 3480  C:\Windows\SysWOW64\ddraw.dll - ok
22:54:04.0178 3480  [ 234AFA322624B3203A2E720F08292B03 ] C:\Windows\System32\cscobj.dll
22:54:04.0178 3480  C:\Windows\System32\cscobj.dll - ok
22:54:04.0178 3480  [ 55E5B32AE8D1F51A63C82919656FD275 ] C:\Windows\SysWOW64\dciman32.dll
22:54:04.0178 3480  C:\Windows\SysWOW64\dciman32.dll - ok
22:54:04.0193 3480  [ 8AD57C6C39E690896898D78EA6FD1A91 ] C:\Program Files\Zoner\Photo Studio 15\Program32\ippcore-7.0.dll
22:54:04.0193 3480  C:\Program Files\Zoner\Photo Studio 15\Program32\ippcore-7.0.dll - ok
22:54:04.0193 3480  [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Windows\SysWOW64\msvcr71.dll
22:54:04.0193 3480  C:\Windows\SysWOW64\msvcr71.dll - ok
22:54:04.0193 3480  [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl
22:54:04.0193 3480  C:\Windows\System32\bthprops.cpl - ok
22:54:04.0209 3480  [ B89811EE66B620247C2BAB874C22FE87 ] C:\Program Files\Zoner\Photo Studio 15\Program32\libiomp5md.dll
22:54:04.0209 3480  C:\Program Files\Zoner\Photo Studio 15\Program32\libiomp5md.dll - ok
22:54:04.0209 3480  [ 68816AF50C03D77FC1A1C84CC1CAEFD2 ] C:\Program Files\Autodesk\Autodesk Sync\AdWebServicesUI.dll
22:54:04.0209 3480  C:\Program Files\Autodesk\Autodesk Sync\AdWebServicesUI.dll - ok
22:54:04.0225 3480  [ FFB1D7A06F89763FD0C11411A8CC5153 ] C:\Program Files\Autodesk\Autodesk Sync\QtWebKit_Ad_4.dll
22:54:04.0225 3480  C:\Program Files\Autodesk\Autodesk Sync\QtWebKit_Ad_4.dll - ok
22:54:04.0225 3480  [ D43DEB5B27D108D6D6ECBF6C6F739630 ] C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluDOMFX.dll
22:54:04.0225 3480  C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluDOMFX.dll - ok
22:54:04.0225 3480  [ B0114D25BDE2B187335B688E2E7A4DA7 ] C:\Program Files\Zoner\Photo Studio 15\Program32\ippi-7.0.dll
22:54:04.0225 3480  C:\Program Files\Zoner\Photo Studio 15\Program32\ippi-7.0.dll - ok
22:54:04.0240 3480  [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
22:54:04.0240 3480  C:\Windows\System32\srchadmin.dll - ok
22:54:04.0240 3480  [ 45331ECAFE0A12B168FE3EA64A128881 ] C:\Program Files\Zoner\Photo Studio 15\Program32\ippcc-7.0.dll
22:54:04.0240 3480  C:\Program Files\Zoner\Photo Studio 15\Program32\ippcc-7.0.dll - ok
22:54:04.0240 3480  [ 09DEF3ABB6A196749299359AC5578DD8 ] C:\Windows\SysWOW64\msxml4.dll
22:54:04.0240 3480  C:\Windows\SysWOW64\msxml4.dll - ok
22:54:04.0256 3480  [ F32077DF74EFD435A1DCDF415E189DF1 ] C:\Program Files\Zoner\Photo Studio 15\Program32\mfc100u.dll
22:54:04.0256 3480  C:\Program Files\Zoner\Photo Studio 15\Program32\mfc100u.dll - ok
22:54:04.0256 3480  [ 47B8DEBEC68FACCD026F99CAE8698C93 ] C:\Windows\System32\webcheck.dll
22:54:04.0256 3480  C:\Windows\System32\webcheck.dll - ok
22:54:04.0256 3480  [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2 ] C:\Windows\System32\dot3api.dll
22:54:04.0256 3480  C:\Windows\System32\dot3api.dll - ok
22:54:04.0271 3480  [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
22:54:04.0271 3480  C:\Windows\System32\wlanhlp.dll - ok
22:54:04.0271 3480  [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
22:54:04.0271 3480  C:\Windows\System32\mlang.dll - ok
22:54:04.0271 3480  [ 101797BA603D227946B4B5109867EB19 ] C:\Windows\System32\SyncCenter.dll
22:54:04.0271 3480  C:\Windows\System32\SyncCenter.dll - ok
22:54:04.0287 3480  [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
22:54:04.0287 3480  C:\Windows\System32\wlanapi.dll - ok
22:54:04.0287 3480  [ 5082BC510FAD849630D09DA626BB7CDA ] C:\Program Files (x86)\iTunes\iTunesHelper.dll
22:54:04.0287 3480  C:\Program Files (x86)\iTunes\iTunesHelper.dll - ok
22:54:04.0287 3480  [ E9AEF0B99D287EFE3E8E445927ECEC5B ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\ASI\hpliASIArchiveManager.dll
22:54:04.0287 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\ASI\hpliASIArchiveManager.dll - ok
22:54:04.0303 3480  [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
22:54:04.0303 3480  C:\Windows\SysWOW64\msimg32.dll - ok
22:54:04.0303 3480  [ 0EF84F10C403BE55DB972677355D223F ] C:\Program Files (x86)\Microsoft Lync\Uc.dll
22:54:04.0303 3480  C:\Program Files (x86)\Microsoft Lync\Uc.dll - ok
22:54:04.0318 3480  [ AFEEAFD7CF8ED6958A81ACC304C17B7D ] C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.dll
22:54:04.0318 3480  C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok
22:54:04.0318 3480  [ FA9C8BA74882B41CA77BA56490FD6983 ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\ArchiveMgr\hpliArchiveManager.dll
22:54:04.0318 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\ArchiveMgr\hpliArchiveManager.dll - ok
22:54:04.0318 3480  [ BE643CD44DD06DA283634A3E51DC22BC ] C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
22:54:04.0318 3480  C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok
22:54:04.0334 3480  [ 1D431ABFA2BD5A63686CD1ED76B64A7E ] C:\Program Files\Zoner\Photo Studio 15\Program32\ippip8-7.0.dll
22:54:04.0334 3480  C:\Program Files\Zoner\Photo Studio 15\Program32\ippip8-7.0.dll - ok
22:54:04.0334 3480  [ 2858A3B79187DDA2AD8CFF2871F127BE ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\TicketServices\hpliTicketMgr.dll
22:54:04.0334 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\TicketServices\hpliTicketMgr.dll - ok
22:54:04.0334 3480  [ 28638660E651578C354BF43CD646EF6D ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\672fc9526d8954656bcb46e42082e09c\System.Drawing.ni.dll
22:54:04.0334 3480  C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\672fc9526d8954656bcb46e42082e09c\System.Drawing.ni.dll - ok
22:54:04.0349 3480  [ AD22BBD9D24A5FC6F2A595A928788D24 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b83993cc955262507c8ead67567c8060\System.Drawing.ni.dll
22:54:04.0349 3480  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b83993cc955262507c8ead67567c8060\System.Drawing.ni.dll - ok
22:54:04.0349 3480  [ 15C79FF4E5BE68F8535ED134897EA9C0 ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\hpliEmptyObject.dll
22:54:04.0349 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\hpliEmptyObject.dll - ok
22:54:04.0349 3480  [ 26C2C5F3F8FEB737AF2B83A354D9B79F ] C:\Windows\System32\Speech\Engines\SR\spsreng.dll
22:54:04.0349 3480  C:\Windows\System32\Speech\Engines\SR\spsreng.dll - ok
22:54:04.0365 3480  [ 97CF291153BD9DEB5C7191FCB76B3D9D ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\EventMgr\hpliEvMgr.dll
22:54:04.0365 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\EventMgr\hpliEvMgr.dll - ok
22:54:04.0365 3480  [ 1EE4939D7EB945E658E5EACFBB3A2C0F ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\WSS\hpliWFSynthesizer.dll
22:54:04.0365 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\WSS\hpliWFSynthesizer.dll - ok
22:54:04.0381 3480  [ 6357E2B68753A1F5CF4A68A25C4FD14A ] C:\Windows\SysWOW64\wsnmp32.dll
22:54:04.0381 3480  C:\Windows\SysWOW64\wsnmp32.dll - ok
