Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with ZeroAccess rootkit & google redirects


  • This topic is locked This topic is locked
27 replies to this topic

#1 Rich Andhuge

Rich Andhuge

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Big Sky Country
  • Local time:09:13 PM

Posted 19 August 2013 - 11:34 AM

Hi all,

 

I am moving to the Malware Removal logs as per recommendation.  Here is the link to my previous posts:

 

http://www.bleepingcomputer.com/forums/t/504418/cant-download-anything-or-start-windows-security-center/

 

Any and all help is greatly appreciated.

 

Thanks,

Rich

 

I tried to run DDS and it wasn't generating any document regarding the scan, only the attach.txt:

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/4/2012 1:07:14 PM
System Uptime: 8/19/2013 9:28:15 AM (0 hours ago)
.
Motherboard: Dell Inc. |  | 018D1Y
Processor: Pentium® Dual-Core  CPU      E6700  @ 3.20GHz | CPU 1 | 1601/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 918 GiB total, 831.136 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP133: 8/14/2013 7:39:00 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Bing Rewards Client Installer
Consumer In-Home Service Agreement
Coupon Printer for Windows
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell Marketplace Webslice IE8
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell VideoStage
DirectX 9 Runtime
eBay
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
HP Deskjet 2050 J510 series Basic Device Software
HP Deskjet 2050 J510 series Help
HP Deskjet 2050 J510 series Product Improvement Study
HP Photo Creations
HP Update
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
Internet Explorer
Java Auto Updater
Java™ 6 Update 24 (64-bit)
Java™ 6 Update 37
Junk Mail filter update
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PhotoShowExpress
RBVirtualFolder64Inst
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Shared C Run-time for x64
Skype Toolbars
Skype™ 5.10
Sonic CinePlayer Decoder Pack
TrustedID
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
8/19/2013 9:30:37 AM, Error: Service Control Manager [7000]  - The Security Center service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.
8/19/2013 9:30:36 AM, Error: Service Control Manager [7023]  - The Windows Defender service terminated with the following error:  Access is denied.
8/19/2013 9:29:50 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
8/19/2013 6:49:31 AM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.
8/19/2013 6:49:31 AM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
8/14/2013 4:59:08 PM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
8/14/2013 1:17:52 PM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
8/14/2013 1:17:50 PM, Error: Service Control Manager [7003]  - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/14/2013 1:17:49 PM, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
8/13/2013 8:57:27 AM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
8/13/2013 8:56:41 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
8/13/2013 8:56:18 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
8/13/2013 8:56:18 AM, Error: Service Control Manager [7000]  - The Application Virtualization Client service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/13/2013 8:55:44 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
8/13/2013 7:48:37 AM, Error: Service Control Manager [7003]  - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
8/13/2013 11:11:17 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/13/2013 11:11:17 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/13/2013 11:11:16 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/13/2013 11:11:10 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/13/2013 11:11:00 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache spldr Wanarpv6
8/13/2013 11:10:58 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
8/13/2013 11:10:58 AM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The dependency service or group failed to start.
.
==== End Of File ===========================
 

 

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 AM

Posted 20 August 2013 - 12:19 AM





Hello Rich Andhuge

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Rich Andhuge

Rich Andhuge
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Big Sky Country
  • Local time:09:13 PM

Posted 20 August 2013 - 07:53 AM

Hi Gringo,

 

I appreciate you trying to help me. 

 

The biggest problem with my computer is that I can't download anything.  Whenever I try a bar comes up at the bottom of the screen showing percentage of download.  When it hits 100% the writing turns red and the message reads "(whatever) contained a virus and was deleted."  I've tried changing the file name before downloading with the same results.

 

So I cannot download the Farbar Recovery Scan Tool

 

Thanks,

Rich



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 AM

Posted 20 August 2013 - 12:22 PM

Hello Rich

I need you to download it from a clean computer and move it to the infected computer with a flash drive or a pen drive


William
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Rich Andhuge

Rich Andhuge
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Big Sky Country
  • Local time:09:13 PM

Posted 22 August 2013 - 12:26 PM

Hi William,

 

Thanks again for your help,

Rich

 

I hope this is what you're looking for:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013 02
Ran by Jerry (administrator) on 22-08-2013 11:20:40
Running from I:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
(Sun Microsystems, Inc.) C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\java.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [483424 2012-02-01] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKCU\...\Run: [Google Update*] -  [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2835443 2012-02-01] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
SearchScopes: HKLM - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {2F84D8B8-EDDC-465E-A46E-FD4B3098C1BC} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {2F84D8B8-EDDC-465E-A46E-FD4B3098C1BC} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 69.145.248.4 69.146.17.2 69.144.49.29

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (McAfee) - http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
CHR DefaultSuggestURL: (McAfee) -       "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] ()
S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{4a4cfc14-0ce6-798a-c22c-73ae6b27f87a}\   \...\???\{4a4cfc14-0ce6-798a-c22c-73ae6b27f87a}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S1 fdauogko; \??\C:\Windows\system32\drivers\fdauogko.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-22 11:20 - 2013-08-22 11:20 - 00000000 ____D C:\FRST
2013-08-21 19:50 - 2013-08-22 01:58 - 00000000 ____D C:\ProgramData\F6AFBC3F31B69AED0000F6AEC595A021
2013-08-19 10:01 - 2013-08-19 10:01 - 00009397 _____ C:\Users\Jerry\Documents\attach.txt
2013-08-19 09:35 - 2013-08-19 09:35 - 00009399 _____ C:\Users\Jerry\Desktop\attach.txt
2013-08-13 17:28 - 2013-08-13 17:28 - 00000000 ____D C:\Windows\pss

==================== One Month Modified Files and Folders =======

2013-08-22 11:20 - 2013-08-22 11:20 - 00000000 ____D C:\FRST
2013-08-22 11:19 - 2012-03-30 05:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-22 11:19 - 2009-07-13 22:51 - 00071346 _____ C:\Windows\setupact.log
2013-08-22 10:58 - 2013-02-19 07:33 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-22 06:58 - 2013-02-19 07:33 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-22 06:28 - 2013-03-02 09:32 - 00000044 _____ C:\Users\Jerry\jagex_cl_runescape_LIVE.dat
2013-08-22 06:20 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-22 06:20 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-22 06:13 - 2012-01-04 14:07 - 00000000 ____D C:\Users\Jerry
2013-08-22 06:13 - 2011-05-13 04:26 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-08-22 06:13 - 2011-05-13 04:26 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-08-22 06:13 - 2011-05-13 04:01 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-08-22 06:12 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-22 02:00 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-22 01:58 - 2013-08-21 19:50 - 00000000 ____D C:\ProgramData\F6AFBC3F31B69AED0000F6AEC595A021
2013-08-21 19:57 - 2012-02-09 16:19 - 00000024 _____ C:\Users\Jerry\random.dat
2013-08-21 19:57 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2013-08-19 10:01 - 2013-08-19 10:01 - 00009397 _____ C:\Users\Jerry\Documents\attach.txt
2013-08-19 09:35 - 2013-08-19 09:35 - 00009399 _____ C:\Users\Jerry\Desktop\attach.txt
2013-08-17 20:18 - 2013-03-03 11:02 - 00000045 _____ C:\Users\Jerry\jagex_cl_runescape_LIVE1.dat
2013-08-15 22:46 - 2013-04-27 13:31 - 00000045 _____ C:\Users\Jerry\jagex_cl_runescape_LIVE2.dat
2013-08-14 10:11 - 2012-01-04 14:07 - 00000000 ___RD C:\Users\Jerry\Desktop\Play Games
2013-08-14 10:06 - 2009-07-13 23:10 - 01247543 _____ C:\Windows\WindowsUpdate.log
2013-08-13 17:28 - 2013-08-13 17:28 - 00000000 ____D C:\Windows\pss
2013-08-13 09:17 - 2011-05-13 04:10 - 00000000 ____D C:\ProgramData\McAfee
2013-08-13 08:54 - 2011-05-13 05:45 - 00037756 _____ C:\Windows\PFRO.log
2013-08-11 08:18 - 2012-03-30 05:11 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-11 08:18 - 2012-03-30 05:11 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-11 08:18 - 2012-01-10 08:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-06 14:32 - 2013-02-19 07:33 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-02 06:59 - 2013-02-19 07:34 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-01 16:49 - 2012-01-04 14:12 - 00000000 ___RD C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-01 16:49 - 2012-01-04 14:12 - 00000000 ___RD C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-08-01 16:49 - 2012-01-04 14:07 - 00000000 ___RD C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-08-01 16:49 - 2012-01-04 14:07 - 00000000 ___RD C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-08-01 16:49 - 2011-05-13 06:34 - 00000000 ____D C:\Program Files\Dell Games Folder
2013-08-01 16:49 - 2011-05-13 06:32 - 00000000 ____D C:\Program Files\WPI
2013-08-01 16:49 - 2009-07-13 23:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-08-01 16:49 - 2009-07-13 21:20 - 00000000 __RSD C:\Windows\Media
2013-08-01 16:49 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\sysprep
2013-08-01 16:49 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\IME
2013-08-01 16:49 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\Cursors
2013-08-01 16:48 - 2012-02-09 14:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-08-01 16:48 - 2012-01-14 08:56 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2013-08-01 16:48 - 2011-05-13 04:03 - 00000000 ____D C:\Program Files (x86)\eBay
2013-07-24 06:51 - 2012-01-05 16:19 - 00000000 ____D C:\Users\Jerry\AppData\Local\Adobe

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Files to move or delete:
====================
ZeroAccess:
C:\Users\Jerry\AppData\Local\Google\Desktop\Install\{4a4cfc14-0ce6-798a-c22c-73ae6b27f87a}
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{4a4cfc14-0ce6-798a-c22c-73ae6b27f87a}
C:\Users\Jerry\jagex_cl_runescape_LIVE.dat
C:\Users\Jerry\jagex_cl_runescape_LIVE1.dat
C:\Users\Jerry\jagex_cl_runescape_LIVE2.dat
C:\Users\Jerry\jagex_cl_runescape_LIVE3.dat
C:\Users\Jerry\random.dat
C:\Users\Jerry\AppData\Roaming\cache.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\Backup => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

LastRegBack: 2013-08-22 11:14

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2013 02
Ran by Jerry at 2013-08-22 11:21:48
Running from I:\
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

  
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Bing Rewards Client Installer (x32 Version: 16.0.345.0)
Consumer In-Home Service Agreement (x32 Version: 2.0.0)
Coupon Printer for Windows (x32 Version: 5.0.0.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.60)
Dell DataSafe Local Backup (x32 Version: 9.4.60)
Dell DataSafe Online (x32 Version: 2.1.19634)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (x32 Version: 1.00.0000)
Dell Marketplace Webslice IE8 (x32 Version: 8.0)
Dell MusicStage (x32 Version: 1.4.162.0)
Dell PhotoStage (x32 Version: 1.5.0.30)
Dell Stage (x32 Version: 1.7.209.0)
Dell VideoStage (x32 Version: 1.1.1.1408)
DirectX 9 Runtime (x32 Version: 1.00.0000)
eBay (x32 Version: 1.4.0)
el® Graphics Media Accelerator Driver
Google Chrome (x32 Version: 28.0.1500.95)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.153)
GoToAssist 8.0.0.514 (x32)
HP Deskjet 2050 J510 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 2050 J510 series Help (x32 Version: 140.0.61.61)
HP Deskjet 2050 J510 series Product Improvement Study (Version: 22.50.231.0)
HP Photo Creations (x32 Version: 1.0.0.3781)
HP Update (x32 Version: 5.002.006.003)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Rapid Storage Technology (x32 Version: 9.6.0.1014)
Internet Explorer (x32 Version: 8)
Java Auto Updater (x32 Version: 2.0.7.2)
Java™ 6 Update 24 (64-bit) (Version: 6.0.240)
Java™ 6 Update 37 (x32 Version: 6.0.370)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
PhotoShowExpress (x32 Version: 2.0.063)
RBVirtualFolder64Inst (Version: 1.00.0000)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5963)
Roxio Activation Module (x32 Version: 1.0)
Roxio BackOnTrack (x32 Version: 1.3.3)
Roxio Burn (x32 Version: 1.8)
Roxio Creator Starter (x32 Version: 1.0.439)
Roxio Creator Starter (x32 Version: 12.1.77.0)
Roxio Creator Starter (x32 Version: 5.0.0)
Roxio Express Labeler 3 (x32 Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Shared C Run-time for x64 (Version: 10.0.0)
Skype Toolbars (x32 Version: 1.0.4051)
Skype™ 5.10 (x32 Version: 5.10.116)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0)
TrustedID (x32 Version: 5.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
WildTangent Games (x32 Version: 1.0.0.71)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

15-08-2013 01:39:00 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {162389FD-3147-418B-AAE1-535BCE63206D} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {52FABD6B-17AD-4FDA-B579-8526A6F1D2E4} - System32\Tasks\{001E4A42-738A-4156-AD49-162A49BC880E} => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe No File
Task: {81F8B68E-E1A5-4458-837B-FFEDEF97D901} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-11] (Adobe Systems Incorporated)
Task: {9D0BB49F-4604-493B-A249-CE2096F9CE3B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-19] (Google Inc.)
Task: {BE1DCB11-BF3A-4D95-83D4-E8AC9049BE78} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {C6D47290-5449-43E5-97A5-E74E3AA05056} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-19] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/22/2013 10:50:22 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 10.0.9200.16635, time stamp: 0x51b7b287
Exception code: 0xc0000005
Fault offset: 0x0029287a
Faulting process id: 0x16ec
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/22/2013 06:26:20 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 10.0.9200.16635, time stamp: 0x51b7b287
Exception code: 0xc0000005
Fault offset: 0x0029287a
Faulting process id: 0x1b8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/22/2013 06:23:07 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (08/21/2013 08:39:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: VERSION.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdb2b
Exception code: 0xc0000005
Fault offset: 0x000015da
Faulting process id: 0xb44
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (08/21/2013 07:49:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: VERSION.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdb2b
Exception code: 0xc0000005
Fault offset: 0x000015da
Faulting process id: 0x258c
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (08/21/2013 02:16:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 10.0.9200.16635, time stamp: 0x51b7b287
Exception code: 0xc00000fd
Fault offset: 0x004d7525
Faulting process id: 0x2e68
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/21/2013 01:15:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 10.0.9200.16635, time stamp: 0x51b7b287
Exception code: 0xc00000fd
Fault offset: 0x000ce2d9
Faulting process id: 0x1a0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/21/2013 10:39:11 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 10.0.9200.16635, time stamp: 0x51b7b287
Exception code: 0xc0000005
Fault offset: 0x0029287a
Faulting process id: 0x14cc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/21/2013 10:35:35 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 10.0.9200.16635, time stamp: 0x51b7b287
Exception code: 0xc0000005
Fault offset: 0x00292638
Faulting process id: 0x1a4c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/21/2013 09:12:12 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 10.0.9200.16635, time stamp: 0x51b7b287
Exception code: 0xc0000005
Fault offset: 0x0029287a
Faulting process id: 0x21b4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

System errors:
=============
Error: (08/22/2013 09:50:39 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (08/22/2013 09:50:39 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (08/22/2013 09:49:58 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (08/22/2013 09:49:58 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (08/22/2013 09:49:20 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (08/22/2013 09:49:20 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (08/22/2013 09:48:41 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (08/22/2013 09:48:41 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (08/22/2013 09:48:01 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (08/22/2013 09:48:01 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Microsoft Office Sessions:
=========================
Error: (08/22/2013 10:50:22 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100mshtml.dll10.0.9200.1663551b7b287c00000050029287a16ec01ce9f56da3627aaC:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\mshtml.dlleea99bf8-0b4a-11e3-ab75-b8ac6fe41a45

Error: (08/22/2013 06:26:20 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100mshtml.dll10.0.9200.1663551b7b287c00000050029287a1b801ce9f31a8f0e775C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\mshtml.dll0c1b9e28-0b26-11e3-ab75-b8ac6fe41a45

Error: (08/22/2013 06:23:07 AM) (Source: CVHSVC)(User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (08/21/2013 08:39:06 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.1.7600.163854a5bc637VERSION.dll6.1.7600.163854a5bdb2bc0000005000015dab4401ce9ee0c2f79381C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\VERSION.dll0344279d-0ad4-11e3-8fd3-b8ac6fe41a45

Error: (08/21/2013 07:49:35 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.1.7600.163854a5bc637VERSION.dll6.1.7600.163854a5bdb2bc0000005000015da258c01ce9ed9d8ca0f77C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\VERSION.dll187f04bf-0acd-11e3-ae4e-b8ac6fe41a45

Error: (08/21/2013 02:16:18 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100mshtml.dll10.0.9200.1663551b7b287c00000fd004d75252e6801ce9eaa4b9fbb84C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\mshtml.dll894bb365-0a9e-11e3-ae4e-b8ac6fe41a45

Error: (08/21/2013 01:15:40 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100mshtml.dll10.0.9200.1663551b7b287c00000fd000ce2d91a001ce9ea1e9deb8c0C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\mshtml.dll10908c50-0a96-11e3-ae4e-b8ac6fe41a45

Error: (08/21/2013 10:39:11 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100mshtml.dll10.0.9200.1663551b7b287c00000050029287a14cc01ce9e8ca7ac3e9cC:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\mshtml.dll348d3d37-0a80-11e3-ae4e-b8ac6fe41a45

Error: (08/21/2013 10:35:35 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100mshtml.dll10.0.9200.1663551b7b287c0000005002926381a4c01ce9e8b815eb49dC:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\mshtml.dllb3ceaf7e-0a7f-11e3-ae4e-b8ac6fe41a45

Error: (08/21/2013 09:12:12 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100mshtml.dll10.0.9200.1663551b7b287c00000050029287a21b401ce9e7f32c2b71eC:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\mshtml.dll0e08294f-0a74-11e3-ae4e-b8ac6fe41a45

==================== Memory info ===========================

Percentage of memory in use: 63%
Total physical RAM: 6108.98 MB
Available physical RAM: 2251.6 MB
Total Pagefile: 12216.15 MB
Available Pagefile: 8091.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.66 GB) (Free:848.96 GB) NTFS
Drive i: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 4BAA6457)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=918 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 AM

Posted 22 August 2013 - 12:48 PM

Hello Rich Andhuge



I need you to download this script I have made for you --> Attached File  fixlist.txt   1.23KB   9 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Rich Andhuge

Rich Andhuge
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Big Sky Country
  • Local time:09:13 PM

Posted 22 August 2013 - 02:09 PM

Hi Gringo,

 

I had to download the fixlist.txt from a working computer to a usb flash drive then install it on mine.  I'm hope I did everything right.

 

Rich

 

Here is the fixlog.txt

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-08-2013 02
Ran by Jerry at 2013-08-22 13:02:05 Run:1
Running from I:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{4a4cfc14-0ce6-798a-c22c-73ae6b27f87a}\   \...\???\{4a4cfc14-0ce6-798a-c22c-73ae6b27f87a}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
S1 fdauogko; \??\C:\Windows\system32\drivers\fdauogko.sys [x]
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Users\Jerry\AppData\Local\Google\Desktop\Install\{4a4cfc14-0ce6-798a-c22c-73ae6b27f87a}
C:\Program Files (x86)\Google\Desktop\Install\{4a4cfc14-0ce6-798a-c22c-73ae6b27f87a}
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client
DeleteJunctionsIndirectory: C:\Windows\system64
cmd: Dir /b /a:l "C:\Program Files" /s

 

 

*****************

Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
*etadpug => Service deleted successfully.
fdauogko => Service deleted successfully.
C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.
Could not move "C:\Windows\assembly\GAC_64\Desktop.ini" => Scheduled to move on reboot.
C:\Users\Jerry\AppData\Local\Google\Desktop\Install\{4a4cfc14-0ce6-798a-c22c-73ae6b27f87a} => Moved successfully.

"C:\Program Files (x86)\Google\Desktop\Install\{4a4cfc14-0ce6-798a-c22c-73ae6b27f87a}" directory move:

Could not move "C:\Program Files (x86)\Google\Desktop\Install\{4a4cfc14-0ce6-798a-c22c-73ae6b27f87a}" directory. => Scheduled to move on reboot.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
"C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Drivers" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.
"C:\Windows\system64" => Not Found

=========  Dir /b /a:l "C:\Program Files" /s =========

File Not Found

========= End of CMD: =========

=========== Result of Scheduled Files to move ===========

C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.
C:\Program Files (x86)\Google\Desktop\Install\{4a4cfc14-0ce6-798a-c22c-73ae6b27f87a} => Moved successfully.

==== End of Fixlog ====



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 AM

Posted 22 August 2013 - 08:48 PM



Hello Rich Andhuge

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Rich Andhuge

Rich Andhuge
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Big Sky Country
  • Local time:09:13 PM

Posted 23 August 2013 - 12:01 PM

Hi Gringo,

 

I was able to download and run both programs.  I was also able to use google without redirects.

 

Things are really looking up...  :)

 

Thanks,

Rich

 

Here are both logs:

 

 

# AdwCleaner v3.000 - Report created 23/08/2013 at 10:44:48
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jerry - JERRY-PC
# Running from : C:\Users\Jerry\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16635

-\\ Google Chrome v29.0.1547.57

[ File : C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1535 octets] - [23/08/2013 06:31:12]
AdwCleaner[R1].txt - [1595 octets] - [23/08/2013 10:44:23]
AdwCleaner[S0].txt - [1532 octets] - [23/08/2013 10:44:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1592 octets] ##########

