Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help with Google redirect virus (non-TDSS?)


  • This topic is locked This topic is locked
21 replies to this topic

#1 shaselai

shaselai

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 22 June 2013 - 09:34 PM

Hi,

   I am seeking help removing this annoying google redirect virus I got recently. I went through the internet and tried many tools - roguekiller, CCleaner, malwarebytes, spybot, windows securities, TDSSKiller and I still have the darn thing! The first thing was TDSSKiller but it was clean - i even checked the registry and no TDSS labels at all! Can someone please help me out removing this thing? thanks!



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:40 AM

Posted 23 June 2013 - 04:43 AM



Hello shaselai

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.



-Download DDS-
  • Please download DDS from one of the links below and save it to your desktop:

    dds_scr.gif
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 shaselai

shaselai
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 23 June 2013 - 10:05 AM

Thank you for your help Gringo! Here are the logs:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Enterprise 
Boot Device: \Device\HarddiskVolume2
Install Date: 12/7/2011 10:06:39 AM
System Uptime: 6/22/2013 8:52:45 PM (14 hours ago)
.
Motherboard: LENOVO |  | KIWB1
Processor: Intel® Core™2 Duo CPU     T6600  @ 2.20GHz | U2E1 | 1188/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 68.492 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter for 64-bit Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter for 64-bit Windows
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
Class GUID: 
Description: 
Device ID: ACPI\ENE0201\3&11583659&0
Manufacturer: 
Name: 
PNP Device ID: ACPI\ENE0201\3&11583659&0
Service: 
.
Class GUID: 
Description: 
Device ID: ROOT\MEDIA\0000
Manufacturer: 
Name: 
PNP Device ID: ROOT\MEDIA\0000
Service: 
.
Class GUID: 
Description: 
Device ID: ACPI\VPC2004\0
Manufacturer: 
Name: 
PNP Device ID: ACPI\VPC2004\0
Service: 
.
==== System Restore Points ===================
.
RP185: 6/22/2013 3:02:10 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
64 Bit HP CIO Components Installer
Access Help
Adobe AIR
Adobe Connect 9 Add-in
Adobe Connect Add-in
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVS Audio Editor 7.1
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Converter 7
AVS Video Editor 6
AVS Video Recorder 2.4
AVS4YOU Software Navigator 1.4
Bonjour
Burn.Now 4.5
Burn.Now Lenovo Edition
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 1.0
Canon MX700 series
Canon MX700 series User Registration
Canon My Printer
CBR Reader
CCleaner
Cisco Systems VPN Client 5.0.07.0290
Combined Community Codec Pack 2011-11-11
Conexant 20585 SmartAudio HD
Configuration Manager
Content Manager Assistant for PlayStation®
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dolby Control Center
Dropbox
Enterasys NAC Assessment Agent
ffdshow v1.2.4486 [2012-08-25]
Fitbit Connect
Google Chrome
Google Update Helper
Hulu Desktop
HumanConcepts OrgPlus 8 Plug-in
Integrated Camera Driver Installer Package Ver.1.1.0.19
Intel PROSet Wireless
Intel® PROSet/Wireless WiFi Software
InterVideo WinDVD 8
iTunes
Java 7 Update 10 (64-bit)
Java 7 Update 21
Java Auto Updater
Java™ 6 Update 29
JavaFX 2.1.0
Lenovo System Interface Driver
Lenovo ThinkVantage Toolbox
Logitech Unifying Software 2.00
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Lync 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA 3D Vision Driver 296.10
NVIDIA Control Panel 296.10
NVIDIA Drivers
NVIDIA Graphics Driver 296.10
NVIDIA HD Audio Driver 1.3.12.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Update 1.7.11
NVIDIA Update Components
On Screen Display
Orbit Downloader
Pharos
Pidgin
PS3 Media Server
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
SAMSUNG USB Driver for Mobile Phones
Secure Download Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2760762) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype™ 6.3
Spybot - Search & Destroy
SUPERAntiSpyware
swMSM
System Update
Tencent QQ
ThinkPad FullScreen Magnifier
ThinkPad Power Management Driver
ThinkPad UltraNav Utility
TVersity Media Server 2.3
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Video Download Capture V4.3.9
VLC media player 2.0.5
WebEx
WIDCOMM Bluetooth Software
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
Windows Media Player Firefox Plugin
WinRAR 4.01 (32-bit)
WinRAR 4.01 (64-bit)
WinX DVD Ripper 5.5.9
Xiph.Org Open Codecs 0.85.17777
.
==== Event Viewer Messages From Past Week ========
.
6/22/2013 8:58:38 PM, Error: Microsoft-Windows-WMPNSS-Service [14353]  - A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/177313231/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
6/22/2013 8:58:38 PM, Error: Microsoft-Windows-WMPNSS-Service [14349]  - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
6/22/2013 8:55:02 PM, Error: Microsoft-Windows-TaskScheduler [413]  - Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
6/22/2013 7:13:30 PM, Error: Microsoft-Windows-IIS-W3SVC [1004]  - The World Wide Web Publishing Service (WWW Service) did not register the URL prefix http://*:80/ for site 1. The site has been disabled. The data field contains the error number.
6/22/2013 7:13:30 PM, Error: Microsoft-Windows-HttpEvent [15005]  - Unable to bind to the underlying transport for [::]:80. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine.  The data field contains the error number.
6/22/2013 7:13:17 PM, Error: Service Control Manager [7001]  - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
6/22/2013 7:12:40 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect.
6/22/2013 7:12:40 PM, Error: Service Control Manager [7000]  - The Net.Tcp Port Sharing Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/22/2013 2:13:53 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.324.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x800704c7   Error description: The operation was canceled by the user. 
6/20/2013 1:17:49 PM, Error: volsnap [35]  - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
6/18/2013 9:59:18 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 32 time(s).
6/18/2013 9:53:31 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 31 time(s).
6/18/2013 9:49:03 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 30 time(s).
6/18/2013 9:43:13 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 29 time(s).
6/18/2013 9:38:46 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 28 time(s).
6/18/2013 9:32:53 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 27 time(s).
6/18/2013 9:28:23 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 26 time(s).
6/18/2013 9:22:29 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 25 time(s).
6/18/2013 9:18:03 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 24 time(s).
6/18/2013 9:12:09 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 23 time(s).
6/18/2013 9:08:01 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 22 time(s).
6/18/2013 9:01:46 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 21 time(s).
6/18/2013 8:57:30 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 20 time(s).
6/18/2013 8:51:24 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 19 time(s).
6/18/2013 8:47:06 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 18 time(s).
6/18/2013 8:40:57 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 17 time(s).
6/18/2013 8:36:51 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 16 time(s).
6/18/2013 8:30:35 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 15 time(s).
6/18/2013 8:26:27 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 14 time(s).
6/18/2013 8:20:11 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 13 time(s).
6/18/2013 8:18:07 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 12 time(s).
6/18/2013 8:13:58 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 11 time(s).
6/18/2013 8:11:45 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 10 time(s).
6/18/2013 8:10:22 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 9 time(s).
6/18/2013 8:09:40 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 8 time(s).
6/18/2013 8:09:19 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 7 time(s).
6/18/2013 8:07:44 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 6 time(s).
6/18/2013 8:05:39 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 5 time(s).
6/18/2013 8:04:16 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 4 time(s).
6/18/2013 8:04:04 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.
6/18/2013 8:03:58 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 3 time(s).
6/18/2013 8:03:34 AM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/18/2013 8:03:12 AM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/18/2013 12:58:43 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 67 time(s).
6/18/2013 12:54:14 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 66 time(s).
6/18/2013 12:48:27 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 65 time(s).
6/18/2013 12:43:57 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 64 time(s).
6/18/2013 12:38:09 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 63 time(s).
6/18/2013 12:33:42 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 62 time(s).
6/18/2013 12:27:55 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 61 time(s).
6/18/2013 12:23:29 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 60 time(s).
6/18/2013 12:17:42 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 59 time(s).
6/18/2013 12:13:15 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 58 time(s).
6/18/2013 12:07:28 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 57 time(s).
6/18/2013 12:03:01 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 56 time(s).
6/18/2013 11:57:11 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 55 time(s).
6/18/2013 11:52:46 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 54 time(s).
6/18/2013 11:46:55 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 53 time(s).
6/18/2013 11:42:22 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 52 time(s).
6/18/2013 11:36:33 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 51 time(s).
6/18/2013 11:31:58 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 50 time(s).
6/18/2013 11:26:09 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 49 time(s).
6/18/2013 11:21:35 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 48 time(s).
6/18/2013 11:15:45 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 47 time(s).
6/18/2013 11:11:16 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 46 time(s).
6/18/2013 11:05:28 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 45 time(s).
6/18/2013 11:01:00 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 44 time(s).
6/18/2013 10:55:11 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 43 time(s).
6/18/2013 10:50:45 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 42 time(s).
6/18/2013 10:44:57 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 41 time(s).
6/18/2013 10:40:22 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 40 time(s).
6/18/2013 10:34:37 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 39 time(s).
6/18/2013 10:30:05 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 38 time(s).
6/18/2013 10:24:18 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 37 time(s).
6/18/2013 10:19:50 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 36 time(s).
6/18/2013 10:14:03 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 35 time(s).
6/18/2013 10:09:35 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 34 time(s).
6/18/2013 10:03:46 AM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 33 time(s).
6/18/2013 1:35:22 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 74 time(s).
6/18/2013 1:35:22 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473536.
6/18/2013 1:29:39 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 73 time(s).
6/18/2013 1:25:00 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 72 time(s).
6/18/2013 1:19:16 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 71 time(s).
6/18/2013 1:14:39 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 70 time(s).
6/18/2013 1:08:59 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 69 time(s).
6/18/2013 1:04:31 PM, Error: Service Control Manager [7034]  - The Windows Search service terminated unexpectedly.  It has done this 68 time(s).
6/17/2013 6:34:33 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
6/16/2013 6:36:55 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.151.2310.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9506.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
6/16/2013 6:29:10 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.151.2310.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9506.0   Error code: 0x80240022   Error description: The program can't check for definition updates. 
6/16/2013 6:29:10 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.151.2310.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9506.0   Error code: 0x80240022   Error description: The program can't check for definition updates. 
.
==== End Of File ===========================
 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16470  BrowserJavaVersion: 10.21.2
Run by Wei at 10:54:03 on 2013-06-23
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.4091.1581 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\Enterasys Networks\NAC Agent\NacAgtSv.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\TVersity\Media Server\MediaServer.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Users\Wei\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\Wei\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
C:\Program Files (x86)\Enterasys Networks\NAC Agent\NacAgent.exe
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxps://home.kenan-flagler.unc.edu
mWinlogon: Userinit = userinit.exe,
BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO: {34A69B78-8920-4FF6-8274-B523A05F8763} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Google Update] "C:\Users\Wei\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [uTorrent] "C:\Users\Wei\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONTEN~1.LNK - C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NACASS~1.LNK - C:\Program Files (x86)\Enterasys Networks\NAC Agent\NacAgent.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: ??????? - <no file>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} - hxxp://consumersupport.lenovo.com/us/en/SmartDownloading/cab/npdueng.cab
DPF: {C73881A3-E7F5-4CE4-B199-307EB127FE15} - hxxp://download.humanconcepts.com/downloads/op8/plugin/hcinstall8.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://amgen.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc1.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{76C901E5-3679-494F-B9D6-723A0990493A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{76C901E5-3679-494F-B9D6-723A0990493A}\27564627F6F666 : DHCPNameServer = 10.1.0.1
TCP: Interfaces\{76C901E5-3679-494F-B9D6-723A0990493A}\3786163756C61696 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{76C901E5-3679-494F-B9D6-723A0990493A}\55E434D20535B4 : DHCPNameServer = 152.19.240.8 152.2.253.100
TCP: Interfaces\{76C901E5-3679-494F-B9D6-723A0990493A}\55E434D213 : DHCPNameServer = 152.2.22.208 152.2.22.214 152.2.9.7
TCP: Interfaces\{76C901E5-3679-494F-B9D6-723A0990493A}\7556374796E63556164747C6567457563747 : DHCPNameServer = 8.8.8.8 8.8.4.4 4.2.2.2
TCP: Interfaces\{76C901E5-3679-494F-B9D6-723A0990493A}\D4963656 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{76C901E5-3679-494F-B9D6-723A0990493A}\D6963656 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Apoint] X:\Program Files\DellTPad\Apoint.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Wei\AppData\Roaming\Mozilla\Firefox\Profiles\ohpf3y2l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z206&ocid=zdhp&install_date=20111207
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z206&form=ZGAADF&install_date=20111207&q=
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Windows\System32\lenovo\update\npdueng.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - ExtSQL: !HIDDEN! 2011-12-07 17:11; textlinks@epicplay.com; C:\Users\Wei\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2012-12-1 14456]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-6-3 52856]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-12-23 279616]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2011-5-31 15400]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2012-11-9 1200160]
R2 NACAgentService;NAC Agent Service;C:\Program Files (x86)\Enterasys Networks\NAC Agent\NacAgtSv.exe [2012-10-23 18239408]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]
R2 SBUpd;SpeedBit Update;C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [2013-2-27 1097848]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-12-7 411688]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 SBUpdd;SpeedBit UpdateD;C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [2013-2-27 40856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\HOTKEY\cammute.exe [2011-5-31 54632]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-5-31 44984]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-5-31 63928]
S3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2011-5-31 163072]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\System32\drivers\AcpiVpc.sys [2011-12-7 26128]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-12-15 53800]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-5-31 321576]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-5-27 35104]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-5-31 71168]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2011-5-31 295600]
S3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-5-31 56344]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-5-31 158976]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-31 317440]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2011-5-31 7675392]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-5-31 20992]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-12-7 222720]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-5-31 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-5-31 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-31 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-5-31 31232]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2011-5-31 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-31 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2013-06-22 19:04:11 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{776DCEEB-5752-4EC0-9A06-FD6D462EB827}\mpengine.dll
2013-06-21 07:57:51 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7961356-E2DD-4081-AC46-9F6015B21509}\gapaengine.dll
2013-06-21 07:57:18 9552976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-17 04:20:24 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2013-06-16 22:26:30 -------- d-----w- C:\Program Files\AVAST Software
2013-06-16 22:25:07 -------- d-----w- C:\ProgramData\AVAST Software
2013-06-16 16:40:34 -------- d-----w- C:\Program Files\Enigma Software Group
2013-06-16 16:38:43 -------- d-----w- C:\Users\Wei\AppData\Roaming\SUPERAntiSpyware.com
2013-06-16 16:38:17 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-06-16 16:38:17 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-06-16 16:38:05 -------- d-----w- C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-16 16:37:52 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-06-14 23:47:41 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-14 08:02:26 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2013-06-14 05:39:57 -------- d-----w- C:\TDSSKiller_Quarantine
2013-06-13 20:23:37 -------- d-----w- C:\Users\Wei\AppData\Local\temp
.
==================== Find3M  ====================
.
2013-06-12 04:36:18 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 04:36:18 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-06 14:37:32 91264 ----a-w- C:\Windows\SysWow64\EasyHook32.dll
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-26 03:45:23 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-26 03:45:20 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-04-26 03:45:20 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-11 14:22:56 770384 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2013-04-11 14:22:56 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 10:55:53.17 ===============


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:40 AM

Posted 23 June 2013 - 06:38 PM



Hello shaselai

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 shaselai

shaselai
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 23 June 2013 - 09:10 PM

ADW:

# AdwCleaner v2.303 - Logfile created 06/23/2013 at 20:54:40
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Enterprise Service Pack 1 (64 bits)
# User : Wei - WEI
# Boot Mode : Normal
# Running from : C:\Users\Wei\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Deleted : C:\Users\Wei\AppData\Roaming\Mozilla\Firefox\Profiles\7hablst9.default\extensions\{e44a1809-4d10-4ab8-b343-3326b64c7cdd}
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16470
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v21.0 (en-US)
 
File : C:\Users\Wei\AppData\Roaming\Mozilla\Firefox\Profiles\ohpf3y2l.default\prefs.js
 
[OK] File is clean.
 
File : C:\Users\UpdatusUser\AppData\Roaming\Mozilla\Firefox\Profiles\ohpf3y2l.default\prefs.js
 
[OK] File is clean.
 
File : C:\Users\UpdatusUser.WEI\AppData\Roaming\Mozilla\Firefox\Profiles\ohpf3y2l.default\prefs.js
 
[OK] File is clean.
 
File : C:\Users\DefaultAppPool\AppData\Roaming\Mozilla\Firefox\Profiles\ohpf3y2l.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v27.0.1453.110
 
File : C:\Users\Wei\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [10395 octets] - [14/06/2013 03:55:26]
AdwCleaner[R2].txt - [1415 octets] - [14/06/2013 12:06:15]
AdwCleaner[R3].txt - [1534 octets] - [16/06/2013 16:25:06]
AdwCleaner[R4].txt - [1731 octets] - [23/06/2013 20:53:22]
AdwCleaner[S1].txt - [10571 octets] - [14/06/2013 03:56:35]
AdwCleaner[S2].txt - [307 octets] - [14/06/2013 12:06:55]
AdwCleaner[S3].txt - [1664 octets] - [23/06/2013 20:54:40]
 
########## EOF - C:\AdwCleaner[S3].txt - [1724 octets] ##########
 

 

 

 

JRT:

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Enterprise x64
Ran by Wei on Sun 06/23/2013 at 20:59:06.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CE06604F-8D55-4358-836B-FD6C40DDF785}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F467EDE2-AC95-4930-96B6-9AFD5F4165B2}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Wei\appdata\local\{42FB7090-22B0-4FEF-A0AF-FD09E7CCC6A6}
Successfully deleted: [Empty Folder] C:\Users\Wei\appdata\local\{5A65340C-803F-431B-ADB2-B930013291E4}
Successfully deleted: [Empty Folder] C:\Users\Wei\appdata\local\{b6e38471-8554-5ce7-da58-75b584d12827}
Successfully deleted: [Empty Folder] C:\Users\Wei\appdata\local\{F5F64DAB-2DA3-481F-86A2-95EA735FF1A2}
 
 
 
~~~ FireFox
 
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [File] C:\Users\Wei\AppData\Roaming\mozilla\firefox\profiles\7hablst9.default\user.js
Successfully deleted: [File] C:\Users\Wei\AppData\Roaming\mozilla\firefox\profiles\7hablst9.default\searchplugins\bing-zugo.xml
Emptied folder: C:\Users\Wei\AppData\Roaming\mozilla\firefox\profiles\7hablst9.default\minidumps [169 files]
 
 
 
~~~ Chrome
 
Dumping contents of C:\Users\Wei\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\Wei\appdata\local\Google\Chrome\User Data\Default\Default\aaianjfhllkoellblppakbaoinmiffjg
C:\Users\Wei\appdata\local\Google\Chrome\User Data\Default\Default\Extensions
C:\Users\Wei\appdata\local\Google\Chrome\User Data\Default\Default\Preferences
C:\Users\Wei\appdata\local\Google\Chrome\User Data\Default\Default\Web Data
C:\Users\Wei\appdata\local\Google\Chrome\User Data\Default\Default\aaianjfhllkoellblppakbaoinmiffjg\background.html
C:\Users\Wei\appdata\local\Google\Chrome\User Data\Default\Default\aaianjfhllkoellblppakbaoinmiffjg\ContentScript.js
C:\Users\Wei\appdata\local\Google\Chrome\User Data\Default\Default\aaianjfhllkoellblppakbaoinmiffjg\manifest.json
C:\Users\Wei\appdata\local\Google\Chrome\User Data\Default\Default\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe
 
Successfully deleted: [Folder] C:\Users\Wei\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/23/2013 at 21:06:36.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

I did a few google searches and i didnt get redirected... however i noticed the new tabs labels i opened started with "google.com...." then the label changed to the url label... is that normal? Thanks.



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:40 AM

Posted 23 June 2013 - 10:33 PM


Hello shaselai

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 shaselai

shaselai
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 24 June 2013 - 10:17 AM

Gringo,

   I think the virus is gone - i have searched many times yesterday and today and havent encountered the problem once - i think the second set of programs i ran cleared it somehow. Here is the Combo log nonetheless in case there are some other problems hidden:

 

 

ComboFix 13-06-24.01 - Wei 06/24/2013  10:55:52.1.2 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.4091.2231 [GMT -4:00]
Running from: c:\users\Wei\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
c:\windows\SysWow64\SETE9AE.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-24 to 2013-06-24  )))))))))))))))))))))))))))))))
.
.
2013-06-24 15:07 . 2013-06-24 15:07 -------- d-----w- c:\users\Wei\AppData\Local\temp
2013-06-24 15:07 . 2013-06-24 15:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-24 15:07 . 2013-06-24 15:07 -------- d-----w- c:\users\UpdatusUser.WEI\AppData\Local\temp
2013-06-24 15:07 . 2013-06-24 15:07 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-06-24 15:07 . 2013-06-24 15:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-24 15:07 . 2013-06-24 15:07 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-06-24 01:19 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{97DF63A2-3B48-4F68-8AEE-3F4A7AF82142}\mpengine.dll
2013-06-24 00:59 . 2013-06-24 00:59 -------- d-----w- c:\windows\ERUNT
2013-06-24 00:58 . 2013-06-24 00:58 -------- d-----w- C:\JRT
2013-06-22 19:04 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-21 07:57 . 2013-06-21 07:57 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B7961356-E2DD-4081-AC46-9F6015B21509}\gapaengine.dll
2013-06-17 04:20 . 2013-06-17 04:20 -------- d-s---w- c:\windows\SysWow64\Microsoft
2013-06-16 22:29 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-06-16 22:26 . 2013-06-16 22:26 -------- d-----w- c:\program files\AVAST Software
2013-06-16 22:25 . 2013-06-16 22:26 -------- d-----w- c:\programdata\AVAST Software
2013-06-16 16:40 . 2013-06-16 16:40 -------- d-----w- c:\program files\Enigma Software Group
2013-06-16 16:38 . 2013-06-16 16:38 -------- d-----w- c:\users\Wei\AppData\Roaming\SUPERAntiSpyware.com
2013-06-16 16:38 . 2013-06-16 16:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-06-16 16:38 . 2013-06-16 16:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-06-16 16:38 . 2013-06-16 19:47 -------- d-----w- c:\windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-16 16:37 . 2013-06-16 16:37 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-06-14 23:47 . 2013-06-15 03:24 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-14 08:02 . 2013-06-14 08:02 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-06-14 05:39 . 2013-06-14 05:39 -------- d-----w- C:\TDSSKiller_Quarantine
2013-06-11 03:46 . 2013-06-11 03:56 -------- d-----w- c:\program files (x86)\Google
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 04:36 . 2012-10-24 00:34 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 04:36 . 2012-10-24 00:34 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-21 04:47 . 2011-12-07 18:56 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-06 14:37 . 2013-05-06 14:37 91264 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2013-05-02 15:29 . 2011-05-31 13:26 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-26 03:45 . 2013-04-26 03:45 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-26 03:45 . 2012-05-13 07:24 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-26 03:45 . 2011-05-31 16:12 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-11 14:22 . 2011-06-11 06:58 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll
2013-04-11 14:22 . 2011-06-11 06:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-04-04 18:50 . 2011-12-07 19:01 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Wei\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Wei\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Wei\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2012-11-09 2796576]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]
"uTorrent"="c:\users\Wei\AppData\Roaming\uTorrent\uTorrent.exe" [2013-05-19 1045072]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 5622512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-10-24 296096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2012-11-09 2796576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchProtect"="\SearchProtect\bin\cltmng.exe" [BU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2013-3-13 3458968]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-5-31 50688]
NAC Assessment Agent.lnk - c:\program files (x86)\Enterasys Networks\NAC Agent\NacAgent.exe -force [2012-10-23 18238880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\LENOVO\HOTKEY\CAMMUTE.exe;c:\program files\LENOVO\HOTKEY\CAMMUTE.exe [x]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
R3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys;c:\windows\SYSNATIVE\DRIVERS\WacomVTHid.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x]
S2 NACAgentService;NAC Agent Service;c:\program files (x86)\Enterasys Networks\NAC Agent\NacAgtSv.exe;c:\program files (x86)\Enterasys Networks\NAC Agent\NacAgtSv.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 SBUpd;SpeedBit Update;c:\program files\Common Files\SpeedBit\SBUpdate\sbu.exe;c:\program files\Common Files\SpeedBit\SBUpdate\sbu.exe [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 SBUpdd;SpeedBit UpdateD;c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys;c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ   w3svc was
apphost REG_MULTI_SZ   apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-11 03:56 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-24 04:36]
.
2013-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-11 03:46]
.
2013-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-11 03:46]
.
2013-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3702504909-1407522148-1157334821-1006Core1ce4ede1331029.job
- c:\users\Wei\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-11 02:31]
.
2013-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3702504909-1407522148-1157334821-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 06:15]
.
2013-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3702504909-1407522148-1157334821-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 06:15]
.
2013-06-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
2013-06-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 4f38cca1-edaf-426b-9cc4-c5463a6a0447.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
2013-06-18 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-29 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-29 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-29 417304]
"Apoint"="x:\program files\DellTPad\Apoint.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-17 9643040]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-07 16416360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: ??????? - 
Trusted Zone: lenovo.com\consumersupport
Trusted Zone: lenovo.com.cn\edrivers
Trusted Zone: lenovo.com.cn\support4
Trusted Zone: lenovo.com.cn\think
TCP: DhcpNameServer = 192.168.1.1
DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} - hxxp://consumersupport.lenovo.com/us/en/SmartDownloading/cab/npdueng.cab
DPF: {C73881A3-E7F5-4CE4-B199-307EB127FE15} - hxxp://download.humanconcepts.com/downloads/op8/plugin/hcinstall8.cab
FF - ProfilePath - c:\users\Wei\AppData\Roaming\Mozilla\Firefox\Profiles\ohpf3y2l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z206&ocid=zdhp&install_date=20111207
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z206&form=ZGAADF&install_date=20111207&q=
FF - ExtSQL: !HIDDEN! 2011-12-07 17:11; textlinks@epicplay.com; c:\users\Wei\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{34A69B78-8920-4FF6-8274-B523A05F8763} - (no file)
Toolbar-Locked - (no file)
SafeBoot-43729287.sys
SafeBoot-53838569.sys
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3702504909-1407522148-1157334821-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*Ž¼Bo]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3702504909-1407522148-1157334821-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*Ž¼Bo\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3702504909-1407522148-1157334821-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*o*p¯)4]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3702504909-1407522148-1157334821-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*o*p¯)4\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3702504909-1407522148-1157334821-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*o*Õ¯)4]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3702504909-1407522148-1157334821-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*o*Õ¯)4\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-24  11:14:14
ComboFix-quarantined-files.txt  2013-06-24 15:14
ComboFix2.txt  2013-06-13 20:23
.
Pre-Run: 69,720,588,288 bytes free
Post-Run: 69,608,259,584 bytes free
.
- - End Of File - - 63932341A21E8672503141FAC61396B8
D41D8CD98F00B204E9800998ECF8427E


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:40 AM

Posted 24 June 2013 - 10:49 AM


Hello shaselai

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 shaselai

shaselai
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 24 June 2013 - 07:05 PM

I dont see the search redirect anymore but there are 2 concerns that may or may not be related?

 

1. I ran superantispyware and it keeps finding tracking cookies and i remove them but they still show up... can that be fixed ?

2. I also got a warning from timewarner internet saying it mightve detected bot from my comp and temporarily disabled my internet (i had to click on link to reenable). not sure if this can be detected and fixed?

 

thanks!

 

 

Here is the output:

 

 

 

ComboFix 13-06-24.01 - Wei 06/24/2013  19:45:43.3.2 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.4091.2312 [GMT -4:00]
Running from: c:\users\Wei\Desktop\ComboFix.exe
Command switches used :: c:\users\Wei\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Wei\AppData\Roaming\Mozilla\Firefox\Profiles\ohpf3y2l.default\searchplugins\bing-zugo.xml
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-24 to 2013-06-24  )))))))))))))))))))))))))))))))
.
.
2013-06-24 23:56 . 2013-06-24 23:56 -------- d-----w- c:\users\Wei\AppData\Local\temp
2013-06-24 23:56 . 2013-06-24 23:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-24 23:56 . 2013-06-24 23:56 -------- d-----w- c:\users\UpdatusUser.WEI\AppData\Local\temp
2013-06-24 23:56 . 2013-06-24 23:56 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-06-24 23:56 . 2013-06-24 23:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-24 23:56 . 2013-06-24 23:56 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-06-24 01:19 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{97DF63A2-3B48-4F68-8AEE-3F4A7AF82142}\mpengine.dll
2013-06-24 00:59 . 2013-06-24 00:59 -------- d-----w- c:\windows\ERUNT
2013-06-24 00:58 . 2013-06-24 23:27 -------- d-----w- C:\JRT
2013-06-22 19:04 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-21 07:57 . 2013-06-21 07:57 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B7961356-E2DD-4081-AC46-9F6015B21509}\gapaengine.dll
2013-06-17 04:20 . 2013-06-17 04:20 -------- d-s---w- c:\windows\SysWow64\Microsoft
2013-06-16 22:29 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-06-16 22:26 . 2013-06-16 22:26 -------- d-----w- c:\program files\AVAST Software
2013-06-16 22:25 . 2013-06-16 22:26 -------- d-----w- c:\programdata\AVAST Software
2013-06-16 16:40 . 2013-06-16 16:40 -------- d-----w- c:\program files\Enigma Software Group
2013-06-16 16:38 . 2013-06-16 16:38 -------- d-----w- c:\users\Wei\AppData\Roaming\SUPERAntiSpyware.com
2013-06-16 16:38 . 2013-06-16 16:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-06-16 16:38 . 2013-06-16 16:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-06-16 16:38 . 2013-06-16 19:47 -------- d-----w- c:\windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-16 16:37 . 2013-06-16 16:37 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-06-14 23:47 . 2013-06-15 03:24 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-14 08:02 . 2013-06-14 08:02 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-06-14 05:39 . 2013-06-14 05:39 -------- d-----w- C:\TDSSKiller_Quarantine
2013-06-11 03:46 . 2013-06-11 03:56 -------- d-----w- c:\program files (x86)\Google
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 04:36 . 2012-10-24 00:34 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 04:36 . 2012-10-24 00:34 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-21 04:47 . 2011-12-07 18:56 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-06 14:37 . 2013-05-06 14:37 91264 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2013-05-02 15:29 . 2011-05-31 13:26 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-26 03:45 . 2013-04-26 03:45 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-26 03:45 . 2012-05-13 07:24 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-26 03:45 . 2011-05-31 16:12 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-11 14:22 . 2011-06-11 06:58 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll
2013-04-11 14:22 . 2011-06-11 06:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-04-04 18:50 . 2011-12-07 19:01 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Wei\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Wei\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Wei\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2012-11-09 2796576]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 5622512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-10-24 296096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2012-11-09 2796576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchProtect"="\SearchProtect\bin\cltmng.exe" [BU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2013-3-13 3458968]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-5-31 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\LENOVO\HOTKEY\CAMMUTE.exe;c:\program files\LENOVO\HOTKEY\CAMMUTE.exe [x]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
R3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys;c:\windows\SYSNATIVE\DRIVERS\WacomVTHid.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x]
S2 NACAgentService;NAC Agent Service;c:\program files (x86)\Enterasys Networks\NAC Agent\NacAgtSv.exe;c:\program files (x86)\Enterasys Networks\NAC Agent\NacAgtSv.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 SBUpd;SpeedBit Update;c:\program files\Common Files\SpeedBit\SBUpdate\sbu.exe;c:\program files\Common Files\SpeedBit\SBUpdate\sbu.exe [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 SBUpdd;SpeedBit UpdateD;c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys;c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ   w3svc was
apphost REG_MULTI_SZ   apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-11 03:56 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-24 04:36]
.
2013-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-11 03:46]
.
2013-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-11 03:46]
.
2013-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3702504909-1407522148-1157334821-1006Core1ce4ede1331029.job
- c:\users\Wei\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-11 02:31]
.
2013-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3702504909-1407522148-1157334821-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 06:15]
.
2013-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3702504909-1407522148-1157334821-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 06:15]
.
2013-06-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
2013-06-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 4f38cca1-edaf-426b-9cc4-c5463a6a0447.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
2013-06-18 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-29 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-29 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-29 417304]
"Apoint"="x:\program files\DellTPad\Apoint.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-17 9643040]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-07 16416360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: ??????? - 
Trusted Zone: lenovo.com\consumersupport
Trusted Zone: lenovo.com.cn\edrivers
Trusted Zone: lenovo.com.cn\support4
Trusted Zone: lenovo.com.cn\think
TCP: DhcpNameServer = 192.168.1.1
DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} - hxxp://consumersupport.lenovo.com/us/en/SmartDownloading/cab/npdueng.cab
DPF: {C73881A3-E7F5-4CE4-B199-307EB127FE15} - hxxp://download.humanconcepts.com/downloads/op8/plugin/hcinstall8.cab
FF - ProfilePath - c:\users\Wei\AppData\Roaming\Mozilla\Firefox\Profiles\ohpf3y2l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z206&ocid=zdhp&install_date=20111207
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z206&form=ZGAADF&install_date=20111207&q=
FF - ExtSQL: !HIDDEN! 2011-12-07 17:11; textlinks@epicplay.com; c:\users\Wei\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{34A69B78-8920-4FF6-8274-B523A05F8763} - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3702504909-1407522148-1157334821-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*Ž¼Bo]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3702504909-1407522148-1157334821-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*Ž¼Bo\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3702504909-1407522148-1157334821-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*o*p¯)4]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3702504909-1407522148-1157334821-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*o*p¯)4\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3702504909-1407522148-1157334821-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*o*Õ¯)4]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3702504909-1407522148-1157334821-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*o*Õ¯)4\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-24  20:01:03
ComboFix-quarantined-files.txt  2013-06-25 00:01
ComboFix2.txt  2013-06-24 23:28
ComboFix3.txt  2013-06-24 15:14
ComboFix4.txt  2013-06-13 20:23
.
Pre-Run: 71,472,365,568 bytes free
Post-Run: 71,137,116,160 bytes free
.
- - End Of File - - 32B4A0215B837A61AA5DD1B91965F46F
D41D8CD98F00B204E9800998ECF8427E


