Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smart Guard Protection removed now browse crash


  • This topic is locked This topic is locked
15 replies to this topic

#1 DougMiller

DougMiller

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 14 January 2014 - 04:15 PM

Hi all and thanks in advance.

 

I was infected with Smart Guard, I removed it per the instruction here (rkill then malwarebytes).  Smart guard appears to be removed but now my browsers randomly crash. 

 

I ran a second scan with Malwarebytes and it does not find any infections.  I tried to rerun rkill and it seam to hang once it reaches the "miscellaneous checks" 

 

What's the next step?

 

Doug



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:10 PM

Posted 14 January 2014 - 11:33 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

STEP 1

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

STEP 2

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

STEP 3

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#3 DougMiller

DougMiller
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 15 January 2014 - 02:34 PM

Georgi

 

Thanks for helping.  I posted the logs you asked for, looking forward to hearing what you find.

 

Doug

 

# AdwCleaner v3.017 - Report created 15/01/2014 at 10:53:27
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Doug - LITTLEbleep
# Running from : C:\Users\Doug\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Doug\AppData\Local\getsavin
File Deleted : C:\END

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Google Chrome v

[ File : C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2205 octets] - [15/01/2014 10:47:40]
AdwCleaner[S0].txt - [2162 octets] - [15/01/2014 10:53:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2222 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Starter x86
Ran by Doug on Wed 01/15/2014 at 11:04:44.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\caphyon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS