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by Jerry on Fri 08/23/2013 at 10:49:32.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{03690755-53E0-477B-9E28-7AC89AE86553}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{04B0FE5E-6E4D-4A4A-B7B4-84BF5795A60A}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{05C69429-CAE1-4517-9730-3B945E46783A}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{06DBF706-C55B-479B-862F-A95BD9D290B0}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{0756CAC7-95BE-454C-A30E-2A6970F66FD8}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{086492C2-9A96-4725-AEE3-F9A64A034F06}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{091F5B01-4430-4E24-B838-5E2A51BDDC89}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{093A2516-4533-432D-804C-A9DC2B4678DE}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{098AE1E4-B864-456D-B29B-2C6C7C5350F6}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{09BAF8FA-9804-4F88-B4BB-D5DF5C55A81F}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{0B156AF8-EC0F-4041-B8E9-DC034CE4F64C}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{0B2C0B8E-B179-4196-AA8F-F1C0A8848FC6}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{0E72BFF2-2984-4ACF-B56A-D0CA7878A79A}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{0FAE9F9C-B3FE-4FEB-BA58-5E1C683B3BEA}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{0FB9C217-A314-49B8-AC79-EDF623C4D01A}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{14177CF7-0038-4D43-B78A-C6A027460AB8}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{1441957C-091F-4F9E-841A-FECC90DA0232}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{14EE9FDB-6B5B-4625-9223-19DC62003824}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{15FCC05E-515E-4EA5-8D3A-769E05509E30}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{1711C593-3EAD-4115-B73C-234F3610D828}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{18996874-DBD3-438F-8293-8226CFFB5F31}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{1983FF8F-8B8D-4CB0-BFE0-F5A3A0B1F039}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{1A7E39AD-2CA6-43B9-9B37-0AFADC146A73}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{1B466297-39B0-4345-ADEC-8A2B5FA9FD06}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{1C5F425A-568B-4B7C-B9C7-7788F5AEE043}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{1DA45BF7-5602-41DF-8A67-2FE698DC2C5A}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{1F087236-B1DD-4201-ABDD-5EBF5AAE9721}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{20C2B853-C449-42F8-9877-089BBB7FC107}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{22FA5CA9-CEF5-47F6-B22C-296A0A8A502D}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{24F4C9A8-A9EA-48C9-B8CE-472C24297AAB}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{2566A6BF-518A-491B-9EB2-333C365D5AD9}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{25BF1E2C-BE58-4E5E-85AB-21A657D359B2}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{265DB28D-8EEC-4EA5-B37F-20E0A8E762C6}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{26EF6CEA-B928-4D6A-A44B-57BCCB5AB137}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{288F12B5-6E51-4340-B313-626A57408725}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{294BB587-B493-43BB-A5CE-8B00E85F555E}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{2EE35668-395C-491E-BC80-FA45312279C6}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{33976341-E96D-4D1F-9305-65E42999DCFE}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{36135FC0-8ACB-4F62-B6DD-D9741EDCDEAB}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{371D22D4-4F8C-4FA6-8C5D-3A127E407244}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{383977B2-5E59-4359-8D44-77122694EA15}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{39784DC8-5394-4C88-B828-22518A585125}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{3A1CF10D-D4D8-4FE9-8DED-5DE8CD477A00}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{3DA3902C-2EBA-4C60-829B-35B5D9B694E0}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{3DBE062F-56F3-43AB-9450-88A4E94EA201}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{400239A9-A98A-4134-BCFB-EEAC078F8DD4}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{413D4C39-3C5C-4831-B47E-60552A7A62F8}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{4193AA79-4BF0-47B1-A11C-2FCEA1B01E63}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{42F681F3-961C-4444-AE81-5A1F47D3C54E}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{437DAE68-E040-4D7D-BC39-34090DA91724}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{43973061-63C2-47A5-A89E-54BBB1126CA8}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{44242F52-5723-4D25-8003-971EF6EA539D}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{447C23DB-A12F-4B86-B422-228C9BE25B20}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{449929EA-71C9-473B-A6BA-0F25B87D1D87}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{44F5F028-3380-4BCF-8931-F121AFF85A40}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{48002258-98B5-42F2-9B36-3E2A8BB8CBE2}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{487DAB49-005B-4F68-8FCD-955354DE75FD}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{48DCB57F-FAFF-416E-B584-B88B1C1A2CF8}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{49E88299-4FCC-451E-97BA-FBF1DD45207A}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{49F5129B-6837-4F75-A2F4-196AEDB11274}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{4C9815BB-D990-43B0-9C54-1CEA350FEAB1}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{4CF7AC5C-1BA0-4649-AC0B-6A86ADB2ADB5}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{4D5A517C-FFCE-4AEF-AB25-2B012E33AC6C}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{4F91D8A3-0FED-439C-A9CE-872A32826DFD}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{50EB3C14-3FAF-41ED-83EF-24BBA8D9FA69}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{5274CDC6-CA63-45F5-8021-F91376652190}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{52B44C73-2723-4E5C-B4CC-C239A48C5A2A}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{52D20F1F-0F54-47B5-BD08-7D24E4B20935}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{5304BA98-4407-4B54-900F-4149FF00E996}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{5384A8E7-5D58-4CBA-BB23-B2C0112DAD6C}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{54304F38-B695-489D-87B2-1E33B6236FCE}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{544A4964-4367-48AD-9752-3D1461A4CC6B}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{54C5275B-8DA1-42B2-86F9-6CFAEFFF66E8}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{556A4760-D845-4570-B8BC-A8A55665FA7D}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{56C1D39A-14A3-44BB-9734-3C7899A11253}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{5787AE37-00C1-427E-8141-C7DDC001DC24}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{583B5466-0649-4A25-A763-F73D9C0FB3F4}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{585C8A10-389F-45CB-AE55-F0DF67616618}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{5A25C772-8F4C-4B83-B361-484A498FB628}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{5A6B07ED-BE46-471B-B0C6-C2F9B6199BD4}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{5AE22A64-B6C5-445F-A073-DE50FBE2712C}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{5B60590E-F7C6-4CDA-8352-012DB91C7F3B}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{5C23F65B-69F4-44AD-BE5A-A58B9CAA6EDF}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{5DEF93E7-9089-4333-A5F7-FBD996F9CB01}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{5E73B91E-D32D-46A4-8A81-519579C6D62D}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{5EC88678-2CA9-49C2-B6B5-A5CBBE512C68}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{5FA7ED23-EF36-4470-92D4-7CC83F79FB3D}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{5FC6D5D9-FDC6-41FB-90A4-41C2AEE0DA4D}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{60746BB7-BA73-41CF-814D-ED54BF4412FB}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{60AE9EA1-FF1B-4F9D-89F7-70904C433215}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{61BB6EB8-3617-469D-8177-7789CFABF41D}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{6622C760-067E-48D2-A25D-0B86CDDC3399}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{67100C6E-90F8-4E96-8902-C59A4DFC941D}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{6755FA3F-FB3B-4100-BFB5-17B8DF020A7C}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{676BA12C-C4F0-4F05-9A94-4D6739F02671}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{67F4D435-513A-42A9-9F3A-9DA56712F7C9}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{6820EDA6-6CFD-4FD6-A77F-4C8C2EF25DB9}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{68D55E00-1BBE-4D86-A951-EC716C6648F4}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{69EC137A-3D54-41B6-9018-C077A6F3F794}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{6B198A95-7AD1-4EB6-9164-DEAB580F6069}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{6C278CB0-8AB9-4D7F-8FB8-CC9AAD9EAF7E}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{6E09ECDE-6403-47E9-90C5-2F70AEB55D6A}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{6E10E6E0-E740-4A1A-AF19-F625BA4C3691}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{739D01BE-4CF5-43B5-945D-FB244B6048DD}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{744AAE66-B6DA-4D71-A548-39D10901C251}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{75BD3EAD-DDEB-4B7C-8040-6284EA201B9E}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{77C7728D-EC3C-4435-A941-7DC940931698}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{7876DAC4-0DC7-4126-BF4E-277692B00890}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{79633C83-EBEF-4881-A101-23EE59496CBE}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{7C114131-2D06-4CD2-9A1A-FF6E4DACC727}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{7EAC403A-CDAD-4FDC-BCAF-FC4B71943E26}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{8060B76A-B9AC-4BD1-A9DE-15330760347F}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{814142F6-0CC8-4926-BFE6-794F68340F1F}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{81AE9545-8D8D-4EF3-B267-B7680DB2AC24}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{81AF55B7-7092-4E7C-B9FF-D22FA68107BA}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{81D00A0D-CDB6-4716-B7A2-72DA6768CAC8}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{82FC4FE0-B090-4CB7-9866-89D8AC7041B0}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{853E416F-5046-47E7-B302-95202614868D}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{86A779CA-2715-4234-AC11-911954D1664C}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{87328971-223F-4F3F-B31C-3574F70B5654}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{88201142-F558-4CD6-8AC0-01023D740AEF}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{888D3ACD-8F6A-4BDA-8F04-9A879413E0DC}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{89F6DB06-CAEA-4199-8332-6C5283277740}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{8A981C46-1431-45D6-95D3-7F52D971E95D}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{8B0F8BF9-8593-4173-8204-69E0EFD6B353}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{8B9BC9E2-3961-4373-97A8-8EE1E4AE3F63}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{8C612DB6-06A5-4C6E-BAA9-F51549460AC8}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{8CFD1165-0666-413B-A29D-1ED8E38E8557}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{8F5F5E62-CD3B-469E-99C9-DD0D6B46C6E6}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{90289090-EE83-457A-BEBC-10A6DF52B3EE}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{94438D5A-DFE8-47B5-AC62-27D6D83E5DA2}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{94855420-507A-4137-B37A-AAAE065C5234}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{948B1EDB-4A61-4081-AFC4-A4EEB7367132}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{9692F326-6462-4BD5-A4AF-4D915406C0B7}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{9841968D-B71B-4F7C-BBEC-B0E67412553B}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{989C7408-7617-4C5B-9429-AB68A38CDB73}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{99709BB8-67A7-49F8-B943-E5FA0233B182}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{9AA3C042-DF56-4C0F-8D0B-2F27664F326F}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{9AE082EE-DF11-4539-83C0-CCF362FFE60B}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{9D346544-CBC6-4D62-B914-5D8D2EC5D103}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{9DFCA2D6-36EF-4D91-BB11-C3FA77CDD585}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{9F7B10D3-898F-4C9D-84AD-1A9E8B2E2191}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{A110AF34-FBDE-45A0-A9CC-C67967103A07}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{A1D4FE4E-042B-4F04-8EF4-8C271A4F58EB}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{A28971BB-0707-44D0-959F-821526E66962}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{A4AEE28D-F8FC-4C50-A430-37323105959D}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{A7650B89-1FCA-47C2-9BF9-7D696884EAA5}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{A76E8A9A-9D09-4245-A19E-F82A50957B7C}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{A7CFC0F9-9E4C-49C8-A20A-53F8DDA54F23}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{A93227D0-91DE-489A-9233-F4B49BEA85FC}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{A9918E07-BB6A-437A-BDC1-15A5953F4454}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{A99D1204-13B6-4B28-983F-7CF42E62C706}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{AA538FA7-CD83-4D35-8217-A7138A8821C0}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{AAD57E71-B547-47F9-956B-3E00BF210197}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{AF0C6C5F-D844-4663-A70E-F58514CA67F7}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{B0166C30-AFBA-489E-82DC-322830ADD331}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{B18D602A-5579-4F5A-A07A-99C46833B7C6}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{B1A10B85-B176-49D7-992B-216513721689}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{B1E4477D-F9E8-42BF-B851-3BC2824F129F}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{B20FD62D-DE7E-44E8-8995-57BC946A54C5}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{B45CDFF4-3BFE-4030-8C0B-36556CF08D9A}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{B4D47ABA-2B15-43A5-84B1-67D49F61C1C3}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{B64D9701-DA00-4770-9F13-EC3BDBBE872D}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{B8AC8242-919D-47E2-9F6A-E0D8833E998F}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{BAB4EFF5-A3E1-4246-83A9-31B6CF9CF323}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{BCB3475C-A64C-48CF-A619-10A76A62D833}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{BD9C2A7C-3B2C-4D17-81B7-1F41AFA8AFA1}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{BE3A58A4-9EE2-4155-89BA-1A3AC97A5FF4}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{BE6BB551-C26A-45AB-A520-387436029E75}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{BF01F15B-D03E-4006-817C-6CE01C8D13C9}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{C0506FA4-88AF-4F63-930D-E76057AAFD10}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{C0AAD2D1-EE6C-4A55-9A21-F47215E36AB9}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{C1CC663B-8AE7-43B6-9A8C-AE34AF79AD4D}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{C2D695A7-6933-4588-BC0E-90D982F7CAEA}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{C2EEFEEC-1950-4E22-B0CA-969DE76835C0}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{C5773C68-D6F2-4DB4-8E77-BEBBF2EC1521}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{C5B4851A-C6F0-4784-B660-752177744264}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{C7772CBB-65FF-4B76-A9A2-92E92FA72CFB}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{C91C9ACB-E2BE-459B-A0E9-77B12EF68626}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{C97A2C7F-B203-4126-BFDF-293C8DC04344}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{C9B7BB21-35FD-4F73-8AD2-02FF9F5879DA}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{CA40A0FE-ED56-4EB4-89E3-ED57B509ABA9}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{CAA37D65-3E21-419C-ACB5-033FEA1549EF}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{CB5477D9-386D-4B85-A438-52E0A5FC3D5A}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{CC3838FA-7300-4535-B858-DCE228728709}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{CC73B537-68A2-4A36-8493-7323E0AE625F}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{CDCFC8B2-FE44-43D3-9AC8-FA8A21A7BD5E}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{CE15989D-375E-4EAD-9B5A-44B8CACDF7D8}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{CE28D37E-1BDB-4E01-B0B1-B0CC0853C2CE}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{CE9824EC-FC79-4264-902F-CADC0D7B40A4}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{CF6D97F4-F96F-460D-816A-7243329DC9F9}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{D119B3BF-6DF4-4275-B664-8D69AE2EC692}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{D317458C-3D07-4DE4-B98E-5E58E359E810}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{D3B92E17-A38D-4074-A35D-83988BCB50A7}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{D4004644-99BB-46AE-9755-EA97E4262AC6}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{D402658A-E625-4F2B-BE9B-85838846507A}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{D6BC1642-8D87-4490-94E5-1D2072A26B44}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{D847130E-A1CD-405F-854C-2CDDCA1CFBD9}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{DCDF248E-F764-42D9-8E5D-8FE04413BCFF}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{DCF53F6F-FAE3-4DF7-9EF8-8071643D0915}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{E2B151B0-58BB-4063-AE13-1178061DE14F}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{E5174CE5-ADC5-4D37-9AA3-9538D3936FEB}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{E608DD21-773E-4654-A14D-06E6EA24FD30}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{E79DA4BB-1918-4D48-9AD6-6F2D18AD7A5B}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{E7D528E6-C658-4743-9F16-6D0519E1D768}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{E9050895-A380-4B23-A3CD-5D0AD7FD797D}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{EB1798E3-419D-4182-B763-A003ADF48ED5}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{EBD32AD3-E10C-4F1C-BA03-6E8E2D86F062}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{ED5CD412-815D-4269-A7CD-D7C278BFB186}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{EE30ADD2-C107-468F-8B8E-B60F77FC26C1}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{F0744CAE-D209-4929-ACF2-75C690B14314}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{F086CB40-3D4E-4E86-897F-464AE896EAF3}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{F0E1EA64-0661-4B9D-88DF-3FD29E3D4FA6}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{F1DE12F9-3C31-4D04-9C33-F2C91D9FA7DD}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{F3E824A5-7C4E-4B40-A785-820F8A2B6AD0}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{F426C540-EB24-4A24-9418-C981D5AA1F1B}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{F559DC00-7A1F-4359-8F85-EAFCF9CDA3E7}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{F5A15741-CD07-437D-8791-D0BD39A8EC4F}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{F5B3A3EB-6CA8-41BE-B1B1-D8C9811342CF}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{F8522415-112F-40C8-BB62-53668CEDA7B8}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{F8E492B3-63F8-478E-AE1D-34EF86B9ADA2}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{FA14942F-820F-49B8-9BCE-6DF10BC89967}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{FB6A7E61-1C6D-4FEF-8AAF-EDE3082805C1}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{FC82DBC5-09DB-4B16-BF45-622C3F460D36}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{FCACF247-4D68-45E6-BC88-6A9EF332F81B}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{FCD9FCAC-55A1-4DA9-97BB-9C8E8E60A058}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{FD71E559-0E69-4E65-8AE5-66F9B9B64387}
Successfully deleted: [Empty Folder] C:\Users\Jerry\appdata\local\{FE5543E9-B79D-4D31-BCB0-E3E93869B6A2}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 08/23/2013 at 10:52:49.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 AM

Posted 23 August 2013 - 08:45 PM


Hello Rich Andhuge

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Rich Andhuge

Rich Andhuge
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Big Sky Country
  • Local time:09:13 PM

Posted 24 August 2013 - 11:33 AM

Hi Gringo,

 

I followed your instructions and used Link 1

 

Combofix downloaded and ran perfectly.  No problems or error messages.

 

My computer is running very good.  No redirects, CPU usage is lower, pages opening faster, etc...

 

Thanks,

Rich

 

Here is the Combofix log:

 

ComboFix 13-08-22.01 - Jerry 08/24/2013  10:11:34.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6109.4518 [GMT -6:00]
Running from: c:\users\Jerry\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\179F.tmp
c:\programdata\Microsoft\Windows\DRM\4AA0.tmp
c:\programdata\Microsoft\Windows\DRM\510D.tmp
c:\programdata\Microsoft\Windows\DRM\67DE.tmp
c:\programdata\Microsoft\Windows\DRM\908C.tmp
c:\programdata\Microsoft\Windows\DRM\DD4C.tmp
c:\users\Jerry\AppData\Roaming\cache.dat
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-24 to 2013-08-24  )))))))))))))))))))))))))))))))
.
.
2013-08-24 16:24 . 2013-08-24 16:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-23 18:12 . 2013-08-23 18:12 -------- d-----w- c:\windows\Sun
2013-08-23 16:49 . 2013-08-23 16:49 -------- d-----w- c:\windows\ERUNT
2013-08-23 12:30 . 2013-08-23 16:44 -------- d-----w- C:\AdwCleaner
2013-08-22 17:20 . 2013-08-22 19:03 -------- d-----w- C:\FRST
2013-08-22 01:50 . 2013-08-22 07:58 -------- d-----w- c:\programdata\F6AFBC3F31B69AED0000F6AEC595A021
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-11 14:18 . 2012-03-30 11:11 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-11 14:18 . 2012-01-10 14:06 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-24 06:57 . 2012-01-22 19:53 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-11 23:43 . 2013-07-12 05:05 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-11 23:43 . 2013-07-12 05:05 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-06-11 23:42 . 2013-07-12 05:05 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-06-11 23:42 . 2013-07-12 05:05 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26 . 2013-07-12 05:05 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-06-11 23:26 . 2013-07-12 05:05 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:26 . 2013-07-12 05:05 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-11 23:25 . 2013-07-12 05:05 19238912 ----a-w- c:\windows\system32\mshtml.dll
2013-06-11 23:25 . 2013-07-12 05:05 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-06-11 23:25 . 2013-07-12 05:05 855552 ----a-w- c:\windows\system32\jscript.dll
2013-06-11 23:25 . 2013-07-12 05:05 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:25 . 2013-07-12 05:05 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-06-11 23:25 . 2013-07-12 05:05 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-11 23:25 . 2013-07-12 05:05 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:25 . 2013-07-12 05:05 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-06-11 23:25 . 2013-07-12 05:05 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-06-11 23:25 . 2013-07-12 05:05 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 23:25 . 2013-07-12 05:05 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-06-11 22:51 . 2013-07-12 05:05 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50 . 2013-07-12 05:05 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-07 03:22 . 2013-07-12 05:05 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-07 02:37 . 2013-07-12 05:05 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-05 03:34 . 2013-07-11 12:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-11 12:30 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-11 12:30 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-23 12:58 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 14:18]
.
2013-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-19 13:33]
.
2013-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-19 13:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 69.145.248.4 69.146.17.2 69.144.49.29
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-24  10:26:09
ComboFix-quarantined-files.txt  2013-08-24 16:26
.
Pre-Run: 910,261,342,208 bytes free
Post-Run: 910,707,699,712 bytes free
.
- - End Of File - - FB935C8D60B266C2F123744132F14700
5C616939100B85E558DA92B899A0FC36
 



#12 Rich Andhuge

Rich Andhuge
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Big Sky Country
  • Local time:09:13 PM

Posted 25 August 2013 - 11:39 AM

Hi Gringo,

 

My computer ran beautiful all day yesterday.  When I shut it down for the night windows did some automatic updates.

 

Today (about 5 minutes ago) it did something weird.  It shut down and restarted all by itself.  When it rebooted I can hear what sounds like radio stations (maybe 3 or 4 different ones) thru the speakers.  There are no internet pages open and nothing on the browser, just the sounds thru the speakers.  CPU usage has gone back up and pages are opening slower.  I have no idea what's going on.  I did shut down and reboot the computer but the sounds are still there.

 

I'm sorry about this but I have no idea what's going on...

 

Take care,

Rich



#13 Rich Andhuge

Rich Andhuge
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Big Sky Country
  • Local time:09:13 PM

Posted 25 August 2013 - 12:56 PM

Hi Gringo,

 

I just ran Combofix again.  It took a lot longer than before but didn't have any problems or error messages.  Unfortunately the radio/tv type sounds are still there.  I opened the task master and noticed that one of the svchost.exe images is very high (in both cpu and memory usage).

 

Things were working so well yesterday.  It sure seems like a huge step backwards today.

 

I will not do anything else until I hear back from you.

 

Rich

 

Here is the new combofix log:

 

ComboFix 13-08-25.01 - Jerry 08/25/2013  10:51:18.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6109.4248 [GMT -6:00]
Running from: c:\users\Jerry\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\2790.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-25 to 2013-08-25  )))))))))))))))))))))))))))))))
.
.
2013-08-25 17:28 . 2013-08-25 17:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-24 16:43 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-23 18:12 . 2013-08-23 18:12 -------- d-----w- c:\windows\Sun
2013-08-23 16:49 . 2013-08-23 16:49 -------- d-----w- c:\windows\ERUNT
2013-08-23 12:30 . 2013-08-23 16:44 -------- d-----w- C:\AdwCleaner
2013-08-22 17:20 . 2013-08-22 19:03 -------- d-----w- C:\FRST
2013-08-22 01:50 . 2013-08-22 07:58 -------- d-----w- c:\programdata\F6AFBC3F31B69AED0000F6AEC595A021
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-25 04:56 . 2012-01-22 19:53 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-08-11 14:18 . 2012-03-30 11:11 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-11 14:18 . 2012-01-10 14:06 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-05 03:34 . 2013-07-11 12:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-11 12:30 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-11 12:30 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-23 12:58 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 14:18]
.
2013-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-19 13:33]
.
2013-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-19 13:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 69.145.248.4 69.146.17.2 69.144.49.29
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
.
**************************************************************************
.
Completion time: 2013-08-25  11:38:55 - machine was rebooted
ComboFix-quarantined-files.txt  2013-08-25 17:38
ComboFix2.txt  2013-08-24 16:26
.
Pre-Run: 908,840,865,792 bytes free
Post-Run: 908,847,177,728 bytes free
.
- - End Of File - - D8FE18EE17A036D5C569C52D28A86D29
5C616939100B85E558DA92B899A0FC36
 



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 AM

Posted 25 August 2013 - 06:26 PM


Hello Rich Andhuge

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Rich Andhuge

Rich Andhuge
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Big Sky Country
  • Local time:09:13 PM

Posted 25 August 2013 - 07:42 PM

Hi Gringo,

 

I ran both programs as per your instructions with no problems.  The audio sounds are gone, pages are loading faster, cpu usage is way down, etc.  Things seem to be working normally.

 

A couple of things though... 

 

After I hit delete for Roguekiller a page opened up asking to download a zeroaccess program.  Since your instructions didn't say anything about it I did not download the program.

 

Also...I did get the two roquekiller logs on my desktop but neither of them is RKreport[2].txt.  I have included both logs so hopefully one of them is what you're looking for.

 

 

Thanks for getting back to me so quick,

Rich

 

Here are the three logs:

 