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:40 AM

Posted 24 June 2013 - 09:24 PM


Hello

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 shaselai

shaselai
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 25 June 2013 - 10:10 AM

10:38:13.0774 3088  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:38:14.0305 3088  ============================================================
10:38:14.0305 3088  Current date / time: 2013/06/25 10:38:14.0305
10:38:14.0305 3088  SystemInfo:
10:38:14.0305 3088  
10:38:14.0305 3088  OS Version: 6.1.7601 ServicePack: 1.0
10:38:14.0305 3088  Product type: Workstation
10:38:14.0305 3088  ComputerName: WEI
10:38:14.0305 3088  UserName: Wei
10:38:14.0305 3088  Windows directory: C:\Windows
10:38:14.0305 3088  System windows directory: C:\Windows
10:38:14.0305 3088  Running under WOW64
10:38:14.0305 3088  Processor architecture: Intel x64
10:38:14.0305 3088  Number of processors: 2
10:38:14.0305 3088  Page size: 0x1000
10:38:14.0305 3088  Boot type: Normal boot
10:38:14.0305 3088  ============================================================
10:38:15.0365 3088  BG loaded
10:38:17.0097 3088  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:38:17.0144 3088  ============================================================
10:38:17.0144 3088  \Device\Harddisk0\DR0:
10:38:17.0191 3088  MBR partitions:
10:38:17.0191 3088  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x25392000
10:38:17.0191 3088  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x25392800, BlocksNum 0x96000
10:38:17.0191 3088  ============================================================
10:38:18.0189 3088  C: <-> \Device\Harddisk0\DR0\Partition1
10:38:18.0189 3088  ============================================================
10:38:18.0189 3088  Initialize success
10:38:18.0189 3088  ============================================================
10:38:44.0034 0864  ============================================================
10:38:44.0034 0864  Scan started
10:38:44.0034 0864  Mode: Manual; SigCheck; TDLFS; 
10:38:44.0034 0864  ============================================================
10:38:46.0390 0864  ================ Scan system memory ========================
10:38:46.0390 0864  System memory - ok
10:38:46.0406 0864  ================ Scan services =============================
10:38:47.0545 0864  [ ABDCD326E1DD1C62509ED94C278A7453 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
10:38:47.0638 0864  !SASCORE - ok
10:38:49.0339 0864  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:38:49.0495 0864  1394ohci - ok
10:38:50.0041 0864  [ 708CCD77B9363F245D9F9ACE480824CA ] 5U877           C:\Windows\system32\DRIVERS\5U877.sys
10:38:50.0134 0864  5U877 - ok
10:38:50.0306 0864  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:38:50.0353 0864  ACPI - ok
10:38:50.0462 0864  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:38:51.0445 0864  AcpiPmi - ok
10:38:51.0960 0864  [ 2E68544BCE94DE6677F700CF1D582B6D ] ACPIVPC         C:\Windows\system32\DRIVERS\AcpiVpc.sys
10:38:52.0022 0864  ACPIVPC - ok
10:38:53.0364 0864  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:38:53.0379 0864  AdobeARMservice - ok
10:38:54.0300 0864  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:38:54.0346 0864  AdobeFlashPlayerUpdateSvc - ok
10:38:54.0409 0864  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
10:38:54.0440 0864  adp94xx - ok
10:38:55.0158 0864  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
10:38:55.0189 0864  adpahci - ok
10:38:55.0251 0864  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
10:38:55.0282 0864  adpu320 - ok
10:38:55.0329 0864  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:38:55.0844 0864  AeLookupSvc - ok
10:38:56.0842 0864  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
10:38:56.0998 0864  AFD - ok
10:38:58.0122 0864  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:38:58.0137 0864  agp440 - ok
10:38:58.0309 0864  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
10:38:58.0418 0864  ALG - ok
10:38:58.0995 0864  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:38:59.0026 0864  aliide - ok
10:38:59.0058 0864  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
10:38:59.0058 0864  amdide - ok
10:38:59.0931 0864  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
10:39:00.0976 0864  AmdK8 - ok
10:39:01.0023 0864  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
10:39:01.0054 0864  AmdPPM - ok
10:39:01.0881 0864  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:39:01.0897 0864  amdsata - ok
10:39:02.0037 0864  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
10:39:02.0068 0864  amdsbs - ok
10:39:02.0474 0864  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:39:02.0490 0864  amdxata - ok
10:39:02.0802 0864  [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
10:39:02.0880 0864  androidusb - ok
10:39:03.0426 0864  [ D5EC94CB176F682EAFC823ECA8D90DC6 ] ApfiltrService  C:\Windows\system32\drivers\Apfiltr.sys
10:39:03.0441 0864  ApfiltrService - ok
10:39:03.0847 0864  [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
10:39:04.0129 0864  AppHostSvc - ok
10:39:04.0191 0864  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
10:39:04.0659 0864  AppID - ok
10:39:04.0706 0864  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:39:04.0955 0864  AppIDSvc - ok
10:39:05.0143 0864  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
10:39:05.0907 0864  Appinfo - ok
10:39:06.0344 0864  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:39:06.0359 0864  Apple Mobile Device - ok
10:39:06.0640 0864  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
10:39:07.0030 0864  AppMgmt - ok
10:39:07.0077 0864  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
10:39:07.0093 0864  arc - ok
10:39:07.0108 0864  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
10:39:07.0124 0864  arcsas - ok
10:39:07.0436 0864  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:39:07.0498 0864  AsyncMac - ok
10:39:07.0623 0864  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
10:39:07.0639 0864  atapi - ok
10:39:07.0795 0864  [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
10:39:08.0075 0864  athr - ok
10:39:08.0185 0864  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:39:08.0419 0864  AudioEndpointBuilder - ok
10:39:08.0481 0864  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:39:08.0512 0864  AudioSrv - ok
10:39:08.0637 0864  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:39:08.0731 0864  AxInstSV - ok
10:39:08.0933 0864  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
10:39:09.0074 0864  b06bdrv - ok
10:39:09.0277 0864  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:39:09.0370 0864  b57nd60a - ok
10:39:09.0713 0864  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:39:09.0823 0864  BDESVC - ok
10:39:09.0963 0864  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:39:10.0088 0864  Beep - ok
10:39:10.0259 0864  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
10:39:10.0431 0864  BFE - ok
10:39:10.0478 0864  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
10:39:10.0556 0864  BITS - ok
10:39:10.0634 0864  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:39:10.0790 0864  blbdrive - ok
10:39:10.0961 0864  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:39:10.0977 0864  Bonjour Service - ok
10:39:11.0086 0864  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:39:11.0211 0864  bowser - ok
10:39:11.0242 0864  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
10:39:11.0461 0864  BrFiltLo - ok
10:39:11.0507 0864  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
10:39:11.0570 0864  BrFiltUp - ok
10:39:11.0773 0864  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
10:39:11.0866 0864  BridgeMP - ok
10:39:12.0116 0864  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
10:39:12.0194 0864  Browser - ok
10:39:12.0225 0864  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:39:12.0381 0864  Brserid - ok
10:39:12.0443 0864  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:39:12.0584 0864  BrSerWdm - ok
10:39:12.0662 0864  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:39:12.0693 0864  BrUsbMdm - ok
10:39:12.0709 0864  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:39:12.0724 0864  BrUsbSer - ok
10:39:12.0880 0864  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
10:39:13.0021 0864  BthEnum - ok
10:39:13.0083 0864  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
10:39:13.0145 0864  BTHMODEM - ok
10:39:13.0255 0864  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
10:39:13.0395 0864  BthPan - ok
10:39:13.0520 0864  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
10:39:13.0723 0864  BTHPORT - ok
10:39:13.0769 0864  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
10:39:13.0832 0864  bthserv - ok
10:39:13.0847 0864  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
10:39:14.0331 0864  BTHUSB - ok
10:39:14.0440 0864  [ D3466F77C2C49C6E393BA5FBA963A33E ] btusbflt        C:\Windows\system32\drivers\btusbflt.sys
10:39:14.0456 0864  btusbflt - ok
10:39:14.0612 0864  [ 2D19C44A9D0E175BC93D23C562A0AA01 ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
10:39:14.0627 0864  btwampfl - ok
10:39:14.0768 0864  [ 4BDBDB86ABBA924E029FB2683BE7C505 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
10:39:14.0783 0864  btwaudio - ok
10:39:14.0908 0864  [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
10:39:14.0924 0864  btwavdt - ok
10:39:15.0049 0864  [ 31DA517946FFE416442E864592548F8A ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
10:39:15.0080 0864  btwdins - ok
10:39:15.0236 0864  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
10:39:15.0251 0864  btwl2cap - ok
10:39:15.0408 0864  [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
10:39:15.0424 0864  btwrchid - ok
10:39:15.0502 0864  catchme - ok
10:39:15.0533 0864  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:39:15.0611 0864  cdfs - ok
10:39:15.0720 0864  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:39:15.0876 0864  cdrom - ok
10:39:16.0064 0864  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
10:39:16.0204 0864  CertPropSvc - ok
10:39:16.0377 0864  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
10:39:16.0486 0864  circlass - ok
10:39:16.0548 0864  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
10:39:16.0579 0864  CLFS - ok
10:39:16.0689 0864  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:39:16.0782 0864  clr_optimization_v2.0.50727_32 - ok
10:39:16.0923 0864  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:39:16.0938 0864  clr_optimization_v2.0.50727_64 - ok
10:39:17.0001 0864  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:39:17.0016 0864  clr_optimization_v4.0.30319_32 - ok
10:39:17.0079 0864  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:39:17.0094 0864  clr_optimization_v4.0.30319_64 - ok
10:39:17.0125 0864  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:39:17.0157 0864  CmBatt - ok
10:39:17.0281 0864  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:39:17.0281 0864  cmdide - ok
10:39:17.0406 0864  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
10:39:17.0437 0864  CNG - ok
10:39:18.0249 0864  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
10:39:18.0264 0864  Compbatt - ok
10:39:18.0295 0864  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
10:39:18.0545 0864  CompositeBus - ok
10:39:18.0685 0864  COMSysApp - ok
10:39:18.0717 0864  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
10:39:18.0732 0864  crcdisk - ok
10:39:18.0795 0864  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:39:18.0888 0864  CryptSvc - ok
10:39:18.0935 0864  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
10:39:19.0013 0864  CSC - ok
10:39:19.0060 0864  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
10:39:19.0153 0864  CscService - ok
10:39:19.0216 0864  [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
10:39:19.0231 0864  CVirtA - ok
10:39:19.0341 0864  [ 66257CB4E4FB69887CDDC71663741435 ] CVPND           C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
10:39:19.0372 0864  CVPND - ok
10:39:19.0465 0864  [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
10:39:19.0528 0864  CVPNDRVA - ok
10:39:19.0637 0864  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:39:19.0699 0864  DcomLaunch - ok
10:39:19.0793 0864  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
10:39:19.0887 0864  defragsvc - ok
10:39:19.0949 0864  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:39:20.0043 0864  DfsC - ok
10:39:20.0121 0864  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:39:20.0245 0864  Dhcp - ok
10:39:20.0292 0864  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
10:39:20.0370 0864  discache - ok
10:39:20.0433 0864  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
10:39:20.0464 0864  Disk - ok
10:39:20.0495 0864  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
10:39:20.0542 0864  dmvsc - ok
10:39:20.0620 0864  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
10:39:20.0620 0864  DNE - ok
10:39:20.0698 0864  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:39:20.0760 0864  Dnscache - ok
10:39:20.0807 0864  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:39:20.0885 0864  dot3svc - ok
10:39:20.0947 0864  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
10:39:21.0057 0864  DPS - ok
10:39:21.0103 0864  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:39:21.0150 0864  drmkaud - ok
10:39:21.0228 0864  [ 400582B09E0BB557D0EC28A945150EEB ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:39:21.0259 0864  dtsoftbus01 - ok
10:39:21.0384 0864  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:39:21.0415 0864  DXGKrnl - ok
10:39:21.0493 0864  [ 416A2007878ED1D6FC5DDDB9E1F6DB3E ] e1express       C:\Windows\system32\DRIVERS\e1e6032e.sys
10:39:21.0525 0864  e1express - ok
10:39:21.0603 0864  [ 3FAC023E44BCAE77E62770F8FD476A2A ] e1kexpress      C:\Windows\system32\DRIVERS\e1k62x64.sys
10:39:21.0649 0864  e1kexpress - ok
10:39:21.0696 0864  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
10:39:21.0759 0864  EapHost - ok
10:39:21.0868 0864  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
10:39:22.0039 0864  ebdrv - ok
10:39:22.0133 0864  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
10:39:22.0149 0864  EFS - ok
10:39:22.0227 0864  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:39:22.0351 0864  ehRecvr - ok
10:39:22.0414 0864  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
10:39:22.0554 0864  ehSched - ok
10:39:22.0663 0864  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
10:39:22.0710 0864  elxstor - ok
10:39:22.0726 0864  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:39:22.0773 0864  ErrDev - ok
10:39:22.0851 0864  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
10:39:22.0913 0864  EventSystem - ok
10:39:23.0038 0864  [ 7C1042CDA4E7151E91F1E66A4D9118B0 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
10:39:23.0069 0864  EvtEng - ok
10:39:23.0241 0864  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
10:39:23.0381 0864  exfat - ok
10:39:23.0428 0864  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:39:23.0537 0864  fastfat - ok
10:39:23.0615 0864  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
10:39:23.0709 0864  Fax - ok
10:39:23.0740 0864  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
10:39:23.0787 0864  fdc - ok
10:39:23.0818 0864  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
10:39:23.0880 0864  fdPHost - ok
10:39:23.0927 0864  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:39:24.0021 0864  FDResPub - ok
10:39:24.0067 0864  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:39:24.0083 0864  FileInfo - ok
10:39:24.0114 0864  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:39:24.0177 0864  Filetrace - ok
10:39:24.0333 0864  [ 95F9B69B5E601A1D2465C651E70CC02D ] Fitbit Connect  C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
10:39:24.0364 0864  Fitbit Connect - ok
10:39:24.0489 0864  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:39:24.0520 0864  FLEXnet Licensing Service - ok
10:39:24.0660 0864  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
10:39:24.0676 0864  flpydisk - ok
10:39:24.0707 0864  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:39:24.0723 0864  FltMgr - ok
10:39:24.0785 0864  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
10:39:24.0832 0864  FontCache - ok
10:39:24.0894 0864  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:39:24.0910 0864  FontCache3.0.0.0 - ok
10:39:24.0941 0864  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:39:24.0957 0864  FsDepends - ok
10:39:25.0003 0864  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:39:25.0019 0864  Fs_Rec - ok
10:39:25.0081 0864  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:39:25.0128 0864  fvevol - ok
10:39:25.0144 0864  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
10:39:25.0159 0864  gagp30kx - ok
10:39:25.0237 0864  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:39:25.0253 0864  GEARAspiWDM - ok
10:39:25.0347 0864  [ 14908F4F9005C29DE8F5587E271390EE ] gfibto          C:\Windows\system32\drivers\gfibto.sys
10:39:25.0362 0864  gfibto - ok
10:39:25.0409 0864  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
10:39:25.0471 0864  gpsvc - ok
10:39:25.0612 0864  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:39:25.0627 0864  gupdate - ok
10:39:25.0627 0864  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:39:25.0643 0864  gupdatem - ok
10:39:25.0674 0864  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:39:25.0721 0864  hcw85cir - ok
10:39:25.0815 0864  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:39:25.0893 0864  HdAudAddService - ok
10:39:25.0924 0864  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
10:39:25.0971 0864  HDAudBus - ok
10:39:26.0049 0864  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\drivers\HECIx64.sys
10:39:26.0064 0864  HECIx64 - ok
10:39:26.0080 0864  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
10:39:26.0111 0864  HidBatt - ok
10:39:26.0189 0864  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
10:39:26.0267 0864  HidBth - ok
10:39:26.0298 0864  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
10:39:26.0329 0864  HidIr - ok
10:39:26.0376 0864  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
10:39:26.0439 0864  hidserv - ok
10:39:26.0579 0864  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:39:26.0595 0864  HidUsb - ok
10:39:26.0641 0864  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:39:26.0719 0864  hkmsvc - ok
10:39:26.0766 0864  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:39:26.0922 0864  HomeGroupListener - ok
10:39:26.0938 0864  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:39:26.0985 0864  HomeGroupProvider - ok
10:39:27.0031 0864  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:39:27.0047 0864  HpSAMD - ok
10:39:27.0094 0864  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:39:27.0156 0864  HTTP - ok
10:39:27.0187 0864  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:39:27.0203 0864  hwpolicy - ok
10:39:27.0250 0864  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
10:39:27.0265 0864  i8042prt - ok
10:39:27.0328 0864  [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor          C:\Windows\system32\drivers\iaStor.sys
10:39:27.0343 0864  iaStor - ok
10:39:27.0375 0864  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:39:27.0421 0864  iaStorV - ok
10:39:27.0437 0864  [ 3761FAB385F1C2F51B2FAD48CFABBE9D ] IBMPMDRV        C:\Windows\system32\drivers\ibmpmdrv.sys
10:39:27.0453 0864  IBMPMDRV - ok
10:39:27.0484 0864  [ FC22310F3862E2C7C8722EF4778D5CC3 ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
10:39:27.0499 0864  IBMPMSVC - ok
10:39:27.0562 0864  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:39:27.0655 0864  idsvc - ok
10:39:27.0983 0864  [ 0AC9E321D604BE48A0D72B69BA484BDC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
10:39:28.0467 0864  igfx - ok
10:39:28.0513 0864  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
10:39:28.0529 0864  iirsp - ok
10:39:28.0576 0864  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
10:39:28.0685 0864  IKEEXT - ok
10:39:28.0763 0864  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\drivers\Impcd.sys
10:39:28.0857 0864  Impcd - ok
10:39:29.0013 0864  [ BEA724F57B1525883B72856FB8CAA410 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:39:29.0091 0864  IntcAzAudAddService - ok
10:39:29.0122 0864  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
10:39:29.0262 0864  IntcDAud - ok
10:39:29.0293 0864  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
10:39:29.0309 0864  intelide - ok
10:39:29.0356 0864  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:39:29.0418 0864  intelppm - ok
10:39:29.0512 0864  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:39:29.0574 0864  IPBusEnum - ok
10:39:29.0605 0864  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:39:29.0730 0864  IpFilterDriver - ok
10:39:29.0855 0864  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:39:29.0917 0864  iphlpsvc - ok
10:39:29.0949 0864  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:39:30.0136 0864  IPMIDRV - ok
10:39:30.0214 0864  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:39:31.0541 0864  IPNAT - ok
10:39:31.0634 0864  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
10:39:31.0697 0864  iPod Service - ok
10:39:31.0775 0864  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:39:31.0822 0864  IRENUM - ok
10:39:31.0853 0864  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:39:31.0868 0864  isapnp - ok
10:39:32.0009 0864  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:39:32.0024 0864  iScsiPrt - ok
10:39:32.0087 0864  [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr       C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
10:39:32.0102 0864  IviRegMgr - ok
10:39:32.0212 0864  [ 81458A917F8CC7A5171759218D64FA3A ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
10:39:32.0227 0864  k57nd60a - ok
10:39:32.0321 0864  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:39:32.0336 0864  kbdclass - ok
10:39:32.0352 0864  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:39:32.0399 0864  kbdhid - ok
10:39:32.0430 0864  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
10:39:32.0446 0864  KeyIso - ok
10:39:32.0508 0864  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:39:32.0524 0864  KSecDD - ok
10:39:32.0586 0864  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:39:32.0602 0864  KSecPkg - ok
10:39:32.0648 0864  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:39:32.0680 0864  ksthunk - ok
10:39:32.0742 0864  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:39:32.0836 0864  KtmRm - ok
10:39:32.0914 0864  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
10:39:32.0992 0864  LanmanServer - ok
10:39:33.0038 0864  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:39:33.0132 0864  LanmanWorkstation - ok
10:39:33.0194 0864  [ A4AEFD644CADE44F99CEAFA49004426C ] LENOVO.CAMMUTE  C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe
10:39:33.0210 0864  LENOVO.CAMMUTE - ok
10:39:33.0241 0864  [ E9953EEED1653D1CB9EC5C54FF8057DB ] LENOVO.MICMUTE  C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
10:39:33.0257 0864  LENOVO.MICMUTE - ok
10:39:33.0304 0864  [ 5ACFF5823634BC2C4EBF559C3B33E18E ] lenovo.smi      C:\Windows\system32\DRIVERS\smiifx64.sys
10:39:33.0319 0864  lenovo.smi - ok
10:39:33.0366 0864  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:39:33.0428 0864  lltdio - ok
10:39:33.0475 0864  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:39:33.0584 0864  lltdsvc - ok
10:39:33.0616 0864  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:39:33.0662 0864  lmhosts - ok
10:39:33.0709 0864  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
10:39:33.0725 0864  LSI_FC - ok
10:39:33.0740 0864  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
10:39:33.0756 0864  LSI_SAS - ok
10:39:33.0772 0864  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
10:39:33.0787 0864  LSI_SAS2 - ok
10:39:33.0803 0864  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
10:39:33.0818 0864  LSI_SCSI - ok
10:39:33.0865 0864  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
10:39:33.0896 0864  luafv - ok
10:39:33.0928 0864  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:39:33.0959 0864  Mcx2Svc - ok
10:39:33.0974 0864  [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
10:39:33.0990 0864  mdmxsdk - ok
10:39:34.0052 0864  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
10:39:34.0068 0864  megasas - ok
10:39:34.0099 0864  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
10:39:34.0115 0864  MegaSR - ok
10:39:34.0208 0864  Microsoft SharePoint Workspace Audit Service - ok
10:39:34.0333 0864  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
10:39:34.0427 0864  MMCSS - ok
10:39:34.0474 0864  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
10:39:34.0536 0864  Modem - ok
10:39:34.0614 0864  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:39:34.0645 0864  monitor - ok
10:39:34.0801 0864  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:39:34.0817 0864  mouclass - ok
10:39:34.0879 0864  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:39:34.0942 0864  mouhid - ok
10:39:34.0988 0864  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:39:35.0020 0864  mountmgr - ok
10:39:35.0191 0864  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:39:35.0207 0864  MozillaMaintenance - ok
10:39:35.0316 0864  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
10:39:35.0347 0864  MpFilter - ok
10:39:35.0410 0864  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:39:35.0425 0864  mpio - ok
10:39:35.0488 0864  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:39:35.0519 0864  mpsdrv - ok
10:39:35.0566 0864  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:39:35.0644 0864  MpsSvc - ok
10:39:35.0675 0864  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:39:35.0768 0864  MRxDAV - ok
10:39:35.0800 0864  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:39:35.0878 0864  mrxsmb - ok
10:39:35.0924 0864  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:39:35.0956 0864  mrxsmb10 - ok
10:39:35.0971 0864  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:39:36.0002 0864  mrxsmb20 - ok
10:39:36.0034 0864  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:39:36.0049 0864  msahci - ok
10:39:36.0065 0864  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:39:36.0096 0864  msdsm - ok
10:39:36.0112 0864  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
10:39:36.0127 0864  MSDTC - ok
10:39:36.0174 0864  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:39:36.0221 0864  Msfs - ok
10:39:36.0252 0864  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:39:36.0314 0864  mshidkmdf - ok
10:39:36.0361 0864  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:39:36.0361 0864  msisadrv - ok
10:39:36.0439 0864  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:39:36.0502 0864  MSiSCSI - ok
10:39:36.0517 0864  msiserver - ok
10:39:36.0564 0864  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:39:36.0626 0864  MSKSSRV - ok
10:39:36.0782 0864  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:39:36.0798 0864  MsMpSvc - ok
10:39:36.0814 0864  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:39:36.0876 0864  MSPCLOCK - ok
10:39:36.0938 0864  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:39:37.0001 0864  MSPQM - ok
10:39:37.0048 0864  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:39:37.0079 0864  MsRPC - ok
10:39:37.0094 0864  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
10:39:37.0110 0864  mssmbios - ok
10:39:37.0157 0864  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:39:37.0188 0864  MSTEE - ok
10:39:37.0235 0864  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
10:39:37.0250 0864  MTConfig - ok
10:39:37.0282 0864  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:39:37.0297 0864  Mup - ok
10:39:37.0781 0864  [ CA864A3D2503FB5F5C9F5FC16225AA4C ] NACAgentService C:\Program Files (x86)\Enterasys Networks\NAC Agent\NacAgtSv.exe
10:39:38.0140 0864  NACAgentService - ok
10:39:38.0249 0864  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
10:39:38.0327 0864  napagent - ok
10:39:38.0436 0864  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:39:38.0514 0864  NativeWifiP - ok
10:39:38.0592 0864  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:39:38.0639 0864  NDIS - ok
10:39:38.0701 0864  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:39:38.0779 0864  NdisCap - ok
10:39:38.0810 0864  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:39:38.0842 0864  NdisTapi - ok
10:39:38.0873 0864  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:39:38.0935 0864  Ndisuio - ok
10:39:38.0966 0864  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:39:39.0029 0864  NdisWan - ok
10:39:39.0060 0864  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:39:39.0122 0864  NDProxy - ok
10:39:39.0200 0864  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:39:39.0310 0864  NetBIOS - ok
10:39:39.0341 0864  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:39:39.0403 0864  NetBT - ok
10:39:39.0434 0864  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
10:39:39.0450 0864  Netlogon - ok
10:39:39.0497 0864  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
10:39:39.0559 0864  Netman - ok
10:39:39.0637 0864  [ 3E5A36127E201DDF663176B66828FAFE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:39:39.0653 0864  NetMsmqActivator - ok
10:39:39.0668 0864  [ 3E5A36127E201DDF663176B66828FAFE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:39:39.0684 0864  NetPipeActivator - ok
10:39:39.0762 0864  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
10:39:39.0824 0864  netprofm - ok
10:39:39.0824 0864  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:39:39.0840 0864  NetTcpActivator - ok
10:39:39.0856 0864  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:39:39.0856 0864  NetTcpPortSharing - ok
10:39:40.0199 0864  [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
10:39:40.0526 0864  NETw5s64 - ok
10:39:40.0760 0864  [ 9AA75919D0A5F33BEA0DF7B9DB09B755 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
10:39:40.0916 0864  NETwNs64 - ok
10:39:40.0994 0864  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
10:39:41.0010 0864  nfrd960 - ok
10:39:41.0057 0864  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:39:41.0072 0864  NisDrv - ok
10:39:41.0166 0864  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
10:39:41.0197 0864  NisSrv - ok
10:39:41.0306 0864  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:39:41.0322 0864  NlaSvc - ok
10:39:41.0369 0864  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:39:41.0447 0864  Npfs - ok
10:39:41.0478 0864  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
10:39:41.0540 0864  nsi - ok
10:39:41.0572 0864  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:39:41.0603 0864  nsiproxy - ok
10:39:41.0696 0864  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:39:41.0806 0864  Ntfs - ok
10:39:41.0852 0864  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
10:39:41.0930 0864  Null - ok
10:39:42.0024 0864  [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
10:39:42.0040 0864  NVHDA - ok
10:39:42.0383 0864  [ B8A1174BFD21AF0379B4807BFC85FA66 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:39:42.0586 0864  nvlddmkm - ok
10:39:42.0632 0864  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:39:42.0648 0864  nvraid - ok
10:39:42.0664 0864  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:39:42.0679 0864  nvstor - ok
10:39:42.0804 0864  [ 8C639660B1CB88A966674FC13B8F43A2 ] nvsvc           C:\Windows\system32\nvvsvc.exe
10:39:42.0820 0864  nvsvc - ok
10:39:42.0976 0864  [ BD012DC22C78BE1071BC21EB125D782F ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:39:43.0069 0864  nvUpdatusService - ok
10:39:43.0116 0864  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:39:43.0132 0864  nv_agp - ok
10:39:43.0194 0864  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:39:43.0210 0864  ohci1394 - ok
10:39:43.0288 0864  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:39:43.0303 0864  ose - ok
10:39:43.0537 0864  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:39:43.0756 0864  osppsvc - ok
10:39:43.0818 0864  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:39:43.0865 0864  p2pimsvc - ok
10:39:43.0912 0864  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:39:43.0927 0864  p2psvc - ok
10:39:43.0958 0864  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
10:39:43.0974 0864  Parport - ok
10:39:44.0021 0864  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:39:44.0036 0864  partmgr - ok
10:39:44.0052 0864  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:39:44.0130 0864  PcaSvc - ok
10:39:44.0161 0864  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
10:39:44.0177 0864  pci - ok
10:39:44.0255 0864  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
10:39:44.0255 0864  pciide - ok
10:39:44.0302 0864  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
10:39:44.0317 0864  pcmcia - ok
10:39:44.0348 0864  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:39:44.0364 0864  pcw - ok
10:39:44.0395 0864  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:39:44.0473 0864  PEAUTH - ok
10:39:44.0551 0864  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
10:39:44.0645 0864  PeerDistSvc - ok
10:39:44.0770 0864  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:39:44.0832 0864  PerfHost - ok
10:39:44.0894 0864  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
10:39:45.0050 0864  pla - ok
10:39:45.0113 0864  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:39:45.0128 0864  PlugPlay - ok
10:39:45.0160 0864  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:39:45.0238 0864  PNRPAutoReg - ok
10:39:45.0300 0864  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:39:45.0316 0864  PNRPsvc - ok
10:39:45.0378 0864  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:39:45.0472 0864  PolicyAgent - ok
10:39:45.0518 0864  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
10:39:45.0581 0864  Power - ok
10:39:45.0643 0864  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:39:45.0690 0864  PptpMiniport - ok
10:39:45.0784 0864  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
10:39:45.0862 0864  Processor - ok
10:39:45.0940 0864  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:39:45.0971 0864  ProfSvc - ok
10:39:45.0986 0864  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:39:45.0986 0864  ProtectedStorage - ok
10:39:46.0064 0864  [ 515A7C5A0886FCC60901916785EFD549 ] psadd           C:\Windows\system32\DRIVERS\psadd.sys
10:39:46.0080 0864  psadd - ok
10:39:46.0096 0864  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:39:46.0158 0864  Psched - ok
10:39:46.0189 0864  [ A6BF0A9B5A30D743623CA0D3BE35DF05 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
10:39:46.0205 0864  PxHlpa64 - ok
10:39:46.0267 0864  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
10:39:46.0345 0864  ql2300 - ok
10:39:46.0361 0864  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
10:39:46.0376 0864  ql40xx - ok
10:39:46.0439 0864  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
10:39:46.0486 0864  QWAVE - ok
10:39:46.0517 0864  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:39:46.0532 0864  QWAVEdrv - ok
10:39:46.0564 0864  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:39:46.0626 0864  RasAcd - ok
10:39:46.0673 0864  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:39:46.0720 0864  RasAgileVpn - ok
10:39:46.0766 0864  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
10:39:46.0813 0864  RasAuto - ok
10:39:46.0844 0864  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:39:46.0907 0864  Rasl2tp - ok
10:39:46.0938 0864  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
10:39:46.0969 0864  RasMan - ok
10:39:47.0000 0864  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:39:47.0047 0864  RasPppoe - ok
10:39:47.0203 0864  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:39:47.0312 0864  RasSstp - ok
10:39:47.0344 0864  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:39:47.0656 0864  rdbss - ok
10:39:47.0687 0864  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:39:47.0749 0864  rdpbus - ok
10:39:47.0812 0864  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:39:47.0999 0864  RDPCDD - ok
10:39:48.0077 0864  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
10:39:48.0155 0864  RDPDR - ok
10:39:48.0311 0864  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:39:48.0373 0864  RDPENCDD - ok
10:39:48.0451 0864  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:39:48.0482 0864  RDPREFMP - ok
10:39:48.0607 0864  [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:39:48.0670 0864  RdpVideoMiniport - ok
10:39:48.0732 0864  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:39:48.0810 0864  RDPWD - ok
10:39:48.0841 0864  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:39:48.0857 0864  rdyboost - ok
10:39:48.0935 0864  [ 6108654C5EBEA28A606D6890B4DE6DE3 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
10:39:48.0966 0864  RegSrvc - ok
10:39:49.0013 0864  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:39:49.0060 0864  RemoteAccess - ok
10:39:49.0075 0864  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:39:49.0122 0864  RemoteRegistry - ok
10:39:49.0184 0864  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
10:39:49.0294 0864  RFCOMM - ok
10:39:49.0309 0864  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:39:49.0372 0864  RpcEptMapper - ok
10:39:49.0403 0864  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
10:39:49.0496 0864  RpcLocator - ok
10:39:49.0543 0864  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
10:39:49.0590 0864  RpcSs - ok
10:39:49.0637 0864  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:39:49.0699 0864  rspndr - ok
10:39:49.0762 0864  [ A48F861547FDD1D68201C9216ACFE6DC ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
10:39:49.0855 0864  RSUSBSTOR - ok
10:39:49.0886 0864  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
10:39:49.0902 0864  s3cap - ok
10:39:49.0964 0864  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
10:39:49.0980 0864  SamSs - ok
10:39:50.0136 0864  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
10:39:50.0136 0864  SASDIFSV - ok
10:39:50.0167 0864  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
10:39:50.0183 0864  SASKUTIL - ok
10:39:50.0214 0864  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:39:50.0245 0864  sbp2port - ok
10:39:50.0354 0864  SBUpd - ok
10:39:50.0417 0864  [ 312316F6B637336F32F88532F84E093D ] SBUpdd          C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys
10:39:50.0432 0864  SBUpdd - ok
10:39:50.0464 0864  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:39:50.0526 0864  SCardSvr - ok
10:39:50.0557 0864  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:39:50.0651 0864  scfilter - ok
10:39:50.0698 0864  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
10:39:50.0744 0864  Schedule - ok
10:39:50.0791 0864  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:39:50.0838 0864  SCPolicySvc - ok
10:39:50.0869 0864  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:39:50.0947 0864  SDRSVC - ok
10:39:50.0994 0864  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:39:51.0041 0864  secdrv - ok
10:39:51.0072 0864  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
10:39:51.0134 0864  seclogon - ok
10:39:51.0181 0864  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
10:39:51.0244 0864  SENS - ok
10:39:51.0306 0864  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:39:51.0322 0864  SensrSvc - ok
10:39:51.0415 0864  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
10:39:51.0462 0864  Serenum - ok
10:39:51.0478 0864  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
10:39:51.0493 0864  Serial - ok
10:39:51.0524 0864  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
10:39:51.0540 0864  sermouse - ok
10:39:51.0602 0864  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:39:51.0665 0864  SessionEnv - ok
10:39:51.0680 0864  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:39:51.0743 0864  sffdisk - ok
10:39:51.0743 0864  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:39:51.0758 0864  sffp_mmc - ok
10:39:51.0774 0864  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:39:51.0805 0864  sffp_sd - ok
10:39:51.0821 0864  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
10:39:51.0836 0864  sfloppy - ok
10:39:51.0899 0864  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:39:51.0977 0864  SharedAccess - ok
10:39:52.0024 0864  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:39:52.0102 0864  ShellHWDetection - ok
10:39:52.0148 0864  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
10:39:52.0164 0864  SiSRaid2 - ok
10:39:52.0195 0864  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
10:39:52.0211 0864  SiSRaid4 - ok
10:39:52.0320 0864  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
10:39:52.0336 0864  SkypeUpdate - ok
10:39:52.0351 0864  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:39:52.0445 0864  Smb - ok
10:39:52.0507 0864  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:39:52.0538 0864  SNMPTRAP - ok
10:39:52.0585 0864  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:39:52.0601 0864  spldr - ok
10:39:52.0710 0864  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
10:39:52.0757 0864  Spooler - ok
10:39:52.0866 0864  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
10:39:53.0038 0864  sppsvc - ok
10:39:53.0069 0864  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:39:53.0116 0864  sppuinotify - ok
10:39:53.0162 0864  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:39:53.0240 0864  srv - ok
10:39:53.0303 0864  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:39:53.0318 0864  srv2 - ok
10:39:53.0365 0864  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:39:53.0381 0864  SrvHsfHDA - ok
10:39:53.0459 0864  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:39:53.0568 0864  SrvHsfV92 - ok
10:39:53.0599 0864  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:39:53.0646 0864  SrvHsfWinac - ok
10:39:53.0693 0864  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:39:53.0724 0864  srvnet - ok
10:39:53.0818 0864  [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
10:39:53.0880 0864  ssadbus - ok
10:39:53.0927 0864  [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
10:39:53.0989 0864  ssadmdfl - ok
10:39:54.0005 0864  [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
10:39:54.0052 0864  ssadmdm - ok
10:39:54.0083 0864  [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd        C:\Windows\system32\DRIVERS\ssadserd.sys
10:39:54.0114 0864  ssadserd - ok
10:39:54.0145 0864  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:39:54.0192 0864  SSDPSRV - ok
10:39:54.0223 0864  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:39:54.0270 0864  SstpSvc - ok
10:39:54.0317 0864  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
10:39:54.0332 0864  stexstor - ok
10:39:54.0426 0864  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
10:39:54.0473 0864  StillCam - ok
10:39:54.0535 0864  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
10:39:54.0566 0864  stisvc - ok
10:39:54.0613 0864  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
10:39:54.0629 0864  storflt - ok
10:39:54.0691 0864  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
10:39:54.0707 0864  StorSvc - ok
10:39:54.0738 0864  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
10:39:54.0754 0864  storvsc - ok
10:39:54.0769 0864  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
10:39:54.0785 0864  swenum - ok
10:39:54.0832 0864  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
10:39:54.0910 0864  swprv - ok
10:39:54.0972 0864  [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc      C:\Windows\system32\drivers\Synth3dVsc.sys
10:39:54.0988 0864  Synth3dVsc - ok
10:39:55.0050 0864  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
10:39:55.0112 0864  SysMain - ok
10:39:55.0144 0864  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:39:55.0175 0864  TabletInputService - ok
10:39:55.0190 0864  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:39:55.0253 0864  TapiSrv - ok
10:39:55.0284 0864  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
10:39:55.0331 0864  TBS - ok
10:39:55.0424 0864  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:39:55.0534 0864  Tcpip - ok
10:39:55.0612 0864  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:39:55.0658 0864  TCPIP6 - ok
10:39:55.0721 0864  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:39:55.0783 0864  tcpipreg - ok
10:39:55.0830 0864  [ E608A409D1689D8B4B26D66909BA3FD3 ] TcUsb           C:\Windows\system32\Drivers\tcusb.sys
10:39:55.0846 0864  TcUsb - ok
10:39:55.0861 0864  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:39:55.0939 0864  TDPIPE - ok
10:39:55.0986 0864  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:39:56.0017 0864  TDTCP - ok
10:39:56.0048 0864  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:39:56.0095 0864  tdx - ok
10:39:56.0111 0864  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
10:39:56.0126 0864  TermDD - ok
10:39:56.0142 0864  [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt        C:\Windows\system32\drivers\terminpt.sys
10:39:56.0204 0864  terminpt - ok
10:39:56.0251 0864  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
10:39:56.0314 0864  TermService - ok
10:39:56.0345 0864  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
10:39:56.0360 0864  Themes - ok
10:39:56.0392 0864  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
10:39:56.0438 0864  THREADORDER - ok
10:39:56.0485 0864  [ 88E1F5E9C121167D9E226CBE7FE5FB82 ] TPHKSVC         C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
10:39:56.0501 0864  TPHKSVC - ok
10:39:56.0516 0864  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
10:39:56.0548 0864  TPM - ok
10:39:56.0579 0864  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
10:39:56.0641 0864  TrkWks - ok
10:39:56.0704 0864  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:39:56.0750 0864  TrustedInstaller - ok
10:39:56.0797 0864  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:39:56.0844 0864  tssecsrv - ok
10:39:56.0875 0864  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:39:56.0938 0864  TsUsbFlt - ok
10:39:56.0953 0864  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
10:39:57.0000 0864  TsUsbGD - ok
10:39:57.0016 0864  [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
10:39:57.0031 0864  tsusbhub - ok
10:39:57.0062 0864  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:39:57.0109 0864  tunnel - ok
10:39:57.0234 0864  [ 9A404CE3D11FA26F1EB08BE2F9C9269A ] TVersityMediaServer C:\ProgramData\TVersity\Media Server\MediaServer.exe
10:39:57.0281 0864  TVersityMediaServer - ok
10:39:57.0296 0864  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
10:39:57.0312 0864  uagp35 - ok
10:39:57.0343 0864  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:39:57.0390 0864  udfs - ok
10:39:57.0421 0864  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:39:57.0452 0864  UI0Detect - ok
10:39:57.0484 0864  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:39:57.0499 0864  uliagpkx - ok
10:39:57.0530 0864  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:39:57.0546 0864  umbus - ok
10:39:57.0577 0864  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
10:39:57.0608 0864  UmPass - ok
10:39:57.0686 0864  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
10:39:57.0718 0864  UmRdpService - ok
10:39:57.0749 0864  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
10:39:57.0858 0864  upnphost - ok
10:39:57.0889 0864  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:39:57.0998 0864  usbccgp - ok
10:39:58.0030 0864  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:39:58.0108 0864  usbcir - ok
10:39:58.0154 0864  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
10:39:58.0201 0864  usbehci - ok
10:39:58.0264 0864  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:39:58.0326 0864  usbhub - ok
10:39:58.0357 0864  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:39:58.0420 0864  usbohci - ok
10:39:58.0466 0864  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
10:39:58.0513 0864  usbprint - ok
10:39:58.0576 0864  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:39:58.0654 0864  USBSTOR - ok
10:39:58.0716 0864  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
10:39:58.0763 0864  usbuhci - ok
10:39:58.0810 0864  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
10:39:58.0841 0864  usbvideo - ok
10:39:58.0856 0864  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
10:39:58.0981 0864  UxSms - ok
10:39:58.0997 0864  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
10:39:59.0012 0864  VaultSvc - ok
10:39:59.0044 0864  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:39:59.0059 0864  vdrvroot - ok
10:39:59.0090 0864  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
10:39:59.0153 0864  vds - ok
10:39:59.0215 0864  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:39:59.0231 0864  vga - ok
10:39:59.0278 0864  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:39:59.0324 0864  VgaSave - ok
10:39:59.0356 0864  VGPU - ok
10:39:59.0371 0864  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:39:59.0387 0864  vhdmp - ok
10:39:59.0402 0864  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:39:59.0418 0864  viaide - ok
10:39:59.0449 0864  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
10:39:59.0558 0864  vmbus - ok
10:39:59.0605 0864  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
10:39:59.0636 0864  VMBusHID - ok
10:39:59.0683 0864  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:39:59.0699 0864  volmgr - ok
10:39:59.0730 0864  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:39:59.0777 0864  volmgrx - ok
10:39:59.0808 0864  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:39:59.0824 0864  volsnap - ok
10:39:59.0870 0864  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
10:39:59.0886 0864  vsmraid - ok
10:39:59.0964 0864  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
10:40:00.0104 0864  VSS - ok
10:40:00.0136 0864  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:40:00.0167 0864  vwifibus - ok
10:40:00.0401 0864  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:40:00.0494 0864  vwififlt - ok
10:40:00.0557 0864  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
10:40:00.0604 0864  vwifimp - ok
10:40:00.0650 0864  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
10:40:00.0744 0864  W32Time - ok
10:40:00.0900 0864  [ B32009DB1972E7F2C227499289C4384A ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
10:40:01.0088 0864  W3SVC - ok
10:40:01.0088 0864  wacommousefilter - ok
10:40:01.0135 0864  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
10:40:01.0244 0864  WacomPen - ok
10:40:01.0244 0864  WacomVTHid - ok
10:40:01.0307 0864  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:40:01.0369 0864  WANARP - ok
10:40:01.0385 0864  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:40:01.0431 0864  Wanarpv6 - ok
10:40:01.0494 0864  [ B32009DB1972E7F2C227499289C4384A ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
10:40:01.0509 0864  WAS - ok
10:40:01.0697 0864  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
10:40:01.0790 0864  WatAdminSvc - ok
10:40:01.0837 0864  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
10:40:01.0962 0864  wbengine - ok
10:40:01.0993 0864  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:40:02.0024 0864  WbioSrvc - ok
10:40:02.0399 0864  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:40:02.0601 0864  wcncsvc - ok
10:40:02.0679 0864  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:40:02.0789 0864  WcsPlugInService - ok
10:40:02.0835 0864  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
10:40:02.0851 0864  Wd - ok
10:40:02.0991 0864  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
10:40:03.0085 0864  WDC_SAM - ok
10:40:03.0163 0864  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:40:03.0210 0864  Wdf01000 - ok
10:40:03.0288 0864  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:40:03.0537 0864  WdiServiceHost - ok
10:40:03.0569 0864  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:40:03.0584 0864  WdiSystemHost - ok
10:40:03.0662 0864  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
10:40:03.0756 0864  WebClient - ok
10:40:03.0787 0864  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:40:03.0927 0864  Wecsvc - ok
10:40:03.0990 0864  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:40:04.0052 0864  wercplsupport - ok
10:40:04.0115 0864  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:40:04.0333 0864  WerSvc - ok
10:40:04.0395 0864  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:40:04.0473 0864  WfpLwf - ok
10:40:04.0520 0864  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:40:04.0551 0864  WIMMount - ok
10:40:04.0598 0864  WinDefend - ok
10:40:04.0614 0864  WinHttpAutoProxySvc - ok
10:40:04.0692 0864  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:40:04.0801 0864  Winmgmt - ok
10:40:04.0879 0864  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
10:40:05.0004 0864  WinRM - ok
10:40:05.0129 0864  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
10:40:05.0222 0864  WinUsb - ok
10:40:05.0331 0864  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:40:05.0378 0864  Wlansvc - ok
10:40:05.0425 0864  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:40:05.0487 0864  WmiAcpi - ok
10:40:05.0550 0864  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:40:05.0643 0864  wmiApSrv - ok
10:40:05.0690 0864  WMPNetworkSvc - ok
10:40:05.0721 0864  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:40:05.0768 0864  WPCSvc - ok
10:40:05.0815 0864  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:40:05.0831 0864  WPDBusEnum - ok
10:40:05.0877 0864  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:40:05.0924 0864  ws2ifsl - ok
10:40:05.0971 0864  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
10:40:06.0080 0864  wscsvc - ok
10:40:06.0080 0864  WSearch - ok
10:40:06.0221 0864  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:40:06.0314 0864  wuauserv - ok
10:40:06.0392 0864  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:40:06.0439 0864  WudfPf - ok
10:40:06.0501 0864  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:40:06.0533 0864  WUDFRd - ok
10:40:06.0689 0864  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:40:06.0704 0864  wudfsvc - ok
10:40:06.0767 0864  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:40:06.0876 0864  WwanSvc - ok
10:40:07.0016 0864  ================ Scan global ===============================
10:40:07.0047 0864  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:40:07.0125 0864  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:40:07.0157 0864  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:40:07.0188 0864  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:40:07.0531 0864  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:40:07.0531 0864  [Global] - ok
10:40:07.0531 0864  ================ Scan MBR ==================================
10:40:07.0562 0864  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:40:08.0155 0864  \Device\Harddisk0\DR0 - ok
10:40:08.0155 0864  ================ Scan VBR ==================================
10:40:08.0295 0864  [ E7C17709E5FB76E3BE1F23F7C1C2B08B ] \Device\Harddisk0\DR0\Partition1
10:40:08.0295 0864  \Device\Harddisk0\DR0\Partition1 - ok
10:40:08.0358 0864  [ FA1AA1AD34886A3C44A6924634CFD307 ] \Device\Harddisk0\DR0\Partition2
10:40:08.0358 0864  \Device\Harddisk0\DR0\Partition2 - ok
10:40:08.0358 0864  ================ Scan active images ========================
10:40:08.0358 0864  [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
10:40:08.0358 0864  C:\Windows\System32\drivers\crashdmp.sys - ok
10:40:08.0373 0864  [ D7921D5A870B11CC1ADAB198A519D50A ] C:\Windows\System32\drivers\iaStor.sys
10:40:08.0373 0864  C:\Windows\System32\drivers\iaStor.sys - ok
10:40:08.0373 0864  [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
10:40:08.0373 0864  C:\Windows\System32\drivers\dumpfve.sys - ok
10:40:08.0373 0864  [ 400582B09E0BB557D0EC28A945150EEB ] C:\Windows\System32\drivers\dtsoftbus01.sys
10:40:08.0389 0864  C:\Windows\System32\drivers\dtsoftbus01.sys - ok
10:40:08.0389 0864  [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
10:40:08.0389 0864  C:\Windows\System32\drivers\cdrom.sys - ok
10:40:08.0389 0864  [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
10:40:08.0389 0864  C:\Windows\System32\drivers\beep.sys - ok
10:40:08.0405 0864  [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
10:40:08.0405 0864  C:\Windows\System32\drivers\null.sys - ok
10:40:08.0405 0864  [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
10:40:08.0405 0864  C:\Windows\System32\drivers\videoprt.sys - ok
10:40:08.0420 0864  [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
10:40:08.0420 0864  C:\Windows\System32\drivers\watchdog.sys - ok
10:40:08.0420 0864  [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
10:40:08.0420 0864  C:\Windows\System32\drivers\RDPCDD.sys - ok
10:40:08.0420 0864  [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
10:40:08.0420 0864  C:\Windows\System32\drivers\vga.sys - ok
10:40:08.0436 0864  [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
10:40:08.0436 0864  C:\Windows\System32\drivers\RDPENCDD.sys - ok
10:40:08.0436 0864  [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
10:40:08.0436 0864  C:\Windows\System32\drivers\RDPREFMP.sys - ok
10:40:08.0451 0864  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
10:40:08.0451 0864  C:\Windows\System32\drivers\msfs.sys - ok
10:40:08.0451 0864  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
10:40:08.0451 0864  C:\Windows\System32\drivers\npfs.sys - ok
10:40:08.0467 0864  [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
10:40:08.0467 0864  C:\Windows\System32\drivers\tdi.sys - ok
10:40:08.0467 0864  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
10:40:08.0467 0864  C:\Windows\System32\drivers\tdx.sys - ok
10:40:08.0483 0864  [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
10:40:08.0483 0864  C:\Windows\System32\drivers\afd.sys - ok
10:40:08.0483 0864  [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
10:40:08.0483 0864  C:\Windows\System32\drivers\netbt.sys - ok
10:40:08.0483 0864  [ 6BCC1D7D2FD2453957C5479A32364E52 ] C:\Windows\System32\drivers\ws2ifsl.sys
10:40:08.0483 0864  C:\Windows\System32\drivers\ws2ifsl.sys - ok
10:40:08.0498 0864  [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
10:40:08.0498 0864  C:\Windows\System32\drivers\wfplwf.sys - ok
10:40:08.0498 0864  [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
10:40:08.0498 0864  C:\Windows\System32\drivers\netbios.sys - ok
10:40:08.0514 0864  [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
10:40:08.0514 0864  C:\Windows\System32\drivers\pacer.sys - ok
10:40:08.0514 0864  [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
10:40:08.0514 0864  C:\Windows\System32\drivers\vwififlt.sys - ok
10:40:08.0514 0864  [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys
10:40:08.0514 0864  C:\Windows\System32\drivers\wanarp.sys - ok
10:40:08.0529 0864  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
10:40:08.0529 0864  C:\Windows\System32\drivers\termdd.sys - ok
10:40:08.0529 0864  [ 58A38E75F3316A83C23DF6173D41F2B5 ] C:\Program Files\SUPERAntiSpyware\saskutil64.sys
10:40:08.0529 0864  C:\Program Files\SUPERAntiSpyware\saskutil64.sys - ok
10:40:08.0545 0864  [ 3289766038DB2CB14D07DC84392138D5 ] C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys
10:40:08.0545 0864  C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys - ok
10:40:08.0545 0864  [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
10:40:08.0545 0864  C:\Windows\System32\drivers\rdbss.sys - ok
10:40:08.0561 0864  [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
10:40:08.0561 0864  C:\Windows\System32\drivers\nsiproxy.sys - ok
10:40:08.0561 0864  [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
10:40:08.0561 0864  C:\Windows\System32\drivers\discache.sys - ok
10:40:08.0576 0864  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
10:40:08.0576 0864  C:\Windows\System32\drivers\mssmbios.sys - ok
10:40:08.0576 0864  [ 5ACFF5823634BC2C4EBF559C3B33E18E ] C:\Windows\System32\drivers\smiifx64.sys
10:40:08.0576 0864  C:\Windows\System32\drivers\smiifx64.sys - ok
10:40:08.0592 0864  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] C:\Windows\System32\drivers\csc.sys
10:40:08.0592 0864  C:\Windows\System32\drivers\csc.sys - ok
10:40:08.0607 0864  [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
10:40:08.0607 0864  C:\Windows\System32\drivers\blbdrive.sys - ok
10:40:08.0607 0864  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
10:40:08.0607 0864  C:\Windows\System32\drivers\dfsc.sys - ok
10:40:08.0623 0864  [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
10:40:08.0623 0864  C:\Windows\System32\drivers\tunnel.sys - ok
10:40:08.0623 0864  [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
10:40:08.0623 0864  C:\Windows\System32\ntdll.dll - ok
10:40:08.0639 0864  [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
10:40:08.0639 0864  C:\Windows\System32\smss.exe - ok
10:40:08.0639 0864  [ A01352E051AD2037F1C752CB012C9DBC ] C:\Windows\System32\drivers\nvBridge.kmd
10:40:08.0639 0864  C:\Windows\System32\drivers\nvBridge.kmd - ok
10:40:08.0639 0864  [ B8A1174BFD21AF0379B4807BFC85FA66 ] C:\Windows\System32\drivers\nvlddmkm.sys
10:40:08.0639 0864  C:\Windows\System32\drivers\nvlddmkm.sys - ok
10:40:08.0654 0864  [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
10:40:08.0654 0864  C:\Windows\System32\autochk.exe - ok
10:40:08.0654 0864  [ F5BEE30450E18E6B83A5012C100616FD ] C:\Windows\System32\drivers\dxgkrnl.sys
10:40:08.0654 0864  C:\Windows\System32\drivers\dxgkrnl.sys - ok
10:40:08.0670 0864  [ 9CD68BDDF322535C02ADC8331013D13D ] C:\Windows\System32\drivers\dxgmms1.sys
10:40:08.0670 0864  C:\Windows\System32\drivers\dxgmms1.sys - ok
10:40:08.0670 0864  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
10:40:08.0670 0864  C:\Windows\System32\drivers\hdaudbus.sys - ok
10:40:08.0685 0864  [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys
10:40:08.0685 0864  C:\Windows\System32\drivers\usbport.sys - ok
10:40:08.0685 0864  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] C:\Windows\System32\drivers\usbuhci.sys
10:40:08.0685 0864  C:\Windows\System32\drivers\usbuhci.sys - ok
10:40:08.0685 0864  [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys
10:40:08.0685 0864  C:\Windows\System32\drivers\usbehci.sys - ok
10:40:08.0701 0864  [ 9AA75919D0A5F33BEA0DF7B9DB09B755 ] C:\Windows\System32\drivers\NETwNs64.sys
10:40:08.0701 0864  C:\Windows\System32\drivers\NETwNs64.sys - ok
10:40:08.0701 0864  [ 81458A917F8CC7A5171759218D64FA3A ] C:\Windows\System32\drivers\k57nd60a.sys
10:40:08.0701 0864  C:\Windows\System32\drivers\k57nd60a.sys - ok
10:40:08.0717 0864  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys
10:40:08.0717 0864  C:\Windows\System32\drivers\vwifibus.sys - ok
10:40:08.0717 0864  [ 0840155D0BDDF1190F84A663C284BD33 ] C:\Windows\System32\drivers\CmBatt.sys
10:40:08.0717 0864  C:\Windows\System32\drivers\CmBatt.sys - ok
10:40:08.0717 0864  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] C:\Windows\System32\drivers\i8042prt.sys
10:40:08.0717 0864  C:\Windows\System32\drivers\i8042prt.sys - ok
10:40:08.0732 0864  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
10:40:08.0732 0864  C:\Windows\System32\drivers\kbdclass.sys - ok
10:40:08.0732 0864  [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
10:40:08.0732 0864  C:\Windows\System32\drivers\mouclass.sys - ok
10:40:08.0748 0864  [ 8E98D21EE06192492A5671A6144D092F ] C:\Windows\System32\drivers\GEARAspiWDM.sys
10:40:08.0748 0864  C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
10:40:08.0748 0864  [ ADA036632C664CAA754079041CF1F8C1 ] C:\Windows\System32\drivers\intelppm.sys
10:40:08.0748 0864  C:\Windows\System32\drivers\intelppm.sys - ok
10:40:08.0763 0864  [ DECACB6921DED1A38642642685D77DAC ] C:\Windows\System32\drivers\serscan.sys
10:40:08.0763 0864  C:\Windows\System32\drivers\serscan.sys - ok
10:40:08.0763 0864  [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
10:40:08.0763 0864  C:\Windows\System32\drivers\CompositeBus.sys - ok
10:40:08.0779 0864  [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
10:40:08.0779 0864  C:\Windows\System32\drivers\ks.sys - ok
10:40:08.0779 0864  [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
10:40:08.0779 0864  C:\Windows\System32\drivers\ksthunk.sys - ok
10:40:08.0795 0864  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] C:\Windows\System32\drivers\dne64x.sys
10:40:08.0795 0864  C:\Windows\System32\drivers\dne64x.sys - ok
10:40:08.0795 0864  [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
10:40:08.0795 0864  C:\Windows\System32\drivers\agilevpn.sys - ok
10:40:08.0795 0864  [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
10:40:08.0795 0864  C:\Windows\System32\drivers\rasl2tp.sys - ok
10:40:08.0810 0864  [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
10:40:08.0810 0864  C:\Windows\System32\drivers\ndistapi.sys - ok
10:40:08.0810 0864  [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
10:40:08.0810 0864  C:\Windows\System32\drivers\ndiswan.sys - ok
10:40:08.0826 0864  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
10:40:08.0826 0864  C:\Windows\System32\drivers\raspppoe.sys - ok
10:40:08.0826 0864  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
10:40:08.0826 0864  C:\Windows\System32\drivers\raspptp.sys - ok
10:40:08.0841 0864  [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
10:40:08.0841 0864  C:\Windows\System32\drivers\rassstp.sys - ok