22:54:04.0381 3480  [ 1088F244A3EFBA0104795717E9BBD941 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\806c4ba7d696ab586ffd774a31f1a66b\System.Windows.Forms.ni.dll
22:54:04.0381 3480  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\806c4ba7d696ab586ffd774a31f1a66b\System.Windows.Forms.ni.dll - ok
22:54:04.0381 3480  [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
22:54:04.0381 3480  C:\Windows\System32\FXSST.dll - ok
22:54:04.0396 3480  [ CDAD3376DFF3D9AC7FDCBE2B94B0D3C8 ] C:\Windows\System32\shfolder.dll
22:54:04.0396 3480  C:\Windows\System32\shfolder.dll - ok
22:54:04.0396 3480  [ 72121BE9B2C38446754F36ACBB883830 ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\EventMgr\hpliEvLsn.dll
22:54:04.0396 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\EventMgr\hpliEvLsn.dll - ok
22:54:04.0412 3480  [ 571A2B39E39A867B548D8D9EC6FCFCB5 ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\hpliCHC.dll
22:54:04.0412 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\hpliCHC.dll - ok
22:54:04.0412 3480  [ F1278B3514EA6FA9BC39B20D26139AAC ] C:\Windows\SysWOW64\msiltcfg.dll
22:54:04.0412 3480  C:\Windows\SysWOW64\msiltcfg.dll - ok
22:54:04.0412 3480  [ B78E390C802B8F0D2BAF4F8B181318A0 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\e644aa1f8f3898d38876168757db0d9b\System.Windows.Forms.ni.dll
22:54:04.0412 3480  C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\e644aa1f8f3898d38876168757db0d9b\System.Windows.Forms.ni.dll - ok
22:54:04.0427 3480  [ 30E88ECA3D5D0B75E954E18181B9E6E5 ] C:\Windows\SysWOW64\capicom.dll
22:54:04.0427 3480  C:\Windows\SysWOW64\capicom.dll - ok
22:54:04.0427 3480  [ FA579B5272957DAF6CFD0E10EEFBF5AC ] C:\Windows\SysWOW64\mssign32.dll
22:54:04.0427 3480  C:\Windows\SysWOW64\mssign32.dll - ok
22:54:04.0427 3480  [ DE1470C9F17A2897F6ABFB9F48DF5714 ] C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll
22:54:04.0427 3480  C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll - ok
22:54:04.0443 3480  [ EAADD6E47ED2A7003ACE1793B98CF63F ] C:\Windows\SysWOW64\msxml6.dll
22:54:04.0443 3480  C:\Windows\SysWOW64\msxml6.dll - ok
22:54:04.0443 3480  [ F32D7DA6ED69567B7592910B28A7471C ] C:\Windows\System32\Speech\Engines\SR\srloc.dll
22:54:04.0443 3480  C:\Windows\System32\Speech\Engines\SR\srloc.dll - ok
22:54:04.0443 3480  [ C5413BC4F10CEB4C3070BBF04D324117 ] C:\Windows\SysWOW64\msisip.dll
22:54:04.0443 3480  C:\Windows\SysWOW64\msisip.dll - ok
22:54:04.0459 3480  [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
22:54:04.0459 3480  C:\Windows\System32\FXSAPI.dll - ok
22:54:04.0459 3480  [ E8F6851E4600CD3674422487EE240941 ] C:\Windows\SysWOW64\wshext.dll
22:54:04.0459 3480  C:\Windows\SysWOW64\wshext.dll - ok
22:54:04.0459 3480  [ 2875B386B45B8A77E2343C5E129AE50C ] C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pwrshsip.dll
22:54:04.0459 3480  C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pwrshsip.dll - ok
22:54:04.0474 3480  [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
22:54:04.0474 3480  C:\Windows\System32\FXSRESM.dll - ok
22:54:04.0474 3480  [ B20AE6BF86871EDAD0AB2342E0C98F11 ] C:\Program Files (x86)\Microsoft Lync\psom.dll
22:54:04.0474 3480  C:\Program Files (x86)\Microsoft Lync\psom.dll - ok
22:54:04.0490 3480  [ 10682E2F72DA457E0DE5285906B635A2 ] C:\Windows\System32\MFWMAAEC.DLL
22:54:04.0490 3480  C:\Windows\System32\MFWMAAEC.DLL - ok
22:54:04.0490 3480  [ EDB4108F065852E2A5F35C388C59112E ] C:\Program Files\Autodesk\Autodesk Sync\phonon_Ad_4.dll
22:54:04.0490 3480  C:\Program Files\Autodesk\Autodesk Sync\phonon_Ad_4.dll - ok
22:54:04.0490 3480  [ 555F56ABA8D4A40B0268FD9C00B7EEEF ] C:\Program Files\Zoner\Photo Studio 15\Program32\ippccp8-7.0.dll
22:54:04.0490 3480  C:\Program Files\Zoner\Photo Studio 15\Program32\ippccp8-7.0.dll - ok
22:54:04.0505 3480  [ DD9C45E8EF02EBEA0DA78792534DA11E ] C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
22:54:04.0505 3480  C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll - ok
22:54:04.0505 3480  [ 1B101D654996935AE4F89AA270261903 ] C:\Program Files\Autodesk\Autodesk Sync\AdUICore.dll
22:54:04.0505 3480  C:\Program Files\Autodesk\Autodesk Sync\AdUICore.dll - ok
22:54:04.0505 3480  [ 8130391F82D52D36C0441F714136957F ] C:\Windows\System32\imapi2.dll
22:54:04.0505 3480  C:\Windows\System32\imapi2.dll - ok
22:54:04.0521 3480  [ 4C17E41BF444F453CC5FB553A85EC930 ] C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
22:54:04.0521 3480  C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - ok
22:54:04.0521 3480  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
22:54:04.0521 3480  C:\Windows\System32\FXSSVC.exe - ok
22:54:04.0521 3480  [ B93E25062CDE07461883776FC7BCE224 ] C:\Program Files\Autodesk\Autodesk Sync\AdCoreUnits-3_0.dll
22:54:04.0521 3480  C:\Program Files\Autodesk\Autodesk Sync\AdCoreUnits-3_0.dll - ok
22:54:04.0537 3480  [ 7EF0136848615777207C29B65DEF37D2 ] C:\Program Files\Autodesk\Autodesk Sync\AdCoreUnitsUI-3_0.dll
22:54:04.0537 3480  C:\Program Files\Autodesk\Autodesk Sync\AdCoreUnitsUI-3_0.dll - ok
22:54:04.0537 3480  [ 50B695EAB6D83DAAF66950785331CCCE ] C:\Program Files\Autodesk\Autodesk Sync\BuzzsawFactories.dll
22:54:04.0537 3480  C:\Program Files\Autodesk\Autodesk Sync\BuzzsawFactories.dll - ok
22:54:04.0537 3480  [ 6B70D623A9E834DCFC350AF3615B1310 ] C:\Program Files\Autodesk\Autodesk Sync\ThreadingFactory.dll
22:54:04.0537 3480  C:\Program Files\Autodesk\Autodesk Sync\ThreadingFactory.dll - ok
22:54:04.0552 3480  [ B1DB079AD48896C9AEFD0A9670E9B03B ] C:\Program Files\Autodesk\Autodesk Sync\SynchronizationService.dll
22:54:04.0552 3480  C:\Program Files\Autodesk\Autodesk Sync\SynchronizationService.dll - ok
22:54:04.0552 3480  [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
22:54:04.0552 3480  C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok
22:54:04.0568 3480  [ F908FE45F8FE9E0D4CBE65F9FF5DF6DA ] C:\Program Files\Zoner\Photo Studio 15\Program32\mfc100enu.dll
22:54:04.0568 3480  C:\Program Files\Zoner\Photo Studio 15\Program32\mfc100enu.dll - ok
22:54:04.0568 3480  [ FA13EC5B2A49132C509EB50F06393C37 ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\WSS\hpliWFDescriptionFactory.dll
22:54:04.0568 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\WSS\hpliWFDescriptionFactory.dll - ok
22:54:04.0568 3480  [ 37CF3324F46CEB3A4F2686C617CBB35C ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
22:54:04.0568 3480  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok
22:54:04.0583 3480  [ 77B6874C9F1B74EC6D81B666C9987A12 ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\WSS\Accessors\hpliAlertMap.dll
22:54:04.0583 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\WSS\Accessors\hpliAlertMap.dll - ok
22:54:04.0583 3480  [ F36BC7FB3A87DE9138AAECC40F7BC116 ] C:\Program Files (x86)\Microsoft Silverlight\xapauthenticodesip.dll
22:54:04.0583 3480  C:\Program Files (x86)\Microsoft Silverlight\xapauthenticodesip.dll - ok