18:04:07.0750 5024  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:04:08.0562 5024  ============================================================
18:04:08.0562 5024  Current date / time: 2013/08/25 18:04:08.0562
18:04:08.0562 5024  SystemInfo:
18:04:08.0562 5024 
18:04:08.0562 5024  OS Version: 6.1.7601 ServicePack: 1.0
18:04:08.0562 5024  Product type: Workstation
18:04:08.0563 5024  ComputerName: JERRY-PC
18:04:08.0563 5024  UserName: Jerry
18:04:08.0563 5024  Windows directory: C:\Windows
18:04:08.0563 5024  System windows directory: C:\Windows
18:04:08.0563 5024  Running under WOW64
18:04:08.0563 5024  Processor architecture: Intel x64
18:04:08.0563 5024  Number of processors: 2
18:04:08.0563 5024  Page size: 0x1000
18:04:08.0563 5024  Boot type: Normal boot
18:04:08.0563 5024  ============================================================
18:04:14.0566 5024  BG loaded
18:04:15.0448 5024  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:04:15.0466 5024  ============================================================
18:04:15.0466 5024  \Device\Harddisk0\DR0:
18:04:15.0492 5024  MBR partitions:
18:04:15.0492 5024  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1B9F000
18:04:15.0492 5024  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BB3000, BlocksNum 0x72B53000
18:04:15.0492 5024  ============================================================
18:04:15.0611 5024  C: <-> \Device\Harddisk0\DR0\Partition2
18:04:15.0611 5024  ============================================================
18:04:15.0611 5024  Initialize success
18:04:15.0612 5024  ============================================================
18:05:01.0535 6364  ============================================================
18:05:01.0535 6364  Scan started
18:05:01.0535 6364  Mode: Manual; SigCheck; TDLFS;
18:05:01.0535 6364  ============================================================
18:05:04.0927 6364  ================ Scan system memory ========================
18:05:04.0927 6364  System memory - ok
18:05:04.0930 6364  ================ Scan services =============================
18:05:05.0400 6364  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:05:05.0912 6364  1394ohci - ok
18:05:05.0944 6364  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:05:05.0962 6364  ACPI - ok
18:05:05.0982 6364  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:05:06.0202 6364  AcpiPmi - ok
18:05:06.0329 6364  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:05:06.0449 6364  AdobeARMservice - ok
18:05:06.0601 6364  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:05:06.0639 6364  AdobeFlashPlayerUpdateSvc - ok
18:05:06.0704 6364  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
18:05:06.0721 6364  adp94xx - ok
18:05:06.0791 6364  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
18:05:06.0812 6364  adpahci - ok
18:05:06.0846 6364  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
18:05:06.0863 6364  adpu320 - ok
18:05:06.0900 6364  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:05:07.0206 6364  AeLookupSvc - ok
18:05:07.0247 6364  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
18:05:07.0395 6364  AFD - ok
18:05:07.0421 6364  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:05:07.0434 6364  agp440 - ok
18:05:07.0473 6364  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
18:05:07.0591 6364  ALG - ok
18:05:07.0630 6364  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:05:07.0639 6364  aliide - ok
18:05:07.0678 6364  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:05:07.0696 6364  amdide - ok
18:05:07.0718 6364  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:05:07.0775 6364  AmdK8 - ok
18:05:07.0792 6364  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:05:07.0901 6364  AmdPPM - ok
18:05:07.0926 6364  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:05:07.0941 6364  amdsata - ok
18:05:07.0970 6364  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:05:07.0985 6364  amdsbs - ok
18:05:08.0000 6364  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:05:08.0013 6364  amdxata - ok
18:05:08.0035 6364  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
18:05:08.0402 6364  AppID - ok
18:05:08.0430 6364  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:05:08.0692 6364  AppIDSvc - ok
18:05:08.0756 6364  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
18:05:08.0819 6364  Appinfo - ok
18:05:08.0921 6364  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
18:05:08.0944 6364  arc - ok
18:05:08.0961 6364  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:05:08.0985 6364  arcsas - ok
18:05:09.0038 6364  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:05:09.0368 6364  AsyncMac - ok
18:05:09.0403 6364  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
18:05:09.0412 6364  atapi - ok
18:05:09.0466 6364  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:05:09.0893 6364  AudioEndpointBuilder - ok
18:05:09.0906 6364  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:05:09.0970 6364  AudioSrv - ok
18:05:10.0027 6364  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:05:10.0199 6364  AxInstSV - ok
18:05:10.0261 6364  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
18:05:10.0423 6364  b06bdrv - ok
18:05:10.0448 6364  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:05:10.0751 6364  b57nd60a - ok
18:05:10.0773 6364  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:05:10.0893 6364  BDESVC - ok
18:05:10.0916 6364  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:05:10.0970 6364  Beep - ok
18:05:11.0043 6364  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
18:05:11.0367 6364  BFE - ok
18:05:11.0427 6364  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
18:05:11.0546 6364  BITS - ok
18:05:11.0595 6364  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:05:11.0718 6364  blbdrive - ok
18:05:11.0741 6364  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:05:11.0833 6364  bowser - ok
18:05:11.0847 6364  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:05:12.0023 6364  BrFiltLo - ok
18:05:12.0055 6364  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:05:12.0069 6364  BrFiltUp - ok
18:05:12.0121 6364  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
18:05:12.0181 6364  BridgeMP - ok
18:05:12.0217 6364  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
18:05:12.0312 6364  Browser - ok
18:05:12.0339 6364  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:05:12.0416 6364  Brserid - ok
18:05:12.0435 6364  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:05:12.0498 6364  BrSerWdm - ok
18:05:12.0528 6364  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:05:12.0604 6364  BrUsbMdm - ok
18:05:12.0625 6364  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:05:12.0908 6364  BrUsbSer - ok
18:05:12.0946 6364  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:05:13.0109 6364  BTHMODEM - ok
18:05:13.0161 6364  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
18:05:13.0240 6364  bthserv - ok
18:05:13.0268 6364  catchme - ok
18:05:13.0291 6364  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:05:13.0369 6364  cdfs - ok
18:05:13.0404 6364  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
18:05:13.0431 6364  cdrom - ok
18:05:13.0487 6364  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:05:13.0909 6364  CertPropSvc - ok
18:05:13.0978 6364  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:05:14.0052 6364  circlass - ok
18:05:14.0078 6364  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
18:05:14.0099 6364  CLFS - ok
18:05:14.0160 6364  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:05:14.0171 6364  clr_optimization_v2.0.50727_32 - ok
18:05:14.0226 6364  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:05:14.0237 6364  clr_optimization_v2.0.50727_64 - ok
18:05:14.0318 6364  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:05:14.0329 6364  clr_optimization_v4.0.30319_32 - ok
18:05:14.0382 6364  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:05:14.0414 6364  clr_optimization_v4.0.30319_64 - ok
18:05:14.0456 6364  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:05:14.0666 6364  CmBatt - ok
18:05:14.0690 6364  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:05:14.0714 6364  cmdide - ok
18:05:14.0759 6364  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
18:05:14.0780 6364  CNG - ok
18:05:14.0803 6364  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:05:14.0815 6364  Compbatt - ok
18:05:14.0862 6364  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:05:14.0915 6364  CompositeBus - ok
18:05:14.0935 6364  COMSysApp - ok
18:05:14.0948 6364  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
18:05:14.0957 6364  crcdisk - ok
18:05:14.0999 6364  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:05:15.0139 6364  CryptSvc - ok
18:05:15.0263 6364  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:05:15.0283 6364  cvhsvc - ok
18:05:15.0320 6364  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:05:15.0382 6364  DcomLaunch - ok
18:05:15.0418 6364  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
18:05:15.0492 6364  defragsvc - ok
18:05:15.0627 6364  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:05:15.0684 6364  DfsC - ok
18:05:15.0725 6364  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:05:15.0847 6364  Dhcp - ok
18:05:15.0878 6364  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
18:05:16.0125 6364  discache - ok
18:05:16.0192 6364  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:05:16.0206 6364  Disk - ok
18:05:16.0245 6364  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:05:16.0753 6364  Dnscache - ok
18:05:16.0785 6364  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:05:16.0889 6364  dot3svc - ok
18:05:16.0923 6364  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
18:05:17.0263 6364  DPS - ok
18:05:17.0305 6364  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:05:17.0383 6364  drmkaud - ok
18:05:17.0412 6364  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:05:17.0540 6364  DXGKrnl - ok
18:05:17.0595 6364  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
18:05:17.0649 6364  EapHost - ok
18:05:17.0719 6364  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
18:05:18.0044 6364  ebdrv - ok
18:05:18.0085 6364  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
18:05:18.0185 6364  EFS - ok
18:05:18.0256 6364  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:05:18.0325 6364  ehRecvr - ok
18:05:18.0333 6364  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
18:05:18.0539 6364  ehSched - ok
18:05:18.0620 6364  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
18:05:18.0647 6364  elxstor - ok
18:05:18.0664 6364  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:05:18.0762 6364  ErrDev - ok
18:05:18.0907 6364  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
18:05:19.0098 6364  EventSystem - ok
18:05:19.0121 6364  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
18:05:19.0178 6364  exfat - ok
18:05:19.0205 6364  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:05:19.0344 6364  fastfat - ok
18:05:19.0386 6364  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
18:05:19.0573 6364  Fax - ok
18:05:19.0620 6364  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:05:19.0670 6364  fdc - ok
18:05:19.0712 6364  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:05:19.0825 6364  fdPHost - ok
18:05:19.0833 6364  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:05:19.0901 6364  FDResPub - ok
18:05:19.0921 6364  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:05:19.0932 6364  FileInfo - ok
18:05:19.0945 6364  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:05:20.0129 6364  Filetrace - ok
18:05:20.0182 6364  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:05:20.0271 6364  flpydisk - ok
18:05:20.0300 6364  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:05:20.0313 6364  FltMgr - ok
18:05:20.0398 6364  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
18:05:20.0428 6364  FontCache - ok
18:05:20.0517 6364  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:05:20.0526 6364  FontCache3.0.0.0 - ok
18:05:20.0547 6364  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:05:20.0746 6364  FsDepends - ok
18:05:20.0779 6364  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:05:20.0790 6364  Fs_Rec - ok
18:05:20.0904 6364  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:05:20.0924 6364  fvevol - ok
18:05:20.0986 6364  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:05:20.0995 6364  gagp30kx - ok
18:05:21.0074 6364  [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
18:05:21.0086 6364  GameConsoleService - ok
18:05:21.0142 6364  [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist      C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
18:05:21.0152 6364  GoToAssist - ok
18:05:21.0202 6364  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
18:05:21.0272 6364  gpsvc - ok
18:05:21.0404 6364  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:05:21.0416 6364  gupdate - ok
18:05:21.0425 6364  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:05:21.0433 6364  gupdatem - ok
18:05:21.0493 6364  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:05:21.0507 6364  gusvc - ok
18:05:21.0559 6364  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:05:21.0657 6364  hcw85cir - ok
18:05:21.0686 6364  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:05:21.0760 6364  HDAudBus - ok
18:05:21.0784 6364  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
18:05:21.0920 6364  HidBatt - ok
18:05:21.0945 6364  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:05:22.0068 6364  HidBth - ok
18:05:22.0087 6364  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
18:05:22.0272 6364  HidIr - ok
18:05:22.0346 6364  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
18:05:22.0420 6364  hidserv - ok
18:05:22.0492 6364  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
18:05:22.0582 6364  HidUsb - ok
18:05:22.0609 6364  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:05:22.0854 6364  hkmsvc - ok
18:05:22.0906 6364  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:05:23.0044 6364  HomeGroupListener - ok
18:05:23.0074 6364  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:05:23.0201 6364  HomeGroupProvider - ok
18:05:23.0231 6364  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:05:23.0241 6364  HpSAMD - ok
18:05:23.0341 6364  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:05:23.0483 6364  HTTP - ok
18:05:23.0531 6364  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:05:23.0546 6364  hwpolicy - ok
18:05:23.0569 6364  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:05:23.0675 6364  i8042prt - ok
18:05:23.0723 6364  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
18:05:23.0770 6364  iaStor - ok
18:05:23.0911 6364  [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
18:05:23.0963 6364  IAStorDataMgrSvc - ok
18:05:24.0014 6364  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:05:24.0045 6364  iaStorV - ok
18:05:24.0140 6364  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:05:24.0178 6364  idsvc - ok
18:05:24.0432 6364  [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
18:05:24.0890 6364  igfx - ok
18:05:24.0973 6364  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
18:05:24.0985 6364  iirsp - ok
18:05:25.0061 6364  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
18:05:25.0408 6364  IKEEXT - ok
18:05:25.0472 6364  [ 492CD3A94913D753B4591CD9E29EC843 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:05:25.0788 6364  IntcAzAudAddService - ok
18:05:25.0802 6364  [ D485D3BD3E2179AA86853A182F70699F ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
18:05:26.0198 6364  IntcHdmiAddService - ok
18:05:26.0216 6364  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
18:05:26.0224 6364  intelide - ok
18:05:26.0247 6364  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:05:26.0431 6364  intelppm - ok
18:05:26.0474 6364  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:05:26.0525 6364  IPBusEnum - ok
18:05:26.0556 6364  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:05:26.0719 6364  IpFilterDriver - ok
18:05:26.0768 6364  [ 08C2957BB30058E663720C5606885653 ] IpHlpSvc        C:\Windows\System32\iphlpsvc.dll
18:05:26.0996 6364  IpHlpSvc - ok
18:05:27.0010 6364  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:05:27.0068 6364  IPMIDRV - ok
18:05:27.0098 6364  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:05:27.0172 6364  IPNAT - ok
18:05:27.0219 6364  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:05:27.0244 6364  IRENUM - ok
18:05:27.0258 6364  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:05:27.0267 6364  isapnp - ok
18:05:27.0284 6364  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:05:27.0383 6364  iScsiPrt - ok
18:05:27.0406 6364  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
18:05:27.0417 6364  kbdclass - ok
18:05:27.0450 6364  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
18:05:27.0499 6364  kbdhid - ok
18:05:27.0516 6364  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
18:05:27.0529 6364  KeyIso - ok
18:05:27.0554 6364  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:05:27.0567 6364  KSecDD - ok
18:05:27.0585 6364  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:05:27.0597 6364  KSecPkg - ok
18:05:27.0617 6364  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:05:27.0849 6364  ksthunk - ok
18:05:27.0914 6364  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:05:28.0077 6364  KtmRm - ok
18:05:28.0142 6364  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
18:05:28.0249 6364  LanmanServer - ok
18:05:28.0287 6364  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:05:28.0456 6364  LanmanWorkstation - ok
18:05:28.0535 6364  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:05:28.0598 6364  lltdio - ok
18:05:28.0628 6364  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:05:28.0682 6364  lltdsvc - ok
18:05:28.0697 6364  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:05:28.0772 6364  lmhosts - ok
18:05:28.0808 6364  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
18:05:28.0820 6364  LSI_FC - ok
18:05:28.0867 6364  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
18:05:28.0878 6364  LSI_SAS - ok
18:05:28.0895 6364  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:05:29.0061 6364  LSI_SAS2 - ok
18:05:29.0079 6364  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:05:29.0092 6364  LSI_SCSI - ok
18:05:29.0106 6364  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:05:29.0199 6364  luafv - ok
18:05:29.0230 6364  McMPFSvc - ok
18:05:29.0243 6364  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:05:29.0365 6364  Mcx2Svc - ok
18:05:29.0390 6364  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
18:05:29.0400 6364  megasas - ok
18:05:29.0418 6364  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
18:05:29.0432 6364  MegaSR - ok
18:05:29.0558 6364  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
18:05:29.0676 6364  MMCSS - ok
18:05:29.0708 6364  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
18:05:29.0833 6364  Modem - ok
18:05:29.0945 6364  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:05:29.0990 6364  monitor - ok
18:05:30.0013 6364  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
18:05:30.0023 6364  mouclass - ok
18:05:30.0040 6364  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:05:30.0238 6364  mouhid - ok
18:05:30.0263 6364  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:05:30.0293 6364  mountmgr - ok
18:05:30.0396 6364  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:05:30.0414 6364  mpio - ok
18:05:30.0483 6364  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:05:30.0554 6364  mpsdrv - ok
18:05:30.0664 6364  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:05:30.0908 6364  MpsSvc - ok
18:05:30.0929 6364  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:05:31.0096 6364  MRxDAV - ok
18:05:31.0122 6364  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:05:31.0192 6364  mrxsmb - ok
18:05:31.0232 6364  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:05:31.0393 6364  mrxsmb10 - ok
18:05:31.0427 6364  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:05:31.0467 6364  mrxsmb20 - ok
18:05:31.0485 6364  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:05:31.0494 6364  msahci - ok
18:05:31.0516 6364  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:05:31.0528 6364  msdsm - ok
18:05:31.0557 6364  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
18:05:31.0766 6364  MSDTC - ok
18:05:32.0010 6364  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:05:32.0089 6364  Msfs - ok
18:05:32.0129 6364  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:05:32.0598 6364  mshidkmdf - ok
18:05:32.0627 6364  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:05:32.0653 6364  msisadrv - ok
18:05:32.0722 6364  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:05:33.0277 6364  MSiSCSI - ok
18:05:33.0287 6364  msiserver - ok
18:05:33.0331 6364  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:05:33.0661 6364  MSKSSRV - ok
18:05:33.0678 6364  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:05:33.0726 6364  MSPCLOCK - ok
18:05:33.0756 6364  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:05:34.0380 6364  MSPQM - ok
18:05:34.0582 6364  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:05:34.0693 6364  MsRPC - ok
18:05:34.0713 6364  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:05:34.0728 6364  mssmbios - ok
18:05:34.0769 6364  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:05:34.0866 6364  MSTEE - ok
18:05:34.0894 6364  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
18:05:34.0915 6364  MTConfig - ok
18:05:34.0936 6364  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:05:34.0951 6364  Mup - ok
18:05:34.0991 6364  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
18:05:35.0295 6364  napagent - ok
18:05:35.0417 6364  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:05:35.0685 6364  NativeWifiP - ok
18:05:35.0722 6364  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:05:35.0754 6364  NDIS - ok
18:05:35.0779 6364  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:05:36.0041 6364  NdisCap - ok
18:05:36.0069 6364  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:05:36.0353 6364  NdisTapi - ok
18:05:36.0371 6364  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:05:36.0705 6364  Ndisuio - ok
18:05:36.0742 6364  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:05:36.0808 6364  NdisWan - ok
18:05:36.0826 6364  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:05:37.0280 6364  NDProxy - ok
18:05:37.0301 6364  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:05:37.0402 6364  NetBIOS - ok
18:05:37.0414 6364  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:05:37.0601 6364  NetBT - ok
18:05:37.0633 6364  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
18:05:37.0770 6364  Netlogon - ok
18:05:37.0809 6364  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
18:05:38.0052 6364  Netman - ok
18:05:38.0078 6364  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
18:05:38.0137 6364  netprofm - ok
18:05:38.0167 6364  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:05:38.0180 6364  NetTcpPortSharing - ok
18:05:38.0205 6364  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
18:05:38.0221 6364  nfrd960 - ok
18:05:38.0269 6364  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:05:38.0317 6364  NlaSvc - ok
18:05:38.0717 6364  [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU            C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
18:05:38.0760 6364  NOBU - ok
18:05:38.0798 6364  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:05:38.0978 6364  Npfs - ok
18:05:39.0001 6364  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
18:05:39.0097 6364  nsi - ok
18:05:39.0111 6364  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:05:39.0404 6364  nsiproxy - ok
18:05:39.0527 6364  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:05:39.0587 6364  Ntfs - ok
18:05:39.0633 6364  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
18:05:39.0756 6364  Null - ok
18:05:39.0778 6364  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:05:39.0796 6364  nvraid - ok
18:05:39.0811 6364  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:05:39.0830 6364  nvstor - ok
18:05:39.0849 6364  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:05:39.0880 6364  nv_agp - ok
18:05:39.0904 6364  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:05:39.0983 6364  ohci1394 - ok
18:05:40.0100 6364  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:05:40.0191 6364  ose - ok
18:05:40.0425 6364  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:05:40.0532 6364  osppsvc - ok
18:05:40.0573 6364  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:05:40.0611 6364  p2pimsvc - ok
18:05:40.0642 6364  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:05:40.0692 6364  p2psvc - ok
18:05:40.0791 6364  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:05:40.0838 6364  Parport - ok
18:05:40.0861 6364  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:05:40.0872 6364  partmgr - ok
18:05:40.0891 6364  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
18:05:40.0916 6364  pci - ok
18:05:40.0934 6364  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
18:05:40.0953 6364  pciide - ok
18:05:40.0974 6364  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:05:40.0990 6364  pcmcia - ok
18:05:41.0008 6364  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:05:41.0018 6364  pcw - ok
18:05:41.0059 6364  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:05:41.0415 6364  PEAUTH - ok
18:05:41.0514 6364  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:05:41.0572 6364  PerfHost - ok
18:05:41.0634 6364  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
18:05:41.0760 6364  pla - ok
18:05:41.0802 6364  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:05:41.0950 6364  PlugPlay - ok
18:05:41.0971 6364  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:05:42.0044 6364  PNRPAutoReg - ok
18:05:42.0065 6364  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:05:42.0093 6364  PNRPsvc - ok
18:05:42.0127 6364  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:05:42.0193 6364  PolicyAgent - ok
18:05:42.0242 6364  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
18:05:42.0533 6364  Power - ok
18:05:42.0618 6364  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:05:42.0711 6364  PptpMiniport - ok
18:05:42.0742 6364  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
18:05:42.0772 6364  Processor - ok
18:05:42.0830 6364  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:05:42.0891 6364  ProfSvc - ok
18:05:42.0924 6364  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:05:42.0985 6364  ProtectedStorage - ok
18:05:43.0032 6364  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:05:43.0246 6364  Psched - ok
18:05:43.0281 6364  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
18:05:43.0292 6364  PxHlpa64 - ok
18:05:43.0323 6364  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
18:05:43.0357 6364  ql2300 - ok
18:05:43.0369 6364  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
18:05:43.0389 6364  ql40xx - ok
18:05:43.0420 6364  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
18:05:43.0450 6364  QWAVE - ok
18:05:43.0463 6364  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:05:43.0476 6364  QWAVEdrv - ok
18:05:43.0490 6364  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:05:43.0521 6364  RasAcd - ok
18:05:43.0564 6364  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:05:43.0592 6364  RasAgileVpn - ok
18:05:43.0614 6364  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
18:05:43.0677 6364  RasAuto - ok
18:05:43.0709 6364  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:05:43.0840 6364  Rasl2tp - ok
18:05:43.0900 6364  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
18:05:44.0012 6364  RasMan - ok
18:05:44.0038 6364  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:05:44.0286 6364  RasPppoe - ok
18:05:44.0295 6364  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:05:44.0495 6364  RasSstp - ok
18:05:44.0556 6364  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:05:44.0620 6364  rdbss - ok
18:05:44.0670 6364  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:05:44.0805 6364  rdpbus - ok
18:05:44.0833 6364  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:05:44.0883 6364  RDPCDD - ok
18:05:44.0966 6364  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:05:45.0157 6364  RDPENCDD - ok
18:05:45.0167 6364  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:05:45.0210 6364  RDPREFMP - ok
18:05:45.0240 6364  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:05:45.0299 6364  RDPWD - ok
18:05:45.0399 6364  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:05:45.0419 6364  rdyboost - ok
18:05:45.0481 6364  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:05:45.0577 6364  RemoteAccess - ok
18:05:45.0603 6364  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:05:45.0713 6364  RemoteRegistry - ok
18:05:45.0955 6364  [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
18:05:46.0282 6364  RoxMediaDB12OEM - ok
18:05:46.0306 6364  [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12      C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
18:05:46.0487 6364  RoxWatch12 - ok
18:05:46.0555 6364  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:05:46.0819 6364  RpcEptMapper - ok
18:05:46.0849 6364  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
18:05:47.0032 6364  RpcLocator - ok
18:05:47.0085 6364  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
18:05:47.0124 6364  RpcSs - ok
18:05:47.0173 6364  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:05:47.0388 6364  rspndr - ok
18:05:47.0416 6364  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
18:05:47.0430 6364  RTL8167 - ok
18:05:47.0449 6364  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
18:05:47.0514 6364  SamSs - ok
18:05:47.0534 6364  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:05:47.0550 6364  sbp2port - ok
18:05:47.0586 6364  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:05:47.0703 6364  SCardSvr - ok
18:05:47.0894 6364  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:05:48.0071 6364  scfilter - ok
18:05:48.0130 6364  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
18:05:48.0312 6364  Schedule - ok
18:05:48.0355 6364  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:05:48.0654 6364  SCPolicySvc - ok
18:05:48.0700 6364  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:05:48.0730 6364  SDRSVC - ok
18:05:48.0773 6364  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:05:48.0856 6364  secdrv - ok
18:05:48.0887 6364  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
18:05:48.0923 6364  seclogon - ok
18:05:48.0955 6364  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
18:05:49.0070 6364  SENS - ok
18:05:49.0104 6364  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:05:49.0155 6364  SensrSvc - ok
18:05:49.0195 6364  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:05:49.0228 6364  Serenum - ok
18:05:49.0249 6364  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:05:49.0451 6364  Serial - ok
18:05:49.0470 6364  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
18:05:49.0552 6364  sermouse - ok
18:05:49.0604 6364  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:05:49.0655 6364  SessionEnv - ok
18:05:49.0681 6364  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:05:49.0796 6364  sffdisk - ok
18:05:49.0835 6364  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:05:50.0035 6364  sffp_mmc - ok
18:05:50.0058 6364  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:05:50.0240 6364  sffp_sd - ok
18:05:50.0273 6364  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
18:05:50.0376 6364  sfloppy - ok
18:05:50.0423 6364  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
18:05:50.0446 6364  Sftfs - ok
18:05:50.0548 6364  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:05:50.0573 6364  sftlist - ok
18:05:50.0609 6364  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:05:50.0619 6364  Sftplay - ok
18:05:50.0656 6364  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:05:50.0702 6364  Sftredir - ok
18:05:50.0849 6364  [ 74EC60E20516AAA573BE74F31175270F ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
18:05:50.0876 6364  SftService - ok
18:05:50.0913 6364  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
18:05:50.0924 6364  Sftvol - ok
18:05:50.0959 6364  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:05:50.0974 6364  sftvsa - ok
18:05:51.0027 6364  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:05:51.0144 6364  SharedAccess - ok
18:05:51.0185 6364  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:05:51.0250 6364  ShellHWDetection - ok
18:05:51.0306 6364  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:05:51.0329 6364  SiSRaid2 - ok
18:05:51.0367 6364  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
18:05:51.0386 6364  SiSRaid4 - ok
18:05:51.0481 6364  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
18:05:51.0490 6364  SkypeUpdate - ok
18:05:51.0512 6364  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:05:51.0625 6364  Smb - ok
18:05:51.0686 6364  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:05:51.0707 6364  SNMPTRAP - ok
18:05:51.0718 6364  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:05:51.0728 6364  spldr - ok
18:05:51.0758 6364  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
18:05:51.0803 6364  Spooler - ok
18:05:51.0924 6364  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
18:05:52.0524 6364  sppsvc - ok
18:05:52.0562 6364  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:05:52.0955 6364  sppuinotify - ok
18:05:53.0007 6364  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:05:53.0132 6364  srv - ok
18:05:53.0155 6364  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:05:53.0462 6364  srv2 - ok
18:05:53.0487 6364  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:05:53.0557 6364  srvnet - ok
18:05:53.0587 6364  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:05:53.0780 6364  SSDPSRV - ok
18:05:53.0826 6364  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:05:53.0893 6364  SstpSvc - ok
18:05:53.0914 6364  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
18:05:53.0940 6364  stexstor - ok
18:05:54.0117 6364  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
18:05:54.0385 6364  stisvc - ok
18:05:54.0433 6364  [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
18:05:54.0450 6364  stllssvr - ok
18:05:54.0497 6364  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
18:05:54.0514 6364  swenum - ok
18:05:54.0546 6364  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
18:05:54.0936 6364  swprv - ok
18:05:55.0008 6364  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
18:05:56.0118 6364  SysMain - ok
18:05:56.0151 6364  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:05:56.0191 6364  TabletInputService - ok
18:05:56.0219 6364  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:05:56.0334 6364  TapiSrv - ok
18:05:56.0352 6364  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
18:05:56.0386 6364  TBS - ok
18:05:56.0451 6364  [ DB74544B75566C974815E79A62433F29 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:05:56.0533 6364  Tcpip - ok
18:05:56.0578 6364  [ DB74544B75566C974815E79A62433F29 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:05:56.0610 6364  TCPIP6 - ok
18:05:56.0673 6364  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:05:56.0683 6364  tcpipreg - ok
18:05:56.0731 6364  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:05:56.0843 6364  TDPIPE - ok
18:05:56.0864 6364  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:05:56.0931 6364  TDTCP - ok
18:05:56.0961 6364  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:05:57.0039 6364  tdx - ok
18:05:57.0064 6364  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
18:05:57.0093 6364  TermDD - ok
18:05:57.0136 6364  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
18:05:57.0231 6364  TermService - ok
18:05:57.0253 6364  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
18:05:57.0341 6364  Themes - ok
18:05:57.0372 6364  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
18:05:57.0431 6364  THREADORDER - ok
18:05:57.0478 6364  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
18:05:57.0539 6364  TrkWks - ok
18:05:57.0596 6364  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:05:57.0710 6364  TrustedInstaller - ok
18:05:57.0745 6364  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:05:57.0860 6364  tssecsrv - ok
18:05:57.0919 6364  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:05:58.0062 6364  TsUsbFlt - ok
18:05:58.0104 6364  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:05:58.0400 6364  tunnel - ok
18:05:58.0422 6364  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
18:05:58.0435 6364  uagp35 - ok
18:05:58.0466 6364  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:05:58.0706 6364  udfs - ok
18:05:58.0750 6364  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:05:58.0775 6364  UI0Detect - ok
18:05:58.0798 6364  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:05:58.0966 6364  uliagpkx - ok
18:05:58.0993 6364  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
18:05:59.0061 6364  umbus - ok
18:05:59.0091 6364  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
18:05:59.0152 6364  UmPass - ok
18:05:59.0185 6364  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
18:05:59.0554 6364  upnphost - ok
18:05:59.0576 6364  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:05:59.0620 6364  usbccgp - ok
18:05:59.0642 6364  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:05:59.0867 6364  usbcir - ok