10:40:08.0841 0864  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] C:\Windows\System32\drivers\rdpbus.sys
10:40:08.0841 0864  C:\Windows\System32\drivers\rdpbus.sys - ok
10:40:08.0857 0864  [ 515A7C5A0886FCC60901916785EFD549 ] C:\Windows\System32\drivers\psadd.sys
10:40:08.0857 0864  C:\Windows\System32\drivers\psadd.sys - ok
10:40:08.0857 0864  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
10:40:08.0857 0864  C:\Windows\System32\drivers\swenum.sys - ok
10:40:08.0857 0864  [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
10:40:08.0857 0864  C:\Windows\System32\drivers\umbus.sys - ok
10:40:08.0873 0864  [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\Windows\System32\drivers\usbhub.sys
10:40:08.0873 0864  C:\Windows\System32\drivers\usbhub.sys - ok
10:40:08.0873 0864  [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
10:40:08.0873 0864  C:\Windows\System32\clbcatq.dll - ok
10:40:08.0888 0864  [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
10:40:08.0888 0864  C:\Windows\System32\oleaut32.dll - ok
10:40:08.0888 0864  [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
10:40:08.0888 0864  C:\Windows\System32\difxapi.dll - ok
10:40:08.0904 0864  [ 65C113214F7B05820F6D8A65B1485196 ] C:\Windows\System32\kernel32.dll
10:40:08.0904 0864  C:\Windows\System32\kernel32.dll - ok
10:40:08.0904 0864  [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
10:40:08.0904 0864  C:\Windows\System32\lpk.dll - ok
10:40:08.0919 0864  [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
10:40:08.0919 0864  C:\Windows\System32\normaliz.dll - ok
10:40:08.0919 0864  [ FF1AAEDD4A1A0FC3C5ED66B4EE0B254A ] C:\Windows\System32\urlmon.dll
10:40:08.0919 0864  C:\Windows\System32\urlmon.dll - ok
10:40:08.0919 0864  [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
10:40:08.0919 0864  C:\Windows\System32\sechost.dll - ok
10:40:08.0935 0864  [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
10:40:08.0935 0864  C:\Windows\System32\ole32.dll - ok
10:40:08.0935 0864  [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
10:40:08.0935 0864  C:\Windows\System32\user32.dll - ok
10:40:08.0951 0864  [ C6689007B3A749C49A5438DCF36E0CE4 ] C:\Windows\System32\shell32.dll
10:40:08.0951 0864  C:\Windows\System32\shell32.dll - ok
10:40:08.0951 0864  [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
10:40:08.0951 0864  C:\Windows\System32\advapi32.dll - ok
10:40:08.0966 0864  [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
10:40:08.0966 0864  C:\Windows\System32\nsi.dll - ok
10:40:08.0966 0864  [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
10:40:08.0966 0864  C:\Windows\System32\psapi.dll - ok
10:40:08.0966 0864  [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
10:40:08.0966 0864  C:\Windows\System32\ws2_32.dll - ok
10:40:08.0982 0864  [ DBF99FD9CAF75CA66D042BD8D050FF71 ] C:\Windows\System32\usp10.dll
10:40:08.0982 0864  C:\Windows\System32\usp10.dll - ok
10:40:08.0982 0864  [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
10:40:08.0982 0864  C:\Windows\System32\msvcrt.dll - ok
10:40:08.0997 0864  [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
10:40:08.0997 0864  C:\Windows\System32\Wldap32.dll - ok
10:40:08.0997 0864  [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
10:40:08.0997 0864  C:\Windows\System32\gdi32.dll - ok
10:40:08.0997 0864  [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
10:40:08.0997 0864  C:\Windows\System32\imagehlp.dll - ok
10:40:09.0013 0864  [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
10:40:09.0013 0864  C:\Windows\System32\rpcrt4.dll - ok
10:40:09.0013 0864  [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
10:40:09.0013 0864  C:\Windows\System32\imm32.dll - ok
10:40:09.0029 0864  [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
10:40:09.0029 0864  C:\Windows\System32\setupapi.dll - ok
10:40:09.0029 0864  [ A54A16DAE7497CDCB8C5A021C0F6FEB8 ] C:\Windows\System32\iertutil.dll
10:40:09.0029 0864  C:\Windows\System32\iertutil.dll - ok
10:40:09.0044 0864  [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
10:40:09.0044 0864  C:\Windows\System32\msctf.dll - ok
10:40:09.0044 0864  [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
10:40:09.0044 0864  C:\Windows\System32\comdlg32.dll - ok
10:40:09.0044 0864  [ FA274190682AA41A46B285208ED46A74 ] C:\Windows\System32\wininet.dll
10:40:09.0044 0864  C:\Windows\System32\wininet.dll - ok
10:40:09.0060 0864  [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
10:40:09.0060 0864  C:\Windows\System32\shlwapi.dll - ok
10:40:09.0060 0864  [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
10:40:09.0060 0864  C:\Windows\System32\comctl32.dll - ok
10:40:09.0075 0864  [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
10:40:09.0075 0864  C:\Windows\System32\cfgmgr32.dll - ok
10:40:09.0075 0864  [ 1F56F209585F350A5666E3CC7931FD67 ] C:\Windows\System32\KernelBase.dll
10:40:09.0075 0864  C:\Windows\System32\KernelBase.dll - ok
10:40:09.0091 0864  [ 12EE6FE9268CEE6D90FDCCBF89236C65 ] C:\Windows\System32\crypt32.dll
10:40:09.0091 0864  C:\Windows\System32\crypt32.dll - ok
10:40:09.0091 0864  [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
10:40:09.0091 0864  C:\Windows\System32\devobj.dll - ok
10:40:09.0107 0864  [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll
10:40:09.0107 0864  C:\Windows\System32\wintrust.dll - ok
10:40:09.0107 0864  [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
10:40:09.0107 0864  C:\Windows\System32\msasn1.dll - ok
10:40:09.0122 0864  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
10:40:09.0122 0864  C:\Windows\System32\drivers\ndproxy.sys - ok
10:40:09.0138 0864  [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
10:40:09.0138 0864  C:\Windows\System32\drivers\drmk.sys - ok
10:40:09.0138 0864  [ 8D4AAC74B571FC356560E5B308955E93 ] C:\Windows\System32\drivers\nvhda64v.sys
10:40:09.0138 0864  C:\Windows\System32\drivers\nvhda64v.sys - ok
10:40:09.0153 0864  [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
10:40:09.0153 0864  C:\Windows\System32\drivers\portcls.sys - ok
10:40:09.0153 0864  [ BEA724F57B1525883B72856FB8CAA410 ] C:\Windows\System32\drivers\RTKVHD64.sys
10:40:09.0153 0864  C:\Windows\System32\drivers\RTKVHD64.sys - ok
10:40:09.0169 0864  [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
10:40:09.0169 0864  C:\Windows\SysWOW64\normaliz.dll - ok
10:40:09.0169 0864  [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
10:40:09.0169 0864  C:\Windows\System32\drivers\dxapi.sys - ok
10:40:09.0185 0864  [ 59E21156113E438D1D91AF4FC0C3B19F ] C:\Windows\System32\win32k.sys
10:40:09.0185 0864  C:\Windows\System32\win32k.sys - ok
10:40:09.0185 0864  [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
10:40:09.0185 0864  C:\Windows\System32\csrss.exe - ok
10:40:09.0200 0864  [ 96F587CA26A6AA894BD8CACE4540CFFC ] C:\Windows\System32\csrsrv.dll
10:40:09.0200 0864  C:\Windows\System32\csrsrv.dll - ok
10:40:09.0200 0864  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
10:40:09.0200 0864  C:\Windows\System32\basesrv.dll - ok
10:40:09.0216 0864  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\System32\winsrv.dll
10:40:09.0216 0864  C:\Windows\System32\winsrv.dll - ok
10:40:09.0216 0864  [ 6F1A3157A1C89435352CEB543CDB359C ] C:\Windows\System32\drivers\usbccgp.sys
10:40:09.0216 0864  C:\Windows\System32\drivers\usbccgp.sys - ok
10:40:09.0231 0864  [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys
10:40:09.0231 0864  C:\Windows\System32\drivers\usbd.sys - ok
10:40:09.0231 0864  [ FF4232A1A64012BAA1FD97C7B67DF593 ] C:\Windows\System32\drivers\udfs.sys
10:40:09.0231 0864  C:\Windows\System32\drivers\udfs.sys - ok
10:40:09.0247 0864  [ 8B0E40E7E8BBF5ACF390465609D89FF1 ] C:\Windows\System32\drivers\hidclass.sys
10:40:09.0247 0864  C:\Windows\System32\drivers\hidclass.sys - ok
10:40:09.0247 0864  [ 49EE2E52E6CD03947DAD72F65367BE06 ] C:\Windows\System32\drivers\hidparse.sys
10:40:09.0247 0864  C:\Windows\System32\drivers\hidparse.sys - ok
10:40:09.0263 0864  [ 9592090A7E2B61CD582B612B6DF70536 ] C:\Windows\System32\drivers\hidusb.sys
10:40:09.0263 0864  C:\Windows\System32\drivers\hidusb.sys - ok
10:40:09.0263 0864  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] C:\Windows\System32\drivers\kbdhid.sys
10:40:09.0263 0864  C:\Windows\System32\drivers\kbdhid.sys - ok
10:40:09.0263 0864  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] C:\Windows\System32\drivers\mouhid.sys
10:40:09.0263 0864  C:\Windows\System32\drivers\mouhid.sys - ok
10:40:09.0278 0864  [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
10:40:09.0278 0864  C:\Windows\System32\drivers\monitor.sys - ok
10:40:09.0278 0864  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
10:40:09.0278 0864  C:\Windows\System32\sxssrv.dll - ok
10:40:09.0294 0864  [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
10:40:09.0294 0864  C:\Windows\System32\tsddd.dll - ok
10:40:09.0294 0864  [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
10:40:09.0294 0864  C:\Windows\System32\wininit.exe - ok
10:40:09.0294 0864  [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL
10:40:09.0294 0864  C:\Windows\System32\KBDUS.DLL - ok
10:40:09.0309 0864  [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
10:40:09.0309 0864  C:\Windows\System32\profapi.dll - ok
10:40:09.0309 0864  [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
10:40:09.0309 0864  C:\Windows\System32\RpcRtRemote.dll - ok
10:40:09.0325 0864  [ 05569A79BF4693670B709144382D02D4 ] C:\Windows\System32\cdd.dll
10:40:09.0325 0864  C:\Windows\System32\cdd.dll - ok
10:40:09.0325 0864  [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
10:40:09.0325 0864  C:\Windows\System32\WlS0WndH.dll - ok
10:40:09.0341 0864  [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
10:40:09.0341 0864  C:\Windows\System32\apphelp.dll - ok
10:40:09.0341 0864  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
10:40:09.0341 0864  C:\Windows\System32\services.exe - ok
10:40:09.0341 0864  [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
10:40:09.0341 0864  C:\Windows\System32\sxs.dll - ok
10:40:09.0356 0864  [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
10:40:09.0356 0864  C:\Windows\System32\cryptbase.dll - ok
10:40:09.0356 0864  [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
10:40:09.0356 0864  C:\Windows\System32\lsass.exe - ok
10:40:09.0372 0864  [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
10:40:09.0372 0864  C:\Windows\System32\sspisrv.dll - ok
10:40:09.0372 0864  [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
10:40:09.0372 0864  C:\Windows\System32\sspicli.dll - ok
10:40:09.0372 0864  [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
10:40:09.0372 0864  C:\Windows\System32\scext.dll - ok
10:40:09.0387 0864  [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
10:40:09.0387 0864  C:\Windows\System32\lsm.exe - ok
10:40:09.0387 0864  [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
10:40:09.0387 0864  C:\Windows\System32\secur32.dll - ok
10:40:09.0403 0864  [ 66A6063D0BAAD3F7B2B9868859E0743B ] C:\Windows\System32\lsasrv.dll
10:40:09.0403 0864  C:\Windows\System32\lsasrv.dll - ok
10:40:09.0403 0864  [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
10:40:09.0403 0864  C:\Windows\System32\scesrv.dll - ok
10:40:09.0419 0864  [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
10:40:09.0419 0864  C:\Windows\System32\sysntfy.dll - ok
10:40:09.0419 0864  [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
10:40:09.0419 0864  C:\Windows\System32\wmsgapi.dll - ok
10:40:09.0419 0864  [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
10:40:09.0419 0864  C:\Windows\System32\srvcli.dll - ok
10:40:09.0434 0864  [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
10:40:09.0434 0864  C:\Windows\System32\samsrv.dll - ok
10:40:09.0434 0864  [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
10:40:09.0434 0864  C:\Windows\System32\authz.dll - ok
10:40:09.0450 0864  [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
10:40:09.0450 0864  C:\Windows\System32\cngaudit.dll - ok
10:40:09.0450 0864  [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
10:40:09.0450 0864  C:\Windows\System32\cryptdll.dll - ok
10:40:09.0465 0864  [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
10:40:09.0465 0864  C:\Windows\System32\wevtapi.dll - ok
10:40:09.0465 0864  [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
10:40:09.0465 0864  C:\Windows\System32\bcrypt.dll - ok
10:40:09.0465 0864  [ 5F3307352216618221A17CFEF273EEE2 ] C:\Windows\System32\ncrypt.dll
10:40:09.0465 0864  C:\Windows\System32\ncrypt.dll - ok
10:40:09.0481 0864  [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
10:40:09.0481 0864  C:\Windows\System32\msprivs.dll - ok
10:40:09.0481 0864  [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
10:40:09.0481 0864  C:\Windows\System32\netjoin.dll - ok
10:40:09.0497 0864  [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
10:40:09.0497 0864  C:\Windows\System32\negoexts.dll - ok
10:40:09.0497 0864  [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll
10:40:09.0497 0864  C:\Windows\System32\kerberos.dll - ok
10:40:09.0512 0864  [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
10:40:09.0512 0864  C:\Windows\System32\cryptsp.dll - ok
10:40:09.0512 0864  [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
10:40:09.0512 0864  C:\Windows\System32\mswsock.dll - ok
10:40:09.0528 0864  [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
10:40:09.0528 0864  C:\Windows\System32\wship6.dll - ok
10:40:09.0528 0864  [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
10:40:09.0528 0864  C:\Windows\System32\msv1_0.dll - ok
10:40:09.0528 0864  [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
10:40:09.0528 0864  C:\Windows\System32\netlogon.dll - ok
10:40:09.0543 0864  [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
10:40:09.0543 0864  C:\Windows\System32\dnsapi.dll - ok
10:40:09.0543 0864  [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
10:40:09.0559 0864  C:\Windows\System32\logoncli.dll - ok
10:40:09.0559 0864  [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
10:40:09.0559 0864  C:\Windows\System32\winlogon.exe - ok
10:40:09.0559 0864  [ 1573C45E65DE32B1BC3572634F8F1E8E ] C:\Windows\System32\schannel.dll
10:40:09.0559 0864  C:\Windows\System32\schannel.dll - ok
10:40:09.0575 0864  [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
10:40:09.0575 0864  C:\Windows\System32\wdigest.dll - ok
10:40:09.0575 0864  [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
10:40:09.0575 0864  C:\Windows\System32\rsaenh.dll - ok
10:40:09.0590 0864  [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
10:40:09.0590 0864  C:\Windows\System32\TSpkg.dll - ok
10:40:09.0590 0864  [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
10:40:09.0590 0864  C:\Windows\System32\winsta.dll - ok
10:40:09.0606 0864  [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
10:40:09.0606 0864  C:\Windows\System32\pku2u.dll - ok
10:40:09.0606 0864  [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
10:40:09.0606 0864  C:\Windows\System32\bcryptprimitives.dll - ok
10:40:09.0621 0864  [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
10:40:09.0621 0864  C:\Windows\System32\credssp.dll - ok
10:40:09.0621 0864  [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
10:40:09.0621 0864  C:\Windows\System32\efslsaext.dll - ok
10:40:09.0637 0864  [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
10:40:09.0637 0864  C:\Windows\System32\scecli.dll - ok
10:40:09.0637 0864  [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
10:40:09.0637 0864  C:\Windows\System32\ubpm.dll - ok
10:40:09.0653 0864  [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
10:40:09.0653 0864  C:\Windows\System32\svchost.exe - ok
10:40:09.0653 0864  [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
10:40:09.0653 0864  C:\Windows\System32\umpnpmgr.dll - ok
10:40:09.0653 0864  [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
10:40:09.0653 0864  C:\Windows\System32\SPInf.dll - ok
10:40:09.0668 0864  [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
10:40:09.0668 0864  C:\Windows\System32\devrtl.dll - ok
10:40:09.0668 0864  [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
10:40:09.0668 0864  C:\Windows\System32\userenv.dll - ok
10:40:09.0684 0864  [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
10:40:09.0684 0864  C:\Windows\System32\gpapi.dll - ok
10:40:09.0684 0864  [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
10:40:09.0684 0864  C:\Windows\System32\pcwum.dll - ok
10:40:09.0684 0864  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
10:40:09.0684 0864  C:\Windows\System32\umpo.dll - ok
10:40:09.0699 0864  [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
10:40:09.0699 0864  C:\Windows\System32\powrprof.dll - ok
10:40:09.0699 0864  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
10:40:09.0699 0864  C:\Windows\System32\drivers\luafv.sys - ok
10:40:09.0715 0864  [ AB886378EEB55C6C75B4F2D14B6C869F ] C:\Windows\System32\drivers\WUDFPf.sys
10:40:09.0715 0864  C:\Windows\System32\drivers\WUDFPf.sys - ok
10:40:09.0715 0864  [ FC22310F3862E2C7C8722EF4778D5CC3 ] C:\Windows\System32\ibmpmsvc.exe
10:40:09.0715 0864  C:\Windows\System32\ibmpmsvc.exe - ok
10:40:09.0731 0864  [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
10:40:09.0731 0864  C:\Windows\System32\wer.dll - ok
10:40:09.0731 0864  [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
10:40:09.0731 0864  C:\Windows\System32\version.dll - ok
10:40:09.0731 0864  [ 8C639660B1CB88A966674FC13B8F43A2 ] C:\Windows\System32\nvvsvc.exe
10:40:09.0731 0864  C:\Windows\System32\nvvsvc.exe - ok
10:40:09.0746 0864  [ 41DF7355A5A907E2C1D7804EC028965D ] C:\Windows\System32\wermgr.exe
10:40:09.0746 0864  C:\Windows\System32\wermgr.exe - ok
10:40:09.0746 0864  [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
10:40:09.0746 0864  C:\Windows\System32\rpcss.dll - ok
10:40:09.0762 0864  [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
10:40:09.0762 0864  C:\Windows\System32\SensApi.dll - ok
10:40:09.0762 0864  [ A7A8CA53D9C9FD90C07AB0EB38E5316B ] C:\Windows\System32\dbghelp.dll
10:40:09.0762 0864  C:\Windows\System32\dbghelp.dll - ok
10:40:09.0762 0864  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
10:40:09.0762 0864  C:\Windows\System32\RpcEpMap.dll - ok
10:40:09.0777 0864  [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
10:40:09.0777 0864  C:\Windows\System32\wshqos.dll - ok
10:40:09.0777 0864  [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
10:40:09.0777 0864  C:\Windows\System32\WSHTCPIP.DLL - ok
10:40:09.0793 0864  [ 26D652191B51854E66084DDAEE69EC65 ] C:\Windows\System32\verifier.dll
10:40:09.0793 0864  C:\Windows\System32\verifier.dll - ok
10:40:09.0793 0864  [ 905601FFF40D8DA9FA82CBE77D1F5EB1 ] C:\Program Files\Microsoft Security Client\MpSvc.dll
10:40:09.0793 0864  C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
10:40:09.0809 0864  [ E07DEC52FF801841BA9B6878A60304FB ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
10:40:09.0809 0864  C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
10:40:09.0809 0864  [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
10:40:09.0809 0864  C:\Windows\System32\FirewallAPI.dll - ok
10:40:09.0809 0864  [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
10:40:09.0809 0864  C:\Windows\System32\LogonUI.exe - ok
10:40:09.0824 0864  [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
10:40:09.0824 0864  C:\Windows\System32\ntmarta.dll - ok
10:40:09.0824 0864  [ 0BEE002C68E28CE6DA161DCF1376D7D7 ] C:\Windows\System32\authui.dll
10:40:09.0824 0864  C:\Windows\System32\authui.dll - ok
10:40:09.0840 0864  [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
10:40:09.0840 0864  C:\Windows\System32\cryptui.dll - ok
10:40:09.0840 0864  [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
10:40:09.0840 0864  C:\Windows\System32\winhttp.dll - ok
10:40:09.0855 0864  [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
10:40:09.0855 0864  C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
10:40:09.0855 0864  [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
10:40:09.0855 0864  C:\Windows\System32\webio.dll - ok
10:40:09.0855 0864  [ 2D4230F2F1D204A523998DF93F9DF066 ] C:\Program Files\Microsoft Security Client\MpClient.dll
10:40:09.0855 0864  C:\Program Files\Microsoft Security Client\MpClient.dll - ok
10:40:09.0871 0864  [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
10:40:09.0871 0864  C:\Windows\System32\wtsapi32.dll - ok
10:40:09.0871 0864  [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
10:40:09.0871 0864  C:\Windows\System32\samlib.dll - ok
10:40:09.0887 0864  [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
10:40:09.0887 0864  C:\Windows\System32\shacct.dll - ok
10:40:09.0887 0864  [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
10:40:09.0887 0864  C:\Windows\System32\IPHLPAPI.DLL - ok
10:40:09.0887 0864  [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
10:40:09.0887 0864  C:\Windows\System32\dhcpcsvc.dll - ok
10:40:09.0902 0864  [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
10:40:09.0902 0864  C:\Windows\System32\propsys.dll - ok
10:40:09.0902 0864  [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
10:40:09.0902 0864  C:\Windows\System32\winnsi.dll - ok
10:40:09.0918 0864  [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
10:40:09.0918 0864  C:\Windows\System32\uxtheme.dll - ok
10:40:09.0918 0864  [ 3C06D5A929B798D0B13F6481242A0FD2 ] C:\Windows\System32\dhcpcsvc6.dll
10:40:09.0918 0864  C:\Windows\System32\dhcpcsvc6.dll - ok
10:40:09.0918 0864  [ 179E8401224D557ECFF3695F2016EA5B ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll
10:40:09.0918 0864  C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll - ok
10:40:09.0933 0864  [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
10:40:09.0933 0864  C:\Windows\System32\dui70.dll - ok
10:40:09.0933 0864  [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
10:40:09.0933 0864  C:\Windows\System32\duser.dll - ok
10:40:09.0949 0864  [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
10:40:09.0949 0864  C:\Windows\System32\SndVolSSO.dll - ok
10:40:09.0949 0864  [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
10:40:09.0949 0864  C:\Windows\System32\hid.dll - ok
10:40:09.0949 0864  [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
10:40:09.0949 0864  C:\Windows\System32\MMDevAPI.dll - ok
10:40:09.0965 0864  [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
10:40:09.0965 0864  C:\Windows\System32\dwmapi.dll - ok
10:40:09.0965 0864  [ 6F8B48F3D343E4B186AB6A9E302B7E16 ] C:\Windows\System32\xmllite.dll
10:40:09.0965 0864  C:\Windows\System32\xmllite.dll - ok
10:40:09.0965 0864  [ 9121C2E2507AD0BCBF9A7438051BEF34 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
10:40:09.0965 0864  C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
10:40:09.0980 0864  [ 26B73A85855681500BCC25C7CD9FF5B1 ] C:\Windows\System32\WindowsCodecs.dll
10:40:09.0980 0864  C:\Windows\System32\WindowsCodecs.dll - ok
10:40:09.0980 0864  [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
10:40:09.0980 0864  C:\Windows\System32\wevtsvc.dll - ok
10:40:09.0996 0864  [ 2F034150ECCBC498C53B61F98C5378AC ] C:\Program Files\Microsoft Security Client\MpRTP.dll
10:40:09.0996 0864  C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
10:40:09.0996 0864  [ C4C1947985144721A809965A19D616BC ] C:\Program Files\Microsoft Security Client\MsMpLics.dll
10:40:09.0996 0864  C:\Program Files\Microsoft Security Client\MsMpLics.dll - ok
10:40:09.0996 0864  [ F3D202F53A222D5F6944D459B73CF967 ] C:\Windows\System32\fltLib.dll
10:40:09.0996 0864  C:\Windows\System32\fltLib.dll - ok
10:40:10.0011 0864  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] C:\Windows\System32\drivers\MpFilter.sys
10:40:10.0011 0864  C:\Windows\System32\drivers\MpFilter.sys - ok
10:40:10.0011 0864  [ 967BC3664DDC26959BD43A7B1681FF86 ] C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll
10:40:10.0011 0864  C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll - ok
10:40:10.0027 0864  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
10:40:10.0027 0864  C:\Windows\System32\netprofm.dll - ok
10:40:10.0027 0864  [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
10:40:10.0027 0864  C:\Windows\System32\VaultCredProvider.dll - ok
10:40:10.0027 0864  [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
10:40:10.0027 0864  C:\Windows\System32\winbrand.dll - ok
10:40:10.0043 0864  [ BA9976AF1946D955E46E44AFF26D856F ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97DF63A2-3B48-4F68-8AEE-3F4A7AF82142}\mpengine.dll
10:40:10.0043 0864  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97DF63A2-3B48-4F68-8AEE-3F4A7AF82142}\mpengine.dll - ok
10:40:10.0043 0864  [ F23FEF6D569FCE88671949894A8BECF1 ] C:\Windows\System32\audiosrv.dll
10:40:10.0043 0864  C:\Windows\System32\audiosrv.dll - ok
10:40:10.0058 0864  [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
10:40:10.0058 0864  C:\Windows\System32\avrt.dll - ok
10:40:10.0058 0864  [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
10:40:10.0058 0864  C:\Windows\System32\mmcss.dll - ok
10:40:10.0058 0864  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
10:40:10.0058 0864  C:\Windows\System32\wlansvc.dll - ok
10:40:10.0074 0864  [ AAA38AEADCA8D614C3B842C447366F73 ] C:\Program Files\WIDCOMM\Bluetooth Software\BtwCP.dll
10:40:10.0074 0864  C:\Program Files\WIDCOMM\Bluetooth Software\BtwCP.dll - ok
10:40:10.0074 0864  [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
10:40:10.0074 0864  C:\Windows\System32\winspool.drv - ok
10:40:10.0089 0864  [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
10:40:10.0089 0864  C:\Windows\System32\drivers\fltMgr.sys - ok
10:40:10.0089 0864  [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
10:40:10.0089 0864  C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
10:40:10.0105 0864  [ 26535C8F7105D7C2767C93FDFC49CF57 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97DF63A2-3B48-4F68-8AEE-3F4A7AF82142}\mpasbase.vdm
10:40:10.0105 0864  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97DF63A2-3B48-4F68-8AEE-3F4A7AF82142}\mpasbase.vdm - ok
10:40:10.0105 0864  [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl
10:40:10.0105 0864  C:\Windows\System32\bthprops.cpl - ok
10:40:10.0105 0864  [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
10:40:10.0105 0864  C:\Windows\System32\SmartcardCredentialProvider.dll - ok
10:40:10.0121 0864  [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
10:40:10.0121 0864  C:\Windows\System32\BioCredProv.dll - ok
10:40:10.0121 0864  [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
10:40:10.0121 0864  C:\Windows\System32\adtschema.dll - ok
10:40:10.0136 0864  [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
10:40:10.0136 0864  C:\Windows\System32\winbio.dll - ok
10:40:10.0136 0864  [ D5CCA1453B98A5801E6D5FF0FF89DC6C ] C:\Windows\System32\audiodg.exe
10:40:10.0136 0864  C:\Windows\System32\audiodg.exe - ok
10:40:10.0136 0864  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll
10:40:10.0136 0864  C:\Windows\System32\MPSSVC.dll - ok
10:40:10.0152 0864  [ 72808FBE1B255CB54E2D4AC84840F5C9 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97DF63A2-3B48-4F68-8AEE-3F4A7AF82142}\mpasdlta.vdm
10:40:10.0152 0864  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97DF63A2-3B48-4F68-8AEE-3F4A7AF82142}\mpasdlta.vdm - ok
10:40:10.0152 0864  [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
10:40:10.0152 0864  C:\Windows\System32\PSHED.DLL - ok
10:40:10.0167 0864  [ CC0AB40F02D2C2A12209715A3C1B07B8 ] C:\Windows\System32\credui.dll
10:40:10.0167 0864  C:\Windows\System32\credui.dll - ok
10:40:10.0167 0864  [ EEEA40F0EDB0A6E5359E539E15D0BC77 ] C:\Windows\System32\netapi32.dll
10:40:10.0167 0864  C:\Windows\System32\netapi32.dll - ok
10:40:10.0183 0864  [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
10:40:10.0183 0864  C:\Windows\System32\netutils.dll - ok
10:40:10.0183 0864  [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
10:40:10.0183 0864  C:\Windows\System32\vaultcli.dll - ok
10:40:10.0183 0864  [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
10:40:10.0183 0864  C:\Windows\System32\wkscli.dll - ok
10:40:10.0199 0864  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] C:\Windows\System32\cscsvc.dll
10:40:10.0199 0864  C:\Windows\System32\cscsvc.dll - ok
10:40:10.0199 0864  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] C:\Windows\System32\gpsvc.dll
10:40:10.0199 0864  C:\Windows\System32\gpsvc.dll - ok
10:40:10.0214 0864  [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
10:40:10.0214 0864  C:\Windows\System32\samcli.dll - ok
10:40:10.0214 0864  [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
10:40:10.0214 0864  C:\Windows\System32\certCredProvider.dll - ok
10:40:10.0230 0864  [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