22:54:04.0583 3480  [ 6A5C1A8AC0B572679361026D0E900420 ] C:\Windows\System32\hgcpl.dll
22:54:04.0583 3480  C:\Windows\System32\hgcpl.dll - ok
22:54:04.0599 3480  [ 85218271191D2B11D3E6B40C8D9257B3 ] C:\Program Files (x86)\Microsoft Lync\ocimport.dll
22:54:04.0599 3480  C:\Program Files (x86)\Microsoft Lync\ocimport.dll - ok
22:54:04.0599 3480  [ 1451FCD663CC250D922779CA610D0738 ] C:\Program Files\Zoner\Photo Studio 15\Program32\zpsres.US.dll
22:54:04.0599 3480  C:\Program Files\Zoner\Photo Studio 15\Program32\zpsres.US.dll - ok
22:54:04.0599 3480  [ 3F533D75631178A880AEFFDF117213BE ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
22:54:04.0599 3480  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
22:54:04.0615 3480  [ 63DF770DF74ACB370EF5A16727069AAF ] C:\Windows\SysWOW64\hid.dll
22:54:04.0615 3480  C:\Windows\SysWOW64\hid.dll - ok
22:54:04.0615 3480  [ 9E1F8293CA144F55B21406CA77BDBCE1 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\32072ac29ee7bc9e2ccab4fb8aa46d54\System.Runtime.Serialization.ni.dll
22:54:04.0615 3480  C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\32072ac29ee7bc9e2ccab4fb8aa46d54\System.Runtime.Serialization.ni.dll - ok
22:54:04.0630 3480  [ 28CA821606669BB9215CE010767720FA ] C:\Windows\SysWOW64\cryptui.dll
22:54:04.0630 3480  C:\Windows\SysWOW64\cryptui.dll - ok
22:54:04.0630 3480  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] C:\Program Files\iPod\bin\iPodService.exe
22:54:04.0630 3480  C:\Program Files\iPod\bin\iPodService.exe - ok
22:54:04.0630 3480  [ 20F9E6492D5B00250B4AC79BE0104E89 ] C:\Program Files\Zoner\Photo Studio 15\Program32\Iepack.dll
22:54:04.0630 3480  C:\Program Files\Zoner\Photo Studio 15\Program32\Iepack.dll - ok
22:54:04.0646 3480  [ 0E85C11F8850D524B02181C6E02BA9AE ] C:\Windows\SysWOW64\dsound.dll
22:54:04.0646 3480  C:\Windows\SysWOW64\dsound.dll - ok
22:54:04.0646 3480  [ 6276052DC14EA8AB040DA697556BACAA ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\ASI\hpliASIXMLServices.dll
22:54:04.0646 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\ASI\hpliASIXMLServices.dll - ok
22:54:04.0646 3480  [ B777C9CE5731407502B76AF1C0077233 ] C:\Program Files (x86)\Microsoft Lync\MUI\0409\LCLang.dll
22:54:04.0646 3480  C:\Program Files (x86)\Microsoft Lync\MUI\0409\LCLang.dll - ok
22:54:04.0661 3480  [ 8FA7B622B02BFCBD2EA21DB1C284696B ] C:\Program Files (x86)\Microsoft Lync\CURes.dll
22:54:04.0661 3480  C:\Program Files (x86)\Microsoft Lync\CURes.dll - ok
22:54:04.0661 3480  [ D64D99EC088B54FFE8EE67A480386C20 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
22:54:04.0661 3480  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll - ok
22:54:04.0661 3480  [ F4C84D9E5785922D07C1E2589A1465C5 ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\Discovery\hpliServiceDiscovery.dll
22:54:04.0661 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\Discovery\hpliServiceDiscovery.dll - ok
22:54:04.0677 3480  [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
22:54:04.0677 3480  C:\Windows\System32\WWanAPI.dll - ok
22:54:04.0677 3480  [ 497C6477A5F6F8AAFBAC5ECC5A53712D ] C:\Windows\SysWOW64\hpzjcd01.dll
22:54:04.0677 3480  C:\Windows\SysWOW64\hpzjcd01.dll - ok
22:54:04.0677 3480  [ 1105A14047A0D99C2770601EB61FBF5C ] C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll
22:54:04.0677 3480  C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll - ok
22:54:04.0693 3480  [ B4E69051E313551F894C74B12042485D ] C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll
22:54:04.0693 3480  C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll - ok
22:54:04.0693 3480  [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
22:54:04.0693 3480  C:\Windows\System32\wwapi.dll - ok
22:54:04.0708 3480  [ A9583F4CE7E6839E1532EED468A6776B ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\hpliPortInfo2.dll
22:54:04.0708 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\hpliPortInfo2.dll - ok
22:54:04.0708 3480  [ DE5CBFF96E4A9E49281A61B67C3A8D99 ] C:\Windows\SysWOW64\CCM\MtrMgr.dll
22:54:04.0708 3480  C:\Windows\SysWOW64\CCM\MtrMgr.dll - ok
22:54:04.0708 3480  [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL
22:54:04.0708 3480  C:\Windows\System32\QAGENT.DLL - ok
22:54:04.0724 3480  [ 1264F787E46DC572FA274CA09B446E01 ] C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
22:54:04.0724 3480  C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL - ok
22:54:04.0724 3480  [ 7C91A589EC32A0D183D9BDA19D45274F ] C:\Windows\System32\mshtml.dll
22:54:04.0724 3480  C:\Windows\System32\mshtml.dll - ok
22:54:04.0724 3480  [ C9B0BDA63B98E2193E6C4F04493ADEBE ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\WSS\hpliWFDMatch.dll
22:54:04.0724 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\WSS\hpliWFDMatch.dll - ok
22:54:04.0739 3480  [ 6DE3D9B61C5CB05C1B79E3C7DAA4D72D ] C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluxDH.dll
22:54:04.0739 3480  C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluxDH.dll - ok
22:54:04.0739 3480  [ 5CCD5B62076D4432D4728BB6CB3DEBFD ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\7a560781987776298120763de1df8f77\System.Xml.ni.dll
22:54:04.0739 3480  C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\7a560781987776298120763de1df8f77\System.Xml.ni.dll - ok
22:54:04.0739 3480  [ DE77619A32EB97C9ED6BE61A2AB18B07 ] C:\Windows\SysWOW64\jscript.dll
22:54:04.0739 3480  C:\Windows\SysWOW64\jscript.dll - ok
22:54:04.0755 3480  [ B9C10BD9B1F618539C89C0F714DC497D ] C:\Windows\SysWOW64\hplppres.dll
22:54:04.0755 3480  C:\Windows\SysWOW64\hplppres.dll - ok
22:54:04.0755 3480  [ 0445D87EC5C7F31D4ACAE09DD6A0EA92 ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\hpliPortResolver.dll
22:54:04.0755 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\hpliPortResolver.dll - ok
22:54:04.0755 3480  [ 759194CDE3BB7622FF2F80FC7FE11B5C ] C:\Program Files (x86)\Microsoft Lync\UccApi.dll
22:54:04.0755 3480  C:\Program Files (x86)\Microsoft Lync\UccApi.dll - ok
22:54:04.0771 3480  [ 9F72CC2D1751E5BC4B181050AA4A37B1 ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\WSS\WFDManager\hpliWFDescriptionManager.dll
22:54:04.0771 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\WSS\WFDManager\hpliWFDescriptionManager.dll - ok
22:54:04.0771 3480  [ BCFC068E53494BE16F8D8E22CCFB9CD8 ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\hpliDCSDevice.dll
22:54:04.0771 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\hpliDCSDevice.dll - ok
22:54:04.0786 3480  [ 9BFD3072D767FD27FFBA517ADC9F437E ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\hpliDCSServList.dll
22:54:04.0786 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\hpliDCSServList.dll - ok
22:54:04.0786 3480  [ C9B95D6067EE2B9BA649F86B1D07578C ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\hpliDCSService.dll
22:54:04.0786 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\hpliDCSService.dll - ok