18:05:59.0908 6364  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:06:00.0756 6364  usbehci - ok
18:06:00.0819 6364  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:06:00.0831 6364  usbhub - ok
18:06:00.0857 6364  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:06:01.0028 6364  usbohci - ok
18:06:01.0060 6364  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:06:01.0222 6364  usbprint - ok
18:06:01.0245 6364  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:06:01.0327 6364  usbscan - ok
18:06:01.0366 6364  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:06:01.0400 6364  USBSTOR - ok
18:06:01.0410 6364  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:06:01.0444 6364  usbuhci - ok
18:06:01.0714 6364  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
18:06:01.0777 6364  UxSms - ok
18:06:01.0799 6364  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
18:06:02.0029 6364  VaultSvc - ok
18:06:02.0053 6364  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:06:02.0062 6364  vdrvroot - ok
18:06:02.0081 6364  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
18:06:03.0238 6364  vds - ok
18:06:03.0284 6364  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:06:03.0316 6364  vga - ok
18:06:03.0328 6364  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:06:03.0793 6364  VgaSave - ok
18:06:03.0812 6364  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:06:03.0824 6364  vhdmp - ok
18:06:03.0840 6364  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:06:03.0849 6364  viaide - ok
18:06:03.0880 6364  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:06:03.0914 6364  volmgr - ok
18:06:03.0943 6364  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:06:03.0958 6364  volmgrx - ok
18:06:03.0989 6364  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:06:04.0221 6364  volsnap - ok
18:06:04.0253 6364  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
18:06:04.0267 6364  vsmraid - ok
18:06:04.0313 6364  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
18:06:04.0381 6364  VSS - ok
18:06:04.0420 6364  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
18:06:04.0470 6364  vwifibus - ok
18:06:04.0519 6364  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
18:06:04.0672 6364  W32Time - ok
18:06:04.0697 6364  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
18:06:04.0741 6364  WacomPen - ok
18:06:04.0776 6364  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:06:04.0907 6364  WANARP - ok
18:06:04.0915 6364  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:06:04.0955 6364  Wanarpv6 - ok
18:06:05.0044 6364  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:06:05.0402 6364  WatAdminSvc - ok
18:06:05.0529 6364  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
18:06:05.0834 6364  wbengine - ok
18:06:05.0854 6364  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:06:05.0870 6364  WbioSrvc - ok
18:06:05.0888 6364  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:06:05.0907 6364  wcncsvc - ok
18:06:05.0954 6364  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:06:06.0108 6364  WcsPlugInService - ok
18:06:06.0130 6364  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
18:06:06.0139 6364  Wd - ok
18:06:06.0184 6364  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:06:06.0207 6364  Wdf01000 - ok
18:06:06.0229 6364  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:06:06.0700 6364  WdiServiceHost - ok
18:06:06.0707 6364  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:06:06.0773 6364  WdiSystemHost - ok
18:06:06.0803 6364  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
18:06:07.0134 6364  WebClient - ok
18:06:07.0723 6364  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:06:07.0782 6364  Wecsvc - ok
18:06:07.0806 6364  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:06:07.0868 6364  wercplsupport - ok
18:06:07.0908 6364  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:06:07.0991 6364  WerSvc - ok
18:06:08.0117 6364  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:06:08.0199 6364  WfpLwf - ok
18:06:08.0228 6364  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
18:06:08.0238 6364  WimFltr - ok
18:06:08.0284 6364  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:06:08.0294 6364  WIMMount - ok
18:06:08.0317 6364  WinDefend - ok
18:06:08.0328 6364  WinHttpAutoProxySvc - ok
18:06:08.0390 6364  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:06:08.0484 6364  Winmgmt - ok
18:06:08.0563 6364  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
18:06:08.0700 6364  WinRM - ok
18:06:08.0773 6364  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:06:09.0477 6364  Wlansvc - ok
18:06:09.0577 6364  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:06:09.0602 6364  wlcrasvc - ok
18:06:09.0988 6364  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:06:10.0036 6364  wlidsvc - ok
18:06:10.0079 6364  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:06:10.0415 6364  WmiAcpi - ok
18:06:10.0452 6364  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:06:11.0071 6364  wmiApSrv - ok
18:06:11.0090 6364  WMPNetworkSvc - ok
18:06:11.0129 6364  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:06:11.0483 6364  WPCSvc - ok
18:06:11.0529 6364  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:06:11.0548 6364  WPDBusEnum - ok
18:06:11.0567 6364  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:06:12.0463 6364  ws2ifsl - ok
18:06:12.0557 6364  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
18:06:12.0995 6364  wscsvc - ok
18:06:13.0004 6364  WSearch - ok
18:06:13.0116 6364  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:06:13.0328 6364  wuauserv - ok
18:06:13.0388 6364  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:06:13.0676 6364  WudfPf - ok
18:06:13.0712 6364  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:06:13.0897 6364  WUDFRd - ok
18:06:13.0934 6364  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:06:14.0226 6364  wudfsvc - ok
18:06:14.0260 6364  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:06:14.0285 6364  WwanSvc - ok
18:06:14.0308 6364  ================ Scan global ===============================
18:06:14.0331 6364  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:06:14.0354 6364  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:06:14.0364 6364  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:06:14.0405 6364  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:06:14.0442 6364  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:06:14.0444 6364  [Global] - ok
18:06:14.0447 6364  ================ Scan MBR ==================================
18:06:14.0471 6364  [ 9711BF5A8929C6DBE3455A72C790BEF0 ] \Device\Harddisk0\DR0
18:06:14.0471 6364  Suspicious mbr (Forged): \Device\Harddisk0\DR0
18:06:14.0661 6364  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - infected
18:06:14.0661 6364  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Harbinger.a (0)
18:06:14.0749 6364  ================ Scan VBR ==================================
18:06:14.0752 6364  [ 094F9EFC7ECC2F8BF32E03F62CAF096E ] \Device\Harddisk0\DR0\Partition1
18:06:14.0754 6364  \Device\Harddisk0\DR0\Partition1 - ok
18:06:14.0786 6364  [ 9F7FF6B6A09863AFA9399FDF690DDF17 ] \Device\Harddisk0\DR0\Partition2
18:06:14.0788 6364  \Device\Harddisk0\DR0\Partition2 - ok
18:06:14.0791 6364  ================ Scan active images ========================
18:06:14.0795 6364  [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
18:06:14.0795 6364  C:\Windows\System32\drivers\crashdmp.sys - ok
18:06:14.0801 6364  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] C:\Windows\System32\drivers\iaStor.sys
18:06:14.0801 6364  C:\Windows\System32\drivers\iaStor.sys - ok
18:06:14.0807 6364  [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
18:06:14.0807 6364  C:\Windows\System32\drivers\dumpfve.sys - ok
18:06:14.0813 6364  [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
18:06:14.0813 6364  C:\Windows\System32\drivers\beep.sys - ok
18:06:14.0817 6364  [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
18:06:14.0817 6364  C:\Windows\System32\drivers\cdrom.sys - ok
18:06:14.0824 6364  [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
18:06:14.0824 6364  C:\Windows\System32\drivers\null.sys - ok
18:06:14.0830 6364  [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
18:06:14.0830 6364  C:\Windows\System32\drivers\RDPCDD.sys - ok
18:06:14.0836 6364  [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
18:06:14.0836 6364  C:\Windows\System32\drivers\RDPENCDD.sys - ok
18:06:14.0840 6364  [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
18:06:14.0840 6364  C:\Windows\System32\drivers\RDPREFMP.sys - ok
18:06:14.0846 6364  [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
18:06:14.0846 6364  C:\Windows\System32\drivers\vga.sys - ok
18:06:14.0860 6364  [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
18:06:14.0860 6364  C:\Windows\System32\drivers\videoprt.sys - ok
18:06:14.0868 6364  [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
18:06:14.0868 6364  C:\Windows\System32\drivers\watchdog.sys - ok
18:06:14.0874 6364  [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
18:06:14.0874 6364  C:\Windows\System32\drivers\afd.sys - ok
18:06:14.0881 6364  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
18:06:14.0881 6364  C:\Windows\System32\drivers\msfs.sys - ok
18:06:14.0887 6364  [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
18:06:14.0887 6364  C:\Windows\System32\drivers\netbt.sys - ok
18:06:14.0894 6364  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
18:06:14.0894 6364  C:\Windows\System32\drivers\npfs.sys - ok
18:06:14.0899 6364  [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
18:06:14.0899 6364  C:\Windows\System32\drivers\tdi.sys - ok
18:06:14.0904 6364  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
18:06:14.0904 6364  C:\Windows\System32\drivers\tdx.sys - ok
18:06:14.0910 6364  [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
18:06:14.0910 6364  C:\Windows\System32\drivers\wfplwf.sys - ok
18:06:14.0916 6364  [ 6BCC1D7D2FD2453957C5479A32364E52 ] C:\Windows\System32\drivers\ws2ifsl.sys
18:06:14.0916 6364  C:\Windows\System32\drivers\ws2ifsl.sys - ok
18:06:14.0921 6364  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
18:06:14.0921 6364  C:\Windows\System32\drivers\dfsc.sys - ok
18:06:14.0925 6364  [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
18:06:14.0926 6364  C:\Windows\System32\drivers\discache.sys - ok
18:06:14.0932 6364  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
18:06:14.0932 6364  C:\Windows\System32\drivers\mssmbios.sys - ok
18:06:14.0937 6364  [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
18:06:14.0937 6364  C:\Windows\System32\drivers\netbios.sys - ok
18:06:14.0942 6364  [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
18:06:14.0942 6364  C:\Windows\System32\drivers\nsiproxy.sys - ok
18:06:14.0948 6364  [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
18:06:14.0948 6364  C:\Windows\System32\drivers\pacer.sys - ok
18:06:14.0952 6364  [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
18:06:14.0952 6364  C:\Windows\System32\drivers\rdbss.sys - ok
18:06:14.0959 6364  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
18:06:14.0959 6364  C:\Windows\System32\drivers\termdd.sys - ok
18:06:14.0965 6364  [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys
18:06:14.0965 6364  C:\Windows\System32\drivers\wanarp.sys - ok
18:06:14.0971 6364  [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
18:06:14.0971 6364  C:\Windows\System32\drivers\blbdrive.sys - ok
18:06:14.0976 6364  [ ADA036632C664CAA754079041CF1F8C1 ] C:\Windows\System32\drivers\intelppm.sys
18:06:14.0976 6364  C:\Windows\System32\drivers\intelppm.sys - ok
18:06:14.0983 6364  [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
18:06:14.0983 6364  C:\Windows\System32\drivers\tunnel.sys - ok
18:06:14.0989 6364  [ F0371DE302FFFF8F086661611BE60848 ] C:\Windows\System32\smss.exe
18:06:14.0989 6364  C:\Windows\System32\smss.exe - ok
18:06:14.0995 6364  [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
18:06:14.0995 6364  C:\Windows\System32\ntdll.dll - ok
18:06:15.0001 6364  [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
18:06:15.0001 6364  C:\Windows\System32\autochk.exe - ok
18:06:15.0006 6364  [ C6238C6ABD6AC99F5D152DA4E9439A3D ] C:\Windows\System32\drivers\igdkmd64.sys
18:06:15.0006 6364  C:\Windows\System32\drivers\igdkmd64.sys - ok
18:06:15.0011 6364  [ AF2E16242AA723F68F461B6EAE2EAD3D ] C:\Windows\System32\drivers\dxgkrnl.sys
18:06:15.0011 6364  C:\Windows\System32\drivers\dxgkrnl.sys - ok
18:06:15.0016 6364  [ 1F04CFB79DD5FB7694468CE3FB3DCC31 ] C:\Windows\System32\drivers\dxgmms1.sys
18:06:15.0016 6364  C:\Windows\System32\drivers\dxgmms1.sys - ok
18:06:15.0022 6364  [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys
18:06:15.0022 6364  C:\Windows\System32\drivers\usbport.sys - ok
18:06:15.0026 6364  [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys
18:06:15.0026 6364  C:\Windows\System32\drivers\usbehci.sys - ok
18:06:15.0031 6364  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] C:\Windows\System32\drivers\usbuhci.sys
18:06:15.0031 6364  C:\Windows\System32\drivers\usbuhci.sys - ok
18:06:15.0035 6364  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
18:06:15.0035 6364  C:\Windows\System32\drivers\hdaudbus.sys - ok
18:06:15.0039 6364  [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
18:06:15.0039 6364  C:\Windows\System32\drivers\CompositeBus.sys - ok
18:06:15.0044 6364  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] C:\Windows\System32\drivers\Rt64win7.sys
18:06:15.0044 6364  C:\Windows\System32\drivers\Rt64win7.sys - ok
18:06:15.0049 6364  [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
18:06:15.0049 6364  C:\Windows\System32\drivers\agilevpn.sys - ok
18:06:15.0053 6364  [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
18:06:15.0054 6364  C:\Windows\System32\drivers\rasl2tp.sys - ok
18:06:15.0059 6364  [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
18:06:15.0059 6364  C:\Windows\System32\drivers\ndistapi.sys - ok
18:06:15.0065 6364  [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
18:06:15.0065 6364  C:\Windows\System32\drivers\ndiswan.sys - ok
18:06:15.0072 6364  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
18:06:15.0072 6364  C:\Windows\System32\drivers\raspppoe.sys - ok
18:06:15.0079 6364  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
18:06:15.0080 6364  C:\Windows\System32\drivers\raspptp.sys - ok
18:06:15.0085 6364  [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
18:06:15.0085 6364  C:\Windows\System32\drivers\rassstp.sys - ok
18:06:15.0090 6364  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
18:06:15.0090 6364  C:\Windows\System32\drivers\kbdclass.sys - ok
18:06:15.0096 6364  [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
18:06:15.0096 6364  C:\Windows\System32\drivers\mouclass.sys - ok
18:06:15.0101 6364  [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
18:06:15.0101 6364  C:\Windows\System32\drivers\ks.sys - ok
18:06:15.0106 6364  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
18:06:15.0106 6364  C:\Windows\System32\drivers\swenum.sys - ok
18:06:15.0110 6364  [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
18:06:15.0110 6364  C:\Windows\System32\drivers\umbus.sys - ok
18:06:15.0116 6364  [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\Windows\System32\drivers\usbhub.sys
18:06:15.0116 6364  C:\Windows\System32\drivers\usbhub.sys - ok
18:06:15.0121 6364  [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
18:06:15.0121 6364  C:\Windows\System32\Wldap32.dll - ok
18:06:15.0126 6364  [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
18:06:15.0126 6364  C:\Windows\System32\advapi32.dll - ok
18:06:15.0132 6364  [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
18:06:15.0132 6364  C:\Windows\System32\gdi32.dll - ok
18:06:15.0137 6364  [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
18:06:15.0137 6364  C:\Windows\System32\clbcatq.dll - ok
18:06:15.0142 6364  [ AC155DD9BD1E6D3B740826A4D1C68AAE ] C:\Windows\System32\wininet.dll
18:06:15.0142 6364  C:\Windows\System32\wininet.dll - ok
18:06:15.0148 6364  [ 65C113214F7B05820F6D8A65B1485196 ] C:\Windows\System32\kernel32.dll
18:06:15.0148 6364  C:\Windows\System32\kernel32.dll - ok
18:06:15.0153 6364  [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
18:06:15.0153 6364  C:\Windows\System32\shlwapi.dll - ok
18:06:15.0158 6364  [ 26036E228D2467DE6975AD819C22C043 ] C:\Windows\System32\rpcrt4.dll
18:06:15.0158 6364  C:\Windows\System32\rpcrt4.dll - ok
18:06:15.0164 6364  [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
18:06:15.0164 6364  C:\Windows\System32\setupapi.dll - ok
18:06:15.0168 6364  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
18:06:15.0169 6364  C:\Windows\System32\drivers\ndproxy.sys - ok
18:06:15.0174 6364  [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
18:06:15.0174 6364  C:\Windows\System32\drivers\drmk.sys - ok
18:06:15.0179 6364  [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
18:06:15.0179 6364  C:\Windows\System32\drivers\portcls.sys - ok
18:06:15.0184 6364  [ D485D3BD3E2179AA86853A182F70699F ] C:\Windows\System32\drivers\IntcHdmi.sys
18:06:15.0184 6364  C:\Windows\System32\drivers\IntcHdmi.sys - ok
18:06:15.0190 6364  [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
18:06:15.0190 6364  C:\Windows\System32\drivers\ksthunk.sys - ok
18:06:15.0195 6364  [ 492CD3A94913D753B4591CD9E29EC843 ] C:\Windows\System32\drivers\RTKVHD64.sys
18:06:15.0195 6364  C:\Windows\System32\drivers\RTKVHD64.sys - ok
18:06:15.0200 6364  [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
18:06:15.0200 6364  C:\Windows\System32\ws2_32.dll - ok
18:06:15.0205 6364  [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
18:06:15.0205 6364  C:\Windows\System32\msctf.dll - ok
18:06:15.0210 6364  [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
18:06:15.0210 6364  C:\Windows\System32\msvcrt.dll - ok
18:06:15.0215 6364  [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
18:06:15.0215 6364  C:\Windows\System32\user32.dll - ok
18:06:15.0220 6364  [ 1BFC94665BCA35F9001ADC7BFB167C63 ] C:\Windows\System32\shell32.dll
18:06:15.0220 6364  C:\Windows\System32\shell32.dll - ok
18:06:15.0226 6364  [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
18:06:15.0226 6364  C:\Windows\System32\imagehlp.dll - ok
18:06:15.0231 6364  [ 289C5E0A386E7B6CA9539D66D15E22CC ] C:\Windows\System32\urlmon.dll
18:06:15.0231 6364  C:\Windows\System32\urlmon.dll - ok
18:06:15.0236 6364  [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
18:06:15.0236 6364  C:\Windows\System32\ole32.dll - ok
18:06:15.0318 6364  [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
18:06:15.0318 6364  C:\Windows\System32\comdlg32.dll - ok
18:06:15.0324 6364  [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
18:06:15.0324 6364  C:\Windows\System32\difxapi.dll - ok
18:06:15.0329 6364  [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
18:06:15.0330 6364  C:\Windows\System32\normaliz.dll - ok
18:06:15.0334 6364  [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
18:06:15.0334 6364  C:\Windows\System32\nsi.dll - ok
18:06:15.0339 6364  [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
18:06:15.0339 6364  C:\Windows\System32\psapi.dll - ok
18:06:15.0344 6364  [ DBF99FD9CAF75CA66D042BD8D050FF71 ] C:\Windows\System32\usp10.dll
18:06:15.0344 6364  C:\Windows\System32\usp10.dll - ok
18:06:15.0353 6364  [ 65546D87F7A78AB31841A536456CB94D ] C:\Windows\System32\iertutil.dll
18:06:15.0353 6364  C:\Windows\System32\iertutil.dll - ok
18:06:15.0357 6364  [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
18:06:15.0357 6364  C:\Windows\System32\oleaut32.dll - ok
18:06:15.0363 6364  [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
18:06:15.0363 6364  C:\Windows\System32\sechost.dll - ok
18:06:15.0368 6364  [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
18:06:15.0368 6364  C:\Windows\System32\imm32.dll - ok
18:06:15.0373 6364  [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
18:06:15.0373 6364  C:\Windows\System32\lpk.dll - ok
18:06:15.0378 6364  [ 959041D7014C97133D859B45BCA0FC58 ] C:\Windows\System32\wintrust.dll
18:06:15.0378 6364  C:\Windows\System32\wintrust.dll - ok
18:06:15.0383 6364  [ 64A4AB126E24FD3F58EBE64852773DB5 ] C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
18:06:15.0383 6364  C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll - ok
18:06:15.0388 6364  [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
18:06:15.0388 6364  C:\Windows\System32\comctl32.dll - ok
18:06:15.0394 6364  [ 1F56F209585F350A5666E3CC7931FD67 ] C:\Windows\System32\KernelBase.dll
18:06:15.0394 6364  C:\Windows\System32\KernelBase.dll - ok
18:06:15.0399 6364  [ F49E92B50CED5C9F1725D3C0329FD933 ] C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
18:06:15.0399 6364  C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll - ok
18:06:15.0404 6364  [ 9094039A00485F71C4DE64BF51F64C46 ] C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
18:06:15.0404 6364  C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll - ok
18:06:15.0409 6364  [ 0E6FBF19D9DFBB77316C23DF91F8A101 ] C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
18:06:15.0409 6364  C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll - ok
18:06:15.0415 6364  [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
18:06:15.0415 6364  C:\Windows\System32\cfgmgr32.dll - ok
18:06:15.0422 6364  [ 287998A9BA0140ABB59792CDEB2F8483 ] C:\Windows\System32\crypt32.dll
18:06:15.0422 6364  C:\Windows\System32\crypt32.dll - ok
18:06:15.0428 6364  [ AFC3DB5C6EB8CA8017DDB81D6C0AD02A ] C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
18:06:15.0428 6364  C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll - ok
18:06:15.0434 6364  [ 72723D3E4781BADC62C3180C137E7B23 ] C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
18:06:15.0434 6364  C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll - ok
18:06:15.0440 6364  [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
18:06:15.0440 6364  C:\Windows\System32\devobj.dll - ok
18:06:15.0446 6364  [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
18:06:15.0446 6364  C:\Windows\System32\msasn1.dll - ok
18:06:15.0452 6364  [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
18:06:15.0452 6364  C:\Windows\SysWOW64\normaliz.dll - ok
18:06:15.0458 6364  [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
18:06:15.0458 6364  C:\Windows\System32\drivers\dxapi.sys - ok
18:06:15.0464 6364  [ 73601028E7C44154318AE91D2EB2EDB3 ] C:\Windows\System32\win32k.sys
18:06:15.0464 6364  C:\Windows\System32\win32k.sys - ok
18:06:15.0469 6364  [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys
18:06:15.0469 6364  C:\Windows\System32\drivers\usbd.sys - ok
18:06:15.0473 6364  [ FED648B01349A3C8395A5169DB5FB7D6 ] C:\Windows\System32\drivers\USBSTOR.SYS
18:06:15.0473 6364  C:\Windows\System32\drivers\USBSTOR.SYS - ok
18:06:15.0479 6364  [ CEC1EDF4022DC4DCA40384DCEC672B0E ] C:\Windows\System32\csrsrv.dll
18:06:15.0479 6364  C:\Windows\System32\csrsrv.dll - ok
18:06:15.0484 6364  [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
18:06:15.0484 6364  C:\Windows\System32\csrss.exe - ok
18:06:15.0488 6364  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
18:06:15.0488 6364  C:\Windows\System32\basesrv.dll - ok
18:06:15.0494 6364  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\System32\winsrv.dll
18:06:15.0494 6364  C:\Windows\System32\winsrv.dll - ok
18:06:15.0498 6364  [ 8B0E40E7E8BBF5ACF390465609D89FF1 ] C:\Windows\System32\drivers\hidclass.sys
18:06:15.0498 6364  C:\Windows\System32\drivers\hidclass.sys - ok
18:06:15.0504 6364  [ 49EE2E52E6CD03947DAD72F65367BE06 ] C:\Windows\System32\drivers\hidparse.sys
18:06:15.0504 6364  C:\Windows\System32\drivers\hidparse.sys - ok
18:06:15.0508 6364  [ 9592090A7E2B61CD582B612B6DF70536 ] C:\Windows\System32\drivers\hidusb.sys
18:06:15.0508 6364  C:\Windows\System32\drivers\hidusb.sys - ok
18:06:15.0514 6364  [ 6F1A3157A1C89435352CEB543CDB359C ] C:\Windows\System32\drivers\usbccgp.sys
18:06:15.0514 6364  C:\Windows\System32\drivers\usbccgp.sys - ok
18:06:15.0522 6364  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] C:\Windows\System32\drivers\kbdhid.sys
18:06:15.0522 6364  C:\Windows\System32\drivers\kbdhid.sys - ok
18:06:15.0529 6364  [ 73188F58FB384E75C4063D29413CEE3D ] C:\Windows\System32\drivers\usbprint.sys
18:06:15.0529 6364  C:\Windows\System32\drivers\usbprint.sys - ok
18:06:15.0535 6364  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] C:\Windows\System32\drivers\usbscan.sys
18:06:15.0535 6364  C:\Windows\System32\drivers\usbscan.sys - ok
18:06:15.0538 6364  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] C:\Windows\System32\drivers\mouhid.sys
18:06:15.0538 6364  C:\Windows\System32\drivers\mouhid.sys - ok
18:06:15.0544 6364  [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
18:06:15.0544 6364  C:\Windows\System32\drivers\monitor.sys - ok
18:06:15.0549 6364  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
18:06:15.0549 6364  C:\Windows\System32\sxssrv.dll - ok
18:06:15.0555 6364  [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
18:06:15.0555 6364  C:\Windows\System32\tsddd.dll - ok
18:06:15.0561 6364  [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
18:06:15.0561 6364  C:\Windows\System32\wininit.exe - ok
18:06:15.0566 6364  [ 943F527DF79E6B400104341AA7023C75 ] C:\Windows\System32\cdd.dll
18:06:15.0566 6364  C:\Windows\System32\cdd.dll - ok
18:06:15.0569 6364  [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL
18:06:15.0569 6364  C:\Windows\System32\KBDUS.DLL - ok
18:06:15.0575 6364  [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
18:06:15.0575 6364  C:\Windows\System32\profapi.dll - ok
18:06:15.0581 6364  [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
18:06:15.0581 6364  C:\Windows\System32\RpcRtRemote.dll - ok
18:06:15.0586 6364  [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
18:06:15.0586 6364  C:\Windows\System32\version.dll - ok
18:06:15.0592 6364  [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
18:06:15.0592 6364  C:\Windows\System32\WlS0WndH.dll - ok
18:06:15.0598 6364  [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
18:06:15.0598 6364  C:\Windows\System32\sxs.dll - ok
18:06:15.0604 6364  [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
18:06:15.0604 6364  C:\Windows\System32\cryptbase.dll - ok
18:06:15.0610 6364  [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
18:06:15.0610 6364  C:\Windows\System32\apphelp.dll - ok
18:06:15.0613 6364  [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
18:06:15.0613 6364  C:\Windows\System32\lsass.exe - ok
18:06:15.0618 6364  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
18:06:15.0618 6364  C:\Windows\System32\services.exe - ok
18:06:15.0624 6364  [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
18:06:15.0624 6364  C:\Windows\System32\lsm.exe - ok
18:06:16.0003 6364  [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
18:06:16.0003 6364  C:\Windows\System32\sspisrv.dll - ok
18:06:16.0017 6364  [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
18:06:16.0017 6364  C:\Windows\System32\winlogon.exe - ok
18:06:16.0021 6364  [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
18:06:16.0021 6364  C:\Windows\System32\sspicli.dll - ok
18:06:16.0035 6364  [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
18:06:16.0035 6364  C:\Windows\System32\scext.dll - ok
18:06:16.0040 6364  [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
18:06:16.0040 6364  C:\Windows\System32\secur32.dll - ok
18:06:16.0047 6364  [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
18:06:16.0047 6364  C:\Windows\System32\sysntfy.dll - ok
18:06:16.0053 6364  [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
18:06:16.0053 6364  C:\Windows\System32\scesrv.dll - ok
18:06:16.0060 6364  [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
18:06:16.0060 6364  C:\Windows\System32\wmsgapi.dll - ok
18:06:16.0068 6364  [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
18:06:16.0068 6364  C:\Windows\System32\srvcli.dll - ok
18:06:16.0073 6364  [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
18:06:16.0073 6364  C:\Windows\System32\winsta.dll - ok
18:06:16.0081 6364  [ 66A6063D0BAAD3F7B2B9868859E0743B ] C:\Windows\System32\lsasrv.dll
18:06:16.0081 6364  C:\Windows\System32\lsasrv.dll - ok
18:06:16.0086 6364  [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
18:06:16.0086 6364  C:\Windows\System32\samsrv.dll - ok
18:06:16.0091 6364  [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
18:06:16.0091 6364  C:\Windows\System32\cryptdll.dll - ok
18:06:16.0098 6364  [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
18:06:16.0098 6364  C:\Windows\System32\wevtapi.dll - ok
18:06:16.0103 6364  [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
18:06:16.0103 6364  C:\Windows\System32\authz.dll - ok
18:06:16.0110 6364  [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
18:06:16.0110 6364  C:\Windows\System32\cngaudit.dll - ok
18:06:16.0120 6364  [ 5F3307352216618221A17CFEF273EEE2 ] C:\Windows\System32\ncrypt.dll
18:06:16.0120 6364  C:\Windows\System32\ncrypt.dll - ok
18:06:16.0129 6364  [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
18:06:16.0129 6364  C:\Windows\System32\bcrypt.dll - ok
18:06:16.0384 6364  [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
18:06:16.0384 6364  C:\Windows\System32\msprivs.dll - ok
18:06:16.0408 6364  [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
18:06:16.0408 6364  C:\Windows\System32\netjoin.dll - ok
18:06:16.0411 6364  [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll
18:06:16.0411 6364  C:\Windows\System32\kerberos.dll - ok
18:06:16.0417 6364  [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
18:06:16.0417 6364  C:\Windows\System32\negoexts.dll - ok
18:06:16.0422 6364  [ CB2ABB2DA1E9C977302A78D86D4AE3B0 ] C:\Windows\System32\atmfd.dll
18:06:16.0422 6364  C:\Windows\System32\atmfd.dll - ok
18:06:16.0427 6364  [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
18:06:16.0427 6364  C:\Windows\System32\cryptsp.dll - ok
18:06:16.0431 6364  [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
18:06:16.0431 6364  C:\Windows\System32\mswsock.dll - ok
18:06:16.0436 6364  [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
18:06:16.0436 6364  C:\Windows\System32\msv1_0.dll - ok
18:06:16.0441 6364  [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
18:06:16.0441 6364  C:\Windows\System32\wship6.dll - ok
18:06:16.0447 6364  [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
18:06:16.0447 6364  C:\Windows\System32\netlogon.dll - ok
18:06:16.0452 6364  [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
18:06:16.0452 6364  C:\Windows\System32\dnsapi.dll - ok
18:06:16.0457 6364  [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
18:06:16.0457 6364  C:\Windows\System32\logoncli.dll - ok
18:06:16.0464 6364  [ 1573C45E65DE32B1BC3572634F8F1E8E ] C:\Windows\System32\schannel.dll
18:06:16.0464 6364  C:\Windows\System32\schannel.dll - ok
18:06:16.0469 6364  [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
18:06:16.0469 6364  C:\Windows\System32\wdigest.dll - ok
18:06:16.0474 6364  [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
18:06:16.0474 6364  C:\Windows\System32\rsaenh.dll - ok
18:06:16.0479 6364  [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
18:06:16.0479 6364  C:\Windows\System32\TSpkg.dll - ok
18:06:16.0484 6364  [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
18:06:16.0484 6364  C:\Windows\System32\pku2u.dll - ok
18:06:16.0493 6364  [ 7DBA64AD70C2E2481C68D9E0F7CD7840 ] C:\Windows\System32\LIVESSP.DLL
18:06:16.0493 6364  C:\Windows\System32\LIVESSP.DLL - ok
18:06:16.0506 6364  [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
18:06:16.0506 6364  C:\Windows\System32\bcryptprimitives.dll - ok
18:06:16.0513 6364  [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
18:06:16.0513 6364  C:\Windows\System32\credssp.dll - ok
18:06:16.0518 6364  [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
18:06:16.0518 6364  C:\Windows\System32\efslsaext.dll - ok
18:06:16.0836 6364  [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
18:06:16.0836 6364  C:\Windows\System32\scecli.dll - ok
18:06:16.0841 6364  [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
18:06:16.0841 6364  C:\Windows\System32\ubpm.dll - ok
18:06:16.0847 6364  [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
18:06:16.0847 6364  C:\Windows\System32\svchost.exe - ok
18:06:16.0852 6364  [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
18:06:16.0852 6364  C:\Windows\System32\umpnpmgr.dll - ok
18:06:16.0863 6364  [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
18:06:16.0863 6364  C:\Windows\System32\devrtl.dll - ok
18:06:16.0868 6364  [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
18:06:16.0868 6364  C:\Windows\System32\SPInf.dll - ok
18:06:16.0873 6364  [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
18:06:16.0873 6364  C:\Windows\System32\userenv.dll - ok
18:06:16.0879 6364  [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
18:06:16.0879 6364  C:\Windows\System32\gpapi.dll - ok
18:06:16.0883 6364  [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
18:06:16.0883 6364  C:\Windows\System32\pcwum.dll - ok
18:06:16.0888 6364  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
18:06:16.0888 6364  C:\Windows\System32\umpo.dll - ok
18:06:16.0895 6364  [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
18:06:16.0895 6364  C:\Windows\System32\powrprof.dll - ok
18:06:16.0901 6364  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
18:06:16.0901 6364  C:\Windows\System32\drivers\luafv.sys - ok
18:06:16.0906 6364  [ 8F571F016FA1976F445147E9E6C8AE9B ] C:\Windows\System32\drivers\Sftvollh.sys
18:06:16.0906 6364  C:\Windows\System32\drivers\Sftvollh.sys - ok
18:06:16.0917 6364  [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
18:06:16.0917 6364  C:\Windows\System32\rpcss.dll - ok
18:06:16.0927 6364  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
18:06:16.0927 6364  C:\Windows\System32\RpcEpMap.dll - ok
18:06:16.0932 6364  [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
18:06:16.0933 6364  C:\Windows\System32\WSHTCPIP.DLL - ok
18:06:16.0938 6364  [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
18:06:16.0938 6364  C:\Windows\System32\FirewallAPI.dll - ok
18:06:16.0951 6364  [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
18:06:16.0951 6364  C:\Windows\System32\LogonUI.exe - ok
18:06:16.0958 6364  [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
18:06:16.0958 6364  C:\Windows\System32\wevtsvc.dll - ok
18:06:16.0964 6364  [ 3EF480BFED1B5947A32585E30A58D4ED ] C:\Windows\System32\authui.dll
18:06:16.0964 6364  C:\Windows\System32\authui.dll - ok
18:06:17.0274 6364  [ F23FEF6D569FCE88671949894A8BECF1 ] C:\Windows\System32\audiosrv.dll
18:06:17.0274 6364  C:\Windows\System32\audiosrv.dll - ok
18:06:17.0280 6364  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] C:\Windows\System32\profsvc.dll
18:06:17.0280 6364  C:\Windows\System32\profsvc.dll - ok
18:06:17.0285 6364  [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
18:06:17.0285 6364  C:\Windows\System32\cryptui.dll - ok
18:06:17.0291 6364  [ C4C183E6551084039EC862DA1C945E3D ] C:\Windows\System32\FntCache.dll
18:06:17.0291 6364  C:\Windows\System32\FntCache.dll - ok
18:06:17.0296 6364  [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
18:06:17.0296 6364  C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
18:06:17.0302 6364  [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
18:06:17.0302 6364  C:\Windows\System32\mmcss.dll - ok
18:06:17.0307 6364  [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
18:06:17.0307 6364  C:\Windows\System32\avrt.dll - ok
18:06:17.0312 6364  [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
18:06:17.0312 6364  C:\Windows\System32\MMDevAPI.dll - ok
18:06:17.0317 6364  [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
18:06:17.0317 6364  C:\Windows\System32\propsys.dll - ok
18:06:17.0323 6364  [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
18:06:17.0323 6364  C:\Windows\System32\winmm.dll - ok
18:06:17.0328 6364  [ 9110FFAD124283F37D38771BB60556AF ] C:\Windows\System32\dsound.dll
18:06:17.0328 6364  C:\Windows\System32\dsound.dll - ok
18:06:17.0333 6364  [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
18:06:17.0333 6364  C:\Windows\System32\shacct.dll - ok
18:06:17.0338 6364  [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
18:06:17.0338 6364  C:\Windows\System32\samlib.dll - ok
18:06:17.0344 6364  [ F5CEF064C7E6D95DA86B9D064A56A969 ] C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
18:06:17.0344 6364  C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll - ok
18:06:17.0349 6364  [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
18:06:17.0349 6364  C:\Windows\System32\uxtheme.dll - ok
18:06:17.0361 6364  [ 18CAAF21CBA3EAEE17BBA5D3807F29B8 ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_2b25b14c71ebf230\GdiPlus.dll
18:06:17.0361 6364  C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_2b25b14c71ebf230\GdiPlus.dll - ok
18:06:17.0366 6364  [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
18:06:17.0366 6364  C:\Windows\System32\winhttp.dll - ok
18:06:17.0370 6364  [ D5CCA1453B98A5801E6D5FF0FF89DC6C ] C:\Windows\System32\audiodg.exe
18:06:17.0370 6364  C:\Windows\System32\audiodg.exe - ok
18:06:17.0375 6364  [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
18:06:17.0375 6364  C:\Windows\System32\webio.dll - ok
18:06:17.0379 6364  [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
18:06:17.0379 6364  C:\Windows\System32\IPHLPAPI.DLL - ok
18:06:17.0630 6364  [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
18:06:17.0630 6364  C:\Windows\System32\dui70.dll - ok
18:06:17.0636 6364  [ 3C06D5A929B798D0B13F6481242A0FD2 ] C:\Windows\System32\dhcpcsvc6.dll
18:06:17.0636 6364  C:\Windows\System32\dhcpcsvc6.dll - ok
18:06:17.0643 6364  [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll



18:06:17.0643 6364  C:\Windows\System32\winnsi.dll - ok
18:06:17.0645 6364  [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
18:06:17.0645 6364  C:\Windows\System32\dhcpcsvc.dll - ok
18:06:17.0650 6364  [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
18:06:17.0650 6364  C:\Windows\System32\duser.dll - ok
18:06:17.0654 6364  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
18:06:17.0654 6364  C:\Windows\System32\netprofm.dll - ok
18:06:17.0660 6364  [ 46BB91A169B9B31FF44EB04C48EC1D41 ] C:\Windows\System32\nlaapi.dll
18:06:17.0660 6364  C:\Windows\System32\nlaapi.dll - ok
18:06:17.0664 6364  [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
18:06:17.0664 6364  C:\Windows\System32\SndVolSSO.dll - ok
18:06:17.0669 6364  [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
18:06:17.0669 6364  C:\Windows\System32\hid.dll - ok
18:06:17.0674 6364  [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
18:06:17.0674 6364  C:\Windows\System32\dwmapi.dll - ok
18:06:17.0678 6364  [ 6F8B48F3D343E4B186AB6A9E302B7E16 ] C:\Windows\System32\xmllite.dll
18:06:17.0678 6364  C:\Windows\System32\xmllite.dll - ok
18:06:17.0682 6364  [ 3D7BB6DD7A87B3E36E44CA94444247A8 ] C:\Windows\System32\WindowsCodecs.dll
18:06:17.0682 6364  C:\Windows\System32\WindowsCodecs.dll - ok
18:06:17.0688 6364  [ AFB5B500AD69E24ED1BC15D1161641EF ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
18:06:17.0688 6364  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok
18:06:17.0693 6364  [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
18:06:17.0693 6364  C:\Windows\System32\rasadhlp.dll - ok
18:06:17.0697 6364  [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
18:06:17.0697 6364  C:\Windows\System32\adtschema.dll - ok
18:06:17.0702 6364  [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
18:06:17.0702 6364  C:\Windows\System32\winbrand.dll - ok
18:06:17.0708 6364  [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
18:06:17.0708 6364  C:\Windows\System32\wtsapi32.dll - ok
18:06:17.0712 6364  [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
18:06:17.0713 6364  C:\Windows\System32\VaultCredProvider.dll - ok
18:06:17.0717 6364  [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
18:06:17.0717 6364  C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
18:06:17.0722 6364  [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
18:06:17.0722 6364  C:\Windows\System32\SmartcardCredentialProvider.dll - ok
18:06:17.0730 6364  [ B1DF2D87DC8BF6072699AC8301B37796 ] C:\Windows\System32\WUDFPlatform.dll
18:06:17.0730 6364  C:\Windows\System32\WUDFPlatform.dll - ok
18:06:17.0735 6364  [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
18:06:17.0735 6364  C:\Windows\System32\BioCredProv.dll - ok
18:06:17.0741 6364  [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
18:06:17.0741 6364  C:\Windows\System32\drivers\fltMgr.sys - ok
18:06:17.0747 6364  [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
18:06:17.0747 6364  C:\Windows\System32\winbio.dll - ok
18:06:17.0752 6364  [ CC0AB40F02D2C2A12209715A3C1B07B8 ] C:\Windows\System32\credui.dll
18:06:17.0752 6364  C:\Windows\System32\credui.dll - ok
18:06:17.0757 6364  [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
18:06:17.0757 6364  C:\Windows\System32\PSHED.DLL - ok
18:06:17.0759 6364  [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
18:06:17.0759 6364  C:\Windows\System32\vaultcli.dll - ok
18:06:17.0764 6364  [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
18:06:17.0764 6364  C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
18:06:17.0768 6364  [ EEEA40F0EDB0A6E5359E539E15D0BC77 ] C:\Windows\System32\netapi32.dll
18:06:17.0768 6364  C:\Windows\System32\netapi32.dll - ok
18:06:17.0774 6364  [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
18:06:17.0774 6364  C:\Windows\System32\netutils.dll - ok
18:06:17.0778 6364  [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
18:06:17.0778 6364  C:\Windows\System32\samcli.dll - ok
18:06:17.0782 6364  [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
18:06:17.0782 6364  C:\Windows\System32\wkscli.dll - ok
18:06:17.0787 6364  [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
18:06:17.0787 6364  C:\Windows\System32\certCredProvider.dll - ok
18:06:17.0792 6364  [ 11338E0557B07BC32CDB980B6EDB35AA ] C:\Windows\System32\ci.dll
18:06:17.0792 6364  C:\Windows\System32\ci.dll - ok
18:06:17.0797 6364  [ 032229246107C5C7211E6D1498B52D3D ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
18:06:17.0797 6364  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL - ok
18:06:17.0802 6364  [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
18:06:17.0802 6364  C:\Windows\System32\rasplap.dll - ok
18:06:17.0806 6364  [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
18:06:17.0807 6364  C:\Windows\System32\rasapi32.dll - ok
18:06:17.0811 6364  [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
18:06:17.0811 6364  C:\Windows\System32\rasman.dll - ok
18:06:17.0815 6364  [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll
18:06:17.0815 6364  C:\Windows\System32\rtutils.dll - ok
18:06:17.0820 6364  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] C:\Windows\System32\gpsvc.dll
18:06:17.0820 6364  C:\Windows\System32\gpsvc.dll - ok
18:06:17.0827 6364  [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
18:06:17.0827 6364  C:\Windows\System32\ntmarta.dll - ok
18:06:17.0831 6364  [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
18:06:17.0831 6364  C:\Windows\System32\atl.dll - ok
18:06:17.0837 6364  [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
18:06:17.0837 6364  C:\Windows\System32\dsrole.dll - ok
18:06:17.0842 6364  [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
18:06:17.0842 6364  C:\Windows\System32\es.dll - ok
18:06:17.0847 6364  [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
18:06:17.0847 6364  C:\Windows\System32\slc.dll - ok
18:06:17.0852 6364  [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
18:06:17.0852 6364  C:\Windows\System32\themeservice.dll - ok
18:06:17.0856 6364  [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
18:06:17.0856 6364  C:\Windows\System32\comres.dll - ok
18:06:17.0861 6364  [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
18:06:17.0861 6364  C:\Windows\System32\Sens.dll - ok
18:06:17.0865 6364  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
18:06:17.0865 6364  C:\Windows\System32\uxsms.dll - ok
18:06:17.0870 6364  [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
18:06:17.0870 6364  C:\Windows\System32\drivers\lltdio.sys - ok
18:06:17.0875 6364  [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
18:06:17.0875 6364  C:\Windows\System32\drivers\rspndr.sys - ok
18:06:17.0877 6364  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll
18:06:17.0877 6364  C:\Windows\System32\dhcpcore.dll - ok
18:06:17.0882 6364  [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
18:06:17.0882 6364  C:\Windows\System32\lmhsvc.dll - ok
18:06:17.0886 6364  [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll
18:06:17.0886 6364  C:\Windows\System32\nrpsrv.dll - ok
18:06:17.0891 6364  [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
18:06:17.0891 6364  C:\Windows\System32\nsisvc.dll - ok
18:06:17.0895 6364  [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
18:06:17.0895 6364  C:\Windows\System32\UXInit.dll - ok
18:06:17.0900 6364  [ 3CC16A849E6092E43909F48EF0E60306 ] C:\Windows\System32\dhcpcore6.dll
18:06:17.0900 6364  C:\Windows\System32\dhcpcore6.dll - ok
18:06:17.0903 6364  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll
18:06:17.0903 6364  C:\Windows\System32\dnsrslvr.dll - ok
18:06:17.0909 6364  [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
18:06:17.0909 6364  C:\Windows\System32\FWPUCLNT.DLL - ok
18:06:17.0914 6364  [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
18:06:17.0914 6364  C:\Windows\System32\imageres.dll - ok
18:06:17.0919 6364  [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
18:06:17.0919 6364  C:\Windows\System32\dnsext.dll - ok
18:06:18.0093 6364  [ AAF932B4011D14052955D4B212A4DA8D ] C:\Windows\System32\shsvcs.dll
18:06:18.0093 6364  C:\Windows\System32\shsvcs.dll - ok
18:06:18.0097 6364  [ 262F6592C3299C005FD6BEC90FC4463A ] C:\Windows\System32\schedsvc.dll
18:06:18.0098 6364  C:\Windows\System32\schedsvc.dll - ok
18:06:18.0103 6364  [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
18:06:18.0103 6364  C:\Windows\System32\ktmw32.dll - ok
18:06:18.0108 6364  [ 945E54F23C72D37B8CD1987AF0DB63BF ] C:\Windows\System32\fveapi.dll
18:06:18.0108 6364  C:\Windows\System32\fveapi.dll - ok
18:06:18.0113 6364  [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
18:06:18.0113 6364  C:\Windows\System32\fvecerts.dll - ok
18:06:18.0118 6364  [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
18:06:18.0118 6364  C:\Windows\System32\tbs.dll - ok
18:06:18.0124 6364  [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7 ] C:\Windows\System32\taskcomp.dll
18:06:18.0124 6364  C:\Windows\System32\taskcomp.dll - ok
18:06:18.0129 6364  [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
18:06:18.0129 6364  C:\Windows\System32\wiarpc.dll - ok
18:06:18.0133 6364  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] C:\Windows\System32\drivers\http.sys
18:06:18.0133 6364  C:\Windows\System32\drivers\http.sys - ok
18:06:18.0138 6364  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] C:\Windows\System32\spoolsv.exe
18:06:18.0139 6364  C:\Windows\System32\spoolsv.exe - ok
18:06:18.0143 6364  [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL
18:06:18.0143 6364  C:\Windows\System32\BFE.DLL - ok
18:06:18.0147 6364  [ 27E461F0BE5BFF5FC737328F749538C3 ] C:\Windows\System32\drivers\srvnet.sys
18:06:18.0147 6364  C:\Windows\System32\drivers\srvnet.sys - ok
18:06:18.0151 6364  [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys
18:06:18.0152 6364  C:\Windows\System32\drivers\bowser.sys - ok
18:06:18.0157 6364  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
18:06:18.0157 6364  C:\Windows\System32\drivers\mpsdrv.sys - ok
18:06:18.0161 6364  [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys
18:06:18.0161 6364  C:\Windows\System32\drivers\mrxsmb.sys - ok
18:06:18.0166 6364  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll
18:06:18.0166 6364  C:\Windows\System32\MPSSVC.dll - ok
18:06:18.0170 6364  [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys
18:06:18.0170 6364  C:\Windows\System32\drivers\mrxsmb10.sys - ok
18:06:18.0175 6364  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys
18:06:18.0175 6364  C:\Windows\System32\drivers\mrxsmb20.sys - ok
18:06:18.0179 6364  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] C:\Windows\System32\drivers\srv2.sys
18:06:18.0179 6364  C:\Windows\System32\drivers\srv2.sys - ok
18:06:18.0184 6364  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] C:\Windows\System32\drivers\srv.sys
18:06:18.0184 6364  C:\Windows\System32\drivers\srv.sys - ok
18:06:18.0193 6364  [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll
18:06:18.0193 6364  C:\Windows\System32\wkssvc.dll - ok
18:06:18.0198 6364  [ D9F42719019740BAA6D1C6D536CBDAA6 ] C:\Windows\System32\srvsvc.dll
18:06:18.0198 6364  C:\Windows\System32\srvsvc.dll - ok
18:06:18.0202 6364  [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
18:06:18.0203 6364  C:\Windows\System32\wfapigp.dll - ok
18:06:18.0208 6364  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] C:\Windows\System32\browser.dll
18:06:18.0208 6364  C:\Windows\System32\browser.dll - ok
18:06:18.0212 6364  [ 81749E073AC5857B044A686B406E5244 ] C:\Windows\System32\clusapi.dll
18:06:18.0212 6364  C:\Windows\System32\clusapi.dll - ok
18:06:18.0217 6364  [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
18:06:18.0217 6364  C:\Windows\System32\netmsg.dll - ok
18:06:18.0222 6364  [ FF80CAD87555E8E4D2CFD7B9058343F8 ] C:\Windows\System32\sscore.dll
18:06:18.0222 6364  C:\Windows\System32\sscore.dll - ok
18:06:18.0226 6364  [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
18:06:18.0226 6364  C:\Windows\System32\resutils.dll - ok
18:06:18.0231 6364  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:06:18.0231 6364  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
18:06:18.0236 6364  [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
18:06:18.0236 6364  C:\Windows\SysWOW64\ntdll.dll - ok
18:06:18.0241 6364  [ 259EB5F7D95A29842B476C5B3EB6E186 ] C:\Windows\System32\wow64.dll
18:06:18.0241 6364  C:\Windows\System32\wow64.dll - ok
18:06:18.0245 6364  [ 5674E21E82CFBEA36DDAD5DB285D6DBC ] C:\Windows\System32\wow64win.dll
18:06:18.0245 6364  C:\Windows\System32\wow64win.dll - ok
18:06:18.0250 6364  [ 3EE3AA76D8AB6D5644C4C8F34471CEB3 ] C:\Windows\System32\wow64cpu.dll
18:06:18.0250 6364  C:\Windows\System32\wow64cpu.dll - ok
18:06:18.0255 6364  [ AC0B6F41882FC6ED186962D770EBF1D2 ] C:\Windows\SysWOW64\kernel32.dll
18:06:18.0255 6364  C:\Windows\SysWOW64\kernel32.dll - ok
18:06:18.0260 6364  [ E954A79D6A754A5475582CACED1565E6 ] C:\Windows\SysWOW64\KernelBase.dll
18:06:18.0260 6364  C:\Windows\SysWOW64\KernelBase.dll - ok
18:06:18.0264 6364  [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
18:06:18.0264 6364  C:\Windows\SysWOW64\user32.dll - ok
18:06:18.0269 6364  [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
18:06:18.0269 6364  C:\Windows\SysWOW64\gdi32.dll - ok
18:06:18.0274 6364  [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
18:06:18.0274 6364  C:\Windows\SysWOW64\lpk.dll - ok
18:06:18.0279 6364  [ B7230010D97787AF3D25E4C82F2B06B9 ] C:\Windows\SysWOW64\usp10.dll
18:06:18.0279 6364  C:\Windows\SysWOW64\usp10.dll - ok
18:06:18.0283 6364  [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
18:06:18.0283 6364  C:\Windows\SysWOW64\msvcrt.dll - ok
18:06:18.0288 6364  [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
18:06:18.0288 6364  C:\Windows\SysWOW64\advapi32.dll - ok
18:06:18.0298 6364  [ 4DC999CED9429939D75682EBD7D48901 ] C:\Windows\SysWOW64\rpcrt4.dll
18:06:18.0298 6364  C:\Windows\SysWOW64\rpcrt4.dll - ok
18:06:18.0303 6364  [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
18:06:18.0303 6364  C:\Windows\SysWOW64\sechost.dll - ok
18:06:18.0308 6364  [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
18:06:18.0308 6364  C:\Windows\SysWOW64\cryptbase.dll - ok
18:06:18.0313 6364  [ 565D78187494FB5F08B5A52DEB2AEA7A ] C:\Windows\SysWOW64\shell32.dll
18:06:18.0313 6364  C:\Windows\SysWOW64\shell32.dll - ok
18:06:18.0317 6364  [ EDA7AD21DF8945528F01F0A86D69E524 ] C:\Windows\SysWOW64\sspicli.dll
18:06:18.0317 6364  C:\Windows\SysWOW64\sspicli.dll - ok
18:06:18.0323 6364  [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
18:06:18.0323 6364  C:\Windows\SysWOW64\shlwapi.dll - ok
18:06:18.0328 6364  [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
18:06:18.0328 6364  C:\Windows\SysWOW64\ole32.dll - ok
18:06:18.0332 6364  [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
18:06:18.0332 6364  C:\Windows\SysWOW64\oleaut32.dll - ok
18:06:18.0338 6364  [ AE8EB083B050E17A7D6EB5E28AECDDD6 ] C:\Windows\SysWOW64\crypt32.dll
18:06:18.0338 6364  C:\Windows\SysWOW64\crypt32.dll - ok
18:06:18.0342 6364  [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
18:06:18.0342 6364  C:\Windows\SysWOW64\msasn1.dll - ok
18:06:18.0347 6364  [ 68EAAEDF0365168B804E8728368FA946 ] C:\Windows\SysWOW64\wintrust.dll
18:06:18.0347 6364  C:\Windows\SysWOW64\wintrust.dll - ok
18:06:18.0351 6364  [ B3892E6DA8E2C8CE4B0A9D3EB9A185E5 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcr90.dll
18:06:18.0351 6364  C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcr90.dll - ok
18:06:18.0357 6364  [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
18:06:18.0357 6364  C:\Windows\SysWOW64\imm32.dll - ok
18:06:18.0361 6364  [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
18:06:18.0361 6364  C:\Windows\SysWOW64\msctf.dll - ok
18:06:18.0366 6364  [ 059FC59F97A6220C46A612A9470A00B3 ] C:\Windows\SysWOW64\urlmon.dll
18:06:18.0366 6364  C:\Windows\SysWOW64\urlmon.dll - ok
18:06:18.0371 6364  [ 6A13B4F3B3F575F1E24B877B9359AABA ] C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
18:06:18.0371 6364  C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll - ok
18:06:18.0376 6364  [ 2E33DFD10F28F86C3FC40EE123CC3904 ] C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
18:06:18.0376 6364  C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll - ok
18:06:18.0378 6364  [ 1C60E09CA1C3A045BC4D367F67C915B7 ] C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
18:06:18.0378 6364  C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll - ok
18:06:18.0384 6364  [ 6951562DC4625EEFC6EACD52AD165866 ] C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
18:06:18.0384 6364  C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll - ok
18:06:18.0390 6364  [ 589CBC4989F750E1DA35625AB481CF43 ] C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
18:06:18.0390 6364  C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll - ok
18:06:18.0395 6364  [ 3BE0D923AA45A4DBE091C2D84F0B4FE7 ] C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
18:06:18.0395 6364  C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll - ok
18:06:18.0398 6364  [ D0E0086BA353C379DCFE8624E8B8F17A ] C:\Windows\SysWOW64\iertutil.dll
18:06:18.0398 6364  C:\Windows\SysWOW64\iertutil.dll - ok
18:06:18.0403 6364  [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
18:06:18.0403 6364  C:\Windows\SysWOW64\version.dll - ok
18:06:18.0408 6364  [ DAA3903F06116AE9EE7AC1D1B93684A4 ] C:\Windows\SysWOW64\wininet.dll
18:06:18.0408 6364  C:\Windows\SysWOW64\wininet.dll - ok
18:06:18.0413 6364  [ 6B400F211BEE880A37A1ED0368776BF4 ] C:\Windows\System32\cryptsvc.dll
18:06:18.0413 6364  C:\Windows\System32\cryptsvc.dll - ok
18:06:18.0422 6364  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] C:\Windows\System32\dps.dll
18:06:18.0423 6364  C:\Windows\System32\dps.dll - ok
18:06:18.0427 6364  [ 7F8E83B9466A0A002D4AB15C104062A7 ] C:\Windows\System32\efscore.dll
18:06:18.0427 6364  C:\Windows\System32\efscore.dll - ok
18:06:18.0431 6364  [ 0C043B0ABBB5E14E68906AB80365395B ] C:\Windows\System32\efssvc.dll
18:06:18.0431 6364  C:\Windows\System32\efssvc.dll - ok
18:06:18.0436 6364  [ FCD84C381E0140AF901E58D48882D26B ] C:\Windows\System32\IKEEXT.DLL
18:06:18.0436 6364  C:\Windows\System32\IKEEXT.DLL - ok
18:06:18.0442 6364  [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
18:06:18.0442 6364  C:\Windows\System32\netman.dll - ok
18:06:18.0449 6364  [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
18:06:18.0449 6364  C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe - ok
18:06:18.0453 6364  [ A6B726DCA228F7878E38368A1BDC68BE ] C:\Windows\System32\cryptnet.dll
18:06:18.0453 6364  C:\Windows\System32\cryptnet.dll - ok
18:06:18.0458 6364  [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
18:06:18.0458 6364  C:\Windows\System32\taskschd.dll - ok
18:06:18.0463 6364  [ 58283053C781AD3A579C95D7765C1FA0 ] C:\Windows\System32\efsutil.dll
18:06:18.0463 6364  C:\Windows\System32\efsutil.dll - ok
18:06:18.0467 6364  [ 8AD77806D336673F270DB31645267293 ] C:\Windows\System32\nlasvc.dll
18:06:18.0467 6364  C:\Windows\System32\nlasvc.dll - ok
18:06:18.0472 6364  [ D4FAC263861BAE06971C7F7D0A8EBF15 ] C:\Windows\System32\ncsi.dll
18:06:18.0472 6364  C:\Windows\System32\ncsi.dll - ok
18:06:18.0477 6364  [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
18:06:18.0477 6364  C:\Windows\System32\vssapi.dll - ok
18:06:18.0481 6364  [ 77B5035BC6EDF4D1B6265391AECEE4C0 ] C:\Windows\System32\vpnikeapi.dll
18:06:18.0481 6364  C:\Windows\System32\vpnikeapi.dll - ok
18:06:18.0486 6364  [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
18:06:18.0486 6364  C:\Windows\System32\vsstrace.dll - ok
18:06:18.0491 6364  [ 5672C775FAB584EB5BABBB79C74C530E ] C:\Program Files (x86)\Dell\Dell Datasafe Online\BuEng.dll
18:06:18.0491 6364  C:\Program Files (x86)\Dell\Dell Datasafe Online\BuEng.dll - ok
18:06:18.0495 6364  [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
18:06:18.0496 6364  C:\Windows\System32\ssdpapi.dll - ok
18:06:18.0500 6364  [ E36112A8A6C7F840169A7E92C12F4203 ] C:\Windows\System32\wsock32.dll
18:06:18.0500 6364  C:\Windows\System32\wsock32.dll - ok
18:06:18.0505 6364  [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
18:06:18.0505 6364  C:\Windows\System32\drivers\PEAuth.sys - ok
18:06:18.0510 6364  [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
18:06:18.0510 6364  C:\Windows\System32\drivers\secdrv.sys - ok
18:06:18.0515 6364  [ C6CC9297BD53E5229653303E556AA539 ] C:\Windows\System32\drivers\Sftfslh.sys
18:06:18.0515 6364  C:\Windows\System32\drivers\Sftfslh.sys - ok
18:06:18.0521 6364  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] C:\Windows\System32\IPSECSVC.DLL
18:06:18.0521 6364  C:\Windows\System32\IPSECSVC.DLL - ok
18:06:18.0526 6364  [ BC617A4E1B4FA8DF523A061739A0BD87 ] C:\Windows\System32\seclogon.dll
18:06:18.0526 6364  C:\Windows\System32\seclogon.dll - ok
18:06:18.0533 6364  [ 9BC93C9ACFA34DB5A41B89357B31E4ED ] C:\Windows\System32\FwRemoteSvr.dll
18:06:18.0533 6364  C:\Windows\System32\FwRemoteSvr.dll - ok
18:06:18.0539 6364  [ 74EC60E20516AAA573BE74F31175270F ] C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
18:06:18.0539 6364  C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe - ok
18:06:18.0545 6364  [ 390AA7BC52CEE43F6790CDEA1E776703 ] C:\Windows\System32\drivers\Sftplaylh.sys
18:06:18.0545 6364  C:\Windows\System32\drivers\Sftplaylh.sys - ok
18:06:18.0551 6364  [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll
18:06:18.0551 6364  C:\Windows\SysWOW64\userenv.dll - ok
18:06:18.0556 6364  [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\SysWOW64\wtsapi32.dll
18:06:18.0556 6364  C:\Windows\SysWOW64\wtsapi32.dll - ok
18:06:18.0559 6364  [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
18:06:18.0559 6364  C:\Windows\SysWOW64\profapi.dll - ok
18:06:18.0564 6364  [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
18:06:18.0564 6364  C:\Windows\SysWOW64\psapi.dll - ok
18:06:18.0568 6364  [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll
18:06:18.0568 6364  C:\Windows\SysWOW64\ws2_32.dll - ok
18:06:18.0573 6364  [ C3CDDD18F43D44AB713CF8C4916F7696 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:06:18.0573 6364  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe - ok
18:06:18.0581 6364  [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
18:06:18.0581 6364  C:\Windows\SysWOW64\clbcatq.dll - ok
18:06:18.0587 6364  [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
18:06:18.0588 6364  C:\Windows\SysWOW64\nsi.dll - ok
18:06:18.0593 6364  [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
18:06:18.0593 6364  C:\Windows\SysWOW64\cryptsp.dll - ok
18:06:18.0598 6364  [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
18:06:18.0598 6364  C:\Windows\SysWOW64\cfgmgr32.dll - ok
18:06:18.0604 6364  [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\SysWOW64\RpcRtRemote.dll
18:06:18.0604 6364  C:\Windows\SysWOW64\RpcRtRemote.dll - ok
18:06:18.0609 6364  [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
18:06:18.0609 6364  C:\Windows\SysWOW64\rsaenh.dll - ok
18:06:18.0612 6364  [ DB001FAEA818AE2E14A74E0ADC530FC0 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcp90.dll
18:06:18.0612 6364  C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcp90.dll - ok
18:06:18.0617 6364  [ E14EC69620F1924A3318C3D7CA9A02B6 ] C:\Program Files (x86)\Dell DataSafe Local Backup\SDSSmartRepairTools.dll
18:06:18.0617 6364  C:\Program Files (x86)\Dell DataSafe Local Backup\SDSSmartRepairTools.dll - ok
18:06:18.0623 6364  [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
18:06:18.0623 6364  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
18:06:18.0628 6364  [ F93674263F6B07C77956E966953242D9 ] C:\Windows\SysWOW64\secur32.dll
18:06:18.0628 6364  C:\Windows\SysWOW64\secur32.dll - ok
18:06:18.0630 6364  [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
18:06:18.0630 6364  C:\Windows\SysWOW64\setupapi.dll - ok
18:06:18.0635 6364  [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
18:06:18.0635 6364  C:\Windows\SysWOW64\credssp.dll - ok
18:06:18.0640 6364  [ F07AF60B152221472FBDB2FECEC4896D ] C:\Program Files (x86)\Skype\Updater\Updater.exe
18:06:18.0640 6364  C:\Program Files (x86)\Skype\Updater\Updater.exe - ok
18:06:18.0645 6364  [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll
18:06:18.0645 6364  C:\Windows\SysWOW64\devobj.dll - ok
18:06:18.0649 6364  [ 21D3A18769EC2C4E56756D04E989A221 ] C:\Windows\SysWOW64\msxml3.dll
18:06:18.0650 6364  C:\Windows\SysWOW64\msxml3.dll - ok
18:06:18.0654 6364  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
18:06:18.0654 6364  C:\Windows\System32\sstpsvc.dll - ok
18:06:18.0658 6364  [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\SysWOW64\winsta.dll
18:06:18.0658 6364  C:\Windows\SysWOW64\winsta.dll - ok
18:06:18.0663 6364  [ BCEA9AB347E53BC03B2E36BE0B8BA0EF ] C:\Windows\System32\httpapi.dll
18:06:18.0663 6364  C:\Windows\System32\httpapi.dll - ok
18:06:18.0670 6364  [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\SysWOW64\wbemcomn.dll
18:06:18.0670 6364  C:\Windows\SysWOW64\wbemcomn.dll - ok
18:06:18.0675 6364  [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\SysWOW64\wbem\wbemprox.dll
18:06:18.0676 6364  C:\Windows\SysWOW64\wbem\wbemprox.dll - ok
18:06:18.0681 6364  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] C:\Windows\System32\drivers\tcpipreg.sys
18:06:18.0681 6364  C:\Windows\System32\drivers\tcpipreg.sys - ok
18:06:18.0686 6364  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] C:\Windows\System32\wiaservc.dll
18:06:18.0686 6364  C:\Windows\System32\wiaservc.dll - ok
18:06:18.0692 6364  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] C:\Windows\System32\sysmain.dll