10:40:10.0230 0864  C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
10:40:10.0230 0864  [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
10:40:10.0230 0864  C:\Windows\System32\winmm.dll - ok
10:40:10.0245 0864  [ 29910D50542B1AA0F162EF3339C61B6D ] C:\Windows\System32\PeerDist.dll
10:40:10.0245 0864  C:\Windows\System32\PeerDist.dll - ok
10:40:10.0245 0864  [ 46BB91A169B9B31FF44EB04C48EC1D41 ] C:\Windows\System32\nlaapi.dll
10:40:10.0245 0864  C:\Windows\System32\nlaapi.dll - ok
10:40:10.0261 0864  [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
10:40:10.0261 0864  C:\Windows\System32\atl.dll - ok
10:40:10.0261 0864  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] C:\Windows\System32\profsvc.dll
10:40:10.0261 0864  C:\Windows\System32\profsvc.dll - ok
10:40:10.0277 0864  [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
10:40:10.0277 0864  C:\Windows\System32\themeservice.dll - ok
10:40:10.0277 0864  [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
10:40:10.0277 0864  C:\Windows\System32\taskschd.dll - ok
10:40:10.0277 0864  [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
10:40:10.0277 0864  C:\Windows\System32\dsrole.dll - ok
10:40:10.0292 0864  [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
10:40:10.0292 0864  C:\Windows\System32\rasplap.dll - ok
10:40:10.0292 0864  [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
10:40:10.0292 0864  C:\Windows\System32\slc.dll - ok
10:40:10.0308 0864  [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
10:40:10.0308 0864  C:\Windows\System32\es.dll - ok
10:40:10.0308 0864  [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
10:40:10.0308 0864  C:\Windows\System32\rasapi32.dll - ok
10:40:10.0323 0864  [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
10:40:10.0323 0864  C:\Windows\System32\comres.dll - ok
10:40:10.0323 0864  [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
10:40:10.0323 0864  C:\Windows\System32\Sens.dll - ok
10:40:10.0323 0864  [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
10:40:10.0323 0864  C:\Windows\System32\rasman.dll - ok
10:40:10.0339 0864  [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll
10:40:10.0339 0864  C:\Windows\System32\rtutils.dll - ok
10:40:10.0339 0864  [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv
10:40:10.0339 0864  C:\Windows\System32\wdmaud.drv - ok
10:40:10.0355 0864  [ 862596399AAFD2A21DB2AF9270CD4F70 ] C:\Windows\System32\mstask.dll
10:40:10.0355 0864  C:\Windows\System32\mstask.dll - ok
10:40:10.0355 0864  [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
10:40:10.0355 0864  C:\Windows\System32\ksuser.dll - ok
10:40:10.0370 0864  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
10:40:10.0370 0864  C:\Windows\System32\uxsms.dll - ok
10:40:10.0370 0864  [ B1DF2D87DC8BF6072699AC8301B37796 ] C:\Windows\System32\WUDFPlatform.dll
10:40:10.0370 0864  C:\Windows\System32\WUDFPlatform.dll - ok
10:40:10.0386 0864  [ B20F051B03A966392364C83F009F7D17 ] C:\Windows\System32\WUDFSvc.dll
10:40:10.0386 0864  C:\Windows\System32\WUDFSvc.dll - ok
10:40:10.0386 0864  [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
10:40:10.0386 0864  C:\Windows\System32\drivers\lltdio.sys - ok
10:40:10.0401 0864  [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
10:40:10.0401 0864  C:\Windows\System32\UXInit.dll - ok
10:40:10.0401 0864  [ DC220AE6F64819099F7EBD6F137E32E7 ] C:\Windows\System32\AudioSes.dll
10:40:10.0401 0864  C:\Windows\System32\AudioSes.dll - ok
10:40:10.0401 0864  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
10:40:10.0401 0864  C:\Windows\System32\drivers\nwifi.sys - ok
10:40:10.0417 0864  [ 136185F9FB2CC61E573E676AA5402356 ] C:\Windows\System32\drivers\ndisuio.sys
10:40:10.0417 0864  C:\Windows\System32\drivers\ndisuio.sys - ok
10:40:10.0417 0864  [ 00000000000000000000000000000000 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97DF63A2-3B48-4F68-8AEE-3F4A7AF82142}\mpavbase.vdm
10:40:10.0417 0864  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97DF63A2-3B48-4F68-8AEE-3F4A7AF82142}\mpavbase.vdm - ok
10:40:10.0433 0864  [ D96FBEDC917F52BD21509A5113D67365 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97DF63A2-3B48-4F68-8AEE-3F4A7AF82142}\mpavdlta.vdm
10:40:10.0433 0864  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97DF63A2-3B48-4F68-8AEE-3F4A7AF82142}\mpavdlta.vdm - ok
10:40:10.0433 0864  [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
10:40:10.0433 0864  C:\Windows\System32\drivers\rspndr.sys - ok
10:40:10.0433 0864  [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
10:40:10.0433 0864  C:\Windows\System32\lmhsvc.dll - ok
10:40:10.0448 0864  [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll
10:40:10.0448 0864  C:\Windows\System32\nrpsrv.dll - ok
10:40:10.0448 0864  [ 1B3D7C764468D4AA0EBD86D147F96D8B ] C:\Windows\System32\nvsvc64.dll
10:40:10.0448 0864  C:\Windows\System32\nvsvc64.dll - ok
10:40:10.0464 0864  [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
10:40:10.0464 0864  C:\Windows\System32\msacm32.dll - ok
10:40:10.0464 0864  [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
10:40:10.0464 0864  C:\Windows\System32\msacm32.drv - ok
10:40:10.0464 0864  [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
10:40:10.0464 0864  C:\Windows\System32\midimap.dll - ok
10:40:10.0479 0864  [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
10:40:10.0479 0864  C:\Windows\System32\msimg32.dll - ok
10:40:10.0479 0864  [ 876DBCC0296D65CC9CFF24C24042B443 ] C:\Windows\System32\nvapi64.dll
10:40:10.0479 0864  C:\Windows\System32\nvapi64.dll - ok
10:40:10.0495 0864  [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
10:40:10.0495 0864  C:\Windows\System32\nsisvc.dll - ok
10:40:10.0495 0864  [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
10:40:10.0495 0864  C:\Windows\System32\keyiso.dll - ok
10:40:10.0495 0864  [ 42187A1D9417F397F889C52F8F2AAE82 ] C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll
10:40:10.0495 0864  C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll - ok
10:40:10.0511 0864  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll
10:40:10.0511 0864  C:\Windows\System32\dhcpcore.dll - ok
10:40:10.0526 0864  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll
10:40:10.0526 0864  C:\Windows\System32\dnsrslvr.dll - ok
10:40:10.0526 0864  [ 87356377F31DA5F20A833811CD59499C ] C:\Windows\System32\eapphost.dll
10:40:10.0526 0864  C:\Windows\System32\eapphost.dll - ok
10:40:10.0526 0864  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
10:40:10.0526 0864  C:\Windows\System32\eapsvc.dll - ok
10:40:10.0542 0864  [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
10:40:10.0542 0864  C:\Windows\System32\FWPUCLNT.DLL - ok
10:40:10.0542 0864  [ 6061114558D3D1CBE66F2EF2AF148966 ] C:\Windows\winsxs\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8448b2bd328df189\mfc80.dll
10:40:10.0542 0864  C:\Windows\winsxs\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8448b2bd328df189\mfc80.dll - ok
10:40:10.0557 0864  [ 3CC16A849E6092E43909F48EF0E60306 ] C:\Windows\System32\dhcpcore6.dll
10:40:10.0557 0864  C:\Windows\System32\dhcpcore6.dll - ok
10:40:10.0557 0864  [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
10:40:10.0557 0864  C:\Windows\System32\AudioEng.dll - ok
10:40:10.0573 0864  [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll
10:40:10.0573 0864  C:\Windows\System32\umb.dll - ok
10:40:10.0573 0864  [ A648C4A06DE367065B24056D067B4460 ] C:\Windows\System32\wlanmsm.dll
10:40:10.0573 0864  C:\Windows\System32\wlanmsm.dll - ok
10:40:10.0573 0864  [ EC6BA7C92FA5B2AA4AFDF4DF22AEDAB7 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll
10:40:10.0573 0864  C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll - ok
10:40:10.0589 0864  [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
10:40:10.0589 0864  C:\Windows\System32\wlansec.dll - ok
10:40:10.0589 0864  [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
10:40:10.0589 0864  C:\Windows\System32\dnsext.dll - ok
10:40:10.0604 0864  [ 442235AC4F20B195F932990CAE47408E ] C:\Windows\winsxs\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_bc20f59b0bdd1acd\mfc80ENU.dll
10:40:10.0604 0864  C:\Windows\winsxs\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_bc20f59b0bdd1acd\mfc80ENU.dll - ok
10:40:10.0604 0864  [ E3BF12C68F844E689D1A9D7E6B54742A ] C:\Program Files\Microsoft Security Client\MpAsDesc.dll
10:40:10.0604 0864  C:\Program Files\Microsoft Security Client\MpAsDesc.dll - ok
10:40:10.0620 0864  [ 0BEB0C931BC24F610EE87179F31A8A42 ] C:\Program Files\Microsoft Security Client\MpCmdRun.exe
10:40:10.0620 0864  C:\Program Files\Microsoft Security Client\MpCmdRun.exe - ok
10:40:10.0620 0864  [ AC7EB0B58CA53473D737E41E8DC66578 ] C:\Windows\System32\nvsvcr.dll
10:40:10.0620 0864  C:\Windows\System32\nvsvcr.dll - ok
10:40:10.0635 0864  [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll
10:40:10.0635 0864  C:\Windows\System32\onex.dll - ok
10:40:10.0635 0864  [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
10:40:10.0635 0864  C:\Windows\System32\eappprxy.dll - ok
10:40:10.0651 0864  [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
10:40:10.0651 0864  C:\Windows\System32\eappcfg.dll - ok
10:40:10.0651 0864  [ A8C03B2787417E10247A3BCA798BDECF ] C:\Windows\System32\nvcpl.dll
10:40:10.0651 0864  C:\Windows\System32\nvcpl.dll - ok
10:40:10.0667 0864  [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
10:40:10.0667 0864  C:\Windows\System32\l2gpstore.dll - ok
10:40:10.0667 0864  [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
10:40:10.0667 0864  C:\Windows\System32\WinSCard.dll - ok
10:40:10.0682 0864  [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
10:40:10.0682 0864  C:\Windows\System32\wlanutil.dll - ok
10:40:10.0682 0864  [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
10:40:10.0682 0864  C:\Windows\System32\wlgpclnt.dll - ok
10:40:10.0698 0864  [ 1BCDB508143B517F21BBDAC10F5777BF ] C:\Windows\System32\conhost.exe
10:40:10.0698 0864  C:\Windows\System32\conhost.exe - ok
10:40:10.0698 0864  [ 218A400108F280428FA22282D3268BBC ] C:\Windows\System32\wscapi.dll
10:40:10.0698 0864  C:\Windows\System32\wscapi.dll - ok
10:40:10.0713 0864  [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
10:40:10.0713 0864  C:\Windows\System32\imageres.dll - ok
10:40:10.0713 0864  [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
10:40:10.0713 0864  C:\Windows\System32\AUDIOKSE.dll - ok
10:40:10.0713 0864  [ FA43D418BC945D27D0625B697B8442B5 ] C:\Windows\System32\cabinet.dll
10:40:10.0713 0864  C:\Windows\System32\cabinet.dll - ok
10:40:10.0729 0864  [ 99B91C5D2FCEF218CAD3600ECB62A799 ] C:\Windows\System32\msxml6.dll
10:40:10.0729 0864  C:\Windows\System32\msxml6.dll - ok
10:40:10.0729 0864  [ 1B59F6B03DA67790E98264941E555D49 ] C:\Windows\System32\RtkAPO64.dll
10:40:10.0729 0864  C:\Windows\System32\RtkAPO64.dll - ok
10:40:10.0745 0864  [ AAF932B4011D14052955D4B212A4DA8D ] C:\Windows\System32\shsvcs.dll
10:40:10.0745 0864  C:\Windows\System32\shsvcs.dll - ok
10:40:10.0745 0864  [ 43FAB56AE5F639AD59D7209693F4C4C2 ] C:\Windows\System32\wlanext.exe
10:40:10.0745 0864  C:\Windows\System32\wlanext.exe - ok
10:40:10.0745 0864  [ 6F3C559B82F2912354BE5B098744CC8C ] C:\Windows\System32\WMALFXGFXDSP.dll
10:40:10.0745 0864  C:\Windows\System32\WMALFXGFXDSP.dll - ok
10:40:10.0760 0864  [ 262F6592C3299C005FD6BEC90FC4463A ] C:\Windows\System32\schedsvc.dll
10:40:10.0760 0864  C:\Windows\System32\schedsvc.dll - ok
10:40:10.0776 0864  [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
10:40:10.0776 0864  C:\Windows\System32\ktmw32.dll - ok
10:40:10.0776 0864  [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll
10:40:10.0776 0864  C:\Windows\System32\mfplat.dll - ok
10:40:10.0791 0864  [ 945E54F23C72D37B8CD1987AF0DB63BF ] C:\Windows\System32\fveapi.dll
10:40:10.0791 0864  C:\Windows\System32\fveapi.dll - ok
10:40:10.0791 0864  [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
10:40:10.0791 0864  C:\Windows\System32\tbs.dll - ok
10:40:10.0807 0864  [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
10:40:10.0807 0864  C:\Windows\System32\fvecerts.dll - ok
10:40:10.0807 0864  [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7 ] C:\Windows\System32\taskcomp.dll
10:40:10.0807 0864  C:\Windows\System32\taskcomp.dll - ok
10:40:10.0807 0864  [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
10:40:10.0807 0864  C:\Windows\System32\wiarpc.dll - ok
10:40:10.0823 0864  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] C:\Windows\System32\drivers\http.sys
10:40:10.0823 0864  C:\Windows\System32\drivers\http.sys - ok
10:40:10.0823 0864  [ 92E0508D924512F63FFEEFE498CBD11F ] C:\Windows\System32\p2pcollab.dll
10:40:10.0823 0864  C:\Windows\System32\p2pcollab.dll - ok
10:40:10.0838 0864  [ CF636C92B762B26F0B39B38E92380A09 ] C:\Windows\System32\oleacc.dll
10:40:10.0838 0864  C:\Windows\System32\oleacc.dll - ok
10:40:10.0838 0864  [ 582AC6D9873E31DFA28A4547270862DD ] C:\Windows\System32\QAGENTRT.DLL
10:40:10.0838 0864  C:\Windows\System32\QAGENTRT.DLL - ok
10:40:10.0854 0864  [ 506A83A3BEEE9FCA09F0170DE9FC7D1B ] C:\Windows\System32\fveui.dll
10:40:10.0854 0864  C:\Windows\System32\fveui.dll - ok
10:40:10.0854 0864  [ 577D0DC85524A16FE29D7956B22974C4 ] C:\Program Files\Microsoft Security Client\MsseWat.dll
10:40:10.0854 0864  C:\Program Files\Microsoft Security Client\MsseWat.dll - ok
10:40:10.0869 0864  [ B6D6886149573278CBA6ABD44C4317F5 ] C:\Windows\System32\slwga.dll
10:40:10.0869 0864  C:\Windows\System32\slwga.dll - ok
10:40:10.0869 0864  [ DB76DB15EFC6E4D1153A6C5BC895948D ] C:\Windows\System32\sppc.dll
10:40:10.0869 0864  C:\Windows\System32\sppc.dll - ok
10:40:10.0869 0864  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] C:\Windows\System32\spoolsv.exe
10:40:10.0869 0864  C:\Windows\System32\spoolsv.exe - ok
10:40:10.0885 0864  [ 567BC1309E05FCFA680ADB6E02260736 ] C:\Windows\System32\vaultsvc.dll
10:40:10.0885 0864  C:\Windows\System32\vaultsvc.dll - ok
10:40:10.0885 0864  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] C:\Windows\System32\wbiosrvc.dll
10:40:10.0885 0864  C:\Windows\System32\wbiosrvc.dll - ok
10:40:10.0901 0864  [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL
10:40:10.0901 0864  C:\Windows\System32\BFE.DLL - ok
10:40:10.0901 0864  [ 00C8825726E4089F4592723BD23184D6 ] C:\Windows\System32\iwmssvc.dll
10:40:10.0901 0864  C:\Windows\System32\iwmssvc.dll - ok
10:40:10.0916 0864  [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys
10:40:10.0916 0864  C:\Windows\System32\drivers\bowser.sys - ok
10:40:10.0916 0864  [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
10:40:10.0916 0864  C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
10:40:10.0932 0864  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
10:40:10.0932 0864  C:\Windows\System32\drivers\mpsdrv.sys - ok
10:40:10.0932 0864  [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys
10:40:10.0932 0864  C:\Windows\System32\drivers\mrxsmb.sys - ok
10:40:10.0932 0864  [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys
10:40:10.0932 0864  C:\Windows\System32\drivers\mrxsmb10.sys - ok
10:40:10.0947 0864  [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
10:40:10.0947 0864  C:\Windows\System32\wlanapi.dll - ok
10:40:10.0947 0864  [ D844B11545F53AA0C10F78763381D9EC ] C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
10:40:10.0947 0864  C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll - ok
10:40:10.0963 0864  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys
10:40:10.0963 0864  C:\Windows\System32\drivers\mrxsmb20.sys - ok
10:40:10.0963 0864  [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll
10:40:10.0963 0864  C:\Windows\System32\wkssvc.dll - ok
10:40:10.0979 0864  [ C126D9BDFF0FB53A059B76989A73B3AC ] C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll
10:40:10.0979 0864  C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll - ok
10:40:10.0979 0864  [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
10:40:10.0979 0864  C:\Windows\System32\wfapigp.dll - ok
10:40:10.0994 0864  [ E36112A8A6C7F840169A7E92C12F4203 ] C:\Windows\System32\wsock32.dll
10:40:10.0994 0864  C:\Windows\System32\wsock32.dll - ok
10:40:10.0994 0864  [ 6CAE115FDC3CAFF087A267E9584173CB ] C:\Program Files\Common Files\Intel\WirelessCommon\TraceApi.dll
10:40:10.0994 0864  C:\Program Files\Common Files\Intel\WirelessCommon\TraceApi.dll - ok
10:40:10.0994 0864  [ 88E1F5E9C121167D9E226CBE7FE5FB82 ] C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
10:40:10.0994 0864  C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe - ok
10:40:11.0010 0864  [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
10:40:11.0010 0864  C:\Windows\SysWOW64\ntdll.dll - ok
10:40:11.0010 0864  [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll
10:40:11.0010 0864  C:\Windows\System32\mscms.dll - ok
10:40:11.0025 0864  [ 51A4B6DE7611191B3D9AD3156AA24C22 ] C:\Program Files\Intel\WiFi\bin\KmmdlPlugins\ccxplugin.dll
10:40:11.0025 0864  C:\Program Files\Intel\WiFi\bin\KmmdlPlugins\ccxplugin.dll - ok
10:40:11.0025 0864  [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
10:40:11.0025 0864  C:\Windows\System32\pcasvc.dll - ok
10:40:11.0041 0864  [ 259EB5F7D95A29842B476C5B3EB6E186 ] C:\Windows\System32\wow64.dll
10:40:11.0041 0864  C:\Windows\System32\wow64.dll - ok
10:40:11.0041 0864  [ 5674E21E82CFBEA36DDAD5DB285D6DBC ] C:\Windows\System32\wow64win.dll
10:40:11.0041 0864  C:\Windows\System32\wow64win.dll - ok
10:40:11.0057 0864  [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
10:40:11.0057 0864  C:\Windows\System32\snmptrap.exe - ok
10:40:11.0057 0864  [ 3EE3AA76D8AB6D5644C4C8F34471CEB3 ] C:\Windows\System32\wow64cpu.dll
10:40:11.0057 0864  C:\Windows\System32\wow64cpu.dll - ok
10:40:11.0057 0864  [ B1A8D4A2974CA902148F0B0FC00D877E ] C:\Windows\System32\inetsrv\iisres.dll
10:40:11.0057 0864  C:\Windows\System32\inetsrv\iisres.dll - ok
10:40:11.0072 0864  [ AC0B6F41882FC6ED186962D770EBF1D2 ] C:\Windows\SysWOW64\kernel32.dll
10:40:11.0072 0864  C:\Windows\SysWOW64\kernel32.dll - ok
10:40:11.0072 0864  [ A3B10333663E0364BD5F694159C21CDB ] C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
10:40:11.0072 0864  C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll - ok
10:40:11.0088 0864  [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
10:40:11.0088 0864  C:\Windows\SysWOW64\advapi32.dll - ok
10:40:11.0088 0864  [ E954A79D6A754A5475582CACED1565E6 ] C:\Windows\SysWOW64\KernelBase.dll
10:40:11.0088 0864  C:\Windows\SysWOW64\KernelBase.dll - ok
10:40:11.0103 0864  [ 91A8E32B00BF7899EDAB6783287DDDA6 ] C:\Windows\System32\PeerDistSh.dll
10:40:11.0103 0864  C:\Windows\System32\PeerDistSh.dll - ok
10:40:11.0103 0864  [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll
10:40:11.0103 0864  C:\Windows\System32\provsvc.dll - ok
10:40:11.0119 0864  [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
10:40:11.0119 0864  C:\Windows\SysWOW64\msvcrt.dll - ok
10:40:11.0119 0864  [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
10:40:11.0119 0864  C:\Windows\SysWOW64\rpcrt4.dll - ok
10:40:11.0119 0864  [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
10:40:11.0119 0864  C:\Windows\SysWOW64\sechost.dll - ok
10:40:11.0135 0864  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
10:40:11.0135 0864  C:\Windows\System32\sstpsvc.dll - ok
10:40:11.0135 0864  [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
10:40:11.0135 0864  C:\Windows\SysWOW64\cryptbase.dll - ok
10:40:11.0150 0864  [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\SysWOW64\shell32.dll
10:40:11.0150 0864  C:\Windows\SysWOW64\shell32.dll - ok
10:40:11.0150 0864  [ EDA7AD21DF8945528F01F0A86D69E524 ] C:\Windows\SysWOW64\sspicli.dll
10:40:11.0150 0864  C:\Windows\SysWOW64\sspicli.dll - ok
10:40:11.0166 0864  [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\SysWOW64\wtsapi32.dll
10:40:11.0166 0864  C:\Windows\SysWOW64\wtsapi32.dll - ok
10:40:11.0166 0864  [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
10:40:11.0166 0864  C:\Windows\SysWOW64\shlwapi.dll - ok
10:40:11.0166 0864  [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
10:40:11.0166 0864  C:\Windows\SysWOW64\gdi32.dll - ok
10:40:11.0181 0864  [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
10:40:11.0181 0864  C:\Windows\SysWOW64\user32.dll - ok
10:40:11.0181 0864  [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
10:40:11.0181 0864  C:\Windows\SysWOW64\lpk.dll - ok
10:40:11.0197 0864  [ B7230010D97787AF3D25E4C82F2B06B9 ] C:\Windows\SysWOW64\usp10.dll
10:40:11.0197 0864  C:\Windows\SysWOW64\usp10.dll - ok
10:40:11.0197 0864  [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll
10:40:11.0197 0864  C:\Windows\SysWOW64\userenv.dll - ok
10:40:11.0213 0864  [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
10:40:11.0213 0864  C:\Windows\SysWOW64\profapi.dll - ok
10:40:11.0213 0864  [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
10:40:11.0213 0864  C:\Windows\SysWOW64\setupapi.dll - ok
10:40:11.0228 0864  [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
10:40:11.0228 0864  C:\Windows\SysWOW64\cfgmgr32.dll - ok
10:40:11.0244 0864  [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
10:40:11.0244 0864  C:\Windows\SysWOW64\oleaut32.dll - ok
10:40:11.0244 0864  [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
10:40:11.0244 0864  C:\Windows\SysWOW64\ole32.dll - ok
10:40:11.0259 0864  [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll
10:40:11.0259 0864  C:\Windows\SysWOW64\devobj.dll - ok
10:40:11.0259 0864  [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\SysWOW64\wintrust.dll
10:40:11.0259 0864  C:\Windows\SysWOW64\wintrust.dll - ok
10:40:11.0275 0864  [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\SysWOW64\crypt32.dll
10:40:11.0275 0864  C:\Windows\SysWOW64\crypt32.dll - ok
10:40:11.0275 0864  [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
10:40:11.0275 0864  C:\Windows\SysWOW64\imm32.dll - ok
10:40:11.0275 0864  [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
10:40:11.0275 0864  C:\Windows\SysWOW64\msasn1.dll - ok
10:40:11.0291 0864  [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
10:40:11.0291 0864  C:\Windows\SysWOW64\msctf.dll - ok
10:40:11.0291 0864  [ ABDCD326E1DD1C62509ED94C278A7453 ] C:\Program Files\SUPERAntiSpyware\SASCore64.exe
10:40:11.0291 0864  C:\Program Files\SUPERAntiSpyware\SASCore64.exe - ok
10:40:11.0306 0864  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:40:11.0306 0864  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
10:40:11.0306 0864  [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
10:40:11.0306 0864  C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
10:40:11.0322 0864  [ 59D01FA91962C9C1E9B4022B2D3B46DB ] C:\Windows\System32\inetsrv\apphostsvc.dll
10:40:11.0322 0864  C:\Windows\System32\inetsrv\apphostsvc.dll - ok
10:40:11.0337 0864  [ A5299D04ED225D64CF07A568A3E1BF8C ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:40:11.0337 0864  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
10:40:11.0337 0864  [ C99C5AD6E5412A8D37D40E780113D7B5 ] C:\Windows\System32\inetsrv\iisutil.dll
10:40:11.0337 0864  C:\Windows\System32\inetsrv\iisutil.dll - ok
10:40:11.0353 0864  [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
10:40:11.0353 0864  C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
10:40:11.0353 0864  [ A77EA0AF89B0147A9B38211E3096A2E0 ] C:\Windows\System32\inetsrv\nativerd.dll
10:40:11.0353 0864  C:\Windows\System32\inetsrv\nativerd.dll - ok
10:40:11.0369 0864  [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
10:40:11.0369 0864  C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
10:40:11.0369 0864  [ 848BC9A0BB2361E549FD4C22D7548FB8 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll
10:40:11.0369 0864  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
10:40:11.0369 0864  [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
10:40:11.0369 0864  C:\Windows\System32\vssapi.dll - ok
10:40:11.0384 0864  [ 7290A6DD34862278DF9E26D96E5A95D8 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll
10:40:11.0384 0864  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
10:40:11.0400 0864  [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
10:40:11.0400 0864  C:\Windows\SysWOW64\version.dll - ok
10:40:11.0400 0864  [ 5F3347EBA403EE64780980A5BAF10304 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
10:40:11.0400 0864  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
10:40:11.0415 0864  [ 152F8772D5A5CD7883305C3B8D28470E ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
10:40:11.0415 0864  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
10:40:11.0415 0864  [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
10:40:11.0415 0864  C:\Windows\SysWOW64\nsi.dll - ok
10:40:11.0415 0864  [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll
10:40:11.0415 0864  C:\Windows\SysWOW64\ws2_32.dll - ok
10:40:11.0431 0864  [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
10:40:11.0431 0864  C:\Windows\System32\vsstrace.dll - ok
10:40:11.0431 0864  [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
10:40:11.0431 0864  C:\Windows\System32\mlang.dll - ok
10:40:11.0447 0864  [ 78865ABC5F5D13190F8B35BD9044714A ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
10:40:11.0447 0864  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll - ok
10:40:11.0447 0864  [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
10:40:11.0447 0864  C:\Windows\SysWOW64\wsock32.dll - ok
10:40:11.0462 0864  [ FF9831030678C7B6D70BAC00F68F8976 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
10:40:11.0462 0864  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
10:40:11.0462 0864  [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\SysWOW64\winmm.dll
10:40:11.0462 0864  C:\Windows\SysWOW64\winmm.dll - ok
10:40:11.0478 0864  [ 5A963C340DE1A01BA6E24945CE05D16A ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
10:40:11.0478 0864  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll - ok
10:40:11.0478 0864  [ F4BC62990E7E5C29799A895B80FC3177 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
10:40:11.0478 0864  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
10:40:11.0493 0864  [ 149D74E1128A86DC9CFB2851FBEA11EB ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
10:40:11.0493 0864  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll - ok
10:40:11.0493 0864  [ F6FD367C9EAAEDF90CD7A7952AE0B336 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
10:40:11.0493 0864  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll - ok
10:40:11.0493 0864  [ 4E4EDF9CA82E95BAB2977DD9F21B00F6 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
10:40:11.0493 0864  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
10:40:11.0509 0864  [ 062373995EAE5F0EAC9EAA9192136BFB ] C:\Windows\SysWOW64\dnssd.dll
10:40:11.0509 0864  C:\Windows\SysWOW64\dnssd.dll - ok
10:40:11.0509 0864  [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
10:40:11.0509 0864  C:\Windows\SysWOW64\ntmarta.dll - ok
10:40:11.0525 0864  [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll
10:40:11.0525 0864  C:\Windows\SysWOW64\Wldap32.dll - ok
10:40:11.0525 0864  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] C:\Program Files\Bonjour\mDNSResponder.exe
10:40:11.0525 0864  C:\Program Files\Bonjour\mDNSResponder.exe - ok
10:40:11.0540 0864  [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll
10:40:11.0540 0864  C:\Windows\SysWOW64\mswsock.dll - ok
10:40:11.0540 0864  [ 0E1B02C9CC352A1F61703B7D1A8A2C45 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll
10:40:11.0540 0864  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
10:40:11.0556 0864  [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
10:40:11.0556 0864  C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
10:40:11.0556 0864  [ 31DA517946FFE416442E864592548F8A ] C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
10:40:11.0556 0864  C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe - ok
10:40:11.0571 0864  [ 03728C624D05C2F157BBD46F6B7F6EA0 ] C:\Windows\SysWOW64\wininet.dll
10:40:11.0571 0864  C:\Windows\SysWOW64\wininet.dll - ok
10:40:11.0571 0864  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] C:\Windows\System32\cryptsvc.dll
10:40:11.0571 0864  C:\Windows\System32\cryptsvc.dll - ok
10:40:11.0587 0864  [ 73BDB1C0801D44BEA5F6749FD340CC0F ] C:\Windows\SysWOW64\iertutil.dll
10:40:11.0587 0864  C:\Windows\SysWOW64\iertutil.dll - ok
10:40:11.0587 0864  [ 5ABCE0ECAEFAAEE30CA678B489DC0EFE ] C:\Program Files\WIDCOMM\Bluetooth Software\btins.dll
10:40:11.0587 0864  C:\Program Files\WIDCOMM\Bluetooth Software\btins.dll - ok
10:40:11.0603 0864  [ 8792BAB371B4B1589E015B6FD1ED3B15 ] C:\Windows\System32\cryptnet.dll
10:40:11.0603 0864  C:\Windows\System32\cryptnet.dll - ok
10:40:11.0603 0864  [ 180D098704551DE37C6299AA888D6821 ] C:\Windows\SysWOW64\urlmon.dll
10:40:11.0603 0864  C:\Windows\SysWOW64\urlmon.dll - ok