22:54:04.0786 3480  [ 5541E00077D5AEB6F5F6ED4B6F24361D ] C:\Windows\System32\InstallPrinter6.dll
22:54:04.0786 3480  C:\Windows\System32\InstallPrinter6.dll - ok
22:54:04.0802 3480  [ B90116192908CEA3940217554579FDF3 ] C:\Program Files (x86)\Microsoft Lync\MUI\0409\OCAPIRES.dll
22:54:04.0802 3480  C:\Program Files (x86)\Microsoft Lync\MUI\0409\OCAPIRES.dll - ok
22:54:04.0802 3480  [ C05A85BD17A581236AAF0F53113E3977 ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\hpliDCSDevList.dll
22:54:04.0802 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\hpliDCSDevList.dll - ok
22:54:04.0802 3480  [ EC135FC63AC306A4FD8A8E3801C46D28 ] C:\Program Files (x86)\Microsoft Lync\ocrec.dll
22:54:04.0802 3480  C:\Program Files (x86)\Microsoft Lync\ocrec.dll - ok
22:54:04.0817 3480  [ 08004F5322ACD10BBF77A724BE575B52 ] C:\Windows\SysWOW64\CCM\Prep.dll
22:54:04.0817 3480  C:\Windows\SysWOW64\CCM\Prep.dll - ok
22:54:04.0817 3480  [ 3A603DD6466569970BD99DFB4C63BBC7 ] C:\Windows\SysWOW64\CCM\PrepDrv.sys
22:54:04.0817 3480  C:\Windows\SysWOW64\CCM\PrepDrv.sys - ok
22:54:04.0817 3480  [ 8EE6BDE1D572677AA35707C52C585F75 ] C:\Windows\SysWOW64\mlang.dll
22:54:04.0817 3480  C:\Windows\SysWOW64\mlang.dll - ok
22:54:04.0833 3480  [ 10E4A1D2132CCB5C6759F038CDB6F3C9 ] C:\Windows\System32\calc.exe
22:54:04.0833 3480  C:\Windows\System32\calc.exe - ok
22:54:04.0833 3480  [ 7FCFD73D6D0333401D6DD2B1FFFC5B58 ] C:\Program Files (x86)\Microsoft Lync\RTMPLTFM.dll
22:54:04.0833 3480  C:\Program Files (x86)\Microsoft Lync\RTMPLTFM.dll - ok
22:54:04.0833 3480  [ B458695BC079EACFA858DD0C9CFED209 ] C:\Program Files\Autodesk\AutoCAD Map 3D 2013\acad.exe
22:54:04.0833 3480  C:\Program Files\Autodesk\AutoCAD Map 3D 2013\acad.exe - ok
22:54:04.0849 3480  [ 5AF606155B7F5DCEEA1B145F3541071F ] C:\Program Files\Autodesk\AutoCAD MEP 2011\acad.exe
22:54:04.0849 3480  C:\Program Files\Autodesk\AutoCAD MEP 2011\acad.exe - ok
22:54:04.0849 3480  [ 7A6986DD659B96398A11AF5173892715 ] C:\Windows\SysWOW64\cabinet.dll
22:54:04.0849 3480  C:\Windows\SysWOW64\cabinet.dll - ok
22:54:04.0849 3480  [ 48334DDA046007933D2A922EE2C176EB ] C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluUtils.dll
22:54:04.0849 3480  C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluUtils.dll - ok
22:54:04.0864 3480  [ 002BAD2B2759F987CF5649DEDFC022B0 ] C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluDDM.dll
22:54:04.0864 3480  C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluDDM.dll - ok
22:54:04.0864 3480  [ 139D3AB6AA920C34C50CBFFB9EB7D222 ] C:\Windows\SysWOW64\avrt.dll
22:54:04.0864 3480  C:\Windows\SysWOW64\avrt.dll - ok
22:54:04.0864 3480  [ B010CF886420EE29C2C276646721D255 ] C:\Windows\SysWOW64\wlanapi.dll
22:54:04.0864 3480  C:\Windows\SysWOW64\wlanapi.dll - ok
22:54:04.0880 3480  [ 1D6A771D1D702AE07919DB52C889A249 ] C:\Windows\SysWOW64\wlanutil.dll
22:54:04.0880 3480  C:\Windows\SysWOW64\wlanutil.dll - ok
22:54:04.0880 3480  [ 243974EC02F7AE49E4179C54624143AB ] C:\Windows\SysWOW64\MMDevAPI.dll
22:54:04.0880 3480  C:\Windows\SysWOW64\MMDevAPI.dll - ok
22:54:04.0880 3480  [ 5BB8C06EB5EA4BA22EE8A678F2D79B25 ] C:\Windows\SysWOW64\devenum.dll
22:54:04.0880 3480  C:\Windows\SysWOW64\devenum.dll - ok
22:54:04.0895 3480  [ 7069AAB8536F29ED7323140973A2894B ] C:\Windows\SysWOW64\msdmo.dll
22:54:04.0895 3480  C:\Windows\SysWOW64\msdmo.dll - ok
22:54:04.0895 3480  [ E24FE90E9DE8D8AE70E59F7B01675DEF ] C:\Windows\SysWOW64\avicap32.dll
22:54:04.0895 3480  C:\Windows\SysWOW64\avicap32.dll - ok
22:54:04.0895 3480  [ C335EC1182AC10B188705554E0BC1186 ] C:\Windows\SysWOW64\msvfw32.dll
22:54:04.0911 3480  C:\Windows\SysWOW64\msvfw32.dll - ok
22:54:04.0911 3480  [ 24498D084FAA7A459C91066EC241E1CE ] C:\Windows\SysWOW64\vfwwdm32.dll
22:54:04.0911 3480  C:\Windows\SysWOW64\vfwwdm32.dll - ok
22:54:04.0911 3480  [ C140F86932B5B61F54A4D836E2D34AB2 ] C:\Windows\SysWOW64\ksproxy.ax
22:54:04.0911 3480  C:\Windows\SysWOW64\ksproxy.ax - ok
22:54:04.0927 3480  [ 9C67F6BBDA3881CFD02095160CF91576 ] C:\Windows\SysWOW64\ksuser.dll
22:54:04.0927 3480  C:\Windows\SysWOW64\ksuser.dll - ok
22:54:04.0927 3480  [ 9E2CEE8A6F0F4DD2C3C6815B7B9EA917 ] C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluAlert.dll
22:54:04.0927 3480  C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluAlert.dll - ok
22:54:04.0927 3480  [ 6EF5F3F18413C367195F06E503AB86A6 ] C:\Windows\SysWOW64\d3d9.dll
22:54:04.0927 3480  C:\Windows\SysWOW64\d3d9.dll - ok
22:54:04.0942 3480  [ 9BE56B33C194C1017E89118DE501DDD5 ] C:\Program Files\Autodesk\AutoCAD Civil 3D 2013\acad.exe
22:54:04.0942 3480  C:\Program Files\Autodesk\AutoCAD Civil 3D 2013\acad.exe - ok
22:54:04.0942 3480  [ 77B1471A490B53B24EFE136F09F76550 ] C:\Windows\SysWOW64\d3d8thk.dll
22:54:04.0942 3480  C:\Windows\SysWOW64\d3d8thk.dll - ok
22:54:04.0942 3480  [ 21D3A18769EC2C4E56756D04E989A221 ] C:\Windows\SysWOW64\msxml3.dll
22:54:04.0942 3480  C:\Windows\SysWOW64\msxml3.dll - ok
22:54:04.0958 3480  [ C940F2F5C60B3727C5F18840735B229C ] C:\Windows\SysWOW64\AudioSes.dll
22:54:04.0958 3480  C:\Windows\SysWOW64\AudioSes.dll - ok
22:54:04.0958 3480  [ 8B62160085288F7820DC3B6333729180 ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\ASI\hpliASIServices.dll
22:54:04.0958 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\ASI\hpliASIServices.dll - ok
22:54:04.0958 3480  [ D205C24A9D069049FE2DF2A1B38726A7 ] C:\Windows\SysWOW64\wdmaud.drv
22:54:04.0958 3480  C:\Windows\SysWOW64\wdmaud.drv - ok
22:54:04.0973 3480  [ 07393A09C46083588E751B63B03C8301 ] C:\Windows\SysWOW64\msacm32.drv
22:54:04.0973 3480  C:\Windows\SysWOW64\msacm32.drv - ok
22:54:04.0973 3480  [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\SysWOW64\msacm32.dll
22:54:04.0973 3480  C:\Windows\SysWOW64\msacm32.dll - ok
22:54:04.0973 3480  [ 5A12C364AD1D4FCC0AD0E56DBBC34462 ] C:\Windows\SysWOW64\midimap.dll
22:54:04.0973 3480  C:\Windows\SysWOW64\midimap.dll - ok
22:54:04.0989 3480  [ 870F68D39C8840D45F00FDA0515C0B4F ] C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcLauncher.exe
22:54:04.0989 3480  C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcLauncher.exe - ok
22:54:04.0989 3480  [ 3011C65ACB27BF127AEE7A5613B36A91 ] C:\Windows\System32\Speech\Engines\SR\spsrx.dll
22:54:04.0989 3480  C:\Windows\System32\Speech\Engines\SR\spsrx.dll - ok
22:54:04.0989 3480  [ 01300E303C7A5426FC21C479CE3E1B18 ] C:\Users\hsutherl\Desktop\RogueKillerX64.exe
22:54:04.0989 3480  C:\Users\hsutherl\Desktop\RogueKillerX64.exe - ok
22:54:05.0005 3480  [ B9EC00094EE6A4232810ABA7201B0655 ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\Discovery\hpliDiscovery.dll
22:54:05.0005 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\Discovery\hpliDiscovery.dll - ok
22:54:05.0005 3480  [ D629F73E88B2DA7F5BDA2C06466DCCC4 ] C:\Windows\IME\SPTIP.DLL
22:54:05.0005 3480  C:\Windows\IME\SPTIP.DLL - ok
22:54:05.0005 3480  [ DE81C19E3373CAC5620CA0F8E5FEE961 ] C:\Windows\System32\Speech\SpeechUX\SPTIP.DLL