 

~~~ Files

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Doug\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\windows\system32\ai_recyclebin"
Successfully deleted: [Folder] "C:\ai_recyclebin"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/15/2014 at 11:18:12.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2014 01
Ran by Doug (administrator) on LITTLEbleep on 15-01-2014 11:22:04
Running from C:\Users\Doug\Desktop
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
( ) C:\Windows\System32\lxdccoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Magic Touch USB\tsmapper.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
() C:\Program Files\Magic Touch USB\swaplr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SVPWUTIL] - C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-03-03] (TOSHIBA CORPORATION)
HKLM\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [425984 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [521640 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9874024 2010-11-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1522280 2010-11-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1697064 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [22840 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [TS_Mapper] - C:\Program Files\Magic Touch USB\tsmapper.exe [183032 2012-03-30] ()
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKCU\...\Run: [AXworks] - regsvr32.exe C:\Users\Doug\AppData\Local\AXworks\SecurityNetHelper.dll <===== ATTENTION
HKCU\...\Winlogon: [Shell] explorer.exe [2616320 2011-02-24] (Microsoft Corporation) <==== ATTENTION
MountPoints2: F - F:\TL_Bootstrap.exe
MountPoints2: {01da4de0-7dff-11e1-a055-b870f44ce821} - F:\TL_Bootstrap.exe
MountPoints2: {0cd312d8-3c01-11e3-92dd-b870f44ce821} - G:\TL_Bootstrap.exe
MountPoints2: {3f4f6212-e6a8-11e1-bdbb-806e6f6e6963} - F:\TL_Bootstrap.exe
HKU\Guest\...\Run: [Best Buy pc app] - C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
HKU\Guest.Littlebleep\...\Run: [Best Buy pc app] - C:\Users\Guest.Littlebleep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
HKU\Guest.Littlebleep\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {72A1B656-B9F4-42BE-9E75-5CF2EA505905} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNH
SearchScopes: HKCU - DefaultScope {226E2A9E-C729-42AE-B4B9-A2BB967CD7BB} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNH
SearchScopes: HKCU - {226E2A9E-C729-42AE-B4B9-A2BB967CD7BB} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNH
SearchScopes: HKCU - {72A1B656-B9F4-42BE-9E75-5CF2EA505905} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNH
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://start.toshiba.com/g/
CHR RestoreOnStartup: "hxxp://start.toshiba.com/g/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\25.0.1364.97\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Chrome NaCl) - C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 [2012-07-09]
CHR Extension: (Google Search) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 [2012-07-09]
CHR Extension: (Gmail) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 [2012-07-09]

========================== Services (Whitelisted) =================

S4 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
S3 IconMan_R; C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1809920 2010-08-04] (Realsil Microelectronics Inc.)
S2 lxdcCATSCustConnectService; C:\windows\system32\spool\DRIVERS\W32X86\3\\lxdcserv.exe [99248 2007-05-25] (Lexmark International, Inc.)
R2 lxdc_device; C:\windows\system32\lxdccoms.exe [537520 2007-05-25] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S4 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)
S4 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)
S4 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-10-06] (TOSHIBA Corporation)
S4 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [189880 2010-11-11] (TOSHIBA Corporation)
S4 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2010-02-05] (TOSHIBA Corporation)

==================== Drivers (Whitelisted) ====================

R1 A2DDA; C:\Users\Doug\Desktop\EmsisoftEmergencyKit\Run\a2ddax86.sys [22056 2013-04-27] (Emsisoft GmbH)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
S3 etusbf; C:\Windows\System32\Drivers\etusbf.sys [38648 2012-03-13] ()
R1 FreeOTFE; C:\Windows\System32\FreeOTFE.sys [31856 2010-02-07] (Sarah Dean)
R1 FreeOTFECypherAES_ltc; C:\Windows\System32\FreeOTFECypherAES_ltc.sys [47216 2010-02-07] (Sarah Dean)
R1 FreeOTFECypherBlowfish; C:\Windows\System32\FreeOTFECypherBlowfish.sys [25200 2010-02-07] (Sarah Dean)
R1 FreeOTFECypherCAST5; C:\Windows\System32\FreeOTFECypherCAST5.sys [31088 2010-02-07] (Sarah Dean)
R1 FreeOTFECypherCAST6_Gladman; C:\Windows\System32\FreeOTFECypherCAST6_Gladman.sys [29808 2010-02-07] (Sarah Dean)
R1 FreeOTFECypherDES; C:\Windows\System32\FreeOTFECypherDES.sys [56816 2010-02-07] (Sarah Dean)
R1 FreeOTFECypherMARS_Gladman; C:\Windows\System32\FreeOTFECypherMARS_Gladman.sys [26480 2010-02-07] (Sarah Dean)
R1 FreeOTFECypherRC6_ltc; C:\Windows\System32\FreeOTFECypherRC6_ltc.sys [26096 2010-02-07] (Sarah Dean)
R1 FreeOTFECypherSerpent_Gladman; C:\Windows\System32\FreeOTFECypherSerpent_Gladman.sys [29168 2010-02-07] (Sarah Dean)
R1 FreeOTFECypherTwofish_ltc; C:\Windows\System32\FreeOTFECypherTwofish_ltc.sys [31856 2010-02-07] (Sarah Dean)
R1 FreeOTFEHashMD; C:\Windows\System32\FreeOTFEHashMD.sys [16880 2010-02-07] (Sarah Dean)
R1 FreeOTFEHashRIPEMD; C:\Windows\System32\FreeOTFEHashRIPEMD.sys [32624 2010-02-07] (Sarah Dean)
R1 FreeOTFEHashSHA; C:\Windows\System32\FreeOTFEHashSHA.sys [26224 2010-02-07] (Sarah Dean)
R1 FreeOTFEHashTiger; C:\Windows\System32\FreeOTFEHashTiger.sys [22128 2010-02-07] (Sarah Dean)
R1 FreeOTFEHashWhirlpool; C:\Windows\System32\FreeOTFEHashWhirlpool.sys [30704 2010-02-07] (Sarah Dean)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-30] (COMPAL ELECTRONIC INC.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-02-07] (Secunia)
R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [999016 2010-10-18] (Realtek Semiconductor Corporation                           )
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [59776 2011-09-07] (SCM Microsystems Inc.)
R3 vtouch; C:\Windows\System32\DRIVERS\vtouch.sys [14072 2012-02-20] (Windows ® Win 7 DDK provider)
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [x]
S4 LMIRfsClientNP; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-15 11:22 - 2014-01-15 11:23 - 00012998 _____ C:\Users\Doug\Desktop\FRST.txt
2014-01-15 11:21 - 2014-01-15 11:21 - 00000000 ____D C:\FRST
2014-01-15 11:21 - 2014-01-15 10:30 - 01220608 _____ (Farbar) C:\Users\Doug\Desktop\FRST.exe
2014-01-15 11:18 - 2014-01-15 11:18 - 00001658 _____ C:\Users\Doug\Desktop\JRT.txt
2014-01-15 11:04 - 2014-01-15 11:04 - 00000000 ____D C:\windows\ERUNT
2014-01-15 11:04 - 2014-01-15 10:27 - 01037068 _____ (Thisisu) C:\Users\Doug\Desktop\JRT.exe
2014-01-15 10:47 - 2014-01-15 10:53 - 00000000 ____D C:\AdwCleaner
2014-01-15 10:46 - 2014-01-15 10:24 - 01236282 _____ C:\Users\Doug\Desktop\AdwCleaner.exe
2014-01-14 14:07 - 2013-11-26 17:14 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-01-14 14:07 - 2013-11-26 17:13 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-01-14 14:07 - 2013-11-26 17:13 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-01-14 14:07 - 2013-11-26 17:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-01-14 14:07 - 2013-11-26 17:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-01-14 14:07 - 2013-11-26 17:13 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-01-14 14:07 - 2013-11-26 17:13 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-01-14 14:07 - 2013-11-26 03:11 - 00240576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-01-14 14:07 - 2013-11-26 02:10 - 02349056 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-01-14 10:29 - 2014-01-14 12:37 - 00001082 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-14 10:29 - 2014-01-14 12:37 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-14 10:29 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-01-13 23:32 - 2014-01-13 23:32 - 00000000 ____D C:\Users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Guard Protection
2014-01-13 23:26 - 2014-01-13 23:32 - 00000000 ____D C:\ProgramData\gVgggp7V
2014-01-13 23:26 - 2014-01-13 23:27 - 00000000 ____D C:\Users\Doug\AppData\Local\AXworks
2014-01-12 22:30 - 2014-01-12 22:31 - 00000530 _____ C:\Users\Doug\Desktop\beall.txt
2014-01-04 00:19 - 2014-01-04 00:27 - 00000000 ____D C:\Users\Doug\Documents\Realestate
2013-12-23 12:34 - 2013-12-23 12:34 - 00004860 _____ C:\windows\DPINST.LOG
2013-12-23 12:32 - 2013-12-23 12:32 - 00001925 _____ C:\Users\Public\Desktop\Swap Button.lnk
2013-12-23 12:31 - 2013-12-23 12:40 - 00000000 ____D C:\Users\Public\Documents\Magic Touch USB
2013-12-23 12:31 - 2013-12-23 12:31 - 00001957 _____ C:\Users\Public\Desktop\Touch USB.lnk
2013-12-23 12:31 - 2013-12-23 12:31 - 00000000 ____D C:\Program Files\Magic Touch USB
2013-12-23 12:31 - 2012-03-13 11:18 - 00038648 _____ () C:\windows\system32\Drivers\etusbf.sys
2013-12-23 12:31 - 2012-02-20 09:58 - 00014072 _____ (Windows ® Win 7 DDK provider) C:\windows\system32\Drivers\vtouch.sys
2013-12-23 12:29 - 2012-07-10 11:14 - 00000000 ____D C:\Users\Doug\Downloads\2.60.03_USB_WIN7_120409_MM
2013-12-23 12:24 - 2013-12-23 12:25 - 01767637 _____ C:\Users\Doug\Downloads\2.60.03_USB_WIN7_120409_MM.zip
2013-12-23 11:39 - 2013-12-23 11:48 - 00000000 ____D C:\Users\Doug\Downloads\MagicTouch V2.21_100203
2013-12-21 06:52 - 2013-12-21 06:52 - 00735318 _____ C:\Users\Doug\Documents\busstation.pptx
2013-12-16 02:45 - 2014-01-09 09:56 - 00058865 _____ C:\Users\Doug\Documents\cashflowanalysis.xlsx

==================== One Month Modified Files and Folders =======

2014-01-15 11:23 - 2014-01-15 11:22 - 00012998 _____ C:\Users\Doug\Desktop\FRST.txt
2014-01-15 11:22 - 2012-08-18 08:29 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-15 11:21 - 2014-01-15 11:21 - 00000000 ____D C:\FRST
2014-01-15 11:19 - 2013-03-08 20:46 - 00000000 ____D C:\Users\Doug\Desktop\Computer Cleanup
2014-01-15 11:18 - 2014-01-15 11:18 - 00001658 _____ C:\Users\Doug\Desktop\JRT.txt
2014-01-15 11:18 - 2011-03-08 05:17 - 01491829 _____ C:\windows\WindowsUpdate.log
2014-01-15 11:04 - 2014-01-15 11:04 - 00000000 ____D C:\windows\ERUNT
2014-01-15 11:02 - 2009-07-13 20:34 - 00014304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-15 11:02 - 2009-07-13 20:34 - 00014304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-15 10:55 - 2013-11-05 23:10 - 00003226 _____ C:\windows\setupact.log
2014-01-15 10:55 - 2009-07-13 20:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-15 10:53 - 2014-01-15 10:47 - 00000000 ____D C:\AdwCleaner
2014-01-15 10:44 - 2009-07-13 20:33 - 00413128 _____ C:\windows\system32\FNTCACHE.DAT
2014-01-15 10:39 - 2013-08-20 18:48 - 00000000 ____D C:\windows\system32\MRT
2014-01-15 10:30 - 2014-01-15 11:21 - 01220608 _____ (Farbar) C:\Users\Doug\Desktop\FRST.exe
2014-01-15 10:27 - 2014-01-15 11:04 - 01037068 _____ (Thisisu) C:\Users\Doug\Desktop\JRT.exe
2014-01-15 10:24 - 2014-01-15 10:46 - 01236282 _____ C:\Users\Doug\Desktop\AdwCleaner.exe
2014-01-15 10:22 - 2011-08-27 20:31 - 83425928 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-15 10:15 - 2011-08-19 20:48 - 00000000 ____D C:\Users\Doug\AppData\Local\CrashDumps
2014-01-14 19:20 - 2013-06-20 18:12 - 00000000 ____D C:\Users\Doug\Documents\Jobs
2014-01-14 12:37 - 2014-01-14 10:29 - 00001082 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-14 12:37 - 2014-01-14 10:29 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-14 12:35 - 2013-03-09 13:33 - 00002232 _____ C:\Users\Doug\Desktop\Rkill.txt
2014-01-14 11:53 - 2012-03-31 09:52 - 00000000 ____D C:\windows\pss
2014-01-14 11:45 - 2013-03-16 17:21 - 00010220 _____ C:\windows\PFRO.log
2014-01-14 11:44 - 2011-08-04 16:08 - 00000000 ____D C:\Users\Doug
2014-01-13 23:32 - 2014-01-13 23:32 - 00000000 ____D C:\Users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Guard Protection
2014-01-13 23:32 - 2014-01-13 23:26 - 00000000 ____D C:\ProgramData\gVgggp7V
2014-01-13 23:27 - 2014-01-13 23:26 - 00000000 ____D C:\Users\Doug\AppData\Local\AXworks
2014-01-12 22:31 - 2014-01-12 22:30 - 00000530 _____ C:\Users\Doug\Desktop\beall.txt
2014-01-09 09:56 - 2013-12-16 02:45 - 00058865 _____ C:\Users\Doug\Documents\cashflowanalysis.xlsx
2014-01-04 00:27 - 2014-01-04 00:19 - 00000000 ____D C:\Users\Doug\Documents\Realestate
2013-12-30 13:47 - 2013-10-09 11:47 - 00000000 ____D C:\Users\Doug\.gconfd
2013-12-30 13:46 - 2013-10-09 11:47 - 00000000 ____D C:\Users\Doug\.gconf
2013-12-30 13:01 - 2010-11-04 16:26 - 00778834 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-23 12:40 - 2013-12-23 12:31 - 00000000 ____D C:\Users\Public\Documents\Magic Touch USB
2013-12-23 12:34 - 2013-12-23 12:34 - 00004860 _____ C:\windows\DPINST.LOG
2013-12-23 12:32 - 2013-12-23 12:32 - 00001925 _____ C:\Users\Public\Desktop\Swap Button.lnk
2013-12-23 12:31 - 2013-12-23 12:31 - 00001957 _____ C:\Users\Public\Desktop\Touch USB.lnk
2013-12-23 12:31 - 2013-12-23 12:31 - 00000000 ____D C:\Program Files\Magic Touch USB
2013-12-23 12:25 - 2013-12-23 12:24 - 01767637 _____ C:\Users\Doug\Downloads\2.60.03_USB_WIN7_120409_MM.zip
2013-12-23 11:48 - 2013-12-23 11:39 - 00000000 ____D C:\Users\Doug\Downloads\MagicTouch V2.21_100203
2013-12-21 06:52 - 2013-12-21 06:52 - 00735318 _____ C:\Users\Doug\Documents\busstation.pptx
2013-12-17 21:28 - 2012-05-15 19:08 - 00000000 ____D C:\Users\Doug\Documents\Bussiness Plan
2013-12-16 02:20 - 2013-11-16 18:56 - 00122368 _____ C:\Users\Doug\Documents\cashflowanalysis.xls

Files to move or delete:
====================
C:\Users\Doug\AppData\Roaming\skype.ini
C:\Users\Doug\msconfig.exe
C:\Users\Doug\opera.exe
C:\Users\Doug\vlcplayer.exe

Some content of TEMP:
====================
C:\Users\Doug\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-09 09:43

==================== End Of Log ============================



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:10 PM

Posted 15 January 2014 - 07:26 PM

Hi,
 
 
Please download the following file => [attachment=145994:fixlist.txt] and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 
Regards,
Georgi
 


cXfZ4wS.png


#5 DougMiller

DougMiller
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 15 January 2014 - 08:28 PM

Done, here is the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-01-2014 03
Ran by Doug at 2014-01-15 17:21:42 Run:1
Running from C:\Users\Doug\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [] - [x]
HKCU\...\Run: [AXworks] - regsvr32.exe C:\Users\Doug\AppData\Local\AXworks\SecurityNetHelper.dll <===== ATTENTION
C:\Users\Doug\AppData\Local\AXworks\SecurityNetHelper.dll
HKCU\...\Winlogon: [Shell] explorer.exe [2616320 2011-02-24] (Microsoft Corporation) <==== ATTENTION
HKU\Guest\...\Run: [Best Buy pc app] - C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy
HKU\Guest.Littlebleep\...\Run: [Best Buy pc app] - C:\Users\Guest.Littlebleep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
C:\Users\Guest.Littlebleep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy
2014-01-13 23:32 - 2014-01-13 23:32 - 00000000 ____D C:\Users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Guard Protection
Folder: C:\ProgramData\gVgggp7V
Folder: C:\Users\Doug\AppData\Local\AXworks
C:\Users\Doug\AppData\Roaming\skype.ini
C:\Users\Doug\msconfig.exe
C:\Users\Doug\opera.exe
C:\Users\Doug\vlcplayer.exe
C:\Users\Doug\AppData\Local\Temp
end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\AXworks => Value deleted successfully.
C:\Users\Doug\AppData\Local\AXworks\SecurityNetHelper.dll => Moved successfully.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Guest\Software\Microsoft\Windows\CurrentVersion\Run\\Best Buy pc app => Value deleted successfully.
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy" => File/Directory not found.
HKU\Guest.Littlebleep\Software\Microsoft\Windows\CurrentVersion\Run\\Best Buy pc app => Value not found.
"C:\Users\Guest.Littlebleep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy" => File/Directory not found.
C:\Users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Guard Protection => Moved successfully.

========================= Folder: C:\ProgramData\gVgggp7V ========================

2014-01-13 23:26 - 2014-01-13 23:26 - 0000000 _____ () C:\ProgramData\gVgggp7V\DD1
2014-01-13 23:31 - 2014-01-13 23:31 - 0000000 _____ () C:\ProgramData\gVgggp7V\DD2
2014-01-13 23:32 - 2014-01-13 23:32 - 0000000 _____ () C:\ProgramData\gVgggp7V\DD3
2014-01-13 23:26 - 2014-01-13 23:26 - 0000628 _____ () C:\ProgramData\gVgggp7V\gVgggp7V.exe.manifest
2014-01-13 23:26 - 2014-01-13 23:26 - 0005430 _____ () C:\ProgramData\gVgggp7V\gVgggp7V.ico
2014-01-13 23:26 - 2014-01-13 23:31 - 0000096 _____ () C:\ProgramData\gVgggp7V\gVgggp7VwUyqgggg.in
2014-01-13 23:26 - 2014-01-13 23:26 - 0000000 _____ () C:\ProgramData\gVgggp7V\gVgggp7VwUyqgggg.lg
2014-01-13 23:31 - 2014-01-13 23:31 - 0002164 ____N () C:\ProgramData\gVgggp7V\rr.bat

====== End of Folder: ======

========================= Folder: C:\Users\Doug\AppData\Local\AXworks ========================

2014-01-13 23:27 - 2014-01-13 23:27 - 0232980 _____ () C:\Users\Doug\AppData\Local\AXworks\SecurityNetHelper.idx

====== End of Folder: ======

C:\Users\Doug\AppData\Roaming\skype.ini => Moved successfully.
C:\Users\Doug\msconfig.exe => Moved successfully.
C:\Users\Doug\opera.exe => Moved successfully.
C:\Users\Doug\vlcplayer.exe => Moved successfully.

"C:\Users\Doug\AppData\Local\Temp" directory move:

Could not move "C:\Users\Doug\AppData\Local\Temp\AdobeARM.log" => Scheduled to move on reboot.
C:\Users\Doug\AppData\Local\Temp\AdobeARM_NotLocked.log => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\AdwCleaner.jpg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\ArmUI.ini => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Cleaning.ico => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\CVR2F4D.tmp.cvr => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\CVR60F7.tmp.cvr => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\CVR7AAE.tmp.cvr => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\CVR8060.tmp.cvr => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\CVR82F8.tmp.cvr => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\CVR8BE4.tmp.cvr => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\CVRA0A9.tmp.cvr => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\CVRB2B3.tmp.cvr => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\CVRC4BC.tmp.cvr => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\CVRCEC3.tmp.cvr => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\CVRFEFD.tmp.cvr => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\dd_vcredistMSI43CE.txt => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\dd_vcredistUI43CE.txt => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\DMI6C9D.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\DMID2A9.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\DMIE99B.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Donate.ico => Moved successfully.
Could not move "C:\Users\Doug\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Doug\AppData\Local\Temp\geColladaModelCacheLock => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\geIconCacheLock => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\gnucash.trace.TMQF9W.log => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\JRT.txt => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\LuUpdater.log => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\lws.man.xml => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\lws.man.xml.sig => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\LWSDebugOut.txt => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20131115_150053850.html => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Report.ico => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\rs.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Scan.ico => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\setup.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Uninstall.ico => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\users00 => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\wmplog00.sqm => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\wmplog01.sqm => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\wmplog02.sqm => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\wmplog03.sqm => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\wmplog04.sqm => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\wmplog05.sqm => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\wmplog06.sqm => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\wmsetup.log => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\~DF3DB10535AF223AEB.TMP => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\~DF68BC85674128476F.TMP => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\~DF76857CD9816A189A.TMP => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\~DFB6EFB9EEB69FA4AE.TMP => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\~DFE5AF31C1D281460F.TMP => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temporary Internet Files\Content.IE5\desktop.ini => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temporary Internet Files\Content.IE5\XDIJXT68\desktop.ini => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temporary Internet Files\Content.IE5\AL51Z1TT\desktop.ini => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temporary Internet Files\Content.IE5\864FUJNW\desktop.ini => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temporary Internet Files\Content.IE5\56051OEZ\desktop.ini => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\SETUP.ENU => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Win2000_XP\CONFIG.INI => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Win2000_XP\etusbf.cat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Win2000_XP\ETUSBF.INF => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Win2000_XP\ETUSBF.SYS => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Win2000_XP\etusbfv.cat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Win2000_XP\hidfilter.exe => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Win2000_XP\PNPREG.EXE => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Win2000_XP\setdev64.exe => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Win2000_XP\SETUP.CHT => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Win2000_XP\SETUP.ENU => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Win2000_XP\setup.exe => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Win2000_XP\swaplr.exe => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Win2000_XP\TOUCHUSB.CHT => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Win2000_XP\TOUCHUSB.ENU => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Win2000_XP\touchUSB.exe => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Vista_7\CONFIG.INI => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Vista_7\etusbf.cat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Vista_7\ETUSBF.INF => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Vista_7\ETUSBF.SYS => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Vista_7\etusbfv.cat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Vista_7\hidfilter.exe => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Vista_7\PNPREG.EXE => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Vista_7\setdev64.exe => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Vista_7\SETUP.CHT => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Vista_7\SETUP.ENU => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Vista_7\setup.exe => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Vista_7\swaplr.exe => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Vista_7\TOUCHUSB.CHT => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Vista_7\TOUCHUSB.ENU => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Vista_7\touchUSB.exe => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Vista_7\vtouch.cat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Vista_7\vtouch.inf => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Vista_7\vtouch.sys => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Vista_7\XP64\etusbf.cat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Vista_7\XP64\ETUSBF.INF => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Vista_7\XP64\ETUSBF.SYS => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Vista_7\XP64\etusbfv.cat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Vista_7\XP64\vtouch.cat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Vista_7\XP64\vtouch.inf => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\USB\Vista_7\XP64\vtouch.sys => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\SDK\ettssdk.dll => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\SDK\sdkdemo.exe => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Win98_ME\ET232.INF => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Win98_ME\ET232.VXD => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Win98_ME\SETUP.CHT => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Win98_ME\SETUP.ENU => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Win98_ME\TOUCH232.CHT => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Win98_ME\TOUCH232.ENU => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Win98_ME\Touch232.exe => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Win2000_XP\ET232.INF => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Win2000_XP\et232.sys => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Win2000_XP\PNPREG.EXE => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Win2000_XP\SETUP.CHT => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Win2000_XP\SETUP.ENU => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Win2000_XP\SETUP.EXE => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Win2000_XP\TOUCH232.CHT => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Win2000_XP\TOUCH232.ENU => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Win2000_XP\Touch232.exe => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Win2000_XP\XP64\ET232.SYS => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Vista_7\CONFIG.INI => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Vista_7\et232.cat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Vista_7\ET232.INF => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Vista_7\et232.sys => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Vista_7\PNPREG.EXE => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Vista_7\SETUP.CHT => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Vista_7\SETUP.ENU => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Vista_7\SETUP.EXE => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Vista_7\TOUCH232.CHT => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Vista_7\TOUCH232.ENU => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Vista_7\Touch232.exe => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Vista_7\tsutils.dll => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Vista_7\XP64\et232.cat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Vista_7\XP64\ET232.INF => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Temp1_MagicTouch V2.21_100203.zip\232\Vista_7\XP64\ET232.SYS => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\msohtmlclip1\01\clip_colorschememapping.xml => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\msohtmlclip1\01\clip_themedata.thmx => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\CVR53CE.tmp.cvr => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\CVR6F7F.tmp.cvr => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\CVRAC9F.tmp.cvr => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat13EB.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat1BB7.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat1BBB.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat1BCC.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat1BEC.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat1C4B.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat268E.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat26AF.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat26BF.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat272D.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat3468.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat3497.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat34B8.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat3545.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat568B.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat56CA.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat56EA.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat6468.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat6488.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat64A8.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat6535.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat6821.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat688F.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat68BF.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat695C.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat6962.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat6991.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat69C1.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat73A2.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat8392.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat83B3.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat83D3.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat84FC.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat991D.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat995D.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat997D.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat9AC5.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat9F0F.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat9F30.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat9F50.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\dat9F70.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\datA99E.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\datA9BE.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\datA9DF.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\datAA0E.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\datAABB.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\datAAEB.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\datB34E.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\datB36E.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\datB38E.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\datB3AE.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\datB3EE.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\datB916.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\datB965.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\datB9A5.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\datB9E4.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\datFA5.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Low\datFB6.tmp => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\APPID_clsid.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\APPID_files.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\appinit64_null.reg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\appinit_null.reg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\APPPATHS.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\APPROVEDEXTENSIONS_clsid.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\ask.bat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\askCLSID.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\askregkey_x64.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\askregkey_x86.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\askregvalue_x64.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\askregvalue_x86.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\askservices.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\badAPPINIT.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\badFOLDERS.cfg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\badFOLDERScom.cfg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\badFOLDERSstart.cfg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\badLNK.cfg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\badvalues.cfg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\BHO_clsid.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\BHO_name.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\browsermngr_keys.cfg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\browsermngr_values.cfg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\CHOICE.DAT => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\chrome.bat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\CHRregkey_x64.cfg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\CHRregkey_x86.cfg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\CHR_extensions.cfg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\CHR_open_x64.reg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\CHR_open_x86.reg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\clean_shortcut.vbs => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\CLSID_clsid.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\currentmd5.txt => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\CUT.DAT => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\datamngr_del.reg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\defaultscope.cfg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\delfolders.bat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\delorphans.bat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\ELEVATIONPOLICY_clsid.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\ev_clear.bat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\EXT.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\FFbrowsermngr.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\FFextensions.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\FFpluginREG.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\FFplugins.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\FFprefs.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\FFregkey_x64.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\FFregkey_x86.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\FFwhtlist.cfg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\FFXML.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\FFXPI.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\FF_open_x64.reg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\FF_open_x86.reg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\firefox.bat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\FWCLSID.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\FWPolicy.bat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\get.bat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\IEwhtlst.cfg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\iexplore.bat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\IE_open_x64.reg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\IE_open_x86.reg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\IFEO.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\INTERFACE_clsid.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\JRT.bat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\medfos.bat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\MENUEXT.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\misc.bat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\modules.bat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\modules.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\moduleservices.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\newmd5.txt => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\NIRCMD.DAT => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\NOTIFY.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\PREAPPROVED_clsid.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\prelim.bat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\PRODUCTS.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\REGhcr.cfg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\REGhkcu_and_hklm_allow.cfg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\REGhkcu_and_hklm_software.cfg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\REGhkcu_software_appdatalow.cfg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\REGhkcu_software_microsoft.cfg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\REGhklm_software_classes.cfg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\REGISTRYUSERSID.cfg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\runvalues.bat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\runvalues_x64.cfg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\runvalues_x86.cfg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\S1518COMPONENTS.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\searchlnk.bat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\SED.DAT => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\sednewline.txt => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\services.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\serviceseventlog.cfg => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\SETTINGS_clsid.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\SHORTCUT.DAT => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\STATS_clsid.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\TDL4.bat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\TRACING.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\TYPELIB_clsid.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\UNINSTALL.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\UpgradeCodes.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\WGET.DAT => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\WOW6432NODE.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\temp\null.txt => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\erunt\ERDNT.E_E => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\erunt\ERDNTDOS.LOC => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\erunt\ERDNTWIN.LOC => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\erunt\ERUNT.EXE => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\erunt\ERUNT.EXE.manifest => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\erunt\ERUNT.LOC => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\jrt\erunt\README.TXT => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\History\History.IE5\desktop.ini => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\History\History.IE5\index.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\Cookies\index.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\desktop.ini => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\index.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\ZD0CCA3I\desktop.ini => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\N7BJ6LJG\desktop.ini => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\GJ1O310F\desktop.ini => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\535Y02EV\desktop.ini => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\acrord32_sbx\History\History.IE5\desktop.ini => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\acrord32_sbx\History\History.IE5\index.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\acrord32_sbx\Cookies\index.dat => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\CbsProvider.dll => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\CompatProvider.dll => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\DismCore.dll => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\DismCorePS.dll => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\DismHost.exe => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\DismProv.dll => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\DmiProvider.dll => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\FolderProvider.dll => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\IntlProvider.dll => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\LogProvider.dll => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\MsiProvider.dll => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\OSProvider.dll => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\SmiProvider.dll => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\TransmogProvider.dll => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\UnattendProvider.dll => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\wdscore.dll => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\WimProvider.dll => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\en-US\CbsProvider.dll.mui => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\en-US\CompatProvider.dll.mui => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\en-US\DismCore.dll.mui => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\en-US\DismProv.dll.mui => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\en-US\DmiProvider.dll.mui => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\en-US\FolderProvider.dll.mui => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\en-US\IntlProvider.dll.mui => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\en-US\LogProvider.dll.mui => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\en-US\MsiProvider.dll.mui => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\en-US\OSProvider.dll.mui => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\en-US\SmiProvider.dll.mui => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\en-US\TransmogProvider.dll.mui => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\en-US\UnattendProvider.dll.mui => Moved successfully.