10:40:11.0603 0864  [ 2E14406E05789F91C9282AE7CFCA3A07 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
10:40:11.0603 0864  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll - ok
10:40:11.0618 0864  [ E53B389AABC47A86A41884E94C9A3012 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll
10:40:11.0618 0864  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
10:40:11.0618 0864  [ 8BA9851E671E8B5E49E303748FFD530C ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
10:40:11.0618 0864  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
10:40:11.0634 0864  [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
10:40:11.0634 0864  C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
10:40:11.0649 0864  [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
10:40:11.0649 0864  C:\Windows\SysWOW64\winnsi.dll - ok
10:40:11.0649 0864  [ 5EB6E9C8BE1ACC5830780E0F9A846255 ] C:\Windows\System32\msi.dll
10:40:11.0649 0864  C:\Windows\System32\msi.dll - ok
10:40:11.0665 0864  [ 73862FF693168369A90F046E7F227B83 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
10:40:11.0665 0864  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll - ok
10:40:11.0665 0864  [ FAFAE01E889DC9C05A6CA2138CFC220B ] C:\Windows\System32\tapi32.dll
10:40:11.0665 0864  C:\Windows\System32\tapi32.dll - ok
10:40:11.0681 0864  [ 25073E4054E18470C9684CBCFAFF56FE ] C:\Program Files\WIDCOMM\Bluetooth Software\btwprofpack.dll
10:40:11.0681 0864  C:\Program Files\WIDCOMM\Bluetooth Software\btwprofpack.dll - ok
10:40:11.0681 0864  [ 66257CB4E4FB69887CDDC71663741435 ] C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
10:40:11.0681 0864  C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe - ok
10:40:11.0696 0864  [ B7E663FF6F235820BCA06BA925335AE3 ] C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
10:40:11.0696 0864  C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll - ok
10:40:11.0696 0864  [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll
10:40:11.0696 0864  C:\Windows\SysWOW64\rasapi32.dll - ok
10:40:11.0696 0864  [ 126B75D50756FE204283D418AE1A66DF ] C:\Windows\SysWOW64\msvcirt.dll
10:40:11.0696 0864  C:\Windows\SysWOW64\msvcirt.dll - ok
10:40:11.0712 0864  [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll
10:40:11.0712 0864  C:\Windows\SysWOW64\rasman.dll - ok
10:40:11.0712 0864  [ 46A6BA9274D075A2C30025C4E96D875A ] C:\Windows\SysWOW64\msvcp60.dll
10:40:11.0712 0864  C:\Windows\SysWOW64\msvcp60.dll - ok
10:40:11.0727 0864  [ DC6612A9EE015A36BA2A27BC9CC12537 ] C:\Windows\SysWOW64\mfc42.dll
10:40:11.0727 0864  C:\Windows\SysWOW64\mfc42.dll - ok
10:40:11.0727 0864  [ 7D34AF98A706230CC2DEDFE0CABF87AB ] C:\Windows\SysWOW64\odbc32.dll
10:40:11.0727 0864  C:\Windows\SysWOW64\odbc32.dll - ok
10:40:11.0727 0864  [ ABA457BFC7EC0B5E130B2F1E0F549DFF ] C:\Windows\SysWOW64\odbcint.dll
10:40:11.0727 0864  C:\Windows\SysWOW64\odbcint.dll - ok
10:40:11.0743 0864  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] C:\Windows\System32\dps.dll
10:40:11.0743 0864  C:\Windows\System32\dps.dll - ok
10:40:11.0743 0864  [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
10:40:11.0743 0864  C:\Windows\SysWOW64\dhcpcsvc.dll - ok
10:40:11.0759 0864  [ 81F6C1AE23B1C493D9E996C3103915D7 ] C:\Windows\SysWOW64\dhcpcsvc6.dll
10:40:11.0759 0864  C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
10:40:11.0759 0864  [ 95F9B69B5E601A1D2465C651E70CC02D ] C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
10:40:11.0759 0864  C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe - ok
10:40:11.0774 0864  [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
10:40:11.0774 0864  C:\Windows\System32\netcfgx.dll - ok
10:40:11.0774 0864  [ 63DF770DF74ACB370EF5A16727069AAF ] C:\Windows\SysWOW64\hid.dll
10:40:11.0774 0864  C:\Windows\SysWOW64\hid.dll - ok
10:40:11.0774 0864  [ E4F44EC214B3E381E1FC844A02926666 ] C:\Windows\System32\drivers\mdmxsdk.sys
10:40:11.0774 0864  C:\Windows\System32\drivers\mdmxsdk.sys - ok
10:40:11.0790 0864  [ CA864A3D2503FB5F5C9F5FC16225AA4C ] C:\Program Files (x86)\Enterasys Networks\NAC Agent\NacAgtSv.exe
10:40:11.0790 0864  C:\Program Files (x86)\Enterasys Networks\NAC Agent\NacAgtSv.exe - ok
10:40:11.0790 0864  [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\SysWOW64\shfolder.dll
10:40:11.0790 0864  C:\Windows\SysWOW64\shfolder.dll - ok
10:40:11.0805 0864  [ 1A4F48F1F128F20112BCEF0BEFB48A97 ] C:\Program Files (x86)\Enterasys Networks\NAC Agent\rt\bin\jetvm\jvm.dll
10:40:11.0805 0864  C:\Program Files (x86)\Enterasys Networks\NAC Agent\rt\bin\jetvm\jvm.dll - ok
10:40:11.0805 0864  [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\SysWOW64\apphelp.dll
10:40:11.0805 0864  C:\Windows\SysWOW64\apphelp.dll - ok
10:40:11.0821 0864  [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files (x86)\Enterasys Networks\NAC Agent\rt\bin\msvcr71.dll
10:40:11.0821 0864  C:\Program Files (x86)\Enterasys Networks\NAC Agent\rt\bin\msvcr71.dll - ok
10:40:11.0821 0864  [ FF6494B1B70831BFC90B13A3968C792E ] C:\Program Files (x86)\Enterasys Networks\NAC Agent\rt\bin\hpi.dll
10:40:11.0821 0864  C:\Program Files (x86)\Enterasys Networks\NAC Agent\rt\bin\hpi.dll - ok
10:40:11.0837 0864  [ 47363A020316FE2D8EB2B5AE4B64514F ] C:\Program Files (x86)\Enterasys Networks\NAC Agent\rt\bin\java.dll
10:40:11.0837 0864  C:\Program Files (x86)\Enterasys Networks\NAC Agent\rt\bin\java.dll - ok
10:40:11.0837 0864  [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
10:40:11.0837 0864  C:\Windows\System32\netman.dll - ok
10:40:11.0852 0864  [ 6DDB6F8C1D09F6A7A43D7BB46A74F80B ] C:\Program Files\Intel\WiFi\bin\iWMSProv.dll
10:40:11.0852 0864  C:\Program Files\Intel\WiFi\bin\iWMSProv.dll - ok
10:40:11.0852 0864  [ 3E5A36127E201DDF663176B66828FAFE ] C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:40:11.0852 0864  C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe - ok
10:40:11.0868 0864  [ A08C010D859F8EB42BDD7E1D55B8CA27 ] C:\Windows\System32\mscoree.dll
10:40:11.0868 0864  C:\Windows\System32\mscoree.dll - ok
10:40:11.0868 0864  [ AA794B099F776B37ACCDEAD00E0FBFC9 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
10:40:11.0868 0864  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
10:40:11.0883 0864  [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
10:40:11.0883 0864  C:\Windows\System32\dllhost.exe - ok
10:40:11.0883 0864  [ 387954B516297DD7324886D42C71CFF8 ] C:\Program Files\Intel\WiFi\bin\IntStngs.dll
10:40:11.0883 0864  C:\Program Files\Intel\WiFi\bin\IntStngs.dll - ok
10:40:11.0883 0864  [ 97D4025A32E37F3CB236EF075ED6702B ] C:\Program Files (x86)\Enterasys Networks\NAC Agent\rt\jetrt\baseline640.dll
10:40:11.0899 0864  C:\Program Files (x86)\Enterasys Networks\NAC Agent\rt\jetrt\baseline640.dll - ok
10:40:11.0899 0864  [ 02CD5B2C3B017122CAC00BDB520CD7AC ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
10:40:11.0899 0864  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll - ok
10:40:11.0899 0864  [ 580FF51D856030043DF245CF31FD40D1 ] C:\Program Files (x86)\Enterasys Networks\NAC Agent\rt\jetrt\xjitb640.dll
10:40:11.0899 0864  C:\Program Files (x86)\Enterasys Networks\NAC Agent\rt\jetrt\xjitb640.dll - ok
10:40:11.0915 0864  [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
10:40:11.0915 0864  C:\Windows\System32\IDStore.dll - ok
10:40:11.0915 0864  [ 2C1BB3AD51826AA96C9802CBC123814F ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\51a23687fdafc32b697f5a719e364651\mscorlib.ni.dll
10:40:11.0915 0864  C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\51a23687fdafc32b697f5a719e364651\mscorlib.ni.dll - ok
10:40:11.0930 0864  [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\SysWOW64\winsta.dll
10:40:11.0930 0864  C:\Windows\SysWOW64\winsta.dll - ok
10:40:11.0930 0864  [ 639774C9ACD063F028F6084ABF5593AD ] C:\Windows\System32\taskhost.exe
10:40:11.0930 0864  C:\Windows\System32\taskhost.exe - ok
10:40:11.0946 0864  [ F53D15B5E97F4B29F2385449E282B131 ] C:\Program Files (x86)\Enterasys Networks\NAC Agent\rt\bin\awt.dll
10:40:11.0946 0864  C:\Program Files (x86)\Enterasys Networks\NAC Agent\rt\bin\awt.dll - ok
10:40:11.0946 0864  [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\SysWOW64\winspool.drv
10:40:11.0946 0864  C:\Windows\SysWOW64\winspool.drv - ok
10:40:11.0961 0864  [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe
10:40:11.0961 0864  C:\Windows\System32\AtBroker.exe - ok
10:40:11.0961 0864  [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
10:40:11.0961 0864  C:\Windows\System32\mpr.dll - ok
10:40:11.0977 0864  [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
10:40:11.0977 0864  C:\Windows\System32\userinit.exe - ok
10:40:11.0977 0864  [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
10:40:11.0977 0864  C:\Windows\System32\dwm.exe - ok
10:40:11.0977 0864  [ FCFCD1101C5DA23B4B95F93D02B2C169 ] C:\Windows\System32\dwmredir.dll
10:40:11.0977 0864  C:\Windows\System32\dwmredir.dll - ok
10:40:11.0993 0864  [ 1B1431D9520C7578AD5633ED2A70625F ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
10:40:11.0993 0864  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll - ok
10:40:11.0993 0864  [ 4BA77A5EF71C14C764B0ED4701683E3E ] C:\Windows\System32\dwmcore.dll
10:40:11.0993 0864  C:\Windows\System32\dwmcore.dll - ok
10:40:12.0008 0864  [ 9BB99503D6A4DD62569EDE9E5E2672A5 ] C:\Windows\System32\HotStartUserAgent.dll
10:40:12.0008 0864  C:\Windows\System32\HotStartUserAgent.dll - ok
10:40:12.0008 0864  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] C:\Windows\System32\drivers\vwifimp.sys
10:40:12.0008 0864  C:\Windows\System32\drivers\vwifimp.sys - ok
10:40:12.0024 0864  [ E1374D37477322D4956604711008C69D ] C:\Windows\System32\d3d10_1.dll
10:40:12.0024 0864  C:\Windows\System32\d3d10_1.dll - ok
10:40:12.0024 0864  [ 65EA57712340C09B1B0C427B4848AE05 ] C:\Windows\System32\taskeng.exe
10:40:12.0024 0864  C:\Windows\System32\taskeng.exe - ok
10:40:12.0024 0864  [ 426BA4E737A7988FD1202AF2F2B2F4A6 ] C:\Windows\System32\d3d10_1core.dll
10:40:12.0024 0864  C:\Windows\System32\d3d10_1core.dll - ok
10:40:12.0039 0864  [ F404E59DB6A0F122AB26BF4F3E2FD0FA ] C:\Windows\System32\dxgi.dll
10:40:12.0039 0864  C:\Windows\System32\dxgi.dll - ok
10:40:12.0039 0864  [ 9682D5B9D9309377C1A7E08C3E6B7B3D ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System\6be6efa1e2ffc9d46e99839edac5c5a8\System.ni.dll
10:40:12.0039 0864  C:\Windows\assembly\NativeImages_v2.0.50727_64\System\6be6efa1e2ffc9d46e99839edac5c5a8\System.ni.dll - ok
10:40:12.0055 0864  [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe
10:40:12.0055 0864  C:\Windows\explorer.exe - ok
10:40:12.0055 0864  [ C961AD5DE3705050DC5D5EA76B8C2BBD ] C:\Program Files (x86)\Enterasys Networks\NAC Agent\rt\bin\fontmanager.dll
10:40:12.0055 0864  C:\Program Files (x86)\Enterasys Networks\NAC Agent\rt\bin\fontmanager.dll - ok
10:40:12.0071 0864  [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
10:40:12.0071 0864  C:\Windows\System32\MsCtfMonitor.dll - ok
10:40:12.0071 0864  [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
10:40:12.0071 0864  C:\Windows\System32\msutb.dll - ok
10:40:12.0071 0864  [ F9D908DE6B166DAC9B89BF62FA291CE8 ] C:\Program Files\Bonjour\mdnsNSP.dll
10:40:12.0071 0864  C:\Program Files\Bonjour\mdnsNSP.dll - ok
10:40:12.0086 0864  [ 655EA91407A4BC91F2E3DCA0D72414E5 ] C:\Windows\System32\nvwgf2umx.dll
10:40:12.0086 0864  C:\Windows\System32\nvwgf2umx.dll - ok
10:40:12.0086 0864  [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
10:40:12.0086 0864  C:\Windows\System32\ExplorerFrame.dll - ok
10:40:12.0102 0864  [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
10:40:12.0102 0864  C:\Windows\System32\rasadhlp.dll - ok
10:40:12.0102 0864  [ 45CFBFA8EDC3DF4E2B7FB0D0260FE051 ] C:\Windows\System32\localspl.dll
10:40:12.0102 0864  C:\Windows\System32\localspl.dll - ok
10:40:12.0117 0864  [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
10:40:12.0117 0864  C:\Windows\System32\PlaySndSrv.dll - ok
10:40:12.0117 0864  [ D36AE1B392FAA88FBEF39DE1142DF051 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\f5ec8051a7f0dc49a56aa2563039702e\System.ServiceProcess.ni.dll
10:40:12.0117 0864  C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\f5ec8051a7f0dc49a56aa2563039702e\System.ServiceProcess.ni.dll - ok
10:40:12.0133 0864  [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
10:40:12.0133 0864  C:\Windows\System32\spoolss.dll - ok
10:40:12.0133 0864  [ 8B22467AD7C4ED07938DE0830B6DA633 ] C:\Program Files (x86)\Enterasys Networks\NAC Agent\rt\bin\net.dll
10:40:12.0133 0864  C:\Program Files (x86)\Enterasys Networks\NAC Agent\rt\bin\net.dll - ok
10:40:12.0149 0864  [ 805A52C5AE26C28E88FDD9BCCFE6F312 ] C:\Windows\System32\TSChannel.dll
10:40:12.0149 0864  C:\Windows\System32\TSChannel.dll - ok
10:40:12.0149 0864  [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
10:40:12.0149 0864  C:\Windows\SysWOW64\wship6.dll - ok
10:40:12.0164 0864  [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\SysWOW64\NapiNSP.dll
10:40:12.0164 0864  C:\Windows\SysWOW64\NapiNSP.dll - ok
10:40:12.0164 0864  [ 0BA65122FFA7E37564EE86422DBF7AE8 ] C:\Windows\SysWOW64\nlaapi.dll
10:40:12.0164 0864  C:\Windows\SysWOW64\nlaapi.dll - ok
10:40:12.0164 0864  [ C5AC93CF3BA30D367FB49148A2B673B9 ] C:\Windows\System32\PrintIsolationProxy.dll
10:40:12.0164 0864  C:\Windows\System32\PrintIsolationProxy.dll - ok
10:40:12.0180 0864  [ FDA0DB654F5CDF788EA8F8A043722492 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\caf44a89a6ea628053ab717f461cd123\System.ServiceModel.ni.dll
10:40:12.0180 0864  C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\caf44a89a6ea628053ab717f461cd123\System.ServiceModel.ni.dll - ok
10:40:12.0180 0864  [ EC55351788F229C98BCD657ED0B46893 ] C:\Windows\System32\CNMLM95.DLL
10:40:12.0180 0864  C:\Windows\System32\CNMLM95.DLL - ok
10:40:12.0195 0864  [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\SysWOW64\pnrpnsp.dll
10:40:12.0195 0864  C:\Windows\SysWOW64\pnrpnsp.dll - ok
10:40:12.0195 0864  [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll
10:40:12.0195 0864  C:\Windows\SysWOW64\dnsapi.dll - ok
10:40:12.0211 0864  [ 506708142BC63DABA64F2D3AD1DCD5BF ] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:40:12.0211 0864  C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - ok
10:40:12.0211 0864  [ BAB5F1BEA35F7B1E498C5EAC1EA15BD8 ] C:\Windows\System32\CNMN6PPM.DLL
10:40:12.0211 0864  C:\Windows\System32\CNMN6PPM.DLL - ok
10:40:12.0227 0864  [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files (x86)\Bonjour\mdnsNSP.dll
10:40:12.0227 0864  C:\Program Files (x86)\Bonjour\mdnsNSP.dll - ok
10:40:12.0227 0864  [ 9EA444B58D9A63674C9278D974205CA0 ] C:\Windows\System32\CNCF2Le.DLL
10:40:12.0227 0864  C:\Windows\System32\CNCF2Le.DLL - ok
10:40:12.0242 0864  [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\SysWOW64\winrnr.dll
10:40:12.0242 0864  C:\Windows\SysWOW64\winrnr.dll - ok
10:40:12.0242 0864  [ 19E41CCCEE697CC9465396B370929792 ] C:\Windows\System32\FXSMON.dll
10:40:12.0242 0864  C:\Windows\System32\FXSMON.dll - ok
10:40:12.0258 0864  [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll
10:40:12.0258 0864  C:\Windows\System32\uDWM.dll - ok
10:40:12.0258 0864  [ 010DECA975F3C6DCB22253D1E3518CAA ] C:\Windows\System32\PSR7C3BC.DLL
10:40:12.0258 0864  C:\Windows\System32\PSR7C3BC.DLL - ok
10:40:12.0258 0864  [ AC122407B29378FF9646F03404AC7C54 ] C:\Windows\SysWOW64\wshbth.dll
10:40:12.0258 0864  C:\Windows\SysWOW64\wshbth.dll - ok
10:40:12.0273 0864  [ 758D99511FD82B6C55E70494039E9F1A ] C:\Program Files (x86)\Google\Update\1.3.21.145\goopdate.dll
10:40:12.0273 0864  C:\Program Files (x86)\Google\Update\1.3.21.145\goopdate.dll - ok
10:40:12.0273 0864  [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\SysWOW64\netapi32.dll
10:40:12.0273 0864  C:\Windows\SysWOW64\netapi32.dll - ok
10:40:12.0289 0864  [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\SysWOW64\netutils.dll
10:40:12.0289 0864  C:\Windows\SysWOW64\netutils.dll - ok
10:40:12.0289 0864  [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\SysWOW64\srvcli.dll
10:40:12.0289 0864  C:\Windows\SysWOW64\srvcli.dll - ok
10:40:12.0305 0864  [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\SysWOW64\wkscli.dll
10:40:12.0305 0864  C:\Windows\SysWOW64\wkscli.dll - ok
10:40:12.0305 0864  [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
10:40:12.0305 0864  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
10:40:12.0320 0864  [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
10:40:12.0320 0864  C:\Windows\System32\tcpmon.dll - ok
10:40:12.0320 0864  [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\SysWOW64\FWPUCLNT.DLL
10:40:12.0320 0864  C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
10:40:12.0320 0864  [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
10:40:12.0320 0864  C:\Windows\SysWOW64\rasadhlp.dll - ok
10:40:12.0336 0864  [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
10:40:12.0336 0864  C:\Windows\System32\snmpapi.dll - ok
10:40:12.0336 0864  [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
10:40:12.0336 0864  C:\Windows\System32\usbmon.dll - ok
10:40:12.0351 0864  [ FFF9D00CF16397C64317F213484F94BD ] C:\Windows\System32\wsnmp32.dll
10:40:12.0351 0864  C:\Windows\System32\wsnmp32.dll - ok
10:40:12.0351 0864  [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
10:40:12.0351 0864  C:\Windows\System32\WSDMon.dll - ok
10:40:12.0367 0864  [ B918311A8E59FB8CCF613A110024DEBA ] C:\Windows\System32\osk.exe
10:40:12.0367 0864  C:\Windows\System32\osk.exe - ok
10:40:12.0367 0864  [ F1B205F932F62F94506A5F332C895DAF ] C:\Windows\System32\WSDApi.dll
10:40:12.0367 0864  C:\Windows\System32\WSDApi.dll - ok
10:40:12.0367 0864  [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\SysWOW64\imagehlp.dll
10:40:12.0367 0864  C:\Windows\SysWOW64\imagehlp.dll - ok
10:40:12.0383 0864  [ C55516D98DD5D8F0153C2A9B4227DA86 ] C:\Windows\System32\webservices.dll
10:40:12.0383 0864  C:\Windows\System32\webservices.dll - ok
10:40:12.0383 0864  [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
10:40:12.0383 0864  C:\Windows\System32\fundisc.dll - ok
10:40:12.0398 0864  [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\SysWOW64\msi.dll
10:40:12.0398 0864  C:\Windows\SysWOW64\msi.dll - ok
10:40:12.0398 0864  [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\SysWOW64\cscapi.dll
10:40:12.0398 0864  C:\Windows\SysWOW64\cscapi.dll - ok
10:40:12.0414 0864  [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\SysWOW64\dbghelp.dll
10:40:12.0414 0864  C:\Windows\SysWOW64\dbghelp.dll - ok
10:40:12.0414 0864  [ 74F8130E074EFC413E38EBE25EBA23D2 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\8e6532fb5cce010f2c5f6c9b02c6da85\SMDiagnostics.ni.dll
10:40:12.0414 0864  C:\Windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\8e6532fb5cce010f2c5f6c9b02c6da85\SMDiagnostics.ni.dll - ok
10:40:12.0414 0864  [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
10:40:12.0414 0864  C:\Windows\System32\fdPnp.dll - ok
10:40:12.0429 0864  [ FC31518FAC3D66998EB5DA9D7AD32111 ] C:\Windows\System32\spool\prtprocs\x64\CNMPD95.DLL
10:40:12.0429 0864  C:\Windows\System32\spool\prtprocs\x64\CNMPD95.DLL - ok
10:40:12.0429 0864  [ 1D626FE2E13C1CE49CA0136CFF214E93 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
10:40:12.0429 0864  C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
10:40:12.0445 0864  [ 0353B239C28B0E9EBC7FA3D1F6181661 ] C:\Windows\System32\win32spl.dll
10:40:12.0445 0864  C:\Windows\System32\win32spl.dll - ok
10:40:12.0445 0864  [ 76B35CB0F3A4E69D6DFF27F542B9F856 ] C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
10:40:12.0445 0864  C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe - ok
10:40:12.0461 0864  [ 8323B32A6FC3FCD7E5C8BA94B36CE162 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\3762e80651ff8d0bbcdb0ccebfb3b3f7\System.Configuration.ni.dll
10:40:12.0461 0864  C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\3762e80651ff8d0bbcdb0ccebfb3b3f7\System.Configuration.ni.dll - ok
10:40:12.0461 0864  [ 162100E0BC8377710F9D170631921C03 ] C:\Windows\System32\drivers\NisDrvWFP.sys
10:40:12.0461 0864  C:\Windows\System32\drivers\NisDrvWFP.sys - ok
10:40:12.0476 0864  [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
10:40:12.0476 0864  C:\Windows\System32\aepic.dll - ok
10:40:12.0476 0864  [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
10:40:12.0476 0864  C:\Windows\System32\drivers\PEAuth.sys - ok
10:40:12.0492 0864  [ 8AD77806D336673F270DB31645267293 ] C:\Windows\System32\nlasvc.dll
10:40:12.0492 0864  C:\Windows\System32\nlasvc.dll - ok
10:40:12.0492 0864  [ D4FAC263861BAE06971C7F7D0A8EBF15 ] C:\Windows\System32\ncsi.dll
10:40:12.0492 0864  C:\Windows\System32\ncsi.dll - ok
10:40:12.0492 0864  [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
10:40:12.0492 0864  C:\Windows\System32\sfc.dll - ok
10:40:12.0507 0864  [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
10:40:12.0507 0864  C:\Windows\System32\sfc_os.dll - ok
10:40:12.0507 0864  [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
10:40:12.0507 0864  C:\Windows\System32\ssdpapi.dll - ok
10:40:12.0523 0864  [ 507D5567A0A4EE86C4B0CE2CE1777025 ] C:\Windows\System32\inetpp.dll
10:40:12.0523 0864  C:\Windows\System32\inetpp.dll - ok
10:40:12.0523 0864  [ 6108654C5EBEA28A606D6890B4DE6DE3 ] C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
10:40:12.0523 0864  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe - ok
10:40:12.0523 0864  [ 4E252E85E5DC31BD645E809222AFAF27 ] C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
10:40:12.0523 0864  C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe - ok
10:40:12.0539 0864  [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
10:40:12.0539 0864  C:\Windows\SysWOW64\clbcatq.dll - ok
10:40:12.0539 0864  [ 0326875B57E3F6AB305CD0241C6E632B ] C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
10:40:12.0539 0864  C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe - ok
10:40:12.0554 0864  [ 7AACDCCE2CF59AD950139A91C6B29F44 ] C:\Users\Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
10:40:12.0554 0864  C:\Users\Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll - ok
10:40:12.0554 0864  [ 241AF87821FDA0F5792037B779F49BE0 ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcp90.dll
10:40:12.0554 0864  C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcp90.dll - ok
10:40:12.0570 0864  [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
10:40:12.0570 0864  C:\Windows\System32\cscapi.dll - ok
10:40:12.0570 0864  [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
10:40:12.0570 0864  C:\Windows\System32\drivers\secdrv.sys - ok
10:40:12.0585 0864  [ D233C7FEAE3FAA25F93A9E6B46815ADC ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll
10:40:12.0585 0864  C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll - ok
10:40:12.0585 0864  [ BC617A4E1B4FA8DF523A061739A0BD87 ] C:\Windows\System32\seclogon.dll
10:40:12.0585 0864  C:\Windows\System32\seclogon.dll - ok
10:40:12.0601 0864  [ C5A99A4C0DC9F0F5A95BA0C83D30A549 ] C:\Windows\SysWOW64\mstask.dll
10:40:12.0601 0864  C:\Windows\SysWOW64\mstask.dll - ok
10:40:12.0601 0864  [ 5CCD5B62076D4432D4728BB6CB3DEBFD ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\7a560781987776298120763de1df8f77\System.Xml.ni.dll
10:40:12.0601 0864  C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\7a560781987776298120763de1df8f77\System.Xml.ni.dll - ok
10:40:12.0617 0864  [ D0F935D207298F6DC6AC16671A7881D1 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\d05c044ac062965045cbf7e4d2356f65\System.IdentityModel.ni.dll
10:40:12.0617 0864  C:\Windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\d05c044ac062965045cbf7e4d2356f65\System.IdentityModel.ni.dll - ok
10:40:12.0617 0864  [ 9E1F8293CA144F55B21406CA77BDBCE1 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\32072ac29ee7bc9e2ccab4fb8aa46d54\System.Runtime.Serialization.ni.dll
10:40:12.0617 0864  C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\32072ac29ee7bc9e2ccab4fb8aa46d54\System.Runtime.Serialization.ni.dll - ok
10:40:12.0632 0864  [ 7C15061CD0372487903B07B9BB03AFAD ] C:\Program Files (x86)\Skype\Updater\Updater.exe
10:40:12.0632 0864  C:\Program Files (x86)\Skype\Updater\Updater.exe - ok
10:40:12.0632 0864  [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
10:40:12.0632 0864  C:\Windows\System32\EhStorShell.dll - ok
10:40:12.0648 0864  [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
10:40:12.0648 0864  C:\Windows\SysWOW64\psapi.dll - ok
10:40:12.0648 0864  [ 27E461F0BE5BFF5FC737328F749538C3 ] C:\Windows\System32\drivers\srvnet.sys
10:40:12.0648 0864  C:\Windows\System32\drivers\srvnet.sys - ok
10:40:12.0663 0864  [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
10:40:12.0663 0864  C:\Windows\SysWOW64\cryptsp.dll - ok
10:40:12.0663 0864  [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\SysWOW64\RpcRtRemote.dll
10:40:12.0663 0864  C:\Windows\SysWOW64\RpcRtRemote.dll - ok
10:40:12.0679 0864  [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
10:40:12.0679 0864  C:\Windows\SysWOW64\rsaenh.dll - ok
10:40:12.0679 0864  [ 2D48CB917133A2489E28011D8AECE757 ] C:\Windows\Temp\Network Wizard.exe
10:40:12.0679 0864  C:\Windows\Temp\Network Wizard.exe - ok
10:40:12.0679 0864  [ 32802C0F6FC7C8F561B9D91F52A46421 ] C:\Windows\System32\cscui.dll
10:40:12.0679 0864  C:\Windows\System32\cscui.dll - ok
10:40:12.0695 0864  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] C:\Windows\System32\ssdpsrv.dll
10:40:12.0695 0864  C:\Windows\System32\ssdpsrv.dll - ok
10:40:12.0695 0864  [ 7EE5F17A21D9A9101207DF4BC37B085D ] C:\Windows\System32\cscdll.dll
10:40:12.0695 0864  C:\Windows\System32\cscdll.dll - ok
10:40:12.0710 0864  [ BCEA9AB347E53BC03B2E36BE0B8BA0EF ] C:\Windows\System32\httpapi.dll
10:40:12.0710 0864  C:\Windows\System32\httpapi.dll - ok
10:40:12.0726 0864  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] C:\Windows\System32\sysmain.dll
10:40:12.0726 0864  C:\Windows\System32\sysmain.dll - ok
10:40:12.0726 0864  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] C:\Windows\System32\drivers\tcpipreg.sys
10:40:12.0726 0864  C:\Windows\System32\drivers\tcpipreg.sys - ok
10:40:12.0741 0864  [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll
10:40:12.0741 0864  C:\Windows\System32\ntshrui.dll - ok
10:40:12.0741 0864  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] C:\Windows\System32\tapisrv.dll
10:40:12.0741 0864  C:\Windows\System32\tapisrv.dll - ok
10:40:12.0757 0864  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] C:\Windows\System32\wiaservc.dll
10:40:12.0757 0864  C:\Windows\System32\wiaservc.dll - ok
10:40:12.0757 0864  [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5 ] C:\Windows\System32\wiatrace.dll
10:40:12.0757 0864  C:\Windows\System32\wiatrace.dll - ok
10:40:12.0773 0864  [ 4C1244FEF74C60A4B1B151C76609CBE2 ] C:\Windows\System32\wsdchngr.dll
10:40:12.0773 0864  C:\Windows\System32\wsdchngr.dll - ok
10:40:12.0773 0864  [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
10:40:12.0773 0864  C:\Windows\System32\trkwks.dll - ok
10:40:12.0773 0864  [ 654D48F9659A81846A73CCCAC32AAF7D ] C:\Windows\System32\CNC700C.DLL
10:40:12.0773 0864  C:\Windows\System32\CNC700C.DLL - ok
10:40:12.0788 0864  [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
10:40:12.0788 0864  C:\Windows\System32\IconCodecService.dll - ok
10:40:12.0788 0864  [ 43EA1CA0EDC27F525D26406B306D8959 ] C:\Windows\System32\CNC700L.DLL
10:40:12.0788 0864  C:\Windows\System32\CNC700L.DLL - ok
10:40:12.0804 0864  [ 9A404CE3D11FA26F1EB08BE2F9C9269A ] C:\ProgramData\TVersity\Media Server\MediaServer.exe
10:40:12.0804 0864  C:\ProgramData\TVersity\Media Server\MediaServer.exe - ok
10:40:12.0804 0864  [ FDC385A0F7D7DD880C4622D1DF08ABE9 ] C:\Windows\System32\ntprint.dll
10:40:12.0804 0864  C:\Windows\System32\ntprint.dll - ok
10:40:12.0804 0864  [ 90B5F0B63BAA48F2D63101218A41F593 ] C:\ProgramData\TVersity\Media Server\taglib.dll
10:40:12.0804 0864  C:\ProgramData\TVersity\Media Server\taglib.dll - ok
10:40:12.0819 0864  [ 28DAFF4640FE4AB37BA90A91AB4CB51E ] C:\Windows\twain_32\MX700 series_000085C48351\USDRESUS.DLL
10:40:12.0819 0864  C:\Windows\twain_32\MX700 series_000085C48351\USDRESUS.DLL - ok
10:40:12.0819 0864  [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
10:40:12.0819 0864  C:\Windows\System32\aeevts.dll - ok
10:40:12.0835 0864  [ 488B54EE1BEF99C21DF568C5490C03D8 ] C:\ProgramData\TVersity\Media Server\CORE_RL_magick_.dll
10:40:12.0835 0864  C:\ProgramData\TVersity\Media Server\CORE_RL_magick_.dll - ok
10:40:12.0835 0864  [ 40CA4E5AABC128BDA7E6308DB6AF122B ] C:\ProgramData\TVersity\Media Server\CORE_RL_ttf_.dll
10:40:12.0835 0864  C:\ProgramData\TVersity\Media Server\CORE_RL_ttf_.dll - ok
10:40:12.0851 0864  [ D35DC865B41C876D6783F5E813132C34 ] C:\ProgramData\TVersity\Media Server\CORE_RL_lcms_.dll
10:40:12.0851 0864  C:\ProgramData\TVersity\Media Server\CORE_RL_lcms_.dll - ok