22:54:05.0020 3480  C:\Windows\System32\Speech\SpeechUX\SPTIP.DLL - ok
22:54:05.0020 3480  [ B0F69B9DE0AEBFD7E4CEADE6758DF627 ] C:\Windows\System32\SearchFolder.dll
22:54:05.0020 3480  C:\Windows\System32\SearchFolder.dll - ok
22:54:05.0020 3480  [ 6EF89B745E881F1692533038B47E42FA ] C:\Windows\Installer\{5783F2D7-9006-0409-0102-0060B0CE6BBA}\Acad162_icon.exe
22:54:05.0020 3480  C:\Windows\Installer\{5783F2D7-9006-0409-0102-0060B0CE6BBA}\Acad162_icon.exe - ok
22:54:05.0036 3480  [ 4FCE41B5474078FDA65E837379CD6384 ] C:\Program Files (x86)\Microsoft Lync\sqmapi.dll
22:54:05.0036 3480  C:\Program Files (x86)\Microsoft Lync\sqmapi.dll - ok
22:54:05.0036 3480  [ 7B45C25CA9CF1F7D9D84352AAC0AE0CD ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\ASI\hpliASIEventManager.dll
22:54:05.0036 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\ASI\hpliASIEventManager.dll - ok
22:54:05.0036 3480  [ 4E81439902079C348B61D7FF027FE147 ] C:\Windows\System32\StructuredQuery.dll
22:54:05.0036 3480  C:\Windows\System32\StructuredQuery.dll - ok
22:54:05.0051 3480  [ 3A16EA01FCFAAB40882DB5BFEE632322 ] C:\Windows\SysWOW64\msftedit.dll
22:54:05.0051 3480  C:\Windows\SysWOW64\msftedit.dll - ok
22:54:05.0051 3480  [ 4DDACA8A66B95ABA02812FF3C13DE198 ] C:\Windows\SysWOW64\vidcap.ax
22:54:05.0051 3480  C:\Windows\SysWOW64\vidcap.ax - ok
22:54:05.0051 3480  [ 630A31F277349109299E590856A4B004 ] C:\Windows\SysWOW64\Kswdmcap.ax
22:54:05.0051 3480  C:\Windows\SysWOW64\Kswdmcap.ax - ok
22:54:05.0067 3480  [ 81C0FA250EF6DC1C6B3FA2BCE81D6C2E ] C:\Windows\SysWOW64\WinSATAPI.dll
22:54:05.0067 3480  C:\Windows\SysWOW64\WinSATAPI.dll - ok
22:54:05.0067 3480  [ 6F5268FB837B09CFEC2A990187800330 ] C:\Program Files\Autodesk\AutoCAD MEP 2011\acadficn.dll
22:54:05.0067 3480  C:\Program Files\Autodesk\AutoCAD MEP 2011\acadficn.dll - ok
22:54:05.0067 3480  [ 57B398BA724BE2D584A2CBD694DDB3F8 ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\ASI\hpliASIServicesPS.dll
22:54:05.0067 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\ASI\hpliASIServicesPS.dll - ok
22:54:05.0083 3480  [ DCBEDE7A5A108EECB89EEBAF6BBE48E8 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\2be03dd49bc35a9286858479e0433449\Accessibility.ni.dll
22:54:05.0083 3480  C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\2be03dd49bc35a9286858479e0433449\Accessibility.ni.dll - ok
22:54:05.0083 3480  [ 515B0D5D583A7CEF20A8530C850D147D ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\hpliDeviceClientAPI.dll
22:54:05.0083 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\hpliDeviceClientAPI.dll - ok
22:54:05.0098 3480  [ 0411B7958C524BB2E91EE1B3035FE321 ] C:\Windows\SysWOW64\dxgi.dll
22:54:05.0098 3480  C:\Windows\SysWOW64\dxgi.dll - ok
22:54:05.0098 3480  [ 4EBFDEDA310640CAAF5A35F40661DA8A ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\TicketAgent\hpliTicketAgent.dll
22:54:05.0098 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\TicketAgent\hpliTicketAgent.dll - ok
22:54:05.0098 3480  [ F4E8A12AB4E4BA37BBBA355016D69B8A ] C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
22:54:05.0098 3480  C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe - ok
22:54:05.0098 3480  [ BBAAE027C176402E221CADBFCAEB5407 ] C:\Windows\System32\zipfldr.dll
22:54:05.0098 3480  C:\Windows\System32\zipfldr.dll - ok
22:54:05.0114 3480  [ A63DC5C2EA944E6657203E0C8EDEAF61 ] C:\Windows\SysWOW64\dllhost.exe
22:54:05.0114 3480  C:\Windows\SysWOW64\dllhost.exe - ok
22:54:05.0114 3480  [ 07E7791909B7539CD1733434E4143CD2 ] C:\Program Files\Zoner\Photo Studio 15\Program64\ZPSIcons.dll
22:54:05.0114 3480  C:\Program Files\Zoner\Photo Studio 15\Program64\ZPSIcons.dll - ok
22:54:05.0114 3480  [ 11B166AB45B6156113BB975D310BA41B ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\TicketComm\hpliTDS.dll
22:54:05.0114 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\TicketComm\hpliTDS.dll - ok
22:54:05.0129 3480  [ C7CA74A7F624E8F57F3D62D9B59CC0FB ] C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
22:54:05.0145 3480  C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe - ok
22:54:05.0145 3480  [ F35ED2C677848B94E1DBD5175A4045D5 ] C:\PROGRA~2\MICROS~3\Office14\OUTLOOK.EXE
22:54:05.0145 3480  C:\PROGRA~2\MICROS~3\Office14\OUTLOOK.EXE - ok
22:54:05.0145 3480  [ 4BA6116A63C53A64AAF044BCCA71FEDA ] C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
22:54:05.0145 3480  C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe - ok
22:54:05.0145 3480  [ FD049C25A168D3DE310D9207B7B6367B ] C:\Windows\SysWOW64\UIAutomationCore.dll
22:54:05.0145 3480  C:\Windows\SysWOW64\UIAutomationCore.dll - ok
22:54:05.0161 3480  [ BF4E1382A4C140F6EFB084ACCD32D6A4 ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\hpliBuildWSSJobControl.dll
22:54:05.0161 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\hpliBuildWSSJobControl.dll - ok
22:54:05.0161 3480  [ 522EA53FF5D7F4105FD1452BEC374FBD ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\TicketComm\hpliSessionInfo.dll
22:54:05.0161 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\TicketComm\hpliSessionInfo.dll - ok
22:54:05.0176 3480  [ C4897015260CB38A10D4A0258BD4B7F4 ] C:\Windows\System32\oleacchooks.dll
22:54:05.0176 3480  C:\Windows\System32\oleacchooks.dll - ok
22:54:05.0176 3480  [ F2C7BB8ACC97F92E987A2D4087D021B1 ] C:\Windows\System32\notepad.exe
22:54:05.0176 3480  C:\Windows\System32\notepad.exe - ok
22:54:05.0176 3480  [ 40EEDE4EE98C716827148172ECC898D4 ] C:\Windows\Installer\{0225AD21-F3E2-4916-BFF3-65D3F9052582}\iTunesIco.exe
22:54:05.0176 3480  C:\Windows\Installer\{0225AD21-F3E2-4916-BFF3-65D3F9052582}\iTunesIco.exe - ok
22:54:05.0192 3480  [ 26025A46FB3FDB40FF06BBF1834093B5 ] C:\Windows\SysWOW64\msls31.dll
22:54:05.0192 3480  C:\Windows\SysWOW64\msls31.dll - ok
22:54:05.0192 3480  [ 7861D9E1E43CD460BDC30B4BC80F34DD ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\WSS\hpliWFService.dll
22:54:05.0192 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\WSS\hpliWFService.dll - ok
22:54:05.0192 3480  [ 24B51971CA4AB38ECD621EB337C85B18 ] C:\Program Files\Zoner\Photo Studio 15\Program64\Zps.exe
22:54:05.0192 3480  C:\Program Files\Zoner\Photo Studio 15\Program64\Zps.exe - ok
22:54:05.0207 3480  [ F50AF473E48CE0835DC28C3C6A002596 ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\WSS\hpliWFDescription.dll
22:54:05.0207 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\WSS\hpliWFDescription.dll - ok
22:54:05.0207 3480  [ 65E47BDC81F3425924522F5F42AE6A18 ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\WSS\Accessors\hpliXDMAccessor.dll
22:54:05.0207 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\WSS\Accessors\hpliXDMAccessor.dll - ok
22:54:05.0223 3480  [ 5D847B21544F165DDCF540BB3E7D1C6C ] C:\Windows\System32\Speech\SpeechUX\SpeechUXPS.DLL
22:54:05.0223 3480  C:\Windows\System32\Speech\SpeechUX\SpeechUXPS.DLL - ok