C:\Users\Doug\AppData\Local\Temp\93432E76-1E51-4CBB-AC7E-E2B25718566C\en-US\WimProvider.dll.mui => Moved successfully.
Could not move "C:\Users\Doug\AppData\Local\Temp" directory. => Scheduled to move on reboot.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-15 17:25:58)<=

C:\Users\Doug\AppData\Local\Temp\AdobeARM.log => Is moved successfully.
"C:\Users\Doug\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => File could not move.
"C:\Users\Doug\AppData\Local\Temp" => Directory could not move.

==== End of Fixlog ====



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:10 PM

Posted 15 January 2014 - 10:02 PM

Hello,

 

Great work! :)

  • Now can you please go to C:\FRST\Quarantine and right click on the file SecurityNetHelper.dll, select send to compressed(zip) file that will make a zipped copy of this file.
  • Then please upload the archive to http://www.bleepingcomputer.com/submit-malware.php?channel=122 so we can examine the files and submit to antivirus companies if needed.
  • After that please delete the zip file you just created but don't delete the main folder C:\FRST\Quarantine. We will delete it using FRST for that purpose.
  • Next go ahead and delete these folders manually => C:\ProgramData\gVgggp7V and C:\Users\Doug\AppData\Local\AXworks

 

Also I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

 

 

STEP 1

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

 

  • Please download RogueKiller.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    JtwHB.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 4

 

 

Please download Malwarebytes Anti-Rootkit mbamicontw5.gif and save it to your desktop.

  • Be sure to print out and follow these instructions for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.

Note: Further documentation on this tool can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit (mbar) folder.

 

 

STEP 5

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 6

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#7 DougMiller

DougMiller
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 16 January 2014 - 01:56 PM

Georgi

 

I followed your instructions for FRST clean up and ran RKILL, log posted below.  RougeKiller will not run on my machine.  Crashed on all three tries.  I did not proceed to the other steps as I do not know if the order they are performed is important.

 

My system is a netbook running Window7 starter addition and is a 32bit machine if this makes a difference.  Please let me know how to proceed.

 

Thank you

Doug

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/16/2014 10:18:52 AM in x86 mode.
Windows Version: Windows 7 Starter Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * SensrSvc [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 01/16/2014 10:21:16 AM
Execution time: 0 hours(s), 2 minute(s), and 23 seconds(s)



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:10 PM

Posted 17 January 2014 - 05:23 AM

Hi,

 

Please skip RogueKiller then and continue with the rest of the steps. I'll inform the developer of RogueKiller about that.

 

 

Regards,

Georgi


cXfZ4wS.png


#9 DougMiller

DougMiller
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 19 January 2014 - 12:03 AM

Geogri

 

Ill be breaking the logs up in to a couple posts, the system tells me the post is to long.  These last few check reported no issues found and the symptoms have stopped.  I will be removing a bunch of software trail/freeware programs in the near future is there a forum on this site or other site that can help with cleaning up the system registry?  I know just enough about the registry to be able to mess thing up badly and would rather not do that.

 

Thanks for your help.

Doug

2:16.0533 0x0ab4  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
12:52:17.0220 0x0ab4  ============================================================
12:52:17.0220 0x0ab4  Current date / time: 2014/01/18 12:52:17.0220
12:52:17.0220 0x0ab4  SystemInfo:
12:52:17.0220 0x0ab4 
12:52:17.0220 0x0ab4  OS Version: 6.1.7601 ServicePack: 1.0
12:52:17.0220 0x0ab4  Product type: Workstation
12:52:17.0220 0x0ab4  ComputerName: LITTLEbleep
12:52:17.0220 0x0ab4  UserName: Doug
12:52:17.0220 0x0ab4  Windows directory: C:\windows
12:52:17.0220 0x0ab4  System windows directory: C:\windows
12:52:17.0220 0x0ab4  Processor architecture: Intel x86
12:52:17.0220 0x0ab4  Number of processors: 2
12:52:17.0220 0x0ab4  Page size: 0x1000
12:52:17.0220 0x0ab4  Boot type: Normal boot
12:52:17.0220 0x0ab4  ============================================================
12:52:17.0220 0x0ab4  BG loaded
12:52:18.0608 0x0ab4  System UUID: {8D194512-2C18-ED4E-4156-90043131A4C9}
12:52:22.0992 0x0ab4  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:52:23.0070 0x0ab4  ============================================================
12:52:23.0070 0x0ab4  \Device\Harddisk0\DR0:
12:52:23.0085 0x0ab4  MBR partitions:
12:52:23.0085 0x0ab4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BE76800
12:52:23.0085 0x0ab4  ============================================================
12:52:23.0288 0x0ab4  C: <-> \Device\Harddisk0\DR0\Partition1
12:52:23.0288 0x0ab4  ============================================================
12:52:23.0288 0x0ab4  Initialize success
12:52:23.0288 0x0ab4  ============================================================
12:52:43.0634 0x0e64  ============================================================
12:52:43.0634 0x0e64  Scan started
12:52:43.0634 0x0e64  Mode: Manual; SigCheck; TDLFS;
12:52:43.0634 0x0e64  ============================================================
12:52:43.0634 0x0e64  KSN ping started
12:52:46.0661 0x0e64  KSN ping finished: true
12:52:47.0253 0x0e64  ================ Scan system memory ========================
12:52:47.0253 0x0e64  System memory - ok
12:52:47.0253 0x0e64  ================ Scan services =============================
12:52:47.0612 0x0e64  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
12:52:48.0283 0x0e64  1394ohci - ok
12:52:48.0548 0x0e64  [ B0CC0B50441372157F31C4C023D43A3E, A0FCC03588C06E42D3B8465AC7D0F7A909E8CABEEE3C82B3CBD68F150D7692EE ] A2DDA           C:\Users\Doug\Desktop\EmsisoftEmergencyKit\Run\a2ddax86.sys
12:52:48.0813 0x0e64  A2DDA - ok
12:52:48.0985 0x0e64  [ 00659E56339389469473AEC41587E706, 33CF74B079268D7B1205969212F2F6145095F0A5500C1B96957F0EB08C2D9D4E ] ac.sharedstore  C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
12:52:49.0609 0x0e64  ac.sharedstore - ok
12:52:49.0687 0x0e64  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\windows\system32\drivers\ACPI.sys
12:52:49.0765 0x0e64  ACPI - ok
12:52:49.0812 0x0e64  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
12:52:49.0937 0x0e64  AcpiPmi - ok
12:52:49.0999 0x0e64  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:52:50.0061 0x0e64  AdobeARMservice - ok
12:52:50.0202 0x0e64  [ 2471BCB6E1388A3484E78243A1BE5F33, CB7FBA6C15791554594228A5A1A7A5040BEB1BD725F08947D780E301D8AE788A ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:52:50.0280 0x0e64  AdobeFlashPlayerUpdateSvc - ok
12:52:50.0420 0x0e64  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
12:52:50.0498 0x0e64  adp94xx - ok
12:52:50.0561 0x0e64  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
12:52:50.0639 0x0e64  adpahci - ok
12:52:50.0685 0x0e64  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
12:52:50.0748 0x0e64  adpu320 - ok
12:52:50.0826 0x0e64  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
12:52:51.0044 0x0e64  AeLookupSvc - ok
12:52:51.0153 0x0e64  [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD             C:\windows\system32\drivers\afd.sys
12:52:51.0294 0x0e64  AFD - ok
12:52:51.0356 0x0e64  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\windows\system32\drivers\agp440.sys
12:52:51.0419 0x0e64  agp440 - ok
12:52:51.0481 0x0e64  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\windows\system32\DRIVERS\djsvs.sys
12:52:51.0543 0x0e64  aic78xx - ok
12:52:51.0621 0x0e64  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\windows\System32\alg.exe
12:52:51.0731 0x0e64  ALG - ok
12:52:51.0793 0x0e64  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\windows\system32\drivers\aliide.sys
12:52:51.0840 0x0e64  aliide - ok
12:52:51.0902 0x0e64  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\windows\system32\drivers\amdagp.sys
12:52:51.0949 0x0e64  amdagp - ok
12:52:52.0027 0x0e64  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\windows\system32\drivers\amdide.sys
12:52:52.0074 0x0e64  amdide - ok
12:52:52.0152 0x0e64  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
12:52:52.0230 0x0e64  AmdK8 - ok
12:52:52.0292 0x0e64  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
12:52:52.0370 0x0e64  AmdPPM - ok
12:52:52.0448 0x0e64  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\windows\system32\drivers\amdsata.sys
12:52:52.0511 0x0e64  amdsata - ok
12:52:52.0589 0x0e64  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
12:52:52.0651 0x0e64  amdsbs - ok
12:52:52.0713 0x0e64  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\windows\system32\drivers\amdxata.sys
12:52:52.0760 0x0e64  amdxata - ok
12:52:52.0823 0x0e64  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\windows\system32\drivers\appid.sys
12:52:52.0963 0x0e64  AppID - ok
12:52:53.0057 0x0e64  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\windows\System32\appidsvc.dll
12:52:53.0181 0x0e64  AppIDSvc - ok
12:52:53.0275 0x0e64  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\windows\System32\appinfo.dll
12:52:53.0384 0x0e64  Appinfo - ok
12:52:53.0462 0x0e64  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\windows\system32\DRIVERS\arc.sys
12:52:53.0509 0x0e64  arc - ok
12:52:53.0556 0x0e64  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
12:52:53.0618 0x0e64  arcsas - ok
12:52:53.0774 0x0e64  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:52:53.0821 0x0e64  aspnet_state - ok
12:52:53.0883 0x0e64  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
12:52:54.0071 0x0e64  AsyncMac - ok
12:52:54.0149 0x0e64  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\windows\system32\drivers\atapi.sys
12:52:54.0227 0x0e64  atapi - ok
12:52:54.0320 0x0e64  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
12:52:54.0507 0x0e64  AudioEndpointBuilder - ok
12:52:54.0585 0x0e64  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\windows\System32\Audiosrv.dll
12:52:54.0757 0x0e64  Audiosrv - ok
12:52:54.0835 0x0e64  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\windows\System32\AxInstSV.dll
12:52:54.0991 0x0e64  AxInstSV - ok
12:52:55.0085 0x0e64  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\windows\system32\DRIVERS\bxvbdx.sys
12:52:55.0241 0x0e64  b06bdrv - ok
12:52:55.0490 0x0e64  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
12:52:55.0599 0x0e64  b57nd60x - ok
12:52:55.0693 0x0e64  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\windows\System32\bdesvc.dll
12:52:55.0818 0x0e64  BDESVC - ok
12:52:55.0880 0x0e64  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\windows\system32\drivers\Beep.sys
12:52:56.0021 0x0e64  Beep - ok
12:52:56.0145 0x0e64  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\windows\System32\bfe.dll
12:52:56.0286 0x0e64  BFE - ok
12:52:56.0395 0x0e64  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\windows\System32\qmgr.dll
12:52:56.0598 0x0e64  BITS - ok
12:52:56.0645 0x0e64  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
12:52:56.0754 0x0e64  blbdrive - ok
12:52:57.0113 0x0e64  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
12:52:57.0191 0x0e64  bowser - ok
12:52:57.0237 0x0e64  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
12:52:57.0331 0x0e64  BrFiltLo - ok
12:52:57.0378 0x0e64  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
12:52:57.0487 0x0e64  BrFiltUp - ok
12:52:57.0565 0x0e64  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\windows\System32\browser.dll
12:52:57.0674 0x0e64  Browser - ok
12:52:57.0752 0x0e64  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\windows\System32\Drivers\Brserid.sys
12:52:57.0908 0x0e64  Brserid - ok
12:52:57.0955 0x0e64  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
12:52:58.0049 0x0e64  BrSerWdm - ok
12:52:58.0111 0x0e64  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
12:52:58.0189 0x0e64  BrUsbMdm - ok
12:52:58.0236 0x0e64  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
12:52:58.0314 0x0e64  BrUsbSer - ok
12:52:58.0376 0x0e64  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
12:52:58.0470 0x0e64  BTHMODEM - ok
12:52:58.0563 0x0e64  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\windows\system32\bthserv.dll
12:52:58.0704 0x0e64  bthserv - ok
12:52:58.0751 0x0e64  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
12:52:58.0907 0x0e64  cdfs - ok
12:52:58.0985 0x0e64  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
12:52:59.0094 0x0e64  cdrom - ok
12:52:59.0172 0x0e64  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\windows\System32\certprop.dll
12:52:59.0312 0x0e64  CertPropSvc - ok
12:52:59.0359 0x0e64  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
12:52:59.0437 0x0e64  circlass - ok
12:52:59.0515 0x0e64  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\windows\system32\CLFS.sys
12:52:59.0577 0x0e64  CLFS - ok
12:52:59.0702 0x0e64  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:52:59.0827 0x0e64  clr_optimization_v2.0.50727_32 - ok
12:52:59.0889 0x0e64  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:52:59.0999 0x0e64  clr_optimization_v4.0.30319_32 - ok
12:53:00.0045 0x0e64  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
12:53:00.0638 0x0e64  CmBatt - ok
12:53:00.0685 0x0e64  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\windows\system32\drivers\cmdide.sys
12:53:00.0794 0x0e64  cmdide - ok
12:53:00.0888 0x0e64  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\windows\system32\Drivers\cng.sys
12:53:01.0059 0x0e64  CNG - ok
12:53:01.0122 0x0e64  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
12:53:01.0184 0x0e64  Compbatt - ok
12:53:01.0247 0x0e64  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
12:53:01.0371 0x0e64  CompositeBus - ok
12:53:01.0418 0x0e64  COMSysApp - ok
12:53:01.0481 0x0e64  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
12:53:01.0543 0x0e64  crcdisk - ok
12:53:01.0637 0x0e64  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\windows\system32\cryptsvc.dll
12:53:01.0730 0x0e64  CryptSvc - ok
12:53:01.0839 0x0e64  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\windows\system32\rpcss.dll
12:53:02.0011 0x0e64  DcomLaunch - ok
12:53:02.0105 0x0e64  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\windows\System32\defragsvc.dll
12:53:02.0261 0x0e64  defragsvc - ok
12:53:02.0339 0x0e64  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
12:53:02.0448 0x0e64  DfsC - ok
12:53:02.0541 0x0e64  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\windows\system32\dhcpcore.dll
12:53:02.0666 0x0e64  Dhcp - ok
12:53:02.0713 0x0e64  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\windows\system32\drivers\discache.sys
12:53:02.0853 0x0e64  discache - ok
12:53:02.0916 0x0e64  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\windows\system32\DRIVERS\disk.sys
12:53:02.0963 0x0e64  Disk - ok
12:53:03.0041 0x0e64  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\windows\System32\dnsrslvr.dll
12:53:03.0165 0x0e64  Dnscache - ok
12:53:03.0228 0x0e64  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\windows\System32\dot3svc.dll
12:53:03.0368 0x0e64  dot3svc - ok
12:53:03.0462 0x0e64  [ B5E479EB83707DD698F66953E922042C, 82891A4699F180A20EB25A0EC49A7E008B007A374BAA3279483AC1C95D125FE8 ] dot4            C:\windows\system32\DRIVERS\Dot4.sys
12:53:03.0555 0x0e64  dot4 - ok
12:53:03.0633 0x0e64  [ CAEFD09B6A6249C53A67D55A9A9FCABF, A76C951EA8A830E5BA22D8D393A946BBAEEDB76478539F647E58199B383F786B ] Dot4Print       C:\windows\system32\DRIVERS\Dot4Prt.sys
12:53:03.0711 0x0e64  Dot4Print - ok
12:53:03.0774 0x0e64  [ CF491FF38D62143203C065260567E2F7, 4315FD8FC88CF627EBE469A2DF0F280B17C95D3004FC7A93D6F8E47F0D91A037 ] dot4usb         C:\windows\system32\DRIVERS\dot4usb.sys
12:53:03.0867 0x0e64  dot4usb - ok
12:53:03.0945 0x0e64  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\windows\system32\dps.dll
12:53:04.0101 0x0e64  DPS - ok
12:53:04.0179 0x0e64  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
12:53:04.0273 0x0e64  drmkaud - ok
12:53:04.0398 0x0e64  [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
12:53:04.0523 0x0e64  DXGKrnl - ok
12:53:04.0601 0x0e64  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\windows\System32\eapsvc.dll
12:53:04.0757 0x0e64  EapHost - ok
12:53:05.0100 0x0e64  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\windows\system32\DRIVERS\evbdx.sys
12:53:05.0739 0x0e64  ebdrv - ok
12:53:05.0833 0x0e64  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] EFS             C:\windows\System32\lsass.exe
12:53:05.0942 0x0e64  EFS - ok
12:53:06.0020 0x0e64  [ D71233D7CCC2E64F8715A20428D5A33B, ECCF5820CFFFC083EA6A5D310E2E09CA61C0DCFEE1E58AD94D2A565CA86A87F3 ] ElbyCDIO        C:\windows\system32\Drivers\ElbyCDIO.sys
12:53:06.0083 0x0e64  ElbyCDIO - ok
12:53:06.0176 0x0e64  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
12:53:06.0285 0x0e64  elxstor - ok
12:53:06.0348 0x0e64  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\windows\system32\drivers\errdev.sys
12:53:06.0410 0x0e64  ErrDev - ok
12:53:06.0535 0x0e64  [ F3EFA5F8E6B5C0EFDC6192E457D89391, B580B839B372829D89C89D1593EF354C4BAAA6457028152048266784E90D9EC7 ] etusbf          C:\windows\system32\Drivers\etusbf.sys
12:53:06.0644 0x0e64  etusbf - ok
12:53:06.0753 0x0e64  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\windows\system32\es.dll
12:53:06.0925 0x0e64  EventSystem - ok
12:53:06.0987 0x0e64  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\windows\system32\drivers\exfat.sys
12:53:07.0143 0x0e64  exfat - ok
12:53:07.0206 0x0e64  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\windows\system32\drivers\fastfat.sys
12:53:07.0346 0x0e64  fastfat - ok
12:53:07.0440 0x0e64  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\windows\system32\fxssvc.exe
12:53:07.0596 0x0e64  Fax - ok
12:53:07.0643 0x0e64  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\windows\system32\DRIVERS\fdc.sys
12:53:07.0721 0x0e64  fdc - ok
12:53:07.0799 0x0e64  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\windows\system32\fdPHost.dll
12:53:07.0923 0x0e64  fdPHost - ok
12:53:07.0970 0x0e64  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\windows\system32\fdrespub.dll
12:53:08.0111 0x0e64  FDResPub - ok
12:53:08.0189 0x0e64  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
12:53:08.0235 0x0e64  FileInfo - ok
12:53:08.0282 0x0e64  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
12:53:08.0391 0x0e64  Filetrace - ok
12:53:08.0438 0x0e64  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
12:53:08.0532 0x0e64  flpydisk - ok
12:53:08.0594 0x0e64  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
12:53:08.0672 0x0e64  FltMgr - ok
12:53:08.0828 0x0e64  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\windows\system32\FntCache.dll
12:53:09.0047 0x0e64  FontCache - ok
12:53:09.0125 0x0e64  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:53:09.0171 0x0e64  FontCache3.0.0.0 - ok
12:53:09.0249 0x0e64  [ 94E150CB0F1F29C5BE0CCFB6A01FA08B, 60499C9E8F6F803EB3C3D52C2603E8B718502103FBB9B4014FB4FF0A64E6D6F7 ] FreeOTFE        C:\Windows\System32\FreeOTFE.sys
12:53:09.0405 0x0e64  FreeOTFE - detected UnsignedFile.Multi.Generic ( 1 )
12:53:12.0463 0x0e64  Detect skipped due to KSN trusted
12:53:12.0463 0x0e64  FreeOTFE - ok
12:53:13.0664 0x0e64  [ 4E0E6751EC195A485476C28756B82EFF, C96403C85B15408ECB1BA0886A9FF1F26DA5211CAEDE18AD9E2E67FFC42044E5 ] FreeOTFECypherAES_ltc C:\Windows\System32\FreeOTFECypherAES_ltc.sys
12:53:13.0789 0x0e64  FreeOTFECypherAES_ltc - detected UnsignedFile.Multi.Generic ( 1 )
12:53:16.0862 0x0e64  Detect skipped due to KSN trusted
12:53:16.0862 0x0e64  FreeOTFECypherAES_ltc - ok
12:53:17.0502 0x0e64  [ ED4A53B4F764C7B2C5EDD5115563FD0B, 3BEAC7CE97B758AC3E25207035C705D6D9E7C949993FD91E4D3D75CDB83A3148 ] FreeOTFECypherBlowfish C:\Windows\System32\FreeOTFECypherBlowfish.sys
12:53:17.0642 0x0e64  FreeOTFECypherBlowfish - detected UnsignedFile.Multi.Generic ( 1 )
12:53:20.0856 0x0e64  Detect skipped due to KSN trusted
12:53:20.0856 0x0e64  FreeOTFECypherBlowfish - ok
12:53:21.0199 0x0e64  [ AE32EE259E8E990CF4F1198BDF326E0C, 65CAF603608E63A83A26C1FB0641BFC3299BBE008AE33B1AEA5B1B8FEB2DB25E ] FreeOTFECypherCAST5 C:\Windows\System32\FreeOTFECypherCAST5.sys
12:53:21.0324 0x0e64  FreeOTFECypherCAST5 - detected UnsignedFile.Multi.Generic ( 1 )
12:53:24.0522 0x0e64  Detect skipped due to KSN trusted
12:53:24.0522 0x0e64  FreeOTFECypherCAST5 - ok
12:53:24.0569 0x0e64  [ 569907D3F6FF1102F2DBBF7681DE2090, EAAAB15B55AC132D8D9D35385B4F58712AA3BED3AFC297E041B1581042644844 ] FreeOTFECypherCAST6_Gladman C:\Windows\System32\FreeOTFECypherCAST6_Gladman.sys
12:53:24.0709 0x0e64  FreeOTFECypherCAST6_Gladman - detected UnsignedFile.Multi.Generic ( 1 )
12:53:27.0813 0x0e64  Detect skipped due to KSN trusted
12:53:27.0813 0x0e64  FreeOTFECypherCAST6_Gladman - ok
12:53:28.0235 0x0e64  [ F4115BE533D587D45B73537E2DC5CEE0, DECF8D88DDE07985997859E46DC2079C6A126DEE1627BA5049D80ECDD3A93F79 ] FreeOTFECypherDES C:\Windows\System32\FreeOTFECypherDES.sys
12:53:28.0344 0x0e64  FreeOTFECypherDES - detected UnsignedFile.Multi.Generic ( 1 )
12:53:31.0495 0x0e64  Detect skipped due to KSN trusted
12:53:31.0495 0x0e64  FreeOTFECypherDES - ok
12:53:31.0979 0x0e64  [ 3BE9D660C1762B3E5CCCF1989D61F175, 53873AFD07A3A7236F8BF78FC75ECE112A0E61B1CB7A0E9EEB8CBA597BADEF91 ] FreeOTFECypherMARS_Gladman C:\Windows\System32\FreeOTFECypherMARS_Gladman.sys
12:53:32.0119 0x0e64  FreeOTFECypherMARS_Gladman - detected UnsignedFile.Multi.Generic ( 1 )
12:53:35.0301 0x0e64  Detect skipped due to KSN trusted
12:53:35.0301 0x0e64  FreeOTFECypherMARS_Gladman - ok
12:53:35.0504 0x0e64  [ 6C21C420316A21840687AFCCF1303D6F, 4342FA24B1A764F419D01785EBE2EB629B900E71E5F91578A9E567A5C97F2431 ] FreeOTFECypherRC6_ltc C:\Windows\System32\FreeOTFECypherRC6_ltc.sys
12:53:35.0613 0x0e64  FreeOTFECypherRC6_ltc - detected UnsignedFile.Multi.Generic ( 1 )
12:53:38.0749 0x0e64  Detect skipped due to KSN trusted
12:53:38.0749 0x0e64  FreeOTFECypherRC6_ltc - ok
12:53:39.0623 0x0e64  [ 6BA43C47F61D04E80A8A0876F121F8E1, D4461D13A67903BEFBEE3A485855B95B5C213CD19847764699F612F08DF58D54 ] FreeOTFECypherSerpent_Gladman C:\Windows\System32\FreeOTFECypherSerpent_Gladman.sys
12:53:39.0716 0x0e64  FreeOTFECypherSerpent_Gladman - detected UnsignedFile.Multi.Generic ( 1 )
12:53:42.0930 0x0e64  Detect skipped due to KSN trusted
12:53:42.0930 0x0e64  FreeOTFECypherSerpent_Gladman - ok
12:53:43.0179 0x0e64  [ F7DE6CC793793DDFE6EBE1C092721968, 677519D09CF390E04309C631139ACAA113E278317FCD351B28267274001DEA5B ] FreeOTFECypherTwofish_ltc C:\Windows\System32\FreeOTFECypherTwofish_ltc.sys
12:53:43.0273 0x0e64  FreeOTFECypherTwofish_ltc - detected UnsignedFile.Multi.Generic ( 1 )
12:53:46.0440 0x0e64  Detect skipped due to KSN trusted
12:53:46.0440 0x0e64  FreeOTFECypherTwofish_ltc - ok
12:53:46.0877 0x0e64  [ 3EA3DDBD388278C9E1AC546D72813A35, 99D41D88CDC8D99DC201D855A97506433B411CA6584A7858CA26B7C356AF2F92 ] FreeOTFEHashMD  C:\Windows\System32\FreeOTFEHashMD.sys
12:53:46.0986 0x0e64  FreeOTFEHashMD - detected UnsignedFile.Multi.Generic ( 1 )
12:53:50.0153 0x0e64  Detect skipped due to KSN trusted
12:53:50.0153 0x0e64  FreeOTFEHashMD - ok
12:53:50.0199 0x0e64  [ AE57E50A3D85F9AABCCBCE4D8C38071D, DB97C7A5635BBE89986F535543414848A8BD8D1E337ED5DF33CC329D6ECB4266 ] FreeOTFEHashRIPEMD C:\Windows\System32\FreeOTFEHashRIPEMD.sys
12:53:50.0309 0x0e64  FreeOTFEHashRIPEMD - detected UnsignedFile.Multi.Generic ( 1 )
12:53:53.0444 0x0e64  Detect skipped due to KSN trusted
12:53:53.0444 0x0e64  FreeOTFEHashRIPEMD - ok
12:53:54.0084 0x0e64  [ A2FC13C28B03F3D16BFD862544890DB2, 5BF6C8384A73939A6525C22D5D9E773242825DF23E208822BE0C6A663D2D00B2 ] FreeOTFEHashSHA C:\Windows\System32\FreeOTFEHashSHA.sys
12:53:54.0177 0x0e64  FreeOTFEHashSHA - detected UnsignedFile.Multi.Generic ( 1 )
12:53:57.0375 0x0e64  Detect skipped due to KSN trusted
12:53:57.0375 0x0e64  FreeOTFEHashSHA - ok
12:53:58.0187 0x0e64  [ 62E7CA4F9E08B6DA2A83C4999F3442A5, 9989D92302EE24F3144029DDEBE2F0EDEA7A0F051C2D31B29CF47F950B65D1D9 ] FreeOTFEHashTiger C:\Windows\System32\FreeOTFEHashTiger.sys
12:53:58.0265 0x0e64  FreeOTFEHashTiger - detected UnsignedFile.Multi.Generic ( 1 )
12:54:01.0385 0x0e64  Detect skipped due to KSN trusted
12:54:01.0385 0x0e64  FreeOTFEHashTiger - ok
12:54:01.0431 0x0e64  [ EE5F32444F76D03E577752978F932572, A2679D78F87C9D44633E8DFF593086FF6B46B892110E6ECB5B1252686271B8BA ] FreeOTFEHashWhirlpool C:\Windows\System32\FreeOTFEHashWhirlpool.sys
12:54:01.0541 0x0e64  FreeOTFEHashWhirlpool - detected UnsignedFile.Multi.Generic ( 1 )
12:54:04.0661 0x0e64  Detect skipped due to KSN trusted
12:54:04.0661 0x0e64  FreeOTFEHashWhirlpool - ok
12:54:05.0113 0x0e64  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
12:54:05.0144 0x0e64  FsDepends - ok
12:54:05.0175 0x0e64  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
12:54:05.0222 0x0e64  Fs_Rec - ok
12:54:05.0269 0x0e64  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
12:54:05.0316 0x0e64  fvevol - ok
12:54:05.0363 0x0e64  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
12:54:05.0409 0x0e64  gagp30kx - ok
12:54:05.0472 0x0e64  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\windows\System32\gpsvc.dll
12:54:05.0612 0x0e64  gpsvc - ok
12:54:05.0690 0x0e64  [ CEC45180029F1012054A41CEEEA9CEAB, FCE330FB9E4A9BA0BD1C31D94A5A73034175DB5FF4115009B3B3FFE327E31995 ] grmnusb         C:\windows\system32\drivers\grmnusb.sys
12:54:05.0721 0x0e64  grmnusb - ok
12:54:05.0831 0x0e64  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
12:54:05.0862 0x0e64  gupdate - ok
12:54:05.0877 0x0e64  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:54:05.0924 0x0e64  gupdatem - ok
12:54:05.0955 0x0e64  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
12:54:06.0033 0x0e64  hcw85cir - ok
12:54:06.0111 0x0e64  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
12:54:06.0205 0x0e64  HdAudAddService - ok
12:54:06.0267 0x0e64  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
12:54:06.0345 0x0e64  HDAudBus - ok
12:54:06.0392 0x0e64  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
12:54:06.0455 0x0e64  HidBatt - ok
12:54:06.0486 0x0e64  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
12:54:06.0564 0x0e64  HidBth - ok
12:54:06.0611 0x0e64  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
12:54:06.0673 0x0e64  HidIr - ok
12:54:06.0704 0x0e64  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\windows\system32\hidserv.dll
12:54:06.0813 0x0e64  hidserv - ok
12:54:06.0876 0x0e64  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
12:54:07.0001 0x0e64  HidUsb - ok
12:54:07.0047 0x0e64  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\windows\system32\kmsvc.dll
12:54:07.0125 0x0e64  hkmsvc - ok
12:54:07.0157 0x0e64  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\windows\system32\ListSvc.dll
12:54:07.0250 0x0e64  HomeGroupListener - ok
12:54:07.0313 0x0e64  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\windows\system32\provsvc.dll
12:54:07.0391 0x0e64  HomeGroupProvider - ok
12:54:07.0437 0x0e64  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
12:54:07.0469 0x0e64  HpSAMD - ok
12:54:07.0547 0x0e64  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\windows\system32\drivers\HTTP.sys
12:54:07.0656 0x0e64  HTTP - ok
12:54:07.0687 0x0e64  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
12:54:07.0718 0x0e64  hwpolicy - ok
12:54:07.0765 0x0e64  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
12:54:07.0812 0x0e64  i8042prt - ok
12:54:07.0890 0x0e64  [ D80AA0907748D7CC8EFAB3773F32629B, BEE52B4E6099B5B8CA5D6D4DE4A90B124AC7E3EE4A69565BFDD227AF261B6242 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
12:54:07.0937 0x0e64  iaStor - ok
12:54:07.0999 0x0e64  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
12:54:08.0046 0x0e64  iaStorV - ok
12:54:08.0233 0x0e64  [ DABFBE88774A3C1A8CEA198348E02740, 29B764BEBF5F9A54053E5EFEAD758308822476828857C743248F235740189B4A ] IconMan_R       C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
12:54:08.0810 0x0e64  IconMan_R - detected UnsignedFile.Multi.Generic ( 1 )
12:54:11.0852 0x0e64  Detect skipped due to KSN trusted
12:54:11.0852 0x0e64  IconMan_R - ok
12:54:12.0133 0x0e64  [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:54:12.0242 0x0e64  idsvc - ok
12:54:12.0289 0x0e64  IEEtwCollectorService - ok
12:54:12.0648 0x0e64  [ D0074897C6BC132F3980EA4654BF7FB9, 53F4B0286A6CF974135E6F184E05975BD436FA4D45687B6E47E013A8D57D0E05 ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
12:54:13.0319 0x0e64  igfx - ok
12:54:13.0381 0x0e64  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
12:54:13.0412 0x0e64  iirsp - ok
12:54:13.0506 0x0e64  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\windows\System32\ikeext.dll
12:54:13.0615 0x0e64  IKEEXT - ok
12:54:13.0896 0x0e64  [ CFA2D161B146425A3356DA92AE59A6F6, E58824F5DF2AAB14A04E413F9B76FC6754CEE3B46831B62526B33D5474177AE4 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
12:54:14.0192 0x0e64  IntcAzAudAddService - ok
12:54:14.0255 0x0e64  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\windows\system32\drivers\intelide.sys
12:54:14.0286 0x0e64  intelide - ok
12:54:14.0333 0x0e64  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
12:54:14.0379 0x0e64  intelppm - ok
12:54:14.0426 0x0e64  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
12:54:14.0535 0x0e64  IPBusEnum - ok
12:54:14.0567 0x0e64  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
12:54:14.0676 0x0e64  IpFilterDriver - ok
12:54:14.0754 0x0e64  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
12:54:14.0847 0x0e64  iphlpsvc - ok
12:54:14.0879 0x0e64  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
12:54:14.0957 0x0e64  IPMIDRV - ok
12:54:15.0003 0x0e64  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
12:54:15.0113 0x0e64  IPNAT - ok
12:54:15.0159 0x0e64  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\windows\system32\drivers\irenum.sys
12:54:15.0237 0x0e64  IRENUM - ok
12:54:15.0269 0x0e64  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\windows\system32\drivers\isapnp.sys
12:54:15.0315 0x0e64  isapnp - ok
12:54:15.0362 0x0e64  [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
12:54:15.0409 0x0e64  iScsiPrt - ok
12:54:15.0440 0x0e64  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
12:54:15.0471 0x0e64  kbdclass - ok
12:54:15.0518 0x0e64  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
12:54:15.0581 0x0e64  kbdhid - ok
12:54:15.0612 0x0e64  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] KeyIso          C:\windows\system32\lsass.exe
12:54:15.0643 0x0e64  KeyIso - ok
12:54:15.0705 0x0e64  [ F286830298323272260332D6ABC905C1, FF4CD182A95CA53119B228690D682EE9214BE131A0DBCB09B6189FBEBBFF902C ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
12:54:15.0737 0x0e64  KSecDD - ok
12:54:15.0799 0x0e64  [ D7C760D57B1656DD748B9E4AB6CB5A51, F8AE4185A6A9F7005DEFF1FDC03F395C6189825B482B8C650637FD29DE93AB68 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
12:54:15.0830 0x0e64  KSecPkg - ok
12:54:15.0893 0x0e64  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\windows\system32\msdtckrm.dll
12:54:16.0033 0x0e64  KtmRm - ok
12:54:16.0080 0x0e64  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\windows\system32\srvsvc.dll
12:54:16.0189 0x0e64  LanmanServer - ok
12:54:16.0236 0x0e64  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
12:54:16.0329 0x0e64  LanmanWorkstation - ok
12:54:16.0407 0x0e64  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
12:54:16.0517 0x0e64  lltdio - ok
12:54:16.0563 0x0e64  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\windows\System32\lltdsvc.dll
12:54:16.0673 0x0e64  lltdsvc - ok
12:54:16.0719 0x0e64  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\windows\System32\lmhsvc.dll
12:54:16.0813 0x0e64  lmhosts - ok
12:54:16.0875 0x0e64  LMIInfo - ok
12:54:16.0907 0x0e64  [ 4477689E2D8AE6B78BA34C9AF4CC1ED1, 0BC8AF546901E6C20611C5250BD65ACD0C4A8613BD8F8835F0D4680B5777F051 ] lmimirr         C:\windows\system32\DRIVERS\lmimirr.sys
12:54:16.0938 0x0e64  lmimirr - ok
12:54:16.0985 0x0e64  LMIRfsClientNP - ok
12:54:17.0031 0x0e64  [ 3FAA563DDF853320F90259D455A01D79, D81B5FCC0CBCF9CE18E44A31071D357B12F5016159E24954E50E68D80C9F61B8 ] LMIRfsDriver    C:\windows\system32\drivers\LMIRfsDriver.sys