10:40:12.0851 0864  [ 270C3F2A63A1C88CA10C4AAC47B4E382 ] C:\ProgramData\TVersity\Media Server\CORE_RL_bzlib_.dll
10:40:12.0851 0864  C:\ProgramData\TVersity\Media Server\CORE_RL_bzlib_.dll - ok
10:40:12.0866 0864  [ 515A0CA85AD0110B8A8C88830ABF10BA ] C:\ProgramData\TVersity\Media Server\CORE_RL_zlib_.dll
10:40:12.0866 0864  C:\ProgramData\TVersity\Media Server\CORE_RL_zlib_.dll - ok
10:40:12.0866 0864  [ 79C8E53267647FEAC3FD2CE180FF6301 ] C:\ProgramData\TVersity\Media Server\CORE_RL_xlib_.dll
10:40:12.0866 0864  C:\ProgramData\TVersity\Media Server\CORE_RL_xlib_.dll - ok
10:40:12.0882 0864  [ 2E9C59AE0AD1706EAE28986E85F7811F ] C:\ProgramData\TVersity\Media Server\libcurl.dll
10:40:12.0882 0864  C:\ProgramData\TVersity\Media Server\libcurl.dll - ok
10:40:12.0882 0864  [ B2BD3F01B5A5431E918EA77E20FE8578 ] C:\ProgramData\TVersity\Media Server\zlib1.dll
10:40:12.0882 0864  C:\ProgramData\TVersity\Media Server\zlib1.dll - ok
10:40:12.0882 0864  [ 2AA9EA7AA6F77CA754F9B5FBF2B972F4 ] C:\ProgramData\TVersity\Media Server\libeay32.dll
10:40:12.0882 0864  C:\ProgramData\TVersity\Media Server\libeay32.dll - ok
10:40:12.0897 0864  [ 6068E180500FA42A7717154D3A028F63 ] C:\ProgramData\TVersity\Media Server\ssleay32.dll
10:40:12.0897 0864  C:\ProgramData\TVersity\Media Server\ssleay32.dll - ok
10:40:12.0897 0864  [ B4919241A6232A4CD147A605213286EA ] C:\ProgramData\TVersity\Media Server\libapr.dll
10:40:12.0897 0864  C:\ProgramData\TVersity\Media Server\libapr.dll - ok
10:40:12.0913 0864  [ 3B4C487B993975355995521A152E6DD0 ] C:\ProgramData\TVersity\Media Server\libaprutil.dll
10:40:12.0913 0864  C:\ProgramData\TVersity\Media Server\libaprutil.dll - ok
10:40:12.0913 0864  [ 81DFA60B42CA7E54DFE9475088C18A3D ] C:\ProgramData\TVersity\Media Server\libapriconv.dll
10:40:12.0913 0864  C:\ProgramData\TVersity\Media Server\libapriconv.dll - ok
10:40:12.0929 0864  [ AF005077659370AF502C42BCEB6B3212 ] C:\ProgramData\TVersity\Media Server\log4cxx.dll
10:40:12.0929 0864  C:\ProgramData\TVersity\Media Server\log4cxx.dll - ok
10:40:12.0929 0864  [ B23B47642ED557090B2F9CCD4D6D7E96 ] C:\ProgramData\TVersity\Media Server\pthreadVC2.dll
10:40:12.0929 0864  C:\ProgramData\TVersity\Media Server\pthreadVC2.dll - ok
10:40:12.0944 0864  [ C4E956200B575072221880F2A62BFD78 ] C:\ProgramData\TVersity\Media Server\avcodec-52.dll
10:40:12.0944 0864  C:\ProgramData\TVersity\Media Server\avcodec-52.dll - ok
10:40:12.0944 0864  [ 522B0466ED967A0762E9AF5B37D8F40A ] C:\Windows\System32\esent.dll
10:40:12.0944 0864  C:\Windows\System32\esent.dll - ok
10:40:12.0960 0864  [ AAC8CD331524611AD754593414765658 ] C:\ProgramData\TVersity\Media Server\avutil-50.dll
10:40:12.0960 0864  C:\ProgramData\TVersity\Media Server\avutil-50.dll - ok
10:40:12.0960 0864  [ 727F56A63F0CCDD6E0B879764C75DB75 ] C:\ProgramData\TVersity\Media Server\libmp3lame-0.dll
10:40:12.0960 0864  C:\ProgramData\TVersity\Media Server\libmp3lame-0.dll - ok
10:40:12.0975 0864  [ ADEEC1DDA0C7E7597E38E273C4D002C0 ] C:\ProgramData\TVersity\Media Server\avformat-52.dll
10:40:12.0975 0864  C:\ProgramData\TVersity\Media Server\avformat-52.dll - ok
10:40:12.0975 0864  [ 27ED4B420AECFD2EE71ACB7B962FF287 ] C:\ProgramData\TVersity\Media Server\swscale-0.dll
10:40:12.0975 0864  C:\ProgramData\TVersity\Media Server\swscale-0.dll - ok
10:40:12.0975 0864  [ 8E9758CC0F272009BA08216F8C47DC8F ] C:\ProgramData\TVersity\Media Server\sqlite3.dll
10:40:12.0975 0864  C:\ProgramData\TVersity\Media Server\sqlite3.dll - ok
10:40:12.0991 0864  [ 0AE0C4955E1DE29CCDC9DA1B816FE5EE ] C:\Windows\SysWOW64\quartz.dll
10:40:12.0991 0864  C:\Windows\SysWOW64\quartz.dll - ok
10:40:12.0991 0864  [ 0F416E23DD2EB4DEBE70608020CFD283 ] C:\Windows\SysWOW64\WMVCORE.DLL
10:40:12.0991 0864  C:\Windows\SysWOW64\WMVCORE.DLL - ok
10:40:13.0007 0864  [ A7DD56261518373F70F23079EB3CD0A2 ] C:\Windows\SysWOW64\WMASF.DLL
10:40:13.0007 0864  C:\Windows\SysWOW64\WMASF.DLL - ok
10:40:13.0007 0864  [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
10:40:13.0007 0864  C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok
10:40:13.0022 0864  [ B32009DB1972E7F2C227499289C4384A ] C:\Windows\System32\inetsrv\iisw3adm.dll
10:40:13.0022 0864  C:\Windows\System32\inetsrv\iisw3adm.dll - ok
10:40:13.0022 0864  [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
10:40:13.0022 0864  C:\Windows\System32\wbem\WMIsvc.dll - ok
10:40:13.0038 0864  [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
10:40:13.0038 0864  C:\Windows\System32\wbemcomn.dll - ok
10:40:13.0038 0864  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] C:\Windows\System32\drivers\srv2.sys
10:40:13.0038 0864  C:\Windows\System32\drivers\srv2.sys - ok
10:40:13.0038 0864  [ 49F9AF60349A514C1BCF14DB9C843C5A ] C:\Windows\System32\inetsrv\w3tp.dll
10:40:13.0038 0864  C:\Windows\System32\inetsrv\w3tp.dll - ok
10:40:13.0053 0864  [ EE867A0870FC9E4972BA9EAAD35651E2 ] C:\Windows\System32\rasmans.dll
10:40:13.0053 0864  C:\Windows\System32\rasmans.dll - ok
10:40:13.0053 0864  [ 44C96B48112EB24AE7764EBF1C527000 ] C:\Windows\System32\rastapi.dll
10:40:13.0053 0864  C:\Windows\System32\rastapi.dll - ok
10:40:13.0069 0864  [ 7C1042CDA4E7151E91F1E66A4D9118B0 ] C:\Program Files\Intel\WiFi\bin\EvtEng.exe
10:40:13.0069 0864  C:\Program Files\Intel\WiFi\bin\EvtEng.exe - ok
10:40:13.0069 0864  [ D2A0FFA75AB181B19B5EB93BB29C7686 ] C:\Windows\System32\unimdm.tsp
10:40:13.0069 0864  C:\Windows\System32\unimdm.tsp - ok
10:40:13.0069 0864  [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
10:40:13.0069 0864  C:\Windows\System32\wbem\WmiDcPrv.dll - ok
10:40:13.0085 0864  [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
10:40:13.0085 0864  C:\Windows\System32\wbem\fastprox.dll - ok
10:40:13.0085 0864  [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
10:40:13.0085 0864  C:\Windows\System32\wbem\WinMgmtR.dll - ok
10:40:13.0100 0864  [ 94B7DF336815B47236724019FAB24B7C ] C:\Windows\System32\uniplat.dll
10:40:13.0100 0864  C:\Windows\System32\uniplat.dll - ok
10:40:13.0100 0864  [ 41326DD08ACC0CDC5F8177AF96C066E8 ] C:\Windows\System32\kmddsp.tsp
10:40:13.0100 0864  C:\Windows\System32\kmddsp.tsp - ok
10:40:13.0116 0864  [ 359FD273FAE656A4CDA2165DA026B1FD ] C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll
10:40:13.0116 0864  C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll - ok
10:40:13.0116 0864  [ 7C1BAE7D23D4874FEE256A2B9C00E019 ] C:\Windows\System32\hidphone.tsp
10:40:13.0116 0864  C:\Windows\System32\hidphone.tsp - ok
10:40:13.0131 0864  [ 1D6BC2769DA66C1145F4DA5A65F52E61 ] C:\Windows\System32\ndptsp.tsp
10:40:13.0131 0864  C:\Windows\System32\ndptsp.tsp - ok
10:40:13.0131 0864  [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
10:40:13.0131 0864  C:\Windows\System32\ntdsapi.dll - ok
10:40:13.0147 0864  [ A717A35120DBAB5AB707AB40662AF9DD ] C:\Windows\System32\rasppp.dll
10:40:13.0147 0864  C:\Windows\System32\rasppp.dll - ok
10:40:13.0147 0864  [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
10:40:13.0147 0864  C:\Windows\System32\wbem\wbemprox.dll - ok
10:40:13.0147 0864  [ 437D076C42552489CBFC4C014A098E4E ] C:\Program Files\Intel\WiFi\bin\MurocApi.dll
10:40:13.0147 0864  C:\Program Files\Intel\WiFi\bin\MurocApi.dll - ok
10:40:13.0163 0864  [ 0FE5CD5F9C9248F42D1EF56E495B182E ] C:\Windows\System32\vpnike.dll
10:40:13.0163 0864  C:\Windows\System32\vpnike.dll - ok
10:40:13.0163 0864  [ 6A84E68B538B8B04608BF2F0D426CE6F ] C:\Windows\System32\raschap.dll
10:40:13.0163 0864  C:\Windows\System32\raschap.dll - ok
10:40:13.0178 0864  [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
10:40:13.0178 0864  C:\Windows\System32\wbem\wbemcore.dll - ok
10:40:13.0178 0864  [ 2CA9D57534DCF0BB1488F8A9B3BE1D35 ] C:\Program Files\Intel\WiFi\bin\AmtWsMan.dll
10:40:13.0178 0864  C:\Program Files\Intel\WiFi\bin\AmtWsMan.dll - ok
10:40:13.0194 0864  [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
10:40:13.0194 0864  C:\Windows\System32\wbem\esscli.dll - ok
10:40:13.0194 0864  [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
10:40:13.0194 0864  C:\Windows\System32\wbem\wbemsvc.dll - ok
10:40:13.0209 0864  [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
10:40:13.0209 0864  C:\Windows\System32\wbem\wmiutils.dll - ok
10:40:13.0209 0864  [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
10:40:13.0209 0864  C:\Windows\System32\wbem\repdrvfs.dll - ok
10:40:13.0209 0864  [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
10:40:13.0209 0864  C:\Windows\System32\wbem\WmiPrvSD.dll - ok
10:40:13.0225 0864  [ 7F9CF76F60111619B348728B2C30E1BC ] C:\Program Files\Intel\WiFi\bin\pfQOSMgr.dll
10:40:13.0225 0864  C:\Program Files\Intel\WiFi\bin\pfQOSMgr.dll - ok
10:40:13.0241 0864  [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
10:40:13.0241 0864  C:\Windows\System32\ncobjapi.dll - ok
10:40:13.0241 0864  [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
10:40:13.0241 0864  C:\Windows\System32\wbem\wbemess.dll - ok
10:40:13.0241 0864  [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
10:40:13.0241 0864  C:\Windows\System32\wbem\NCProv.dll - ok
10:40:13.0256 0864  [ 08C2957BB30058E663720C5606885653 ] C:\Windows\System32\iphlpsvc.dll
10:40:13.0256 0864  C:\Windows\System32\iphlpsvc.dll - ok
10:40:13.0256 0864  [ 6A3A5E566D792BA30AFF5EC949FF9F49 ] C:\Windows\System32\inetsrv\wbhstipm.dll
10:40:13.0256 0864  C:\Windows\System32\inetsrv\wbhstipm.dll - ok
10:40:13.0272 0864  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] C:\Windows\System32\drivers\srv.sys
10:40:13.0272 0864  C:\Windows\System32\drivers\srv.sys - ok
10:40:13.0272 0864  [ 27B9E163740A226B65E4B9E186117911 ] C:\Windows\System32\sqmapi.dll
10:40:13.0272 0864  C:\Windows\System32\sqmapi.dll - ok
10:40:13.0287 0864  [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
10:40:13.0287 0864  C:\Windows\System32\wdscore.dll - ok
10:40:13.0287 0864  [ B95F6501A2F8B2E78C697FEC401970CE ] C:\Windows\System32\ipnathlp.dll
10:40:13.0287 0864  C:\Windows\System32\ipnathlp.dll - ok
10:40:13.0287 0864  [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
10:40:13.0287 0864  C:\Windows\System32\mprapi.dll - ok
10:40:13.0303 0864  [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
10:40:13.0303 0864  C:\Windows\System32\netshell.dll - ok
10:40:13.0303 0864  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] C:\Windows\System32\browser.dll
10:40:13.0303 0864  C:\Windows\System32\browser.dll - ok
10:40:13.0319 0864  [ D9F42719019740BAA6D1C6D536CBDAA6 ] C:\Windows\System32\srvsvc.dll
10:40:13.0319 0864  C:\Windows\System32\srvsvc.dll - ok
10:40:13.0319 0864  [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
10:40:13.0319 0864  C:\Windows\System32\hnetcfg.dll - ok
10:40:13.0319 0864  [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
10:40:13.0319 0864  C:\Windows\System32\netmsg.dll - ok
10:40:13.0334 0864  [ 81749E073AC5857B044A686B406E5244 ] C:\Windows\System32\clusapi.dll
10:40:13.0334 0864  C:\Windows\System32\clusapi.dll - ok
10:40:13.0334 0864  [ FF80CAD87555E8E4D2CFD7B9058343F8 ] C:\Windows\System32\sscore.dll
10:40:13.0334 0864  C:\Windows\System32\sscore.dll - ok
10:40:13.0350 0864  [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
10:40:13.0350 0864  C:\Windows\System32\resutils.dll - ok
10:40:13.0350 0864  [ FEB91B4DA0D540865260A33838654FA3 ] C:\Windows\System32\nci.dll
10:40:13.0350 0864  C:\Windows\System32\nci.dll - ok
10:40:13.0365 0864  [ 521202AA6F2B74FCCC6BC7E162109D71 ] C:\Windows\System32\wbem\unsecapp.exe
10:40:13.0365 0864  C:\Windows\System32\wbem\unsecapp.exe - ok
10:40:13.0365 0864  [ 619A67C9F617B7E69315BB28ECD5E1DF ] C:\Windows\System32\wbem\WmiPrvSE.exe
10:40:13.0365 0864  C:\Windows\System32\wbem\WmiPrvSE.exe - ok
10:40:13.0365 0864  [ 4AC6838AAF3F7C7175D222B935143C9F ] C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll
10:40:13.0365 0864  C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll - ok
10:40:13.0381 0864  [ 07AD88DF9EF73215458867EFC1BFFE9E ] C:\Windows\System32\wbem\wmiprov.dll
10:40:13.0381 0864  C:\Windows\System32\wbem\wmiprov.dll - ok
10:40:13.0381 0864  [ AA41C114F15B89750D5EA5D8AC4DC021 ] C:\Program Files\Intel\WiFi\bin\iWrap.exe
10:40:13.0381 0864  C:\Program Files\Intel\WiFi\bin\iWrap.exe - ok
10:40:13.0397 0864  [ 263E9A047D17CD50BAA9D3C02910D18D ] C:\Windows\System32\oledlg.dll
10:40:13.0397 0864  C:\Windows\System32\oledlg.dll - ok
10:40:13.0397 0864  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] C:\Windows\System32\appinfo.dll
10:40:13.0397 0864  C:\Windows\System32\appinfo.dll - ok
10:40:13.0412 0864  [ CC8E52DAA9826064BA464DBE531F2BB5 ] C:\Windows\System32\drivers\CVPNDRVA.sys
10:40:13.0412 0864  C:\Windows\System32\drivers\CVPNDRVA.sys - ok
10:40:13.0412 0864  [ 312316F6B637336F32F88532F84E093D ] C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys
10:40:13.0412 0864  C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys - ok
10:40:13.0428 0864  [ 2E648163254233755035B46DD7B89123 ] C:\Windows\System32\termsrv.dll
10:40:13.0428 0864  C:\Windows\System32\termsrv.dll - ok
10:40:13.0428 0864  [ C6E15F2F95F9C0A6098D43510B604E52 ] C:\Program Files\Microsoft Security Client\NisSrv.exe
10:40:13.0428 0864  C:\Program Files\Microsoft Security Client\NisSrv.exe - ok
10:40:13.0428 0864  [ 7E236CC26FF0C2513819FA453E2C5371 ] C:\Windows\System32\icaapi.dll
10:40:13.0428 0864  C:\Windows\System32\icaapi.dll - ok
10:40:13.0443 0864  [ 6BF27D309C6077F1E8A7747B49F7B17F ] C:\Program Files\Microsoft Security Client\NisLog.dll
10:40:13.0443 0864  C:\Program Files\Microsoft Security Client\NisLog.dll - ok
10:40:13.0443 0864  [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
10:40:13.0443 0864  C:\Windows\System32\wdi.dll - ok
10:40:13.0459 0864  [ 988121D083B7AB61D4A7E244290BAAB0 ] C:\Windows\System32\lsmproxy.dll
10:40:13.0459 0864  C:\Windows\System32\lsmproxy.dll - ok
10:40:13.0459 0864  [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
10:40:13.0459 0864  C:\Windows\System32\npmproxy.dll - ok
10:40:13.0475 0864  [ E377BBA01F34E4183C32E5BBD688CE83 ] C:\Windows\System32\regapi.dll
10:40:13.0475 0864  C:\Windows\System32\regapi.dll - ok
10:40:13.0475 0864  [ 93221146D4EBBF314C29B23CD6CC391D ] C:\Windows\System32\wpdbusenum.dll
10:40:13.0475 0864  C:\Windows\System32\wpdbusenum.dll - ok
10:40:13.0475 0864  [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
10:40:13.0475 0864  C:\Windows\System32\aelupsvc.dll - ok
10:40:13.0490 0864  [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
10:40:13.0490 0864  C:\Windows\System32\NapiNSP.dll - ok
10:40:13.0490 0864  [ 5B236296E233CAA6BF86BE0C6501A224 ] C:\Windows\System32\rdpcorekmts.dll
10:40:13.0490 0864  C:\Windows\System32\rdpcorekmts.dll - ok
10:40:13.0506 0864  [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
10:40:13.0506 0864  C:\Windows\System32\pnrpnsp.dll - ok
10:40:13.0506 0864  [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
10:40:13.0506 0864  C:\Windows\System32\winrnr.dll - ok
10:40:13.0521 0864  [ 4449D23E8F197862F1B16F1E6C89C36C ] C:\Windows\System32\diagperf.dll
10:40:13.0521 0864  C:\Windows\System32\diagperf.dll - ok
10:40:13.0521 0864  [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
10:40:13.0521 0864  C:\Windows\System32\PortableDeviceApi.dll - ok
10:40:13.0537 0864  [ 6D5DCC1579B3961D791ABDE286A1CB5E ] C:\Windows\System32\rdpwsx.dll
10:40:13.0537 0864  C:\Windows\System32\rdpwsx.dll - ok
10:40:13.0537 0864  [ 1B4A711265FEA91259553D7B4E83394B ] C:\Windows\System32\tlscsp.dll
10:40:13.0537 0864  C:\Windows\System32\tlscsp.dll - ok
10:40:13.0537 0864  [ 748849C42DEA24C723048E24BCA1BD55 ] C:\Windows\System32\wshbth.dll
10:40:13.0537 0864  C:\Windows\System32\wshbth.dll - ok
10:40:13.0553 0864  [ 1B6163C503398B23FF8B939C67747683 ] C:\Windows\System32\drivers\rdpdr.sys
10:40:13.0553 0864  C:\Windows\System32\drivers\rdpdr.sys - ok
10:40:13.0553 0864  [ A293DCD756D04D8492A750D03B9A297C ] C:\Windows\System32\umrdp.dll
10:40:13.0553 0864  C:\Windows\System32\umrdp.dll - ok
10:40:13.0568 0864  [ BD9EB3958F213F96B97B1D897DEE006D ] C:\Windows\System32\hidserv.dll
10:40:13.0568 0864  C:\Windows\System32\hidserv.dll - ok
10:40:13.0568 0864  [ E811F8510B133E70CF6E509FB809824F ] C:\Windows\System32\wdiasqmmodule.dll
10:40:13.0568 0864  C:\Windows\System32\wdiasqmmodule.dll - ok
10:40:13.0584 0864  [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
10:40:13.0584 0864  C:\Windows\System32\Apphlpdm.dll - ok
10:40:13.0584 0864  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] C:\Windows\System32\drivers\tdtcp.sys
10:40:13.0584 0864  C:\Windows\System32\drivers\tdtcp.sys - ok
10:40:13.0584 0864  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] C:\Windows\System32\drivers\tssecsrv.sys
10:40:13.0584 0864  C:\Windows\System32\drivers\tssecsrv.sys - ok
10:40:13.0599 0864  [ E61608AA35E98999AF9AAEEEA6114B0A ] C:\Windows\System32\drivers\rdpwd.sys
10:40:13.0599 0864  C:\Windows\System32\drivers\rdpwd.sys - ok
10:40:13.0599 0864  [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
10:40:13.0599 0864  C:\Windows\System32\radardt.dll - ok
10:40:13.0615 0864  [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
10:40:13.0615 0864  C:\Windows\System32\perftrack.dll - ok
10:40:13.0615 0864  [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
10:40:13.0615 0864  C:\Windows\System32\pnpts.dll - ok
10:40:13.0631 0864  [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
10:40:13.0631 0864  C:\Windows\System32\PortableDeviceConnectApi.dll - ok
10:40:13.0631 0864  [ F17D1D393BBC69C5322FBFAFACA28C7F ] C:\Windows\System32\certprop.dll
10:40:13.0631 0864  C:\Windows\System32\certprop.dll - ok
10:40:13.0631 0864  [ 0B6231BF38174A1628C4AC812CC75804 ] C:\Windows\System32\SessEnv.dll
10:40:13.0631 0864  C:\Windows\System32\SessEnv.dll - ok
10:40:13.0646 0864  [ 0B5511674394666E9D221F8681B2C2E6 ] C:\Windows\System32\consent.exe
10:40:13.0646 0864  C:\Windows\System32\consent.exe - ok
10:40:13.0646 0864  [ CA6F123DF6049E56B924FB19DEF569AC ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7961356-E2DD-4081-AC46-9F6015B21509}\gapaengine.dll
10:40:13.0646 0864  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7961356-E2DD-4081-AC46-9F6015B21509}\gapaengine.dll - ok
10:40:13.0662 0864  [ 2F50B262AF349C3B6F8D659C15241E26 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7961356-E2DD-4081-AC46-9F6015B21509}\nisfull.vdm
10:40:13.0662 0864  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7961356-E2DD-4081-AC46-9F6015B21509}\nisfull.vdm - ok
10:40:13.0662 0864  [ ADF3E771F429940E762AC097F5A54EAF ] C:\Program Files\Windows Defender\MpClient.dll
10:40:13.0662 0864  C:\Program Files\Windows Defender\MpClient.dll - ok
10:40:13.0677 0864  [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
10:40:13.0677 0864  C:\Windows\System32\runonce.exe - ok
10:40:13.0677 0864  [ CF318F60A84F15AF352439465A8D05F4 ] C:\Program Files\Windows Defender\MpSvc.dll
10:40:13.0677 0864  C:\Program Files\Windows Defender\MpSvc.dll - ok
10:40:13.0693 0864  [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
10:40:13.0693 0864  C:\Windows\System32\dimsjob.dll - ok
10:40:13.0693 0864  [ 47ACBD97F95215E3B3168BC51CD5C642 ] C:\Program Files\Common Files\SpeedBit\SBUpdate\sba.exe
10:40:13.0693 0864  C:\Program Files\Common Files\SpeedBit\SBUpdate\sba.exe - ok
10:40:13.0693 0864  [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
10:40:13.0693 0864  C:\Windows\SysWOW64\runonce.exe - ok
10:40:13.0709 0864  [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll
10:40:13.0709 0864  C:\Windows\System32\pautoenr.dll - ok
10:40:13.0709 0864  [ 94DFBB481BF51158B216E23C5C1C9D6E ] C:\Windows\System32\certcli.dll
10:40:13.0709 0864  C:\Windows\System32\certcli.dll - ok
10:40:13.0724 0864  [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
10:40:13.0724 0864  C:\Windows\SysWOW64\uxtheme.dll - ok
10:40:13.0724 0864  [ C53E6220D61AE1161BAC9F4EE29F15FC ] C:\Program Files\Common Files\SpeedBit\SBUpdate\sbi64.exe
10:40:13.0724 0864  C:\Program Files\Common Files\SpeedBit\SBUpdate\sbi64.exe - ok
10:40:13.0740 0864  [ 79AFFC7FEEA9CD2FEFEA5EF3B631A02C ] C:\Windows\System32\ndiscapCfg.dll
10:40:13.0740 0864  C:\Windows\System32\ndiscapCfg.dll - ok
10:40:13.0740 0864  [ 263B26106606A010CF877472B535E4BB ] C:\Windows\System32\CertEnroll.dll
10:40:13.0740 0864  C:\Windows\System32\CertEnroll.dll - ok
10:40:13.0740 0864  [ 3D6AF45673C4B31CDECD7F80AF09D443 ] C:\Windows\System32\rascfg.dll
10:40:13.0740 0864  C:\Windows\System32\rascfg.dll - ok
10:40:13.0755 0864  [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\SysWOW64\propsys.dll
10:40:13.0755 0864  C:\Windows\SysWOW64\propsys.dll - ok
10:40:13.0755 0864  [ 1CF21800E337F4039AAD4C94B4280EE4 ] C:\Windows\System32\mprmsg.dll
10:40:13.0755 0864  C:\Windows\System32\mprmsg.dll - ok
10:40:13.0771 0864  [ DD81D91FF3B0763C392422865C9AC12E ] C:\Windows\System32\rundll32.exe
10:40:13.0771 0864  C:\Windows\System32\rundll32.exe - ok
10:40:13.0771 0864  [ 55DE45B116711881C852D2841E4C84DD ] C:\Windows\System32\tcpipcfg.dll
10:40:13.0771 0864  C:\Windows\System32\tcpipcfg.dll - ok
10:40:13.0787 0864  [ BAE2F98C49428F2E4C40A3C2B480B422 ] C:\Program Files\Common Files\SpeedBit\SBUpdate\sbei64.dll
10:40:13.0787 0864  C:\Program Files\Common Files\SpeedBit\SBUpdate\sbei64.dll - ok
10:40:13.0787 0864  [ 660C8E78B94F483E44B0243A774A4746 ] C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
10:40:13.0787 0864  C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL - ok
10:40:13.0787 0864  [ AC0C9CEA1218DAB1994AF8B28E680BD9 ] C:\Windows\System32\wlaninst.dll
10:40:13.0802 0864  C:\Windows\System32\wlaninst.dll - ok
10:40:13.0802 0864  [ 5A406C9C8E0880D3EABADC5DFD1ACDAE ] C:\Windows\System32\wwaninst.dll
10:40:13.0802 0864  C:\Windows\System32\wwaninst.dll - ok
10:40:13.0802 0864  [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll
10:40:13.0802 0864  C:\Windows\System32\actxprxy.dll - ok
10:40:13.0818 0864  [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
10:40:13.0818 0864  C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
10:40:13.0818 0864  [ 58A14C45A5CD2528F10A889E7B0C3FC2 ] C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll
10:40:13.0818 0864  C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll - ok
10:40:13.0833 0864  [ E9901A7E569C4156FDA69F5C9356B8ED ] C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\OFFICE.ODF
10:40:13.0833 0864  C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\OFFICE.ODF - ok
10:40:13.0833 0864  [ C79F5A24C0B125F56268AA6E2A3AE81B ] C:\Windows\System32\msswch.dll
10:40:13.0833 0864  C:\Windows\System32\msswch.dll - ok
10:40:13.0849 0864  [ 202DB4A5420F02EC8D3DF7CEA7E931CE ] C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll
10:40:13.0849 0864  C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll - ok
10:40:13.0849 0864  [ AFAFD74780A0BB4EBE76CDE10C9CCE43 ] C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
10:40:13.0849 0864  C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll - ok
10:40:13.0849 0864  [ 8F1BAE0A35F3ED80C0859BF05E4EF6ED ] C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll
10:40:13.0849 0864  C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll - ok
10:40:13.0865 0864  [ 019BDD35DE269CB98B22DE8923C2AA3B ] C:\Windows\System32\UIAutomationCore.dll
10:40:13.0865 0864  C:\Windows\System32\UIAutomationCore.dll - ok
10:40:13.0865 0864  [ F93674263F6B07C77956E966953242D9 ] C:\Windows\SysWOW64\secur32.dll
10:40:13.0865 0864  C:\Windows\SysWOW64\secur32.dll - ok
10:40:13.0880 0864  [ 198803E5E93E29967DFB0BCFD0186151 ] C:\Windows\System32\spfileq.dll
10:40:13.0880 0864  C:\Windows\System32\spfileq.dll - ok
10:40:13.0880 0864  [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\SysWOW64\cmd.exe
10:40:13.0880 0864  C:\Windows\SysWOW64\cmd.exe - ok
10:40:13.0896 0864  [ C4897015260CB38A10D4A0258BD4B7F4 ] C:\Windows\System32\oleacchooks.dll
10:40:13.0896 0864  C:\Windows\System32\oleacchooks.dll - ok
10:40:13.0896 0864  [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
10:40:13.0896 0864  C:\Windows\SysWOW64\winbrand.dll - ok
10:40:13.0911 0864  [ D3EAB9BCB2B92EFCA615781C215644C0 ] C:\Windows\SysWOW64\ieframe.dll
10:40:13.0911 0864  C:\Windows\SysWOW64\ieframe.dll - ok
10:40:13.0911 0864  [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\SysWOW64\oleacc.dll
10:40:13.0911 0864  C:\Windows\SysWOW64\oleacc.dll - ok
10:40:13.0927 0864  [ A63DC5C2EA944E6657203E0C8EDEAF61 ] C:\Windows\SysWOW64\dllhost.exe
10:40:13.0927 0864  C:\Windows\SysWOW64\dllhost.exe - ok
10:40:13.0927 0864  [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\SysWOW64\sxs.dll
10:40:13.0927 0864  C:\Windows\SysWOW64\sxs.dll - ok
10:40:13.0943 0864  [ 7BD82EC8C664C636DCAFC7F0EE11CE3B ] C:\Windows\SysWOW64\oleacchooks.dll
10:40:13.0943 0864  C:\Windows\SysWOW64\oleacchooks.dll - ok
10:40:13.0943 0864  [ 32C5EE55EADFC071E57851E26AC98477 ] C:\Windows\System32\Utilman.exe
10:40:13.0943 0864  C:\Windows\System32\Utilman.exe - ok
10:40:13.0943 0864  [ 178A34E5554DCE485E1262DDF027960C ] C:\Temp\7D45E017-8FDA-4822-BE0E-1FDFD37E66BA.exe
10:40:13.0943 0864  C:\Temp\7D45E017-8FDA-4822-BE0E-1FDFD37E66BA.exe - ok
10:40:13.0958 0864  [ BE247AE996A9FDE007A27B51413A6C79 ] C:\Windows\SysWOW64\shdocvw.dll
10:40:13.0958 0864  C:\Windows\SysWOW64\shdocvw.dll - ok
10:40:13.0958 0864  [ BF6D6ED5FADCEEE885BD0144ECF1BA27 ] C:\Windows\SysWOW64\ncrypt.dll
10:40:13.0958 0864  C:\Windows\SysWOW64\ncrypt.dll - ok
10:40:13.0974 0864  [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
10:40:13.0974 0864  C:\Windows\SysWOW64\bcrypt.dll - ok
10:40:13.0974 0864  [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
10:40:13.0974 0864  C:\Windows\SysWOW64\bcryptprimitives.dll - ok
10:40:13.0989 0864  [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
10:40:13.0989 0864  C:\Windows\SysWOW64\gpapi.dll - ok
10:40:13.0989 0864  [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\SysWOW64\cryptnet.dll
10:40:13.0989 0864  C:\Windows\SysWOW64\cryptnet.dll - ok
10:40:13.0989 0864  [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
10:40:13.0989 0864  C:\Windows\SysWOW64\SensApi.dll - ok
10:40:14.0005 0864  [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll
10:40:14.0005 0864  C:\Windows\SysWOW64\winhttp.dll - ok
10:40:14.0005 0864  [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll
10:40:14.0005 0864  C:\Windows\SysWOW64\webio.dll - ok
10:40:14.0021 0864  [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
10:40:14.0021 0864  C:\Windows\SysWOW64\credssp.dll - ok
10:40:14.0021 0864  [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
10:40:14.0021 0864  C:\Windows\SysWOW64\dwmapi.dll - ok
10:40:14.0021 0864  [ 1DB71A41DAEE6B3F8CD0DDA8209FA2D5 ] C:\Windows\SysWOW64\WindowsCodecs.dll
10:40:14.0021 0864  C:\Windows\SysWOW64\WindowsCodecs.dll - ok
10:40:14.0036 0864  [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
10:40:14.0036 0864  C:\Windows\SysWOW64\EhStorShell.dll - ok
10:40:14.0036 0864  [ 676CCC08D9E9A3F4CA39CB04E97048DF ] C:\PROGRA~2\MICROS~3\Office14\1033\GrooveIntlResource.dll
10:40:14.0036 0864  C:\PROGRA~2\MICROS~3\Office14\1033\GrooveIntlResource.dll - ok
10:40:14.0052 0864  [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\SysWOW64\ntshrui.dll
10:40:14.0052 0864  C:\Windows\SysWOW64\ntshrui.dll - ok
10:40:14.0052 0864  [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
10:40:14.0052 0864  C:\Windows\SysWOW64\slc.dll - ok
10:40:14.0052 0864  [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
10:40:14.0052 0864  C:\Windows\SysWOW64\imageres.dll - ok
10:40:14.0067 0864  [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
10:40:14.0067 0864  C:\Windows\SysWOW64\sfc.dll - ok
10:40:14.0067 0864  [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
10:40:14.0067 0864  C:\Windows\SysWOW64\sfc_os.dll - ok
10:40:14.0083 0864  [ 162D247E995EAEBF3EF4289069E1111C ] C:\Windows\SysWOW64\devrtl.dll
10:40:14.0083 0864  C:\Windows\SysWOW64\devrtl.dll - ok
10:40:14.0083 0864  [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
10:40:14.0083 0864  C:\Windows\SysWOW64\mpr.dll - ok
10:40:14.0099 0864  [ B519848DFA30AE2B306576B51321D102 ] C:\Windows\System32\ie4uinit.exe
10:40:14.0099 0864  C:\Windows\System32\ie4uinit.exe - ok
10:40:14.0099 0864  [ C3E98C42EDF7EF237A4BAB91FEAC7426 ] C:\Windows\System32\iedkcs32.dll
10:40:14.0099 0864  C:\Windows\System32\iedkcs32.dll - ok
10:40:14.0114 0864  [ FB10715E4099AF9FA389C71873245226 ] C:\Windows\System32\timedate.cpl
10:40:14.0114 0864  C:\Windows\System32\timedate.cpl - ok
10:40:14.0114 0864  [ C4F40F6CACD796A8E16671D0E9A2F319 ] C:\Windows\System32\shdocvw.dll
10:40:14.0114 0864  C:\Windows\System32\shdocvw.dll - ok
10:40:14.0114 0864  [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
10:40:14.0114 0864  C:\Windows\System32\msiltcfg.dll - ok
10:40:14.0130 0864  [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
10:40:14.0130 0864  C:\Windows\System32\linkinfo.dll - ok
10:40:14.0130 0864  [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
10:40:14.0130 0864  C:\Windows\System32\msftedit.dll - ok
10:40:14.0145 0864  [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