22:54:05.0223 3480  [ 01CDC09D783453302D1638E1F83F8E9A ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\hpliBuildORBJobControl.dll
22:54:05.0223 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\hpliBuildORBJobControl.dll - ok
22:54:05.0223 3480  [ B35AA08CCA240BFCFBD9732C4335EB0A ] C:\Windows\SysWOW64\Speech\SpeechUX\SpeechUXPS.DLL
22:54:05.0223 3480  C:\Windows\SysWOW64\Speech\SpeechUX\SpeechUXPS.DLL - ok
22:54:05.0239 3480  [ AA63E6741C610D3307DF28100449050B ] C:\Windows\SysWOW64\hpliSTDSoap.dll
22:54:05.0239 3480  C:\Windows\SysWOW64\hpliSTDSoap.dll - ok
22:54:05.0239 3480  [ F5257C6EBD7B9025F6A45A061BF37AFB ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\WSS\hpliJobDetection.dll
22:54:05.0239 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\WSS\hpliJobDetection.dll - ok
22:54:05.0239 3480  [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\SysWOW64\rtutils.dll
22:54:05.0239 3480  C:\Windows\SysWOW64\rtutils.dll - ok
22:54:05.0254 3480  [ 51138BEEA3E2C21EC44D0932C71762A8 ] C:\Windows\SysWOW64\rundll32.exe
22:54:05.0254 3480  C:\Windows\SysWOW64\rundll32.exe - ok
22:54:05.0254 3480  [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:54:05.0254 3480  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
22:54:05.0254 3480  [ 8C31D7EED33FD2C1D615D3A3C02AD906 ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\WSS\JobHandlers\hpliXDMJobHandler.dll
22:54:05.0254 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\WSS\JobHandlers\hpliXDMJobHandler.dll - ok
22:54:05.0270 3480  [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\SysWOW64\netprofm.dll
22:54:05.0270 3480  C:\Windows\SysWOW64\netprofm.dll - ok
22:54:05.0270 3480  [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\SysWOW64\npmproxy.dll
22:54:05.0270 3480  C:\Windows\SysWOW64\npmproxy.dll - ok
22:54:05.0270 3480  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:54:05.0270 3480  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe - ok
22:54:05.0285 3480  [ 96C70BD48D49B87475F4572DEDC62EB9 ] C:\Windows\AppPatch\AcLayers.dll
22:54:05.0285 3480  C:\Windows\AppPatch\AcLayers.dll - ok
22:54:05.0285 3480  [ 637A86CE9F7F276EFA56092E0CBACB82 ] C:\Program Files\HitmanPro\HitmanPro.exe
22:54:05.0285 3480  C:\Program Files\HitmanPro\HitmanPro.exe - ok
22:54:05.0285 3480  [ 5C4CB4086FB83115B153E47ADD961A0C ] C:\Windows\System32\FntCache.dll
22:54:05.0285 3480  C:\Windows\System32\FntCache.dll - ok
22:54:05.0301 3480  [ 98F6F6CAA4B34347CBEBF85325E53BBD ] C:\Program Files\Autodesk\DWG TrueView 2011\DWGVIEWR.exe
22:54:05.0301 3480  C:\Program Files\Autodesk\DWG TrueView 2011\DWGVIEWR.exe - ok
22:54:05.0301 3480  [ 8C602D444D5643F551CE9AD65EBB605A ] C:\Program Files (x86)\Google\Update\1.3.21.145\goopdateres_en-GB.dll
22:54:05.0301 3480  C:\Program Files (x86)\Google\Update\1.3.21.145\goopdateres_en-GB.dll - ok
22:54:05.0317 3480  [ E17E0188BB90FAE42D83E98707EFA59C ] C:\Windows\System32\sppsvc.exe
22:54:05.0317 3480  C:\Windows\System32\sppsvc.exe - ok
22:54:05.0317 3480  [ 3D59DD9CE14FC2D505F496045FA2CCD3 ] C:\Windows\Installer\{5783F2D7-9028-0409-0100-0060B0CE6BBA}\Aoem162_icon.exe
22:54:05.0317 3480  C:\Windows\Installer\{5783F2D7-9028-0409-0100-0060B0CE6BBA}\Aoem162_icon.exe - ok
22:54:05.0317 3480  [ AF78F66116814FDD6677CEBD73035CDD ] C:\Windows\SysWOW64\schannel.dll
22:54:05.0317 3480  C:\Windows\SysWOW64\schannel.dll - ok
22:54:05.0332 3480  [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
22:54:05.0332 3480  C:\Windows\System32\dssenh.dll - ok
22:54:05.0332 3480  [ DB0CB4965DE77FA4FF68F0C4124DAC1B ] C:\Program Files\Autodesk\Infrastructure Modeler 2013\AIM.exe
22:54:05.0332 3480  C:\Program Files\Autodesk\Infrastructure Modeler 2013\AIM.exe - ok
22:54:05.0332 3480  [ E8B1FE6669397D1772D8196DF0E57A9E ] C:\Windows\System32\wscsvc.dll
22:54:05.0332 3480  C:\Windows\System32\wscsvc.dll - ok
22:54:05.0348 3480  [ 4836C561789DF487FFF30C3EB0CDEB2E ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\ASI\hpliASIDeviceData.dll
22:54:05.0348 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\ASI\hpliASIDeviceData.dll - ok
22:54:05.0348 3480  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] C:\Windows\System32\wuaueng.dll
22:54:05.0348 3480  C:\Windows\System32\wuaueng.dll - ok
22:54:05.0348 3480  [ FFF95479C7AB1550F0750A5D01744211 ] C:\Windows\System32\drivers\spsys.sys
22:54:05.0348 3480  C:\Windows\System32\drivers\spsys.sys - ok
22:54:05.0363 3480  [ DC0625A528AEBAB6470A032405E45F98 ] C:\Program Files\Autodesk\Autodesk Infrastructure Administrator 2013\bin\Autodesk.InfrastructureAdministrator.exe
22:54:05.0363 3480  C:\Program Files\Autodesk\Autodesk Infrastructure Administrator 2013\bin\Autodesk.InfrastructureAdministrator.exe - ok
22:54:05.0363 3480  [ 79FB45B40F85B7F3EEE6197F79524CBD ] C:\Program Files (x86)\Internet Explorer\ieproxy.dll
22:54:05.0363 3480  C:\Program Files (x86)\Internet Explorer\ieproxy.dll - ok
22:54:05.0363 3480  [ 34A39CB29725738E86AA0CAA4459D278 ] C:\Program Files\Internet Explorer\ieproxy.dll
22:54:05.0363 3480  C:\Program Files\Internet Explorer\ieproxy.dll - ok
22:54:05.0379 3480  [ 754570E0BD8AA2B6728DCBDC027A3627 ] C:\Program Files\Autodesk\AutoCAD Map 3D 2013\bin\Autodesk.IndustryModelDataEditor.exe
22:54:05.0379 3480  C:\Program Files\Autodesk\AutoCAD Map 3D 2013\bin\Autodesk.IndustryModelDataEditor.exe - ok
22:54:05.0379 3480  [ 617F6EC0AC677C685479C1D0D1E76C6F ] C:\Windows\System32\mspatcha.dll
22:54:05.0379 3480  C:\Windows\System32\mspatcha.dll - ok
22:54:05.0379 3480  [ C47F35CC6FA4F1BDBEF8F87AC1A46537 ] C:\Windows\System32\wuapi.dll
22:54:05.0379 3480  C:\Windows\System32\wuapi.dll - ok
22:54:05.0395 3480  [ E746ED90132C6B6313CE9179F56BD31D ] C:\Windows\System32\wups.dll
22:54:05.0395 3480  C:\Windows\System32\wups.dll - ok
22:54:05.0395 3480  [ 0D893F8D145D3B125B0226727C243A69 ] C:\Windows\System32\security.dll
22:54:05.0395 3480  C:\Windows\System32\security.dll - ok
22:54:05.0395 3480  [ C4BFE4B61086416B0529212F92BCE081 ] C:\Windows\System32\schedcli.dll
22:54:05.0395 3480  C:\Windows\System32\schedcli.dll - ok
22:54:05.0410 3480  [ 768782B9BB5ABB8C930FF455190ED589 ] C:\Windows\SysWOW64\CCM\WUAHandler.dll
22:54:05.0410 3480  C:\Windows\SysWOW64\CCM\WUAHandler.dll - ok
22:54:05.0410 3480  [ 9C32486B66D3B2C1DFB0D353708A8E2B ] C:\Windows\SysWOW64\CCM\UpdatesHandler.dll
22:54:05.0410 3480  C:\Windows\SysWOW64\CCM\UpdatesHandler.dll - ok
22:54:05.0410 3480  [ 1A226FA611154D18638B696DDEF01E00 ] C:\Windows\SysWOW64\CCM\pdpagent.dll
22:54:05.0410 3480  C:\Windows\SysWOW64\CCM\pdpagent.dll - ok
22:54:05.0426 3480  [ D91F10071C6565DB0805276098887312 ] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Proactive Services\hppssem.dll
22:54:05.0426 3480  C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Proactive Services\hppssem.dll - ok
22:54:05.0426 3480  [ C31019D20A1501672DE1D7B52DC1DC6F ] C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluPSP.dll