12:54:17.0063 0x0e64  LMIRfsDriver - ok
12:54:17.0094 0x0e64  [ 6ADAB14D7AD12B35BDC665B35278099B, 37E55AA5374504A2C20551F404B3653B068A4D7FEC6B614DAA37B4D32A7C25FF ] LPCFilter       C:\windows\system32\DRIVERS\LPCFilter.sys
12:54:17.0125 0x0e64  LPCFilter - ok
12:54:17.0172 0x0e64  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
12:54:17.0219 0x0e64  LSI_FC - ok
12:54:17.0234 0x0e64  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
12:54:17.0281 0x0e64  LSI_SAS - ok
12:54:17.0312 0x0e64  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
12:54:17.0343 0x0e64  LSI_SAS2 - ok
12:54:17.0375 0x0e64  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
12:54:17.0437 0x0e64  LSI_SCSI - ok
12:54:17.0468 0x0e64  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\windows\system32\drivers\luafv.sys
12:54:17.0562 0x0e64  luafv - ok
12:54:17.0702 0x0e64  [ BA1347822D01B2D29C14CF09663A6457, AF300C059017CA06FA7D0DC5E148159A6EE509CEF9DC6E90557BA38ACF3185E8 ] LVRS            C:\windows\system32\DRIVERS\lvrs.sys
12:54:17.0765 0x0e64  LVRS - ok
12:54:18.0108 0x0e64  [ E2C99D3B692BA2173114C9DF79313B70, D2B1F052198EFBFAA49D52EFAE2614D7CBE25AE5DA9B4008602483B4A128512A ] LVUVC           C:\windows\system32\DRIVERS\lvuvc.sys
12:54:18.0498 0x0e64  LVUVC - ok
12:54:18.0763 0x0e64  [ E9251EB760BD49AA99CDAC57569278B7, 60B1F0B6504C673580B1C33ABBB3D1C53ABB248C6A421115AD13B4BDFE59E099 ] lxdcCATSCustConnectService C:\windows\system32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
12:54:18.0810 0x0e64  lxdcCATSCustConnectService - ok
12:54:18.0872 0x0e64  lxdc_device - ok
12:54:18.0935 0x0e64  [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
12:54:18.0981 0x0e64  MBAMProtector - ok
12:54:19.0075 0x0e64  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:54:19.0137 0x0e64  MBAMScheduler - ok
12:54:19.0262 0x0e64  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:54:19.0356 0x0e64  MBAMService - ok
12:54:19.0387 0x0e64  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
12:54:19.0434 0x0e64  megasas - ok
12:54:19.0481 0x0e64  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
12:54:19.0543 0x0e64  MegaSR - ok
12:54:19.0621 0x0e64  Microsoft SharePoint Workspace Audit Service - ok
12:54:19.0652 0x0e64  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\windows\system32\mmcss.dll
12:54:19.0730 0x0e64  MMCSS - ok
12:54:19.0761 0x0e64  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\windows\system32\drivers\modem.sys
12:54:19.0855 0x0e64  Modem - ok
12:54:19.0917 0x0e64  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
12:54:19.0980 0x0e64  monitor - ok
12:54:20.0027 0x0e64  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
12:54:20.0073 0x0e64  mouclass - ok
12:54:20.0120 0x0e64  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
12:54:20.0214 0x0e64  mouhid - ok
12:54:20.0276 0x0e64  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
12:54:20.0307 0x0e64  mountmgr - ok
12:54:20.0401 0x0e64  [ E77DC03DD3C8E5A388BF9EED2A28F3D1, ED0DAA975D1EC35CE036F02596218E15CC6A054167628D12A0A5AD91B841F422 ] MpFilter        C:\windows\system32\DRIVERS\MpFilter.sys
12:54:20.0448 0x0e64  MpFilter - ok
12:54:20.0479 0x0e64  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\windows\system32\drivers\mpio.sys
12:54:20.0526 0x0e64  mpio - ok
12:54:20.0573 0x0e64  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
12:54:20.0666 0x0e64  mpsdrv - ok
12:54:20.0744 0x0e64  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\windows\system32\mpssvc.dll
12:54:20.0869 0x0e64  MpsSvc - ok
12:54:20.0931 0x0e64  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
12:54:21.0025 0x0e64  MRxDAV - ok
12:54:21.0072 0x0e64  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
12:54:21.0165 0x0e64  mrxsmb - ok
12:54:21.0212 0x0e64  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
12:54:21.0259 0x0e64  mrxsmb10 - ok
12:54:21.0399 0x0e64  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
12:54:21.0462 0x0e64  mrxsmb20 - ok
12:54:21.0509 0x0e64  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\windows\system32\drivers\msahci.sys
12:54:21.0540 0x0e64  msahci - ok
12:54:21.0587 0x0e64  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\windows\system32\drivers\msdsm.sys
12:54:21.0633 0x0e64  msdsm - ok
12:54:21.0665 0x0e64  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\windows\System32\msdtc.exe
12:54:21.0727 0x0e64  MSDTC - ok
12:54:21.0789 0x0e64  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\windows\system32\drivers\Msfs.sys
12:54:21.0867 0x0e64  Msfs - ok
12:54:21.0899 0x0e64  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
12:54:21.0992 0x0e64  mshidkmdf - ok
12:54:22.0039 0x0e64  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
12:54:22.0070 0x0e64  msisadrv - ok
12:54:22.0133 0x0e64  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\windows\system32\iscsiexe.dll
12:54:22.0242 0x0e64  MSiSCSI - ok
12:54:22.0257 0x0e64  msiserver - ok
12:54:22.0304 0x0e64  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
12:54:22.0382 0x0e64  MSKSSRV - ok
12:54:22.0445 0x0e64  [ B0F49DA36F30922F5DDC3B623B778FCE, EE025AEFA4A2095AFEABFB3A49639DA77D78068A3F5EEDA6C15D34853AFD5609 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:54:22.0491 0x0e64  MsMpSvc - ok
12:54:22.0523 0x0e64  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
12:54:22.0616 0x0e64  MSPCLOCK - ok
12:54:22.0663 0x0e64  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
12:54:22.0757 0x0e64  MSPQM - ok
12:54:22.0803 0x0e64  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
12:54:22.0850 0x0e64  MsRPC - ok
12:54:22.0897 0x0e64  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
12:54:22.0928 0x0e64  mssmbios - ok
12:54:22.0959 0x0e64  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
12:54:23.0037 0x0e64  MSTEE - ok
12:54:23.0084 0x0e64  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
12:54:23.0193 0x0e64  MTConfig - ok
12:54:23.0225 0x0e64  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\windows\system32\Drivers\mup.sys
12:54:23.0256 0x0e64  Mup - ok
12:54:23.0318 0x0e64  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\windows\system32\qagentRT.dll
12:54:23.0443 0x0e64  napagent - ok
12:54:23.0521 0x0e64  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
12:54:23.0583 0x0e64  NativeWifiP - ok
12:54:23.0661 0x0e64  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\windows\system32\drivers\ndis.sys
12:54:23.0755 0x0e64  NDIS - ok
12:54:23.0786 0x0e64  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
12:54:23.0880 0x0e64  NdisCap - ok
12:54:23.0911 0x0e64  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
12:54:24.0005 0x0e64  NdisTapi - ok
12:54:24.0067 0x0e64  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
12:54:24.0145 0x0e64  Ndisuio - ok
12:54:24.0207 0x0e64  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
12:54:24.0301 0x0e64  NdisWan - ok
12:54:24.0348 0x0e64  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
12:54:24.0441 0x0e64  NDProxy - ok
12:54:24.0504 0x0e64  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
12:54:24.0582 0x0e64  NetBIOS - ok
12:54:24.0629 0x0e64  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
12:54:24.0722 0x0e64  NetBT - ok
12:54:24.0753 0x0e64  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] Netlogon        C:\windows\system32\lsass.exe
12:54:24.0785 0x0e64  Netlogon - ok
12:54:24.0847 0x0e64  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\windows\System32\netman.dll
12:54:24.0956 0x0e64  Netman - ok
12:54:25.0019 0x0e64  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:54:25.0050 0x0e64  NetMsmqActivator - ok
12:54:25.0065 0x0e64  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:54:25.0112 0x0e64  NetPipeActivator - ok
12:54:25.0175 0x0e64  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\windows\System32\netprofm.dll
12:54:25.0299 0x0e64  netprofm - ok
12:54:25.0362 0x0e64  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:54:25.0393 0x0e64  NetTcpActivator - ok
12:54:25.0424 0x0e64  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:54:25.0455 0x0e64  NetTcpPortSharing - ok
12:54:25.0502 0x0e64  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
12:54:25.0533 0x0e64  nfrd960 - ok
12:54:25.0611 0x0e64  [ 32FF06EC6D946EF791D98D6C838A3090, 319BDD491CB22D0CCCCE76A2854CF469D7AF046289F9C56CD03AE3D3CBC0275E ] NisDrv          C:\windows\system32\DRIVERS\NisDrvWFP.sys
12:54:25.0658 0x0e64  NisDrv - ok
12:54:25.0736 0x0e64  [ 42D33042371BFB1A7D40834590CAFD30, 53DA3618EC10293B2DF686E291A4EF6ACBBD41D116EC762D54106D201A784E87 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
12:54:25.0814 0x0e64  NisSrv - ok
12:54:25.0861 0x0e64  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\windows\System32\nlasvc.dll
12:54:25.0955 0x0e64  NlaSvc - ok
12:54:25.0986 0x0e64  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\windows\system32\drivers\Npfs.sys
12:54:26.0064 0x0e64  Npfs - ok
12:54:26.0095 0x0e64  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\windows\system32\nsisvc.dll
12:54:26.0204 0x0e64  nsi - ok
12:54:26.0235 0x0e64  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
12:54:26.0329 0x0e64  nsiproxy - ok
12:54:26.0469 0x0e64  [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
12:54:26.0594 0x0e64  Ntfs - ok
12:54:26.0657 0x0e64  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\windows\system32\drivers\Null.sys
12:54:26.0750 0x0e64  Null - ok
12:54:26.0813 0x0e64  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\windows\system32\drivers\nvraid.sys
12:54:26.0844 0x0e64  nvraid - ok
12:54:26.0875 0x0e64  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\windows\system32\drivers\nvstor.sys
12:54:26.0922 0x0e64  nvstor - ok
12:54:26.0969 0x0e64  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
12:54:27.0000 0x0e64  nv_agp - ok
12:54:27.0031 0x0e64  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
12:54:27.0109 0x0e64  ohci1394 - ok
12:54:27.0218 0x0e64  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:54:27.0265 0x0e64  ose - ok
12:54:27.0655 0x0e64  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:54:28.0108 0x0e64  osppsvc - ok
12:54:28.0342 0x0e64  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
12:54:28.0451 0x0e64  p2pimsvc - ok
12:54:28.0498 0x0e64  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\windows\system32\p2psvc.dll
12:54:28.0576 0x0e64  p2psvc - ok
12:54:28.0622 0x0e64  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\windows\system32\DRIVERS\parport.sys
12:54:28.0685 0x0e64  Parport - ok
12:54:28.0732 0x0e64  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\windows\system32\drivers\partmgr.sys
12:54:28.0763 0x0e64  partmgr - ok
12:54:28.0810 0x0e64  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
12:54:28.0872 0x0e64  Parvdm - ok
12:54:28.0919 0x0e64  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\windows\System32\pcasvc.dll
12:54:29.0044 0x0e64  PcaSvc - ok
12:54:29.0106 0x0e64  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\windows\system32\drivers\pci.sys
12:54:29.0153 0x0e64  pci - ok
12:54:29.0184 0x0e64  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\windows\system32\drivers\pciide.sys
12:54:29.0215 0x0e64  pciide - ok
12:54:29.0262 0x0e64  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
12:54:29.0309 0x0e64  pcmcia - ok
12:54:29.0340 0x0e64  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\windows\system32\drivers\pcw.sys
12:54:29.0371 0x0e64  pcw - ok
12:54:29.0465 0x0e64  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\windows\system32\drivers\peauth.sys
12:54:29.0605 0x0e64  PEAUTH - ok
12:54:29.0683 0x0e64  [ 1B5011DD8D57F53AED31FF0F7D635802, FA4D0DD592DAA27A3F7D4881B8675E3B40E2479B2D2912F2BF132E7FC13FF80A ] PGEffect        C:\windows\system32\DRIVERS\pgeffect.sys
12:54:29.0777 0x0e64  PGEffect - ok
12:54:29.0980 0x0e64  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\windows\system32\pla.dll
12:54:30.0292 0x0e64  pla - ok
12:54:30.0385 0x0e64  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\windows\system32\umpnpmgr.dll
12:54:30.0541 0x0e64  PlugPlay - ok
12:54:30.0619 0x0e64  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
12:54:30.0682 0x0e64  PNRPAutoReg - ok
12:54:30.0713 0x0e64  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
12:54:30.0791 0x0e64  PNRPsvc - ok
12:54:30.0869 0x0e64  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
12:54:31.0009 0x0e64  PolicyAgent - ok
12:54:31.0072 0x0e64  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\windows\system32\umpo.dll
12:54:31.0181 0x0e64  Power - ok
12:54:31.0228 0x0e64  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
12:54:31.0337 0x0e64  PptpMiniport - ok
12:54:31.0384 0x0e64  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\windows\system32\DRIVERS\processr.sys
12:54:31.0446 0x0e64  Processor - ok
12:54:31.0524 0x0e64  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\windows\system32\profsvc.dll
12:54:31.0633 0x0e64  ProfSvc - ok
12:54:31.0664 0x0e64  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] ProtectedStorage C:\windows\system32\lsass.exe
12:54:31.0711 0x0e64  ProtectedStorage - ok
12:54:31.0742 0x0e64  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
12:54:31.0867 0x0e64  Psched - ok
12:54:31.0930 0x0e64  [ 68B57D7C11277EA89F78255480376B4D, 5530B58126BF33E6BCDED99C73C41B90BA148587BDA3866FD4DAD12035B302B5 ] PSI             C:\windows\system32\DRIVERS\psi_mf_x86.sys
12:54:32.0023 0x0e64  PSI - ok
12:54:32.0164 0x0e64  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
12:54:32.0304 0x0e64  ql2300 - ok
12:54:32.0351 0x0e64  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
12:54:32.0382 0x0e64  ql40xx - ok
12:54:32.0444 0x0e64  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\windows\system32\qwave.dll
12:54:32.0507 0x0e64  QWAVE - ok
12:54:32.0538 0x0e64  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
12:54:32.0585 0x0e64  QWAVEdrv - ok
12:54:32.0616 0x0e64  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
12:54:32.0725 0x0e64  RasAcd - ok
12:54:32.0772 0x0e64  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
12:54:32.0866 0x0e64  RasAgileVpn - ok
12:54:32.0928 0x0e64  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\windows\System32\rasauto.dll
12:54:33.0006 0x0e64  RasAuto - ok
12:54:33.0037 0x0e64  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
12:54:33.0146 0x0e64  Rasl2tp - ok
12:54:33.0209 0x0e64  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\windows\System32\rasmans.dll
12:54:33.0302 0x0e64  RasMan - ok
12:54:33.0349 0x0e64  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
12:54:33.0427 0x0e64  RasPppoe - ok
12:54:33.0474 0x0e64  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
12:54:33.0568 0x0e64  RasSstp - ok
12:54:33.0630 0x0e64  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
12:54:33.0724 0x0e64  rdbss - ok
12:54:33.0786 0x0e64  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
12:54:33.0833 0x0e64  rdpbus - ok
12:54:33.0864 0x0e64  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
12:54:33.0958 0x0e64  RDPCDD - ok
12:54:34.0004 0x0e64  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
12:54:34.0098 0x0e64  RDPENCDD - ok
12:54:34.0145 0x0e64  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
12:54:34.0223 0x0e64  RDPREFMP - ok
12:54:34.0301 0x0e64  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
12:54:34.0348 0x0e64  RdpVideoMiniport - ok
12:54:34.0394 0x0e64  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
12:54:34.0550 0x0e64  RDPWD - ok
12:54:34.0597 0x0e64  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
12:54:34.0660 0x0e64  rdyboost - ok
12:54:34.0691 0x0e64  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\windows\System32\mprdim.dll
12:54:34.0800 0x0e64  RemoteAccess - ok
12:54:34.0847 0x0e64  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\windows\system32\regsvc.dll
12:54:34.0956 0x0e64  RemoteRegistry - ok
12:54:35.0018 0x0e64  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
12:54:35.0096 0x0e64  RpcEptMapper - ok
12:54:35.0128 0x0e64  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\windows\system32\locator.exe
12:54:35.0206 0x0e64  RpcLocator - ok
12:54:35.0268 0x0e64  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\windows\system32\rpcss.dll
12:54:35.0362 0x0e64  RpcSs - ok
12:54:35.0408 0x0e64  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
12:54:35.0502 0x0e64  rspndr - ok
12:54:35.0580 0x0e64  [ B38E89386993E69A959B941561F3E5F3, 059B8C8BC01188092E1D6154482A849AF1541E323EA85B4DD0AF09690EDF8AF4 ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
12:54:35.0611 0x0e64  RSUSBSTOR - ok
12:54:35.0674 0x0e64  [ 5283B9A27FF230F2FF70D92451FF409A, B8BAC70E1DE4485C79CA7B47D4DCFE0223CECEA8ED75CE4F128D47051F95FE5D ] RTL8167         C:\windows\system32\DRIVERS\Rt86win7.sys
12:54:35.0736 0x0e64  RTL8167 - ok
12:54:35.0845 0x0e64  [ 9F9858402E5DCE7B6123734D4C26CECB, 5924F3DBCE1A0E4FB4FE953732A4B889D86BB5B92DA9704A5A753654859CFC32 ] RTL8192Ce       C:\windows\system32\DRIVERS\rtl8192Ce.sys
12:54:35.0939 0x0e64  RTL8192Ce - ok
12:54:35.0970 0x0e64  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] SamSs           C:\windows\system32\lsass.exe
12:54:36.0017 0x0e64  SamSs - ok
12:54:36.0079 0x0e64  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
12:54:36.0110 0x0e64  sbp2port - ok
12:54:36.0142 0x0e64  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\windows\System32\SCardSvr.dll
12:54:36.0235 0x0e64  SCardSvr - ok
12:54:36.0266 0x0e64  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
12:54:36.0360 0x0e64  scfilter - ok
12:54:36.0454 0x0e64  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\windows\system32\schedsvc.dll
12:54:36.0625 0x0e64  Schedule - ok
12:54:36.0688 0x0e64  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\windows\System32\certprop.dll
12:54:36.0750 0x0e64  SCPolicySvc - ok
12:54:36.0797 0x0e64  [ 624795DF1993B955B0C0A03A4612F2EC, 6FC7CF5D8695510C2588302CA53A2052C8007A7E2777C1488FB531D1188FF5DC ] SCR3XX2K        C:\windows\system32\DRIVERS\SCR3XX2K.sys
12:54:36.0875 0x0e64  SCR3XX2K - ok
12:54:36.0906 0x0e64  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\windows\System32\SDRSVC.dll
12:54:37.0015 0x0e64  SDRSVC - ok
12:54:37.0046 0x0e64  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\windows\system32\drivers\secdrv.sys
12:54:37.0156 0x0e64  secdrv - ok
12:54:37.0202 0x0e64  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\windows\system32\seclogon.dll
12:54:37.0296 0x0e64  seclogon - ok
12:54:37.0452 0x0e64  [ E43C0D32FF2D9A72F2D975B83B916964, 48EA724E1131DF080EFA54708EDC6C1F351FC741611B0E7AA6AE71A689E95D53 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
12:54:38.0138 0x0e64  Secunia PSI Agent - ok
12:54:38.0216 0x0e64  [ CB2D183E27D1443F7D4CF10665B2BDED, 90D55D22BC224DE9C193D98AC6C7C73799F73933E77F874D83EA7CEA2F38B891 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
12:54:38.0731 0x0e64  Secunia Update Agent - ok
12:54:38.0762 0x0e64  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\windows\System32\sens.dll
12:54:38.0872 0x0e64  SENS - ok
12:54:38.0918 0x0e64  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
12:54:38.0950 0x0e64  Serenum - ok
12:54:38.0996 0x0e64  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\windows\system32\DRIVERS\serial.sys
12:54:39.0059 0x0e64  Serial - ok
12:54:39.0121 0x0e64  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
12:54:39.0168 0x0e64  sermouse - ok
12:54:39.0230 0x0e64  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\windows\system32\sessenv.dll
12:54:39.0308 0x0e64  SessionEnv - ok
12:54:39.0355 0x0e64  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
12:54:39.0418 0x0e64  sffdisk - ok
12:54:39.0449 0x0e64  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
12:54:39.0527 0x0e64  sffp_mmc - ok
12:54:39.0574 0x0e64  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
12:54:39.0636 0x0e64  sffp_sd - ok
12:54:39.0667 0x0e64  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
12:54:39.0714 0x0e64  sfloppy - ok
12:54:39.0792 0x0e64  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\windows\System32\ipnathlp.dll
12:54:39.0917 0x0e64  SharedAccess - ok
12:54:39.0979 0x0e64  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\windows\System32\shsvcs.dll
12:54:40.0073 0x0e64  ShellHWDetection - ok
12:54:40.0135 0x0e64  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\windows\system32\drivers\sisagp.sys
12:54:40.0166 0x0e64  sisagp - ok
12:54:40.0213 0x0e64  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
12:54:40.0244 0x0e64  SiSRaid2 - ok
12:54:40.0276 0x0e64  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
12:54:40.0307 0x0e64  SiSRaid4 - ok
12:54:40.0354 0x0e64  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\windows\system32\DRIVERS\smb.sys
12:54:40.0432 0x0e64  Smb - ok
12:54:40.0510 0x0e64  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
12:54:40.0541 0x0e64  SNMPTRAP - ok
12:54:40.0572 0x0e64  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\windows\system32\drivers\spldr.sys
12:54:40.0603 0x0e64  spldr - ok
12:54:40.0666 0x0e64  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\windows\System32\spoolsv.exe
12:54:40.0775 0x0e64  Spooler - ok
12:54:41.0056 0x0e64  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\windows\system32\sppsvc.exe
12:54:41.0602 0x0e64  sppsvc - ok
12:54:41.0648 0x0e64  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\windows\system32\sppuinotify.dll
12:54:41.0773 0x0e64  sppuinotify - ok
12:54:41.0836 0x0e64  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\windows\system32\DRIVERS\srv.sys
12:54:41.0945 0x0e64  srv - ok
12:54:41.0976 0x0e64  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
12:54:42.0038 0x0e64  srv2 - ok
12:54:42.0085 0x0e64  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
12:54:42.0132 0x0e64  srvnet - ok
12:54:42.0163 0x0e64  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
12:54:42.0257 0x0e64  SSDPSRV - ok
12:54:42.0319 0x0e64  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\windows\system32\sstpsvc.dll
12:54:42.0428 0x0e64  SstpSvc - ok
12:54:42.0475 0x0e64  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
12:54:42.0506 0x0e64  stexstor - ok
12:54:42.0569 0x0e64  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\windows\System32\wiaservc.dll
12:54:42.0694 0x0e64  StiSvc - ok
12:54:42.0740 0x0e64  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\windows\system32\drivers\swenum.sys
12:54:42.0772 0x0e64  swenum - ok
12:54:42.0834 0x0e64  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\windows\System32\swprv.dll
12:54:42.0959 0x0e64  swprv - ok
12:54:43.0037 0x0e64  [ 9A28F1C47CE0C8BBC02AAF5941AB44CD, E04A5F9AB270B0678015159CBFB676A51132E6535252297DB7A9B5B6F65E6577 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
12:54:43.0084 0x0e64  SynTP - ok
12:54:43.0177 0x0e64  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\windows\system32\sysmain.dll
12:54:43.0349 0x0e64  SysMain - ok
12:54:43.0411 0x0e64  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\windows\System32\TabSvc.dll
12:54:43.0489 0x0e64  TabletInputService - ok
12:54:43.0552 0x0e64  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\windows\System32\tapisrv.dll
12:54:43.0661 0x0e64  TapiSrv - ok
12:54:43.0708 0x0e64  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\windows\System32\tbssvc.dll
12:54:43.0817 0x0e64  TBS - ok
12:54:43.0973 0x0e64  [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] Tcpip           C:\windows\system32\drivers\tcpip.sys
12:54:44.0082 0x0e64  Tcpip - ok
12:54:44.0191 0x0e64  [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
12:54:44.0300 0x0e64  TCPIP6 - ok
12:54:44.0363 0x0e64  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
12:54:44.0425 0x0e64  tcpipreg - ok
12:54:44.0503 0x0e64  [ 4084EA00D50C858D6F9038F86AE2E2D0, FD7C34311B7F700C7C93B9A8A59D507C53ADF874651C6979979EDF5E21C32FD5 ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
12:54:44.0534 0x0e64  tdcmdpst - ok
12:54:44.0566 0x0e64  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
12:54:44.0644 0x0e64  TDPIPE - ok
12:54:44.0690 0x0e64  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
12:54:44.0753 0x0e64  TDTCP - ok
12:54:44.0800 0x0e64  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
12:54:44.0878 0x0e64  tdx - ok
12:54:44.0893 0x0e64  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\windows\system32\drivers\termdd.sys
12:54:44.0940 0x0e64  TermDD - ok
12:54:45.0002 0x0e64  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\windows\System32\termsrv.dll
12:54:45.0127 0x0e64  TermService - ok
12:54:45.0174 0x0e64  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\windows\system32\themeservice.dll
12:54:45.0221 0x0e64  Themes - ok
12:54:45.0252 0x0e64  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\windows\system32\mmcss.dll
12:54:45.0330 0x0e64  THREADORDER - ok
12:54:45.0424 0x0e64  [ 28644B0523D64EFF2FC7312A2EE74B0A, 09A36DE0B2B90842BD5B8353CC34B7C71C0FBBF6DD5862720FCEE760849C4561 ] TMachInfo       C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
12:54:45.0470 0x0e64  TMachInfo - ok
12:54:45.0517 0x0e64  [ 6F0257EE066B689350F6B0AA9861BF95, BEEB2A3C30C8762FEBBA117AF064EA14EEF10C959BD11C92C7A08CEC41C89E09 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
12:54:45.0564 0x0e64  TODDSrv - ok
12:54:45.0626 0x0e64  [ A4C978C550579735B2D40693D46A7455, 23E48E4F115E616D15F0A229E136AB9AF2FF6A0BAD2F0077583E28EB0EB20148 ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
12:54:45.0704 0x0e64  TosCoSrv - ok
12:54:45.0751 0x0e64  [ D68177DFD79F0A5C5A0B19C7086F00C0, 0F1A0F75E5E88D8F8CAED77686A9C56A03AA0EF6D4D5E278A276E834B3B7EBBD ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
12:54:45.0798 0x0e64  TOSHIBA eco Utility Service - ok
12:54:45.0876 0x0e64  [ 991E324DC137402148E01C2269632C6B, D65F77998DC48594BF26B0EB6B11805F6A6C9CCB0783229DB4B360352F27BD17 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
12:54:45.0907 0x0e64  TOSHIBA HDD SSD Alert Service - ok
12:54:45.0970 0x0e64  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\windows\System32\trkwks.dll
12:54:46.0079 0x0e64  TrkWks - ok
12:54:46.0141 0x0e64  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
12:54:46.0235 0x0e64  TrustedInstaller - ok
12:54:46.0282 0x0e64  [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
12:54:46.0360 0x0e64  tssecsrv - ok
12:54:46.0422 0x0e64  [ 9CE253214ACAA5A7D323327D2055EFAA, 15E7DB578EDF36DD2FD5BA960C3941B2353037323B6B96702CDCDC07588EA724 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
12:54:46.0500 0x0e64  TsUsbFlt - ok
12:54:46.0562 0x0e64  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
12:54:46.0656 0x0e64  tunnel - ok
12:54:46.0703 0x0e64  [ FC24015B4052600C324C43E3A79C0664, 908DFC8490079FB3178DEF9D3A712F22E4E39D65092401D1003925FCF65EE4DB ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
12:54:46.0734 0x0e64  TVALZ - ok
12:54:46.0765 0x0e64  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
12:54:46.0796 0x0e64  uagp35 - ok
12:54:46.0843 0x0e64  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
12:54:46.0952 0x0e64  udfs - ok
12:54:47.0015 0x0e64  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\windows\system32\UI0Detect.exe
12:54:47.0093 0x0e64  UI0Detect - ok
12:54:47.0140 0x0e64  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
12:54:47.0171 0x0e64  uliagpkx - ok
12:54:47.0218 0x0e64  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\windows\system32\drivers\umbus.sys
12:54:47.0296 0x0e64  umbus - ok
12:54:47.0342 0x0e64  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
12:54:47.0405 0x0e64  UmPass - ok
12:54:47.0467 0x0e64  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\windows\System32\upnphost.dll
12:54:47.0592 0x0e64  upnphost - ok
12:54:47.0686 0x0e64  [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
12:54:47.0764 0x0e64  usbaudio - ok
12:54:47.0810 0x0e64  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
12:54:47.0951 0x0e64  usbccgp - ok
12:54:47.0998 0x0e64  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\windows\system32\drivers\usbcir.sys
12:54:48.0044 0x0e64  usbcir - ok
12:54:48.0091 0x0e64  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\windows\system32\drivers\usbehci.sys
12:54:48.0185 0x0e64  usbehci - ok
12:54:48.0263 0x0e64  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
12:54:48.0403 0x0e64  usbhub - ok
12:54:48.0450 0x0e64  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\windows\system32\drivers\usbohci.sys
12:54:48.0559 0x0e64  usbohci - ok
12:54:48.0622 0x0e64  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
12:54:48.0668 0x0e64  usbprint - ok
12:54:48.0700 0x0e64  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
12:54:48.0762 0x0e64  USBSTOR - ok
12:54:48.0793 0x0e64  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
12:54:48.0934 0x0e64  usbuhci - ok
12:54:48.0996 0x0e64  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
12:54:49.0058 0x0e64  usbvideo - ok
12:54:49.0105 0x0e64  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\windows\System32\uxsms.dll
12:54:49.0183 0x0e64  UxSms - ok
12:54:49.0214 0x0e64  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] VaultSvc        C:\windows\system32\lsass.exe
12:54:49.0261 0x0e64  VaultSvc - ok
12:54:49.0324 0x0e64  [ FCE98C43B5C5DB8E0DA8EA0E2B45E044, 0F6F3FF106015580009776A1F91FD10371BAF229A2A773436A5783F142CC1A0C ] VClone          C:\windows\system32\DRIVERS\VClone.sys
12:54:49.0355 0x0e64  VClone - ok
12:54:49.0402 0x0e64  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
12:54:49.0433 0x0e64  vdrvroot - ok
12:54:49.0511 0x0e64  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\windows\System32\vds.exe
12:54:49.0636 0x0e64  vds - ok
12:54:49.0682 0x0e64  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
12:54:49.0792 0x0e64  vga - ok
12:54:49.0823 0x0e64  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\windows\System32\drivers\vga.sys
12:54:49.0901 0x0e64  VgaSave - ok
12:54:49.0948 0x0e64  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
12:54:49.0994 0x0e64  vhdmp - ok
12:54:50.0026 0x0e64  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\windows\system32\drivers\viaagp.sys
12:54:50.0072 0x0e64  viaagp - ok
12:54:50.0104 0x0e64  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\windows\system32\DRIVERS\viac7.sys
12:54:50.0166 0x0e64  ViaC7 - ok
12:54:50.0213 0x0e64  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\windows\system32\drivers\viaide.sys
12:54:50.0244 0x0e64  viaide - ok
12:54:50.0291 0x0e64  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\windows\system32\drivers\volmgr.sys
12:54:50.0322 0x0e64  volmgr - ok
12:54:50.0384 0x0e64  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
12:54:50.0447 0x0e64  volmgrx - ok
12:54:50.0478 0x0e64  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\windows\system32\drivers\volsnap.sys
12:54:50.0540 0x0e64  volsnap - ok
12:54:50.0587 0x0e64  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
12:54:50.0634 0x0e64  vsmraid - ok
12:54:50.0743 0x0e64  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\windows\system32\vssvc.exe
12:54:50.0899 0x0e64  VSS - ok
12:54:50.0962 0x0e64  [ 916531F40A6A4C4D160665B878D88251, 1C21BB378513AAA5C6D3E10C02F9124720FCC0AC66F49A884250C643693815D0 ] vtouch          C:\windows\system32\DRIVERS\vtouch.sys
12:54:51.0071 0x0e64  vtouch - ok
12:54:51.0102 0x0e64  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
12:54:51.0164 0x0e64  vwifibus - ok
12:54:51.0211 0x0e64  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
12:54:51.0258 0x0e64  vwififlt - ok
12:54:51.0305 0x0e64  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
12:54:51.0367 0x0e64  vwifimp - ok
12:54:51.0430 0x0e64  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\windows\system32\w32time.dll
12:54:51.0523 0x0e64  W32Time - ok
12:54:51.0570 0x0e64  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
12:54:51.0601 0x0e64  WacomPen - ok
12:54:51.0648 0x0e64  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
12:54:51.0742 0x0e64  WANARP - ok
12:54:51.0757 0x0e64  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
12:54:51.0835 0x0e64  Wanarpv6 - ok
12:54:51.0944 0x0e64  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\windows\system32\wbengine.exe
12:54:52.0085 0x0e64  wbengine - ok
12:54:52.0132 0x0e64  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
12:54:52.0225 0x0e64  WbioSrvc - ok
12:54:52.0288 0x0e64  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\windows\System32\wcncsvc.dll
12:54:52.0350 0x0e64  wcncsvc - ok
12:54:52.0397 0x0e64  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
12:54:52.0444 0x0e64  WcsPlugInService - ok
12:54:52.0490 0x0e64  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\windows\system32\DRIVERS\wd.sys
12:54:52.0522 0x0e64  Wd - ok
12:54:52.0615 0x0e64  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
12:54:52.0709 0x0e64  Wdf01000 - ok
12:54:52.0756 0x0e64  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\windows\system32\wdi.dll
12:54:52.0865 0x0e64  WdiServiceHost - ok
12:54:52.0880 0x0e64  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\windows\system32\wdi.dll
12:54:52.0943 0x0e64  WdiSystemHost - ok
12:54:53.0005 0x0e64  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\windows\System32\webclnt.dll
12:54:53.0083 0x0e64  WebClient - ok
12:54:53.0146 0x0e64  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\windows\system32\wecsvc.dll
12:54:53.0239 0x0e64  Wecsvc - ok
12:54:53.0286 0x0e64  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\windows\System32\wercplsupport.dll
12:54:53.0364 0x0e64  wercplsupport - ok
12:54:53.0411 0x0e64  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\windows\System32\WerSvc.dll
12:54:53.0520 0x0e64  WerSvc - ok
12:54:53.0567 0x0e64  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
12:54:53.0660 0x0e64  WfpLwf - ok
12:54:53.0707 0x0e64  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\windows\system32\drivers\wimmount.sys
12:54:53.0754 0x0e64  WIMMount - ok
12:54:53.0863 0x0e64  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
12:54:53.0972 0x0e64  WinDefend - ok
12:54:54.0004 0x0e64  WinHttpAutoProxySvc - ok
12:54:54.0097 0x0e64  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
12:54:54.0175 0x0e64  Winmgmt - ok
12:54:54.0284 0x0e64  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\windows\system32\WsmSvc.dll
12:54:54.0472 0x0e64  WinRM - ok
12:54:54.0596 0x0e64  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
12:54:54.0706 0x0e64  WinUsb - ok
12:54:54.0799 0x0e64  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\windows\System32\wlansvc.dll
12:54:54.0940 0x0e64  Wlansvc - ok
12:54:55.0018 0x0e64  [ 6067ACEF367E79914AF628FA1E9B5330, 491A705267B48C103E00B26BBD21FA8829DB03A88343CBC27264CEE5DE8C8DEF ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:54:55.0064 0x0e64  wlcrasvc - ok
12:54:55.0252 0x0e64  [ 0A70F4022EC2E14C159EFC4F69AA2477, FF248136576F9803762C54DE5439D3411B52DCBC95B93176A5DAB857967D9AC4 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:54:55.0408 0x0e64  wlidsvc - ok
12:54:55.0454 0x0e64  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
12:54:55.0532 0x0e64  WmiAcpi - ok
12:54:55.0595 0x0e64  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
12:54:55.0673 0x0e64  wmiApSrv - ok
12:54:55.0813 0x0e64  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
12:54:55.0954 0x0e64  WMPNetworkSvc - ok
12:54:56.0016 0x0e64  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\windows\System32\wpcsvc.dll
12:54:56.0078 0x0e64  WPCSvc - ok
12:54:56.0110 0x0e64  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
12:54:56.0219 0x0e64  WPDBusEnum - ok
12:54:56.0250 0x0e64  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
12:54:56.0344 0x0e64  ws2ifsl - ok
12:54:56.0390 0x0e64  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\windows\System32\wscsvc.dll
12:54:56.0484 0x0e64  wscsvc - ok
12:54:56.0500 0x0e64  WSearch - ok
12:54:56.0687 0x0e64  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\windows\system32\wuaueng.dll
12:54:56.0843 0x0e64  wuauserv - ok
12:54:57.0139 0x0e64  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
12:54:57.0202 0x0e64  WudfPf - ok
12:54:57.0280 0x0e64  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
12:54:57.0342 0x0e64  WUDFRd - ok
12:54:57.0404 0x0e64  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\windows\System32\WUDFSvc.dll
12:54:57.0451 0x0e64  wudfsvc - ok
12:54:57.0514 0x0e64  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4, 10D9FDEDAB1FB2E76D54661AFA5C1A6B1B0980525F38F5D061537077841C6AEE ] WwanSvc         C:\windows\System32\wwansvc.dll
12:54:57.0576 0x0e64  WwanSvc - ok
12:54:57.0623 0x0e64  ================ Scan global ===============================
12:54:57.0670 0x0e64  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\windows\system32\basesrv.dll
12:54:57.0716 0x0e64  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\windows\system32\winsrv.dll
12:54:57.0748 0x0e64  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\windows\system32\winsrv.dll
12:54:57.0794 0x0e64  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\windows\system32\sxssrv.dll
12:54:57.0857 0x0e64  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\windows\system32\services.exe