10:40:14.0145 0864  C:\Windows\System32\msls31.dll - ok
10:40:14.0145 0864  [ 2BCBA6052374959A30BD7948444DBB79 ] C:\Windows\System32\gameux.dll
10:40:14.0145 0864  C:\Windows\System32\gameux.dll - ok
10:40:14.0161 0864  [ 7DBA84667DC18877AEF693E3543DFAD7 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
10:40:14.0161 0864  C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
10:40:14.0161 0864  [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
10:40:14.0161 0864  C:\Windows\System32\DeviceCenter.dll - ok
10:40:14.0161 0864  [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
10:40:14.0161 0864  C:\Windows\System32\networkexplorer.dll - ok
10:40:14.0177 0864  [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
10:40:14.0177 0864  C:\Windows\System32\thumbcache.dll - ok
10:40:14.0192 0864  [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\51812865.sys
10:40:14.0192 0864  C:\Windows\System32\drivers\51812865.sys - ok
10:40:14.0192 0864  [ 5F639198C4137075DA50E61C23963C11 ] C:\Windows\System32\drprov.dll
10:40:14.0192 0864  C:\Windows\System32\drprov.dll - ok
10:40:14.0192 0864  [ 2C7FF3931FD2AF0DCD6CC6890F3A646D ] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
10:40:14.0192 0864  C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe - ok
10:40:14.0208 0864  [ BC566D17914B07ABAAB3A5A385CC3300 ] C:\Windows\System32\ntlanman.dll
10:40:14.0208 0864  C:\Windows\System32\ntlanman.dll - ok
10:40:14.0208 0864  [ 254A8D98E103E06CF86CB2DA8708620F ] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.dll
10:40:14.0208 0864  C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.dll - ok
10:40:14.0223 0864  [ B3A33600DCDFB84D7FBE09ADEB1C9B8A ] C:\Windows\System32\davclnt.dll
10:40:14.0223 0864  C:\Windows\System32\davclnt.dll - ok
10:40:14.0239 0864  [ 45B24A357C801CE62052FE0CDC8BD4D2 ] C:\Windows\System32\davhlpr.dll
10:40:14.0239 0864  C:\Windows\System32\davhlpr.dll - ok
10:40:14.0239 0864  [ C31D2FEE0417586F292754C2673F64CE ] C:\Windows\System32\igfxtray.exe
10:40:14.0239 0864  C:\Windows\System32\igfxtray.exe - ok
10:40:14.0255 0864  [ A6824AA89C0C8291B47F054AE0B8A4F5 ] C:\Windows\System32\hkcmd.exe
10:40:14.0255 0864  C:\Windows\System32\hkcmd.exe - ok
10:40:14.0255 0864  [ BE26CE0AAA988B2AFD88E246868AAD90 ] C:\Windows\System32\igfxpers.exe
10:40:14.0255 0864  C:\Windows\System32\igfxpers.exe - ok
10:40:14.0270 0864  [ B28AD85B8C199CB573621FCE54D7E19C ] C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
10:40:14.0270 0864  C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE - ok
10:40:14.0270 0864  [ D86FA577AF5C8EE94AF71722425C72A7 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
10:40:14.0270 0864  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe - ok
10:40:14.0270 0864  [ 3911917B93DD9023DAA8258147AA7BCF ] C:\Program Files\Microsoft Security Client\msseces.exe
10:40:14.0270 0864  C:\Program Files\Microsoft Security Client\msseces.exe - ok
10:40:14.0286 0864  [ C556C7C80984B660EDC269D1713C9374 ] C:\Windows\System32\hccutils.dll
10:40:14.0286 0864  C:\Windows\System32\hccutils.dll - ok
10:40:14.0286 0864  [ FCEF5DC1794CB2C4B305F780D4F7797B ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
10:40:14.0286 0864  C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe - ok
10:40:14.0301 0864  [ 123EBB4E85A6198C26E1AA482AA633DB ] C:\Program Files\Canon\MyPrinter\CNMPU.DLL
10:40:14.0301 0864  C:\Program Files\Canon\MyPrinter\CNMPU.DLL - ok
10:40:14.0317 0864  [ F7E65292747A3A8B27C4B871EF3087A7 ] C:\Program Files (x86)\DAEMON Tools Lite\DTCommonRes.dll
10:40:14.0317 0864  C:\Program Files (x86)\DAEMON Tools Lite\DTCommonRes.dll - ok
10:40:14.0317 0864  [ 9110FFAD124283F37D38771BB60556AF ] C:\Windows\System32\dsound.dll
10:40:14.0317 0864  C:\Windows\System32\dsound.dll - ok
10:40:14.0333 0864  [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
10:40:14.0333 0864  C:\Windows\SysWOW64\msimg32.dll - ok
10:40:14.0333 0864  [ 8BBEB9657B0B94FBDDC504A759B554D6 ] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
10:40:14.0333 0864  C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe - ok
10:40:14.0348 0864  [ 585FED4CDB8034B8B58AEB8008255817 ] C:\Windows\System32\opengl32.dll
10:40:14.0348 0864  C:\Windows\System32\opengl32.dll - ok
10:40:14.0348 0864  [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\SysWOW64\comdlg32.dll
10:40:14.0348 0864  C:\Windows\SysWOW64\comdlg32.dll - ok
10:40:14.0364 0864  [ 8E0831382D3313E75614C9D85237B99F ] C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
10:40:14.0364 0864  C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE - ok
10:40:14.0364 0864  [ 2C8B6947F4AC11B098235E0C4FC22426 ] C:\Program Files\Canon\MyPrinter\BJMYRES.DLL
10:40:14.0364 0864  C:\Program Files\Canon\MyPrinter\BJMYRES.DLL - ok
10:40:14.0379 0864  [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\SysWOW64\oledlg.dll
10:40:14.0379 0864  C:\Windows\SysWOW64\oledlg.dll - ok
10:40:14.0379 0864  [ F2967C0A97C0EA67D79D7F557213950D ] C:\Windows\System32\glu32.dll
10:40:14.0379 0864  C:\Windows\System32\glu32.dll - ok
10:40:14.0395 0864  [ 97CE943E0A7B548E421CC841DF81FF98 ] C:\Program Files (x86)\DAEMON Tools Lite\Engine.dll
10:40:14.0395 0864  C:\Program Files (x86)\DAEMON Tools Lite\Engine.dll - ok
10:40:14.0395 0864  [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
10:40:14.0395 0864  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
10:40:14.0411 0864  [ 4664ABADE37F75551CAB943EA6077946 ] C:\Program Files (x86)\Microsoft Office\Office14\1033\ospintl.dll
10:40:14.0411 0864  C:\Program Files (x86)\Microsoft Office\Office14\1033\ospintl.dll - ok
10:40:14.0411 0864  [ A6C09924C6730DE8DEED9890A12AA691 ] C:\Windows\System32\ddraw.dll
10:40:14.0411 0864  C:\Windows\System32\ddraw.dll - ok
10:40:14.0426 0864  [ 508970745C2E5749C65B86C6FBC6A710 ] C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
10:40:14.0426 0864  C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe - ok
10:40:14.0426 0864  [ 772F44012DBE49DE894976AE2259A659 ] C:\Windows\SysWOW64\PeerDist.dll
10:40:14.0426 0864  C:\Windows\SysWOW64\PeerDist.dll - ok
10:40:14.0442 0864  [ FB4EB9352B7D698E6B3C2AA2ED724DAD ] C:\Windows\SysWOW64\authz.dll
10:40:14.0442 0864  C:\Windows\SysWOW64\authz.dll - ok
10:40:14.0442 0864  [ 4C0DA2B69F8DE16E97FCEC0E19312923 ] C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\RICHED20.DLL
10:40:14.0442 0864  C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\RICHED20.DLL - ok
10:40:14.0457 0864  [ A1CFDEF143B1B4047E0FD3510F85DE97 ] C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSPTLS.DLL
10:40:14.0457 0864  C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSPTLS.DLL - ok
10:40:14.0457 0864  [ 29C22748937F45C26590909E9F8E7137 ] C:\Windows\System32\dciman32.dll
10:40:14.0457 0864  C:\Windows\System32\dciman32.dll - ok
10:40:14.0473 0864  [ 320889E9BD1F1A041CB69E6A81E484EC ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
10:40:14.0473 0864  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - ok
10:40:14.0489 0864  [ 371948BC5911ABA06168FAC91ED25F06 ] C:\Windows\System32\msxml3.dll
10:40:14.0489 0864  C:\Windows\System32\msxml3.dll - ok
10:40:14.0489 0864  [ 3809678628B0DA3282C3D91FCBE2AE73 ] C:\Windows\System32\igfxsrvc.exe
10:40:14.0489 0864  C:\Windows\System32\igfxsrvc.exe - ok
10:40:14.0489 0864  [ 7BC3C4F729750415DC72F348A7837064 ] C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Csi.dll
10:40:14.0489 0864  C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Csi.dll - ok
10:40:14.0504 0864  [ A905E156A7D52B55892C3255670FE97B ] C:\Program Files\Microsoft Security Client\MsMpRes.dll
10:40:14.0504 0864  C:\Program Files\Microsoft Security Client\MsMpRes.dll - ok
10:40:14.0504 0864  [ AD039BD721859550F23064D42E7DDA44 ] C:\Users\Wei\AppData\Roaming\uTorrent\uTorrent.exe
10:40:14.0504 0864  C:\Users\Wei\AppData\Roaming\uTorrent\uTorrent.exe - ok
10:40:14.0520 0864  [ C98B96445945027FD0B7DA2AA325F30A ] C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
10:40:14.0520 0864  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - ok
10:40:14.0520 0864  [ 21D3A18769EC2C4E56756D04E989A221 ] C:\Windows\SysWOW64\msxml3.dll
10:40:14.0520 0864  C:\Windows\SysWOW64\msxml3.dll - ok
10:40:14.0520 0864  [ 3222C43F2B8BCA7F4BFE4434C3A8EA89 ] C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
10:40:14.0520 0864  C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe - ok
10:40:14.0535 0864  [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
10:40:14.0535 0864  C:\Windows\System32\stobject.dll - ok
10:40:14.0535 0864  [ CA6ADE4F7761BB15B3325356DC3B82BB ] C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
10:40:14.0535 0864  C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll - ok
10:40:14.0551 0864  [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
10:40:14.0551 0864  C:\Windows\System32\batmeter.dll - ok
10:40:14.0551 0864  [ 07155029B505A14D9D858ACB3D9C0FE7 ] C:\Program Files\WIDCOMM\Bluetooth Software\Btwapi.dll
10:40:14.0551 0864  C:\Program Files\WIDCOMM\Bluetooth Software\Btwapi.dll - ok
10:40:14.0567 0864  [ FBFCA1A574D47EE575448B719CBBF2E4 ] C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL
10:40:14.0567 0864  C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL - ok
10:40:14.0567 0864  [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\SysWOW64\powrprof.dll
10:40:14.0567 0864  C:\Windows\SysWOW64\powrprof.dll - ok
10:40:14.0567 0864  [ F03FFC962E18F36A922E61F96BE09925 ] C:\Program Files (x86)\Digital Line Detect\DLG.exe
10:40:14.0567 0864  C:\Program Files (x86)\Digital Line Detect\DLG.exe - ok
10:40:14.0582 0864  [ 911D9C513B4B6270699CFF49815CAB18 ] C:\Program Files (x86)\DAEMON Tools Lite\imgengine.dll
10:40:14.0582 0864  C:\Program Files (x86)\DAEMON Tools Lite\imgengine.dll - ok
10:40:14.0582 0864  [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
10:40:14.0582 0864  C:\Windows\SysWOW64\riched20.dll - ok
10:40:14.0598 0864  [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\SysWOW64\netprofm.dll
10:40:14.0598 0864  C:\Windows\SysWOW64\netprofm.dll - ok
10:40:14.0598 0864  [ D09261A523A553614DC42CB353358691 ] C:\Program Files\WIDCOMM\Bluetooth Software\btosif.dll
10:40:14.0598 0864  C:\Program Files\WIDCOMM\Bluetooth Software\btosif.dll - ok
10:40:14.0613 0864  [ B10FD8D6D8E29C801D7BF98509C585F5 ] C:\Program Files\WIDCOMM\Bluetooth Software\btwhidcs.dll
10:40:14.0613 0864  C:\Program Files\WIDCOMM\Bluetooth Software\btwhidcs.dll - ok
10:40:14.0613 0864  [ CB1135906D951B574F9F2498BE8F11F9 ] C:\Program Files (x86)\Digital Line Detect\BVRPDiag.dll
10:40:14.0613 0864  C:\Program Files (x86)\Digital Line Detect\BVRPDiag.dll - ok
10:40:14.0629 0864  [ B1FDCFFF7609E121C10751A669AB1611 ] C:\Windows\winsxs\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8448b2bd328df189\mfc80u.dll
10:40:14.0629 0864  C:\Windows\winsxs\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8448b2bd328df189\mfc80u.dll - ok
10:40:14.0629 0864  [ 11BE2933DA0600DE6A644C3A492675F4 ] C:\Windows\System32\irprops.cpl
10:40:14.0629 0864  C:\Windows\System32\irprops.cpl - ok
10:40:14.0629 0864  [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
10:40:14.0629 0864  C:\Windows\System32\prnfldr.dll - ok
10:40:14.0645 0864  [ 8D6276455E3F94AF22D06A4BE3A49429 ] C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
10:40:14.0645 0864  C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe - ok
10:40:14.0645 0864  [ F10454A577C8FB6CC529FDFFB7B04E9F ] C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll
10:40:14.0645 0864  C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll - ok
10:40:14.0660 0864  [ 3AF9578F4251D3F7BAC9E8F37D85F7D5 ] C:\Program Files\Lenovo\ZOOM\TpScrex.exe
10:40:14.0660 0864  C:\Program Files\Lenovo\ZOOM\TpScrex.exe - ok
10:40:14.0660 0864  [ 2F85284F427FDB1BA582C4F1F035D0E1 ] C:\Program Files\Lenovo\HOTKEY\TPLHMM.dll
10:40:14.0660 0864  C:\Program Files\Lenovo\HOTKEY\TPLHMM.dll - ok
10:40:14.0676 0864  [ 198552AEFECA69D646867EC8D792DE95 ] C:\Windows\SysWOW64\ddraw.dll
10:40:14.0676 0864  C:\Windows\SysWOW64\ddraw.dll - ok
10:40:14.0676 0864  [ D9963D39F6711E9A1C14C939C3A25605 ] C:\Windows\SysWOW64\mdmxsdk.dll
10:40:14.0676 0864  C:\Windows\SysWOW64\mdmxsdk.dll - ok
10:40:14.0691 0864  [ 243974EC02F7AE49E4179C54624143AB ] C:\Windows\SysWOW64\MMDevAPI.dll
10:40:14.0691 0864  C:\Windows\SysWOW64\MMDevAPI.dll - ok
10:40:14.0691 0864  [ A8704A10FFDE468F4AB18EBF82A9A86F ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcp80.dll
10:40:14.0691 0864  C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcp80.dll - ok
10:40:14.0707 0864  [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Microsoft Security Client\sqmapi.dll
10:40:14.0707 0864  C:\Program Files\Microsoft Security Client\sqmapi.dll - ok
10:40:14.0707 0864  [ C940F2F5C60B3727C5F18840735B229C ] C:\Windows\SysWOW64\AudioSes.dll
10:40:14.0707 0864  C:\Windows\SysWOW64\AudioSes.dll - ok
10:40:14.0723 0864  [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\SysWOW64\npmproxy.dll
10:40:14.0723 0864  C:\Windows\SysWOW64\npmproxy.dll - ok
10:40:14.0723 0864  [ EF0E41F69D56BDDF5A80C6DB14A32D49 ] C:\Windows\System32\igfxsrvc.dll
10:40:14.0723 0864  C:\Windows\System32\igfxsrvc.dll - ok
10:40:14.0738 0864  [ 55E5B32AE8D1F51A63C82919656FD275 ] C:\Windows\SysWOW64\dciman32.dll
10:40:14.0738 0864  C:\Windows\SysWOW64\dciman32.dll - ok
10:40:14.0738 0864  [ 7AE5DA9518AFE972B4F68E31BF0046EC ] C:\Program Files\WIDCOMM\Bluetooth Software\BtBalloon.dll
10:40:14.0738 0864  C:\Program Files\WIDCOMM\Bluetooth Software\BtBalloon.dll - ok
10:40:14.0738 0864  [ E98278865E8DABA21CFE5FE4BE34210A ] C:\Windows\SysWOW64\PortableDeviceApi.dll
10:40:14.0738 0864  C:\Windows\SysWOW64\PortableDeviceApi.dll - ok
10:40:14.0754 0864  [ 0307536FD43CC7BFB92F9DAC8DB913F1 ] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
10:40:14.0754 0864  C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe - ok
10:40:14.0754 0864  [ 901AA7A38CE13F14B6BBEC38C0595698 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
10:40:14.0754 0864  C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe - ok
10:40:14.0769 0864  [ A73731A0B0A165907799E9AFB461F856 ] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
10:40:14.0769 0864  C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe - ok
10:40:14.0769 0864  [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\SysWOW64\mscoree.dll
10:40:14.0769 0864  C:\Windows\SysWOW64\mscoree.dll - ok
10:40:14.0769 0864  [ 1454CD49735861B8B5205BAD9FB46524 ] C:\Windows\System32\igfxdev.dll
10:40:14.0769 0864  C:\Windows\System32\igfxdev.dll - ok
10:40:14.0785 0864  [ 8DDA2B606279753601F9415DA503CA63 ] C:\Program Files (x86)\QuickTime\QTTask.exe
10:40:14.0785 0864  C:\Program Files (x86)\QuickTime\QTTask.exe - ok
10:40:14.0785 0864  [ D63797E8E7781EE1500A810CB6194FA6 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
10:40:14.0785 0864  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe - ok
10:40:14.0801 0864  [ 48BE298F7FD1BEF4D8FBACB04D8D95C4 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
10:40:14.0801 0864  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
10:40:14.0801 0864  [ F3A57136ADDA883733EC93F3D0BCC007 ] C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL
10:40:14.0801 0864  C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL - ok
10:40:14.0816 0864  [ B8BD2BB284668C84865658C77574381A ] C:\Windows\System32\drivers\cdfs.sys
10:40:14.0816 0864  C:\Windows\System32\drivers\cdfs.sys - ok
10:40:14.0816 0864  [ FB355B817AE641BBAE08607E58CB5CE2 ] C:\Windows\System32\hhctrl.ocx
10:40:14.0816 0864  C:\Windows\System32\hhctrl.ocx - ok
10:40:14.0832 0864  [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
10:40:14.0832 0864  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
10:40:14.0832 0864  [ DE082DFECE9B059D8E79B3F9B410D508 ] C:\Program Files\WIDCOMM\Bluetooth Software\BtwRSupport.dll
10:40:14.0832 0864  C:\Program Files\WIDCOMM\Bluetooth Software\BtwRSupport.dll - ok
10:40:14.0847 0864  [ DC5ECEA062C0633346B6D199FA2B578D ] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
10:40:14.0847 0864  C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe - ok
10:40:14.0847 0864  [ E0F630F5699BF28FF24DFF986670BD75 ] C:\Windows\System32\RtkCfg64.dll
10:40:14.0847 0864  C:\Windows\System32\RtkCfg64.dll - ok
10:40:14.0863 0864  [ FC57E2ED8C28B69DF99A42BD2024903E ] C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
10:40:14.0863 0864  C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll - ok
10:40:14.0863 0864  [ 0C31AF909503B29BA60A877E909E6064 ] C:\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
10:40:14.0863 0864  C:\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll - ok
10:40:14.0879 0864  [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\SysWOW64\rtutils.dll
10:40:14.0879 0864  C:\Windows\SysWOW64\rtutils.dll - ok
10:40:14.0879 0864  [ 3F50200237961034FACE602373838980 ] C:\Windows\SysWOW64\FirewallAPI.dll
10:40:14.0879 0864  C:\Windows\SysWOW64\FirewallAPI.dll - ok
10:40:14.0894 0864  [ 263963D93A3CA8F685EFA5966F1E6581 ] C:\Windows\SysWOW64\mshtml.dll
10:40:14.0894 0864  C:\Windows\SysWOW64\mshtml.dll - ok
10:40:14.0910 0864  [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll
10:40:14.0910 0864  C:\Windows\System32\UIAnimation.dll - ok
10:40:14.0910 0864  [ 414DA952A35BF5D50192E28263B40577 ] C:\Windows\SysWOW64\shsvcs.dll
10:40:14.0910 0864  C:\Windows\SysWOW64\shsvcs.dll - ok
10:40:14.0925 0864  [ D2958325C1AE1AE37A83334C6229E3BC ] C:\Windows\SysWOW64\actxprxy.dll
10:40:14.0925 0864  C:\Windows\SysWOW64\actxprxy.dll - ok
10:40:14.0925 0864  [ 6383C60EC0133B14F5705F96369421B2 ] C:\Windows\SysWOW64\hnetcfg.dll
10:40:14.0925 0864  C:\Windows\SysWOW64\hnetcfg.dll - ok
10:40:14.0941 0864  [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\SysWOW64\atl.dll
10:40:14.0941 0864  C:\Windows\SysWOW64\atl.dll - ok
10:40:14.0941 0864  [ 78693EFB803C77F731726E7FA65A6517 ] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll
10:40:14.0941 0864  C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll - ok
10:40:14.0941 0864  [ C744E824ABAE9A7C24627E087F682137 ] C:\Program Files (x86)\Real\RealPlayer\Update\setu3270.dll
10:40:14.0941 0864  C:\Program Files (x86)\Real\RealPlayer\Update\setu3270.dll - ok
10:40:14.0957 0864  [ 58B8702C20DE211D1FCB248D2FDD71D1 ] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
10:40:14.0957 0864  C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe - ok
10:40:14.0957 0864  [ 96DB78C9C50CEED9DA5050EFFEE272A2 ] C:\Windows\System32\upnp.dll
10:40:14.0957 0864  C:\Windows\System32\upnp.dll - ok
10:40:14.0972 0864  [ 8EE6BDE1D572677AA35707C52C585F75 ] C:\Windows\SysWOW64\mlang.dll
10:40:14.0972 0864  C:\Windows\SysWOW64\mlang.dll - ok
10:40:14.0972 0864  [ 1D1EAA16D193C6A2D45981ED3914D22A ] C:\Windows\SysWOW64\msimtf.dll
10:40:14.0972 0864  C:\Windows\SysWOW64\msimtf.dll - ok
10:40:14.0988 0864  [ AC6A11B0F0F208E7D2800FD06A4437C3 ] C:\Program Files (x86)\Real\RealPlayer\realjbox.exe
10:40:14.0988 0864  C:\Program Files (x86)\Real\RealPlayer\realjbox.exe - ok
10:40:14.0988 0864  [ 625020DE1DBE6A19EDF26916A127AD3D ] C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
10:40:14.0988 0864  C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe - ok
10:40:15.0003 0864  [ 03E9314004F504A14A61C3D364B62F66 ] C:\Windows\SysWOW64\msvcp100.dll
10:40:15.0003 0864  C:\Windows\SysWOW64\msvcp100.dll - ok
10:40:15.0003 0864  [ 69F42E40A0C4344939437D86A8893DA6 ] C:\Windows\SysWOW64\jscript9.dll
10:40:15.0003 0864  C:\Windows\SysWOW64\jscript9.dll - ok
10:40:15.0019 0864  [ B7CFA3F9DF5DF31E67B93C4AACBB9C97 ] C:\Program Files (x86)\Real\RealPlayer\realplay.exe
10:40:15.0019 0864  C:\Program Files (x86)\Real\RealPlayer\realplay.exe - ok
10:40:15.0019 0864  [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
10:40:15.0019 0864  C:\Windows\System32\DXP.dll - ok
10:40:15.0019 0864  [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
10:40:15.0019 0864  C:\Windows\System32\Syncreg.dll - ok
10:40:15.0035 0864  [ 954EA9B34F155C844B11F4047A8F6F89 ] C:\Windows\SysWOW64\upnp.dll
10:40:15.0035 0864  C:\Windows\SysWOW64\upnp.dll - ok
10:40:15.0035 0864  [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Windows\SysWOW64\msvcr100.dll
10:40:15.0035 0864  C:\Windows\SysWOW64\msvcr100.dll - ok
10:40:15.0050 0864  [ 28E2231BD34A39C854BDF3923AB2FF86 ] C:\Windows\SysWOW64\ssdpapi.dll
10:40:15.0050 0864  C:\Windows\SysWOW64\ssdpapi.dll - ok
10:40:15.0050 0864  [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
10:40:15.0050 0864  C:\Windows\ehome\ehSSO.dll - ok
10:40:15.0066 0864  [ 39E9AACC4C5FB3C3C0B12DE6D491553D ] C:\Windows\SysWOW64\WindowsCodecsExt.dll
10:40:15.0066 0864  C:\Windows\SysWOW64\WindowsCodecsExt.dll - ok
10:40:15.0066 0864  [ 6B140B1382F1FE04BA57B196AEB19725 ] C:\Windows\SysWOW64\t2embed.dll
10:40:15.0066 0864  C:\Windows\SysWOW64\t2embed.dll - ok
10:40:15.0081 0864  [ 35CEDE6439FF0D8903223A0817FFE46C ] C:\Windows\SysWOW64\d2d1.dll
10:40:15.0081 0864  C:\Windows\SysWOW64\d2d1.dll - ok
10:40:15.0081 0864  [ A29D734F650F958424743BE3BAA052C8 ] C:\Windows\SysWOW64\DWrite.dll
10:40:15.0081 0864  C:\Windows\SysWOW64\DWrite.dll - ok
10:40:15.0097 0864  [ 7F8678C59F188528D60104E697C2361E ] C:\Windows\SysWOW64\mscms.dll
10:40:15.0097 0864  C:\Windows\SysWOW64\mscms.dll - ok
10:40:15.0097 0864  [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
10:40:15.0097 0864  C:\Windows\System32\AltTab.dll - ok
10:40:15.0113 0864  [ 5C4CB4086FB83115B153E47ADD961A0C ] C:\Windows\System32\FntCache.dll
10:40:15.0113 0864  C:\Windows\System32\FntCache.dll - ok
10:40:15.0113 0864  [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
10:40:15.0113 0864  C:\Windows\System32\WPDShServiceObj.dll - ok
10:40:15.0113 0864  [ 816B681CC308FAA128EDCB90643DCED7 ] C:\Windows\SysWOW64\icm32.dll
10:40:15.0113 0864  C:\Windows\SysWOW64\icm32.dll - ok
10:40:15.0128 0864  [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
10:40:15.0128 0864  C:\Windows\System32\pnidui.dll - ok
10:40:15.0128 0864  [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
10:40:15.0128 0864  C:\Windows\System32\QUTIL.DLL - ok
10:40:15.0144 0864  [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
10:40:15.0144 0864  C:\Windows\System32\PortableDeviceTypes.dll - ok
10:40:15.0159 0864  [ 0411B7958C524BB2E91EE1B3035FE321 ] C:\Windows\SysWOW64\dxgi.dll
10:40:15.0159 0864  C:\Windows\SysWOW64\dxgi.dll - ok
10:40:15.0159 0864  [ 2DE90400A63818FA38C4C5C9ADB166BF ] C:\Windows\SysWOW64\d3d10_1.dll
10:40:15.0159 0864  C:\Windows\SysWOW64\d3d10_1.dll - ok
10:40:15.0175 0864  [ 234AFA322624B3203A2E720F08292B03 ] C:\Windows\System32\cscobj.dll
10:40:15.0175 0864  C:\Windows\System32\cscobj.dll - ok
10:40:15.0175 0864  [ EAB975DB4C2805927FE5BD047D05C9AA ] C:\Windows\SysWOW64\netshell.dll
10:40:15.0175 0864  C:\Windows\SysWOW64\netshell.dll - ok
10:40:15.0175 0864  [ 9C36A3CA80F9B204C670336D344F5DF8 ] C:\Windows\SysWOW64\d3d10_1core.dll
10:40:15.0175 0864  C:\Windows\SysWOW64\d3d10_1core.dll - ok
10:40:15.0191 0864  [ 667300FB6B357B357A4B3ACF3DC9E439 ] C:\Program Files\WIDCOMM\Bluetooth Software\BTNCopy.dll
10:40:15.0191 0864  C:\Program Files\WIDCOMM\Bluetooth Software\BTNCopy.dll - ok
10:40:15.0191 0864  [ 78B7A3BDA25C90DAA50D36A56A8D1351 ] C:\Windows\SysWOW64\d3d10warp.dll
10:40:15.0191 0864  C:\Windows\SysWOW64\d3d10warp.dll - ok
10:40:15.0206 0864  [ 658188216F32270A88624BCF5AA658F0 ] C:\Users\Wei\Desktop\RogueKillerX64.exe
10:40:15.0206 0864  C:\Users\Wei\Desktop\RogueKillerX64.exe - ok
10:40:15.0206 0864  [ 615B596C087DFA721C2855BA83B9E4B7 ] C:\Windows\SysWOW64\nvd3dum.dll
10:40:15.0206 0864  C:\Windows\SysWOW64\nvd3dum.dll - ok
10:40:15.0222 0864  [ 6F5414C8FE5DFB2D1A4F66709CEBBA22 ] C:\Program Files (x86)\Real\RealPlayer\rpplugins\myde3260.dll
10:40:15.0222 0864  C:\Program Files (x86)\Real\RealPlayer\rpplugins\myde3260.dll - ok
10:40:15.0222 0864  [ 35AAE2E841AA1A949775168E119482C9 ] C:\Windows\SysWOW64\msls31.dll
10:40:15.0222 0864  C:\Windows\SysWOW64\msls31.dll - ok
10:40:15.0237 0864  [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
10:40:15.0237 0864  C:\Windows\SysWOW64\ExplorerFrame.dll - ok
10:40:15.0237 0864  [ 46B5E70BF0B6443C7D47D812E103CC99 ] C:\Program Files (x86)\Real\RealPlayer\Common\pngu3267.dll
10:40:15.0237 0864  C:\Program Files (x86)\Real\RealPlayer\Common\pngu3267.dll - ok
10:40:15.0253 0864  [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
10:40:15.0253 0864  C:\Windows\System32\FXSST.dll - ok
10:40:15.0253 0864  [ 2572E1F0254E2267E97DE1B15D099EC4 ] C:\Windows\SysWOW64\d3d10.dll
10:40:15.0253 0864  C:\Windows\SysWOW64\d3d10.dll - ok
10:40:15.0269 0864  [ 547F78746F20901C770E8653B242217C ] C:\Windows\SysWOW64\d3d10core.dll
10:40:15.0269 0864  C:\Windows\SysWOW64\d3d10core.dll - ok
10:40:15.0269 0864  [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
10:40:15.0269 0864  C:\Windows\SysWOW64\duser.dll - ok
10:40:15.0284 0864  [ B90B7F29E2916C64DC5E191561F7575D ] C:\Program Files (x86)\Real\RealPlayer\Common\pnrs3260.dll
10:40:15.0284 0864  C:\Program Files (x86)\Real\RealPlayer\Common\pnrs3260.dll - ok
10:40:15.0284 0864  [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
10:40:15.0284 0864  C:\Windows\System32\FXSAPI.dll - ok
10:40:15.0300 0864  [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
10:40:15.0300 0864  C:\Windows\SysWOW64\dui70.dll - ok
10:40:15.0300 0864  [ 92DBF0A4C9239169010FC6E07859C82E ] C:\Windows\System32\ActionCenter.dll
10:40:15.0300 0864  C:\Windows\System32\ActionCenter.dll - ok
10:40:15.0315 0864  [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
10:40:15.0315 0864  C:\Windows\System32\FXSRESM.dll - ok
10:40:15.0315 0864  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
10:40:15.0315 0864  C:\Windows\System32\FXSSVC.exe - ok
10:40:15.0331 0864  [ E0B340996A41C9A75DFA3B99BBA9C500 ] C:\Windows\System32\SearchIndexer.exe
10:40:15.0331 0864  C:\Windows\System32\SearchIndexer.exe - ok
10:40:15.0331 0864  [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
10:40:15.0331 0864  C:\Windows\System32\srchadmin.dll - ok
10:40:15.0347 0864  [ 589DF683A6C81424A6CECE52ABF98A50 ] C:\Windows\System32\tquery.dll
10:40:15.0347 0864  C:\Windows\System32\tquery.dll - ok
10:40:15.0347 0864  [ 7568CC720ACE4D03B84AF97817E745EF ] C:\Windows\System32\mssrch.dll
10:40:15.0347 0864  C:\Windows\System32\mssrch.dll - ok
10:40:15.0347 0864  [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
10:40:15.0347 0864  C:\Windows\System32\rasdlg.dll - ok
10:40:15.0362 0864  [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2 ] C:\Windows\System32\dot3api.dll
10:40:15.0362 0864  C:\Windows\System32\dot3api.dll - ok
10:40:15.0362 0864  [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
10:40:15.0362 0864  C:\Windows\System32\msidle.dll - ok
10:40:15.0378 0864  [ BBD351CB2E5455F0E96FE4460EC05F52 ] C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
10:40:15.0378 0864  C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe - ok
10:40:15.0378 0864  [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
10:40:15.0378 0864  C:\Windows\System32\wlanhlp.dll - ok
10:40:15.0393 0864  [ 6D137963730144698CBD10F202E9F251 ] C:\Windows\System32\wersvc.dll
10:40:15.0393 0864  C:\Windows\System32\wersvc.dll - ok
10:40:15.0393 0864  [ F2EAA9C72F228E19D37D0B57C179E545 ] C:\Windows\Installer\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}\iTunesIco.exe
10:40:15.0393 0864  C:\Windows\Installer\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}\iTunesIco.exe - ok
10:40:15.0393 0864  [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
10:40:15.0393 0864  C:\Windows\System32\mssprxy.dll - ok
10:40:15.0409 0864  [ F2C7BB8ACC97F92E987A2D4087D021B1 ] C:\Windows\System32\notepad.exe
10:40:15.0409 0864  C:\Windows\System32\notepad.exe - ok
10:40:15.0409 0864  [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
10:40:15.0409 0864  C:\Windows\System32\WWanAPI.dll - ok
10:40:15.0425 0864  [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
10:40:15.0425 0864  C:\Windows\System32\wwapi.dll - ok
10:40:15.0425 0864  [ E5C50D7F326AC51105B2737D31EEBDDB ] C:\Program Files\CCleaner\CCleaner64.exe
10:40:15.0425 0864  C:\Program Files\CCleaner\CCleaner64.exe - ok
10:40:15.0440 0864  [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL
10:40:15.0440 0864  C:\Windows\System32\QAGENT.DLL - ok
10:40:15.0440 0864  [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
10:40:15.0440 0864  C:\Windows\System32\en-US\tquery.dll.mui - ok
10:40:15.0456 0864  [ 3494F3DD6C0D2CD3073D86DECA37FBFA ] C:\Program Files\SUPERAntiSpyware\SSUpdate64.exe
10:40:15.0456 0864  C:\Program Files\SUPERAntiSpyware\SSUpdate64.exe - ok
10:40:15.0456 0864  ============================================================
10:40:15.0456 0864  Scan finished
10:40:15.0456 0864  ============================================================
10:40:15.0471 5096  Detected object count: 0
10:40:15.0471 5096  Actual detected object count: 0
10:40:19.0777 4088  Deinitialize success