18:06:18.0692 6364  C:\Windows\System32\sysmain.dll - ok
18:06:18.0697 6364  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] C:\Windows\System32\tapisrv.dll
18:06:18.0697 6364  C:\Windows\System32\tapisrv.dll - ok
18:06:18.0702 6364  [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5 ] C:\Windows\System32\wiatrace.dll
18:06:18.0702 6364  C:\Windows\System32\wiatrace.dll - ok
18:06:18.0708 6364  [ 4C1244FEF74C60A4B1B151C76609CBE2 ] C:\Windows\System32\wsdchngr.dll
18:06:18.0708 6364  C:\Windows\System32\wsdchngr.dll - ok
18:06:18.0713 6364  [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
18:06:18.0713 6364  C:\Windows\System32\fundisc.dll - ok
18:06:18.0718 6364  [ 99B91C5D2FCEF218CAD3600ECB62A799 ] C:\Windows\System32\msxml6.dll
18:06:18.0718 6364  C:\Windows\System32\msxml6.dll - ok
18:06:18.0724 6364  [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
18:06:18.0724 6364  C:\Windows\System32\trkwks.dll - ok
18:06:18.0730 6364  [ 2BACD71123F42CEA603F4E205E1AE337 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:06:18.0730 6364  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok
18:06:18.0735 6364  [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
18:06:18.0735 6364  C:\Windows\System32\wbem\WMIsvc.dll - ok
18:06:18.0741 6364  [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
18:06:18.0741 6364  C:\Windows\System32\wbemcomn.dll - ok
18:06:18.0746 6364  [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
18:06:18.0746 6364  C:\Windows\System32\wbem\WinMgmtR.dll - ok
18:06:18.0751 6364  [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
18:06:18.0751 6364  C:\Windows\System32\fdPnp.dll - ok
18:06:18.0757 6364  [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
18:06:18.0757 6364  C:\Windows\System32\wbem\WmiDcPrv.dll - ok
18:06:18.0763 6364  [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
18:06:18.0763 6364  C:\Windows\System32\wbem\wbemcore.dll - ok
18:06:18.0767 6364  [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
18:06:18.0767 6364  C:\Windows\System32\wbem\fastprox.dll - ok
18:06:18.0772 6364  [ 762AFC484317D86C5F24CD49A49CA28C ] C:\Windows\System32\HPScanMiniDrv_DJ2050_510g.dll
18:06:18.0772 6364  C:\Windows\System32\HPScanMiniDrv_DJ2050_510g.dll - ok
18:06:18.0777 6364  [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
18:06:18.0777 6364  C:\Windows\System32\ntdsapi.dll - ok
18:06:18.0781 6364  [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
18:06:18.0782 6364  C:\Windows\System32\wbem\wbemprox.dll - ok
18:06:18.0787 6364  [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
18:06:18.0787 6364  C:\Windows\System32\wbem\esscli.dll - ok
18:06:18.0789 6364  [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
18:06:18.0789 6364  C:\Windows\System32\wbem\wbemsvc.dll - ok
18:06:18.0794 6364  [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\SysWOW64\wbem\wbemsvc.dll
18:06:18.0794 6364  C:\Windows\SysWOW64\wbem\wbemsvc.dll - ok
18:06:18.0798 6364  [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
18:06:18.0798 6364  C:\Windows\System32\wbem\wmiutils.dll - ok
18:06:18.0803 6364  [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A ] C:\Windows\SysWOW64\wbem\fastprox.dll
18:06:18.0803 6364  C:\Windows\SysWOW64\wbem\fastprox.dll - ok
18:06:19.0091 6364  [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
18:06:19.0091 6364  C:\Windows\System32\wbem\repdrvfs.dll - ok
18:06:19.0096 6364  [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\SysWOW64\ntdsapi.dll
18:06:19.0096 6364  C:\Windows\SysWOW64\ntdsapi.dll - ok
18:06:19.0102 6364  [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
18:06:19.0102 6364  C:\Windows\System32\winspool.drv - ok
18:06:19.0107 6364  [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
18:06:19.0107 6364  C:\Windows\System32\SensApi.dll - ok
18:06:19.0112 6364  [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
18:06:19.0112 6364  C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok
18:06:19.0117 6364  [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
18:06:19.0117 6364  C:\Windows\System32\wbem\WmiPrvSD.dll - ok
18:06:19.0122 6364  [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
18:06:19.0122 6364  C:\Windows\System32\wer.dll - ok
18:06:19.0126 6364  [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
18:06:19.0126 6364  C:\Windows\System32\WinSCard.dll - ok
18:06:19.0131 6364  [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
18:06:19.0131 6364  C:\Windows\System32\ncobjapi.dll - ok
18:06:19.0136 6364  [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
18:06:19.0136 6364  C:\Windows\System32\wbem\wbemess.dll - ok
18:06:19.0141 6364  [ 13693B6354DD6E72DC5131DA7D764B90 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:06:19.0141 6364  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe - ok
18:06:19.0145 6364  [ 08C2957BB30058E663720C5606885653 ] C:\Windows\System32\iphlpsvc.dll
18:06:19.0145 6364  C:\Windows\System32\iphlpsvc.dll - ok
18:06:19.0150 6364  [ 6177E1A8F215576A56D437B48A00848B ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftsync.dll
18:06:19.0150 6364  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftsync.dll - ok
18:06:19.0155 6364  [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
18:06:19.0155 6364  C:\Windows\SysWOW64\ntmarta.dll - ok
18:06:19.0160 6364  [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll
18:06:19.0160 6364  C:\Windows\SysWOW64\Wldap32.dll - ok
18:06:19.0164 6364  [ 27B9E163740A226B65E4B9E186117911 ] C:\Windows\System32\sqmapi.dll
18:06:19.0164 6364  C:\Windows\System32\sqmapi.dll - ok
18:06:19.0170 6364  [ 7523E7D2AB0C49585C0C199264B2BD73 ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
18:06:19.0170 6364  C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll - ok
18:06:19.0174 6364  [ 295E1F2BC1AFDAFD98FF426BCE524BA9 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftuser.dll
18:06:19.0174 6364  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftuser.dll - ok
18:06:19.0179 6364  [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
18:06:19.0179 6364  C:\Windows\System32\wdscore.dll - ok
18:06:19.0184 6364  [ 371948BC5911ABA06168FAC91ED25F06 ] C:\Windows\System32\msxml3.dll
18:06:19.0184 6364  C:\Windows\System32\msxml3.dll - ok
18:06:19.0189 6364  [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
18:06:19.0189 6364  C:\Windows\SysWOW64\mpr.dll - ok
18:06:19.0227 6364  [ EE867A0870FC9E4972BA9EAAD35651E2 ] C:\Windows\System32\rasmans.dll
18:06:19.0227 6364  C:\Windows\System32\rasmans.dll - ok
18:06:19.0233 6364  [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
18:06:19.0233 6364  C:\Windows\System32\eappprxy.dll - ok
18:06:19.0239 6364  [ A733CC986EB51F8FBF598B981DC19FBA ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftcore.dll
18:06:19.0239 6364  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftcore.dll - ok
18:06:19.0244 6364  [ 44C96B48112EB24AE7764EBF1C527000 ] C:\Windows\System32\rastapi.dll
18:06:19.0244 6364  C:\Windows\System32\rastapi.dll - ok
18:06:19.0248 6364  [ FAFAE01E889DC9C05A6CA2138CFC220B ] C:\Windows\System32\tapi32.dll
18:06:19.0248 6364  C:\Windows\System32\tapi32.dll - ok
18:06:19.0254 6364  [ 2A46FFE841EC43001D5A293A54DB34DE ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
18:06:19.0254 6364  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok
18:06:19.0258 6364  [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
18:06:19.0258 6364  C:\Windows\System32\netcfgx.dll - ok
18:06:19.0263 6364  [ FEB91B4DA0D540865260A33838654FA3 ] C:\Windows\System32\nci.dll
18:06:19.0263 6364  C:\Windows\System32\nci.dll - ok
18:06:19.0268 6364  [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
18:06:19.0268 6364  C:\Windows\System32\hnetcfg.dll - ok
18:06:19.0273 6364  [ D2A0FFA75AB181B19B5EB93BB29C7686 ] C:\Windows\System32\unimdm.tsp
18:06:19.0273 6364  C:\Windows\System32\unimdm.tsp - ok
18:06:19.0277 6364  [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\SysWOW64\netapi32.dll
18:06:19.0277 6364  C:\Windows\SysWOW64\netapi32.dll - ok
18:06:19.0282 6364  [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\SysWOW64\netutils.dll
18:06:19.0282 6364  C:\Windows\SysWOW64\netutils.dll - ok
18:06:19.0287 6364  [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\SysWOW64\srvcli.dll
18:06:19.0287 6364  C:\Windows\SysWOW64\srvcli.dll - ok
18:06:19.0292 6364  [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\SysWOW64\wkscli.dll
18:06:19.0292 6364  C:\Windows\SysWOW64\wkscli.dll - ok
18:06:19.0297 6364  [ 32BFCF1CA719F2A3A31C721BD5F90303 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftpsr.dll
18:06:19.0297 6364  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftpsr.dll - ok
18:06:19.0302 6364  [ 94B7DF336815B47236724019FAB24B7C ] C:\Windows\System32\uniplat.dll
18:06:19.0302 6364  C:\Windows\System32\uniplat.dll - ok
18:06:19.0306 6364  [ 41326DD08ACC0CDC5F8177AF96C066E8 ] C:\Windows\System32\kmddsp.tsp
18:06:19.0306 6364  C:\Windows\System32\kmddsp.tsp - ok
18:06:19.0311 6364  [ 1D6BC2769DA66C1145F4DA5A65F52E61 ] C:\Windows\System32\ndptsp.tsp
18:06:19.0311 6364  C:\Windows\System32\ndptsp.tsp - ok
18:06:19.0316 6364  [ 7C1BAE7D23D4874FEE256A2B9C00E019 ] C:\Windows\System32\hidphone.tsp
18:06:19.0316 6364  C:\Windows\System32\hidphone.tsp - ok
18:06:19.0321 6364  [ 40EE4E67311F4019CCA2120D88C60576 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftfsi_wow64.dll
18:06:19.0321 6364  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftfsi_wow64.dll - ok
18:06:19.0326 6364  [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
18:06:19.0326 6364  C:\Windows\System32\eappcfg.dll - ok
18:06:19.0330 6364  [ A717A35120DBAB5AB707AB40662AF9DD ] C:\Windows\System32\rasppp.dll
18:06:19.0330 6364  C:\Windows\System32\rasppp.dll - ok
18:06:19.0335 6364  [ 0FE5CD5F9C9248F42D1EF56E495B182E ] C:\Windows\System32\vpnike.dll
18:06:19.0335 6364  C:\Windows\System32\vpnike.dll - ok
18:06:19.0340 6364  [ 6A84E68B538B8B04608BF2F0D426CE6F ] C:\Windows\System32\raschap.dll
18:06:19.0340 6364  C:\Windows\System32\raschap.dll - ok
18:06:19.0342 6364  [ 09AB81CEE443569D9A3CC151DDF70444 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftcomp.dll
18:06:19.0342 6364  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftcomp.dll - ok
18:06:19.0348 6364  [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
18:06:19.0348 6364  C:\Windows\SysWOW64\SensApi.dll - ok
18:06:19.0353 6364  [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
18:06:19.0353 6364  C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
18:06:19.0357 6364  [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
18:06:19.0357 6364  C:\Windows\SysWOW64\winnsi.dll - ok
18:06:19.0362 6364  [ 619A67C9F617B7E69315BB28ECD5E1DF ] C:\Windows\System32\wbem\WmiPrvSE.exe
18:06:19.0362 6364  C:\Windows\System32\wbem\WmiPrvSE.exe - ok
18:06:19.0371 6364  [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll
18:06:19.0371 6364  C:\Windows\SysWOW64\winhttp.dll - ok
18:06:19.0376 6364  [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll
18:06:19.0376 6364  C:\Windows\SysWOW64\webio.dll - ok
18:06:19.0381 6364  [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
18:06:19.0381 6364  C:\Windows\SysWOW64\wsock32.dll - ok
18:06:19.0384 6364  [ 8EA53101FF2B15BDFF934B62A8FB326D ] C:\Windows\SysWOW64\logoncli.dll
18:06:19.0384 6364  C:\Windows\SysWOW64\logoncli.dll - ok
18:06:19.0390 6364  [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\SysWOW64\msi.dll
18:06:19.0390 6364  C:\Windows\SysWOW64\msi.dll - ok
18:06:19.0396 6364  [ 6607C2182C6A53ED983813AFE2F85768 ] C:\Windows\System32\wbem\cimwin32.dll
18:06:19.0396 6364  C:\Windows\System32\wbem\cimwin32.dll - ok
18:06:19.0401 6364  [ B95F6501A2F8B2E78C697FEC401970CE ] C:\Windows\System32\ipnathlp.dll
18:06:19.0401 6364  C:\Windows\System32\ipnathlp.dll - ok
18:06:19.0406 6364  [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
18:06:19.0406 6364  C:\Windows\System32\mprapi.dll - ok
18:06:19.0410 6364  [ 617E29A0B0A2807466560D4C4E338D3E ] C:\Windows\System32\drivers\Sftredirlh.sys
18:06:19.0410 6364  C:\Windows\System32\drivers\Sftredirlh.sys - ok
18:06:19.0415 6364  [ 1484B9EBF567346582DE571B0E164AE0 ] C:\Windows\System32\framedynos.dll
18:06:19.0415 6364  C:\Windows\System32\framedynos.dll - ok
18:06:19.0421 6364  [ 1EBE9524683C7C4EED8B8BC93FB6FBCC ] C:\Windows\SysWOW64\fltLib.dll
18:06:19.0421 6364  C:\Windows\SysWOW64\fltLib.dll - ok
18:06:19.0425 6364  [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
18:06:19.0425 6364  C:\Windows\System32\netshell.dll - ok
18:06:19.0430 6364  [ 3D3CBD1847F980FB03343A63671E7886 ] C:\Windows\SysWOW64\schannel.dll
18:06:19.0430 6364  C:\Windows\SysWOW64\schannel.dll - ok
18:06:19.0434 6364  [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
18:06:19.0435 6364  C:\Windows\System32\dssenh.dll - ok
18:06:19.0440 6364  [ C00DB14550E4BD49737F311C644E45FF ] C:\Windows\System32\wmi.dll
18:06:19.0440 6364  C:\Windows\System32\wmi.dll - ok
18:06:19.0444 6364  [ EAADD6E47ED2A7003ACE1793B98CF63F ] C:\Windows\SysWOW64\msxml6.dll
18:06:19.0444 6364  C:\Windows\SysWOW64\msxml6.dll - ok
18:06:19.0449 6364  [ 007863E45F25AA47A4C30D0930BBFD85 ] C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
18:06:19.0449 6364  C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll - ok
18:06:19.0454 6364  [ 0A473BEFD39B78EDD82C2BDA84529ADA ] C:\Windows\System32\wbem\Win32_EncryptableVolume.dll
18:06:19.0454 6364  C:\Windows\System32\wbem\Win32_EncryptableVolume.dll - ok
18:06:19.0459 6364  [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
18:06:19.0459 6364  C:\Windows\System32\dllhost.exe - ok
18:06:19.0464 6364  [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
18:06:19.0464 6364  C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
18:06:19.0469 6364  [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
18:06:19.0469 6364  C:\Windows\System32\IDStore.dll - ok
18:06:19.0473 6364  [ 639774C9ACD063F028F6084ABF5593AD ] C:\Windows\System32\taskhost.exe
18:06:19.0473 6364  C:\Windows\System32\taskhost.exe - ok
18:06:19.0478 6364  [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe
18:06:19.0478 6364  C:\Windows\System32\AtBroker.exe - ok
18:06:19.0482 6364  [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
18:06:19.0482 6364  C:\Windows\System32\mpr.dll - ok
18:06:19.0487 6364  [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
18:06:19.0487 6364  C:\Windows\System32\userinit.exe - ok
18:06:19.0492 6364  [ 65EA57712340C09B1B0C427B4848AE05 ] C:\Windows\System32\taskeng.exe
18:06:19.0492 6364  C:\Windows\System32\taskeng.exe - ok
18:06:19.0496 6364  [ 9BB99503D6A4DD62569EDE9E5E2672A5 ] C:\Windows\System32\HotStartUserAgent.dll
18:06:19.0496 6364  C:\Windows\System32\HotStartUserAgent.dll - ok
18:06:19.0501 6364  [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
18:06:19.0501 6364  C:\Windows\System32\dwm.exe - ok
18:06:19.0506 6364  [ FCFCD1101C5DA23B4B95F93D02B2C169 ] C:\Windows\System32\dwmredir.dll
18:06:19.0506 6364  C:\Windows\System32\dwmredir.dll - ok
18:06:19.0512 6364  [ 4BA77A5EF71C14C764B0ED4701683E3E ] C:\Windows\System32\dwmcore.dll
18:06:19.0512 6364  C:\Windows\System32\dwmcore.dll - ok
18:06:19.0517 6364  [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
18:06:19.0517 6364  C:\Windows\System32\PlaySndSrv.dll - ok
18:06:19.0523 6364  [ 805A52C5AE26C28E88FDD9BCCFE6F312 ] C:\Windows\System32\TSChannel.dll
18:06:19.0523 6364  C:\Windows\System32\TSChannel.dll - ok
18:06:19.0528 6364  [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:06:19.0528 6364  C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - ok
18:06:19.0534 6364  [ 9AE80F6A66B30E3ED8CDF858CF28B11B ] C:\Windows\System32\d3d10_1.dll
18:06:19.0534 6364  C:\Windows\System32\d3d10_1.dll - ok
18:06:19.0539 6364  [ 63F72417CA38D8FC8F53709649B589E3 ] C:\Windows\System32\d3d10_1core.dll
18:06:19.0539 6364  C:\Windows\System32\d3d10_1core.dll - ok
18:06:19.0545 6364  [ 522B0466ED967A0762E9AF5B37D8F40A ] C:\Windows\System32\esent.dll
18:06:19.0545 6364  C:\Windows\System32\esent.dll - ok
18:06:19.0550 6364  [ 8DFB5752FCE145A6B295093C0A8BE131 ] C:\Windows\System32\dxgi.dll
18:06:19.0550 6364  C:\Windows\System32\dxgi.dll - ok
18:06:19.0556 6364  [ FF60B8C5BBE73B0790B3332783B6FD81 ] C:\Program Files (x86)\Google\Update\1.3.21.153\goopdate.dll
18:06:19.0556 6364  C:\Program Files (x86)\Google\Update\1.3.21.153\goopdate.dll - ok
18:06:19.0561 6364  [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe
18:06:19.0561 6364  C:\Windows\explorer.exe - ok
18:06:19.0566 6364  [ 4C92EB7535CAA1681A77D928FBF9771F ] C:\Windows\System32\d3d11.dll
18:06:19.0566 6364  C:\Windows\System32\d3d11.dll - ok
18:06:19.0572 6364  [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
18:06:19.0572 6364  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
18:06:19.0577 6364  [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
18:06:19.0577 6364  C:\Windows\System32\MsCtfMonitor.dll - ok
18:06:19.0582 6364  [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
18:06:19.0582 6364  C:\Windows\System32\msutb.dll - ok
18:06:19.0588 6364  [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\SysWOW64\imagehlp.dll
18:06:19.0588 6364  C:\Windows\SysWOW64\imagehlp.dll - ok
18:06:19.0593 6364  [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\SysWOW64\cscapi.dll
18:06:19.0593 6364  C:\Windows\SysWOW64\cscapi.dll - ok
18:06:19.0598 6364  [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\SysWOW64\dbghelp.dll
18:06:19.0598 6364  C:\Windows\SysWOW64\dbghelp.dll - ok
18:06:19.0603 6364  [ 8F19AA7A891F429578D19753E3659A16 ] C:\Windows\System32\igd10umd64.dll
18:06:19.0603 6364  C:\Windows\System32\igd10umd64.dll - ok
18:06:19.0625 6364  [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
18:06:19.0625 6364  C:\Windows\System32\ExplorerFrame.dll - ok
18:06:19.0630 6364  [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\SysWOW64\apphelp.dll
18:06:19.0630 6364  C:\Windows\SysWOW64\apphelp.dll - ok
18:06:19.0636 6364  [ 8726802EA4FBFFA3FD54FD2449BF51D4 ] C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
18:06:19.0636 6364  C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe - ok
18:06:19.0693 6364  [ D9A08472D8D0218A0AE2C9D9F63EA531 ] C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
18:06:19.0693 6364  C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe - ok
18:06:19.0698 6364  [ C5A99A4C0DC9F0F5A95BA0C83D30A549 ] C:\Windows\SysWOW64\mstask.dll
18:06:19.0698 6364  C:\Windows\SysWOW64\mstask.dll - ok
18:06:19.0704 6364  [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
18:06:19.0704 6364  C:\Windows\System32\EhStorShell.dll - ok
18:06:19.0709 6364  [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll
18:06:19.0709 6364  C:\Windows\System32\ntshrui.dll - ok
18:06:19.0714 6364  [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
18:06:19.0714 6364  C:\Windows\System32\cscapi.dll - ok
18:06:19.0720 6364  [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
18:06:19.0720 6364  C:\Windows\System32\IconCodecService.dll - ok
18:06:19.0726 6364  [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll
18:06:19.0726 6364  C:\Windows\System32\uDWM.dll - ok
18:06:19.0731 6364  [ 72794D112CBAFF3BC0C29BF7350D4741 ] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
18:06:19.0731 6364  C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE - ok
18:06:19.0737 6364  [ A7A8CA53D9C9FD90C07AB0EB38E5316B ] C:\Windows\System32\dbghelp.dll
18:06:19.0737 6364  C:\Windows\System32\dbghelp.dll - ok
18:06:19.0742 6364  [ C797D1677BA81306AFBB9FA8A9A8F483 ] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSHARED.DLL
18:06:19.0742 6364  C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSHARED.DLL - ok
18:06:19.0748 6364  [ 108C2CFA5527458C096A699929ECBD80 ] C:\Windows\SysWOW64\credui.dll
18:06:19.0748 6364  C:\Windows\SysWOW64\credui.dll - ok
18:06:19.0753 6364  [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\SysWOW64\oleacc.dll
18:06:19.0753 6364  C:\Windows\SysWOW64\oleacc.dll - ok
18:06:19.0758 6364  [ 84174CA0E190BB9D1EFD0F005FE13B35 ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\GdiPlus.dll
18:06:19.0758 6364  C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\GdiPlus.dll - ok
18:06:19.0764 6364  [ 565A30B70BE8A9B171839003F2D69683 ] C:\Windows\SysWOW64\hlink.dll
18:06:19.0764 6364  C:\Windows\SysWOW64\hlink.dll - ok
18:06:19.0770 6364  [ 74AF1FFCAFD60DA88A386AE161F56438 ] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\en-us\CVHIntl.dll
18:06:19.0770 6364  C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\en-us\CVHIntl.dll - ok
18:06:19.0775 6364  [ B08E3476F0874DBAD672D0AC4FB2580B ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftintf.dll
18:06:19.0775 6364  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftintf.dll - ok
18:06:19.0780 6364  [ 4C1E16B9A53102C8D6FBA587CBCB95DE ] C:\Windows\SysWOW64\msv1_0.dll
18:06:19.0780 6364  C:\Windows\SysWOW64\msv1_0.dll - ok
18:06:19.0786 6364  [ 1128637CAD49A8E3C8B5FA5D0A061525 ] C:\Windows\SysWOW64\cryptdll.dll
18:06:19.0786 6364  C:\Windows\SysWOW64\cryptdll.dll - ok
18:06:19.0791 6364  [ B3DC2359FA6E58C753ABE9D6F13B3608 ] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe
18:06:19.0792 6364  C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe - ok
18:06:19.0797 6364  [ EBDD3032297EF6832A1D6D3AA6DC3537 ] C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
18:06:19.0797 6364  C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe - ok
18:06:19.0803 6364  [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
18:06:19.0803 6364  C:\Windows\SysWOW64\uxtheme.dll - ok
18:06:19.0808 6364  [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\SysWOW64\propsys.dll
18:06:19.0808 6364  C:\Windows\SysWOW64\propsys.dll - ok
18:06:19.0814 6364  [ 9839C4217EBD9A6B84B60FF2FBD9B1A5 ] C:\Program Files (x86)\Dell DataSafe Local Backup\RPLauncher.exe
18:06:19.0814 6364  C:\Program Files (x86)\Dell DataSafe Local Backup\RPLauncher.exe - ok
18:06:19.0819 6364  [ E9BCB6728DD04412BF87F03DB00DE1CF ] C:\Windows\SysWOW64\ieframe.dll
18:06:19.0819 6364  C:\Windows\SysWOW64\ieframe.dll - ok
18:06:19.0825 6364  [ 9D2A2369AB4B08A4905FE72DB104498F ] C:\Windows\System32\appinfo.dll
18:06:19.0825 6364  C:\Windows\System32\appinfo.dll - ok
18:06:19.0830 6364  [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
18:06:19.0830 6364  C:\Windows\System32\wdi.dll - ok
18:06:19.0836 6364  [ 93221146D4EBBF314C29B23CD6CC391D ] C:\Windows\System32\wpdbusenum.dll
18:06:19.0836 6364  C:\Windows\System32\wpdbusenum.dll - ok
18:06:19.0841 6364  [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
18:06:19.0841 6364  C:\Windows\System32\Apphlpdm.dll - ok
18:06:19.0847 6364  [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
18:06:19.0847 6364  C:\Windows\System32\PortableDeviceApi.dll - ok
18:06:19.0852 6364  [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
18:06:19.0852 6364  C:\Windows\System32\perftrack.dll - ok
18:06:19.0856 6364  [ 4449D23E8F197862F1B16F1E6C89C36C ] C:\Windows\System32\diagperf.dll
18:06:19.0856 6364  C:\Windows\System32\diagperf.dll - ok
18:06:19.0913 6364  [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll
18:06:19.0913 6364  C:\Windows\System32\umb.dll - ok
18:06:19.0919 6364  [ CD4F7B90CB09831BCDEDE0A206CCDB35 ] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
18:06:19.0919 6364  C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe - ok
18:06:19.0925 6364  [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
18:06:19.0925 6364  C:\Windows\System32\pnpts.dll - ok
18:06:19.0932 6364  [ E811F8510B133E70CF6E509FB809824F ] C:\Windows\System32\wdiasqmmodule.dll
18:06:19.0932 6364  C:\Windows\System32\wdiasqmmodule.dll - ok
18:06:19.0938 6364  [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
18:06:19.0938 6364  C:\Windows\System32\aepic.dll - ok
18:06:19.0943 6364  [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
18:06:19.0943 6364  C:\Windows\System32\npmproxy.dll - ok
18:06:19.0948 6364  [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
18:06:19.0948 6364  C:\Windows\System32\radardt.dll - ok
18:06:19.0956 6364  [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
18:06:19.0956 6364  C:\Windows\System32\sfc.dll - ok
18:06:19.0960 6364  [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
18:06:19.0960 6364  C:\Windows\System32\sfc_os.dll - ok
18:06:19.0968 6364  [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
18:06:19.0968 6364  C:\Windows\System32\PortableDeviceConnectApi.dll - ok
18:06:19.0973 6364  [ DDA4CAF29D8C0A297F886BFE561E6659 ] C:\Windows\System32\drivers\WUDFRd.sys
18:06:19.0973 6364  C:\Windows\System32\drivers\WUDFRd.sys - ok
18:06:19.0977 6364  [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\SysWOW64\mscoree.dll
18:06:19.0977 6364  C:\Windows\SysWOW64\mscoree.dll - ok
18:06:19.0982 6364  [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\SysWOW64\comdlg32.dll
18:06:19.0982 6364  C:\Windows\SysWOW64\comdlg32.dll - ok
18:06:19.0987 6364  [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
18:06:19.0987 6364  C:\Windows\SysWOW64\msimg32.dll - ok
18:06:19.0992 6364  [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\SysWOW64\winspool.drv
18:06:19.0992 6364  C:\Windows\SysWOW64\winspool.drv - ok
18:06:19.0997 6364  [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\SysWOW64\winmm.dll
18:06:19.0997 6364  C:\Windows\SysWOW64\winmm.dll - ok
18:06:20.0001 6364  [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\SysWOW64\oledlg.dll
18:06:20.0002 6364  C:\Windows\SysWOW64\oledlg.dll - ok
18:06:20.0006 6364  [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
18:06:20.0006 6364  C:\Windows\SysWOW64\dwmapi.dll - ok