12:54:57.0872 0x0e64  [ Global ] - ok
12:54:57.0872 0x0e64  ================ Scan MBR ==================================
12:54:57.0888 0x0e64  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
12:54:59.0058 0x0e64  \Device\Harddisk0\DR0 - ok
12:54:59.0058 0x0e64  ================ Scan VBR ==================================
12:54:59.0074 0x0e64  [ 5DAD5EB060E5C62D13918900B3B45056 ] \Device\Harddisk0\DR0\Partition1
12:54:59.0089 0x0e64  \Device\Harddisk0\DR0\Partition1 - ok
12:54:59.0089 0x0e64  ================ Scan active images ========================
12:54:59.0089 0x0e64  [ B7EFEF22FF426EC4158A177CB3B558D3, 87D8F07E23B928B9D71B13B0F43A6235BAFC48879CFCF5920889849D09FFCD6C ] C:\Windows\System32\drivers\crashdmp.sys
12:54:59.0089 0x0e64  C:\Windows\System32\drivers\crashdmp.sys - ok
12:54:59.0105 0x0e64  [ D80AA0907748D7CC8EFAB3773F32629B, BEE52B4E6099B5B8CA5D6D4DE4A90B124AC7E3EE4A69565BFDD227AF261B6242 ] C:\Windows\System32\drivers\iaStor.sys
12:54:59.0105 0x0e64  C:\Windows\System32\drivers\iaStor.sys - ok
12:54:59.0120 0x0e64  [ 62A63EF2F3053B461CB327E4D69AAA74, 26CC8BBC9BB6C53B46C837FA75C5449508989C26949BD19EB8E03E37F7928456 ] C:\Windows\System32\drivers\dumpfve.sys
12:54:59.0120 0x0e64  C:\Windows\System32\drivers\dumpfve.sys - ok
12:54:59.0136 0x0e64  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] C:\Windows\System32\drivers\cdrom.sys
12:54:59.0136 0x0e64  C:\Windows\System32\drivers\cdrom.sys - ok
12:54:59.0152 0x0e64  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] C:\Windows\System32\drivers\null.sys
12:54:59.0152 0x0e64  C:\Windows\System32\drivers\null.sys - ok
12:54:59.0167 0x0e64  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] C:\Windows\System32\drivers\beep.sys
12:54:59.0167 0x0e64  C:\Windows\System32\drivers\beep.sys - ok
12:54:59.0183 0x0e64  [ CB45A417C8EF7BA6BAC67EDCDDED8700, 0D9AD2498A7D3B7C3E485A5803D2BDF781B38E07E3C2B5980859073EF6FD9B8A ] C:\Windows\System32\drivers\watchdog.sys
12:54:59.0183 0x0e64  C:\Windows\System32\drivers\watchdog.sys - ok
12:54:59.0183 0x0e64  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] C:\Windows\System32\drivers\vga.sys
12:54:59.0183 0x0e64  C:\Windows\System32\drivers\vga.sys - ok
12:54:59.0198 0x0e64  [ 15C126D1B55814B9E5CAB10A9C1F4C67, CD118B6508355037294AE940E039C095BA9E4A96AA129D38DB0AEC0C393D0F00 ] C:\Windows\System32\drivers\videoprt.sys
12:54:59.0198 0x0e64  C:\Windows\System32\drivers\videoprt.sys - ok
12:54:59.0214 0x0e64  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] C:\Windows\System32\drivers\RDPCDD.sys
12:54:59.0214 0x0e64  C:\Windows\System32\drivers\RDPCDD.sys - ok
12:54:59.0230 0x0e64  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] C:\Windows\System32\drivers\RDPENCDD.sys
12:54:59.0230 0x0e64  C:\Windows\System32\drivers\RDPENCDD.sys - ok
12:54:59.0245 0x0e64  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] C:\Windows\System32\drivers\RDPREFMP.sys
12:54:59.0245 0x0e64  C:\Windows\System32\drivers\RDPREFMP.sys - ok
12:54:59.0261 0x0e64  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] C:\Windows\System32\drivers\msfs.sys
12:54:59.0261 0x0e64  C:\Windows\System32\drivers\msfs.sys - ok
12:54:59.0276 0x0e64  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] C:\Windows\System32\drivers\npfs.sys
12:54:59.0276 0x0e64  C:\Windows\System32\drivers\npfs.sys - ok
12:54:59.0292 0x0e64  [ 2F885864D5BC8A16C86BEE595969A48A, 279E176CDEF9148A4A07F7D37172A2C2BDC89E47021EEB76F1BCDF789B76D95A ] C:\Windows\System32\drivers\tdi.sys
12:54:59.0292 0x0e64  C:\Windows\System32\drivers\tdi.sys - ok
12:54:59.0308 0x0e64  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] C:\Windows\System32\drivers\tdx.sys
12:54:59.0308 0x0e64  C:\Windows\System32\drivers\tdx.sys - ok
12:54:59.0308 0x0e64  [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] C:\Windows\System32\drivers\afd.sys
12:54:59.0308 0x0e64  C:\Windows\System32\drivers\afd.sys - ok
12:54:59.0323 0x0e64  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] C:\Windows\System32\drivers\netbt.sys
12:54:59.0323 0x0e64  C:\Windows\System32\drivers\netbt.sys - ok
12:54:59.0339 0x0e64  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] C:\Windows\System32\drivers\wfplwf.sys
12:54:59.0339 0x0e64  C:\Windows\System32\drivers\wfplwf.sys - ok
12:54:59.0354 0x0e64  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] C:\Windows\System32\drivers\pacer.sys
12:54:59.0354 0x0e64  C:\Windows\System32\drivers\pacer.sys - ok
12:54:59.0370 0x0e64  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] C:\Windows\System32\drivers\vwififlt.sys
12:54:59.0370 0x0e64  C:\Windows\System32\drivers\vwififlt.sys - ok
12:54:59.0386 0x0e64  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] C:\Windows\System32\drivers\netbios.sys
12:54:59.0386 0x0e64  C:\Windows\System32\drivers\netbios.sys - ok
12:54:59.0401 0x0e64  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] C:\Windows\System32\drivers\wanarp.sys
12:54:59.0401 0x0e64  C:\Windows\System32\drivers\wanarp.sys - ok
12:54:59.0417 0x0e64  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] C:\Windows\System32\drivers\termdd.sys
12:54:59.0417 0x0e64  C:\Windows\System32\drivers\termdd.sys - ok
12:54:59.0417 0x0e64  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] C:\Windows\System32\drivers\rdbss.sys
12:54:59.0417 0x0e64  C:\Windows\System32\drivers\rdbss.sys - ok
12:54:59.0432 0x0e64  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] C:\Windows\System32\drivers\nsiproxy.sys
12:54:59.0432 0x0e64  C:\Windows\System32\drivers\nsiproxy.sys - ok
12:54:59.0448 0x0e64  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] C:\Windows\System32\drivers\mssmbios.sys
12:54:59.0448 0x0e64  C:\Windows\System32\drivers\mssmbios.sys - ok
12:54:59.0464 0x0e64  [ EE5F32444F76D03E577752978F932572, A2679D78F87C9D44633E8DFF593086FF6B46B892110E6ECB5B1252686271B8BA ] C:\Windows\System32\FreeOTFEHashWhirlpool.sys
12:54:59.0464 0x0e64  C:\Windows\System32\FreeOTFEHashWhirlpool.sys - ok
12:54:59.0479 0x0e64  [ 62E7CA4F9E08B6DA2A83C4999F3442A5, 9989D92302EE24F3144029DDEBE2F0EDEA7A0F051C2D31B29CF47F950B65D1D9 ] C:\Windows\System32\FreeOTFEHashTiger.sys
12:54:59.0479 0x0e64  C:\Windows\System32\FreeOTFEHashTiger.sys - ok
12:54:59.0495 0x0e64  [ A2FC13C28B03F3D16BFD862544890DB2, 5BF6C8384A73939A6525C22D5D9E773242825DF23E208822BE0C6A663D2D00B2 ] C:\Windows\System32\FreeOTFEHashSHA.sys
12:54:59.0495 0x0e64  C:\Windows\System32\FreeOTFEHashSHA.sys - ok
12:54:59.0510 0x0e64  [ AE57E50A3D85F9AABCCBCE4D8C38071D, DB97C7A5635BBE89986F535543414848A8BD8D1E337ED5DF33CC329D6ECB4266 ] C:\Windows\System32\FreeOTFEHashRIPEMD.sys
12:54:59.0510 0x0e64  C:\Windows\System32\FreeOTFEHashRIPEMD.sys - ok
12:54:59.0526 0x0e64  [ 3EA3DDBD388278C9E1AC546D72813A35, 99D41D88CDC8D99DC201D855A97506433B411CA6584A7858CA26B7C356AF2F92 ] C:\Windows\System32\FreeOTFEHashMD.sys
12:54:59.0526 0x0e64  C:\Windows\System32\FreeOTFEHashMD.sys - ok
12:54:59.0542 0x0e64  [ F7DE6CC793793DDFE6EBE1C092721968, 677519D09CF390E04309C631139ACAA113E278317FCD351B28267274001DEA5B ] C:\Windows\System32\FreeOTFECypherTwofish_ltc.sys
12:54:59.0542 0x0e64  C:\Windows\System32\FreeOTFECypherTwofish_ltc.sys - ok
12:54:59.0557 0x0e64  [ 6BA43C47F61D04E80A8A0876F121F8E1, D4461D13A67903BEFBEE3A485855B95B5C213CD19847764699F612F08DF58D54 ] C:\Windows\System32\FreeOTFECypherSerpent_Gladman.sys
12:54:59.0557 0x0e64  C:\Windows\System32\FreeOTFECypherSerpent_Gladman.sys - ok
12:54:59.0557 0x0e64  [ 6C21C420316A21840687AFCCF1303D6F, 4342FA24B1A764F419D01785EBE2EB629B900E71E5F91578A9E567A5C97F2431 ] C:\Windows\System32\FreeOTFECypherRC6_ltc.sys
12:54:59.0557 0x0e64  C:\Windows\System32\FreeOTFECypherRC6_ltc.sys - ok
12:54:59.0573 0x0e64  [ 3BE9D660C1762B3E5CCCF1989D61F175, 53873AFD07A3A7236F8BF78FC75ECE112A0E61B1CB7A0E9EEB8CBA597BADEF91 ] C:\Windows\System32\FreeOTFECypherMARS_Gladman.sys
12:54:59.0573 0x0e64  C:\Windows\System32\FreeOTFECypherMARS_Gladman.sys - ok
12:54:59.0588 0x0e64  [ F4115BE533D587D45B73537E2DC5CEE0, DECF8D88DDE07985997859E46DC2079C6A126DEE1627BA5049D80ECDD3A93F79 ] C:\Windows\System32\FreeOTFECypherDES.sys
12:54:59.0588 0x0e64  C:\Windows\System32\FreeOTFECypherDES.sys - ok
12:54:59.0604 0x0e64  [ 569907D3F6FF1102F2DBBF7681DE2090, EAAAB15B55AC132D8D9D35385B4F58712AA3BED3AFC297E041B1581042644844 ] C:\Windows\System32\FreeOTFECypherCAST6_Gladman.sys
12:54:59.0604 0x0e64  C:\Windows\System32\FreeOTFECypherCAST6_Gladman.sys - ok
12:54:59.0620 0x0e64  [ AE32EE259E8E990CF4F1198BDF326E0C, 65CAF603608E63A83A26C1FB0641BFC3299BBE008AE33B1AEA5B1B8FEB2DB25E ] C:\Windows\System32\FreeOTFECypherCAST5.sys
12:54:59.0620 0x0e64  C:\Windows\System32\FreeOTFECypherCAST5.sys - ok
12:54:59.0635 0x0e64  [ ED4A53B4F764C7B2C5EDD5115563FD0B, 3BEAC7CE97B758AC3E25207035C705D6D9E7C949993FD91E4D3D75CDB83A3148 ] C:\Windows\System32\FreeOTFECypherBlowfish.sys
12:54:59.0635 0x0e64  C:\Windows\System32\FreeOTFECypherBlowfish.sys - ok
12:54:59.0651 0x0e64  [ 4E0E6751EC195A485476C28756B82EFF, C96403C85B15408ECB1BA0886A9FF1F26DA5211CAEDE18AD9E2E67FFC42044E5 ] C:\Windows\System32\FreeOTFECypherAES_ltc.sys
12:54:59.0651 0x0e64  C:\Windows\System32\FreeOTFECypherAES_ltc.sys - ok
12:54:59.0651 0x0e64  [ 94E150CB0F1F29C5BE0CCFB6A01FA08B, 60499C9E8F6F803EB3C3D52C2603E8B718502103FBB9B4014FB4FF0A64E6D6F7 ] C:\Windows\System32\FreeOTFE.sys
12:54:59.0651 0x0e64  C:\Windows\System32\FreeOTFE.sys - ok
12:54:59.0666 0x0e64  [ D71233D7CCC2E64F8715A20428D5A33B, ECCF5820CFFFC083EA6A5D310E2E09CA61C0DCFEE1E58AD94D2A565CA86A87F3 ] C:\Windows\System32\drivers\ElbyCDIO.sys
12:54:59.0666 0x0e64  C:\Windows\System32\drivers\ElbyCDIO.sys - ok
12:54:59.0682 0x0e64  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] C:\Windows\System32\drivers\discache.sys
12:54:59.0682 0x0e64  C:\Windows\System32\drivers\discache.sys - ok
12:54:59.0698 0x0e64  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] C:\Windows\System32\drivers\dfsc.sys
12:54:59.0698 0x0e64  C:\Windows\System32\drivers\dfsc.sys - ok
12:54:59.0713 0x0e64  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] C:\Windows\System32\drivers\blbdrive.sys
12:54:59.0713 0x0e64  C:\Windows\System32\drivers\blbdrive.sys - ok
12:54:59.0729 0x0e64  [ B0CC0B50441372157F31C4C023D43A3E, A0FCC03588C06E42D3B8465AC7D0F7A909E8CABEEE3C82B3CBD68F150D7692EE ] C:\Users\Doug\Desktop\EmsisoftEmergencyKit\Run\a2ddax86.sys
12:54:59.0729 0x0e64  C:\Users\Doug\Desktop\EmsisoftEmergencyKit\Run\a2ddax86.sys - ok
12:54:59.0744 0x0e64  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] C:\Windows\System32\drivers\tunnel.sys
12:54:59.0744 0x0e64  C:\Windows\System32\drivers\tunnel.sys - ok
12:54:59.0760 0x0e64  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] C:\Windows\System32\drivers\intelppm.sys
12:54:59.0760 0x0e64  C:\Windows\System32\drivers\intelppm.sys - ok
12:54:59.0776 0x0e64  [ DE91DCC7BC55E940979097E98F743205, 77CBB42FA1648CF03F21709738F7F91513385F82B544981741F7BD8D65FB7786 ] C:\Windows\System32\smss.exe
12:54:59.0776 0x0e64  C:\Windows\System32\smss.exe - ok
12:54:59.0776 0x0e64  [ E0B8C6B1EA1EF94747E966E9093FB968, 364539AE2AD49870DAF2773B6BD6306764D936F5EE1C2929B2B5A47EEC3409A7 ] C:\Windows\System32\ntdll.dll
12:54:59.0776 0x0e64  C:\Windows\System32\ntdll.dll - ok
12:54:59.0791 0x0e64  [ D0074897C6BC132F3980EA4654BF7FB9, 53F4B0286A6CF974135E6F184E05975BD436FA4D45687B6E47E013A8D57D0E05 ] C:\Windows\System32\drivers\igdkmd32.sys
12:54:59.0791 0x0e64  C:\Windows\System32\drivers\igdkmd32.sys - ok
12:54:59.0807 0x0e64  [ F88A52EB62019D6A62FDD9E08034DBD8, 2E035366E9A1A26FB15F1E4857056E6AD7932BCE8CC68BB4B655609F424D2756 ] C:\Windows\System32\autochk.exe
12:54:59.0807 0x0e64  C:\Windows\System32\autochk.exe - ok
12:54:59.0822 0x0e64  [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] C:\Windows\System32\drivers\dxgkrnl.sys
12:54:59.0822 0x0e64  C:\Windows\System32\drivers\dxgkrnl.sys - ok
12:54:59.0838 0x0e64  [ 6933E2AFF444A7A95D5C67E98449163E, 4E745B89D319FF997F7DFD288E9D02143CEF5474D2B8814803504A6570A146DE ] C:\Windows\System32\kernel32.dll
12:54:59.0838 0x0e64  C:\Windows\System32\kernel32.dll - ok
12:54:59.0854 0x0e64  [ E405328A0E38BF823E2361C413283F6D, 7637EA2F14216F0469CC309C0ABBFB70213721B0BADD6C36522F6789CC0F361E ] C:\Windows\System32\drivers\dxgmms1.sys
12:54:59.0854 0x0e64  C:\Windows\System32\drivers\dxgmms1.sys - ok
12:54:59.0869 0x0e64  [ A543AC1F7138376D778D630A35FCBC4C, 2D824C66A97FC8C39DAFA397CC47495B712D175EEF393486946DA8936BDD466A ] C:\Windows\System32\psapi.dll
12:54:59.0869 0x0e64  C:\Windows\System32\psapi.dll - ok
12:54:59.0885 0x0e64  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] C:\Windows\System32\drivers\hdaudbus.sys
12:54:59.0885 0x0e64  C:\Windows\System32\drivers\hdaudbus.sys - ok
12:54:59.0885 0x0e64  [ A8BB45F9ECAD993461E0FEF8E2A99152, ACB756EA54E71F124D928829666B5B439785593877FF7C0C76ADCF954F4E6C94 ] C:\Windows\System32\Wldap32.dll
12:54:59.0885 0x0e64  C:\Windows\System32\Wldap32.dll - ok
12:54:59.0900 0x0e64  [ 6377051C63D5552A311935C67E9FDFDC, 3FB82988AAB66813567E8DB951D4EE87F156201070F005FDBF52EF998A323E65 ] C:\Windows\System32\nsi.dll
12:54:59.0900 0x0e64  C:\Windows\System32\nsi.dll - ok
12:54:59.0916 0x0e64  [ 9F9858402E5DCE7B6123734D4C26CECB, 5924F3DBCE1A0E4FB4FE953732A4B889D86BB5B92DA9704A5A753654859CFC32 ] C:\Windows\System32\drivers\rtl8192ce.sys
12:54:59.0916 0x0e64  C:\Windows\System32\drivers\rtl8192ce.sys - ok
12:54:59.0932 0x0e64  [ 5A043BDA3BFADD5B4C16F3BDE5EC4312, 70E4D7EB03AE69D51EFCFBF227D3C06CD378806B1D0FB6993D6022379FC0B9F9 ] C:\Windows\System32\rpcrt4.dll
12:54:59.0932 0x0e64  C:\Windows\System32\rpcrt4.dll - ok
12:54:59.0947 0x0e64  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] C:\Windows\System32\drivers\vwifibus.sys
12:54:59.0947 0x0e64  C:\Windows\System32\drivers\vwifibus.sys - ok
12:54:59.0963 0x0e64  [ 8CC3C111D653E96F3EA1590891491D71, 1D326D7D116D76876EE2B14A5BFB7B4328E21DB9B5AAAB9CB67F8EFB93924230 ] C:\Windows\System32\shlwapi.dll
12:54:59.0963 0x0e64  C:\Windows\System32\shlwapi.dll - ok
12:54:59.0978 0x0e64  [ 5283B9A27FF230F2FF70D92451FF409A, B8BAC70E1DE4485C79CA7B47D4DCFE0223CECEA8ED75CE4F128D47051F95FE5D ] C:\Windows\System32\drivers\Rt86win7.sys
12:54:59.0978 0x0e64  C:\Windows\System32\drivers\Rt86win7.sys - ok
12:54:59.0994 0x0e64  [ B7230010D97787AF3D25E4C82F2B06B9, C795E9811CD461F8E98D1738667EB0C265A57065EA3420CE596D5038E7430C1E ] C:\Windows\System32\usp10.dll
12:54:59.0994 0x0e64  C:\Windows\System32\usp10.dll - ok
12:54:59.0994 0x0e64  [ 5A775CAE7CCCAC581C05B8D2C92C0DF1, 0BD75912F3BDCF79B6C3CCEBCF3242725A17F73D6F6772C2C145F8157628B2E9 ] C:\Windows\System32\gdi32.dll
12:54:59.0994 0x0e64  C:\Windows\System32\gdi32.dll - ok 
 



#10 DougMiller

DougMiller
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 19 January 2014 - 12:05 AM

continued,

 

12:54:59.0994 0x0e64  C:\Windows\System32\gdi32.dll - ok
12:55:00.0010 0x0e64  [ EC2C5AF37B76D7B58C642CB74423DB7A, BE1F6F2CE3B1539DAC23B73EA655B77E6E628E5E55BD16091E76934723BE77B1 ] C:\Windows\System32\drivers\usbport.sys
12:55:00.0010 0x0e64  C:\Windows\System32\drivers\usbport.sys - ok
12:55:00.0025 0x0e64  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] C:\Windows\System32\drivers\usbuhci.sys
12:55:00.0025 0x0e64  C:\Windows\System32\drivers\usbuhci.sys - ok
12:55:00.0041 0x0e64  [ 070C5B9D3006602A07757179D9B56F5D, 7B24E38ADDEEDD9168D0C87275AC0936D0A4F1195810F9736118076589BC18BA ] C:\Windows\System32\difxapi.dll
12:55:00.0041 0x0e64  C:\Windows\System32\difxapi.dll - ok
12:55:00.0056 0x0e64  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] C:\Windows\System32\drivers\usbehci.sys
12:55:00.0056 0x0e64  C:\Windows\System32\drivers\usbehci.sys - ok
12:55:00.0072 0x0e64  [ C9618BC9B2B0FD7C1138D8774795A79B, 0AC170669C2626519FA7A745C56BFBA6B83B8537488F5B9EB7BA72448E5E7A43 ] C:\Windows\System32\msctf.dll
12:55:00.0072 0x0e64  C:\Windows\System32\msctf.dll - ok
12:55:00.0088 0x0e64  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] C:\Windows\System32\drivers\CmBatt.sys
12:55:00.0088 0x0e64  C:\Windows\System32\drivers\CmBatt.sys - ok
12:55:00.0103 0x0e64  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] C:\Windows\System32\drivers\i8042prt.sys
12:55:00.0103 0x0e64  C:\Windows\System32\drivers\i8042prt.sys - ok
12:55:00.0103 0x0e64  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] C:\Windows\System32\drivers\kbdclass.sys
12:55:00.0103 0x0e64  C:\Windows\System32\drivers\kbdclass.sys - ok
12:55:00.0119 0x0e64  [ 928CF7268086631F54C3D8E17238C6DD, F058FAFB04E7EBD5CADE9B48195B7AA7C3508F332A89F5E6E5F3F071E8CADD4A ] C:\Windows\System32\ole32.dll
12:55:00.0119 0x0e64  C:\Windows\System32\ole32.dll - ok
12:55:00.0134 0x0e64  [ 9A28F1C47CE0C8BBC02AAF5941AB44CD, E04A5F9AB270B0678015159CBFB676A51132E6535252297DB7A9B5B6F65E6577 ] C:\Windows\System32\drivers\SynTP.sys
12:55:00.0134 0x0e64  C:\Windows\System32\drivers\SynTP.sys - ok
12:55:00.0150 0x0e64  [ 74F805AB12EB0E3E49E469F19FF02640, 23A845F9162ECE37B6CF5B2537562C69705A4192D19438109B5212E111A49004 ] C:\Windows\System32\drivers\usbd.sys
12:55:00.0150 0x0e64  C:\Windows\System32\drivers\usbd.sys - ok
12:55:00.0166 0x0e64  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] C:\Windows\System32\drivers\mouclass.sys
12:55:00.0166 0x0e64  C:\Windows\System32\drivers\mouclass.sys - ok
12:55:00.0181 0x0e64  [ 7FF15A4F092CD4A96055BA69F903E3E9, 1B594E6D057C632ABB3A8CF838157369024BD6B9F515CA8E774B22FE71A11627 ] C:\Windows\System32\ws2_32.dll
12:55:00.0181 0x0e64  C:\Windows\System32\ws2_32.dll - ok
12:55:00.0197 0x0e64  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] C:\Windows\System32\drivers\CompositeBus.sys
12:55:00.0197 0x0e64  C:\Windows\System32\drivers\CompositeBus.sys - ok
12:55:00.0212 0x0e64  [ 4477689E2D8AE6B78BA34C9AF4CC1ED1, 0BC8AF546901E6C20611C5250BD65ACD0C4A8613BD8F8835F0D4680B5777F051 ] C:\Windows\System32\drivers\lmimirr.sys
12:55:00.0212 0x0e64  C:\Windows\System32\drivers\lmimirr.sys - ok
12:55:00.0212 0x0e64  [ F632602316001D517F4EF3B53B9A6C33, 1492B82B12AA8B69C5111D5E61997D41AEC9E454BE76E8024B18E28B145E9FFD ] C:\Windows\System32\lpk.dll
12:55:00.0212 0x0e64  C:\Windows\System32\lpk.dll - ok
12:55:00.0228 0x0e64  [ D67472125471784DE7147946EDA25FEB, F41960118F412B6CA5E80AE5E8DB9AECDD043A7DB34388FF57C6F9C5A0056F91 ] C:\Windows\System32\advapi32.dll
12:55:00.0228 0x0e64  C:\Windows\System32\advapi32.dll - ok
12:55:00.0244 0x0e64  [ 50ABE682EBE752EAF62B18790D6D491C, E01499C4F81CC49A89590A07CB814D21126CE52DCD3FACADB6D1E243940C69FA ] C:\Windows\System32\drivers\hidclass.sys
12:55:00.0244 0x0e64  C:\Windows\System32\drivers\hidclass.sys - ok
12:55:00.0259 0x0e64  [ F1B27299F547D452EDAEF01FC187CB91, 574FC8ACB349244122E6D76333E2BB72680639EEF61C0B679F8485023B619263 ] C:\Windows\System32\drivers\hidparse.sys
12:55:00.0259 0x0e64  C:\Windows\System32\drivers\hidparse.sys - ok
12:55:00.0275 0x0e64  [ 916531F40A6A4C4D160665B878D88251, 1C21BB378513AAA5C6D3E10C02F9124720FCC0AC66F49A884250C643693815D0 ] C:\Windows\System32\drivers\vtouch.sys
12:55:00.0275 0x0e64  C:\Windows\System32\drivers\vtouch.sys - ok
12:55:00.0290 0x0e64  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] C:\Windows\System32\drivers\agilevpn.sys
12:55:00.0290 0x0e64  C:\Windows\System32\drivers\agilevpn.sys - ok
12:55:00.0306 0x0e64  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] C:\Windows\System32\drivers\rasl2tp.sys
12:55:00.0306 0x0e64  C:\Windows\System32\drivers\rasl2tp.sys - ok
12:55:00.0322 0x0e64  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] C:\Windows\System32\drivers\ndistapi.sys
12:55:00.0322 0x0e64  C:\Windows\System32\drivers\ndistapi.sys - ok
12:55:00.0337 0x0e64  [ 9DC80A8AAAAAC397BDAB3C67165A824E, 051636BFDFF7AB0E4191354E846BD0DACCA1A01FCC13C1AFED91D8DBFE17127A ] C:\Windows\System32\msvcrt.dll
12:55:00.0337 0x0e64  C:\Windows\System32\msvcrt.dll - ok
12:55:00.0353 0x0e64  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] C:\Windows\System32\drivers\ndiswan.sys
12:55:00.0353 0x0e64  C:\Windows\System32\drivers\ndiswan.sys - ok
12:55:00.0353 0x0e64  [ 9C278785347BCC991F8EA2999D90F58D, EA680C3642A6ABF627415AEE019956FAC702DC6A8F4B4D0FC8A4FB21EADD3896 ] C:\Windows\System32\normaliz.dll
12:55:00.0353 0x0e64  C:\Windows\System32\normaliz.dll - ok
12:55:00.0368 0x0e64  [ 927FA6456AD6D7630F6854828D2FD16B, 65D0387703FA34CE330BD0E2CB3B686540A1DB98153CDF8B7AF85A263AA810CE ] C:\Windows\System32\wininet.dll
12:55:00.0368 0x0e64  C:\Windows\System32\wininet.dll - ok
12:55:00.0384 0x0e64  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] C:\Windows\System32\drivers\raspppoe.sys
12:55:00.0384 0x0e64  C:\Windows\System32\drivers\raspppoe.sys - ok
12:55:00.0400 0x0e64  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] C:\Windows\System32\drivers\raspptp.sys
12:55:00.0400 0x0e64  C:\Windows\System32\drivers\raspptp.sys - ok
12:55:00.0415 0x0e64  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] C:\Windows\System32\drivers\rassstp.sys
12:55:00.0415 0x0e64  C:\Windows\System32\drivers\rassstp.sys - ok
12:55:00.0431 0x0e64  [ 099972E1FAF4950D3994FBAB9DD21253, 254B560447F24237D3A2DE6BED57D5A1F09DADBD28A5BAB55EC9C48A18E38B2C ] C:\Windows\System32\drivers\scsiport.sys
12:55:00.0431 0x0e64  C:\Windows\System32\drivers\scsiport.sys - ok
12:55:00.0431 0x0e64  [ FCE98C43B5C5DB8E0DA8EA0E2B45E044, 0F6F3FF106015580009776A1F91FD10371BAF229A2A773436A5783F142CC1A0C ] C:\Windows\System32\drivers\VClone.sys
12:55:00.0431 0x0e64  C:\Windows\System32\drivers\VClone.sys - ok
12:55:00.0446 0x0e64  [ 5DCEF0C32BE0F33277326586FA503689, B6AEB5DE8F2430D2032DAF5B58DBB4E192F6113DB5379F5AD8189A7AC2560EEA ] C:\Windows\System32\drivers\ks.sys
12:55:00.0446 0x0e64  C:\Windows\System32\drivers\ks.sys - ok
12:55:00.0462 0x0e64  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] C:\Windows\System32\drivers\swenum.sys
12:55:00.0462 0x0e64  C:\Windows\System32\drivers\swenum.sys - ok
12:55:00.0478 0x0e64  [ E7B9D5FF20FFDD4AAE2EF1D1B8C27A37, 689D126B1B42140D5049015E3E324268E6542D4BC6CC14E31D8B89A25B94BAA5 ] C:\Windows\System32\imagehlp.dll
12:55:00.0478 0x0e64  C:\Windows\System32\imagehlp.dll - ok
12:55:00.0493 0x0e64  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] C:\Windows\System32\drivers\umbus.sys
12:55:00.0493 0x0e64  C:\Windows\System32\drivers\umbus.sys - ok
12:55:00.0509 0x0e64  [ CFC97F07904067A1E5FAE195D534DA3A, EB4D2D127312EB09E2ACCA3276779E80F90FAF77322684BABF72B8EC6E1F906C ] C:\Windows\System32\sechost.dll
12:55:00.0509 0x0e64  C:\Windows\System32\sechost.dll - ok
12:55:00.0524 0x0e64  [ B2E1F7B212502BB49AAD4EFAD37C5CF5, 029ABE764099BF22541F2536EC03A37F5056B7253CFEBAF5B7FBD9C79FFA8F97 ] C:\Windows\System32\iertutil.dll
12:55:00.0524 0x0e64  C:\Windows\System32\iertutil.dll - ok
12:55:00.0540 0x0e64  [ FF5688D309347F2720911D8796912834, 3B0D73C50D40A6F42629B7750F99F656BF5C1C50237D5F98B6C0F2CE5E2DA359 ] C:\Windows\System32\clbcatq.dll
12:55:00.0540 0x0e64  C:\Windows\System32\clbcatq.dll - ok
12:55:00.0556 0x0e64  [ 4A8E2F20809CC161107FAA94F6CF2685, 561DCE9E49696288A9EE802C0BEF424EB34A1C29B6D8931CCD5C7E26CB4F88EA ] C:\Windows\System32\imm32.dll
12:55:00.0556 0x0e64  C:\Windows\System32\imm32.dll - ok
12:55:00.0556 0x0e64  [ 0763C5D8660436D4D961F72609E33BBE, 98F2C463B922A1CA0D38EAF780BEA9CDCC1B21E9A7DA0E01333889432A2F3CDD ] C:\Windows\System32\urlmon.dll
12:55:00.0556 0x0e64  C:\Windows\System32\urlmon.dll - ok
12:55:00.0571 0x0e64  [ 10FB16B50AFFDA6D44588F3C445DC273, 6CDA17DA9B44D11E69F7C6682FA633EA75731623BB21B429A0FE2086ED4495A7 ] C:\Windows\System32\setupapi.dll
12:55:00.0571 0x0e64  C:\Windows\System32\setupapi.dll - ok
12:55:00.0587 0x0e64  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] C:\Windows\System32\drivers\usbhub.sys
12:55:00.0587 0x0e64  C:\Windows\System32\drivers\usbhub.sys - ok
12:55:00.0602 0x0e64  [ D1DE1EAFDE97BE41CF6585027FF3E732, 76F17D4DF440D6734DC8157092D94EB18C2A73A0A49BEEA289E7B3EDE30E86A2 ] C:\Windows\System32\comdlg32.dll
12:55:00.0602 0x0e64  C:\Windows\System32\comdlg32.dll - ok
12:55:00.0618 0x0e64  [ F1DD3ACAEE5E6B4BBC69BC6DF75CEF66, 6CCAD926934EACBE92FDFA1AE46DA6101D78A0B44AE38594E3A88FEBB35D230F ] C:\Windows\System32\user32.dll
12:55:00.0618 0x0e64  C:\Windows\System32\user32.dll - ok
12:55:00.0634 0x0e64  [ 6C765E82B57F2E66CE9C54AC238471D9, 97F410023F5C08B4BC5DBF89A642200E76F4025ADD9707C24FD89D673675BB43 ] C:\Windows\System32\oleaut32.dll
12:55:00.0634 0x0e64  C:\Windows\System32\oleaut32.dll - ok
12:55:00.0634 0x0e64  [ E02781D4871844DCD30DF1D69A650F78, DC77302F06CD6CF7FC2C3B0F433A4AE41DF869B9F342C0656CCD8A125B3D3318 ] C:\Windows\System32\shell32.dll
12:55:00.0634 0x0e64  C:\Windows\System32\shell32.dll - ok
12:55:00.0665 0x0e64  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] C:\Windows\System32\drivers\MTConfig.sys
12:55:00.0665 0x0e64  C:\Windows\System32\drivers\MTConfig.sys - ok
12:55:00.0680 0x0e64  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] C:\Windows\System32\drivers\ndproxy.sys
12:55:00.0680 0x0e64  C:\Windows\System32\drivers\ndproxy.sys - ok
12:55:00.0712 0x0e64  [ 9842041E2F5ACE1E2F5FB4EF02053DC8, 8260D3DDCC92987CA3A456ABD0982A7C81DBBEDB87DE781039F2E4BCCF27DB6D ] C:\Windows\System32\drivers\drmk.sys
12:55:00.0712 0x0e64  C:\Windows\System32\drivers\drmk.sys - ok
12:55:00.0712 0x0e64  [ EB6137D696A9B4E9718AC6F8641CB4C9, 438B6177F8BF50E17226D9C4E5FAE42D82178CCDD79979C78B15261B459E153E ] C:\Windows\System32\drivers\portcls.sys
12:55:00.0712 0x0e64  C:\Windows\System32\drivers\portcls.sys - ok
12:55:00.0727 0x0e64  [ CFA2D161B146425A3356DA92AE59A6F6, E58824F5DF2AAB14A04E413F9B76FC6754CEE3B46831B62526B33D5474177AE4 ] C:\Windows\System32\drivers\RTKVHDA.sys
12:55:00.0727 0x0e64  C:\Windows\System32\drivers\RTKVHDA.sys - ok
12:55:00.0743 0x0e64  [ 4084EA00D50C858D6F9038F86AE2E2D0, FD7C34311B7F700C7C93B9A8A59D507C53ADF874651C6979979EDF5E21C32FD5 ] C:\Windows\System32\drivers\tdcmdpst.sys
12:55:00.0743 0x0e64  C:\Windows\System32\drivers\tdcmdpst.sys - ok
12:55:00.0758 0x0e64  [ CC4ED8BEA78B0DCA6F217E014C3291A7, 01104182E4E6FB3CF6397936D30B2CE3486967586D1B94187B59A8232DAE39FF ] C:\Windows\System32\devobj.dll
12:55:00.0758 0x0e64  C:\Windows\System32\devobj.dll - ok
12:55:00.0774 0x0e64  [ 6951562DC4625EEFC6EACD52AD165866, 44A0B3EA0232D613A5B4115492DF2A7CEF25B35300E6A3E3E50C9544C5D1049E ] C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
12:55:00.0774 0x0e64  C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll - ok
12:55:00.0790 0x0e64  [ 1E65CF7B26D02750544EFDD73C8118FA, EAE54B09FCA7D9A7F26BF3CC30ECDF0E58555F21DEA1A6A3F1D58554DBE86598 ] C:\Windows\System32\KernelBase.dll
12:55:00.0790 0x0e64  C:\Windows\System32\KernelBase.dll - ok
12:55:00.0805 0x0e64  [ 1C60E09CA1C3A045BC4D367F67C915B7, DF1ED88CB57DA1AB1A4245AE0D5B42AFA3396EBF67B99411FFFB0DD06DE1AEAF ] C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
12:55:00.0805 0x0e64  C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll - ok
12:55:00.0821 0x0e64  [ 68EAAEDF0365168B804E8728368FA946, 1FA25087E8B247B099B729F780DBF24F77FD34F58186A1C94329261CF3D18B8E ] C:\Windows\System32\wintrust.dll
12:55:00.0821 0x0e64  C:\Windows\System32\wintrust.dll - ok
12:55:00.0852 0x0e64  [ 3FFAEA12666E565FF51BF2FCA674F543, 95BA8DBDA495C170E075F48627D7DD89C6B29BE0CE0D0D8316B0236692675060 ] C:\Windows\System32\cfgmgr32.dll
12:55:00.0852 0x0e64  C:\Windows\System32\cfgmgr32.dll - ok
12:55:00.0868 0x0e64  [ 2E33DFD10F28F86C3FC40EE123CC3904, 57C65671A04EFCA437A69E8E97B2FCA17897EE4608C7DB69F77D44FBD3490B50 ] C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
12:55:00.0868 0x0e64  C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll - ok
12:55:00.0883 0x0e64  [ 3BE0D923AA45A4DBE091C2D84F0B4FE7, 603EEC55D6F646150FC3F0F2C939CFE434C02FC7A7AB23B1FEC8B5C77E4C8381 ] C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
12:55:00.0883 0x0e64  C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll - ok
12:55:00.0899 0x0e64  [ 589CBC4989F750E1DA35625AB481CF43, B93E1B8C3775F9C995FD5451C685A06DEFD24AE1DF0DD99D19D5E4B9AC0010F9 ] C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
12:55:00.0899 0x0e64  C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll - ok
12:55:00.0914 0x0e64  [ CC09E0C9A2D89C6E71D093DC8BD121B7, 5F92457E27D817541EBA92FED984D2E6C1E35AD4E4E4CAE0F0778B795C260FAA ] C:\Windows\System32\crypt32.dll
12:55:00.0914 0x0e64  C:\Windows\System32\crypt32.dll - ok
12:55:00.0930 0x0e64  [ 6A13B4F3B3F575F1E24B877B9359AABA, 676AD5F8F709D4A9DCE9938D82DEEE329C9A385A6969C169B3DF37AA75F1E4C7 ] C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
12:55:00.0930 0x0e64  C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll - ok
12:55:00.0930 0x0e64  [ 75F5E1FE8D55CF8E577E0EC5F2290D3F, F4E2C81F0834018052A481AE8D7DF4780302A6844160CCDC09F7D82D3B992BDE ] C:\Windows\System32\comctl32.dll
12:55:00.0946 0x0e64  C:\Windows\System32\comctl32.dll - ok
12:55:00.0946 0x0e64  [ 938F39B50BAFE13D6F58C7790682C010, 902000EE51EFEABAF6A4B30F880AA37083D2232C6FC622CA513C4A823390FEDA ] C:\Windows\System32\msasn1.dll
12:55:00.0946 0x0e64  C:\Windows\System32\msasn1.dll - ok
12:55:00.0961 0x0e64  [ 5FCD3320AAE71506B43F9E12E4E72172, 067531833F90241A181EF082D85CFF74336D68DAB0AADE4393C1F35CD662DAAE ] C:\Windows\System32\drivers\dxapi.sys
12:55:00.0961 0x0e64  C:\Windows\System32\drivers\dxapi.sys - ok
12:55:00.0977 0x0e64  [ 1E882889A4314D6DF5DED4F6EC994E72, 4D8736BC20540A24D073D629ED8B1F089F4994195F737342C763DD5D532B2F74 ] C:\Windows\System32\win32k.sys
12:55:00.0977 0x0e64  C:\Windows\System32\win32k.sys - ok
12:55:00.0992 0x0e64  [ 342271F6142E7C70805B8A81E1BA5F5C, F9112B88FEC5EF10A7AEDF88DCEE61956D1FCDE7CB42197216E8265578713786 ] C:\Windows\System32\csrss.exe
12:55:00.0992 0x0e64  C:\Windows\System32\csrss.exe - ok
12:55:01.0008 0x0e64  [ 23AB7E36551C6BA5370EF7F05142F0EB, F190F2DCB416D109DFCA167628824CE053774FB708AA494450AD6313EF6BE654 ] C:\Windows\System32\csrsrv.dll
12:55:01.0008 0x0e64  C:\Windows\System32\csrsrv.dll - ok
12:55:01.0024 0x0e64  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\System32\basesrv.dll
12:55:01.0024 0x0e64  C:\Windows\System32\basesrv.dll - ok
12:55:01.0039 0x0e64  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\System32\winsrv.dll
12:55:01.0039 0x0e64  C:\Windows\System32\winsrv.dll - ok
12:55:01.0055 0x0e64  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] C:\Windows\System32\drivers\monitor.sys
12:55:01.0055 0x0e64  C:\Windows\System32\drivers\monitor.sys - ok
12:55:01.0055 0x0e64  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] C:\Windows\System32\drivers\usbccgp.sys
12:55:01.0055 0x0e64  C:\Windows\System32\drivers\usbccgp.sys - ok
12:55:01.0070 0x0e64  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] C:\Windows\System32\drivers\usbvideo.sys
12:55:01.0070 0x0e64  C:\Windows\System32\drivers\usbvideo.sys - ok
12:55:01.0086 0x0e64  [ 1B5011DD8D57F53AED31FF0F7D635802, FA4D0DD592DAA27A3F7D4881B8675E3B40E2479B2D2912F2BF132E7FC13FF80A ] C:\Windows\System32\drivers\PGEffect.sys
12:55:01.0086 0x0e64  C:\Windows\System32\drivers\PGEffect.sys - ok
12:55:01.0102 0x0e64  [ 7C76B61A5E1EF5D1FA554CF134100F18, 2B07C27A2C9A5D939CE9255C67E87B4EF8BFD3B011A592CC0E6994E660483648 ] C:\Windows\System32\tsddd.dll
12:55:01.0102 0x0e64  C:\Windows\System32\tsddd.dll - ok
12:55:01.0117 0x0e64  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\System32\sxssrv.dll
12:55:01.0117 0x0e64  C:\Windows\System32\sxssrv.dll - ok
12:55:01.0133 0x0e64  [ B5C5DCAD3899512020D135600129D665, F6B4D18FA0D3C4958711AC0D476C21A6FDF2897F989A0AD290B43F463DD8B5B0 ] C:\Windows\System32\wininit.exe
12:55:01.0133 0x0e64  C:\Windows\System32\wininit.exe - ok
12:55:01.0148 0x0e64  [ C733D233B623B7FFCE5031E4B756EE26, 33CC8B140B0E4A9B702E3468BE2646AEE4273F20C6EA5BAC6C3D8FC8EDEF0881 ] C:\Windows\System32\profapi.dll
12:55:01.0148 0x0e64  C:\Windows\System32\profapi.dll - ok
12:55:01.0164 0x0e64  [ CAEF9CD6C10B1017E2C298D849CD31DB, 62C6638D34CC554D952A09CDBABF29AA1487EED90578C48E3D01C519A4CC6FB8 ] C:\Windows\System32\cdd.dll
12:55:01.0164 0x0e64  C:\Windows\System32\cdd.dll - ok
12:55:01.0164 0x0e64  [ 5997D769CDB108390DCFAEBF442BF816, 0E25CA984C0EEB629184423FAA9BC6D4356DF9A93F281E06DC83B4AC638AEC4A ] C:\Windows\System32\RpcRtRemote.dll
12:55:01.0164 0x0e64  C:\Windows\System32\RpcRtRemote.dll - ok
12:55:01.0180 0x0e64  [ 357B990A4249D7F7485B230C0CC8825A, FE15918D883B0861D6BBA0E6AC77ABD8FE42C8F76869768BE4FD1F2A5027BD7A ] C:\Windows\System32\KBDUS.DLL
12:55:01.0180 0x0e64  C:\Windows\System32\KBDUS.DLL - ok
12:55:01.0195 0x0e64  [ 6D13E1406F50C66E2A95D97F22C47560, BE40E84A824CB201F9C54DB4F860F3937630FDA3423940D44FCF4AC5DFF44271 ] C:\Windows\System32\winlogon.exe
12:55:01.0195 0x0e64  C:\Windows\System32\winlogon.exe - ok
12:55:01.0211 0x0e64  [ 418E881201583A3039D81F43E39E6C78, C96AAC161E09BE12815A4E931E65F66DB1A456C03253EF1111AE66F44B1515FF ] C:\Windows\System32\winsta.dll
12:55:01.0211 0x0e64  C:\Windows\System32\winsta.dll - ok
12:55:01.0226 0x0e64  [ 633C2C060CF857099F6C4F8D75C952B1, 95E14B5212301900BC9DDB6B42735B114D364188E9B312C786511258106398C8 ] C:\Windows\System32\WlS0WndH.dll
12:55:01.0226 0x0e64  C:\Windows\System32\WlS0WndH.dll - ok
12:55:01.0242 0x0e64  [ 863F793D15B4026B1A5FDECA873D4D84, AF7ABD95BB5467551562F129F03C7AC9D52A021F7E547609F40A80E66932C942 ] C:\Windows\System32\apphelp.dll
12:55:01.0242 0x0e64  C:\Windows\System32\apphelp.dll - ok
12:55:01.0258 0x0e64  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\System32\services.exe
12:55:01.0258 0x0e64  C:\Windows\System32\services.exe - ok
12:55:01.0273 0x0e64  [ 919001D2BB17DF06CA3F8AC16AD039F6, 5169ACFBE9E9D4C4012773ECDD28231C952675EF0C272A40F226E7B5D671B18B ] C:\Windows\System32\sxs.dll
12:55:01.0273 0x0e64  C:\Windows\System32\sxs.dll - ok
12:55:01.0273 0x0e64  [ F08F6FCD09F9BE94C37ACC1B344685FF, DE48D766258B46EFEAB16579421C4BD97ACC6883F782D00E9857F4A0CE7E8A34 ] C:\Windows\System32\cryptbase.dll
12:55:01.0273 0x0e64  C:\Windows\System32\cryptbase.dll - ok
12:55:01.0289 0x0e64  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] C:\Windows\System32\lsass.exe
12:55:01.0289 0x0e64  C:\Windows\System32\lsass.exe - ok
12:55:01.0304 0x0e64  [ BD6B9BC84D004C6BEE89CF7BDB95E1FC, 142BCB6F616A34679FDFB5285E0C8CED110501518BA4B4E2DF3B4F691E28DE72 ] C:\Windows\System32\sspicli.dll
12:55:01.0304 0x0e64  C:\Windows\System32\sspicli.dll - ok
12:55:01.0320 0x0e64  [ 3369D021265E369D57317D61FA86DD79, 25A3BE3619324578C5B7CCB4585D89131DC60A969D35F9573FF20CCD67809BA3 ] C:\Windows\System32\scext.dll
12:55:01.0320 0x0e64  C:\Windows\System32\scext.dll - ok
12:55:01.0336 0x0e64  [ 372948BB5E41CE42341C4398DE572E56, A12A3CB0C04FD02A17E202FEE79EA1B4009DAE4B5DB8B9B9D4919D1FFB270CF3 ] C:\Windows\System32\secur32.dll
12:55:01.0336 0x0e64  C:\Windows\System32\secur32.dll - ok
12:55:01.0351 0x0e64  [ 8AEA9A37C1A3565A204D37C5E72AB791, 939903F93FF37525A6C4B5CBA29CDEEE6D6055C42D605E80AE787F2A76F9870E ] C:\Windows\System32\lsm.exe
12:55:01.0351 0x0e64  C:\Windows\System32\lsm.exe - ok
12:55:01.0367 0x0e64  [ 250AA41DE690561AF1282D598914564C, 0F16F50EC74CAC8879F8D88AF4FB656E06D19819E96BC3D71BCDDBF400C78F60 ] C:\Windows\System32\scesrv.dll
12:55:01.0367 0x0e64  C:\Windows\System32\scesrv.dll - ok
12:55:01.0382 0x0e64  [ D89077E2E1C88A29C57F21FAD28DAC45, 39B760D9976B9FF61046303B9FA29C2A0483D1CCC9617822810F46F288710627 ] C:\Windows\System32\sspisrv.dll
12:55:01.0382 0x0e64  C:\Windows\System32\sspisrv.dll - ok
12:55:01.0382 0x0e64  [ EF6950D7B24AAF4E477065F5455DD4F8, D02D02528EB103808BAD71FBE0271D5D3C101A53ACFB0B2B3835CFE6C7A2BE03 ] C:\Windows\System32\lsasrv.dll
12:55:01.0382 0x0e64  C:\Windows\System32\lsasrv.dll - ok
12:55:01.0398 0x0e64  [ 5CCDCD40E732D54E0F7451AC66AC1C87, 66F4DA105BD72E41250CD59E2B3CD931B47AC9FDB6C784B9E33C5EE1AC29841F ] C:\Windows\System32\srvcli.dll
12:55:01.0398 0x0e64  C:\Windows\System32\srvcli.dll - ok
12:55:01.0414 0x0e64  [ BA51FFE170C5B3AE8EC4F5BD2581A29E, CF734875C91B6C547A5F0BA68FB10ECDFD5FF24166A0D69309C27DC712C22F4B ] C:\Windows\System32\sysntfy.dll
12:55:01.0414 0x0e64  C:\Windows\System32\sysntfy.dll - ok
12:55:01.0429 0x0e64  [ D412B1B72C5AB020218E9A047D90CA05, A9CF8134DB968D259DF4DCC736159841BCB8DF309BEED4FB44F99033B8D31B39 ] C:\Windows\System32\wmsgapi.dll
12:55:01.0429 0x0e64  C:\Windows\System32\wmsgapi.dll - ok
12:55:01.0445 0x0e64  [ 245F4691314F42D4D1BC06442F0B2086, 281DD81E06547BEB0DDB1FBB68B149961F1DEE268C9E9648DE662900ECB40FE0 ] C:\Windows\System32\samsrv.dll
12:55:01.0445 0x0e64  C:\Windows\System32\samsrv.dll - ok
12:55:01.0460 0x0e64  [ 1128637CAD49A8E3C8B5FA5D0A061525, 6B80E50D8296F9E2C978CC6BC002B964ACFD8F4BCF623F4770513792845B5278 ] C:\Windows\System32\cryptdll.dll
12:55:01.0460 0x0e64  C:\Windows\System32\cryptdll.dll - ok
12:55:01.0460 0x0e64  [ 82C089EA2A3EEFADF3588EA71E8BDADA, 2F3BB32EE2C0673058A74DEEB2D405E5E79F833F33C4D289A93EB3C618A86E75 ] C:\Windows\System32\wevtapi.dll
12:55:01.0460 0x0e64  C:\Windows\System32\wevtapi.dll - ok
12:55:01.0476 0x0e64  [ 50BA656134F78AF64E4DD3C8B6FEFD7E, F7AB96E0C9658B0444FD473E87165199FA90AE5CE434B40FBA1DB324925DF886 ] C:\Windows\System32\cngaudit.dll
12:55:01.0476 0x0e64  C:\Windows\System32\cngaudit.dll - ok
12:55:01.0492 0x0e64  [ FB4EB9352B7D698E6B3C2AA2ED724DAD, 534AB280ACD29E88FD1BD8838E1231D9364E649C917547A838F51EC8AB941EE2 ] C:\Windows\System32\authz.dll
12:55:01.0492 0x0e64  C:\Windows\System32\authz.dll - ok
12:55:01.0507 0x0e64  [ AD7FB087A238883D1618F29F7BBBD584, D9541CA4D2AADFEEEC195863133B16C2EC94CA63F842F5646F7834F2D0E85FF3 ] C:\Windows\System32\ncrypt.dll
12:55:01.0507 0x0e64  C:\Windows\System32\ncrypt.dll - ok
12:55:01.0523 0x0e64  [ FC7650224790CAE75A5E9231961FDEC5, D634FC1F43AAC41D8B440BD4C1E7576886CDE683EDE4CAF06C43163B5E176CBB ] C:\Windows\System32\bcrypt.dll