#12 shaselai

shaselai
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 25 June 2013 - 10:11 AM

RogueKiller V8.6.1 _x64_ [Jun 24 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Wei [Admin rights]
Mode : Remove -- Date : 06/25/2013 10:46:21
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified. 
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 +++++
--- User ---
[MBR] 47464eaa01c90725414847fa726d469d
[BSP] 72524e5e3cfd9ee3b79bf5aeee6fc010 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 304932 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 624502784 | Size: 300 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_06252013_104621.txt >>
RKreport[0]_S_06222013_212158.txt;RKreport[0]_S_06252013_104258.txt


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:40 AM

Posted 25 June 2013 - 12:52 PM


Hello shaselai

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 shaselai

shaselai
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 25 June 2013 - 07:04 PM

computer still the same with no search problems.
 
1. Are you able to tell if there are any bots running in my comp with these logs?
 
 
ComboFix 13-06-25.01 - Wei 06/25/2013  19:44:45.4.2 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.4091.2063 [GMT -4:00]
Running from: c:\users\Wei\Desktop\ComboFix.exe
Command switches used :: c:\users\Wei\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-25 to 2013-06-25  )))))))))))))))))))))))))))))))
.
.
2013-06-25 23:57 . 2013-06-25 23:57 -------- d-----w- c:\users\Wei\AppData\Local\temp
2013-06-25 23:57 . 2013-06-25 23:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-25 23:57 . 2013-06-25 23:57 -------- d-----w- c:\users\UpdatusUser.WEI\AppData\Local\temp
2013-06-25 23:57 . 2013-06-25 23:57 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-06-25 23:57 . 2013-06-25 23:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-25 23:57 . 2013-06-25 23:57 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-06-25 14:49 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91361216-1DD7-428F-8C55-CA2DBE8D2DBC}\mpengine.dll
2013-06-25 14:34 . 2013-06-25 14:34 208216 ----a-w- c:\windows\system32\drivers\72453148.sys
2013-06-25 02:37 . 2013-06-25 02:37 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2013-06-25 02:36 . 2013-06-25 02:41 -------- d-----w- c:\program files (x86)\Rosetta Stone
2013-06-25 02:36 . 2013-06-25 02:40 -------- d-----w- c:\programdata\Rosetta Stone
2013-06-24 01:19 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-24 00:59 . 2013-06-24 00:59 -------- d-----w- c:\windows\ERUNT
2013-06-24 00:58 . 2013-06-24 23:27 -------- d-----w- C:\JRT
2013-06-21 07:57 . 2013-06-21 07:57 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B7961356-E2DD-4081-AC46-9F6015B21509}\gapaengine.dll
2013-06-17 04:20 . 2013-06-17 04:20 -------- d-s---w- c:\windows\SysWow64\Microsoft
2013-06-16 22:29 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-06-16 22:26 . 2013-06-16 22:26 -------- d-----w- c:\program files\AVAST Software
2013-06-16 22:25 . 2013-06-16 22:26 -------- d-----w- c:\programdata\AVAST Software
2013-06-16 16:40 . 2013-06-16 16:40 -------- d-----w- c:\program files\Enigma Software Group
2013-06-16 16:38 . 2013-06-16 16:38 -------- d-----w- c:\users\Wei\AppData\Roaming\SUPERAntiSpyware.com
2013-06-16 16:38 . 2013-06-16 16:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-06-16 16:38 . 2013-06-16 16:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-06-16 16:38 . 2013-06-16 19:47 -------- d-----w- c:\windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-16 16:37 . 2013-06-16 16:37 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-06-14 23:47 . 2013-06-15 03:24 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-14 08:02 . 2013-06-14 08:02 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-06-14 05:39 . 2013-06-14 05:39 -------- d-----w- C:\TDSSKiller_Quarantine
2013-06-11 03:46 . 2013-06-11 03:56 -------- d-----w- c:\program files (x86)\Google
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 04:36 . 2012-10-24 00:34 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 04:36 . 2012-10-24 00:34 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-21 04:47 . 2011-12-07 18:56 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-06 14:37 . 2013-05-06 14:37 91264 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2013-05-02 15:29 . 2011-05-31 13:26 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-26 03:45 . 2013-04-26 03:45 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-26 03:45 . 2012-05-13 07:24 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-26 03:45 . 2011-05-31 16:12 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-11 14:22 . 2011-06-11 06:58 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll
2013-04-11 14:22 . 2011-06-11 06:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-04-04 18:50 . 2011-12-07 19:01 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Wei\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Wei\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Wei\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2012-11-09 2796576]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 5622512]
"uTorrent"="c:\users\Wei\AppData\Roaming\uTorrent\uTorrent.exe" [2013-05-19 1045072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-10-24 296096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2012-11-09 2796576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchProtect"="\SearchProtect\bin\cltmng.exe" [BU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2013-3-13 3458968]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-5-31 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\LENOVO\HOTKEY\CAMMUTE.exe;c:\program files\LENOVO\HOTKEY\CAMMUTE.exe [x]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
R3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys;c:\windows\SYSNATIVE\DRIVERS\WacomVTHid.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x]
S2 NACAgentService;NAC Agent Service;c:\program files (x86)\Enterasys Networks\NAC Agent\NacAgtSv.exe;c:\program files (x86)\Enterasys Networks\NAC Agent\NacAgtSv.exe [x]
S2 SBUpd;SpeedBit Update;c:\program files\Common Files\SpeedBit\SBUpdate\sbu.exe;c:\program files\Common Files\SpeedBit\SBUpdate\sbu.exe [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 SBUpdd;SpeedBit UpdateD;c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys;c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 19704470
*NewlyCreated* - 53595507
*Deregistered* - 19704470
*Deregistered* - 53595507
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ   w3svc was
apphost REG_MULTI_SZ   apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-11 03:56 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-24 04:36]
.
2013-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-11 03:46]
.
2013-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-11 03:46]
.
2013-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3702504909-1407522148-1157334821-1006Core1ce4ede1331029.job
- c:\users\Wei\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-11 02:31]
.
2013-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3702504909-1407522148-1157334821-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 06:15]
.
2013-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3702504909-1407522148-1157334821-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 06:15]
.
2013-06-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
2013-06-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 4f38cca1-edaf-426b-9cc4-c5463a6a0447.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
2013-06-18 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-29 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-29 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-29 417304]
"Apoint"="x:\program files\DellTPad\Apoint.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-17 9643040]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-07 16416360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: ??????? - 
Trusted Zone: lenovo.com\consumersupport
Trusted Zone: lenovo.com.cn\edrivers
Trusted Zone: lenovo.com.cn\support4
Trusted Zone: lenovo.com.cn\think
TCP: DhcpNameServer = 192.168.1.1
DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} - hxxp://consumersupport.lenovo.com/us/en/SmartDownloading/cab/npdueng.cab
DPF: {C73881A3-E7F5-4CE4-B199-307EB127FE15} - hxxp://download.humanconcepts.com/downloads/op8/plugin/hcinstall8.cab
FF - ProfilePath - c:\users\Wei\AppData\Roaming\Mozilla\Firefox\Profiles\ohpf3y2l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z206&ocid=zdhp&install_date=20111207
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z206&form=ZGAADF&install_date=20111207&q=
FF - ExtSQL: !HIDDEN! 2011-12-07 17:11; textlinks@epicplay.com; c:\users\Wei\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{34A69B78-8920-4FF6-8274-B523A05F8763} - (no file)
Toolbar-Locked - (no file)
SafeBoot-53595507.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3702504909-1407522148-1157334821-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*Ž¼Bo]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3702504909-1407522148-1157334821-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*Ž¼Bo\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3702504909-1407522148-1157334821-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*o*p¯)4]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3702504909-1407522148-1157334821-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*o*p¯)4\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3702504909-1407522148-1157334821-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*o*Õ¯)4]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3702504909-1407522148-1157334821-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*o*Õ¯)4\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-25  20:03:08
ComboFix-quarantined-files.txt  2013-06-26 00:03
ComboFix2.txt  2013-06-25 00:01
ComboFix3.txt  2013-06-24 23:28
ComboFix4.txt  2013-06-24 15:14
ComboFix5.txt  2013-06-25 23:42
.
Pre-Run: 86,860,976,128 bytes free
Post-Run: 86,481,915,904 bytes free
.
- - End Of File - - D139160C228D2B29F5997C27AD8CDB5A
D41D8CD98F00B204E9800998ECF8427E


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:40 AM

Posted 25 June 2013 - 10:00 PM


Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
  • Programs to remove

    • µTorrent
      Java 7 Update 10 (64-bit)
      Java 7 Update 21
      Java™ 6 Update 29
      JavaFX 2.1.0


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java
  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close
Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :


I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users