22:54:05.0426 3480  C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluPSP.dll - ok
22:54:05.0441 3480  [ 4DD5E7AA292B59D38E8A83DC74D027C0 ] C:\Program Files (x86)\Hewlett-Packard\HP Color Center\hplchandlers.dll
22:54:05.0441 3480  C:\Program Files (x86)\Hewlett-Packard\HP Color Center\hplchandlers.dll - ok
22:54:05.0441 3480  [ F6F22291024906E43D135A4B1705FEAC ] C:\Windows\System32\sppwinob.dll
22:54:05.0441 3480  C:\Windows\System32\sppwinob.dll - ok
22:54:05.0441 3480  [ 7FE0D0C8F53735EA17C9AE93EFE7AD5A ] C:\Windows\System32\wups2.dll
22:54:05.0441 3480  C:\Windows\System32\wups2.dll - ok
22:54:05.0457 3480  [ 677D27D2669BAB18F6809B505C80A865 ] C:\Windows\SysWOW64\CCM\PolicyAgentEndpoint.dll
22:54:05.0457 3480  C:\Windows\SysWOW64\CCM\PolicyAgentEndpoint.dll - ok
22:54:05.0457 3480  [ 2B373B5F7E36B5ED5DA176D4400EF091 ] C:\Windows\System32\sppobjs.dll
22:54:05.0457 3480  C:\Windows\System32\sppobjs.dll - ok
22:54:05.0457 3480  [ 769765CE2CC62867468CEA93969B2242 ] C:\Windows\System32\drivers\asyncmac.sys
22:54:05.0457 3480  C:\Windows\System32\drivers\asyncmac.sys - ok
22:54:05.0473 3480  [ 4715F8F8CDBFFF2728BA38B789A1D7C7 ] C:\Windows\System32\wpdshext.dll
22:54:05.0473 3480  C:\Windows\System32\wpdshext.dll - ok
22:54:05.0473 3480  [ 03AB2A2E426C2AD400AC8315226347F8 ] C:\Windows\System32\EhStorAPI.dll
22:54:05.0473 3480  C:\Windows\System32\EhStorAPI.dll - ok
22:54:05.0488 3480  [ 834229E2384DBA74A075C4EC7CD1A704 ] C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
22:54:05.0488 3480  C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll - ok
22:54:05.0488 3480  [ F59E095B0BEF0CEED72DB039DAC3CD68 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcp80.dll
22:54:05.0488 3480  C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcp80.dll - ok
22:54:05.0488 3480  [ 5FAC5F264D61D99EE8961480818B9DEF ] C:\Windows\System32\prevhost.exe
22:54:05.0488 3480  C:\Windows\System32\prevhost.exe - ok
22:54:05.0504 3480  [ 5D2C64963A28AE42671914B599F5C625 ] C:\Windows\SysWOW64\CCM\SdmAgent.dll
22:54:05.0504 3480  C:\Windows\SysWOW64\CCM\SdmAgent.dll - ok
22:54:05.0504 3480  [ 5A9E05991504BD55BF4AD31897D937F5 ] C:\Windows\SysWOW64\CCM\ccm_caltrack.dll
22:54:05.0504 3480  C:\Windows\SysWOW64\CCM\ccm_caltrack.dll - ok
22:54:05.0504 3480  [ B6C9F13BBF0EEE558F217869E0053165 ] C:\Windows\SysWOW64\CCM\CIAgent.dll
22:54:05.0504 3480  C:\Windows\SysWOW64\CCM\CIAgent.dll - ok
22:54:05.0519 3480  [ 02530B0B7E048DD5AC8D52DAEACAEB2B ] C:\Windows\SysWOW64\QAGENT.DLL
22:54:05.0519 3480  C:\Windows\SysWOW64\QAGENT.DLL - ok
22:54:05.0519 3480  [ BD626EF05967D14C772B8096292731A3 ] C:\Windows\SysWOW64\QUTIL.DLL
22:54:05.0519 3480  C:\Windows\SysWOW64\QUTIL.DLL - ok
22:54:05.0519 3480  [ 732E668096B1A37B7BFD4B9021E69A8E ] C:\Windows\System32\oleres.dll
22:54:05.0519 3480  C:\Windows\System32\oleres.dll - ok
22:54:05.0535 3480  [ C4A363C8EA5BBB615FC60DCA786BC337 ] C:\Windows\SysWOW64\CCM\dcmagent.dll
22:54:05.0535 3480  C:\Windows\SysWOW64\CCM\dcmagent.dll - ok
22:54:05.0535 3480  [ 7ED0B3E000132961232BA55104B8CF4E ] C:\Windows\SysWOW64\CCM\PwrAgentEndpoint.dll
22:54:05.0535 3480  C:\Windows\SysWOW64\CCM\PwrAgentEndpoint.dll - ok
22:54:05.0535 3480  [ 7538FCE6C13A6E0BFC6777D108E83FA6 ] C:\Windows\SysWOW64\CCM\PwrEventTask.dll
22:54:05.0535 3480  C:\Windows\SysWOW64\CCM\PwrEventTask.dll - ok
22:54:05.0551 3480  [ 8D47D01378347889A662D54037A988CC ] C:\Windows\SysWOW64\tdh.dll
22:54:05.0551 3480  C:\Windows\SysWOW64\tdh.dll - ok
22:54:05.0551 3480  [ 81600E2E27ED61427AAD865B9BCDDB9D ] C:\Windows\SysWOW64\msidle.dll
22:54:05.0551 3480  C:\Windows\SysWOW64\msidle.dll - ok
22:54:05.0551 3480  [ D1698B610186D4BE830AD2328BAB6F03 ] C:\Windows\SysWOW64\CCM\InvEndPoint.dll
22:54:05.0551 3480  C:\Windows\SysWOW64\CCM\InvEndPoint.dll - ok
22:54:05.0566 3480  [ F83803BEF79046CB7220BAEB2990B6C6 ] C:\Windows\SysWOW64\CCM\StateMessage.dll
22:54:05.0566 3480  C:\Windows\SysWOW64\CCM\StateMessage.dll - ok
22:54:05.0566 3480  [ C0900F8A205E5922EABF171C9AE854C7 ] C:\Windows\SysWOW64\CCM\InvDataStore.dll
22:54:05.0566 3480  C:\Windows\SysWOW64\CCM\InvDataStore.dll - ok
22:54:05.0566 3480  [ F1E15CD86AC3D1B8596F90C00965FA09 ] C:\Windows\SysWOW64\CCM\CcmProxy.dll
22:54:05.0566 3480  C:\Windows\SysWOW64\CCM\CcmProxy.dll - ok
22:54:05.0582 3480  [ 5EA9A0950F322BFA382AF277801C0307 ] C:\Windows\System32\wbem\wmipcima.dll
22:54:05.0582 3480  C:\Windows\System32\wbem\wmipcima.dll - ok
22:54:05.0582 3480  [ E0D857B9137DED6CB7F936857016CC8B ] C:\Windows\SysWOW64\CCM\StandardEventForwarder.dll
22:54:05.0582 3480  C:\Windows\SysWOW64\CCM\StandardEventForwarder.dll - ok
22:54:05.0582 3480  [ 5F616C77F47F7CEE7B620395581B0326 ] C:\Windows\SysWOW64\CCM\PwrHinvProv.dll
22:54:05.0582 3480  C:\Windows\SysWOW64\CCM\PwrHinvProv.dll - ok
22:54:05.0597 3480  [ 30FBCB50A8A4098AC2A277077CA17D89 ] C:\Windows\SysWOW64\CCM\1033\Pwr_res.dll
22:54:05.0597 3480  C:\Windows\SysWOW64\CCM\1033\Pwr_res.dll - ok
22:54:05.0597 3480  [ E503E15C88B4BBDA3F6345E34FED3E92 ] C:\Windows\System32\mssvp.dll
22:54:05.0597 3480  C:\Windows\System32\mssvp.dll - ok
22:54:05.0613 3480  [ 3211DAAA9D7D6D723EC5ADC07E739DB8 ] C:\Windows\System32\NlsData001d.dll
22:54:05.0613 3480  C:\Windows\System32\NlsData001d.dll - ok
22:54:05.0613 3480  [ 8CF3DE426173F4C820C9AF0932E6CF58 ] C:\Windows\System32\NlsLexicons001d.dll
22:54:05.0613 3480  C:\Windows\System32\NlsLexicons001d.dll - ok
22:54:05.0613 3480  [ 005247E3057BC5D5C3F8C6F886FFC10C ] C:\Windows\System32\wbem\WMIADAP.exe
22:54:05.0613 3480  C:\Windows\System32\wbem\WMIADAP.exe - ok
22:54:05.0629 3480  ============================================================
22:54:05.0629 3480  Scan finished
22:54:05.0629 3480  ============================================================
22:54:05.0629 0188  Detected object count: 6
22:54:05.0629 0188  Actual detected object count: 6
22:58:16.0305 0188  MDM ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:16.0305 0188  MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:16.0305 0188  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:16.0305 0188  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:16.0321 0188  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:16.0321 0188  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:16.0337 0188  WkSvw32.exe ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:16.0337 0188  WkSvw32.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:16.0352 0188  \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - skipped by user
22:58:16.0352 0188  \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Skip
22:58:16.0415 0188  \Device\Harddisk0\DR0\Partition1 - copied to quarantine
22:58:16.0415 0188  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
22:58:16.0415 0188  \Device\Harddisk0\DR0\Partition1 - ok
22:58:16.0415 0188  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
22:59:04.0837 2536  Deinitialize success
 