12:55:01.0523 0x0e64  C:\Windows\System32\bcrypt.dll - ok
12:55:01.0538 0x0e64  [ C90878913DF3DC504790282043DB5F4C, 5DC30020A523B5B219A219D74208A1249A43510D70723985817A021249D97036 ] C:\Windows\System32\msprivs.dll
12:55:01.0538 0x0e64  C:\Windows\System32\msprivs.dll - ok
12:55:01.0554 0x0e64  [ E343CABBD8D600ABAF3F11625D33B3D0, AA73D0F205749C291BF5EF179BDF3BF30977E36C87F4FF5361942EE024E848F9 ] C:\Windows\System32\netjoin.dll
12:55:01.0554 0x0e64  C:\Windows\System32\netjoin.dll - ok
12:55:01.0570 0x0e64  [ 6DCFAEC6D1334AA6CDF8961DB4633CBF, DA7A26935691379DA0DBA829DEDE82401BCA7D35E28BFBFE3F9CE38AFF344737 ] C:\Windows\System32\negoexts.dll
12:55:01.0570 0x0e64  C:\Windows\System32\negoexts.dll - ok
12:55:01.0585 0x0e64  [ BDA0B954A30498B5A7EDC6204CBA07ED, B14AC33E649F02AEC7ED9237DF6EB1801506C3066B0DACC8EBC4660D408AF614 ] C:\Windows\System32\kerberos.dll
12:55:01.0585 0x0e64  C:\Windows\System32\kerberos.dll - ok
12:55:01.0585 0x0e64  [ 7321F18D1F820612ED0E9F2D4B578A7E, 612BD7DE1DFBD100BD6ACB37A38565D88C39842D990D296B9B8E1FB75C3A94E7 ] C:\Windows\System32\cryptsp.dll
12:55:01.0585 0x0e64  C:\Windows\System32\cryptsp.dll - ok
12:55:01.0601 0x0e64  [ E94C583CDE2348950155F2AF2876F34D, D00C7E0D665E467B712C68A446CC5BE14FDA743A2301878B3CEB72CDD0A8B8E7 ] C:\Windows\System32\mswsock.dll
12:55:01.0601 0x0e64  C:\Windows\System32\mswsock.dll - ok
12:55:01.0616 0x0e64  [ 73E8667A19FEEDD856DF2695E9E511D4, 68D66C36D1F293D10ADCC6A33C870F989A29743537592CF172F02E794BEAFD1C ] C:\Windows\System32\wship6.dll
12:55:01.0616 0x0e64  C:\Windows\System32\wship6.dll - ok
12:55:01.0632 0x0e64  [ 4C1E16B9A53102C8D6FBA587CBCB95DE, F982ABB2353E45E3E09B30EA99EFDC2A905AD75B43CDB0A34DB33D91AADDAB17 ] C:\Windows\System32\msv1_0.dll
12:55:01.0632 0x0e64  C:\Windows\System32\msv1_0.dll - ok
12:55:01.0648 0x0e64  [ C1809B9907ADEDAF16F50C894100883B, 464CF897CB376DCDC9A584A2A470B5B82D99C595DC55930778B162E605CDFBA8 ] C:\Windows\System32\netlogon.dll
12:55:01.0648 0x0e64  C:\Windows\System32\netlogon.dll - ok
12:55:01.0663 0x0e64  [ B40420876B9288E0A1C8CCA8A84E5DC9, 0D3C73B45BC708D7B1E26DFB6D4F64031A998548FEA0FB5CE198ED716F7DC9A0 ] C:\Windows\System32\dnsapi.dll
12:55:01.0663 0x0e64  C:\Windows\System32\dnsapi.dll - ok
12:55:01.0679 0x0e64  [ 8EA53101FF2B15BDFF934B62A8FB326D, E28536A4AC6764C2480EF047AF2312AE2600819899C3E33B486CFE19F25AC464 ] C:\Windows\System32\logoncli.dll
12:55:01.0679 0x0e64  C:\Windows\System32\logoncli.dll - ok
12:55:01.0694 0x0e64  [ AA6F6457116B559B76BC6A012CB4C293, 87888451759EECCEA178BDB23AE48EEA534202AC40ED0DD83474ED7CE557C9F1 ] C:\Windows\System32\schannel.dll
12:55:01.0694 0x0e64  C:\Windows\System32\schannel.dll - ok
12:55:01.0694 0x0e64  [ 0450CF487ECD8A67B56F59F9A96D024D, 7B19CD3B3A98384844E3F4D04C505B8D17B2D5AABE184E265E85A17D0DDBC25B ] C:\Windows\System32\wdigest.dll
12:55:01.0694 0x0e64  C:\Windows\System32\wdigest.dll - ok
12:55:01.0710 0x0e64  [ 9CE253214ACAA5A7D323327D2055EFAA, 15E7DB578EDF36DD2FD5BA960C3941B2353037323B6B96702CDCDC07588EA724 ] C:\Windows\System32\drivers\TsUsbFlt.sys
12:55:01.0710 0x0e64  C:\Windows\System32\drivers\TsUsbFlt.sys - ok
12:55:01.0726 0x0e64  [ ED8EC63F7522DF4852147C84EC62C36A, 75633011CD28DCBD4834211A9D415F17DE15BFCD80FB9FF6CE25CBBD4E9899AF ] C:\Windows\System32\rsaenh.dll
12:55:01.0726 0x0e64  C:\Windows\System32\rsaenh.dll - ok
12:55:01.0741 0x0e64  [ D29E45078CF4020CE0AAC82EC652D1EA, 3CB552744C9D02A488ABCF171E29872156BA6B57C73EC45D708C72D541BE8365 ] C:\Windows\System32\TSpkg.dll
12:55:01.0741 0x0e64  C:\Windows\System32\TSpkg.dll - ok
12:55:01.0757 0x0e64  [ 37CC990D4E2CDFAE12AC47F6B620FC13, D07E6EF4EED10ACA21A41A739147E54CC435EAF952CD0CA1F2E3CB2D83CEC831 ] C:\Windows\System32\pku2u.dll
12:55:01.0757 0x0e64  C:\Windows\System32\pku2u.dll - ok
12:55:01.0772 0x0e64  [ 93723774872D9FB903266A46ED1E0BC2, 8C0AF177F314B6EC71827FDDD8B89BB1548EBDFEB2572C0B9C463EC50D49DC1B ] C:\Windows\System32\LIVESSP.DLL
12:55:01.0772 0x0e64  C:\Windows\System32\LIVESSP.DLL - ok
12:55:01.0788 0x0e64  [ E8449FE262D7406BCB2AC2A45C53EC5F, 6C118C9FB26404D1943824CF3990F36E12986547FFACB7CC0DF975A913065D78 ] C:\Windows\System32\bcryptprimitives.dll
12:55:01.0788 0x0e64  C:\Windows\System32\bcryptprimitives.dll - ok
12:55:01.0804 0x0e64  [ 91F434FF6606ED9BDC6A05D651B69553, F2CF43DDDE2241E8A25F710A516371E0C56D99195022D9715A98379C753929B3 ] C:\Windows\System32\efslsaext.dll
12:55:01.0804 0x0e64  C:\Windows\System32\efslsaext.dll - ok
12:55:01.0804 0x0e64  [ 4E5FE39C1076D115EC8BFCFE14D75B80, F1D02BCA6F664DCDD0CCDE269D31787C7553CD38C7208A8DD8B80B9EA09FEB1C ] C:\Windows\System32\credssp.dll
12:55:01.0804 0x0e64  C:\Windows\System32\credssp.dll - ok
12:55:01.0819 0x0e64  [ 8124944EC89D6A1815E4E53F5B96AAF4, A6766BD0F62A381C9899F66E5C32731BD91600363F4CFBE560BC8AA2B111C790 ] C:\Windows\System32\scecli.dll
12:55:01.0819 0x0e64  C:\Windows\System32\scecli.dll - ok
12:55:01.0835 0x0e64  [ 7222995615BF93B628DCEA4BD6CCACF7, 306A3220868AC38AC796027F0D75052B596F55B9CAE87A9B8863515995BFC2F2 ] C:\Windows\System32\ubpm.dll
12:55:01.0835 0x0e64  C:\Windows\System32\ubpm.dll - ok
12:55:01.0850 0x0e64  [ 54A47F6B5E09A77E61649109C6A08866, 121118A0F5E0E8C933EFD28C9901E54E42792619A8A3A6D11E1F0025A7324BC2 ] C:\Windows\System32\svchost.exe
12:55:01.0850 0x0e64  C:\Windows\System32\svchost.exe - ok
12:55:01.0866 0x0e64  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] C:\Windows\System32\umpnpmgr.dll
12:55:01.0866 0x0e64  C:\Windows\System32\umpnpmgr.dll - ok
12:55:01.0882 0x0e64  [ 4BDBBE5E4208022DD794F7EEEB0F7366, 4F69BA2EDABFA63A300B9F1880349EFAE185B899DD5C561E7B3BA6AAA4B22D6A ] C:\Windows\System32\SPInf.dll
12:55:01.0882 0x0e64  C:\Windows\System32\SPInf.dll - ok
12:55:01.0897 0x0e64  [ FD07F21E0A19C27ED4E1EEC2B07452B3, DF54C00B021AF64BB04EDEBCA6F41CCF48F1959DD53ADE545FAFC565F1243392 ] C:\Windows\System32\devrtl.dll
12:55:01.0897 0x0e64  C:\Windows\System32\devrtl.dll - ok
12:55:01.0897 0x0e64  [ D15618A0FF8DBC2C5BF3726BACC75A0B, ADD81EA1D208907D67802F0E96EC0327BA89021F870BA22B9C7E3A19013A6AE7 ] C:\Windows\System32\userenv.dll
12:55:01.0897 0x0e64  C:\Windows\System32\userenv.dll - ok
12:55:01.0913 0x0e64  [ 1097F3035BAF46CED8B332B3564C5108, C69781683CA963A1335780DABBBC60E2C3CEF0888738D3425D358D12E8D0AF58 ] C:\Windows\System32\gpapi.dll
12:55:01.0913 0x0e64  C:\Windows\System32\gpapi.dll - ok
12:55:01.0928 0x0e64  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] C:\Windows\System32\umpo.dll
12:55:01.0928 0x0e64  C:\Windows\System32\umpo.dll - ok
12:55:01.0944 0x0e64  [ 5C6B44F9CAAC475B7B9EBBC29CB7F065, AFDE5284DB6F480EFFDC490646F787628C8D6906AA9F7B54752E7CBDF17E4279 ] C:\Windows\System32\atmfd.dll
12:55:01.0944 0x0e64  C:\Windows\System32\atmfd.dll - ok
12:55:01.0960 0x0e64  [ 5893EBDCE371174AC89ECD7731DD6D77, 31CC55F4724CFD95E48954B38C0A04D674399FD243083A816893ED5E5A770086 ] C:\Windows\System32\pcwum.dll
12:55:01.0960 0x0e64  C:\Windows\System32\pcwum.dll - ok
12:55:01.0960 0x0e64  [ 08DFDBD2FD4EA951DC46B1C7661ED35A, D926530C659DDAF80770663F46F1EFD94FFB4AAB475C4E3367CB531AF4A734E1 ] C:\Windows\System32\powrprof.dll
12:55:01.0960 0x0e64  C:\Windows\System32\powrprof.dll - ok
12:55:01.0975 0x0e64  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] C:\Windows\System32\drivers\luafv.sys
12:55:01.0975 0x0e64  C:\Windows\System32\drivers\luafv.sys - ok
12:55:01.0991 0x0e64  [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] C:\Windows\System32\drivers\mbam.sys
12:55:01.0991 0x0e64  C:\Windows\System32\drivers\mbam.sys - ok
12:55:02.0006 0x0e64  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] C:\Windows\System32\rpcss.dll
12:55:02.0006 0x0e64  C:\Windows\System32\rpcss.dll - ok
12:55:02.0022 0x0e64  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] C:\Windows\System32\RpcEpMap.dll
12:55:02.0022 0x0e64  C:\Windows\System32\RpcEpMap.dll - ok
12:55:02.0038 0x0e64  [ EE5C8E27C37B79CB54A2FCEEED2DC262, 0A5E200FD65A491756B951A4A0ED39B88B7B313E97C2BBF3C91AC4C290772BB7 ] C:\Windows\System32\WSHTCPIP.DLL
12:55:02.0038 0x0e64  C:\Windows\System32\WSHTCPIP.DLL - ok
12:55:02.0053 0x0e64  [ 81F08948A0F1475894C99D4D19A158A8, 93334DA369BF976E498265E432CAF63D898D378C6B32947DF355366ABE2A0FAC ] C:\Windows\System32\wshqos.dll
12:55:02.0053 0x0e64  C:\Windows\System32\wshqos.dll - ok
12:55:02.0069 0x0e64  [ 3F50200237961034FACE602373838980, F97D72CC75D921CF8F8E0544614407358AEFF97A8F48E4A89F82689EE8F2FC86 ] C:\Windows\System32\FirewallAPI.dll
12:55:02.0069 0x0e64  C:\Windows\System32\FirewallAPI.dll - ok
12:55:02.0084 0x0e64  [ B0F49DA36F30922F5DDC3B623B778FCE, EE025AEFA4A2095AFEABFB3A49639DA77D78068A3F5EEDA6C15D34853AFD5609 ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
12:55:02.0084 0x0e64  C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
12:55:02.0084 0x0e64  [ 3EF0D8AB08385AAB5802E773511A2E6A, 1A7EE4BC646767004372EAEA9BC0A2071790E739101F7D25ECD9C95D3F29AFD6 ] C:\Windows\System32\LogonUI.exe
12:55:02.0084 0x0e64  C:\Windows\System32\LogonUI.exe - ok
12:55:02.0100 0x0e64  [ 702254574E7E52052DE39408457B7149, 645CA9E88DA21C63710A04A0F54421018DF415A3D612112C71A255C49325C082 ] C:\Windows\System32\version.dll
12:55:02.0100 0x0e64  C:\Windows\System32\version.dll - ok
12:55:02.0116 0x0e64  [ B17480E284B378EDE987EEE032ED103E, 2630413BBCB3B10DA48C292274C32873513D1BEDFCA3AA56D5BC4A2E73787C43 ] C:\Program Files\Microsoft Security Client\MsMpRes.dll
12:55:02.0116 0x0e64  C:\Program Files\Microsoft Security Client\MsMpRes.dll - ok
12:55:02.0131 0x0e64  [ EAF536CEFA2AD556160A9DDFDFB57488, B4E7E3EED21634E1417377692946D5843424C8B0DE315A2CF465EE8310C47BE1 ] C:\Program Files\Microsoft Security Client\MpSvc.dll
12:55:02.0131 0x0e64  C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
12:55:02.0147 0x0e64  [ EE7CB55F77465CDAC4C80F587FF7C278, 9DB3FC61275BA78A0A4E66440024341F0C6863659937A78E6224D3C42D7E57E7 ] C:\Windows\System32\authui.dll
12:55:02.0147 0x0e64  C:\Windows\System32\authui.dll - ok
12:55:02.0162 0x0e64  [ 6A6B2EE4565A178035BE2A4FF6F2C968, E2E231F1C2E2CE19583483ACC53318651FA7CA2DE46BCB89B4CBF97CA0525122 ] C:\Windows\System32\wtsapi32.dll
12:55:02.0162 0x0e64  C:\Windows\System32\wtsapi32.dll - ok
12:55:02.0178 0x0e64  [ 9DE3C7E166C53DB99EC401F81991C9B0, 927713C28F34BF0F82400E87B766912EC0A4943611C927A19D14B29D8440B181 ] C:\Program Files\Microsoft Security Client\MpClient.dll
12:55:02.0178 0x0e64  C:\Program Files\Microsoft Security Client\MpClient.dll - ok
12:55:02.0194 0x0e64  [ 28CA821606669BB9215CE010767720FA, C8A1F0D6704F8F37CF8AADDFAD511FF27E56E8BCFFD4AC948DFA0329DB1F3A1E ] C:\Windows\System32\cryptui.dll
12:55:02.0194 0x0e64  C:\Windows\System32\cryptui.dll - ok
12:55:02.0209 0x0e64  [ 3FD15B4611D9BDA3F8013548C0ECAECA, B47A8D9985D9B71EB870816A0AB2B6403D394CCBDF7DE5378D5721D58D68D28D ] C:\Windows\System32\ntmarta.dll
12:55:02.0209 0x0e64  C:\Windows\System32\ntmarta.dll - ok
12:55:02.0225 0x0e64  [ 352B3DC62A0D259A82A052238425C872, 393B24E0D6007C74AEE2FB2EE2C18623D37DF64E279B6767952DCFEE0EACBB10 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
12:55:02.0225 0x0e64  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
12:55:02.0225 0x0e64  [ F14A9B1778376D0B1788E402AC1F831A, 6110F29669E03F8163B5CD7124BE0FF329F36C18529FA3B8FF70FC00B2D8AA02 ] C:\Windows\System32\shacct.dll
12:55:02.0225 0x0e64  C:\Windows\System32\shacct.dll - ok
12:55:02.0240 0x0e64  [ C30A3E5DEEEBA22E782AC54C5AF5F352, 80939A7B5354032256706C6CA0C3CCC7E67CD1C1C81EAEA2CBC74997C0863662 ] C:\Windows\System32\samlib.dll
12:55:02.0240 0x0e64  C:\Windows\System32\samlib.dll - ok
12:55:02.0256 0x0e64  [ 12C45E3CB6D65F73209549E2D02ECA7A, 9DFD9C58B90257C34D52B7156C1D2566BE32EE7BD4699DDE164A5F190EC4D44A ] C:\Windows\System32\propsys.dll
12:55:02.0256 0x0e64  C:\Windows\System32\propsys.dll - ok
12:55:02.0272 0x0e64  [ 4A4374946B7884D24FFDFC76BB8B3BCC, A490330ACFE8F4A37C2F00B7C3876FC478F9285B8A803F375F96A8CB09719C15 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
12:55:02.0272 0x0e64  C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
12:55:02.0287 0x0e64  [ 63BFDF555DA2075A77D677829C3CCCD0, 13B0C0576A0158FBEE6C216136F8C66373C8E6592895D3D824EC67147B9190E9 ] C:\Windows\System32\uxtheme.dll
12:55:02.0287 0x0e64  C:\Windows\System32\uxtheme.dll - ok
12:55:02.0303 0x0e64  [ 241E015DD809CFB23242F890B1FC575B, 763381DCBACF06FD8D043B14D383B6F4D5295B8E665796C59603F15F3E3E36FC ] C:\Windows\System32\wevtsvc.dll
12:55:02.0303 0x0e64  C:\Windows\System32\wevtsvc.dll - ok
12:55:02.0318 0x0e64  [ 84174CA0E190BB9D1EFD0F005FE13B35, B0146E651DAD4A8050FAF70026F1B7CE16EF454EB6E31088CDEBE3CD57E6591C ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\GdiPlus.dll
12:55:02.0318 0x0e64  C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\GdiPlus.dll - ok
12:55:02.0334 0x0e64  [ EE06B85BC69F18826302348A2AD089E0, 417205797CC9F6C986A863A61179784D9ADCAF1961EF8A4D9042D73C5A86509A ] C:\Windows\System32\dui70.dll
12:55:02.0334 0x0e64  C:\Windows\System32\dui70.dll - ok
12:55:02.0334 0x0e64  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] C:\Windows\System32\audiosrv.dll
12:55:02.0350 0x0e64  C:\Windows\System32\audiosrv.dll - ok
12:55:02.0350 0x0e64  [ 6E1F8165C365D35C8E3C045AF0CDD481, B861360D0A014265A0BEB4CC2FE31EA05AE95120E8B07820C13A044D64C00E2B ] C:\Windows\System32\duser.dll
12:55:02.0350 0x0e64  C:\Windows\System32\duser.dll - ok
12:55:02.0365 0x0e64  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] C:\Windows\System32\netprofm.dll
12:55:02.0365 0x0e64  C:\Windows\System32\netprofm.dll - ok
12:55:02.0381 0x0e64  [ 2CFA4569350B7F84F815E9EC34E85766, 8DE5F880F23435256E697C24BDDFA9B8994ACC3FAA063AF274BEC918FE012788 ] C:\Windows\System32\SndVolSSO.dll
12:55:02.0381 0x0e64  C:\Windows\System32\SndVolSSO.dll - ok
12:55:02.0396 0x0e64  [ 63DF770DF74ACB370EF5A16727069AAF, B8F96336BF87F1153C245D19606CBD10FBE7CF2795BCC762F2A1B57CB7C39116 ] C:\Windows\System32\hid.dll
12:55:02.0396 0x0e64  C:\Windows\System32\hid.dll - ok
12:55:02.0412 0x0e64  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] C:\Windows\System32\FntCache.dll
12:55:02.0412 0x0e64  C:\Windows\System32\FntCache.dll - ok
12:55:02.0428 0x0e64  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] C:\Windows\System32\mmcss.dll
12:55:02.0428 0x0e64  C:\Windows\System32\mmcss.dll - ok
12:55:02.0443 0x0e64  [ 243974EC02F7AE49E4179C54624143AB, 755FA67F7BF10E3C6336788D297FBAA70F28F630852A43A78D3F7D7E3A7ECED0 ] C:\Windows\System32\MMDevAPI.dll
12:55:02.0443 0x0e64  C:\Windows\System32\MMDevAPI.dll - ok
12:55:02.0459 0x0e64  [ AC8C80DC4F1A6E60C9A762C1799F0B39, 9FD3A62B4E476CBE6D94D587826B5D8C6EB8208035A20B8E17749312C251FD6A ] C:\Windows\System32\adtschema.dll
12:55:02.0459 0x0e64  C:\Windows\System32\adtschema.dll - ok
12:55:02.0459 0x0e64  [ 139D3AB6AA920C34C50CBFFB9EB7D222, 5A5D205E16E6AFDCC965E4144FE6E104157DE7541D31727520363F2670513940 ] C:\Windows\System32\avrt.dll
12:55:02.0459 0x0e64  C:\Windows\System32\avrt.dll - ok
12:55:02.0474 0x0e64  [ 39C5F32747B3414D1BB216FDB1DEFC58, 6FAE64CB9748304090113903A5AE9E7154BE16BA2EEA7AB3EF04AB9D79B81380 ] C:\Windows\System32\dwmapi.dll
12:55:02.0474 0x0e64  C:\Windows\System32\dwmapi.dll - ok
12:55:02.0490 0x0e64  [ EDF2A5E96BEC469DA3F64E9BDD386111, 63C91BBDFA2E087293B010A4E45625FBD1BFCAF655BFADE2F8B1C36CF804B118 ] C:\Windows\System32\xmllite.dll
12:55:02.0490 0x0e64  C:\Windows\System32\xmllite.dll - ok
12:55:02.0506 0x0e64  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] C:\Windows\System32\profsvc.dll
12:55:02.0506 0x0e64  C:\Windows\System32\profsvc.dll - ok
12:55:02.0521 0x0e64  [ 66AACC19D629336B9915F5DB1A414799, FA5ED9B5B23032A064ACD970C7EC3E82B6AD1FF603895AF2D91B0446BDF5785D ] C:\Program Files\Microsoft Security Client\MpRTP.dll
12:55:02.0521 0x0e64  C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
12:55:02.0521 0x0e64  [ 1EBE9524683C7C4EED8B8BC93FB6FBCC, 78AF098E270EDE62466557091F14B2D37BDAB488F02E7CC769251FD17C02BA4A ] C:\Windows\System32\fltLib.dll
12:55:02.0521 0x0e64  C:\Windows\System32\fltLib.dll - ok
12:55:02.0537 0x0e64  [ 5B2E4E90C04FB9AE9F2C5E99FF59B283, 69DC06F246C3983934CA92149B4010A51868667D6E9A54A36338B1953B4CB21E ] C:\Windows\System32\WindowsCodecs.dll
12:55:02.0537 0x0e64  C:\Windows\System32\WindowsCodecs.dll - ok
12:55:02.0552 0x0e64  [ 8B0B4C5927A333A05513791758350DC4, 52FF08569678F3DA6D52FAE200E4C8C85E986805987EF1CDC0616C29664E7D64 ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
12:55:02.0552 0x0e64  C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
12:55:02.0568 0x0e64  [ 50D08A9A4C181B9BC2F1ED2003C99269, 59AD161C1D2EC9A066BFC1D9DE54EA092A31CCE19356DAB873A7D00D904BA100 ] C:\Program Files\Microsoft Security Client\MsMpLics.dll
12:55:02.0568 0x0e64  C:\Program Files\Microsoft Security Client\MsMpLics.dll - ok
12:55:02.0584 0x0e64  [ F68194F74350D4A2ADE98961E33F884C, 75DE3554409C42CA3B6FC1503BCB8CAFF85D5D7703F7E68C38A69AA8EF3FDA81 ] C:\Windows\System32\audiodg.exe
12:55:02.0584 0x0e64  C:\Windows\System32\audiodg.exe - ok
12:55:02.0599 0x0e64  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] C:\Windows\System32\wlansvc.dll
12:55:02.0599 0x0e64  C:\Windows\System32\wlansvc.dll - ok
12:55:02.0615 0x0e64  [ E77DC03DD3C8E5A388BF9EED2A28F3D1, ED0DAA975D1EC35CE036F02596218E15CC6A054167628D12A0A5AD91B841F422 ] C:\Windows\System32\drivers\MpFilter.sys
12:55:02.0615 0x0e64  C:\Windows\System32\drivers\MpFilter.sys - ok
12:55:02.0630 0x0e64  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] C:\Windows\System32\drivers\fltMgr.sys
12:55:02.0630 0x0e64  C:\Windows\System32\drivers\fltMgr.sys - ok
12:55:02.0646 0x0e64  [ D93A937A2A9D2CBC06B3A615A197011F, E55028F641512EC22CEC4674F7E380FE71059A21E51ECB345DDB769A276F30D1 ] C:\Windows\System32\PSHED.DLL
12:55:02.0646 0x0e64  C:\Windows\System32\PSHED.DLL - ok
12:55:02.0662 0x0e64  [ D21DEBAEBB3721D2F28324748059393C, 498BA10AD2FBB8D4EC760BE0D3779C7F6934ECA7D08AFCFBC6FFC40A7E1092C7 ] C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll
12:55:02.0662 0x0e64  C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll - ok
12:55:02.0677 0x0e64  [ 326C7F76A29897A892AA7726E91C1C67, 64305346B06EC14976130B0B80F14B4D5AB63E5B2A6A7B872EC9CE2BF8FADCD2 ] C:\Windows\System32\winbrand.dll
12:55:02.0677 0x0e64  C:\Windows\System32\winbrand.dll - ok
12:55:02.0677 0x0e64  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] C:\Windows\System32\gpsvc.dll
12:55:02.0677 0x0e64  C:\Windows\System32\gpsvc.dll - ok
12:55:02.0693 0x0e64  [ F10E5311E5093FA3C00FF88C54C32FCA, B557F5B00D77F030850D9AAC0FFEFC4C2A759EC4081C8459C9DEAE51BAAACC65 ] C:\Windows\System32\atl.dll
12:55:02.0693 0x0e64  C:\Windows\System32\atl.dll - ok
12:55:02.0708 0x0e64  [ D5AEFAD57C08349A4393D987DF7C715D, C36A45BC2448DF30CD17BD2F8A17FC196FAFB685612CACCEB22DC7B58515C201 ] C:\Windows\System32\winmm.dll
12:55:02.0708 0x0e64  C:\Windows\System32\winmm.dll - ok
12:55:02.0724 0x0e64  [ 1319CD4619E96B156911CA3897563EBC, 26BE0A2FFF2DB2B124D5A8449CC03B97BFBE1D6CAB7DD4C95F8FEDB875431C2C ] C:\Windows\System32\ci.dll
12:55:02.0724 0x0e64  C:\Windows\System32\ci.dll - ok
12:55:02.0740 0x0e64  [ D411DBEB875D9A3C3DCE95B1E6B86668, D42B8F9C41A7910B35CE5C05F0CA78858EC8AD961414111119A9D268E57A17E0 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CBF37D55-6DF0-42BC-8901-42E59C410A1E}\mpengine.dll
12:55:02.0740 0x0e64  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CBF37D55-6DF0-42BC-8901-42E59C410A1E}\mpengine.dll - ok
12:55:02.0755 0x0e64  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] C:\Windows\System32\es.dll
12:55:02.0755 0x0e64  C:\Windows\System32\es.dll - ok
12:55:02.0755 0x0e64  [ D205C24A9D069049FE2DF2A1B38726A7, B98F420B57A34FDA24F9A655319245EEF86EF4A952014FFA018070A01D5CBC4C ] C:\Windows\System32\wdmaud.drv
12:55:02.0755 0x0e64  C:\Windows\System32\wdmaud.drv - ok
12:55:02.0771 0x0e64  [ 9C67F6BBDA3881CFD02095160CF91576, 6CE97C6F0AD8BE183DE935A7AAB7D46821E8DE9E55A4BFF54ACB49D056826A94 ] C:\Windows\System32\ksuser.dll
12:55:02.0771 0x0e64  C:\Windows\System32\ksuser.dll - ok
12:55:02.0786 0x0e64  [ 808D8A8B2A3074002852BC856D419576, 1AFDEAAD071D398F4663E82D58510ABC0A30048018866C59AB53D3ECB6E6D349 ] C:\Windows\System32\comres.dll
12:55:02.0786 0x0e64  C:\Windows\System32\comres.dll - ok
12:55:02.0802 0x0e64  [ 50E0DD0A5B8D8BC353578F2F73926697, 9A453F60FC0149417105BB5B4CB910D614A3D832D98313A58D0EA36BABED4460 ] C:\Windows\System32\nlaapi.dll
12:55:02.0802 0x0e64  C:\Windows\System32\nlaapi.dll - ok
12:55:02.0818 0x0e64  [ 2F040CF0613A6D64DCBBA9EE81F5A5AE, DA16117429AF47230CD7C136407C81951B8D2E45A8B7A9DC6948407AA2EC4ADD ] C:\Windows\System32\dsrole.dll
12:55:02.0818 0x0e64  C:\Windows\System32\dsrole.dll - ok
12:55:02.0833 0x0e64  [ 65BF13016A3C22775F3E17591AE5268A, 7DFE2F99D33D47E4A55ACBE83FE5B536A2983742522629414D5F941043C591D3 ] C:\Windows\System32\VaultCredProvider.dll
12:55:02.0833 0x0e64  C:\Windows\System32\VaultCredProvider.dll - ok
12:55:02.0849 0x0e64  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] C:\Windows\System32\Sens.dll
12:55:02.0849 0x0e64  C:\Windows\System32\Sens.dll - ok
12:55:02.0849 0x0e64  [ 8B74CEC6980D4816B0037AE9A27E538F, 8721EDB4C51BF6020002FA5DDB1987C68590F9F433A2F18D9756B2DAC7542CB6 ] C:\Windows\System32\slc.dll
12:55:02.0849 0x0e64  C:\Windows\System32\slc.dll - ok
12:55:02.0864 0x0e64  [ 1C073FDF1AAA7A89D81576D62EA0FBD7, 0740FD208ECFD3B9D6B74EDA216C7C564FC0F43960500A6F3EFF7316D95618AF ] C:\Windows\System32\LMIinit.dll
12:55:02.0864 0x0e64  C:\Windows\System32\LMIinit.dll - ok
12:55:02.0880 0x0e64  [ 4BCC63ED1C3D15B2635A8AE2B854B3EB, 4CF29B4E896996145D54263FD06358E16C3FE2CD39C3AF6BCCE607590C637555 ] C:\Windows\System32\SmartcardCredentialProvider.dll
12:55:02.0880 0x0e64  C:\Windows\System32\SmartcardCredentialProvider.dll - ok
12:55:02.0896 0x0e64  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] C:\Windows\System32\uxsms.dll
12:55:02.0896 0x0e64  C:\Windows\System32\uxsms.dll - ok
12:55:02.0911 0x0e64  [ C940F2F5C60B3727C5F18840735B229C, EFC3F465FD6C570505C214A92644357ACD01B1843ED25B5FCCCE10533403485C ] C:\Windows\System32\AudioSes.dll
12:55:02.0911 0x0e64  C:\Windows\System32\AudioSes.dll - ok
12:55:02.0911 0x0e64  [ E59F08ED9D2A128CE436BBFC232247F6, 9CD690C1B7CB6CA59F6AB2752A5AF2FC5A057CCBDA4166900F0AC68296972060 ] C:\Windows\System32\BioCredProv.dll
12:55:02.0911 0x0e64  C:\Windows\System32\BioCredProv.dll - ok
12:55:02.0927 0x0e64  [ 3FAD263CE1E2A6FFF40D00043B2275E3, 0063D7DAD57CA78C3DCE6A2E7D4FF7A47DBBBBAA33F92AEF747D8102E055D1AA ] C:\Windows\System32\winbio.dll
12:55:02.0927 0x0e64  C:\Windows\System32\winbio.dll - ok
12:55:02.0942 0x0e64  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] C:\Windows\System32\drivers\lltdio.sys
12:55:02.0942 0x0e64  C:\Windows\System32\drivers\lltdio.sys - ok
12:55:02.0958 0x0e64  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] C:\Windows\System32\drivers\nwifi.sys
12:55:02.0958 0x0e64  C:\Windows\System32\drivers\nwifi.sys - ok
12:55:02.0974 0x0e64  [ E9BB0CD09DA17C71FD1B9954D75AEEF7, FF5E2F04F1FD56FDD19368150B5750275F0A44E9EA9820C8087E84ECBBF45286 ] C:\Windows\System32\credui.dll
12:55:02.0974 0x0e64  C:\Windows\System32\credui.dll - ok
12:55:02.0989 0x0e64  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] C:\Windows\System32\MPSSVC.dll
12:55:02.0989 0x0e64  C:\Windows\System32\MPSSVC.dll - ok
12:55:03.0005 0x0e64  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] C:\Windows\System32\drivers\ndisuio.sys
12:55:03.0005 0x0e64  C:\Windows\System32\drivers\ndisuio.sys - ok
12:55:03.0020 0x0e64  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] C:\Windows\System32\drivers\rspndr.sys
12:55:03.0020 0x0e64  C:\Windows\System32\drivers\rspndr.sys - ok
12:55:03.0020 0x0e64  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] C:\Windows\System32\lmhsvc.dll
12:55:03.0020 0x0e64  C:\Windows\System32\lmhsvc.dll - ok
12:55:03.0036 0x0e64  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] C:\Windows\System32\nsisvc.dll
12:55:03.0036 0x0e64  C:\Windows\System32\nsisvc.dll - ok
12:55:03.0052 0x0e64  [ 36B8D5903CEEF0AA42A1EE002BD27FF1, CBD5C4D0E05B9A2657D816B655FFFC386807061594DEAABA754658D3152F7403 ] C:\Windows\System32\vaultcli.dll
12:55:03.0052 0x0e64  C:\Windows\System32\vaultcli.dll - ok
12:55:03.0067 0x0e64  [ 2FCA0D2C59A855C54BAFA22AA329DF0F, ED9D26F539065D62FCCEDEEC8E509B30F4D15F8DA586C1F657ACEFE9DABAACD0 ] C:\Windows\System32\netapi32.dll
12:55:03.0067 0x0e64  C:\Windows\System32\netapi32.dll - ok
12:55:03.0083 0x0e64  [ A90DC9ABD65DB1A8902F361103029952, 26798758976CE53251AC342B966BE0363AE1794BD965C452F5DEBC33E18969F0 ] C:\Windows\System32\IPHLPAPI.DLL
12:55:03.0083 0x0e64  C:\Windows\System32\IPHLPAPI.DLL - ok
12:55:03.0098 0x0e64  [ 20B3934DB73EABA2B49B7177873CB81F, 492EAC5C51472B43DE11825358AEC4B9E3A081DACFD7513C696D6FE40F302EE5 ] C:\Windows\System32\netutils.dll
12:55:03.0098 0x0e64  C:\Windows\System32\netutils.dll - ok
12:55:03.0098 0x0e64  [ CFF35B879D1618D42C86644C717BA947, 1837275202628D3320867A3BF8CFDA15491730C4B74215F7C0D7E140BF01AC3C ] C:\Windows\System32\winnsi.dll
12:55:03.0098 0x0e64  C:\Windows\System32\winnsi.dll - ok
12:55:03.0114 0x0e64  [ D2A937964199F647B1C3BC435712E5D9, 03029296547750229C0C484CD09D67286096B92661C41DF67C60019DEF75A2F7 ] C:\Windows\System32\nrpsrv.dll
12:55:03.0114 0x0e64  C:\Windows\System32\nrpsrv.dll - ok
12:55:03.0130 0x0e64  [ E5A4A1326A02F8E7B59E6C3270CE7202, DCB76016F9AC47E631540874DA208A089F9D529DA9628705A2869B954526BFE0 ] C:\Windows\System32\wkscli.dll
12:55:03.0130 0x0e64  C:\Windows\System32\wkscli.dll - ok
12:55:03.0145 0x0e64  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] C:\Windows\System32\dnsrslvr.dll
12:55:03.0145 0x0e64  C:\Windows\System32\dnsrslvr.dll - ok
12:55:03.0161 0x0e64  [ AF75DBA674E55221B7A055B0A4345F16, 50F1B550F4EBFA946564EB66BBD17C308DCB08055017E010095A94C2EBCE208D ] C:\Windows\System32\keyiso.dll
12:55:03.0161 0x0e64  C:\Windows\System32\keyiso.dll - ok
12:55:03.0176 0x0e64  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] C:\Windows\System32\eapsvc.dll
12:55:03.0176 0x0e64  C:\Windows\System32\eapsvc.dll - ok
12:55:03.0192 0x0e64  [ 68ECCA523ED760AAFC03C5D587569859, CDD734279C8F9F24EA2538BAD8E91EB8C3DD74C33032DB6B2D85C19576B42707 ] C:\Windows\System32\samcli.dll
12:55:03.0192 0x0e64  C:\Windows\System32\samcli.dll - ok
12:55:03.0208 0x0e64  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] C:\Windows\System32\dhcpcore.dll
12:55:03.0208 0x0e64  C:\Windows\System32\dhcpcore.dll - ok
12:55:03.0208 0x0e64  [ F0D0E883EBBDC7615DC9EDEA0FFB2817, 58F1395445018CB16ED4D3710443FB5B0E087043F6A69F7B10D72D0455958954 ] C:\Windows\System32\FWPUCLNT.DLL
12:55:03.0208 0x0e64  C:\Windows\System32\FWPUCLNT.DLL - ok
12:55:03.0223 0x0e64  [ 9A892B3439884C62B04718F0303A49E9, E3A772832BE440B074628FCAE06FACA451E2329BAEDD62CAB54310B44AF6BA4A ] C:\Windows\System32\eapphost.dll
12:55:03.0223 0x0e64  C:\Windows\System32\eapphost.dll - ok
12:55:03.0239 0x0e64  [ 6D8CACF3B1B54943EFCF420C2D667B37, 64EB621EC68077761A0662BE78D2D17ADA982FCFE4D3BBD3A96D0D990BD8541A ] C:\Windows\System32\certCredProvider.dll
12:55:03.0239 0x0e64  C:\Windows\System32\certCredProvider.dll - ok
12:55:03.0254 0x0e64  [ 100103C6535C66265267F5EEA5F5846E, DC5972BC1FCABDC51E4DF4D5124D408BB03F2EFAF25AB70C921DD7A03A12DFD4 ] C:\Windows\System32\dnsext.dll
12:55:03.0254 0x0e64  C:\Windows\System32\dnsext.dll - ok
12:55:03.0270 0x0e64  [ EFDA8576B2BA177AE3DF78B29EA0C45B, FCAC75169F9DACDB13E3FAFEC633676C0D3346AEB8655A64A7B91D2B5D069B48 ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDCREDPROV.DLL
12:55:03.0270 0x0e64  C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDCREDPROV.DLL - ok
12:55:03.0286 0x0e64  [ 9A85ABCE0FDD1AF8E79E731EB0B679F3, 2A610BEB16610FE2F2E9A50477A62A05481E8A5843A814955A0EDFF45D0304B3 ] C:\Windows\System32\dhcpcsvc.dll
12:55:03.0286 0x0e64  C:\Windows\System32\dhcpcsvc.dll - ok
12:55:03.0301 0x0e64  [ EF71BA5DF59034962B0C62314A71351A, BB31EDFCCFF1CE984CDE0E1D8996BF70DC28F97B6685AE54172F2F4BAFA56A0F ] C:\Windows\System32\dhcpcore6.dll
12:55:03.0301 0x0e64  C:\Windows\System32\dhcpcore6.dll - ok
12:55:03.0317 0x0e64  [ 1F5497D7D3D79C7BF0AB0C8B4C5BFE6E, 27848861F25C00168A1A0FE0722D8E327D2251C4FB69A7968EE5722ECCD129E3 ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
12:55:03.0317 0x0e64  C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
12:55:03.0332 0x0e64  [ 81F6C1AE23B1C493D9E996C3103915D7, E22408B4D2EDE2F89E686A4FDCD4057BE27B86D050E9CB489F0FFB39C72AEC1D ] C:\Windows\System32\dhcpcsvc6.dll
12:55:03.0332 0x0e64  C:\Windows\System32\dhcpcsvc6.dll - ok
12:55:03.0364 0x0e64  [ FFE4BEC5C187C426A17AE76A773063A6, 0003F7DBCE52F3E7B467FBB6522623E7318E22BC2E1BB5890AFAE29682543F99 ] C:\Windows\System32\rasplap.dll
12:55:03.0364 0x0e64  C:\Windows\System32\rasplap.dll - ok
12:55:03.0379 0x0e64  [ 839F96DBAAFD3353E0B248A5E0BD2A51, 11DA5AD3EA5FF4766C12B99FB520B3CBE08581ECAF1A2FD1DC5AC835CA78FAC2 ] C:\Windows\System32\rasapi32.dll
12:55:03.0379 0x0e64  C:\Windows\System32\rasapi32.dll - ok
12:55:03.0395 0x0e64  [ D33E95C0A2754061233B58DC41F8094C, C957FD018DCCC8EA4BFD0EBB16A8A65B5F8AD543929EE92251C8718872BBA628 ] C:\Windows\System32\umb.dll
12:55:03.0395 0x0e64  C:\Windows\System32\umb.dll - ok
12:55:03.0410 0x0e64  [ 3C9035085141162416A0DD34DBF3F3C1, 31856241BBCC5AEC32C36BD073667001ECBA3A65C1D55B26A9CEE186CE1C03E6 ] C:\Windows\System32\wlanmsm.dll
12:55:03.0410 0x0e64  C:\Windows\System32\wlanmsm.dll - ok
12:55:03.0426 0x0e64  [ FFA7172354B9256DBB2CDD75F16F33FE, 85B2F014C67C2E52540F17D561793C6633C9E98F12639CCD3854EB1EC34DD035 ] C:\Windows\System32\rasman.dll
12:55:03.0426 0x0e64  C:\Windows\System32\rasman.dll - ok
12:55:03.0442 0x0e64  [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159, ACE7F85685EB92FC3AB4215122B0469E32F23B196C49F08CDA7791D3122C45DC ] C:\Windows\System32\rtutils.dll
12:55:03.0442 0x0e64  C:\Windows\System32\rtutils.dll - ok
12:55:03.0457 0x0e64  [ 20C06A50DFC097E134BC6FA8444CA9BC, 7739CF0ABCA918C9A49D655FB4E032163BBFB7064844F0C8EBDA282CB0225DFC ] C:\Windows\System32\wlansec.dll
12:55:03.0457 0x0e64  C:\Windows\System32\wlansec.dll - ok
12:55:03.0457 0x0e64  [ 07393A09C46083588E751B63B03C8301, 36E2351CF5FA05FEAAEB340B5E04B107B53C8174F8333559D8AEA40BEB94F678 ] C:\Windows\System32\msacm32.drv
12:55:03.0473 0x0e64  C:\Windows\System32\msacm32.drv - ok
12:55:03.0473 0x0e64  [ 85683DF1F917E4D7F6BE1A04986BF1C8, D68D9F525D31C1843B6EC8FA950166FA1F34DB71222716E7B22DD33981C152B6 ] C:\Windows\System32\msacm32.dll
12:55:03.0473 0x0e64  C:\Windows\System32\msacm32.dll - ok
12:55:03.0488 0x0e64  [ 5A12C364AD1D4FCC0AD0E56DBBC34462, 5FDF434BE4E15311AC83754CF85B5451F5A219D768A5DE3DC4FD9AE0B57B0AD9 ] C:\Windows\System32\midimap.dll
12:55:03.0488 0x0e64  C:\Windows\System32\midimap.dll - ok
12:55:03.0504 0x0e64  [ F748F53FE09D21D8ECBB6421E6792024, 38F737673F8B089B2540CE7015A4DF7081754F7CC83BFF85199B70555AF32ED0 ] C:\Windows\System32\onex.dll
12:55:03.0504 0x0e64  C:\Windows\System32\onex.dll - ok
12:55:03.0520 0x0e64  [ A12829E9974F57E9B5DBFEA7C93190F6, 1EC2A36CAF30A706B6082C5CA79B6A33FA99342E144508DB1415D1611E631EBC ] C:\Windows\System32\UXInit.dll
12:55:03.0520 0x0e64  C:\Windows\System32\UXInit.dll - ok
12:55:03.0535 0x0e64  [ 7DF75678370425F58BB752E371819FF7, 45E3EC0D6788B7912C4AFB428AAC6E6D371112E6197227948693F050E79717A6 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CBF37D55-6DF0-42BC-8901-42E59C410A1E}\mpasbase.vdm
12:55:03.0535 0x0e64  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CBF37D55-6DF0-42BC-8901-42E59C410A1E}\mpasbase.vdm - ok
12:55:03.0551 0x0e64  [ BBA9D5A730D5E304117AD26923EBD8AA, 62DD6CEA9B3819DEC704BFBDCFF771903A2E2E8668EB9D5AD32210EEDB359132 ] C:\Windows\System32\AudioEng.dll
12:55:03.0551 0x0e64  C:\Windows\System32\AudioEng.dll - ok
12:55:03.0551 0x0e64  [ 666E57B6B51824D1D235F80A3DD70A13, B2ACCABDD5D8B23E502FE691C1DEE4A2C0EA20EDCDE5B4000557579D56D411EC ] C:\Windows\System32\eappprxy.dll
12:55:03.0551 0x0e64  C:\Windows\System32\eappprxy.dll - ok
12:55:03.0566 0x0e64  [ 5A5FEDDF02588B8F9FE4A95E5E7EAE97, 364A2DC446E9AB091A216D0EED559CEA334AA46EC0BC693CBD6CE1DE0F89317B ] C:\Windows\System32\eappcfg.dll
12:55:03.0566 0x0e64  C:\Windows\System32\eappcfg.dll - ok
12:55:03.0582 0x0e64  [ 96F0F8F4DEE598C8D12AD9633E0CFE2A, 56EA483444BB6CCD6B9BE8030BB0FBB60EEE34A96731AB50CDC7DBA56BF2CB7C ] C:\Windows\System32\AUDIOKSE.dll
12:55:03.0582 0x0e64  C:\Windows\System32\AUDIOKSE.dll - ok
12:55:03.0598 0x0e64  [ 749F9795F01C35EEBE100A87D82B9681, 03A636328D3D97AFA6B5D6B3085EA8D27C3DBCAEA5986FD74904FC754378CD64 ] C:\Windows\System32\wlgpclnt.dll
12:55:03.0598 0x0e64  C:\Windows\System32\wlgpclnt.dll - ok
12:55:03.0613 0x0e64  [ 8E01332CC4B68BC6B5B7EFFE374442AA, A4AD1D2FD3EC2F26949DBBC388F9FFF3713AD7EB4E9220AF817EBB5223E467C6 ] C:\Windows\System32\oleacc.dll
12:55:03.0613 0x0e64  C:\Windows\System32\oleacc.dll - ok
12:55:03.0629 0x0e64  [ C1585EAA67C37A05BF6F93726FAFC069, 50401A628053871D5B864E2493018236A117F177AD1E466EDE6FB3CACBD6C5BD ] C:\Windows\System32\l2gpstore.dll
12:55:03.0629 0x0e64  C:\Windows\System32\l2gpstore.dll - ok
12:55:03.0644 0x0e64  [ E554650D5EEFECDF78470C943529CA23, E9548E4EFB60AA42B6F85FF474223CE253B2EA7D77582CCD17F4AB3BDC97ABE3 ] C:\Windows\System32\RtkAPO.dll
12:55:03.0644 0x0e64  C:\Windows\System32\RtkAPO.dll - ok
12:55:03.0660 0x0e64  [ 1D6A771D1D702AE07919DB52C889A249, E5F3378AC40AEE6114EEAF3BF11DC1059466891CAE353E80C08622A60485C954 ] C:\Windows\System32\wlanutil.dll
12:55:03.0660 0x0e64  C:\Windows\System32\wlanutil.dll - ok
12:55:03.0676 0x0e64  [ FD049C25A168D3DE310D9207B7B6367B, 48966605E7CF87996068AC1A2E563F90F6F152E710323792C633E10BCBA480E4 ] C:\Windows\System32\UIAutomationCore.dll
12:55:03.0676 0x0e64  C:\Windows\System32\UIAutomationCore.dll - ok
12:55:03.0676 0x0e64  [ 9419ABF3163B6F0E3AD3DD2B381C879F, 75029AFDB5F8A8F74A63B6C8165E77110E2FBAEC0021A9613035BFFEC646A54E ] C:\Windows\System32\WinSCard.dll
12:55:03.0676 0x0e64  C:\Windows\System32\WinSCard.dll - ok
12:55:03.0691 0x0e64  [ EAADD6E47ED2A7003ACE1793B98CF63F, EE090284CA4595B6A140949A41025926CEC3CCACCD2931B6AC77A1E14D20E5B4 ] C:\Windows\System32\msxml6.dll
12:55:03.0691 0x0e64  C:\Windows\System32\msxml6.dll - ok
12:55:03.0707 0x0e64  [ 827CB0D6C3F8057EA037FF271F8E9795, 82760DBDDD38D2A31CAAF51D065DF4E7E1D0F0C22733A0AF653776EBF7B79470 ] C:\Windows\System32\imageres.dll
12:55:03.0707 0x0e64  C:\Windows\System32\imageres.dll - ok
12:55:03.0722 0x0e64  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] C:\Windows\System32\shsvcs.dll
12:55:03.0722 0x0e64  C:\Windows\System32\shsvcs.dll - ok
12:55:03.0738 0x0e64  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] C:\Windows\System32\schedsvc.dll
12:55:03.0738 0x0e64  C:\Windows\System32\schedsvc.dll - ok
12:55:03.0754 0x0e64  [ 38B13C0DF479DBA23ECFA815159BA86E, C289C65AF3FB689AD6B770AB0E815860D9EA36FB2A8DE9F1818C63AD0FE47CBD ] C:\Windows\System32\ktmw32.dll
12:55:03.0754 0x0e64  C:\Windows\System32\ktmw32.dll - ok
12:55:03.0769 0x0e64  [ E6D90DC604F407B3B5E0FD285E46B2A0, 41C0E25E93E6985445410B23058B8972E7720464ABDB41D84FF10CCAC204921A ] C:\Windows\System32\fveapi.dll
12:55:03.0769 0x0e64  C:\Windows\System32\fveapi.dll - ok
12:55:03.0785 0x0e64  [ EAFC149CD3BD78C443E31BB157841197, 9045425B0C7A23D5A96D1084FB3B1DED35852B3FB1DCB942DEB4A5B906126CA4 ] C:\Windows\System32\tbs.dll
12:55:03.0785 0x0e64  C:\Windows\System32\tbs.dll - ok
12:55:03.0785 0x0e64  [ C87F28A34B3840F4B40011D170B1A159, 4FB94B9197C5FA73E1A74BA8DCD4ACE830C927FD67B117426714CCD7396E3CB9 ] C:\Windows\System32\fvecerts.dll
12:55:03.0785 0x0e64  C:\Windows\System32\fvecerts.dll - ok
12:55:03.0800 0x0e64  [ 1C3E8371377E988B683797A132EFFE1B, CC4A9B9084F163428973A04D77CADDAA838C5761BF9E55971FAD7275BB9D2194 ] C:\Windows\System32\taskcomp.dll
12:55:03.0800 0x0e64  C:\Windows\System32\taskcomp.dll - ok
12:55:03.0816 0x0e64  [ E2D56AE1D40E3725084054CD8E9CFBB1, 7548C22DE09DCCC9BA41BA1DE331CFD0B18DDA00A40E27DFB8EA551CDF7050BC ] C:\Windows\System32\wiarpc.dll
12:55:03.0816 0x0e64  C:\Windows\System32\wiarpc.dll - ok
12:55:03.0832 0x0e64  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] C:\Windows\System32\BFE.DLL
12:55:03.0832 0x0e64  C:\Windows\System32\BFE.DLL - ok
12:55:03.0847 0x0e64  [ 4E30ED3E551E867ADD1C8D58F5EDD9DF, C933ABF1069128F4AB73DA47B2E7C029249804D65F50720897ECCAB3F4A07C27 ] C:\Windows\System32\WMALFXGFXDSP.dll
12:55:03.0847 0x0e64  C:\Windows\System32\WMALFXGFXDSP.dll - ok
12:55:03.0863 0x0e64  [ 40B82688907A7DBA4DB3B5ADDE3EAB3B, 7A8A051F414A0A11252A361461A086890BCE9F49CE1AF794061184AE16517EF1 ] C:\Windows\System32\mfplat.dll
12:55:03.0863 0x0e64  C:\Windows\System32\mfplat.dll - ok
12:55:03.0863 0x0e64  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] C:\Windows\System32\drivers\bowser.sys
12:55:03.0878 0x0e64  C:\Windows\System32\drivers\bowser.sys - ok
12:55:03.0878 0x0e64  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] C:\Windows\System32\drivers\mpsdrv.sys
12:55:03.0878 0x0e64  C:\Windows\System32\drivers\mpsdrv.sys - ok
12:55:03.0894 0x0e64  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] C:\Windows\System32\drivers\mrxsmb.sys
12:55:03.0894 0x0e64  C:\Windows\System32\drivers\mrxsmb.sys - ok
12:55:03.0910 0x0e64  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] C:\Windows\System32\drivers\mrxsmb10.sys
12:55:03.0910 0x0e64  C:\Windows\System32\drivers\mrxsmb10.sys - ok
12:55:03.0925 0x0e64  [ 019C372B1A9DA73A22D0D35A4D40F5C9, 6DDAF455D528FDC2F8271E5909289E76E54D81AC5563433653FC7E0C6EA5BB70 ] C:\Windows\System32\wfapigp.dll
12:55:03.0925 0x0e64  C:\Windows\System32\wfapigp.dll - ok
12:55:03.0941 0x0e64  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] C:\Windows\System32\drivers\mrxsmb20.sys
12:55:03.0941 0x0e64  C:\Windows\System32\drivers\mrxsmb20.sys - ok