18:06:20.0011 6364  [ 96C70BD48D49B87475F4572DEDC62EB9 ] C:\Windows\AppPatch\AcLayers.dll
18:06:20.0011 6364  C:\Windows\AppPatch\AcLayers.dll - ok
18:06:20.0016 6364  [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
18:06:20.0016 6364  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
18:06:20.0057 6364  [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
18:06:20.0057 6364  C:\Windows\System32\runonce.exe - ok
18:06:20.0063 6364  [ BF85366B209DFC11BAB31380C7C47E31 ] C:\Program Files (x86)\Dell DataSafe Local Backup\RPLaunch.exe
18:06:20.0063 6364  C:\Program Files (x86)\Dell DataSafe Local Backup\RPLaunch.exe - ok
18:06:20.0069 6364  [ 49ACA548B2423F1C67898E6AC719A9A6 ] C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
18:06:20.0069 6364  C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll - ok
18:06:20.0074 6364  [ 42EBC2ECBB81A0FFE720601500760C7E ] C:\Program Files (x86)\Dell DataSafe Local Backup\SetMUILanguage.exe
18:06:20.0074 6364  C:\Program Files (x86)\Dell DataSafe Local Backup\SetMUILanguage.exe - ok
18:06:20.0080 6364  [ 37B6EBA4E783A0B25F3FE05EF86722CB ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
18:06:20.0080 6364  C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
18:06:20.0086 6364  [ 47AC56BC5FA5D41F73940A02686627CB ] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STSCheduler.dll
18:06:20.0086 6364  C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STSCheduler.dll - ok
18:06:20.0091 6364  [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
18:06:20.0091 6364  C:\Windows\SysWOW64\runonce.exe - ok
18:06:20.0097 6364  [ 60F4AEFA103D421EA4A40E31409B4756 ] C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
18:06:20.0097 6364  C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll - ok
18:06:20.0102 6364  [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
18:06:20.0102 6364  C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
18:06:20.0106 6364  [ 09890A2F032B138A74B5DF2C1233FB1D ] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
18:06:20.0107 6364  C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe - ok
18:06:20.0111 6364  [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
18:06:20.0111 6364  C:\Windows\SysWOW64\sfc.dll - ok
18:06:20.0116 6364  [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
18:06:20.0116 6364  C:\Windows\SysWOW64\sfc_os.dll - ok
18:06:20.0121 6364  [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
18:06:20.0121 6364  C:\Windows\System32\NapiNSP.dll - ok
18:06:20.0126 6364  [ 162D247E995EAEBF3EF4289069E1111C ] C:\Windows\SysWOW64\devrtl.dll
18:06:20.0126 6364  C:\Windows\SysWOW64\devrtl.dll - ok
18:06:20.0131 6364  [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
18:06:20.0131 6364  C:\Windows\System32\pnrpnsp.dll - ok
18:06:20.0137 6364  [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
18:06:20.0137 6364  C:\Windows\System32\winrnr.dll - ok
18:06:20.0141 6364  [ AB886378EEB55C6C75B4F2D14B6C869F ] C:\Windows\System32\drivers\WUDFPf.sys
18:06:20.0141 6364  C:\Windows\System32\drivers\WUDFPf.sys - ok
18:06:20.0146 6364  [ 33A77D477EF9D7A5C65A950129DF2E47 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
18:06:20.0146 6364  C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll - ok
18:06:20.0151 6364  [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
18:06:20.0151 6364  C:\Windows\System32\dimsjob.dll - ok
18:06:20.0169 6364  [ B20F051B03A966392364C83F009F7D17 ] C:\Windows\System32\WUDFSvc.dll
18:06:20.0170 6364  C:\Windows\System32\WUDFSvc.dll - ok
18:06:20.0174 6364  [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll
18:06:20.0174 6364  C:\Windows\System32\pautoenr.dll - ok
18:06:20.0179 6364  [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\SysWOW64\cmd.exe
18:06:20.0179 6364  C:\Windows\SysWOW64\cmd.exe - ok
18:06:20.0184 6364  [ 94DFBB481BF51158B216E23C5C1C9D6E ] C:\Windows\System32\certcli.dll
18:06:20.0184 6364  C:\Windows\System32\certcli.dll - ok
18:06:20.0189 6364  [ 8ABFE00F213F2571498F1B8FD7939A98 ] C:\Windows\System32\WUDFHost.exe
18:06:20.0189 6364  C:\Windows\System32\WUDFHost.exe - ok
18:06:20.0193 6364  [ 263B26106606A010CF877472B535E4BB ] C:\Windows\System32\CertEnroll.dll
18:06:20.0193 6364  C:\Windows\System32\CertEnroll.dll - ok
18:06:20.0198 6364  [ 6E9E439517D89EDC9A6CB1E94489620A ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
18:06:20.0198 6364  C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll - ok
18:06:20.0203 6364  [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
18:06:20.0203 6364  C:\Windows\SysWOW64\riched20.dll - ok
18:06:20.0208 6364  [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
18:06:20.0208 6364  C:\Windows\SysWOW64\bcrypt.dll - ok
18:06:20.0212 6364  [ BF6D6ED5FADCEEE885BD0144ECF1BA27 ] C:\Windows\SysWOW64\ncrypt.dll
18:06:20.0212 6364  C:\Windows\SysWOW64\ncrypt.dll - ok
18:06:20.0217 6364  [ 1BCDB508143B517F21BBDAC10F5777BF ] C:\Windows\System32\conhost.exe
18:06:20.0218 6364  C:\Windows\System32\conhost.exe - ok
18:06:20.0222 6364  [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
18:06:20.0222 6364  C:\Windows\SysWOW64\bcryptprimitives.dll - ok
18:06:20.0227 6364  [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
18:06:20.0227 6364  C:\Windows\SysWOW64\gpapi.dll - ok
18:06:20.0230 6364  [ 7B851A8018B1EA00A69707A390004884 ] C:\Windows\SysWOW64\cryptnet.dll
18:06:20.0230 6364  C:\Windows\SysWOW64\cryptnet.dll - ok
18:06:20.0235 6364  [ 09A116FB06C5E362EF8938D29CDAB27B ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
18:06:20.0235 6364  C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
18:06:20.0240 6364  [ 780836BB63852990382DF27DE7FEFD20 ] C:\Windows\System32\bcdedit.exe
18:06:20.0240 6364  C:\Windows\System32\bcdedit.exe - ok
18:06:20.0244 6364  [ 25AE683DCB4AE7E6F1B193A0CB9DB35F ] C:\Windows\System32\WUDFx.dll
18:06:20.0244 6364  C:\Windows\System32\WUDFx.dll - ok
18:06:20.0249 6364  [ D144849E9B48A7DFB942281ED7EDB1C1 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
18:06:20.0249 6364  C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll - ok
18:06:20.0255 6364  [ 91D6F0AB79AA36FFB932157865206F35 ] C:\Windows\System32\drivers\UMDF\WpdFs.dll
18:06:20.0255 6364  C:\Windows\System32\drivers\UMDF\WpdFs.dll - ok
18:06:20.0259 6364  [ 9864D52F15AD32094A636C6B5281D9E7 ] C:\Windows\System32\WMVCORE.DLL
18:06:20.0259 6364  C:\Windows\System32\WMVCORE.DLL - ok
18:06:20.0288 6364  [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
18:06:20.0288 6364  C:\Windows\SysWOW64\winbrand.dll - ok
18:06:20.0293 6364  [ 1F05F5A16881CD928C82D53CEFCF4477 ] C:\Windows\SysWOW64\shdocvw.dll
18:06:20.0293 6364  C:\Windows\SysWOW64\shdocvw.dll - ok
18:06:20.0298 6364  [ AACC48FE239F0DF126DA2F28930A5B83 ] C:\Windows\System32\WMASF.DLL
18:06:20.0298 6364  C:\Windows\System32\WMASF.DLL - ok
18:06:20.0304 6364  [ 389CA818132C1D7DCF0C791E8D9035DE ] C:\Windows\System32\PortableDeviceClassExtension.dll
18:06:20.0304 6364  C:\Windows\System32\PortableDeviceClassExtension.dll - ok
18:06:20.0309 6364  [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
18:06:20.0309 6364  C:\Windows\System32\PortableDeviceTypes.dll - ok
18:06:20.0314 6364  [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\Jerry\AppData\Local\Temp\35D6C608-CA77-4EC6-8D32-9EC1445A6D0B.exe
18:06:20.0314 6364  C:\Users\Jerry\AppData\Local\Temp\35D6C608-CA77-4EC6-8D32-9EC1445A6D0B.exe - ok
18:06:20.0319 6364  [ 69313294C5FF9A2B3FA4151EE1075376 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll
18:06:20.0320 6364  C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll - ok
18:06:20.0324 6364  [ 4FD693D4B9AA64EE32BAA9B8D9956ACF ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
18:06:20.0324 6364  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll - ok
18:06:20.0329 6364  [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
18:06:20.0329 6364  C:\Windows\System32\aelupsvc.dll - ok
18:06:20.0335 6364  [ 38E856803B092BFC3CB76C3B6CA7EF48 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\585b8f6cc7ba86886462d0dc9753c98f\PresentationCore.ni.dll
18:06:20.0335 6364  C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\585b8f6cc7ba86886462d0dc9753c98f\PresentationCore.ni.dll - ok
18:06:20.0340 6364  [ F8DC1D804DA4438A3F4FBF353565FF51 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
18:06:20.0340 6364  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll - ok
18:06:20.0345 6364  [ 677A1C1B0F254EC918D84A7FE29274CA ] C:\Windows\System32\ieframe.dll
18:06:20.0345 6364  C:\Windows\System32\ieframe.dll - ok
18:06:20.0347 6364  [ A0617B5753E31126AD29C03154F4F329 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
18:06:20.0347 6364  C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok
18:06:20.0353 6364  [ 3D7D2E825C63FF501E896CF008C70D75 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
18:06:20.0353 6364  C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe - ok
18:06:20.0358 6364  [ FAE5BECF6A2BAEEA3AFC9974F17A088F ] C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\930e99b2f62cea8c4aa070527d15f748\PresentationFramework.ni.dll
18:06:20.0358 6364  C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\930e99b2f62cea8c4aa070527d15f748\PresentationFramework.ni.dll - ok
18:06:20.0363 6364  [ C1B5307377C98F87E0152C44E9FF8DEE ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
18:06:20.0363 6364  C:\Windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll - ok
18:06:20.0366 6364  [ 24FCC3CDAE327F632CB8696E1E40F772 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
18:06:20.0366 6364  C:\Windows\Microsoft.NET\Framework\v2.0.50727\alink.dll - ok
18:06:20.0372 6364  [ E955300DF949977878C705EC8681009A ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
18:06:20.0372 6364  C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll - ok
18:06:20.0376 6364  [ ED797D8DC2C92401985D162E42FFA450 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
18:06:20.0376 6364  C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe - ok
18:06:20.0381 6364  [ 9108540E866F75C7AF2B91DD921A8091 ] C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
18:06:20.0381 6364  C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll - ok
18:06:20.0386 6364  [ FB4045578F5180BDB1963AB352B78548 ] C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
18:06:20.0386 6364  C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll - ok
18:06:20.0398 6364  [ 396889142BD839DB8A055A0BE0AD2F79 ] C:\Windows\System32\mshtml.dll
18:06:20.0398 6364  C:\Windows\System32\mshtml.dll - ok
18:06:20.0403 6364  [ 5B2E4E90C04FB9AE9F2C5E99FF59B283 ] C:\Windows\SysWOW64\WindowsCodecs.dll
18:06:20.0403 6364  C:\Windows\SysWOW64\WindowsCodecs.dll - ok
18:06:20.0408 6364  [ 8DFB5078508924FA725C203CE179B10C ] C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
18:06:20.0408 6364  C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll - ok
18:06:20.0413 6364  [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
18:06:20.0413 6364  C:\Windows\SysWOW64\EhStorShell.dll - ok
18:06:20.0419 6364  [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\SysWOW64\ntshrui.dll
18:06:20.0419 6364  C:\Windows\SysWOW64\ntshrui.dll - ok
18:06:20.0423 6364  [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
18:06:20.0423 6364  C:\Windows\SysWOW64\slc.dll - ok
18:06:20.0430 6364  [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
18:06:20.0430 6364  C:\Windows\SysWOW64\imageres.dll - ok
18:06:20.0435 6364  [ E0E5BB58A4C43F7DBB83352785F32DEF ] C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
18:06:20.0435 6364  C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll - ok
18:06:20.0441 6364  [ DD6F9A0B7E9C2172A9388050684524C9 ] C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll
18:06:20.0441 6364  C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll - ok
18:06:20.0446 6364  [ 523CF74A52C9A1762DA8B83AEE734498 ] C:\Windows\SysWOW64\IconCodecService.dll
18:06:20.0446 6364  C:\Windows\SysWOW64\IconCodecService.dll - ok
18:06:20.0450 6364  [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
18:06:20.0451 6364  C:\Windows\System32\mlang.dll - ok
18:06:20.0455 6364  [ B3CE0951E3C1EA3C733573C472EE85F9 ] C:\Windows\System32\msimtf.dll
18:06:20.0455 6364  C:\Windows\System32\msimtf.dll - ok
18:06:20.0460 6364  [ 5A7FA01EEC393A3E0D0F3EBAA1FD959E ] C:\Windows\System32\jscript9.dll
18:06:20.0460 6364  C:\Windows\System32\jscript9.dll - ok
18:06:20.0465 6364  [ 112183DF91C9BAECB498E4A86ECDE598 ] C:\Windows\System32\msls31.dll
18:06:20.0465 6364  C:\Windows\System32\msls31.dll - ok
18:06:20.0470 6364  [ F705A150AC0E691FA866FD0947229CB5 ] C:\Program Files (x86)\Dell DataSafe Local Backup\DsProtectionIndex.dll
18:06:20.0470 6364  C:\Program Files (x86)\Dell DataSafe Local Backup\DsProtectionIndex.dll - ok
18:06:20.0475 6364  [ 6EF5F3F18413C367195F06E503AB86A6 ] C:\Windows\SysWOW64\d3d9.dll
18:06:20.0475 6364  C:\Windows\SysWOW64\d3d9.dll - ok
18:06:20.0479 6364  [ 7E8A672B7B06A6EB11960C22E0360C59 ] C:\Windows\System32\d2d1.dll
18:06:20.0479 6364  C:\Windows\System32\d2d1.dll - ok
18:06:20.0485 6364  [ 77B1471A490B53B24EFE136F09F76550 ] C:\Windows\SysWOW64\d3d8thk.dll
18:06:20.0485 6364  C:\Windows\SysWOW64\d3d8thk.dll - ok
18:06:20.0490 6364  [ F5ECEAF5132D00B3DA565DBDD14E430F ] C:\Windows\SysWOW64\igdumdx32.dll
18:06:20.0490 6364  C:\Windows\SysWOW64\igdumdx32.dll - ok
18:06:20.0494 6364  [ F58E87DE0F2855BAE62EED30D306358D ] C:\Windows\SysWOW64\igdumd32.dll
18:06:20.0494 6364  C:\Windows\SysWOW64\igdumd32.dll - ok
18:06:20.0782 6364  [ DD85F00EC31F77315AE992B7B0411D65 ] C:\Windows\System32\DWrite.dll
18:06:20.0782 6364  C:\Windows\System32\DWrite.dll - ok
18:06:20.0787 6364  [ C498EF41B93986BCBD483597573EB96D ] C:\Windows\System32\d3d10warp.dll
18:06:20.0787 6364  C:\Windows\System32\d3d10warp.dll - ok
18:06:20.0793 6364  [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\SysWOW64\powrprof.dll
18:06:20.0793 6364  C:\Windows\SysWOW64\powrprof.dll - ok
18:06:20.0799 6364  [ 6C885DD270446B351257FF0216AB1586 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
18:06:20.0799 6364  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll - ok
18:06:20.0805 6364  [ A2E8CDB3F2AF5235C732D3DD563A31D0 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
18:06:20.0805 6364  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll - ok
18:06:20.0811 6364  [ 93404139C96D29853338CA68F26513CA ] C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
18:06:20.0811 6364  C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll - ok
18:06:20.0817 6364  [ 019BDD35DE269CB98B22DE8923C2AA3B ] C:\Windows\System32\UIAutomationCore.dll
18:06:20.0817 6364  C:\Windows\System32\UIAutomationCore.dll - ok
18:06:20.0820 6364  [ 5E5BAFFB6E2ECEC1BE96ACFAA099F42F ] C:\Program Files (x86)\Dell DataSafe Local Backup\STUICore.dll
18:06:20.0820 6364  C:\Program Files (x86)\Dell DataSafe Local Backup\STUICore.dll - ok
18:06:20.0824 6364  [ CF636C92B762B26F0B39B38E92380A09 ] C:\Windows\System32\oleacc.dll
18:06:20.0824 6364  C:\Windows\System32\oleacc.dll - ok
18:06:20.0830 6364  [ 9B921EE0B5D5ACF67583E3D4B6B829C5 ] C:\Windows\System32\Macromed\Flash\Flash64_11_8_800_94.ocx
18:06:20.0830 6364  C:\Windows\System32\Macromed\Flash\Flash64_11_8_800_94.ocx - ok
18:06:20.0835 6364  [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
18:06:20.0835 6364  C:\Windows\System32\msimg32.dll - ok
18:06:20.0840 6364  [ 6E42D6759EF29A36BA321823494CCB35 ] C:\Windows\System32\dinput8.dll
18:06:20.0840 6364  C:\Windows\System32\dinput8.dll - ok
18:06:20.0844 6364  [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll
18:06:20.0844 6364  C:\Windows\System32\mscms.dll - ok
18:06:20.0850 6364  [ FC6B4D5450871A4D5CB344AFF6C090EF ] C:\Windows\System32\dxtrans.dll
18:06:20.0850 6364  C:\Windows\System32\dxtrans.dll - ok
18:06:20.0854 6364  [ 4938A4350327E1A5DEB0CD134AC1AAA3 ] C:\Windows\System32\ddrawex.dll
18:06:20.0854 6364  C:\Windows\System32\ddrawex.dll - ok
18:06:20.0859 6364  [ A6C09924C6730DE8DEED9890A12AA691 ] C:\Windows\System32\ddraw.dll
18:06:20.0859 6364  C:\Windows\System32\ddraw.dll - ok
18:06:20.0864 6364  [ 29C22748937F45C26590909E9F8E7137 ] C:\Windows\System32\dciman32.dll
18:06:20.0864 6364  C:\Windows\System32\dciman32.dll - ok
18:06:20.0869 6364  [ 45CFBFA8EDC3DF4E2B7FB0D0260FE051 ] C:\Windows\System32\localspl.dll
18:06:20.0869 6364  C:\Windows\System32\localspl.dll - ok
18:06:20.0873 6364  [ 04CB7C8FDC6D9640DD82A527208F72C4 ] C:\Windows\System32\UIAnimation.dll
18:06:20.0873 6364  C:\Windows\System32\UIAnimation.dll - ok
18:06:21.0078 6364  [ 8695F261BC22030E893EEDA1D2107514 ] C:\Windows\System32\hpinksts8711LM.dll
18:06:21.0078 6364  C:\Windows\System32\hpinksts8711LM.dll - ok
18:06:21.0084 6364  [ C5AC93CF3BA30D367FB49148A2B673B9 ] C:\Windows\System32\PrintIsolationProxy.dll
18:06:21.0084 6364  C:\Windows\System32\PrintIsolationProxy.dll - ok
18:06:21.0089 6364  [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
18:06:21.0089 6364  C:\Windows\System32\spoolss.dll - ok
18:06:21.0093 6364  [ 19E41CCCEE697CC9465396B370929792 ] C:\Windows\System32\FXSMON.dll
18:06:21.0093 6364  C:\Windows\System32\FXSMON.dll - ok
18:06:21.0098 6364  [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
18:06:21.0098 6364  C:\Windows\System32\tcpmon.dll - ok
18:06:21.0103 6364  [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
18:06:21.0103 6364  C:\Windows\System32\snmpapi.dll - ok
18:06:21.0108 6364  [ FFF9D00CF16397C64317F213484F94BD ] C:\Windows\System32\wsnmp32.dll
18:06:21.0108 6364  C:\Windows\System32\wsnmp32.dll - ok
18:06:21.0112 6364  [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
18:06:21.0112 6364  C:\Windows\System32\usbmon.dll - ok
18:06:21.0117 6364  [ F1B205F932F62F94506A5F332C895DAF ] C:\Windows\System32\WSDApi.dll
18:06:21.0117 6364  C:\Windows\System32\WSDApi.dll - ok
18:06:21.0122 6364  [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
18:06:21.0122 6364  C:\Windows\System32\WSDMon.dll - ok
18:06:21.0126 6364  [ C55516D98DD5D8F0153C2A9B4227DA86 ] C:\Windows\System32\webservices.dll
18:06:21.0126 6364  C:\Windows\System32\webservices.dll - ok
18:06:21.0132 6364  [ 1D626FE2E13C1CE49CA0136CFF214E93 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
18:06:21.0132 6364  C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
18:06:21.0136 6364  [ 67CF11E00D026A5C0C88EA5F84D501E5 ] C:\Windows\System32\win32spl.dll
18:06:21.0136 6364  C:\Windows\System32\win32spl.dll - ok
18:06:21.0141 6364  [ 507D5567A0A4EE86C4B0CE2CE1777025 ] C:\Windows\System32\inetpp.dll
18:06:21.0141 6364  C:\Windows\System32\inetpp.dll - ok
18:06:21.0145 6364  [ 7EC25F7ABF7CE6B0FE93787524EE537B ] C:\Windows\System32\dxtmsft.dll
18:06:21.0146 6364  C:\Windows\System32\dxtmsft.dll - ok
18:06:21.0151 6364  [ C09F54D9E156E6903AF2E6722D720ED3 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\9e38ddbb3a90cc3e782a0640788b1fcb\System.Core.ni.dll
18:06:21.0151 6364  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\9e38ddbb3a90cc3e782a0640788b1fcb\System.Core.ni.dll - ok
18:06:21.0156 6364  [ F1C19F0AA151B90A7416FA1D50DDB582 ] C:\Windows\System32\WindowsCodecsExt.dll
18:06:21.0156 6364  C:\Windows\System32\WindowsCodecsExt.dll - ok
18:06:21.0160 6364  [ 22A0AE97360C1B146FDD9AA55AC0E989 ] C:\Windows\System32\shdocvw.dll
18:06:21.0160 6364  C:\Windows\System32\shdocvw.dll - ok
18:06:21.0165 6364  [ DC220AE6F64819099F7EBD6F137E32E7 ] C:\Windows\System32\AudioSes.dll
18:06:21.0165 6364  C:\Windows\System32\AudioSes.dll - ok
18:06:21.0170 6364  [ A1D91A4C75AD34849DF223B8D11E4D59 ] C:\Windows\System32\MBTHX64.dll
18:06:21.0170 6364  C:\Windows\System32\MBTHX64.dll - ok
18:06:21.0175 6364  [ E877D921A20E311F0627A48EEFAB1849 ] C:\Windows\System32\MBWrp64.dll
18:06:21.0175 6364  C:\Windows\System32\MBWrp64.dll - ok
18:06:21.0180 6364  [ 9FA8752358E1F6C5C7DBC48F3B025F2F ] C:\Windows\System32\MBAPO64.dll
18:06:21.0180 6364  C:\Windows\System32\MBAPO64.dll - ok
18:06:21.0185 6364  [ BBAEA44775912F5929F5EC0083A11380 ] C:\Windows\System32\RtkAPO64.dll
18:06:21.0185 6364  C:\Windows\System32\RtkAPO64.dll - ok
18:06:21.0189 6364  [ 6F3C559B82F2912354BE5B098744CC8C ] C:\Windows\System32\WMALFXGFXDSP.dll
18:06:21.0189 6364  C:\Windows\System32\WMALFXGFXDSP.dll - ok
18:06:21.0194 6364  [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll
18:06:21.0194 6364  C:\Windows\System32\mfplat.dll - ok
18:06:21.0199 6364  [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
18:06:21.0199 6364  C:\Windows\System32\AudioEng.dll - ok
18:06:21.0204 6364  [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
18:06:21.0204 6364  C:\Windows\System32\AUDIOKSE.dll - ok
18:06:21.0207 6364  [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
18:06:21.0207 6364  C:\Windows\System32\ksuser.dll - ok
18:06:21.0212 6364  [ 4C3DAEE652B005B483F16B8E9131C99D ] C:\Windows\System32\d3d9.dll
18:06:21.0212 6364  C:\Windows\System32\d3d9.dll - ok
18:06:21.0217 6364  [ 3044D07ABDF4BBEA27E2EE7B1E0C0C65 ] C:\Windows\System32\d3d8thk.dll
18:06:21.0217 6364  C:\Windows\System32\d3d8thk.dll - ok
18:06:21.0221 6364  [ 0ADC83218B66A6DB380C330836F3E36D ] C:\Windows\System32\drivers\fastfat.sys
18:06:21.0221 6364  C:\Windows\System32\drivers\fastfat.sys - ok
18:06:21.0226 6364  [ 4CFBEC37E4FAD530E623E1541E1EA958 ] C:\Windows\System32\vbscript.dll
18:06:21.0226 6364  C:\Windows\System32\vbscript.dll - ok
18:06:21.0231 6364  [ 040B198DA82AC2C4DB22E088BBAFD10B ] C:\Windows\System32\t2embed.dll
18:06:21.0231 6364  C:\Windows\System32\t2embed.dll - ok
18:06:21.0236 6364  [ 5B15164486C66B76699E1CD2CD2F3A2A ] C:\Windows\System32\imgutil.dll
18:06:21.0236 6364  C:\Windows\System32\imgutil.dll - ok
18:06:21.0240 6364  [ 1EB82516F21F27EED1833B4F9FD9614E ] C:\Windows\System32\wmp.dll
18:06:21.0240 6364  C:\Windows\System32\wmp.dll - ok
18:06:21.0245 6364  [ FB10715E4099AF9FA389C71873245226 ] C:\Windows\System32\timedate.cpl
18:06:21.0245 6364  C:\Windows\System32\timedate.cpl - ok
18:06:21.0250 6364  [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll
18:06:21.0250 6364  C:\Windows\SysWOW64\mswsock.dll - ok
18:06:21.0255 6364  [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
18:06:21.0255 6364  C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
18:06:21.0259 6364  [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
18:06:21.0259 6364  C:\Windows\SysWOW64\wship6.dll - ok
18:06:21.0264 6364  [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll
18:06:21.0265 6364  C:\Windows\SysWOW64\dnsapi.dll - ok
18:06:21.0269 6364  [ 12B79422A23814429CDA9E734C58F78F ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
18:06:21.0269 6364  C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
18:06:21.0361 6364  [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
18:06:21.0361 6364  C:\Windows\SysWOW64\rasadhlp.dll - ok
18:06:21.0368 6364  [ E19AD0D49BFF5938B3E374873AC174DE ] C:\Windows\System32\wmploc.DLL
18:06:21.0368 6364  C:\Windows\System32\wmploc.DLL - ok
18:06:21.0373 6364  [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\SysWOW64\FWPUCLNT.DLL
18:06:21.0373 6364  C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
18:06:21.0378 6364  [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll
18:06:21.0378 6364  C:\Windows\System32\actxprxy.dll - ok
18:06:21.0384 6364  [ 1D296F090ED401967B30BD2B970DC306 ] C:\Windows\System32\icm32.dll
18:06:21.0384 6364  C:\Windows\System32\icm32.dll - ok
18:06:21.0389 6364  [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
18:06:21.0389 6364  C:\Windows\System32\linkinfo.dll - ok
18:06:21.0392 6364  [ 661CEEDE98A2E0E5CDD7DE239EB38353 ] C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll
18:06:21.0392 6364  C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll - ok
18:06:21.0397 6364  [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
18:06:21.0397 6364  C:\Windows\System32\msftedit.dll - ok
18:06:21.0402 6364  [ 7DBA84667DC18877AEF693E3543DFAD7 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
18:06:21.0402 6364  C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
18:06:21.0407 6364  [ 2BCBA6052374959A30BD7948444DBB79 ] C:\Windows\System32\gameux.dll
18:06:21.0407 6364  C:\Windows\System32\gameux.dll - ok
18:06:21.0411 6364  [ 307C54B0DA2E3705943E62C754D305BA ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
18:06:21.0411 6364  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe - ok
18:06:21.0417 6364  [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
18:06:21.0417 6364  C:\Windows\System32\DeviceCenter.dll - ok
18:06:21.0422 6364  [ 87A4570E9D15A2821015B7FB6B821654 ] C:\Windows\System32\igfxtray.exe
18:06:21.0422 6364  C:\Windows\System32\igfxtray.exe - ok
18:06:21.0426 6364  [ 842683D8F1A58A76E5A03DA35B4962EE ] C:\Windows\System32\hkcmd.exe
18:06:21.0426 6364  C:\Windows\System32\hkcmd.exe - ok
18:06:21.0431 6364  [ 99F8C1060BFB20D2039716BBF741D6C2 ] C:\Windows\System32\igfxpers.exe
18:06:21.0431 6364  C:\Windows\System32\igfxpers.exe - ok
18:06:21.0436 6364  [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
18:06:21.0436 6364  C:\Windows\System32\thumbcache.dll - ok
18:06:21.0441 6364  [ 812DD9FBA5EF2136AEF738CAA499D47C ] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
18:06:21.0441 6364  C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe - ok
18:06:21.0446 6364  [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
18:06:21.0446 6364  C:\Windows\System32\networkexplorer.dll - ok
18:06:21.0451 6364  [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv
18:06:21.0451 6364  C:\Windows\System32\wdmaud.drv - ok
18:06:21.0456 6364  [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
18:06:21.0456 6364  C:\Windows\System32\msiltcfg.dll - ok
18:06:21.0509 6364  [ 82BD1656314D2FA949A0E8522828F837 ] C:\Windows\System32\hccutils.dll
18:06:21.0509 6364  C:\Windows\System32\hccutils.dll - ok