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:28 PM

Posted 14 May 2013 - 10:45 PM


Hello RangerSmith

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 RangerSmith

RangerSmith
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 14 May 2013 - 11:16 PM

Please note above when I downloaded TDSSKiller I changed to Debugging mode in F8 start up... it would not download in normal startup mode. All of the exercises have been run in normal start up mode. My system has not crashed with blue screen since running TDSSKiller and quarantining.

 

Followed the instructions above and have the following Combofix Log:

 

ComboFix 13-05-14.01 - hsutherl 14/05/2013  23:52:24.3.2 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.44.1033.18.1972.752 [GMT -4:00]
Running from: c:\users\hsutherl\Desktop\ComboFix.exe
Command switches used :: c:\users\hsutherl\Desktop\CFScript.txt
AV: Microsoft Forefront Endpoint Protection *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-15 to 2013-05-15  )))))))))))))))))))))))))))))))
.
.
2013-05-15 04:06 . 2013-05-15 04:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-15 04:06 . 2013-05-15 04:06 -------- d-----w- c:\users\bhadmin\AppData\Local\temp
2013-05-15 02:58 . 2013-05-15 03:32 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-14 16:39 . 2013-05-14 17:22 -------- d-----w- C:\JRT
2013-05-10 00:26 . 2013-05-10 00:26 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-10 00:26 . 2013-05-10 00:26 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-08 00:05 . 2013-05-08 00:05 36680 ----a-w- c:\windows\system32\drivers\4EA11071.sys
2013-05-07 22:34 . 2013-05-07 22:34 -------- d-----w- C:\FRST
2013-05-05 19:22 . 2013-05-07 04:44 -------- d-----w- c:\users\hsutherl\AppData\Roaming\vlc
2013-05-05 19:21 . 2013-05-05 19:21 -------- d-----w- c:\program files (x86)\VideoLAN
2013-05-05 18:44 . 2013-05-14 16:32 -------- d-----w- c:\users\hsutherl\AppData\Local\Diagnostics
2013-05-05 18:18 . 2013-05-05 18:18 -------- d-----w- c:\program files (x86)\DivX
2013-05-05 18:17 . 2013-05-05 18:17 -------- d-----w- c:\programdata\DivX
2013-04-30 15:27 . 2013-04-30 15:27 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-25 22:17 . 2013-04-25 22:17 -------- d-----w- c:\program files\iPod
2013-04-25 22:17 . 2013-04-25 22:17 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-25 22:17 . 2013-04-25 22:17 -------- d-----w- c:\program files\iTunes
2013-04-25 22:17 . 2013-04-25 22:17 -------- d-----w- c:\program files (x86)\iTunes
2013-04-24 02:36 . 2013-04-24 02:36 -------- d-----w- c:\users\hsutherl\AppData\Roaming\MPEG Streamclip
2013-04-23 00:27 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-23 00:25 . 2013-03-02 05:49 12294656 ----a-w- c:\windows\system32\ieframe.dll
2013-04-23 00:25 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-16 15:06 . 2013-04-16 15:06 -------- d-----w- c:\windows\system32\appmgmt
2013-04-15 16:36 . 2013-04-15 16:45 -------- d-----w- c:\program files (x86)\Google
2013-04-15 16:36 . 2013-04-15 16:45 -------- d-----w- c:\users\hsutherl\AppData\Local\Google
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-22 23:32 . 2013-02-13 12:02 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-04 18:50 . 2013-03-16 17:23 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-22 10:48 . 2013-03-22 10:48 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-22 10:48 . 2013-03-22 10:48 310688 ----a-w- c:\windows\system32\javaws.exe
2013-03-22 10:48 . 2013-03-22 10:48 188832 ----a-w- c:\windows\system32\javaw.exe
2013-03-22 10:48 . 2013-03-22 10:48 188320 ----a-w- c:\windows\system32\java.exe
2013-03-22 10:48 . 2013-02-11 13:51 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-22 10:48 . 2013-02-11 13:51 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-22 10:42 . 2013-03-22 10:42 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-22 10:42 . 2013-02-11 13:51 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-22 10:42 . 2013-02-11 13:51 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-27 22:04 . 2013-02-27 22:04 110592 ----a-w- c:\windows\SysWow64\hpliSTDSoap.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE" [2012-12-04 773728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RunPUTasktray"="c:\program files (x86)\Hewlett-Packard\HP Printer Utility\HPPU.exe --regkeypath=Software\Hewlett-Packard\HP Printer Utility\HPPURun --valuename=InstallTTM" [X]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-09-28 12105344]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ITGadget"="c:\program files (x86)\Buro Happold\ITGadget\ITGadget.exe" [2012-10-23 972800]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"PUStarter"="c:\program files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\Appinterfaces\HPPUDS.exe" [2013-02-27 73728]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2010-8-24 1549680]
Network Server.lnk - c:\program files (x86)\WIBUKEY\Server\WkSvMgr.exe [2013-2-12 3768320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"dontdisplaylockeduserid"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"ForceRunOnStartMenu"= 1 (0x1)
"ClearRecentProgForNewUserInStartMenu"= 1 (0x1)
"NoStartMenuMyGames"= 1 (0x1)
"QuickLaunchEnabled"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-02-11 1432400]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver_AMDASF.sys [2012-09-11 41272]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2010-05-08 13872]
R3 vmxnet3ndis6;vmxnet3 NDIS 6 Ethernet Adapter Driver;c:\windows\system32\DRIVERS\vmxnet3n61x64.sys [2010-05-08 71728]
R3 Wibukey2_64;Wibukey2_64;c:\windows\system32\drivers\wibukey2_64.sys [2006-11-09 16896]
R3 WkSvw32.exe;WIBU-KEY Server;c:\program files (x86)\WIBUKEY\Server\WkSvw32.exe [2006-11-22 577536]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-03-24 1039776]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-03-24 31136]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-08-24 517488]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-11-03 38440]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2010-04-07 290008]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-06-23 56344]
S3 nskbfltr;nskbfltr;c:\windows\system32\drivers\nskbfltr.sys [2007-07-09 27680]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2012-09-11 43832]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 38413528
*NewlyCreated* - 62161705
*Deregistered* - 38413528
*Deregistered* - 62161705
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-15 16:36]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-15 16:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"nwiz"="nwiz.exe" [2010-05-06 1712744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-12 16416360]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-05-12 95336]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
"BbPrintMonitor"="c:\program files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe" [2012-02-10 201376]
"BbInstallUser"="c:\program files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe" [2012-09-28 48248]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://home.burohappold.com/
mDefault_Page_URL = https://home.burohappold.com/
mStart Page = https://home.burohappold.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
Trusted Zone: krollontrack.co.uk\www
Trusted Zone: motivano.co.uk
TCP: DhcpNameServer = 8.8.8.8 4.2.2.1
DPF: {6D868B99-8B01-4B25-9BD1-ED37AFDF5E29} - hxxp://www.krollontrack.co.uk/support/ontrack-verifile-report/npvfasp.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-27330498.sys
SafeBoot-38413528.sys
SafeBoot-69970204.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-15  00:12:12
ComboFix-quarantined-files.txt  2013-05-15 04:12
ComboFix2.txt  2013-05-14 20:55
.
Pre-Run: 122,712,313,856 bytes free
Post-Run: 122,660,331,520 bytes free
.
- - End Of File - - 8DF37D43805BEA13DAB1782C1EA00E07
 



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:28 PM

Posted 14 May 2013 - 11:28 PM


Hello RangerSmith

I would like to see a report that combofix makes.

extra combofix report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users