12:55:03.0956 0x0e64  [ 7F8678C59F188528D60104E697C2361E, 9B4D262B10CB09543ACA9A78482F4EDD905791D2C8C518B574EBA440A71A85B7 ] C:\Windows\System32\mscms.dll
12:55:03.0956 0x0e64  C:\Windows\System32\mscms.dll - ok
12:55:03.0972 0x0e64  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] C:\Windows\System32\wkssvc.dll
12:55:03.0972 0x0e64  C:\Windows\System32\wkssvc.dll - ok
12:55:03.0988 0x0e64  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] C:\Windows\System32\pcasvc.dll
12:55:03.0988 0x0e64  C:\Windows\System32\pcasvc.dll - ok
12:55:03.0988 0x0e64  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] C:\Windows\System32\snmptrap.exe
12:55:03.0988 0x0e64  C:\Windows\System32\snmptrap.exe - ok
12:55:04.0003 0x0e64  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] C:\Windows\System32\drivers\parport.sys
12:55:04.0003 0x0e64  C:\Windows\System32\drivers\parport.sys - ok
12:55:04.0019 0x0e64  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] C:\Windows\System32\dps.dll
12:55:04.0019 0x0e64  C:\Windows\System32\dps.dll - ok
12:55:04.0034 0x0e64  [ 1FF7E4F548C7C372C804938F0D5B36AE, F20409733F67853CBF51FD83E4DB73260FED7B7A4F361C6B3482D78C990E16FC ] C:\Windows\System32\netcfgx.dll
12:55:04.0034 0x0e64  C:\Windows\System32\netcfgx.dll - ok
12:55:04.0066 0x0e64  [ 3FAA563DDF853320F90259D455A01D79, D81B5FCC0CBCF9CE18E44A31071D357B12F5016159E24954E50E68D80C9F61B8 ] C:\Windows\System32\drivers\LMIRfsDriver.sys
12:55:04.0066 0x0e64  C:\Windows\System32\drivers\LMIRfsDriver.sys - ok
12:55:04.0081 0x0e64  [ F845CB13B1D1FC68C97900FEF94D03CC, 4832FEB9897291297748C95CC44B200239F737A673225F6D5EF89FC6458C5BCC ] C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll
12:55:04.0081 0x0e64  C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll - ok
12:55:04.0097 0x0e64  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] C:\Windows\System32\cryptsvc.dll
12:55:04.0097 0x0e64  C:\Windows\System32\cryptsvc.dll - ok
12:55:04.0112 0x0e64  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] C:\Windows\System32\drivers\vwifimp.sys
12:55:04.0112 0x0e64  C:\Windows\System32\drivers\vwifimp.sys - ok
12:55:04.0128 0x0e64  [ 544EFF88AC6C85DF5A4D6F18DFE08CFC, D688381F42062FD5D868E7770857C5951C41BA20A1B6E6F60B5D9536C02CD293 ] C:\Windows\System32\taskschd.dll
12:55:04.0128 0x0e64  C:\Windows\System32\taskschd.dll - ok
12:55:04.0144 0x0e64  [ E9251EB760BD49AA99CDAC57569278B7, 60B1F0B6504C673580B1C33ABBB3D1C53ABB248C6A421115AD13B4BDFE59E099 ] C:\Windows\System32\spool\drivers\w32x86\3\lxdcserv.exe
12:55:04.0144 0x0e64  C:\Windows\System32\spool\drivers\w32x86\3\lxdcserv.exe - ok
12:55:04.0175 0x0e64  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] C:\Windows\System32\IKEEXT.DLL
12:55:04.0175 0x0e64  C:\Windows\System32\IKEEXT.DLL - ok
12:55:04.0190 0x0e64  [ 7B851A8018B1EA00A69707A390004884, DAE654713EF1DC66C8C2D27752B659081794063A7D522D1F680AA9A6E7FBA9FD ] C:\Windows\System32\cryptnet.dll
12:55:04.0190 0x0e64  C:\Windows\System32\cryptnet.dll - ok
12:55:04.0206 0x0e64  [ 13337A3FB17F2242487FD45488ED0485, C174F8652118876494336AB88A65D594E0E6CCBAB20CC6BA08E6B253855A01CA ] C:\Windows\System32\vssapi.dll
12:55:04.0206 0x0e64  C:\Windows\System32\vssapi.dll - ok
12:55:04.0222 0x0e64  [ BEF40F97110BD10CC569C2C148363231, DBC535AD7E51214E157A4ED808F6D59D2831C2A70F266D966E75F711A18FC9BD ] C:\Windows\System32\lxdccoms.exe
12:55:04.0222 0x0e64  C:\Windows\System32\lxdccoms.exe - ok
12:55:04.0237 0x0e64  [ 9CF717267FC62B9A852B66D5CE655CFA, 8F2F25B6CE6634A055F900A7F468ACA2D4E11ED5D98C377B858E6E6E4404DC59 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CBF37D55-6DF0-42BC-8901-42E59C410A1E}\mpasdlta.vdm
12:55:04.0237 0x0e64  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CBF37D55-6DF0-42BC-8901-42E59C410A1E}\mpasdlta.vdm - ok
12:55:04.0253 0x0e64  [ A86F5616EACB7155998011CEFFFB52F6, 1D877042AD916204D17516A609CE39B6AE9425D6B066E26708D39D53458A406B ] C:\Windows\System32\RdpGroupPolicyExtension.dll
12:55:04.0268 0x0e64  C:\Windows\System32\RdpGroupPolicyExtension.dll - ok
12:55:04.0268 0x0e64  [ B940289C83121046BD6A60ACC6028593, EBD1C2C0A8EBB201924536AB5C6E032C12B9E081A153CC079748E1D6D625F0DF ] C:\Windows\System32\vsstrace.dll
12:55:04.0268 0x0e64  C:\Windows\System32\vsstrace.dll - ok
12:55:04.0284 0x0e64  [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8, B1A9B2EF000917214C0198958CBD239D1D91B1720EC40DF041262A34D302AD74 ] C:\Windows\System32\winspool.drv
12:55:04.0284 0x0e64  C:\Windows\System32\winspool.drv - ok
12:55:04.0300 0x0e64  [ E223D2851906B84F52E1B75EA16198F9, 645E9CC72D5154E8BB8C15A23AC49B1EDD1A3E0569316A047824C11D1A10659A ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll
12:55:04.0300 0x0e64  C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll - ok
12:55:04.0315 0x0e64  [ FED81EE050A7A9C08E189405FEE5B6A3, 8BFD3212F558B37542993152608742C6EBEFF8396360DBC9C782CC8674973D9C ] C:\Windows\System32\lxdcserv.dll
12:55:04.0315 0x0e64  C:\Windows\System32\lxdcserv.dll - ok
12:55:04.0331 0x0e64  [ 00000000000000000000000000000000, 0000000000000000000000000000000000000000000000000000000000000000 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CBF37D55-6DF0-42BC-8901-42E59C410A1E}\mpavbase.vdm
12:55:04.0331 0x0e64  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CBF37D55-6DF0-42BC-8901-42E59C410A1E}\mpavbase.vdm - ok
12:55:04.0346 0x0e64  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] C:\Windows\System32\provsvc.dll
12:55:04.0346 0x0e64  C:\Windows\System32\provsvc.dll - ok
12:55:04.0362 0x0e64  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:55:04.0362 0x0e64  C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe - ok
12:55:04.0378 0x0e64  [ 5845B1C54380FB980F68024B3A8B1E66, A7215D59B5C452F1494CFEC0DFC1E4ABE2D17EA0E1D07FBA062901BC3DED21AF ] C:\Windows\System32\vpnikeapi.dll
12:55:04.0378 0x0e64  C:\Windows\System32\vpnikeapi.dll - ok
12:55:04.0393 0x0e64  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] C:\Windows\System32\sstpsvc.dll
12:55:04.0393 0x0e64  C:\Windows\System32\sstpsvc.dll - ok
12:55:04.0393 0x0e64  [ 9E5F104AA95528ED9A8A85A7AF8507C7, 95910A3BB43D13F630B7DB3768357755C664C9241FD861D42B2463E67ECC35AA ] C:\Windows\System32\lxdcinpa.dll
12:55:04.0393 0x0e64  C:\Windows\System32\lxdcinpa.dll - ok
12:55:04.0409 0x0e64  [ 499EB8F65CC51E55812135857CAA6476, A2BD9B81A0EF6439A8ECC14FE07B9652FE45172C5B979519F61D081B4321149E ] C:\Windows\System32\lxdciesc.dll
12:55:04.0409 0x0e64  C:\Windows\System32\lxdciesc.dll - ok
12:55:04.0424 0x0e64  [ EF39CCCC9AD927A25334AE0B41A8A343, EC5FB376F84697F42B632BC9775D362CF6C54A68E26A0CF027D90F5A419BEA74 ] C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
12:55:04.0424 0x0e64  C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll - ok
12:55:04.0440 0x0e64  [ 08C71DB28995F072F21A039362336355, 64943BA6668B5C36852BC8B5B0AF18C4AB2B25272BE836A964FE838075201190 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CBF37D55-6DF0-42BC-8901-42E59C410A1E}\mpavdlta.vdm
12:55:04.0440 0x0e64  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CBF37D55-6DF0-42BC-8901-42E59C410A1E}\mpavdlta.vdm - ok
12:55:04.0456 0x0e64  [ 226ABF4D76D39C905A035E4B5C8F2164, D72E6CB4F4B836EBBB536338810D05F89B3BEDD8473BB7DB6CD38219D3F4EE39 ] C:\Windows\System32\lxdcusb1.dll
12:55:04.0456 0x0e64  C:\Windows\System32\lxdcusb1.dll - ok
12:55:04.0471 0x0e64  [ 9275F02BEA644F43A459E316A932658F, A4B9A716BEF1ADFDDA4C44D4838EC57BD77DEE29C4B4737B58A9375C2366A87F ] C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
12:55:04.0471 0x0e64  C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll - ok
12:55:04.0487 0x0e64  [ D0033DA6798E8A1A9818D0DFE7EFBB99, 2B3435C4562103FA2CF09962DC01B7234B77353E444053173C0F1217BE6F93A1 ] C:\Windows\System32\lxdchbn3.dll
12:55:04.0487 0x0e64  C:\Windows\System32\lxdchbn3.dll - ok
12:55:04.0502 0x0e64  [ D145E03F897B9F9C0264BA69B2E300D5, 0AFF019E564FDB25FF88848C43254052A49CA0CC6EB120448DCA6F1081E492E0 ] C:\Windows\System32\LXDChcp.dll
12:55:04.0502 0x0e64  C:\Windows\System32\LXDChcp.dll - ok
12:55:04.0518 0x0e64  [ 0B7E85364CB878E2AD531DB7B601A9E5, F5AD3018427F1CD68450EE5CB55AA9572546322580E0FB1E7888702A291C2380 ] C:\Windows\System32\NapiNSP.dll
12:55:04.0518 0x0e64  C:\Windows\System32\NapiNSP.dll - ok
12:55:04.0518 0x0e64  [ 5CF640EDDB1E40A5AB1BB743BCDEC610, 0313AA3F713C9F5B84DBB0B4DE78A96B173E9F7B4CF61C10FDC7DAE952DB04E5 ] C:\Windows\System32\pnrpnsp.dll
12:55:04.0518 0x0e64  C:\Windows\System32\pnrpnsp.dll - ok
12:55:04.0534 0x0e64  [ 9D4A1690AF93F233E15380398BEC7431, 8CC99491880DBC444651EB7D245EEE46FE77F4FA74FECFCD29E734AA21AF9D75 ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
12:55:04.0534 0x0e64  C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
12:55:04.0549 0x0e64  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:55:04.0549 0x0e64  C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe - ok
12:55:04.0565 0x0e64  [ 5DF5D8CFD9B9573FA3B2C89D9061A240, 990EA273B640DF2D7E800C0CFF18550259C605A4951CD82CD9F1E7B6FF0C9533 ] C:\Windows\System32\winrnr.dll
12:55:04.0565 0x0e64  C:\Windows\System32\winrnr.dll - ok
12:55:04.0580 0x0e64  [ ED6EE83D61EBC683C2CD8E899EA6FEBE, F82592908D038C44D9F2E5C5B7BC663A2D370FC565F40420E1138A9E55F0E7EB ] C:\Windows\System32\rasadhlp.dll
12:55:04.0580 0x0e64  C:\Windows\System32\rasadhlp.dll - ok
12:55:04.0596 0x0e64  [ 80D8679BF84A9383BFF33E07D5D9FC35, 0986806F2504C8A66FA8DEF7923A69E90A2390DD447BE53AD1824240CE68EC1E ] C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll
12:55:04.0596 0x0e64  C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll - ok
12:55:04.0612 0x0e64  [ BFAFE990C4A191E83843362B5AC64A9B, EEB72FFE163F49E8F2A418E85B1E2C2182C435B58312057D16D0485A69A39CFB ] C:\Windows\System32\mshtml.dll
12:55:04.0612 0x0e64  C:\Windows\System32\mshtml.dll - ok
12:55:04.0612 0x0e64  [ B9A8CBCFCD3EC9D2EA4740AF347BF108, 97FA304E3880BC863D999F441AE47CB8ADF00D2DEC2A52ACD8FBD02CC096786A ] C:\Windows\System32\mpr.dll
12:55:04.0612 0x0e64  C:\Windows\System32\mpr.dll - ok
12:55:04.0627 0x0e64  [ 32FF06EC6D946EF791D98D6C838A3090, 319BDD491CB22D0CCCCE76A2854CF469D7AF046289F9C56CD03AE3D3CBC0275E ] C:\Windows\System32\drivers\NisDrvWFP.sys
12:55:04.0627 0x0e64  C:\Windows\System32\drivers\NisDrvWFP.sys - ok
12:55:04.0643 0x0e64  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] C:\Windows\System32\nlasvc.dll
12:55:04.0643 0x0e64  C:\Windows\System32\nlasvc.dll - ok
12:55:04.0658 0x0e64  [ 140D9F911182357626165EA0BEB98C4F, 9B24047BF104895FCFDB68694934BDDD92DE98A0E6334A62E987C6DCBFFB9C5B ] C:\Windows\System32\ncsi.dll
12:55:04.0658 0x0e64  C:\Windows\System32\ncsi.dll - ok
12:55:04.0674 0x0e64  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] C:\Windows\System32\drivers\PEAuth.sys
12:55:04.0674 0x0e64  C:\Windows\System32\drivers\PEAuth.sys - ok
12:55:04.0690 0x0e64  [ CA9F7888B524D8100B977C81F44C3234, 57F3353F89724147D8AC8B69B12C1303DF26978309776F5F8CCF074526A915D3 ] C:\Windows\System32\winhttp.dll
12:55:04.0690 0x0e64  C:\Windows\System32\winhttp.dll - ok
12:55:04.0705 0x0e64  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] C:\Windows\System32\drivers\secdrv.sys
12:55:04.0705 0x0e64  C:\Windows\System32\drivers\secdrv.sys - ok
12:55:04.0721 0x0e64  [ FB19FC5951A88F3C523E35C2C98D23C0, FF0DB8BF0C68DA0D09272E8181D2B5409C8850BB2F31AEA3AC4CD14C5A420A59 ] C:\Windows\System32\webio.dll
12:55:04.0721 0x0e64  C:\Windows\System32\webio.dll - ok
12:55:04.0721 0x0e64  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] C:\Windows\System32\drivers\srvnet.sys
12:55:04.0721 0x0e64  C:\Windows\System32\drivers\srvnet.sys - ok
12:55:04.0736 0x0e64  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] C:\Windows\System32\wiaservc.dll
12:55:04.0736 0x0e64  C:\Windows\System32\wiaservc.dll - ok
12:55:04.0752 0x0e64  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] C:\Windows\System32\drivers\tcpipreg.sys
12:55:04.0752 0x0e64  C:\Windows\System32\drivers\tcpipreg.sys - ok
12:55:04.0768 0x0e64  [ B087F2B901570F6EF62F6C2E01A480F3, 9303CB715184D161F3BD8E9EE8799009375B17FA1BD5D7EF661D7CD7555AA251 ] C:\Windows\System32\wiatrace.dll
12:55:04.0768 0x0e64  C:\Windows\System32\wiatrace.dll - ok
12:55:04.0783 0x0e64  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] C:\Windows\System32\trkwks.dll
12:55:04.0783 0x0e64  C:\Windows\System32\trkwks.dll - ok
12:55:04.0799 0x0e64  [ 28E2231BD34A39C854BDF3923AB2FF86, A95179068F7B86E04F976B724F155DA86253B7F4414F43DBD95F2058282B99E4 ] C:\Windows\System32\ssdpapi.dll
12:55:04.0799 0x0e64  C:\Windows\System32\ssdpapi.dll - ok
12:55:04.0814 0x0e64  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] C:\Windows\System32\drivers\srv2.sys
12:55:04.0814 0x0e64  C:\Windows\System32\drivers\srv2.sys - ok
12:55:04.0830 0x0e64  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] C:\Windows\System32\wbem\WMIsvc.dll
12:55:04.0830 0x0e64  C:\Windows\System32\wbem\WMIsvc.dll - ok
12:55:04.0830 0x0e64  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] C:\Windows\System32\drivers\srv.sys
12:55:04.0846 0x0e64  C:\Windows\System32\drivers\srv.sys - ok
12:55:04.0846 0x0e64  [ 704314FD398C81D5F342CAA5DF7B7F21, CDA660E1E8AAE0789780B6B9604B138E67B2BDD1404A5E4C2354B35879D43085 ] C:\Windows\System32\wbemcomn.dll
12:55:04.0846 0x0e64  C:\Windows\System32\wbemcomn.dll - ok
12:55:04.0861 0x0e64  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] C:\Windows\System32\srvsvc.dll
12:55:04.0861 0x0e64  C:\Windows\System32\srvsvc.dll - ok
12:55:04.0877 0x0e64  [ 701C9EB15E1E23D22F7C7184C0506673, 1CD59E8B8889C93B55F600DA1A7246810E8EAB725EFEF80327AC96344AC596A6 ] C:\Windows\System32\wbem\WmiDcPrv.dll
12:55:04.0877 0x0e64  C:\Windows\System32\wbem\WmiDcPrv.dll - ok
12:55:04.0892 0x0e64  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] C:\Windows\System32\browser.dll
12:55:04.0892 0x0e64  C:\Windows\System32\browser.dll - ok
12:55:04.0908 0x0e64  [ E4B72E71EC37A59FE574A998A0C0EB9B, C17B06C936FC47B6AA5221ABF1DDE283F59E5751BEE9CDBCCBAF25CD4E7232AD ] C:\Windows\System32\netmsg.dll
12:55:04.0908 0x0e64  C:\Windows\System32\netmsg.dll - ok
12:55:04.0924 0x0e64  [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A, 61B4D669C692775EF361445293163E84FAD8636AC49C8047BE806DB4E4093291 ] C:\Windows\System32\wbem\fastprox.dll
12:55:04.0924 0x0e64  C:\Windows\System32\wbem\fastprox.dll - ok
12:55:04.0924 0x0e64  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] C:\Windows\System32\iphlpsvc.dll
12:55:04.0924 0x0e64  C:\Windows\System32\iphlpsvc.dll - ok
12:55:04.0939 0x0e64  [ CE292C4C10B8DB6070F262EA2733F0DC, 0A685263DA0277F2D215C4C22BF39E2F869B632B42B8C992E068129F57177BE1 ] C:\Windows\System32\sqmapi.dll
12:55:04.0939 0x0e64  C:\Windows\System32\sqmapi.dll - ok
12:55:04.0955 0x0e64  [ A399514D3B28C9A3453A486BBAAFF1C7, 487CAA68CF4EE0C9DC26975C694A2780ADEFB687D1EDF929CE6E1C7E3722FFE9 ] C:\Windows\System32\wdscore.dll
12:55:04.0955 0x0e64  C:\Windows\System32\wdscore.dll - ok
12:55:04.0970 0x0e64  [ 89E783711AF91AF09E1EF30EF3107446, CA91DABED7508A86A4AFA5F99A4A78D0BA3577168B04C8E3462FC4D55FA33FFD ] C:\Windows\System32\sscore.dll
12:55:04.0970 0x0e64  C:\Windows\System32\sscore.dll - ok
12:55:04.0986 0x0e64  [ 881D9F2D6E04E1C323050CF1574870F7, DA02C415977A2E50C3D1E96E227234E7195BD33903C446A17FBE0FA8D14A164F ] C:\Windows\System32\wbem\WinMgmtR.dll
12:55:04.0986 0x0e64  C:\Windows\System32\wbem\WinMgmtR.dll - ok
12:55:05.0002 0x0e64  [ E3E811471DE781900FF21C1FD84E941E, 2A47FF52D1D6480AAD1919382E783EA184BF926311F8C7E466FEBE9F6FB88FD6 ] C:\Windows\System32\ntdsapi.dll
12:55:05.0002 0x0e64  C:\Windows\System32\ntdsapi.dll - ok
12:55:05.0017 0x0e64  [ AE9898D5600A232CD8AE3298692162E5, 8B94BA9C404B8A21CE023335960E77C73245FB30015161EEFF48573DDB7E6922 ] C:\Windows\System32\clusapi.dll
12:55:05.0017 0x0e64  C:\Windows\System32\clusapi.dll - ok
12:55:05.0033 0x0e64  [ C5B0324DB461559ADD070E632A6919FA, AB09CACB5B7DD372B27921A5E01220552A611CECA27EF87961001FA467FDED45 ] C:\Windows\System32\wbem\wbemprox.dll
12:55:05.0033 0x0e64  C:\Windows\System32\wbem\wbemprox.dll - ok
12:55:05.0048 0x0e64  [ 2AF094C822BD6094F14A8E85FB51D52A, F70A4FEC66E64245237D9D1A4C2C87168A26F224FCE648A3D7065E95259887D2 ] C:\Windows\System32\resutils.dll
12:55:05.0048 0x0e64  C:\Windows\System32\resutils.dll - ok
12:55:05.0048 0x0e64  [ 6383C60EC0133B14F5705F96369421B2, EAB3FA2344B853148F199F744E716FBB8E9331B9DB588F784274599B6BCE2335 ] C:\Windows\System32\hnetcfg.dll
12:55:05.0048 0x0e64  C:\Windows\System32\hnetcfg.dll - ok
12:55:05.0064 0x0e64  [ 45D9F6CD2469CDB6A640DD4BD2B01471, 21704ADB83B26DD9C2D4D248FE61F3FEC2003D6748BB6A830334F0FDA9610362 ] C:\Windows\System32\nci.dll
12:55:05.0064 0x0e64  C:\Windows\System32\nci.dll - ok
12:55:05.0080 0x0e64  [ 72E953215CADE1A726C04AAFDF6B463D, 473866333D2241BAD6918D21EBCBE8F8EEA9344D816788300BCA290A89FBD3DD ] C:\Windows\System32\taskhost.exe
12:55:05.0080 0x0e64  C:\Windows\System32\taskhost.exe - ok
12:55:05.0095 0x0e64  [ 585EB475E7AF55C9065256E8FFB751A1, 5AE557013435DF993F0E872B90A94CBB9E80FA8A080469C300EBCEE62CABA92F ] C:\Windows\System32\wbem\wbemcore.dll
12:55:05.0095 0x0e64  C:\Windows\System32\wbem\wbemcore.dll - ok
12:55:05.0111 0x0e64  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] C:\Windows\System32\wdi.dll
12:55:05.0111 0x0e64  C:\Windows\System32\wdi.dll - ok
12:55:05.0126 0x0e64  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] C:\Windows\System32\wpdbusenum.dll
12:55:05.0126 0x0e64  C:\Windows\System32\wpdbusenum.dll - ok
12:55:05.0142 0x0e64  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] C:\Windows\System32\IPSECSVC.DLL
12:55:05.0142 0x0e64  C:\Windows\System32\IPSECSVC.DLL - ok
12:55:05.0142 0x0e64  [ 15E298B5EC5B89C5994A59863969D9FF, 8D38B2E023462D0804F72E907D11FF72CE84540EA3B8D83F411C602C3F6A1177 ] C:\Windows\System32\npmproxy.dll
12:55:05.0142 0x0e64  C:\Windows\System32\npmproxy.dll - ok
12:55:05.0158 0x0e64  [ 5AE88135C6A86FCD67BA16AFBB1C8389, 0FC750B5C84F1AFBE93E8A23410360F4B068D367A9AF6FF2E3F6160DA5005DE5 ] C:\Windows\System32\wbem\esscli.dll
12:55:05.0158 0x0e64  C:\Windows\System32\wbem\esscli.dll - ok
12:55:05.0173 0x0e64  [ ECF036299AA554B5E0455262857B39D0, E7A08E4AA1677291FB55E1B43511B912D45676652E35C6BA75D1604A8BE5B1D0 ] C:\Windows\System32\diagperf.dll
12:55:05.0173 0x0e64  C:\Windows\System32\diagperf.dll - ok
12:55:05.0189 0x0e64  [ D99621C0735B21DCC8BC4FEF02F379EF, C9FAD74DD80B6CCA95B83B767BB55644E775E8DC3FFC05CD89AEF16686F902FD ] C:\Windows\System32\Apphlpdm.dll
12:55:05.0189 0x0e64  C:\Windows\System32\Apphlpdm.dll - ok
12:55:05.0204 0x0e64  [ DB603D3FD090C66F9709EF6493C26BA3, A9D9A3309DAEFC5AED885AC729B1E9DE8BA5454A0C83FD4F61BCAC935F6CBB4A ] C:\Windows\System32\FwRemoteSvr.dll
12:55:05.0204 0x0e64  C:\Windows\System32\FwRemoteSvr.dll - ok
12:55:05.0220 0x0e64  [ 590D5C506044FE02FF7643E32FF9BDAC, B8178A45E1DB6A39501E95CE4A2B2A1A88119367EC8DA7877120575A3EA47D16 ] C:\Windows\System32\wer.dll
12:55:05.0220 0x0e64  C:\Windows\System32\wer.dll - ok
12:55:05.0236 0x0e64  [ 776AE0564F8B1C282E331FD95A1BDC5F, 601CFCA3922FFEA46A54AD323845A76A12FC6AF9FF64E9B0AE294FBB1AFCF4CB ] C:\Windows\System32\wbem\wbemsvc.dll
12:55:05.0236 0x0e64  C:\Windows\System32\wbem\wbemsvc.dll - ok
12:55:05.0236 0x0e64  [ C5C867CD7EFAC60D5021223E374DEEC5, 197FEE8F02DE348E75771AC9AD748EFB29939F1AAF02DA6555181EEF787FD099 ] C:\Windows\System32\dimsjob.dll
12:55:05.0236 0x0e64  C:\Windows\System32\dimsjob.dll - ok
12:55:05.0267 0x0e64  [ E98278865E8DABA21CFE5FE4BE34210A, 3BB431A9F6476EA98C17DF46BA5DFA265E74328D84875E402236ED12E50B6330 ] C:\Windows\System32\PortableDeviceApi.dll
12:55:05.0267 0x0e64  C:\Windows\System32\PortableDeviceApi.dll - ok
12:55:05.0282 0x0e64  [ 5610B0425518D185331CB8E968D060E6, E235186C3BF266EE9EC733D2CFF35E3A65DE039C19B14260F4054F34B5E8AD41 ] C:\Windows\System32\wbem\wmiutils.dll
12:55:05.0282 0x0e64  C:\Windows\System32\wbem\wmiutils.dll - ok
12:55:05.0298 0x0e64  [ F8E882C10AF4C29E378D1E28D4817CB1, 1164096E044FA9B38CCC462315B9A2F7C43C472091F539F6A4BF7B5EAA389410 ] C:\Windows\System32\pnpts.dll
12:55:05.0298 0x0e64  C:\Windows\System32\pnpts.dll - ok
12:55:05.0298 0x0e64  [ C693E642ACFBDD76433AF6BE3C3EEE6F, 5241C30CCB095B10B10AD11F42F57B2DEA362C7F6DA36A9A5B23E4DFF113CFD7 ] C:\Windows\System32\PortableDeviceConnectApi.dll
12:55:05.0298 0x0e64  C:\Windows\System32\PortableDeviceConnectApi.dll - ok
12:55:05.0314 0x0e64  [ 7E82616BEE76BF5EAA5B30F681414E21, 2138D743C4C09ECD829E194CA42934CB044BFF400921DA9B5FA50371E191656E ] C:\Windows\System32\perftrack.dll
12:55:05.0314 0x0e64  C:\Windows\System32\perftrack.dll - ok
12:55:05.0329 0x0e64  [ 371E3B05894549113D07CD3081ED55EF, 9973678AC0F50B1F02B379B1D4A7DDF317B724D65BE3FF635FD751EDD1D96B5A ] C:\Windows\System32\wbem\repdrvfs.dll
12:55:05.0329 0x0e64  C:\Windows\System32\wbem\repdrvfs.dll - ok
12:55:05.0345 0x0e64  [ 8B794AE6D5C7D42092804BC39A2EB8F6, 0C8078442EABA31D48019F1A3B7941CC19D9B3AA571FFA5DCD4E19F67DEBF723 ] C:\Windows\System32\aepic.dll
12:55:05.0345 0x0e64  C:\Windows\System32\aepic.dll - ok
12:55:05.0360 0x0e64  [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9, E18D66455D00A6D2A2D7CC0833C233FE8A6DD910B59D6B5B5F82EF91450858DF ] C:\Windows\System32\sfc.dll
12:55:05.0360 0x0e64  C:\Windows\System32\sfc.dll - ok
12:55:05.0376 0x0e64  [ 84799328D87B3091A3BDD251E1AD31F9, F85521215924388830DBB13580688DB70B46AF4C7D82D549D09086438F8D237B ] C:\Windows\System32\sfc_os.dll
12:55:05.0376 0x0e64  C:\Windows\System32\sfc_os.dll - ok
12:55:05.0392 0x0e64  [ F0016853FA3F38F55FD868FF74C0359B, 49A6A6D610591D0F2FF8A88C8E72D6DCABB8C5FE5D3E995F0CE0E8FC073BA289 ] C:\Windows\System32\wdiasqmmodule.dll
12:55:05.0392 0x0e64  C:\Windows\System32\wdiasqmmodule.dll - ok
12:55:05.0407 0x0e64  [ 3CDE2911462FEC80064A409C07710C06, DBEC8669B1B8FA68750B17008C4328B223F8263EBE02C550780926C23D38D7D3 ] C:\Windows\System32\wbem\WmiPrvSD.dll
12:55:05.0407 0x0e64  C:\Windows\System32\wbem\WmiPrvSD.dll - ok
12:55:05.0407 0x0e64  [ A4CC7227A452C4909F9499D91B184364, 56111E57D17553BE3EAB8DA2DC42C7132E4458549AFFC08975B7A7204D8F5E76 ] C:\Windows\System32\ncobjapi.dll
12:55:05.0407 0x0e64  C:\Windows\System32\ncobjapi.dll - ok
12:55:05.0423 0x0e64  [ B350509B6C9296529BC464C60FEEAEF1, CC653ED001FE6A2BE5A9687572A70CEF9FAB258A57896643379E5D6C1D8E4F1F ] C:\Windows\System32\wbem\wbemess.dll
12:55:05.0423 0x0e64  C:\Windows\System32\wbem\wbemess.dll - ok
12:55:05.0438 0x0e64  [ F7FE730CE31B54145DEE1F1482BCCDD7, E7F0F59AB2B0D5EC5FE9B966006D06FE0FCEDBA99E2A4A8A6D410A0490F1F017 ] C:\Windows\System32\ndiscapCfg.dll
12:55:05.0438 0x0e64  C:\Windows\System32\ndiscapCfg.dll - ok
12:55:05.0454 0x0e64  [ 761A3A4038C1FD4F5795427907C28484, B9338BC022DC5B8C0502E6A88E7D76E03C19A828861A922360B147441FB09285 ] C:\Windows\System32\rascfg.dll
12:55:05.0454 0x0e64  C:\Windows\System32\rascfg.dll - ok
12:55:05.0470 0x0e64  [ D4191EFAB91E00FC09257AA5EBAF503B, 161B572CF4C65984EAFDBA95357373BC712AA414B52DDA23523F84151240E337 ] C:\Windows\System32\mprapi.dll
12:55:05.0470 0x0e64  C:\Windows\System32\mprapi.dll - ok
12:55:05.0485 0x0e64  [ 9A7B54D57594233EEB17892BAD309970, 64EF2A51BFA13455038DCB6773F9DEF6FD46FAA1F1CF47E7B61D3E64466DA5AA ] C:\Windows\System32\mprmsg.dll
12:55:05.0485 0x0e64  C:\Windows\System32\mprmsg.dll - ok
12:55:05.0485 0x0e64  [ CAFC0B884E5590B5E80D84F592388B3D, FFCA66AEB6869BCC7A469C5E968B20A2DFA49D97E4E598CC36E839047FF7AB2B ] C:\Windows\System32\tcpipcfg.dll
12:55:05.0485 0x0e64  C:\Windows\System32\tcpipcfg.dll - ok
12:55:05.0501 0x0e64  [ 14486EB6AF542F2BD3239F7FC3E713F7, C084C653CF6C63D7B4DB08CBDE2CAF059019D276BCACD923A29D22E69055012C ] C:\Windows\System32\pautoenr.dll
12:55:05.0501 0x0e64  C:\Windows\System32\pautoenr.dll - ok
12:55:05.0516 0x0e64  [ 61B1ED5F429EFAC7E2036769870AB93E, 628CF28434C5DFB81B76B90BEA4CDD9EB1E4B0971BEE24136A09490F9439E00E ] C:\Windows\System32\certcli.dll
12:55:05.0516 0x0e64  C:\Windows\System32\certcli.dll - ok
12:55:05.0532 0x0e64  [ 29BC473072568C072EC8B176498DE996, D3A4DB88BECA8AB3F8722E499548EFEC63022C1CE38F526AFBDA76DDBA8E9064 ] C:\Windows\System32\CertEnroll.dll
12:55:05.0532 0x0e64  C:\Windows\System32\CertEnroll.dll - ok
12:55:05.0548 0x0e64  [ 78DE417B7921DACA072059E6BF410FC7, 8A32772A5500F6076D207EA7194C67B4147BCE28DEA4B582C2129BEC4A42D7CD ] C:\Windows\System32\wshnetbs.dll
12:55:05.0548 0x0e64  C:\Windows\System32\wshnetbs.dll - ok
12:55:05.0563 0x0e64  [ 42D33042371BFB1A7D40834590CAFD30, 53DA3618EC10293B2DF686E291A4EF6ACBBD41D116EC762D54106D201A784E87 ] C:\Program Files\Microsoft Security Client\NisSrv.exe
12:55:05.0563 0x0e64  C:\Program Files\Microsoft Security Client\NisSrv.exe - ok
12:55:05.0579 0x0e64  [ 30EDD6A7D7DD83648CC6B0A4ECDBF2FB, 3DD96CF11B877684EE86E8BACBBEE8E1BDAF027BA6CBC20FB818A9120E41AF28 ] C:\Program Files\Microsoft Security Client\MpAsDesc.dll
12:55:05.0579 0x0e64  C:\Program Files\Microsoft Security Client\MpAsDesc.dll - ok
12:55:05.0594 0x0e64  [ A8CDF3768604FF95B54669E20053D569, 2DB85B86C839341F2A879A6D25F787D17EE665D425C1BAC3E1F82BAC61F89F94 ] C:\Windows\System32\wscapi.dll
12:55:05.0594 0x0e64  C:\Windows\System32\wscapi.dll - ok
12:55:05.0610 0x0e64  [ 49ACA548B2423F1C67898E6AC719A9A6, 23D84137EAB9AFDD31CBB6776B6B25AD135A120AF7F7885EB5BBF9E0A2CCC4C1 ] C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
12:55:05.0610 0x0e64  C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll - ok
12:55:05.0626 0x0e64  [ C65666EE6C56218B2C5FFB53BFB2FD37, 7DB747920001911A47A54CFE4EB0596345E39F03D2CEDF7BAAD1671CD6317C95 ] C:\Program Files\Microsoft Security Client\NisLog.dll
12:55:05.0626 0x0e64  C:\Program Files\Microsoft Security Client\NisLog.dll - ok
12:55:05.0641 0x0e64  [ BD60D8A113A22878BF024B06E1CBF72E, 632E15A5EFDACC9D753812C1592B6582B1A47694594A2C9DE64E97499F14C410 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{60D03BF7-4785-4EB7-A3BC-00CCDF4BC4AB}\gapaengine.dll
12:55:05.0641 0x0e64  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{60D03BF7-4785-4EB7-A3BC-00CCDF4BC4AB}\gapaengine.dll - ok
12:55:05.0641 0x0e64  [ 27D4C064D90473D4FA84F7D17E1A1D65, 285EA5563DD4EEF8BBD571799198E426076C57AEDCE45F1F86D6CB83C8A575DF ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{60D03BF7-4785-4EB7-A3BC-00CCDF4BC4AB}\nisfull.vdm
12:55:05.0641 0x0e64  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{60D03BF7-4785-4EB7-A3BC-00CCDF4BC4AB}\nisfull.vdm - ok
12:55:05.0657 0x0e64  [ 1B0EC94520CAB89A9CE1B2DA405166AF, 129102C98C8B3D403C85604C9A2AFC0471CDB1212FD2C5487D73FC089FC88F0C ] C:\Windows\System32\p2pcollab.dll
12:55:05.0657 0x0e64  C:\Windows\System32\p2pcollab.dll - ok
12:55:05.0672 0x0e64  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] C:\Windows\System32\QAGENTRT.DLL
12:55:05.0672 0x0e64  C:\Windows\System32\QAGENTRT.DLL - ok
12:55:05.0688 0x0e64  [ 9FD6496B6D91C8BE2A10BD55EAE2D5F2, FC71F6CC24FE61BF83DD3E237C00DD0002D84DC303DB9570B241BF8212B8639D ] C:\Windows\System32\fveui.dll
12:55:05.0688 0x0e64  C:\Windows\System32\fveui.dll - ok
12:55:05.0704 0x0e64  [ 5B8E80EC0D621CDF920AB2141CDBC733, CDF4BD7BE5B6ADEDD06448DCDCF9FCA6FA9EC57788342FF42D0EF09F651C3245 ] C:\Program Files\Windows Defender\MpClient.dll
12:55:05.0704 0x0e64  C:\Program Files\Windows Defender\MpClient.dll - ok
12:55:05.0719 0x0e64  [ 1A617835452EEE5060976C9B9F5FE635, DCCAAB049681BE876B73F0880EA32196CDA7EC954D452768A48D366096C5BD53 ] C:\Windows\System32\wuapi.dll
12:55:05.0719 0x0e64  C:\Windows\System32\wuapi.dll - ok
12:55:05.0735 0x0e64  [ 7A6986DD659B96398A11AF5173892715, FB7818952B9015F433418E7DC656A2C20CD682056AB981A55C1722020142D578 ] C:\Windows\System32\cabinet.dll
12:55:05.0735 0x0e64  C:\Windows\System32\cabinet.dll - ok
12:55:05.0735 0x0e64  [ 3458EDA96E30FBD0477A2800D3FB1909, BDF84362E4D8A102E7FB5F352D950B84D1A8E1E7928521B68E7671D4176803C5 ] C:\Windows\System32\wups.dll
12:55:05.0735 0x0e64  C:\Windows\System32\wups.dll - ok
12:55:05.0750 0x0e64  [ F35314802B20CE37AF5F700A252812DD, 100D7ED445D965CBB76671295082AE4043D8AE7D50F2AEC0A73670865494B1B8 ] C:\Windows\System32\mpnotify.exe
12:55:05.0750 0x0e64  C:\Windows\System32\mpnotify.exe - ok
12:55:05.0766 0x0e64  [ E8C1D1C3520AD11F344E7EA72D69FB92, 39ED443ABDDB831550367C610AEF4C2BBFB1B4338D86EE79DB2449B24F6D3DCF ] C:\Windows\System32\LMIRfsClientNP.dll
12:55:05.0766 0x0e64  C:\Windows\System32\LMIRfsClientNP.dll - ok
12:55:05.0782 0x0e64  [ 7FFD52D73352806969D424EF327D10A7, DD44B084F052EF798997D7A8578E98DD4EF3F0E2A0C522DA2CC169D362C7B900 ] C:\Windows\System32\radardt.dll
12:55:05.0782 0x0e64  C:\Windows\System32\radardt.dll - ok
12:55:05.0797 0x0e64  [ A63DC5C2EA944E6657203E0C8EDEAF61, F7AD4B09AFB301CE46DF695B22114331A57D52E6D4163FF74787BF68CCF44C78 ] C:\Windows\System32\dllhost.exe
12:55:05.0797 0x0e64  C:\Windows\System32\dllhost.exe - ok
12:55:05.0813 0x0e64  [ 75F5E1FE8D55CF8E577E0EC5F2290D3F, F4E2C81F0834018052A481AE8D7DF4780302A6844160CCDC09F7D82D3B992BDE ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5\comctl32.dll
12:55:05.0813 0x0e64  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5\comctl32.dll - ok
12:55:05.0828 0x0e64  [ 0B31464B7B2D616BD5F7036673588EC1, AAC717D7FB02D5F7CC11AECC5C87FE6B7224340C569EBF7B77BD8C9F79FAA190 ] C:\Windows\System32\IDStore.dll
12:55:05.0828 0x0e64  C:\Windows\System32\IDStore.dll - ok
12:55:05.0844 0x0e64  [ D1D5DAB39DCB4BE0359943738D87409B, 0BA45FE28568E852502879AE83C081517BB8103359BD5783328833EC59A54681 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
12:55:05.0844 0x0e64  C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe - ok
12:55:05.0860 0x0e64  [ 3CA2BB895E204478C7A4C9BAF70970CE, DE3196627BC810DD22F58DEE65747BACA25485CCD0CEE2701055ECE1058F1C6A ] C:\Windows\System32\AtBroker.exe
12:55:05.0860 0x0e64  C:\Windows\System32\AtBroker.exe - ok
12:55:05.0875 0x0e64  [ B43687C534A49700BF4B3C9898763752, B4C371CB2C0EAC1803E6C845F629814B2CE4C568022EB6A1C9AC1F293BF74F40 ] C:\Windows\System32\MsCtfMonitor.dll
12:55:05.0875 0x0e64  C:\Windows\System32\MsCtfMonitor.dll - ok
12:55:05.0891 0x0e64  [ 56CEED370508F69A1BA04939BD1BADDA, C84F383F2B3C9581F635E51DA39567F0B5ED2D847B18CCE51022BA4B2FA7EA8D ] C:\Windows\System32\msutb.dll
12:55:05.0891 0x0e64  C:\Windows\System32\msutb.dll - ok
12:55:05.0906 0x0e64  [ 61AC3EFDFACFDD3F0F11DD4FD4044223, 538FE1012FEDC72727A8DE0C2C01944B3D35C29812ECEF88E95AAC07235E0B0B ] C:\Windows\System32\userinit.exe
12:55:05.0906 0x0e64  C:\Windows\System32\userinit.exe - ok
12:55:05.0922 0x0e64  [ 5C3F9DBA818CD93379D1A0F215270374, 6A4D96AC83989D47D80332E41E627F2607A3B2167E1A5D8E21361136C4424633 ] C:\Windows\System32\esent.dll
12:55:05.0922 0x0e64  C:\Windows\System32\esent.dll - ok
12:55:05.0922 0x0e64  [ F58516E2DC0D963EF70D6BFC21FD82C4, 5689BF12B43BE0D6BFBD6B9122A2FF53FCEC766A58A0F3C6B88AE504ACB10E04 ] C:\Windows\System32\PlaySndSrv.dll
12:55:05.0922 0x0e64  C:\Windows\System32\PlaySndSrv.dll - ok
12:55:05.0938 0x0e64  [ 505BF4D1CADEB8D4F8BCD08D944DE25D, 526F07768471F4457CBEAB7093AF0B0242044C89A80A347DB47F44EBADEEA68D ] C:\Windows\System32\dwm.exe
12:55:05.0938 0x0e64  C:\Windows\System32\dwm.exe - ok
12:55:05.0953 0x0e64  [ 754AFC50022C95DA7C86B7020DB78136, 81C58F303DA2E0EC066261890C1D638EE02D2B579BBCB1BB398EDF6A0EBA671E ] C:\Windows\System32\dwmredir.dll
12:55:05.0953 0x0e64  C:\Windows\System32\dwmredir.dll - ok
12:55:05.0969 0x0e64  [ 497E59D9F01C6F247E72222A61835119, 4C31900BA2F911B2A5AE8F7FCE267DCE17655B20A6B71CD4E38FE1B1692142D1 ] C:\Windows\System32\dwmcore.dll
12:55:05.0969 0x0e64  C:\Windows\System32\dwmcore.dll - ok
12:55:05.0984 0x0e64  [ 8B88EBBB05A0E56B7DCC708498C02B3E, 9E1EC8B43A88E68767FD8FED2F38E7984357B3F4186D0F907E62F8B6C9FF56AD ] C:\Windows\explorer.exe
12:55:05.0984 0x0e64  C:\Windows\explorer.exe - ok
12:55:06.0000 0x0e64  [ 3C1936A12C62254F914A01BBC6A8DC69, 0068F7A8B0D9E9776B44EAD99007B0CE5A5600633F2B477E9EFAAC644408C70E ] C:\Windows\System32\d3d10_1.dll
12:55:06.0000 0x0e64  C:\Windows\System32\d3d10_1.dll - ok
12:55:06.0000 0x0e64  [ D4212AB475A3B25EC4DF574536C3EDC5, F8BBEECB66BA6DDE5A64ED41D8BF95A1C81470552B4BFD5B11D888156289CCDD ] C:\Windows\System32\d3d10_1core.dll
12:55:06.0000 0x0e64  C:\Windows\System32\d3d10_1core.dll - ok
12:55:06.0016 0x0e64  [ D4F264FE23F8953D840904418220C15E, 72EAF30265A0CC88DEC0FCA7869734D8C93572457C61A2BF1BDFFB20C061DBCD ] C:\Windows\System32\dxgi.dll
12:55:06.0016 0x0e64  C:\Windows\System32\dxgi.dll - ok
12:55:06.0031 0x0e64  [ 6DE66FE7C526637E74CD066461C7C871, 7E8980A3751762180D795EAC38458303BEAF8D1F85AB5F2D10D9CE7013090CBE ] C:\Windows\System32\d3d11.dll
12:55:06.0031 0x0e64  C:\Windows\System32\d3d11.dll - ok
12:55:06.0047 0x0e64  [ E2A17BCC08D92F42E08AF6BA2F93ABA7, 5FC9D47BF4B1094BECC0C0DDCD5CD4318DD3E4495D982F8785331616D5B82599 ] C:\Windows\System32\ExplorerFrame.dll
12:55:06.0047 0x0e64  C:\Windows\System32\ExplorerFrame.dll - ok
12:55:06.0062 0x0e64  [ AB8B6B739633B6FF018F7C098106F040, 5346EBBA8A042878FF672CA3B6BDECA3A2C2B0C7B4CDDCA1D56C45D1AFA1259B ] C:\Windows\System32\igdumdx32.dll
12:55:06.0062 0x0e64  C:\Windows\System32\igdumdx32.dll - ok
12:55:06.0078 0x0e64  [ 4FF3EC04CD47DD62181894B71B004E40, 5C45E7E97AAA4E5642C1CD95A44C02D3EE76448534FA6428819AA44BAFECD5A0 ] C:\Windows\System32\d3d10level9.dll
12:55:06.0078 0x0e64  C:\Windows\System32\d3d10level9.dll - ok
12:55:06.0094 0x0e64  [ 2605D2277EFA79234FB4A0A01FAD757D, A14B1C301BECBC22A58234957BD694D83916925C94D3417F4CD63D1CCEEB5EC5 ] C:\Windows\System32\igdumd32.dll
12:55:06.0094 0x0e64  C:\Windows\System32\igdumd32.dll - ok
12:55:06.0109 0x0e64  [ 846D0E4DB261CFAF363902E41498E961, D7E5591B7604FD583AF7FDA19E30928B24A6145318A3944E7D207F0CCEEB30D0 ] C:\Windows\System32\EhStorShell.dll
12:55:06.0109 0x0e64  C:\Windows\System32\EhStorShell.dll - ok
12:55:06.0109 0x0e64  [ D1F438E9DFD869B33D1EDB635764C892, 3E03B852068494E918E96DB196CDC1F80BB4D4A89BC27BD2D91841E158A8EC34 ] C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
12:55:06.0109 0x0e64  C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL - ok
12:55:06.0125 0x0e64  [ CDBE9690CF2B8409FACAD94FAC9479C9, 8E7FE1A1F3550C479FFD86A77BC9D10686D47F8727025BB891D8F4F0259354C8 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
12:55:06.0140 0x0e64  C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
12:55:06.0140 0x0e64  [ 4C39358EBDD2FFCD9132A30E1EC31E16, 06918CF99AD26CD6CF106881C0D5BDB212DC0BAC4549805C9F5906E3D03D152C ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
12:55:06.0140 0x0e64  C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
12:55:06.0156 0x0e64  [ 58A14C45A5CD2528F10A889E7B0C3FC2, 81521B27F6DE4F2451C5441DFA93781B6687EE8F9AE62A8FE76D61DE7965E6EF ] C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll
12:55:06.0156 0x0e64  C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll - ok
12:55:06.0172 0x0e64  [ 883D87AA9D3C15C3D57B11BABC180B4E, D1AAC11A9D4145F9DB01386D1B5D048CF052171FFF52AF083288677974F31A0F ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\OFFICE.ODF
12:55:06.0172 0x0e64  C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\OFFICE.ODF - ok
12:55:06.0187 0x0e64  [ F148865E4AC4F715E322EA06E6E21D84, 88CF0A1CB18BA9CA3D356EAF2F7EF8892CDDD9BF55798E64E4351C1ED111575A ] C:\Windows\System32\wbem\NCProv.dll
12:55:06.0187 0x0e64  C:\Windows\System32\wbem\NCProv.dll - ok
12:55:06.0203 0x0e64  [ 676CCC08D9E9A3F4CA39CB04E97048DF, AD7361AB05A6169705C57C36AAF015130124737720B13BA6102102299B49D629 ] C:\PROGRA~1\MICROS~4\Office14\1033\GrooveIntlResource.dll
12:55:06.0203 0x0e64  C:\PROGRA~1\MICROS~4\Office14\1033\GrooveIntlResource.dll - ok
12:55:06.0218 0x0e64  [ 03F3B770DFBED6131653CEDA8CA780F0, 77373919DCA647F09851E7E460AE78FBD89F21516B961F84AC4446304E51E09C ] C:\Windows\System32\ntshrui.dll
12:55:06.0218 0x0e64  C:\Windows\System32\ntshrui.dll - ok
12:55:06.0234 0x0e64  [ 465BEA35F7ED4A4A57686DEA7EA10F47, 7F1B3CA09AB045F805DA5765BE7DD270F5DDACE3073017F7386FF1E2FA82D6FB ] C:\Windows\System32\cscapi.dll
12:55:06.0234 0x0e64  C:\Windows\System32\cscapi.dll - ok
12:55:06.0250 0x0e64  [ 523CF74A52C9A1762DA8B83AEE734498, 5A739182B916738B611E1BBA9098F8BCC8C4E2CC2CFEFD1BC5CE7941D11CEDFD ] C:\Windows\System32\IconCodecService.dll
12:55:06.0250 0x0e64  C:\Windows\System32\IconCodecService.dll - ok
12:55:06.0250 0x0e64  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] C:\Windows\System32\appinfo.dll
12:55:06.0250 0x0e64  C:\Windows\System32\appinfo.dll - ok
12:55:06.0265 0x0e64  [ D44741F65A1D71F65814A12CF6E2400A, C6721F830675ADC7E7FDE2B5E822E56F6A063146F5066F1E25EBFE86F0A87136 ] C:\Windows\System32\runonce.exe
12:55:06.0265 0x0e64  C:\Windows\System32\runonce.exe - ok
12:55:06.0281 0x0e64  [ AD7B9C14083B52BC532FBA5948342B98, 17F746D82695FA9B35493B41859D39D786D32B23A9D2E00F4011DEC7A02402AE ] C:\Windows\System32\cmd.exe
12:55:06.0281 0x0e64  C:\Windows\System32\cmd.exe - ok
12:55:06.0296 0x0e64  [ 2DE16A63F71D10B42ACE01E759078600, D52FAE32C1BBF982C9222FBF275FF53D5F6F77B7747AFBF641937DFDC8D70487 ] C:\Windows\System32\conhost.exe
12:55:06.0296 0x0e64  C:\Windows\System32\conhost.exe - ok
12:55:06.0312 0x0e64  [ 4B638CE3DAA3A082E576C0DDF9D635D4, 371F3A44047D45F481D87E9FF9DE6452D4F21C31DD137D468F6B70F861CBC999 ] C:\Windows\System32\ieframe.dll
12:55:06.0312 0x0e64  C:\Windows\System32\ieframe.dll - ok
12:55:06.0328 0x0e64  [ 60F4AEFA103D421EA4A40E31409B4756, 037A8605CA504A4FF43E9D4DE9017CEA1E26D3556C975872C747E24D8B0835EF ] C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
12:55:06.0328 0x0e64  C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll - ok
12:55:06.0328 0x0e64  [ 2C4A87CA8C00E98EFDCFA2E8EC9A3503, DA59CE662E98E56D89E2894D2AC8B9F324C16DA23C860640EDC2C82E0AD06097 ] C:\Windows\System32\shdocvw.dll
12:55:06.0328 0x0e64  C:\Windows\System32\shdocvw.dll - ok
12:55:06.0343 0x0e64  [ C9560BBB239E0EA21EF4BEA39DD85F69, F30A82724F35BBFF445058AF46B86A7BFEA8E51813B72206A3EFA9D3CA7F3DCD ] C:\Users\Doug\AppData\Local\Temp\{7E8E3E90-C730-42B5-9CB8-41BFF49AF4C8}.exe