18:06:21.0515 6364  [ 5EB6E9C8BE1ACC5830780E0F9A846255 ] C:\Windows\System32\msi.dll
18:06:21.0515 6364  C:\Windows\System32\msi.dll - ok
18:06:21.0521 6364  [ 7CB55ECF3860D14DEA2DED97461A08B0 ] C:\Windows\System32\igfxsrvc.exe
18:06:21.0521 6364  C:\Windows\System32\igfxsrvc.exe - ok
18:06:21.0526 6364  [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
18:06:21.0526 6364  C:\Windows\System32\msacm32.drv - ok
18:06:21.0531 6364  [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
18:06:21.0531 6364  C:\Windows\System32\msacm32.dll - ok
18:06:21.0537 6364  [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
18:06:21.0537 6364  C:\Windows\System32\midimap.dll - ok
18:06:21.0543 6364  [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\51553779.sys
18:06:21.0543 6364  C:\Windows\System32\drivers\51553779.sys - ok
18:06:21.0548 6364  [ 263E9A047D17CD50BAA9D3C02910D18D ] C:\Windows\System32\oledlg.dll
18:06:21.0548 6364  C:\Windows\System32\oledlg.dll - ok
18:06:21.0554 6364  [ 2C68D1CEAA96FE39E44B4979ACD6D9B3 ] C:\Program Files (x86)\Dell Stage\Dell Stage\libumajin.dll
18:06:21.0554 6364  C:\Program Files (x86)\Dell Stage\Dell Stage\libumajin.dll - ok
18:06:21.0559 6364  [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
18:06:21.0559 6364  C:\Windows\System32\stobject.dll - ok
18:06:21.0565 6364  [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
18:06:21.0565 6364  C:\Windows\System32\batmeter.dll - ok
18:06:21.0570 6364  [ 25107F58D1B8F60D67D1EE95798C0DE8 ] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
18:06:21.0570 6364  C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe - ok
18:06:21.0576 6364  [ AC6EE4B07B9A78B155DEE7529ACCE355 ] C:\Program Files (x86)\Dell Stage\Dell Stage\libmmd.dll
18:06:21.0576 6364  C:\Program Files (x86)\Dell Stage\Dell Stage\libmmd.dll - ok
18:06:21.0582 6364  [ 310BF2973A951EC302ED8F8E9B3AF056 ] C:\Windows\System32\RtkCfg64.dll
18:06:21.0583 6364  C:\Windows\System32\RtkCfg64.dll - ok
18:06:21.0588 6364  [ EBE1962DC5EEFC13D20543013A891ABC ] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
18:06:21.0588 6364  C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe - ok
18:06:21.0593 6364  [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
18:06:21.0593 6364  C:\Windows\System32\prnfldr.dll - ok
18:06:21.0599 6364  [ B95E9630242E2154A320F042EBF20DB1 ] C:\Windows\System32\igfxsrvc.dll
18:06:21.0599 6364  C:\Windows\System32\igfxsrvc.dll - ok
18:06:21.0604 6364  [ A7749965A3923D024922A86BAAECAFF4 ] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe
18:06:21.0604 6364  C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe - ok
18:06:21.0610 6364  [ 026E1B4D80750DC88357694443724729 ] C:\Windows\System32\igfxdev.dll
18:06:21.0610 6364  C:\Windows\System32\igfxdev.dll - ok
18:06:21.0618 6364  [ 4164A47F3A2DA7EA44572904C3DF44A4 ] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
18:06:21.0618 6364  C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe - ok
18:06:21.0624 6364  [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
18:06:21.0624 6364  C:\Windows\System32\DXP.dll - ok
18:06:21.0629 6364  [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
18:06:21.0629 6364  C:\Windows\System32\Syncreg.dll - ok
18:06:21.0635 6364  [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
18:06:21.0635 6364  C:\Windows\SysWOW64\ExplorerFrame.dll - ok
18:06:21.0640 6364  [ D658AB1B55127D18DCFBCAC8CAAEA522 ] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
18:06:21.0640 6364  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe - ok
18:06:21.0646 6364  [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
18:06:21.0646 6364  C:\Windows\ehome\ehSSO.dll - ok
18:06:21.0652 6364  [ 53EDBE9C1D6B0CEC11A573852B5B6DAD ] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
18:06:21.0652 6364  C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe - ok
18:06:21.0657 6364  [ D5A787E18D3C67894CDAC0A81D617DB4 ] C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll
18:06:21.0657 6364  C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll - ok
18:06:21.0663 6364  [ B77081F8221968C7DAB794B0BA55C43E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
18:06:21.0663 6364  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe - ok
18:06:21.0669 6364  [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
18:06:21.0669 6364  C:\Windows\System32\AltTab.dll - ok
18:06:21.0673 6364  [ 4E8E3880A3E0632AA5C8F7EF8B37E2B2 ] C:\Windows\System32\GfxUI.exe
18:06:21.0673 6364  C:\Windows\System32\GfxUI.exe - ok
18:06:21.0678 6364  [ 135255E6557AD2B342A4BB4D892AE2DB ] C:\Windows\System32\igfxrenu.lrc
18:06:21.0678 6364  C:\Windows\System32\igfxrenu.lrc - ok
18:06:21.0683 6364  [ 48BE298F7FD1BEF4D8FBACB04D8D95C4 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
18:06:21.0683 6364  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
18:06:21.0688 6364  [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
18:06:21.0688 6364  C:\Windows\System32\WPDShServiceObj.dll - ok
18:06:21.0894 6364  [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
18:06:21.0894 6364  C:\Windows\System32\pnidui.dll - ok
18:06:21.0906 6364  [ E0B340996A41C9A75DFA3B99BBA9C500 ] C:\Windows\System32\SearchIndexer.exe
18:06:21.0906 6364  C:\Windows\System32\SearchIndexer.exe - ok
18:06:21.0910 6364  [ A08C010D859F8EB42BDD7E1D55B8CA27 ] C:\Windows\System32\mscoree.dll
18:06:21.0910 6364  C:\Windows\System32\mscoree.dll - ok
18:06:21.0915 6364  [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
18:06:21.0915 6364  C:\Windows\SysWOW64\duser.dll - ok
18:06:21.0920 6364  [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
18:06:21.0920 6364  C:\Windows\SysWOW64\dui70.dll - ok
18:06:21.0925 6364  [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
18:06:21.0925 6364  C:\Windows\System32\QUTIL.DLL - ok
18:06:21.0930 6364  [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
18:06:21.0930 6364  C:\Windows\System32\srchadmin.dll - ok
18:06:21.0935 6364  [ 92DBF0A4C9239169010FC6E07859C82E ] C:\Windows\System32\ActionCenter.dll
18:06:21.0935 6364  C:\Windows\System32\ActionCenter.dll - ok
18:06:21.0940 6364  [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl
18:06:21.0940 6364  C:\Windows\System32\bthprops.cpl - ok
18:06:21.0944 6364  [ 2ECD9D9087DC15E7AAD130883E665219 ] C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll
18:06:21.0944 6364  C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll - ok
18:06:21.0949 6364  [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\SysWOW64\msacm32.dll
18:06:21.0950 6364  C:\Windows\SysWOW64\msacm32.dll - ok
18:06:21.0954 6364  [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
18:06:21.0954 6364  C:\Windows\System32\rasdlg.dll - ok
18:06:21.0959 6364  [ D1BBE227367ED791D5FCF08E132D2956 ] C:\Windows\SysWOW64\opengl32.dll
18:06:21.0959 6364  C:\Windows\SysWOW64\opengl32.dll - ok
18:06:21.0964 6364  [ DE3897365B04C4DA1CF8FF725577C082 ] C:\Windows\SysWOW64\glu32.dll
18:06:21.0964 6364  C:\Windows\SysWOW64\glu32.dll - ok
18:06:21.0968 6364  [ 198552AEFECA69D646867EC8D792DE95 ] C:\Windows\SysWOW64\ddraw.dll
18:06:21.0968 6364  C:\Windows\SysWOW64\ddraw.dll - ok
18:06:21.0973 6364  [ 55E5B32AE8D1F51A63C82919656FD275 ] C:\Windows\SysWOW64\dciman32.dll
18:06:21.0973 6364  C:\Windows\SysWOW64\dciman32.dll - ok
18:06:21.0978 6364  [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2 ] C:\Windows\System32\dot3api.dll
18:06:21.0978 6364  C:\Windows\System32\dot3api.dll - ok
18:06:21.0983 6364  [ 589DF683A6C81424A6CECE52ABF98A50 ] C:\Windows\System32\tquery.dll
18:06:21.0983 6364  C:\Windows\System32\tquery.dll - ok
18:06:21.0988 6364  [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
18:06:21.0988 6364  C:\Windows\System32\wlanhlp.dll - ok
18:06:21.0993 6364  [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
18:06:21.0993 6364  C:\Windows\System32\wlanapi.dll - ok
18:06:21.0999 6364  [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
18:06:21.0999 6364  C:\Windows\System32\wlanutil.dll - ok
18:06:22.0194 6364  [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll
18:06:22.0194 6364  C:\Windows\System32\onex.dll - ok
18:06:22.0200 6364  [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Windows\SysWOW64\msvcp71.dll
18:06:22.0200 6364  C:\Windows\SysWOW64\msvcp71.dll - ok
18:06:22.0205 6364  [ 8504944851DF6175CC489A8F3328459E ] C:\Windows\SysWOW64\d3d10.dll
18:06:22.0205 6364  C:\Windows\SysWOW64\d3d10.dll - ok
18:06:22.0210 6364  [ 7568CC720ACE4D03B84AF97817E745EF ] C:\Windows\System32\mssrch.dll
18:06:22.0210 6364  C:\Windows\System32\mssrch.dll - ok
18:06:22.0215 6364  [ FB3F036EF6A467F7AF46C821FF5D198D ] C:\Windows\SysWOW64\d3d10core.dll
18:06:22.0215 6364  C:\Windows\SysWOW64\d3d10core.dll - ok
18:06:22.0220 6364  [ D4F264FE23F8953D840904418220C15E ] C:\Windows\SysWOW64\dxgi.dll
18:06:22.0220 6364  C:\Windows\SysWOW64\dxgi.dll - ok
18:06:22.0225 6364  [ AA794B099F776B37ACCDEAD00E0FBFC9 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
18:06:22.0225 6364  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
18:06:22.0230 6364  [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Windows\SysWOW64\msvcr71.dll
18:06:22.0230 6364  C:\Windows\SysWOW64\msvcr71.dll - ok
18:06:22.0235 6364  [ 6DE66FE7C526637E74CD066461C7C871 ] C:\Windows\SysWOW64\d3d11.dll
18:06:22.0235 6364  C:\Windows\SysWOW64\d3d11.dll - ok
18:06:22.0240 6364  [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
18:06:22.0240 6364  C:\Windows\System32\WWanAPI.dll - ok
18:06:22.0245 6364  [ B9E362680ADB83F0E0134F4567DBF656 ] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\LayoutDLL12OEM.dll
18:06:22.0245 6364  C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\LayoutDLL12OEM.dll - ok
18:06:22.0251 6364  [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
18:06:22.0251 6364  C:\Windows\System32\wwapi.dll - ok
18:06:22.0256 6364  [ C0FAAE8EC1B4760D3D04844F708DA0F0 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
18:06:22.0256 6364  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll - ok
18:06:22.0261 6364  [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL
18:06:22.0261 6364  C:\Windows\System32\QAGENT.DLL - ok
18:06:22.0266 6364  [ A51A7D0C82C93827532DF3B8FE7804EA ] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\CPSCommonTools12OEM.dll
18:06:22.0266 6364  C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\CPSCommonTools12OEM.dll - ok
18:06:22.0271 6364  [ DC5ECEA062C0633346B6D199FA2B578D ] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
18:06:22.0271 6364  C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe - ok
18:06:22.0276 6364  [ 3B1247FC09F82A1ECD1294EA13C79C3E ] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\roxippEMC12.dll
18:06:22.0276 6364  C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\roxippEMC12.dll - ok
18:06:22.0281 6364  [ A648AB50A6FE18002C762674F4E0F41C ] C:\Windows\SysWOW64\igd10umd32.dll
18:06:22.0281 6364  C:\Windows\SysWOW64\igd10umd32.dll - ok
18:06:22.0286 6364  [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
18:06:22.0286 6364  C:\Windows\System32\msidle.dll - ok
18:06:22.0379 6364  [ 58B8702C20DE211D1FCB248D2FDD71D1 ] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
18:06:22.0379 6364  C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe - ok
18:06:22.0383 6364  [ 53E81C75B3C260C8FE9FD9ED4D8DB8F0 ] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\AS_Storage_w32.dll
18:06:22.0383 6364  C:\Program Files (x86)\Roxio\OEM\Roxio Burn\AS_Storage_w32.dll - ok
18:06:22.0388 6364  [ 2C68D1CEAA96FE39E44B4979ACD6D9B3 ] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\libumajin.dll
18:06:22.0388 6364  C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\libumajin.dll - ok
18:06:22.0393 6364  [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
18:06:22.0393 6364  C:\Windows\System32\FXSST.dll - ok
18:06:22.0398 6364  [ E3C817F7FE44CC870ECDBCBC3EA36132 ] C:\Windows\SysWOW64\msvcp100.dll
18:06:22.0398 6364  C:\Windows\SysWOW64\msvcp100.dll - ok
18:06:22.0403 6364  [ 06A754FE28A06F780A099703CFCAAA22 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll
18:06:22.0403 6364  C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll - ok
18:06:22.0407 6364  [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
18:06:22.0407 6364  C:\Windows\System32\mssprxy.dll - ok
18:06:22.0414 6364  [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
18:06:22.0414 6364  C:\Windows\System32\FXSAPI.dll - ok
18:06:22.0419 6364  [ 885A88C268C23618AFB937F1ECE56A20 ] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUtil.dll
18:06:22.0419 6364  C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUtil.dll - ok
18:06:22.0425 6364  [ BF38660A9125935658CFA3E53FDC7D65 ] C:\Windows\SysWOW64\msvcr100.dll
18:06:22.0425 6364  C:\Windows\SysWOW64\msvcr100.dll - ok
18:06:22.0431 6364  [ CF8D43B5CE132414CC0667E9C5EB5574 ] C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\homepermitsconfig12OEM.dll
18:06:22.0431 6364  C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\homepermitsconfig12OEM.dll - ok
18:06:22.0437 6364  [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
18:06:22.0437 6364  C:\Windows\System32\FXSRESM.dll - ok
18:06:22.0443 6364  [ 3239D85375844BDAF869F787935D4352 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0149e914e4cfbde7da65d4558af19ce0\IAStorUtil.ni.dll
18:06:22.0444 6364  C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0149e914e4cfbde7da65d4558af19ce0\IAStorUtil.ni.dll - ok
18:06:22.0450 6364  [ 1BC8A289BFDE02DF0DA6C06689FA89C3 ] C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\homepermitsconfig13.dll
18:06:22.0450 6364  C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\homepermitsconfig13.dll - ok
18:06:22.0456 6364  [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
18:06:22.0456 6364  C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
18:06:22.0461 6364  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
18:06:22.0461 6364  C:\Windows\System32\FXSSVC.exe - ok
18:06:22.0467 6364  [ 837115C004022C7C9317848645D714FD ] C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\rsl.dll
18:06:22.0467 6364  C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\rsl.dll - ok
18:06:22.0472 6364  [ 1220595CABA75AB91A6B3FA3B89483CC ] C:\Windows\SysWOW64\snmpapi.dll
18:06:22.0472 6364  C:\Windows\SysWOW64\snmpapi.dll - ok
18:06:22.0477 6364  [ 6046C98205A35C2CEC330B15F88D4443 ] C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
18:06:22.0477 6364  C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll - ok
18:06:22.0498 6364  [ 5BD85ABB12E057257D9D93C0838ABC0B ] C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\rcsl.dll
18:06:22.0498 6364  C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\rcsl.dll - ok
18:06:22.0504 6364  [ 72E6BB97A33137004FAC46CA43938F6C ] C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SonicHTTPClient12OEM.dll
18:06:22.0504 6364  C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SonicHTTPClient12OEM.dll - ok
18:06:22.0508 6364  [ 7F9C912B2817076DC0C9C129C90D8914 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\88744044294787b99dd4a8704ab75a79\mscorlib.ni.dll
18:06:22.0508 6364  C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\88744044294787b99dd4a8704ab75a79\mscorlib.ni.dll - ok
18:06:22.0515 6364  [ E325D1DB76B13B33692D6318F67DC4EC ] C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SonicHTTPClient13.dll
18:06:22.0515 6364  C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SonicHTTPClient13.dll - ok
18:06:22.0520 6364  [ 132AB9DB9A673FC20EE2D786E8CEC447 ] C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SonicLicenseManager12OEM.dll
18:06:22.0520 6364  C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SonicLicenseManager12OEM.dll - ok
18:06:22.0525 6364  [ 8F17CA7CD61AF4602FC88647BAEA9F54 ] C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SonicLicenseManager13.dll
18:06:22.0525 6364  C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SonicLicenseManager13.dll - ok
18:06:22.0531 6364  [ AC6EE4B07B9A78B155DEE7529ACCE355 ] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\libmmd.dll
18:06:22.0531 6364  C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\libmmd.dll - ok
18:06:22.0536 6364  [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
18:06:22.0536 6364  C:\Windows\System32\en-US\tquery.dll.mui - ok
18:06:22.0541 6364  [ D5A787E18D3C67894CDAC0A81D617DB4 ] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
18:06:22.0541 6364  C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll - ok
18:06:22.0548 6364  [ 2ECD9D9087DC15E7AAD130883E665219 ] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
18:06:22.0548 6364  C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll - ok
18:06:22.0553 6364  [ 012787CEB35505EB78DF82E0A0072888 ] C:\Windows\System32\browcli.dll
18:06:22.0553 6364  C:\Windows\System32\browcli.dll - ok
18:06:22.0558 6364  [ C4BFE4B61086416B0529212F92BCE081 ] C:\Windows\System32\schedcli.dll
18:06:22.0558 6364  C:\Windows\System32\schedcli.dll - ok
18:06:22.0565 6364  [ F168869067FDF08BC6291988173B5025 ] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
18:06:22.0565 6364  C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe - ok
18:06:22.0570 6364  [ 807B6562009E5858C93E1C0F435C0382 ] C:\Windows\SysWOW64\netbios.dll
18:06:22.0571 6364  C:\Windows\SysWOW64\netbios.dll - ok
18:06:22.0575 6364  [ 8A525B8D583D067C5AAAC1AF5F91B89A ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System\af0a0b96a02f9925eb84392ee65a5cfa\System.ni.dll
18:06:22.0575 6364  C:\Windows\assembly\NativeImages_v2.0.50727_64\System\af0a0b96a02f9925eb84392ee65a5cfa\System.ni.dll - ok
18:06:22.0581 6364  [ 672D7C5080ACB003343006405DA2E621 ] C:\Windows\SysWOW64\thumbcache.dll
18:06:22.0581 6364  C:\Windows\SysWOW64\thumbcache.dll - ok
18:06:22.0585 6364  [ 101797BA603D227946B4B5109867EB19 ] C:\Windows\System32\SyncCenter.dll
18:06:22.0585 6364  C:\Windows\System32\SyncCenter.dll - ok
18:06:22.0590 6364  [ A63DC5C2EA944E6657203E0C8EDEAF61 ] C:\Windows\SysWOW64\dllhost.exe
18:06:22.0590 6364  C:\Windows\SysWOW64\dllhost.exe - ok
18:06:22.0595 6364  [ 27B9E163740A226B65E4B9E186117911 ] C:\Program Files\Windows Portable Devices\sqmapi.dll
18:06:22.0595 6364  C:\Program Files\Windows Portable Devices\sqmapi.dll - ok
18:06:22.0608 6364  [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\SysWOW64\shfolder.dll
18:06:22.0608 6364  C:\Windows\SysWOW64\shfolder.dll - ok
18:06:22.0619 6364  [ 97A8968A66F15FD3B2F09C6F56B2170D ] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IntelVisualDesign.dll
18:06:22.0619 6364  C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IntelVisualDesign.dll - ok
18:06:22.0624 6364  [ DC118ECD9EA6BC42DC36319C470636FF ] C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\ae3db946d20bb0ad28cf588eef06ecf0\WindowsBase.ni.dll
18:06:22.0624 6364  C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\ae3db946d20bb0ad28cf588eef06ecf0\WindowsBase.ni.dll - ok
18:06:22.0642 6364  [ 07DD9DCD1CC2840751A1F8772F3C0195 ] C:\Program Files\Microsoft Games\Chess\Chess.exe
18:06:22.0642 6364  C:\Program Files\Microsoft Games\Chess\Chess.exe - ok
18:06:22.0650 6364  [ 2C79A8AE1F9E71B870B1D946D1DF98E4 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\455f1bf19319ef1c59b3e0c1e45c1c9c\PresentationCore.ni.dll
18:06:22.0650 6364  C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\455f1bf19319ef1c59b3e0c1e45c1c9c\PresentationCore.ni.dll - ok
18:06:22.0673 6364  [ 5BC7D816D7BFDB7FAC84AB2B15A1593C ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e06dbdafb38c38517aef61ac41e2fd9d\System.Runtime.Remoting.ni.dll
18:06:22.0673 6364  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e06dbdafb38c38517aef61ac41e2fd9d\System.Runtime.Remoting.ni.dll - ok
18:06:22.0676 6364  [ 6F564F6B5A33A68425179372767773A6 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\90ad207864957bd667f551bdd1c39ada\PresentationFramework.ni.dll
18:06:22.0676 6364  C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\90ad207864957bd667f551bdd1c39ada\PresentationFramework.ni.dll - ok
18:06:22.0681 6364  [ 7B46A076184B73AEDC1A66A71D9131E8 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
18:06:22.0681 6364  C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll - ok
18:06:22.0687 6364  [ AE098D9D3BD83440C59A0C3386F4F5DD ] C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
18:06:22.0687 6364  C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll - ok
18:06:22.0692 6364  [ 7896EFFDEE215C172BE724A64931EF1C ] C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
18:06:22.0692 6364  C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll - ok
18:06:22.0698 6364  [ 6E656C325A5519A3A9D951709958CF6F ] C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll
18:06:22.0698 6364  C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll - ok
18:06:22.0701 6364  [ 1B1431D9520C7578AD5633ED2A70625F ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
18:06:22.0701 6364  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll - ok
18:06:22.0706 6364  [ D64D99EC088B54FFE8EE67A480386C20 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
18:06:22.0706 6364  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll - ok
18:06:22.0713 6364  [ A18C3579512D96D02C8BEC1400454BE8 ] C:\Windows\System32\gfxSrvc.dll
18:06:22.0713 6364  C:\Windows\System32\gfxSrvc.dll - ok
18:06:22.0719 6364  [ 90E03A12E4BAD479257ACB33E7BDE9DC ] C:\Windows\System32\IGFXDEVLib.dll
18:06:22.0719 6364  C:\Windows\System32\IGFXDEVLib.dll - ok
18:06:22.0723 6364  [ 7D631675030CE69C78FB131912E0E3DF ] C:\Windows\System32\igdumd64.dll
18:06:22.0723 6364  C:\Windows\System32\igdumd64.dll - ok
18:06:22.0729 6364  [ AC6E6940C8C98EE153D96FFA2CA7B272 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\3975acf49313ceea1280da91f0383480\System.Xml.ni.dll
18:06:22.0729 6364  C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\3975acf49313ceea1280da91f0383480\System.Xml.ni.dll - ok
18:06:22.0735 6364  [ 47CBB77506CFB47D7F86685335985962 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\1031b311ee568364d4ca1c4db634eaf0\System.Configuration.ni.dll
18:06:22.0735 6364  C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\1031b311ee568364d4ca1c4db634eaf0\System.Configuration.ni.dll - ok
18:06:23.0234 6364  [ 2867EB00222EB3AA5F4F80C451F9F2C9 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\fffa833a307c3ad981d98b81311f2ad3\WindowsFormsIntegration.ni.dll
18:06:23.0234 6364  C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\fffa833a307c3ad981d98b81311f2ad3\WindowsFormsIntegration.ni.dll - ok
18:06:23.0248 6364  [ 7AD0860F6C04AD34492A6EDFA81ECAC2 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\56d7206478a1eb28089a8efbdf921bf2\PresentationFramework.Aero.ni.dll
18:06:23.0248 6364  C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\56d7206478a1eb28089a8efbdf921bf2\PresentationFramework.Aero.ni.dll - ok
18:06:23.0254 6364  [ 4C0989878EB9DF67C42A7CD42713451E ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\868d117286ad259249f31d3fe813d39a\System.Drawing.ni.dll
18:06:23.0254 6364  C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\868d117286ad259249f31d3fe813d39a\System.Drawing.ni.dll - ok
18:06:23.0257 6364  [ 5092FDD5E1A701B0BAB653882A2FEBFF ] C:\Program Files\Internet Explorer\sqmapi.dll
18:06:23.0258 6364  C:\Program Files\Internet Explorer\sqmapi.dll - ok
18:06:23.0263 6364  [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
18:06:23.0263 6364  C:\Windows\System32\wbem\NCProv.dll - ok
18:06:23.0271 6364  [ BC0D4AFBE94D8E1F81C8926D805C3366 ] C:\Windows\System32\webcheck.dll
18:06:23.0271 6364  C:\Windows\System32\webcheck.dll - ok
18:06:23.0274 6364  [ 8130391F82D52D36C0441F714136957F ] C:\Windows\System32\imapi2.dll
18:06:23.0274 6364  C:\Windows\System32\imapi2.dll - ok
18:06:23.0283 6364  [ D9E21CBF9E6A87847AFFD39EA3FA28EE ] C:\Windows\System32\SearchProtocolHost.exe
18:06:23.0283 6364  C:\Windows\System32\SearchProtocolHost.exe - ok
18:06:23.0288 6364  [ 6A5C1A8AC0B572679361026D0E900420 ] C:\Windows\System32\hgcpl.dll
18:06:23.0288 6364  C:\Windows\System32\hgcpl.dll - ok
18:06:23.0295 6364  [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll
18:06:23.0295 6364  C:\Windows\System32\provsvc.dll - ok
18:06:23.0299 6364  [ D2A5B2B09F2AF5ED13BF494508B09788 ] C:\Windows\System32\msshooks.dll
18:06:23.0299 6364  C:\Windows\System32\msshooks.dll - ok
18:06:23.0304 6364  [ 49A3AD5CE578CD77F445F3D244AEAB2D ] C:\Windows\System32\SearchFilterHost.exe
18:06:23.0304 6364  C:\Windows\System32\SearchFilterHost.exe - ok
18:06:23.0309 6364  [ 48041BAEB60CE5F34F13CC2A1361E49C ] C:\Windows\System32\mssph.dll
18:06:23.0309 6364  C:\Windows\System32\mssph.dll - ok
18:06:23.0315 6364  [ 8F4BB0CFECED925D440ABC2481278360 ] C:\Windows\System32\mapi32.dll
18:06:23.0315 6364  C:\Windows\System32\mapi32.dll - ok
18:06:23.0321 6364  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] C:\Windows\System32\ssdpsrv.dll
18:06:23.0321 6364  C:\Windows\System32\ssdpsrv.dll - ok
18:06:23.0324 6364  ============================================================
18:06:23.0324 6364  Scan finished
18:06:23.0324 6364  ============================================================
18:06:23.0338 6356  Detected object count: 1
18:06:23.0338 6356  Actual detected object count: 1
18:07:24.0186 6356  \Device\Harddisk0\DR0\# - copied to quarantine
18:07:24.0305 6356  \Device\Harddisk0\DR0 - copied to quarantine
18:07:24.0440 6356  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - will be cured on reboot
18:07:24.0480 6356  \Device\Harddisk0\DR0 - ok
18:07:24.0667 6356  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - User select action: Cure
18:07:32.0351 4980  Deinitialize success






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users