12:55:06.0343 0x0e64  C:\Users\Doug\AppData\Local\Temp\{7E8E3E90-C730-42B5-9CB8-41BFF49AF4C8}.exe - ok
12:55:06.0359 0x0e64  [ 6F8E3B7B70E1BBA871212940C1FBDF60, 3F9D4EE64E4210340C6FEE0DE81BFE3C613DDBE608EC09D63817D24CE24BFC5E ] C:\Windows\System32\SensApi.dll
12:55:06.0359 0x0e64  C:\Windows\System32\SensApi.dll - ok
12:55:06.0374 0x0e64  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:55:06.0374 0x0e64  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
12:55:06.0390 0x0e64  [ E5F7C30EDF0892667933BE879F067D67, E4BA45F4C6C74A0CDE9B12A00C91E2F5EF83536C89C9053DEC507CBB4F130A12 ] C:\Windows\System32\msvcr100_clr0400.dll
12:55:06.0390 0x0e64  C:\Windows\System32\msvcr100_clr0400.dll - ok
12:55:06.0406 0x0e64  [ D83947A58613E9091B4C9CC0F1546A8D, C71DF6E18E2099FC462717B8658D39C607A62C7E7A1E5CD0E258C17434535AD0 ] C:\Windows\System32\mscoree.dll
12:55:06.0406 0x0e64  C:\Windows\System32\mscoree.dll - ok
12:55:06.0421 0x0e64  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] C:\Windows\System32\sppsvc.exe
12:55:06.0421 0x0e64  C:\Windows\System32\sppsvc.exe - ok
12:55:06.0437 0x0e64  [ D16D818E9930A6E5B4F6476DD0998D1A, 11284FBAE473325322DA0CA6F9317B9A700A666D6D907BBBC812FD0E7BE7FE67 ] C:\Windows\System32\drivers\spsys.sys
12:55:06.0437 0x0e64  C:\Windows\System32\drivers\spsys.sys - ok
12:55:06.0452 0x0e64  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] C:\Windows\System32\wscsvc.dll
12:55:06.0452 0x0e64  C:\Windows\System32\wscsvc.dll - ok
12:55:06.0452 0x0e64  [ 53223B673A3FA2F9A4D1C31C8D3F6CD8, B07A12E3ECD5E418A3F99F00C56E7F482F68CADE330E7C079DCCDFFAD2E21299 ] C:\Windows\System32\dbghelp.dll
12:55:06.0452 0x0e64  C:\Windows\System32\dbghelp.dll - ok
12:55:06.0468 0x0e64  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] C:\Windows\System32\wuaueng.dll
12:55:06.0468 0x0e64  C:\Windows\System32\wuaueng.dll - ok
12:55:06.0484 0x0e64  [ 3A11396EAC2414012155AB14E5C1E332, 27B2DF1C2980098025EC43B354C150BA1CE795F1138DFC03C763A115BBF77010 ] C:\Windows\System32\sppwinob.dll
12:55:06.0484 0x0e64  C:\Windows\System32\sppwinob.dll - ok
12:55:06.0499 0x0e64  [ 387A8A473ECC5BA02CF453277C1F3274, 3F36D3088B0F7CB0CC2C31E8F908527EC5502F0D3153D20332745B7BBF8B04D7 ] C:\Windows\System32\mspatcha.dll
12:55:06.0499 0x0e64  C:\Windows\System32\mspatcha.dll - ok
12:55:06.0515 0x0e64  [ 421D9645B72CD341ECDBB0FCE06C97DE, C2F0DF431E526A8F6F3F521E1BD26838A6A7B5F8E5DBDD044871815DBC5FF6B1 ] C:\Windows\System32\sppobjs.dll
12:55:06.0515 0x0e64  C:\Windows\System32\sppobjs.dll - ok
12:55:06.0530 0x0e64  [ BDC0C99E472176C8C2C853A68ADC5073, 9A0A0CEE321C9BAF5545D6CB0BE3E725228B694F331FFACCEB770350AAF2C8C3 ] C:\Windows\System32\wups2.dll
12:55:06.0530 0x0e64  C:\Windows\System32\wups2.dll - ok
12:55:06.0530 0x0e64  [ 8258362DDB18B644A82D8B5061AD9426, 87CA586B2B1B0089BFF6A259A0743D184AE383B3B12C4BC5986D72ADFFBE9EDA ] C:\Windows\System32\wscisvif.dll
12:55:06.0530 0x0e64  C:\Windows\System32\wscisvif.dll - ok
12:55:06.0546 0x0e64  [ 7DF186D86CF8C571A12AAB788C777F84, A2C1064BFDEF2A85CB12A11E55728BCC09933C115C278403F07B27DB2C36C710 ] C:\Windows\System32\wscproxystub.dll
12:55:06.0546 0x0e64  C:\Windows\System32\wscproxystub.dll - ok
12:55:06.0562 0x0e64  [ 175383778EB24D98C84E624021E3AA0B, FE831AC7C5375FE0F0D2A56F1546F968B2595503CC63FE9A8F819F7910A1604A ] C:\Windows\System32\aeevts.dll
12:55:06.0562 0x0e64  C:\Windows\System32\aeevts.dll - ok
12:55:06.0577 0x0e64  [ 7E9917D5309A90E7576653BFE39F80D8, 3525795CA69EF165AAAA20C878A20DF5A5F183CF6F8358A0132A88153E6459C6 ] C:\Windows\System32\timedate.cpl
12:55:06.0577 0x0e64  C:\Windows\System32\timedate.cpl - ok
12:55:06.0593 0x0e64  [ D2958325C1AE1AE37A83334C6229E3BC, D8263CB39A25447442B75A8D8E8111DF671D645DA90A33865C089DEDA9706904 ] C:\Windows\System32\actxprxy.dll
12:55:06.0593 0x0e64  C:\Windows\System32\actxprxy.dll - ok
12:55:06.0608 0x0e64  [ 5987EA8A82C53359BCD2C29D6588583E, 59E2DF91F8DA9E33DE65FA67A6A49A7C3F524618A87EAEFC8A28C5304E7FAB85 ] C:\Windows\System32\linkinfo.dll
12:55:06.0608 0x0e64  C:\Windows\System32\linkinfo.dll - ok
12:55:06.0624 0x0e64  [ F1278B3514EA6FA9BC39B20D26139AAC, 7FA1B8CCBB4771F3105EEACE2C13F949FA65C7F53817C783BDF9770F94FF12B5 ] C:\Windows\System32\msiltcfg.dll
12:55:06.0624 0x0e64  C:\Windows\System32\msiltcfg.dll - ok
12:55:06.0640 0x0e64  [ A6C29DB53ECA94FA8591C5388D604B82, F25E95BA669422286A8FA3A68E0C639A2F06319B6DC8FA641C965CFB27A50BD6 ] C:\Windows\System32\msi.dll
12:55:06.0640 0x0e64  C:\Windows\System32\msi.dll - ok
12:55:06.0655 0x0e64  [ 98B6F9204610EC0B7D2ADFF3E6F058A8, 3D39A14BA5A37042D692189C8F0A593900A58BA162CECD683BCF8E5F93BE53E6 ] C:\PROGRA~1\WIC4A1~1\MESSEN~1\msgslang.dll
12:55:06.0655 0x0e64  C:\PROGRA~1\WIC4A1~1\MESSEN~1\msgslang.dll - ok
12:55:06.0655 0x0e64  [ 3A16EA01FCFAAB40882DB5BFEE632322, 04ED66BEFDB822181EBD1D84CBF0B17AAADF8455AE742F44D7ADCB26AB07BDAD ] C:\Windows\System32\msftedit.dll
12:55:06.0655 0x0e64  C:\Windows\System32\msftedit.dll - ok
12:55:06.0671 0x0e64  [ 298FDE634538B62CEEEC266D8773B21A, E6E445282D17CEAFEAB66A5A1E0124DD50F2438205BCE5649DB998BDAED06CB7 ] C:\Windows\System32\msls31.dll
12:55:06.0671 0x0e64  C:\Windows\System32\msls31.dll - ok
12:55:06.0686 0x0e64  [ 64E211E0FDFCE4D186DF58BB7D0503BC, 6B9E12979119BAD721D493A9CEFDC7B4150121D5590222069FD1B8D80F9AC5C0 ] C:\Windows\System32\gameux.dll
12:55:06.0686 0x0e64  C:\Windows\System32\gameux.dll - ok
12:55:06.0702 0x0e64  [ 9DD06F00898AA5CA7E24186EFC8E5E25, 51141D0D07DBC955B63281351D3F17163ACE9A5B08628EA1C82F33FD2913970E ] C:\Users\Doug\AppData\Local\Temp\{9C3FFC5B-3DE3-4822-81A5-C8EE819DC4A5}\{91BDB0C6-8DAD-40BF-BADE-3C537859E0BD}.tmp
12:55:06.0702 0x0e64  C:\Users\Doug\AppData\Local\Temp\{9C3FFC5B-3DE3-4822-81A5-C8EE819DC4A5}\{91BDB0C6-8DAD-40BF-BADE-3C537859E0BD}.tmp - ok
12:55:06.0718 0x0e64  [ 91A7771934C0D9D2DA7699D25BB5B348, 154A6EB866AF22B38AEE8DB5A864653FEB15DED69DE26E5B602B7C5056CDDF72 ] C:\Users\Doug\AppData\Local\Temp\{9C3FFC5B-3DE3-4822-81A5-C8EE819DC4A5}\{5FFA5DF8-20AC-46C6-80B9-B2F52A80F880}.tmp
12:55:06.0718 0x0e64  C:\Users\Doug\AppData\Local\Temp\{9C3FFC5B-3DE3-4822-81A5-C8EE819DC4A5}\{5FFA5DF8-20AC-46C6-80B9-B2F52A80F880}.tmp - ok
12:55:06.0733 0x0e64  [ 2A39F32E0067CBF221611FE1FA8C6D8F, C6D1CAB7BC87F8EB7D801BE3E3DA9B631932A94468E7A6F46D60A43C9AB08EE7 ] C:\Windows\System32\DeviceCenter.dll
12:55:06.0733 0x0e64  C:\Windows\System32\DeviceCenter.dll - ok
12:55:06.0749 0x0e64  [ E668B7CDA905EDDFA168C09712CA983D, 13E3686AD046F3D3B5A802A231A1DF9B8E44CE9C56CBFAA33732B5DB8C974C1B ] C:\Windows\System32\igfxtray.exe
12:55:06.0749 0x0e64  C:\Windows\System32\igfxtray.exe - ok
12:55:06.0764 0x0e64  [ 55C11301579A42639736EA3B17A3A588, CBEBDD7C883EF47DB86060AF0F09FD2218161D5FEB0CECEB4A068B9CC63499F8 ] C:\Users\Doug\AppData\Local\Temp\{9C3FFC5B-3DE3-4822-81A5-C8EE819DC4A5}\{FEA5C478-F5A6-479B-AF23-1FB05AF390AE}.tmp
12:55:06.0764 0x0e64  C:\Users\Doug\AppData\Local\Temp\{9C3FFC5B-3DE3-4822-81A5-C8EE819DC4A5}\{FEA5C478-F5A6-479B-AF23-1FB05AF390AE}.tmp - ok
12:55:06.0764 0x0e64  [ 6BF3A055A2471D41D723E976072007BC, F87BA6875F1AA6BBF7544208EA4889F17C0D48196B335164D63EA81BA1B09465 ] C:\Windows\System32\hccutils.dll
12:55:06.0764 0x0e64  C:\Windows\System32\hccutils.dll - ok
12:55:06.0780 0x0e64  [ DF471F11CC78BE02FE6BA15F2D94F65B, 9AC230DE58CE40E78AE6872BCF4778B69EEBF17E0E41B1301FF364ABD4737A78 ] C:\Users\Doug\AppData\Local\Temp\{9C3FFC5B-3DE3-4822-81A5-C8EE819DC4A5}\{F25B3EA0-7288-45DF-AABA-2A99ADB2FC2A}.tmp
12:55:06.0780 0x0e64  C:\Users\Doug\AppData\Local\Temp\{9C3FFC5B-3DE3-4822-81A5-C8EE819DC4A5}\{F25B3EA0-7288-45DF-AABA-2A99ADB2FC2A}.tmp - ok
12:55:06.0796 0x0e64  [ 0FD19BDDD2513874FF6903F717367795, DFAF9C33F993BA26FC84EF66ABC7C483E62762F7E1FC763605A75ACC2E8AA4EE ] C:\Users\Doug\AppData\Local\Temp\{9C3FFC5B-3DE3-4822-81A5-C8EE819DC4A5}\{0EFED949-5E07-4728-B575-00853B8A65D7}.tmp
12:55:06.0796 0x0e64  C:\Users\Doug\AppData\Local\Temp\{9C3FFC5B-3DE3-4822-81A5-C8EE819DC4A5}\{0EFED949-5E07-4728-B575-00853B8A65D7}.tmp - ok
12:55:06.0811 0x0e64  [ 3E878319F9B353D3A7C9D41F6E1EC86B, 39B65AF5C49FF82BB9D50080FF387D56BFB24CC9A71359656959E377196EF981 ] C:\Windows\System32\igfxsrvc.exe
12:55:06.0811 0x0e64  C:\Windows\System32\igfxsrvc.exe - ok
12:55:06.0827 0x0e64  [ DB04E6CBFCB38A8E224239CE2185D9E6, 7DBAF41EB3BE0A21DB9CFB72FA22879238089E32879D2E2D7FC651CC9778C30B ] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe
12:55:06.0827 0x0e64  C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe - ok
12:55:06.0842 0x0e64  [ DD88BBF87A43331A4E99E37F7BF59FDB, 872190F559FA0DD1F711E9FA101BA1AB6E6DE5ED0CCCE1AB7AFE45BC3B78A0F1 ] C:\Users\Doug\AppData\Local\Temp\{9C3FFC5B-3DE3-4822-81A5-C8EE819DC4A5}\{5A4A9C96-E262-4C23-B52D-48FEA8A2E8D9}.tmp
12:55:06.0842 0x0e64  C:\Users\Doug\AppData\Local\Temp\{9C3FFC5B-3DE3-4822-81A5-C8EE819DC4A5}\{5A4A9C96-E262-4C23-B52D-48FEA8A2E8D9}.tmp - ok
12:55:06.0858 0x0e64  [ 54BAC994B50C30BCB70CE7F97E734A9E, 143B575FC8AB4CAA6B94A7D84E6592D3AA94FCCA24C31399D7CE7ADA99EEEB0F ] C:\Windows\System32\igfxsrvc.dll
12:55:06.0858 0x0e64  C:\Windows\System32\igfxsrvc.dll - ok
12:55:06.0874 0x0e64  [ 4755446D1582226AD7FF2837F7E983AE, 04B881D8462A7422E6DEAB210FE3FBEE8F06DCA0239768AF4038420835F10538 ] C:\Windows\System32\igfxdev.dll
12:55:06.0874 0x0e64  C:\Windows\System32\igfxdev.dll - ok
12:55:06.0889 0x0e64  [ 5F91764211D1517C15C9D2C4ED665A09, 56941A8571FE5935237756795B9F821235B7AED066A450905C860B08F54A248E ] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe
12:55:06.0889 0x0e64  C:\Program Files\TOSHIBA\Utilities\HWSetup.exe - ok
12:55:06.0905 0x0e64  [ 8C3E238E7DDB39277BA5BCB814FFA648, 7060F515D7ADAACC3AA7984CFA8D4ACB474D22DE9CAB02CF7D33A81586765D5E ] C:\Windows\System32\igfxrenu.lrc
12:55:06.0905 0x0e64  C:\Windows\System32\igfxrenu.lrc - ok
12:55:06.0920 0x0e64  [ 4261449C1CADA6B007E5C27522946D2B, 11E79D1C529E816CCCAC9266089C77A4DB44676CAEEE25C66D6DB420B18D3ACB ] C:\Users\Doug\AppData\Local\Temp\{9C3FFC5B-3DE3-4822-81A5-C8EE819DC4A5}\{052C98CE-AB0E-47FC-8FDA-242833290E8A}.tmp
12:55:06.0920 0x0e64  C:\Users\Doug\AppData\Local\Temp\{9C3FFC5B-3DE3-4822-81A5-C8EE819DC4A5}\{052C98CE-AB0E-47FC-8FDA-242833290E8A}.tmp - ok
12:55:06.0936 0x0e64  [ 7F92D49C57B974C30F1781B095B2D7DE, 00C6EF0AF1BADF6C96BC038820B6378D3FEFCDA7AD13EB2F6B9A8992D17D06D8 ] C:\Windows\System32\igfxress.dll
12:55:06.0936 0x0e64  C:\Windows\System32\igfxress.dll - ok
12:55:06.0952 0x0e64  [ 6627AA675A5C1B0330487A02E23F0560, 256AE9BA4273D4247FFAD6099D5A4FC8E98EDB27293AC8CAF7A571EB3890FAA7 ] C:\Users\Doug\AppData\Local\Temp\{9C3FFC5B-3DE3-4822-81A5-C8EE819DC4A5}\{EB2E268B-2FDB-4BDD-99E7-529AD0CF3E3A}.tmp
12:55:06.0952 0x0e64  C:\Users\Doug\AppData\Local\Temp\{9C3FFC5B-3DE3-4822-81A5-C8EE819DC4A5}\{EB2E268B-2FDB-4BDD-99E7-529AD0CF3E3A}.tmp - ok
12:55:06.0967 0x0e64  [ 723B834A07F7DF7DE4CEB637D57ACEA3, B42867045DD3FB7682CDBD133970421010F0F14125E4992C73657CABA4659250 ] C:\Users\Doug\AppData\Local\Temp\{9C3FFC5B-3DE3-4822-81A5-C8EE819DC4A5}\{B8B724A2-221E-4411-A66A-EB53D38F6929}.tmp
12:55:06.0967 0x0e64  C:\Users\Doug\AppData\Local\Temp\{9C3FFC5B-3DE3-4822-81A5-C8EE819DC4A5}\{B8B724A2-221E-4411-A66A-EB53D38F6929}.tmp - ok
12:55:06.0983 0x0e64  [ 2453709DE6B1291CDCF76E56C5F5C9F6, 193893722B0BA1FAF2D1BB326807CD7B594B512485E3ECFEDA3AE461ACE14CC6 ] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
12:55:06.0983 0x0e64  C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe - ok
12:55:06.0983 0x0e64  [ 672D7C5080ACB003343006405DA2E621, 5F28C83A20ECB1F20894B60725477BEF0D672817DFDB9822FB345A3270A0C095 ] C:\Windows\System32\thumbcache.dll
12:55:06.0983 0x0e64  C:\Windows\System32\thumbcache.dll - ok
12:55:06.0998 0x0e64  [ C1DE893FAF6D7F6CFB479A1F61835482, AD5FA3CE73777704C67C933691F1F068E1A7FF545F728B97574F9C33AC4BBC01 ] C:\Users\Doug\AppData\Local\Temp\{9C3FFC5B-3DE3-4822-81A5-C8EE819DC4A5}\{68AA4058-9C13-448A-A442-D75284BC31F8}.tmp
12:55:06.0998 0x0e64  C:\Users\Doug\AppData\Local\Temp\{9C3FFC5B-3DE3-4822-81A5-C8EE819DC4A5}\{68AA4058-9C13-448A-A442-D75284BC31F8}.tmp - ok
12:55:07.0014 0x0e64  [ E31661DEE8F3F975BDE9442670710DA6, 587C18AC6A8843FAA4CC0E05B1D8DC89CC58189DA95CD23202A061AEAFF49649 ] C:\Windows\System32\SPCtl.dll
12:55:07.0014 0x0e64  C:\Windows\System32\SPCtl.dll - ok
12:55:07.0030 0x0e64  [ 912649A1B3F9E6ACB3899FBDABA2ED5F, 049DFA9EA45A888B984E459B927A0F8AA4C10B9D36C6C0A0FE57F6329BEAF555 ] C:\Windows\System32\stobject.dll
12:55:07.0030 0x0e64  C:\Windows\System32\stobject.dll - ok
12:55:07.0045 0x0e64  [ B697E16EC0E746BA5FFEE9A1365B64D1, B1C478261A797FCADB52EFDFE3EC116CB134CCF97F23FC47D853D96BA7C5C157 ] C:\Windows\System32\EBLib.DLL
12:55:07.0045 0x0e64  C:\Windows\System32\EBLib.DLL - ok
12:55:07.0045 0x0e64  [ 67C1B58706B47EEBA4E117AC197289E6, 9213E55DA854563E3A99369A4FAD853C0A97241A4F6D93F98444C57ADEEF89C1 ] C:\Windows\System32\batmeter.dll
12:55:07.0045 0x0e64  C:\Windows\System32\batmeter.dll - ok
12:55:07.0061 0x0e64  [ 8240B25706A2A96A834842F8531BEB78, 7420BF1ECC098FC1383AF3929B42AFE4328A4089096603B8555DE3239CB7CD2F ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
12:55:07.0061 0x0e64  C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe - ok
12:55:07.0076 0x0e64  [ 1F5AFD468EB5E09E9ED75A087529EAB5, 8204DBCC054C1E54B6065BACB78C55716681AD91759E25111B4E4797E51D0AA3 ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll
12:55:07.0076 0x0e64  C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll - ok
12:55:07.0092 0x0e64  [ 102CF6879887BBE846A00C459E6D4ABC, A4C51C79CF95D5C79DCEFB02946A09A987FEAF83CE2EE1BA7677EBA90869AC80 ] C:\Windows\System32\riched20.dll
12:55:07.0092 0x0e64  C:\Windows\System32\riched20.dll - ok
12:55:07.0108 0x0e64  [ C9564CF4976E7E96B4052737AA2492B4, C3AC989C8489A23BB96400B1856F5325FFC67E844F04651EA5D61BC20A991C6D ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
12:55:07.0108 0x0e64  C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
12:55:07.0123 0x0e64  [ DC6612A9EE015A36BA2A27BC9CC12537, F4456A3E4028BE3BDE46363290CCC1E8420034A122596D86272CE4B554C78DB5 ] C:\Windows\System32\mfc42.dll
12:55:07.0123 0x0e64  C:\Windows\System32\mfc42.dll - ok
12:55:07.0139 0x0e64  [ 05F3316515A4AA432FC7611527914A5B, CB30530CE24518B9601DEA4747684B48D0706AA667737BAADC2F994A130887FF ] C:\Program Files\TOSHIBA\Power Saver\TPwrReg.dll
12:55:07.0139 0x0e64  C:\Program Files\TOSHIBA\Power Saver\TPwrReg.dll - ok
12:55:07.0154 0x0e64  [ 9D1F8B33391A594EB61634ABEE615279, 2D4A81892AB44CCAE0710A753EBF0F295CEEEB8BEBE0BC39CA4A03D493D4C464 ] C:\Program Files\TOSHIBA\Power Saver\TPwrFunc.dll
12:55:07.0154 0x0e64  C:\Program Files\TOSHIBA\Power Saver\TPwrFunc.dll - ok
12:55:07.0170 0x0e64  [ 0E85C11F8850D524B02181C6E02BA9AE, 8703566931067CCF949E9779E4D328DD21210329DD687459300C83DDD06390A8 ] C:\Windows\System32\dsound.dll
12:55:07.0170 0x0e64  C:\Windows\System32\dsound.dll - ok
12:55:07.0186 0x0e64  [ 3D57FFBAD3ED16B63DE3879BAB0FB56F, 6BEAF5AFC98961190B004E8DE57CD5F9F39117287AE18D59DDB2EC5C0A0C6622 ] C:\Windows\System32\networkexplorer.dll
12:55:07.0186 0x0e64  C:\Windows\System32\networkexplorer.dll - ok
12:55:07.0201 0x0e64  [ 18AB2E5A40064ED5F7791AC5946A90F3, B7536CE56702C23B1CEC3E1B6C78866E0A76808B85A92AF3733D9ED9429E004C ] C:\Windows\System32\msimg32.dll
12:55:07.0201 0x0e64  C:\Windows\System32\msimg32.dll - ok
12:55:07.0201 0x0e64  [ 7D34AF98A706230CC2DEDFE0CABF87AB, 93237B839C2BC6E84C2C675BB211CA0FB781B348A033EF648A9AA5BDAC1EFDAE ] C:\Windows\System32\odbc32.dll
12:55:07.0201 0x0e64  C:\Windows\System32\odbc32.dll - ok
12:55:07.0217 0x0e64  [ DE25873D4405E0A2F4B2DC75FA4FB630, BBE583B1E986512F3EBAF9C2D106299DA0520AAB48E7FC81AB5276C26B611FD5 ] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
12:55:07.0217 0x0e64  C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe - ok
12:55:07.0232 0x0e64  [ 936F728E04ACCF3F38801CFFCF1E3F40, 59CA86096F4B928E364B6A3C0408615F068BB8BC02DCFC5EAF4873EC6D6E0797 ] C:\Windows\System32\oledlg.dll
12:55:07.0232 0x0e64  C:\Windows\System32\oledlg.dll - ok
12:55:07.0248 0x0e64  [ E2C48CD0132D4D1DC7D0DF9A6BEF686A, 52D1A8AA992AF2F727DA4B16522D604648D700997B1620CCB67D05838C127674 ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll
12:55:07.0248 0x0e64  C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll - ok
12:55:07.0264 0x0e64  [ C8333F1F77A1B2E25F2202E892CAF634, 7A614AA4353ECE8175B6AB7B25EE26FAB22DF2A53C9A5A694B3A3B56F6C783A7 ] C:\Windows\System32\prnfldr.dll
12:55:07.0264 0x0e64  C:\Windows\System32\prnfldr.dll - ok
12:55:07.0279 0x0e64  [ 82685F1428D91993698FAA35D388CD59, 91022B42B3D40F1D78704FF1FDD09626C5C9B8D6642600A12AEB5DE9D1F01F04 ] C:\Windows\System32\RTCOM\RtkCfg.dll
12:55:07.0279 0x0e64  C:\Windows\System32\RTCOM\RtkCfg.dll - ok
12:55:07.0295 0x0e64  [ D1BBE227367ED791D5FCF08E132D2956, 34349B7FB46BB89D59CC9CC6CD3F790870AB96642254C0374D97AFAC6121B945 ] C:\Windows\System32\opengl32.dll
12:55:07.0295 0x0e64  C:\Windows\System32\opengl32.dll - ok
12:55:07.0310 0x0e64  [ 66E44CD685FE1E81773FD14248EA4433, 79F93023B5CDE648AFD62E91DC18C66D32519F69B2C6067899837F51C9671788 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
12:55:07.0310 0x0e64  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - ok
12:55:07.0326 0x0e64  [ 28A09777D2D952122567A8A82F1A2C7B, 772260DF36AE85A0619C51402DE416E0C329976B724C8E9C4F8C013CBB7C7289 ] C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll
12:55:07.0326 0x0e64  C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll - ok
12:55:07.0326 0x0e64  [ ABA457BFC7EC0B5E130B2F1E0F549DFF, C944C75C351A276952D0A869F9ED3DF8674E9479797EE7B03D13E8FDCDEB2DC4 ] C:\Windows\System32\odbcint.dll
12:55:07.0326 0x0e64  C:\Windows\System32\odbcint.dll - ok
12:55:07.0342 0x0e64  [ DE3897365B04C4DA1CF8FF725577C082, 44703E2D6C7219714C929D8ED096C8E044A3EDCA73198870A5CC4EF5CE16C397 ] C:\Windows\System32\glu32.dll
12:55:07.0342 0x0e64  C:\Windows\System32\glu32.dll - ok
12:55:07.0357 0x0e64  [ 198552AEFECA69D646867EC8D792DE95, 6978D5205387391748EE7E9FACF1AE607C37FBFD83B77CB632DD772F8D71A165 ] C:\Windows\System32\ddraw.dll
12:55:07.0357 0x0e64  C:\Windows\System32\ddraw.dll - ok
12:55:07.0373 0x0e64  [ 2342EC9254F4C60CA98441BD65C89E12, 7FDCAEB5D021E291A1C9B94DD4D49913CE363BF94D37518E466DB3DD72C41D05 ] C:\Windows\System32\dciman32.dll
12:55:07.0373 0x0e64  C:\Windows\System32\dciman32.dll - ok
12:55:07.0388 0x0e64  [ ADDB05C93272A62606599B24730BD645, 38E2E2979C48549A3B72807B33254DB3AC106DB1FD2790C8AC1B27CDE86EC38F ] C:\Windows\System32\DXP.dll
12:55:07.0388 0x0e64  C:\Windows\System32\DXP.dll - ok
12:55:07.0404 0x0e64  [ 856CFFCD835528136367BB1A8FE1DB87, 97EE0B243F460BE737D18B634559BC6389064BA013890E69B650E5152AB873C8 ] C:\Windows\System32\Syncreg.dll
12:55:07.0404 0x0e64  C:\Windows\System32\Syncreg.dll - ok
12:55:07.0420 0x0e64  [ EAB975DB4C2805927FE5BD047D05C9AA, 8F5497B1A2652B5EAA5D35BD314B5F90C5140207427DAE6068D665FA44D3FD56 ] C:\Windows\System32\netshell.dll
12:55:07.0420 0x0e64  C:\Windows\System32\netshell.dll - ok
12:55:07.0435 0x0e64  [ 7D8823CDB4E89BC3B42320CEB9F95353, 23122D6C58F7DFDA6BF8996985DFD14204FB529A40AE1C3B43C7F1D1074DD2CE ] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
12:55:07.0435 0x0e64  C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe - ok
12:55:07.0435 0x0e64  [ 735263DA17BF5BAF9CCD483843BF9D5A, A493F9191EA3F37A53474E94B3917EA038B29545FC62B1634CE47F05EA2FF5C6 ] C:\Windows\System32\WPDShServiceObj.dll
12:55:07.0435 0x0e64  C:\Windows\System32\WPDShServiceObj.dll - ok
12:55:07.0451 0x0e64  [ A859E869AB947311DF0FE6DFEA5ACDCE, 6D822652A2B1305856B19559C2E28FCAAD3E3A962A7EF0D1A02FA87731955D91 ] C:\Windows\System32\SynCOM.dll
12:55:07.0451 0x0e64  C:\Windows\System32\SynCOM.dll - ok
12:55:07.0466 0x0e64  [ ADB45A977BD9E45790CA496DB84BA148, BB251C9A5D2F5C6BDFB22C6BA235748472FC28AF2ADAF1CE7948352301DDE3C1 ] C:\Windows\System32\PortableDeviceTypes.dll
12:55:07.0466 0x0e64  C:\Windows\System32\PortableDeviceTypes.dll - ok
12:55:07.0482 0x0e64  [ DDDCFA20FF6363FABB0249A0CF176514, C1B6D754B88D485B1A1AF57D523391E504B3AAF9434795F7E584DAA079B72285 ] C:\Windows\System32\SynTPAPI.dll
12:55:07.0482 0x0e64  C:\Windows\System32\SynTPAPI.dll - ok
12:55:07.0498 0x0e64  [ B2B3DAE040F6B5AE1DF52B0CD7631A18, 062680EFF24EB83FF34DDD76043DB9ABB476C8FEE7BBE869A1E7F7FC8891314F ] C:\Windows\System32\AltTab.dll
12:55:07.0498 0x0e64  C:\Windows\System32\AltTab.dll - ok
12:55:07.0513 0x0e64  [ 3D6F22551D422F97AACB0BB927E4C846, 9AB7C9F2E7F3D1CEC4553D0DF57E074121957055A9A4349946D354ACB6FC4579 ] C:\Windows\System32\pnidui.dll
12:55:07.0513 0x0e64  C:\Windows\System32\pnidui.dll - ok
12:55:07.0529 0x0e64  [ 23F85BBD8EB9AA7228F9D725493485D8, AF89564FDD91B292B21B28E9D426235487A69010171C38A4CB698CC390A6DF6F ] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
12:55:07.0529 0x0e64  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe - ok
12:55:07.0529 0x0e64  [ B0BC447C758FF055D53FC6831FDB0344, 40311DBE872395CB2BA22B4D7E18BD3B84DFCE53208379DC86D27C31699AB66F ] C:\Windows\System32\consent.exe
12:55:07.0529 0x0e64  C:\Windows\System32\consent.exe - ok
12:55:07.0544 0x0e64  [ CAEE49FF78BD6E1791E9729C5F7FB273, BD26AD37F3F5A10D6C011FA1F74F7D77C09A8B35A2417BBFEA0B2640CB47AC3B ] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
12:55:07.0544 0x0e64  C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe - ok
12:55:07.0560 0x0e64  [ BD626EF05967D14C772B8096292731A3, FE3838B41DCAFC52089D909E7F411186D993C08AC149E093352D691D57C9BE71 ] C:\Windows\System32\QUTIL.DLL
12:55:07.0560 0x0e64  C:\Windows\System32\QUTIL.DLL - ok
12:55:07.0576 0x0e64  [ 674B0C0F6A448EB185CAAB9C51D44032, 6722351F46BF70BA967844D3239CD801DFC4538A4EB6C478D8497F27F7FD9F1D ] C:\Windows\System32\srchadmin.dll
12:55:07.0576 0x0e64  C:\Windows\System32\srchadmin.dll - ok
12:55:07.0591 0x0e64  [ E3D5E244807AD655787FCD25477CC1BC, 8A378249C936914DBFEDAE310D6ACB93D488C8F490EC4AAB435861C413A5BB0F ] C:\Windows\System32\bthprops.cpl
12:55:07.0591 0x0e64  C:\Windows\System32\bthprops.cpl - ok
12:55:07.0607 0x0e64  [ 03B3541AE6986602CF9CB5B3AD169C33, FC4B0ABA53EDB19DCBA00B8FEBE807643A4AB2D6B8337EE05CE2D0283BEF0F4E ] C:\Windows\System32\webcheck.dll
12:55:07.0607 0x0e64  C:\Windows\System32\webcheck.dll - ok
12:55:07.0622 0x0e64  [ 03396637E1E1B4E333D00AED86178918, CF582487E856D01C960392AC658E8D36A92F2B2B4B9AEA9BFC9E6F75FBAD6571 ] C:\Program Files\Microsoft Security Client\msseces.exe
12:55:07.0622 0x0e64  C:\Program Files\Microsoft Security Client\msseces.exe - ok
12:55:07.0638 0x0e64  [ 2DDEA2C345DA5BC589EFD398F220DB0E, B515B15BE7CB66F94B7A9B802719DAF7D50E1FE2832B66B6883AC0023060800D ] C:\Windows\System32\SyncCenter.dll
12:55:07.0638 0x0e64  C:\Windows\System32\SyncCenter.dll - ok
12:55:07.0638 0x0e64  [ 9A39A2A5F443A756C568C6ED5748AFE4, 13C2790985CBA9CD325BA20364A665DB50B769B7DDE93E6BE20F25427BDB34F8 ] C:\Windows\System32\ActionCenter.dll
12:55:07.0638 0x0e64  C:\Windows\System32\ActionCenter.dll - ok
12:55:07.0654 0x0e64  [ 1CDEA9188899E76D4FFD54C9D512CCDB, B73B0AA397B8E673B4169E246D121ABCE2E888F6C8013AC4FFFA9A6539BB5FB0 ] C:\Windows\System32\msxml3.dll
12:55:07.0654 0x0e64  C:\Windows\System32\msxml3.dll - ok
12:55:07.0669 0x0e64  [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
12:55:07.0669 0x0e64  C:\Program Files\Microsoft Office\Office14\BCSSync.exe - ok
12:55:07.0685 0x0e64  [ 2D11BC8B460957E62E4420373A0D8BDA, 56105E84333998D43DFCDA9E8A4D70EAC43076CFF8389B2E525EC5C3017DC5FD ] C:\Windows\System32\imapi2.dll
12:55:07.0685 0x0e64  C:\Windows\System32\imapi2.dll - ok
12:55:07.0700 0x0e64  [ C2D6A4475B87651D5909E364439FDA52, BE9B898A8396F977E05A22D6EDF7B6B4EF4C16E159806453D03C2A918D24C19F ] C:\Windows\System32\FXSST.dll
12:55:07.0700 0x0e64  C:\Windows\System32\FXSST.dll - ok
12:55:07.0716 0x0e64  [ 942E57152F1CD0533644AB30EF1A4728, 4F72510BECFAFDBB06C9CAAC66BA9E95225DE1EA12B4D2FD5B67492A2E628ABD ] C:\Windows\System32\FXSAPI.dll
12:55:07.0716 0x0e64  C:\Windows\System32\FXSAPI.dll - ok
12:55:07.0732 0x0e64  [ F5DF6846F30E9F54EA60CCAEB3FB2055, 07B71E3AA36F90D3D6B60D56F51A524AC769DFD1233BADB76B65874C7BCC5083 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
12:55:07.0732 0x0e64  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
12:55:07.0747 0x0e64  [ C4096CA42199428B3D63DC206C197F0E, 76336CD81608650E5AAD02D59D2AC752E7BDD057314BBC7334CECF74D1EAB587 ] C:\Windows\System32\FXSRESM.dll
12:55:07.0747 0x0e64  C:\Windows\System32\FXSRESM.dll - ok
12:55:07.0763 0x0e64  [ C7952D0A4C43A965A1741916BB134751, 84EF222159E8C444A1D9D2E6509245716E4106C8032861DBFF399001A529BF94 ] C:\Windows\System32\hgcpl.dll
12:55:07.0763 0x0e64  C:\Windows\System32\hgcpl.dll - ok
12:55:07.0763 0x0e64  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] C:\Windows\System32\netman.dll
12:55:07.0763 0x0e64  C:\Windows\System32\netman.dll - ok
12:55:07.0778 0x0e64  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] C:\Windows\System32\FXSSVC.exe
12:55:07.0778 0x0e64  C:\Windows\System32\FXSSVC.exe - ok
12:55:07.0794 0x0e64  [ D39DA70FEA6BD713682F70635587DA9E, FF18C97642F48C711D75F32115B1260FE0BDF6072403E5A9226E9BE780AF1969 ] C:\Windows\System32\rasdlg.dll
12:55:07.0794 0x0e64  C:\Windows\System32\rasdlg.dll - ok
12:55:07.0810 0x0e64  [ 04B88428A872390D235BE52D38A9D4EF, F6954D514B67547738EB012456342D65289B0B18A0304BBAD5BDAA3436181C77 ] C:\Windows\System32\dot3api.dll
12:55:07.0810 0x0e64  C:\Windows\System32\dot3api.dll - ok
12:55:07.0825 0x0e64  [ 8063046AA70B97CA9985672B8848FB2E, C7A7F2D216D1F0D7F28A22E4933DB3D821AC52CC2EF7AE8BA08D18104FCF8B81 ] C:\Windows\System32\wlanhlp.dll
12:55:07.0825 0x0e64  C:\Windows\System32\wlanhlp.dll - ok
12:55:07.0825 0x0e64  [ B010CF886420EE29C2C276646721D255, CBCD032D679ADE3A9942A1D116648D6A9ECC71F66F8630629E724E5EE23F9F73 ] C:\Windows\System32\wlanapi.dll
12:55:07.0825 0x0e64  C:\Windows\System32\wlanapi.dll - ok
12:55:07.0841 0x0e64  [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042, 8E9D77A216D8DD2BE2B304E60EDF85CE825309E67262FCFF1891AEDE63909599 ] C:\Program Files\Microsoft Security Client\sqmapi.dll
12:55:07.0841 0x0e64  C:\Program Files\Microsoft Security Client\sqmapi.dll - ok
12:55:07.0856 0x0e64  [ 45847160399DD9927B95B013B9F10599, 33AB81879F8AD8DEFBD239BB37344F57EC9CE30139F596CF95584328350C8FA3 ] C:\Windows\System32\XPSSHHDR.dll
12:55:07.0856 0x0e64  C:\Windows\System32\XPSSHHDR.dll - ok
12:55:07.0872 0x0e64  [ D66F3B06D57E245B29F089A3DB516154, 794AC1FED76436A0C6EDC90C15D7DA3ABA22DD4601392DEA90C166A0F46015EB ] C:\Windows\System32\xpssvcs.dll
12:55:07.0872 0x0e64  C:\Windows\System32\xpssvcs.dll - ok
12:55:07.0888 0x0e64  [ C02AA67276FEE0C15CC4D6D616BDE95E, 24B0FFA2903CC77FEDE6B491647BB759C4AE054E38A19EFA0D2662AC2959570B ] C:\Windows\System32\WWanAPI.dll
12:55:07.0888 0x0e64  C:\Windows\System32\WWanAPI.dll - ok
12:55:07.0903 0x0e64  [ F2ED6D00921CA138289E5E0CCB9ABF87, 528F249CE0835CA4D8B7C4940F5132DF1155EB344177BEA4CD7FCF9B8DCCCA4B ] C:\Windows\System32\wwapi.dll
12:55:07.0903 0x0e64  C:\Windows\System32\wwapi.dll - ok
12:55:07.0919 0x0e64  [ 02530B0B7E048DD5AC8D52DAEACAEB2B, 2DEB454F8B71EC54C59185E2F1D679F7EC1C7AEFCD1D59761FDD3D70CABE0254 ] C:\Windows\System32\QAGENT.DLL
12:55:07.0919 0x0e64  C:\Windows\System32\QAGENT.DLL - ok
12:55:07.0934 0x0e64  [ 4FB491AC8D46AAF22BA8BC5C73DABEF7, CBE2392792D209E15E44AC29E906FFDD5FBF6EED8BAB0D97D66E109AB2C5C56E ] C:\Windows\System32\wbem\WmiPrvSE.exe
12:55:07.0934 0x0e64  C:\Windows\System32\wbem\WmiPrvSE.exe - ok
12:55:07.0950 0x0e64  [ CB67C2B94302DC94BC15ED6553A5C1C7, AB75F74122123027AF37F8B95CFF1A63852BC2B05F9D7910F0A7FE752AF388FF ] C:\Windows\System32\wbem\cimwin32.dll
12:55:07.0950 0x0e64  C:\Windows\System32\wbem\cimwin32.dll - ok
12:55:07.0950 0x0e64  [ D0481FB85BEEDD30A0884BE327880F80, D28D53F8FFE4F6D728281BC0FBEF4EB435C153774855AE6348D0B75C80C2EC78 ] C:\Windows\System32\framedynos.dll
12:55:07.0950 0x0e64  C:\Windows\System32\framedynos.dll - ok
12:55:07.0966 0x0e64  [ 4F6E72B34ED3DC53DCC5E8708E60B61F, CB79F4EBCE11ECCFA167498F329F95D545F8D4E5CCE4006B2A03B595733AEBC2 ] C:\Windows\System32\security.dll
12:55:07.0966 0x0e64  C:\Windows\System32\security.dll - ok
12:55:07.0981 0x0e64  [ 99B9343280AF6A4C0F27CF2E28E94BBF, 0E29E05E893B2516A1BB5B1D5B7AC91BB55E2B5D463C8C50765328C10BCEA67E ] C:\Windows\System32\dssenh.dll
12:55:07.0981 0x0e64  C:\Windows\System32\dssenh.dll - ok
12:55:07.0997 0x0e64  [ 72910F1DEB838E6E08A9017BFB7D4F0B, A2EAE06069778605765ECB4734760BA296707ED6E166F85F31603F5D79ACC125 ] C:\Windows\System32\browcli.dll
12:55:07.0997 0x0e64  C:\Windows\System32\browcli.dll - ok
12:55:08.0012 0x0e64  [ A42E7748BE906434C5FD17161D168C20, 883A263ED30F9D83A788C484FE61BDB3A518FE489CF97DA4AE9599A8E39E6AE7 ] C:\Windows\System32\schedcli.dll
12:55:08.0012 0x0e64  C:\Windows\System32\schedcli.dll - ok
12:55:08.0028 0x0e64  [ 43BE3B9CA431F88E049928DC45C4365C, D370BEBF27FE039D63B2799F636460988DE751E8088BC7187C05E6E4770E3309 ] C:\Windows\System32\wbem\wmipcima.dll
12:55:08.0028 0x0e64  C:\Windows\System32\wbem\wmipcima.dll - ok
12:55:08.0044 0x0e64  [ 907281ED4AD35D41B29FFDC211EBAD80, 42171AE21B62F07511D8AEE66FF8AC6D40D53290BD01BA6125D886EC70CD3B8D ] C:\Windows\System32\wmi.dll
12:55:08.0044 0x0e64  C:\Windows\System32\wmi.dll - ok
12:55:08.0059 0x0e64  [ 5D78490F2C0F0005AB96140D4C92FA81, FC729B2F8B0533F92B00C93218731507774A6561A3031DC62099567AB83BB375 ] C:\Program Files\Magic Touch USB\tsmapper.exe
12:55:08.0059 0x0e64  C:\Program Files\Magic Touch USB\tsmapper.exe - ok
12:55:08.0106 0x0e64  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x61000 ( enabled : updated )
12:55:09.0292 0x0e64  Win FW state via NFP2: enabled
12:55:12.0256 0x0e64  ============================================================
12:55:12.0256 0x0e64  Scan finished
12:55:12.0256 0x0e64  ============================================================
12:55:12.0271 0x0e5c  Detected object count: 0
12:55:12.0271 0x0e5c  Actual detected object count: 0

continued

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.18.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Doug :: LITTLEbleep [administrator]

1/18/2014 1:08:22 PM
mbar-log-2014-01-18 (13-08-22).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 257862
Time elapsed: 1 hour(s), 2 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

HitmanPro 3.7.8.208
www.hitmanpro.com
   Computer name . . . . : LITTLEbleep
   Windows . . . . . . . : 6.1.1.7601.X86/2
   User name . . . . . . : Littlebleep\Doug
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
   Scan date . . . . . . : 2014-01-18 20:35:24
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 47s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 0
   Objects scanned . . . : 1,219,670
   Files scanned . . . . : 34,362
   Remnants scanned  . . : 382,485 files / 802,823 keys

 Results of screen317's Security Check version 0.99.79 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.6005)  
 Malwarebytes Anti-Malware version 1.75.0.1300 
 CCleaner    
 Java™ 6 Update 45 
 Java version out of Date!
 Adobe Flash Player  11.7.700.224 
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````



#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:10 PM

Posted 20 January 2014 - 05:13 AM

Hi Doug,

 

 

Ill be breaking the logs up in to a couple posts, the system tells me the post is to long.  These last few check reported no issues found and the symptoms have stopped.

 

I am glad to hear we have an improvement. We are almost done here:

 

 

UPDATING TASKS

 

 

Upgrading Java:


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.
 

  • Download the latest version of Java SE 7.
  • Click the Java™ 7 Update 51 "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-7u51-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel > Programs, click on Uninstall a program and remove all older versions of Java:
     Java™ 6 Update 45
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version. (Vista/Windows 7 users, right click on the jre-7u51-windows-i586.exe and select "Run as an Administrator.")

 
Or you can simple uninstall JAVA and try avoid installing Java unless absolutely required by your applications: (it's your call)...
 
http://www.techsupportforum.com/5494-java-time-to-wake-up-and-smell-the-coffee/
 
 
Next please run JavaRa.

  • Please download JavaRa and unzip it to your desktop.
  • Double-click on JavaRa.exe to start the program.
  • Choose Remove JRE and from the drop-down menu select any Java version (if listed) and press Run Uninstaller. (If Java is not listed please click on Next).
  • Now click on Perform Removal Routine to remove the older versions of Java installed on your computer.
  • When that's successfully done, please click OK to close the message.
  • Click on Next and skip the downloading process. Click Next and now click on Close this wizard and click Finish.
  • From the main menu please choose Additional tasks
  • Place a checkmark beside Remove startup entry, Remove Outdated JRE Firefox Extentions and Clean JRE Temp Files and click Run. The browsers should be closed before running this task.
  • When that's succesfully done you will see a message at the top saying: "Selected tasks completed successfully".
  • A log file should be created in the same directory as JavaRa.
  • Please post the log in your next reply.
  • Close JavaRa by clicking the red cross button.

 

 

Your adobe flash player is out of date. Older versions are vulnerable to attack and exploitation. Please go to the links below to update it:

Adobe Flash Player 12.0.0.43 Final for (Internet Explorer)

Adobe Flash Player 12.0.0.43 Final for (Firefox, Safari, Opera)

Note: Your browsers should be closed before proceeding with the installation process.

 

 

Make sure that you download and install the latest version of Adobe Reader => Adobe Reader 11.0.06

 

  • It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.  
  • Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
  • You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

 

 

Visit Microsoft's Windows Update Site Frequently

 

  • It is important that you visit Windows Update regularly.
  • This will ensure your computer has always the latest security updates available installed on your computer.  
  • If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical update

 

CAUTION: CCleaner is a safe application as long as you do NOT use the "Registry" button in the left pane. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.

 

 

 

I will be removing a bunch of software trail/freeware programs in the near future is there a forum on this site or other site that can help with cleaning up the system registry?  I know just enough about the registry to be able to mess thing up badly and would rather not do that.

 

It's not needed to mess up with the registry when you uninstall programs unless you have any problems to uninstall them or you know what you are doing. You will not gain any benefits if you remove the associated registry entries but you can break your OS easily doing this. Check this out => http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

More important is to delete the associated folders if you running out of disk space (but of course you should be careful to not remove any Windows components by mistake).

If you have any troubles to uninstall a program then you can try Revo Uninstaller and to keep your computer in good shape then check the link below:

 

Optimize Windows 7 for better performance

Check this article for more information.

 

 

Regards,

Georgi


cXfZ4wS.png


#12 DougMiller

DougMiller
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 20 January 2014 - 02:27 PM

Georgi

 

I am getting the following error messages:

 

When uninstalling Java:
Error 2203.database: C:\windows\Installer\ba066.ipi. Cannot open database file. System error -2147287035

 

When installing Adobe Reader

Error 2203.Database: C:\windows\Installer\415cf0.ipi. Cannot open database file. System error -2147287035

 

The Window Installer service is running.

Doug



#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:10 PM

Posted 21 January 2014 - 07:42 AM

Hi Doug,

 

 

This is an issue with the msi cache. Microsoft updated Windows Installer Cleanup and now the utility can be found here:

 

http://support.microsoft.com/mats/Program_Install_and_Uninstall

 

Please use it to uninstall both programs and let me know about the results.

 

Also is it possible that the permissions of the C:\Windows\installer folder are too restrictive...

 

You can give this a try:

Please download GrantPerms.zip and save it to your desktop.
Unzip the file and run GrantPerms.exe
Copy and paste the following in the edit box:
 

C:\Windows\Installer

Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

 

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 21 January 2014 - 07:50 AM.

cXfZ4wS.png


#14 DougMiller

DougMiller
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 21 January 2014 - 11:00 PM

Java and the old version of Adobe have been uninstalled.  I still can not install Adobe Read XI

 

Below is the log from GrantPerms

Doug

 

GrantPerms by Farbar
Ran by Doug (administrator) at 2014-01-21 19:57:32

===============================================
\\?\C:\Windows\Installer

   Owner: BUILTIN\Administrators

   DACL(P)(AI):
   BUILTIN\Administrators   FULL   ALLOW   (CI)(OI)
   NT AUTHORITY\SYSTEM   FULL   ALLOW   (CI)(OI)
   BUILTIN\Users   READ/EXECUTE   ALLOW   (CI)(OI)



#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:10 PM

Posted 22 January 2014 - 05:46 PM

Hi Doug,

 

Can you please try the following and let me know about the results?

 

http://www.bleepingcomputer.com/forums/t/504074/infected-with-zeroaccess-rootkit/?p=3132909

 

 

 

Regards,

Georgi


cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users